GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-12-11 14:47:02 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000031 ST1000LM024_HN-M101MBB rev.2AR10001 931,51GB Running: 8svwje29.exe; Driver: C:\Users\Patryk_2\AppData\Local\Temp\kxtdrpow.sys ---- User code sections - GMER 2.1 ---- .text C:\WINDOWS\system32\services.exe[756] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW + 198 00007ffa00fe8e46 3 bytes [C4, 71, 11] .text C:\WINDOWS\system32\services.exe[756] C:\WINDOWS\system32\KERNELBASE.dll!SetProcessShutdownParameters 00007ffa00ff8ca0 5 bytes [FF, 25, 90, 73, 15] .text C:\WINDOWS\system32\services.exe[756] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW 00007ffa00ffef70 5 bytes JMP 00007ffb00fd00d8 .text C:\WINDOWS\system32\services.exe[756] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileWithProgressTransactedW + 1 00007ffa01039351 5 bytes {JMP QWORD [RIP+0x136ce0]} .text C:\WINDOWS\system32\services.exe[756] C:\WINDOWS\system32\KERNELBASE.dll!CopyFileExW 00007ffa0103a520 6 bytes {JMP QWORD [RIP+0x175b10]} .text C:\WINDOWS\system32\services.exe[756] C:\WINDOWS\system32\KERNELBASE.dll!CopyFile2 00007ffa0105bfb0 6 bytes {JMP QWORD [RIP+0x134080]} .text C:\WINDOWS\system32\services.exe[756] C:\WINDOWS\system32\RPCRT4.dll!RpcServerRegisterIf3 00007ffa036f4fc0 6 bytes {JMP QWORD [RIP+0x53b070]} .text C:\WINDOWS\system32\services.exe[756] C:\WINDOWS\system32\RPCRT4.dll!RpcServerRegisterIfEx 00007ffa0370fe20 6 bytes {JMP QWORD [RIP+0x500210]} .text C:\WINDOWS\system32\services.exe[756] C:\WINDOWS\system32\USER32.dll!MoveWindow 00007ffa038211d0 6 bytes {JMP QWORD [RIP+0x98ee60]} .text C:\WINDOWS\system32\services.exe[756] C:\WINDOWS\system32\USER32.dll!SetParent 00007ffa03821220 6 bytes {JMP QWORD [RIP+0x96ee10]} .text C:\WINDOWS\system32\services.exe[756] C:\WINDOWS\system32\USER32.dll!GetKeyboardState 00007ffa03821230 6 bytes {JMP QWORD [RIP+0x8eee00]} .text C:\WINDOWS\system32\services.exe[756] C:\WINDOWS\system32\USER32.dll!SendInput 00007ffa03821240 6 bytes {JMP QWORD [RIP+0x8cedf0]} .text C:\WINDOWS\system32\services.exe[756] C:\WINDOWS\system32\USER32.dll!SetClipboardViewer 00007ffa038214e0 6 bytes {JMP QWORD [RIP+0x9aeb50]} .text C:\WINDOWS\system32\services.exe[756] C:\WINDOWS\system32\USER32.dll!BlockInput 00007ffa03821530 6 bytes {JMP QWORD [RIP+0x9ceb00]} .text C:\WINDOWS\system32\services.exe[756] C:\WINDOWS\system32\USER32.dll!RegisterHotKey 00007ffa03821c90 6 bytes {JMP QWORD [RIP+0xa0e3a0]} .text C:\WINDOWS\system32\services.exe[756] C:\WINDOWS\system32\USER32.dll!RegisterRawInputDevices 00007ffa03821cb0 6 bytes {JMP QWORD [RIP+0x94e380]} .text C:\WINDOWS\system32\services.exe[756] C:\WINDOWS\system32\USER32.dll!PostMessageW 00007ffa038233f0 6 bytes {JMP QWORD [RIP+0x72cc40]} .text C:\WINDOWS\system32\services.exe[756] C:\WINDOWS\system32\USER32.dll!PostThreadMessageW 00007ffa038235a0 6 bytes {JMP QWORD [RIP+0x76ca90]} .text C:\WINDOWS\system32\services.exe[756] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutW + 1 00007ffa03824311 5 bytes {JMP QWORD [RIP+0x7ebd20]} .text C:\WINDOWS\system32\services.exe[756] C:\WINDOWS\system32\USER32.dll!SystemParametersInfoW 00007ffa038254e0 6 bytes {JMP QWORD [RIP+0xa4ab50]} .text C:\WINDOWS\system32\services.exe[756] C:\WINDOWS\system32\USER32.dll!SendMessageW 00007ffa03825720 6 bytes {JMP QWORD [RIP+0x7aa910]} .text C:\WINDOWS\system32\services.exe[756] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackW 00007ffa038262b0 6 bytes {JMP QWORD [RIP+0x829d80]} .text C:\WINDOWS\system32\services.exe[756] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 00007ffa03826390 6 bytes {JMP QWORD [RIP+0x489ca0]} .text C:\WINDOWS\system32\services.exe[756] C:\WINDOWS\system32\USER32.dll!SetWindowLongW 00007ffa038293d0 6 bytes {JMP QWORD [RIP+0x6e6c60]} .text C:\WINDOWS\system32\services.exe[756] C:\WINDOWS\system32\USER32.dll!mouse_event 00007ffa03829f00 6 bytes {JMP QWORD [RIP+0x446130]} .text C:\WINDOWS\system32\services.exe[756] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW 00007ffa0382b7f0 3 bytes [FF, 25, 40] .text C:\WINDOWS\system32\services.exe[756] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW + 4 00007ffa0382b7f4 2 bytes [86, 00] .text C:\WINDOWS\system32\services.exe[756] C:\WINDOWS\system32\USER32.dll!GetKeyState + 1 00007ffa0382fd81 5 bytes {JMP QWORD [RIP+0x9002b0]} .text C:\WINDOWS\system32\services.exe[756] C:\WINDOWS\system32\USER32.dll!SystemParametersInfoA 00007ffa03833740 6 bytes {JMP QWORD [RIP+0xa1c8f0]} .text C:\WINDOWS\system32\services.exe[756] C:\WINDOWS\system32\USER32.dll!SetWindowLongA 00007ffa03833c60 5 bytes [FF, 25, D0, C3, 6B] .text C:\WINDOWS\system32\services.exe[756] C:\WINDOWS\system32\USER32.dll!EnableWindow 00007ffa03834610 6 bytes {JMP QWORD [RIP+0xa5ba20]} .text C:\WINDOWS\system32\services.exe[756] C:\WINDOWS\system32\USER32.dll!GetAsyncKeyState 00007ffa03834b80 6 bytes {JMP QWORD [RIP+0x91b4b0]} .text C:\WINDOWS\system32\services.exe[756] C:\WINDOWS\system32\USER32.dll!SetWinEventHook + 1 00007ffa03837101 5 bytes {JMP QWORD [RIP+0x698f30]} .text C:\WINDOWS\system32\services.exe[756] C:\WINDOWS\system32\USER32.dll!PostThreadMessageA 00007ffa038455b0 6 bytes {JMP QWORD [RIP+0x72aa80]} .text C:\WINDOWS\system32\services.exe[756] C:\WINDOWS\system32\USER32.dll!PostMessageA 00007ffa03845920 6 bytes {JMP QWORD [RIP+0x6ea710]} .text C:\WINDOWS\system32\services.exe[756] C:\WINDOWS\system32\USER32.dll!SendMessageA 00007ffa03846190 6 bytes {JMP QWORD [RIP+0x769ea0]} .text C:\WINDOWS\system32\services.exe[756] C:\WINDOWS\system32\USER32.dll!ExitWindowsEx 00007ffa03854520 6 bytes {JMP QWORD [RIP+0xa5bb10]} .text C:\WINDOWS\system32\services.exe[756] C:\WINDOWS\system32\USER32.dll!SendDlgItemMessageW 00007ffa03856480 6 bytes {JMP QWORD [RIP+0x879bb0]} .text C:\WINDOWS\system32\services.exe[756] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageA 00007ffa0385c620 6 bytes {JMP QWORD [RIP+0x813a10]} .text C:\WINDOWS\system32\services.exe[756] C:\WINDOWS\system32\USER32.dll!GetClipboardData 00007ffa0385efb0 6 bytes {JMP QWORD [RIP+0x9b1080]} .text C:\WINDOWS\system32\services.exe[756] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutA 00007ffa0385f600 6 bytes {JMP QWORD [RIP+0x790a30]} .text C:\WINDOWS\system32\services.exe[756] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 00007ffa03880f60 6 bytes {JMP QWORD [RIP+0x40f0d0]} .text C:\WINDOWS\system32\services.exe[756] C:\WINDOWS\system32\USER32.dll!keybd_event 00007ffa038a9620 6 bytes {JMP QWORD [RIP+0x3a6a10]} .text C:\WINDOWS\system32\services.exe[756] C:\WINDOWS\system32\USER32.dll!SendDlgItemMessageA 00007ffa038b0f30 6 bytes {JMP QWORD [RIP+0x7ff100]} .text C:\WINDOWS\system32\services.exe[756] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackA 00007ffa038b18f0 6 bytes {JMP QWORD [RIP+0x77e740]} .text C:\WINDOWS\system32\lsass.exe[768] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW + 198 00007ffa00fe8e46 3 bytes [C4, 71, 11] .text C:\WINDOWS\system32\lsass.exe[768] C:\WINDOWS\system32\KERNELBASE.dll!SetProcessShutdownParameters 00007ffa00ff8ca0 5 bytes [FF, 25, 90, 73, 15] .text C:\WINDOWS\system32\lsass.exe[768] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW 00007ffa00ffef70 5 bytes JMP 00007ffb00fd00d8 .text C:\WINDOWS\system32\lsass.exe[768] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileWithProgressTransactedW + 1 00007ffa01039351 5 bytes {JMP QWORD [RIP+0x136ce0]} .text C:\WINDOWS\system32\lsass.exe[768] C:\WINDOWS\system32\KERNELBASE.dll!CopyFileExW 00007ffa0103a520 6 bytes {JMP QWORD [RIP+0x175b10]} .text C:\WINDOWS\system32\lsass.exe[768] C:\WINDOWS\system32\KERNELBASE.dll!CopyFile2 00007ffa0105bfb0 6 bytes {JMP QWORD [RIP+0x134080]} .text C:\WINDOWS\system32\lsass.exe[768] C:\WINDOWS\system32\USER32.dll!MoveWindow 00007ffa038211d0 6 bytes {JMP QWORD [RIP+0x94ee60]} .text C:\WINDOWS\system32\lsass.exe[768] C:\WINDOWS\system32\USER32.dll!SetParent 00007ffa03821220 6 bytes {JMP QWORD [RIP+0x92ee10]} .text C:\WINDOWS\system32\lsass.exe[768] C:\WINDOWS\system32\USER32.dll!GetKeyboardState 00007ffa03821230 6 bytes {JMP QWORD [RIP+0x8aee00]} .text C:\WINDOWS\system32\lsass.exe[768] C:\WINDOWS\system32\USER32.dll!SendInput 00007ffa03821240 6 bytes {JMP QWORD [RIP+0x88edf0]} .text C:\WINDOWS\system32\lsass.exe[768] C:\WINDOWS\system32\USER32.dll!SetClipboardViewer 00007ffa038214e0 6 bytes {JMP QWORD [RIP+0x96eb50]} .text C:\WINDOWS\system32\lsass.exe[768] C:\WINDOWS\system32\USER32.dll!BlockInput 00007ffa03821530 6 bytes {JMP QWORD [RIP+0x98eb00]} .text C:\WINDOWS\system32\lsass.exe[768] C:\WINDOWS\system32\USER32.dll!RegisterHotKey 00007ffa03821c90 6 bytes {JMP QWORD [RIP+0x9ce3a0]} .text C:\WINDOWS\system32\lsass.exe[768] C:\WINDOWS\system32\USER32.dll!RegisterRawInputDevices 00007ffa03821cb0 6 bytes {JMP QWORD [RIP+0x90e380]} .text C:\WINDOWS\system32\lsass.exe[768] C:\WINDOWS\system32\USER32.dll!PostMessageW 00007ffa038233f0 6 bytes {JMP QWORD [RIP+0x6ecc40]} .text C:\WINDOWS\system32\lsass.exe[768] C:\WINDOWS\system32\USER32.dll!PostThreadMessageW 00007ffa038235a0 6 bytes {JMP QWORD [RIP+0x72ca90]} .text C:\WINDOWS\system32\lsass.exe[768] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutW + 1 00007ffa03824311 5 bytes {JMP QWORD [RIP+0x7abd20]} .text C:\WINDOWS\system32\lsass.exe[768] C:\WINDOWS\system32\USER32.dll!SystemParametersInfoW 00007ffa038254e0 6 bytes {JMP QWORD [RIP+0xa0ab50]} .text C:\WINDOWS\system32\lsass.exe[768] C:\WINDOWS\system32\USER32.dll!SendMessageW 00007ffa03825720 6 bytes {JMP QWORD [RIP+0x76a910]} .text C:\WINDOWS\system32\lsass.exe[768] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackW 00007ffa038262b0 6 bytes {JMP QWORD [RIP+0x7e9d80]} .text C:\WINDOWS\system32\lsass.exe[768] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 00007ffa03826390 6 bytes {JMP QWORD [RIP+0x449ca0]} .text C:\WINDOWS\system32\lsass.exe[768] C:\WINDOWS\system32\USER32.dll!SetWindowLongW 00007ffa038293d0 6 bytes {JMP QWORD [RIP+0x6a6c60]} .text C:\WINDOWS\system32\lsass.exe[768] C:\WINDOWS\system32\USER32.dll!mouse_event 00007ffa03829f00 6 bytes {JMP QWORD [RIP+0x406130]} .text C:\WINDOWS\system32\lsass.exe[768] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW 00007ffa0382b7f0 3 bytes [FF, 25, 40] .text C:\WINDOWS\system32\lsass.exe[768] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW + 4 00007ffa0382b7f4 2 bytes [82, 00] .text C:\WINDOWS\system32\lsass.exe[768] C:\WINDOWS\system32\USER32.dll!GetKeyState + 1 00007ffa0382fd81 5 bytes {JMP QWORD [RIP+0x8c02b0]} .text C:\WINDOWS\system32\lsass.exe[768] C:\WINDOWS\system32\USER32.dll!SystemParametersInfoA 00007ffa03833740 6 bytes {JMP QWORD [RIP+0x9dc8f0]} .text C:\WINDOWS\system32\lsass.exe[768] C:\WINDOWS\system32\USER32.dll!SetWindowLongA 00007ffa03833c60 5 bytes [FF, 25, D0, C3, 47] .text C:\WINDOWS\system32\lsass.exe[768] C:\WINDOWS\system32\USER32.dll!EnableWindow 00007ffa03834610 6 bytes {JMP QWORD [RIP+0xa1ba20]} .text C:\WINDOWS\system32\lsass.exe[768] C:\WINDOWS\system32\USER32.dll!GetAsyncKeyState 00007ffa03834b80 6 bytes {JMP QWORD [RIP+0x8db4b0]} .text C:\WINDOWS\system32\lsass.exe[768] C:\WINDOWS\system32\USER32.dll!SetWinEventHook + 1 00007ffa03837101 5 bytes {JMP QWORD [RIP+0x458f30]} .text C:\WINDOWS\system32\lsass.exe[768] C:\WINDOWS\system32\USER32.dll!PostThreadMessageA 00007ffa038455b0 6 bytes {JMP QWORD [RIP+0x6eaa80]} .text C:\WINDOWS\system32\lsass.exe[768] C:\WINDOWS\system32\USER32.dll!PostMessageA 00007ffa03845920 6 bytes {JMP QWORD [RIP+0x6aa710]} .text C:\WINDOWS\system32\lsass.exe[768] C:\WINDOWS\system32\USER32.dll!SendMessageA 00007ffa03846190 6 bytes {JMP QWORD [RIP+0x729ea0]} .text C:\WINDOWS\system32\lsass.exe[768] C:\WINDOWS\system32\USER32.dll!ExitWindowsEx 00007ffa03854520 6 bytes {JMP QWORD [RIP+0xa1bb10]} .text C:\WINDOWS\system32\lsass.exe[768] C:\WINDOWS\system32\USER32.dll!SendDlgItemMessageW 00007ffa03856480 6 bytes {JMP QWORD [RIP+0x839bb0]} .text C:\WINDOWS\system32\lsass.exe[768] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageA 00007ffa0385c620 6 bytes {JMP QWORD [RIP+0x7d3a10]} .text C:\WINDOWS\system32\lsass.exe[768] C:\WINDOWS\system32\USER32.dll!GetClipboardData 00007ffa0385efb0 6 bytes {JMP QWORD [RIP+0x971080]} .text C:\WINDOWS\system32\lsass.exe[768] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutA 00007ffa0385f600 6 bytes {JMP QWORD [RIP+0x750a30]} .text C:\WINDOWS\system32\lsass.exe[768] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 00007ffa03880f60 6 bytes {JMP QWORD [RIP+0x3cf0d0]} .text C:\WINDOWS\system32\lsass.exe[768] C:\WINDOWS\system32\USER32.dll!keybd_event 00007ffa038a9620 6 bytes {JMP QWORD [RIP+0x366a10]} .text C:\WINDOWS\system32\lsass.exe[768] C:\WINDOWS\system32\USER32.dll!SendDlgItemMessageA 00007ffa038b0f30 6 bytes {JMP QWORD [RIP+0x7bf100]} .text C:\WINDOWS\system32\lsass.exe[768] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackA 00007ffa038b18f0 6 bytes {JMP QWORD [RIP+0x73e740]} .text C:\WINDOWS\system32\svchost.exe[848] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW + 198 00007ffa00fe8e46 3 bytes [C4, 71, 11] .text C:\WINDOWS\system32\svchost.exe[848] C:\WINDOWS\system32\KERNELBASE.dll!SetProcessShutdownParameters 00007ffa00ff8ca0 5 bytes [FF, 25, 90, 73, 15] .text C:\WINDOWS\system32\svchost.exe[848] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW 00007ffa00ffef70 5 bytes JMP 00007ffb00fd00d8 .text C:\WINDOWS\system32\svchost.exe[848] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileWithProgressTransactedW + 1 00007ffa01039351 5 bytes {JMP QWORD [RIP+0x136ce0]} .text C:\WINDOWS\system32\svchost.exe[848] C:\WINDOWS\system32\KERNELBASE.dll!CopyFileExW 00007ffa0103a520 6 bytes {JMP QWORD [RIP+0x175b10]} .text C:\WINDOWS\system32\svchost.exe[848] C:\WINDOWS\system32\KERNELBASE.dll!CopyFile2 00007ffa0105bfb0 6 bytes {JMP QWORD [RIP+0x134080]} .text C:\WINDOWS\system32\svchost.exe[848] C:\WINDOWS\system32\RPCRT4.dll!RpcServerRegisterIf3 00007ffa036f4fc0 6 bytes {JMP QWORD [RIP+0x53b070]} .text C:\WINDOWS\system32\svchost.exe[848] C:\WINDOWS\system32\RPCRT4.dll!RpcServerRegisterIfEx 00007ffa0370fe20 6 bytes {JMP QWORD [RIP+0x500210]} .text C:\WINDOWS\system32\svchost.exe[848] C:\WINDOWS\system32\USER32.dll!MoveWindow 00007ffa038211d0 6 bytes {JMP QWORD [RIP+0x98ee60]} .text C:\WINDOWS\system32\svchost.exe[848] C:\WINDOWS\system32\USER32.dll!SetParent 00007ffa03821220 6 bytes {JMP QWORD [RIP+0x96ee10]} .text C:\WINDOWS\system32\svchost.exe[848] C:\WINDOWS\system32\USER32.dll!GetKeyboardState 00007ffa03821230 6 bytes {JMP QWORD [RIP+0x8eee00]} .text C:\WINDOWS\system32\svchost.exe[848] C:\WINDOWS\system32\USER32.dll!SendInput 00007ffa03821240 6 bytes {JMP QWORD [RIP+0x8cedf0]} .text C:\WINDOWS\system32\svchost.exe[848] C:\WINDOWS\system32\USER32.dll!SetClipboardViewer 00007ffa038214e0 6 bytes {JMP QWORD [RIP+0x9aeb50]} .text C:\WINDOWS\system32\svchost.exe[848] C:\WINDOWS\system32\USER32.dll!BlockInput 00007ffa03821530 6 bytes {JMP QWORD [RIP+0x9ceb00]} .text C:\WINDOWS\system32\svchost.exe[848] C:\WINDOWS\system32\USER32.dll!RegisterHotKey 00007ffa03821c90 6 bytes {JMP QWORD [RIP+0xa0e3a0]} .text C:\WINDOWS\system32\svchost.exe[848] C:\WINDOWS\system32\USER32.dll!RegisterRawInputDevices 00007ffa03821cb0 6 bytes {JMP QWORD [RIP+0x94e380]} .text C:\WINDOWS\system32\svchost.exe[848] C:\WINDOWS\system32\USER32.dll!PostMessageW 00007ffa038233f0 6 bytes {JMP QWORD [RIP+0x72cc40]} .text C:\WINDOWS\system32\svchost.exe[848] C:\WINDOWS\system32\USER32.dll!PostThreadMessageW 00007ffa038235a0 6 bytes {JMP QWORD [RIP+0x76ca90]} .text C:\WINDOWS\system32\svchost.exe[848] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutW + 1 00007ffa03824311 5 bytes {JMP QWORD [RIP+0x7ebd20]} .text C:\WINDOWS\system32\svchost.exe[848] C:\WINDOWS\system32\USER32.dll!SystemParametersInfoW 00007ffa038254e0 6 bytes {JMP QWORD [RIP+0xa4ab50]} .text C:\WINDOWS\system32\svchost.exe[848] C:\WINDOWS\system32\USER32.dll!SendMessageW 00007ffa03825720 6 bytes {JMP QWORD [RIP+0x7aa910]} .text C:\WINDOWS\system32\svchost.exe[848] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackW 00007ffa038262b0 6 bytes {JMP QWORD [RIP+0x829d80]} .text C:\WINDOWS\system32\svchost.exe[848] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 00007ffa03826390 6 bytes {JMP QWORD [RIP+0x489ca0]} .text C:\WINDOWS\system32\svchost.exe[848] C:\WINDOWS\system32\USER32.dll!SetWindowLongW 00007ffa038293d0 6 bytes {JMP QWORD [RIP+0x6e6c60]} .text C:\WINDOWS\system32\svchost.exe[848] C:\WINDOWS\system32\USER32.dll!mouse_event 00007ffa03829f00 6 bytes {JMP QWORD [RIP+0x446130]} .text C:\WINDOWS\system32\svchost.exe[848] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW 00007ffa0382b7f0 3 bytes [FF, 25, 40] .text C:\WINDOWS\system32\svchost.exe[848] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW + 4 00007ffa0382b7f4 2 bytes [86, 00] .text C:\WINDOWS\system32\svchost.exe[848] C:\WINDOWS\system32\USER32.dll!GetKeyState + 1 00007ffa0382fd81 5 bytes {JMP QWORD [RIP+0x9002b0]} .text C:\WINDOWS\system32\svchost.exe[848] C:\WINDOWS\system32\USER32.dll!SystemParametersInfoA 00007ffa03833740 6 bytes {JMP QWORD [RIP+0xa1c8f0]} .text C:\WINDOWS\system32\svchost.exe[848] C:\WINDOWS\system32\USER32.dll!SetWindowLongA 00007ffa03833c60 5 bytes [FF, 25, D0, C3, 6B] .text C:\WINDOWS\system32\svchost.exe[848] C:\WINDOWS\system32\USER32.dll!EnableWindow 00007ffa03834610 6 bytes {JMP QWORD [RIP+0xa5ba20]} .text C:\WINDOWS\system32\svchost.exe[848] C:\WINDOWS\system32\USER32.dll!GetAsyncKeyState 00007ffa03834b80 6 bytes {JMP QWORD [RIP+0x91b4b0]} .text C:\WINDOWS\system32\svchost.exe[848] C:\WINDOWS\system32\USER32.dll!SetWinEventHook + 1 00007ffa03837101 5 bytes {JMP QWORD [RIP+0x698f30]} .text C:\WINDOWS\system32\svchost.exe[848] C:\WINDOWS\system32\USER32.dll!PostThreadMessageA 00007ffa038455b0 6 bytes {JMP QWORD [RIP+0x72aa80]} .text C:\WINDOWS\system32\svchost.exe[848] C:\WINDOWS\system32\USER32.dll!PostMessageA 00007ffa03845920 6 bytes {JMP QWORD [RIP+0x6ea710]} .text C:\WINDOWS\system32\svchost.exe[848] C:\WINDOWS\system32\USER32.dll!SendMessageA 00007ffa03846190 6 bytes {JMP QWORD [RIP+0x769ea0]} .text C:\WINDOWS\system32\svchost.exe[848] C:\WINDOWS\system32\USER32.dll!ExitWindowsEx 00007ffa03854520 6 bytes {JMP QWORD [RIP+0xa5bb10]} .text C:\WINDOWS\system32\svchost.exe[848] C:\WINDOWS\system32\USER32.dll!SendDlgItemMessageW 00007ffa03856480 6 bytes {JMP QWORD [RIP+0x879bb0]} .text C:\WINDOWS\system32\svchost.exe[848] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageA 00007ffa0385c620 6 bytes {JMP QWORD [RIP+0x813a10]} .text C:\WINDOWS\system32\svchost.exe[848] C:\WINDOWS\system32\USER32.dll!GetClipboardData 00007ffa0385efb0 6 bytes {JMP QWORD [RIP+0x9b1080]} .text C:\WINDOWS\system32\svchost.exe[848] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutA 00007ffa0385f600 6 bytes {JMP QWORD [RIP+0x790a30]} .text C:\WINDOWS\system32\svchost.exe[848] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 00007ffa03880f60 6 bytes {JMP QWORD [RIP+0x40f0d0]} .text C:\WINDOWS\system32\svchost.exe[848] C:\WINDOWS\system32\USER32.dll!keybd_event 00007ffa038a9620 6 bytes {JMP QWORD [RIP+0x3a6a10]} .text C:\WINDOWS\system32\svchost.exe[848] C:\WINDOWS\system32\USER32.dll!SendDlgItemMessageA 00007ffa038b0f30 6 bytes {JMP QWORD [RIP+0x7ff100]} .text C:\WINDOWS\system32\svchost.exe[848] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackA 00007ffa038b18f0 6 bytes {JMP QWORD [RIP+0x77e740]} .text C:\WINDOWS\system32\svchost.exe[892] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW + 198 00007ffa00fe8e46 3 bytes [C4, 71, 11] .text C:\WINDOWS\system32\svchost.exe[892] C:\WINDOWS\system32\KERNELBASE.dll!SetProcessShutdownParameters 00007ffa00ff8ca0 5 bytes [FF, 25, 90, 73, 15] .text C:\WINDOWS\system32\svchost.exe[892] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW 00007ffa00ffef70 5 bytes JMP 00007ffb00fd00d8 .text C:\WINDOWS\system32\svchost.exe[892] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileWithProgressTransactedW + 1 00007ffa01039351 5 bytes {JMP QWORD [RIP+0x136ce0]} .text C:\WINDOWS\system32\svchost.exe[892] C:\WINDOWS\system32\KERNELBASE.dll!CopyFileExW 00007ffa0103a520 6 bytes {JMP QWORD [RIP+0x175b10]} .text C:\WINDOWS\system32\svchost.exe[892] C:\WINDOWS\system32\KERNELBASE.dll!CopyFile2 00007ffa0105bfb0 6 bytes {JMP QWORD [RIP+0x134080]} .text C:\WINDOWS\system32\svchost.exe[892] C:\WINDOWS\system32\RPCRT4.dll!RpcServerRegisterIf3 00007ffa036f4fc0 6 bytes {JMP QWORD [RIP+0x53b070]} .text C:\WINDOWS\system32\svchost.exe[892] C:\WINDOWS\system32\RPCRT4.dll!RpcServerRegisterIfEx 00007ffa0370fe20 6 bytes {JMP QWORD [RIP+0x500210]} .text C:\WINDOWS\system32\svchost.exe[892] C:\WINDOWS\system32\USER32.dll!MoveWindow 00007ffa038211d0 6 bytes {JMP QWORD [RIP+0x98ee60]} .text C:\WINDOWS\system32\svchost.exe[892] C:\WINDOWS\system32\USER32.dll!SetParent 00007ffa03821220 6 bytes {JMP QWORD [RIP+0x96ee10]} .text C:\WINDOWS\system32\svchost.exe[892] C:\WINDOWS\system32\USER32.dll!GetKeyboardState 00007ffa03821230 6 bytes {JMP QWORD [RIP+0x8eee00]} .text C:\WINDOWS\system32\svchost.exe[892] C:\WINDOWS\system32\USER32.dll!SendInput 00007ffa03821240 6 bytes {JMP QWORD [RIP+0x8cedf0]} .text C:\WINDOWS\system32\svchost.exe[892] C:\WINDOWS\system32\USER32.dll!SetClipboardViewer 00007ffa038214e0 6 bytes {JMP QWORD [RIP+0x9aeb50]} .text C:\WINDOWS\system32\svchost.exe[892] C:\WINDOWS\system32\USER32.dll!BlockInput 00007ffa03821530 6 bytes {JMP QWORD [RIP+0x9ceb00]} .text C:\WINDOWS\system32\svchost.exe[892] C:\WINDOWS\system32\USER32.dll!RegisterHotKey 00007ffa03821c90 6 bytes {JMP QWORD [RIP+0xa0e3a0]} .text C:\WINDOWS\system32\svchost.exe[892] C:\WINDOWS\system32\USER32.dll!RegisterRawInputDevices 00007ffa03821cb0 6 bytes {JMP QWORD [RIP+0x94e380]} .text C:\WINDOWS\system32\svchost.exe[892] C:\WINDOWS\system32\USER32.dll!PostMessageW 00007ffa038233f0 6 bytes {JMP QWORD [RIP+0x72cc40]} .text C:\WINDOWS\system32\svchost.exe[892] C:\WINDOWS\system32\USER32.dll!PostThreadMessageW 00007ffa038235a0 6 bytes {JMP QWORD [RIP+0x76ca90]} .text C:\WINDOWS\system32\svchost.exe[892] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutW + 1 00007ffa03824311 5 bytes {JMP QWORD [RIP+0x7ebd20]} .text C:\WINDOWS\system32\svchost.exe[892] C:\WINDOWS\system32\USER32.dll!SystemParametersInfoW 00007ffa038254e0 6 bytes {JMP QWORD [RIP+0xa4ab50]} .text C:\WINDOWS\system32\svchost.exe[892] C:\WINDOWS\system32\USER32.dll!SendMessageW 00007ffa03825720 6 bytes {JMP QWORD [RIP+0x7aa910]} .text C:\WINDOWS\system32\svchost.exe[892] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackW 00007ffa038262b0 6 bytes {JMP QWORD [RIP+0x829d80]} .text C:\WINDOWS\system32\svchost.exe[892] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 00007ffa03826390 6 bytes {JMP QWORD [RIP+0x489ca0]} .text C:\WINDOWS\system32\svchost.exe[892] C:\WINDOWS\system32\USER32.dll!SetWindowLongW 00007ffa038293d0 6 bytes {JMP QWORD [RIP+0x6e6c60]} .text C:\WINDOWS\system32\svchost.exe[892] C:\WINDOWS\system32\USER32.dll!mouse_event 00007ffa03829f00 6 bytes {JMP QWORD [RIP+0x446130]} .text C:\WINDOWS\system32\svchost.exe[892] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW 00007ffa0382b7f0 3 bytes [FF, 25, 40] .text C:\WINDOWS\system32\svchost.exe[892] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW + 4 00007ffa0382b7f4 2 bytes [86, 00] .text C:\WINDOWS\system32\svchost.exe[892] C:\WINDOWS\system32\USER32.dll!GetKeyState + 1 00007ffa0382fd81 5 bytes {JMP QWORD [RIP+0x9002b0]} .text C:\WINDOWS\system32\svchost.exe[892] C:\WINDOWS\system32\USER32.dll!SystemParametersInfoA 00007ffa03833740 6 bytes {JMP QWORD [RIP+0xa1c8f0]} .text C:\WINDOWS\system32\svchost.exe[892] C:\WINDOWS\system32\USER32.dll!SetWindowLongA 00007ffa03833c60 5 bytes [FF, 25, D0, C3, 6B] .text C:\WINDOWS\system32\svchost.exe[892] C:\WINDOWS\system32\USER32.dll!EnableWindow 00007ffa03834610 6 bytes {JMP QWORD [RIP+0xa5ba20]} .text C:\WINDOWS\system32\svchost.exe[892] C:\WINDOWS\system32\USER32.dll!GetAsyncKeyState 00007ffa03834b80 6 bytes {JMP QWORD [RIP+0x91b4b0]} .text C:\WINDOWS\system32\svchost.exe[892] C:\WINDOWS\system32\USER32.dll!SetWinEventHook + 1 00007ffa03837101 5 bytes {JMP QWORD [RIP+0x698f30]} .text C:\WINDOWS\system32\svchost.exe[892] C:\WINDOWS\system32\USER32.dll!PostThreadMessageA 00007ffa038455b0 6 bytes {JMP QWORD [RIP+0x72aa80]} .text C:\WINDOWS\system32\svchost.exe[892] C:\WINDOWS\system32\USER32.dll!PostMessageA 00007ffa03845920 6 bytes {JMP QWORD [RIP+0x6ea710]} .text C:\WINDOWS\system32\svchost.exe[892] C:\WINDOWS\system32\USER32.dll!SendMessageA 00007ffa03846190 6 bytes {JMP QWORD [RIP+0x769ea0]} .text C:\WINDOWS\system32\svchost.exe[892] C:\WINDOWS\system32\USER32.dll!ExitWindowsEx 00007ffa03854520 6 bytes {JMP QWORD [RIP+0xa5bb10]} .text C:\WINDOWS\system32\svchost.exe[892] C:\WINDOWS\system32\USER32.dll!SendDlgItemMessageW 00007ffa03856480 6 bytes {JMP QWORD [RIP+0x879bb0]} .text C:\WINDOWS\system32\svchost.exe[892] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageA 00007ffa0385c620 6 bytes {JMP QWORD [RIP+0x813a10]} .text C:\WINDOWS\system32\svchost.exe[892] C:\WINDOWS\system32\USER32.dll!GetClipboardData 00007ffa0385efb0 6 bytes {JMP QWORD [RIP+0x9b1080]} .text C:\WINDOWS\system32\svchost.exe[892] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutA 00007ffa0385f600 6 bytes {JMP QWORD [RIP+0x790a30]} .text C:\WINDOWS\system32\svchost.exe[892] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 00007ffa03880f60 6 bytes {JMP QWORD [RIP+0x40f0d0]} .text C:\WINDOWS\system32\svchost.exe[892] C:\WINDOWS\system32\USER32.dll!keybd_event 00007ffa038a9620 6 bytes {JMP QWORD [RIP+0x3a6a10]} .text C:\WINDOWS\system32\svchost.exe[892] C:\WINDOWS\system32\USER32.dll!SendDlgItemMessageA 00007ffa038b0f30 6 bytes {JMP QWORD [RIP+0x7ff100]} .text C:\WINDOWS\system32\svchost.exe[892] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackA 00007ffa038b18f0 6 bytes {JMP QWORD [RIP+0x77e740]} .text C:\WINDOWS\system32\svchost.exe[468] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW + 198 00007ffa00fe8e46 3 bytes [C4, 71, 11] .text C:\WINDOWS\system32\svchost.exe[468] C:\WINDOWS\system32\KERNELBASE.dll!SetProcessShutdownParameters 00007ffa00ff8ca0 5 bytes [FF, 25, 90, 73, 15] .text C:\WINDOWS\system32\svchost.exe[468] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW 00007ffa00ffef70 5 bytes JMP 00007ffb00fd00d8 .text C:\WINDOWS\system32\svchost.exe[468] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileWithProgressTransactedW + 1 00007ffa01039351 5 bytes {JMP QWORD [RIP+0x136ce0]} .text C:\WINDOWS\system32\svchost.exe[468] C:\WINDOWS\system32\KERNELBASE.dll!CopyFileExW 00007ffa0103a520 6 bytes {JMP QWORD [RIP+0x175b10]} .text C:\WINDOWS\system32\svchost.exe[468] C:\WINDOWS\system32\KERNELBASE.dll!CopyFile2 00007ffa0105bfb0 6 bytes {JMP QWORD [RIP+0x134080]} .text C:\WINDOWS\system32\svchost.exe[468] C:\WINDOWS\system32\USER32.dll!MoveWindow 00007ffa038211d0 6 bytes {JMP QWORD [RIP+0x94ee60]} .text C:\WINDOWS\system32\svchost.exe[468] C:\WINDOWS\system32\USER32.dll!SetParent 00007ffa03821220 6 bytes {JMP QWORD [RIP+0x92ee10]} .text C:\WINDOWS\system32\svchost.exe[468] C:\WINDOWS\system32\USER32.dll!GetKeyboardState 00007ffa03821230 6 bytes {JMP QWORD [RIP+0x8aee00]} .text C:\WINDOWS\system32\svchost.exe[468] C:\WINDOWS\system32\USER32.dll!SendInput 00007ffa03821240 6 bytes {JMP QWORD [RIP+0x88edf0]} .text C:\WINDOWS\system32\svchost.exe[468] C:\WINDOWS\system32\USER32.dll!SetClipboardViewer 00007ffa038214e0 6 bytes {JMP QWORD [RIP+0x96eb50]} .text C:\WINDOWS\system32\svchost.exe[468] C:\WINDOWS\system32\USER32.dll!BlockInput 00007ffa03821530 6 bytes {JMP QWORD [RIP+0x98eb00]} .text C:\WINDOWS\system32\svchost.exe[468] C:\WINDOWS\system32\USER32.dll!RegisterHotKey 00007ffa03821c90 6 bytes {JMP QWORD [RIP+0x9ce3a0]} .text C:\WINDOWS\system32\svchost.exe[468] C:\WINDOWS\system32\USER32.dll!RegisterRawInputDevices 00007ffa03821cb0 6 bytes {JMP QWORD [RIP+0x90e380]} .text C:\WINDOWS\system32\svchost.exe[468] C:\WINDOWS\system32\USER32.dll!PostMessageW 00007ffa038233f0 6 bytes {JMP QWORD [RIP+0x6ecc40]} .text C:\WINDOWS\system32\svchost.exe[468] C:\WINDOWS\system32\USER32.dll!PostThreadMessageW 00007ffa038235a0 6 bytes {JMP QWORD [RIP+0x72ca90]} .text C:\WINDOWS\system32\svchost.exe[468] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutW + 1 00007ffa03824311 5 bytes {JMP QWORD [RIP+0x7abd20]} .text C:\WINDOWS\system32\svchost.exe[468] C:\WINDOWS\system32\USER32.dll!SystemParametersInfoW 00007ffa038254e0 6 bytes {JMP QWORD [RIP+0xa0ab50]} .text C:\WINDOWS\system32\svchost.exe[468] C:\WINDOWS\system32\USER32.dll!SendMessageW 00007ffa03825720 6 bytes {JMP QWORD [RIP+0x76a910]} .text C:\WINDOWS\system32\svchost.exe[468] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackW 00007ffa038262b0 6 bytes {JMP QWORD [RIP+0x7e9d80]} .text C:\WINDOWS\system32\svchost.exe[468] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 00007ffa03826390 6 bytes {JMP QWORD [RIP+0x449ca0]} .text C:\WINDOWS\system32\svchost.exe[468] C:\WINDOWS\system32\USER32.dll!SetWindowLongW 00007ffa038293d0 6 bytes {JMP QWORD [RIP+0x6a6c60]} .text C:\WINDOWS\system32\svchost.exe[468] C:\WINDOWS\system32\USER32.dll!mouse_event 00007ffa03829f00 6 bytes {JMP QWORD [RIP+0x406130]} .text C:\WINDOWS\system32\svchost.exe[468] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW 00007ffa0382b7f0 3 bytes [FF, 25, 40] .text C:\WINDOWS\system32\svchost.exe[468] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW + 4 00007ffa0382b7f4 2 bytes [82, 00] .text C:\WINDOWS\system32\svchost.exe[468] C:\WINDOWS\system32\USER32.dll!GetKeyState + 1 00007ffa0382fd81 5 bytes {JMP QWORD [RIP+0x8c02b0]} .text C:\WINDOWS\system32\svchost.exe[468] C:\WINDOWS\system32\USER32.dll!SystemParametersInfoA 00007ffa03833740 6 bytes {JMP QWORD [RIP+0x9dc8f0]} .text C:\WINDOWS\system32\svchost.exe[468] C:\WINDOWS\system32\USER32.dll!SetWindowLongA 00007ffa03833c60 5 bytes [FF, 25, D0, C3, 47] .text C:\WINDOWS\system32\svchost.exe[468] C:\WINDOWS\system32\USER32.dll!EnableWindow 00007ffa03834610 6 bytes {JMP QWORD [RIP+0xa1ba20]} .text C:\WINDOWS\system32\svchost.exe[468] C:\WINDOWS\system32\USER32.dll!GetAsyncKeyState 00007ffa03834b80 6 bytes {JMP QWORD [RIP+0x8db4b0]} .text C:\WINDOWS\system32\svchost.exe[468] C:\WINDOWS\system32\USER32.dll!SetWinEventHook + 1 00007ffa03837101 5 bytes {JMP QWORD [RIP+0x458f30]} .text C:\WINDOWS\system32\svchost.exe[468] C:\WINDOWS\system32\USER32.dll!PostThreadMessageA 00007ffa038455b0 6 bytes {JMP QWORD [RIP+0x6eaa80]} .text C:\WINDOWS\system32\svchost.exe[468] C:\WINDOWS\system32\USER32.dll!PostMessageA 00007ffa03845920 6 bytes {JMP QWORD [RIP+0x6aa710]} .text C:\WINDOWS\system32\svchost.exe[468] C:\WINDOWS\system32\USER32.dll!SendMessageA 00007ffa03846190 6 bytes {JMP QWORD [RIP+0x729ea0]} .text C:\WINDOWS\system32\svchost.exe[468] C:\WINDOWS\system32\USER32.dll!ExitWindowsEx 00007ffa03854520 6 bytes {JMP QWORD [RIP+0xa1bb10]} .text C:\WINDOWS\system32\svchost.exe[468] C:\WINDOWS\system32\USER32.dll!SendDlgItemMessageW 00007ffa03856480 6 bytes {JMP QWORD [RIP+0x839bb0]} .text C:\WINDOWS\system32\svchost.exe[468] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageA 00007ffa0385c620 6 bytes {JMP QWORD [RIP+0x7d3a10]} .text C:\WINDOWS\system32\svchost.exe[468] C:\WINDOWS\system32\USER32.dll!GetClipboardData 00007ffa0385efb0 6 bytes {JMP QWORD [RIP+0x971080]} .text C:\WINDOWS\system32\svchost.exe[468] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutA 00007ffa0385f600 6 bytes {JMP QWORD [RIP+0x750a30]} .text C:\WINDOWS\system32\svchost.exe[468] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 00007ffa03880f60 6 bytes {JMP QWORD [RIP+0x3cf0d0]} .text C:\WINDOWS\system32\svchost.exe[468] C:\WINDOWS\system32\USER32.dll!keybd_event 00007ffa038a9620 6 bytes {JMP QWORD [RIP+0x366a10]} .text C:\WINDOWS\system32\svchost.exe[468] C:\WINDOWS\system32\USER32.dll!SendDlgItemMessageA 00007ffa038b0f30 6 bytes {JMP QWORD [RIP+0x7bf100]} .text C:\WINDOWS\system32\svchost.exe[468] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackA 00007ffa038b18f0 6 bytes {JMP QWORD [RIP+0x73e740]} .text C:\WINDOWS\System32\svchost.exe[544] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW + 198 00007ffa00fe8e46 3 bytes [C4, 71, 11] .text C:\WINDOWS\System32\svchost.exe[544] C:\WINDOWS\system32\KERNELBASE.dll!SetProcessShutdownParameters 00007ffa00ff8ca0 5 bytes [FF, 25, 90, 73, 15] .text C:\WINDOWS\System32\svchost.exe[544] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW 00007ffa00ffef70 5 bytes JMP 00007ffb00fd00d8 .text C:\WINDOWS\System32\svchost.exe[544] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileWithProgressTransactedW + 1 00007ffa01039351 5 bytes {JMP QWORD [RIP+0x136ce0]} .text C:\WINDOWS\System32\svchost.exe[544] C:\WINDOWS\system32\KERNELBASE.dll!CopyFileExW 00007ffa0103a520 6 bytes {JMP QWORD [RIP+0x175b10]} .text C:\WINDOWS\System32\svchost.exe[544] C:\WINDOWS\system32\KERNELBASE.dll!CopyFile2 00007ffa0105bfb0 6 bytes {JMP QWORD [RIP+0x134080]} .text C:\WINDOWS\System32\svchost.exe[544] C:\WINDOWS\system32\USER32.dll!MoveWindow 00007ffa038211d0 6 bytes {JMP QWORD [RIP+0x94ee60]} .text C:\WINDOWS\System32\svchost.exe[544] C:\WINDOWS\system32\USER32.dll!SetParent 00007ffa03821220 6 bytes {JMP QWORD [RIP+0x92ee10]} .text C:\WINDOWS\System32\svchost.exe[544] C:\WINDOWS\system32\USER32.dll!GetKeyboardState 00007ffa03821230 6 bytes {JMP QWORD [RIP+0x8aee00]} .text C:\WINDOWS\System32\svchost.exe[544] C:\WINDOWS\system32\USER32.dll!SendInput 00007ffa03821240 6 bytes {JMP QWORD [RIP+0x88edf0]} .text C:\WINDOWS\System32\svchost.exe[544] C:\WINDOWS\system32\USER32.dll!SetClipboardViewer 00007ffa038214e0 6 bytes {JMP QWORD [RIP+0x96eb50]} .text C:\WINDOWS\System32\svchost.exe[544] C:\WINDOWS\system32\USER32.dll!BlockInput 00007ffa03821530 6 bytes {JMP QWORD [RIP+0x98eb00]} .text C:\WINDOWS\System32\svchost.exe[544] C:\WINDOWS\system32\USER32.dll!RegisterHotKey 00007ffa03821c90 6 bytes {JMP QWORD [RIP+0x9ce3a0]} .text C:\WINDOWS\System32\svchost.exe[544] C:\WINDOWS\system32\USER32.dll!RegisterRawInputDevices 00007ffa03821cb0 6 bytes {JMP QWORD [RIP+0x90e380]} .text C:\WINDOWS\System32\svchost.exe[544] C:\WINDOWS\system32\USER32.dll!PostMessageW 00007ffa038233f0 6 bytes {JMP QWORD [RIP+0x6ecc40]} .text C:\WINDOWS\System32\svchost.exe[544] C:\WINDOWS\system32\USER32.dll!PostThreadMessageW 00007ffa038235a0 6 bytes {JMP QWORD [RIP+0x72ca90]} .text C:\WINDOWS\System32\svchost.exe[544] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutW + 1 00007ffa03824311 5 bytes {JMP QWORD [RIP+0x7abd20]} .text C:\WINDOWS\System32\svchost.exe[544] C:\WINDOWS\system32\USER32.dll!SystemParametersInfoW 00007ffa038254e0 6 bytes {JMP QWORD [RIP+0xa0ab50]} .text C:\WINDOWS\System32\svchost.exe[544] C:\WINDOWS\system32\USER32.dll!SendMessageW 00007ffa03825720 6 bytes {JMP QWORD [RIP+0x76a910]} .text C:\WINDOWS\System32\svchost.exe[544] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackW 00007ffa038262b0 6 bytes {JMP QWORD [RIP+0x7e9d80]} .text C:\WINDOWS\System32\svchost.exe[544] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 00007ffa03826390 6 bytes {JMP QWORD [RIP+0x449ca0]} .text C:\WINDOWS\System32\svchost.exe[544] C:\WINDOWS\system32\USER32.dll!SetWindowLongW 00007ffa038293d0 6 bytes {JMP QWORD [RIP+0x6a6c60]} .text C:\WINDOWS\System32\svchost.exe[544] C:\WINDOWS\system32\USER32.dll!mouse_event 00007ffa03829f00 6 bytes {JMP QWORD [RIP+0x406130]} .text C:\WINDOWS\System32\svchost.exe[544] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW 00007ffa0382b7f0 3 bytes [FF, 25, 40] .text C:\WINDOWS\System32\svchost.exe[544] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW + 4 00007ffa0382b7f4 2 bytes [82, 00] .text C:\WINDOWS\System32\svchost.exe[544] C:\WINDOWS\system32\USER32.dll!GetKeyState + 1 00007ffa0382fd81 5 bytes {JMP QWORD [RIP+0x8c02b0]} .text C:\WINDOWS\System32\svchost.exe[544] C:\WINDOWS\system32\USER32.dll!SystemParametersInfoA 00007ffa03833740 6 bytes {JMP QWORD [RIP+0x9dc8f0]} .text C:\WINDOWS\System32\svchost.exe[544] C:\WINDOWS\system32\USER32.dll!SetWindowLongA 00007ffa03833c60 5 bytes [FF, 25, D0, C3, 47] .text C:\WINDOWS\System32\svchost.exe[544] C:\WINDOWS\system32\USER32.dll!EnableWindow 00007ffa03834610 6 bytes {JMP QWORD [RIP+0xa1ba20]} .text C:\WINDOWS\System32\svchost.exe[544] C:\WINDOWS\system32\USER32.dll!GetAsyncKeyState 00007ffa03834b80 6 bytes {JMP QWORD [RIP+0x8db4b0]} .text C:\WINDOWS\System32\svchost.exe[544] C:\WINDOWS\system32\USER32.dll!SetWinEventHook + 1 00007ffa03837101 5 bytes {JMP QWORD [RIP+0x458f30]} .text C:\WINDOWS\System32\svchost.exe[544] C:\WINDOWS\system32\USER32.dll!PostThreadMessageA 00007ffa038455b0 6 bytes {JMP QWORD [RIP+0x6eaa80]} .text C:\WINDOWS\System32\svchost.exe[544] C:\WINDOWS\system32\USER32.dll!PostMessageA 00007ffa03845920 6 bytes {JMP QWORD [RIP+0x6aa710]} .text C:\WINDOWS\System32\svchost.exe[544] C:\WINDOWS\system32\USER32.dll!SendMessageA 00007ffa03846190 6 bytes {JMP QWORD [RIP+0x729ea0]} .text C:\WINDOWS\System32\svchost.exe[544] C:\WINDOWS\system32\USER32.dll!ExitWindowsEx 00007ffa03854520 6 bytes {JMP QWORD [RIP+0xa1bb10]} .text C:\WINDOWS\System32\svchost.exe[544] C:\WINDOWS\system32\USER32.dll!SendDlgItemMessageW 00007ffa03856480 6 bytes {JMP QWORD [RIP+0x839bb0]} .text C:\WINDOWS\System32\svchost.exe[544] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageA 00007ffa0385c620 6 bytes {JMP QWORD [RIP+0x7d3a10]} .text C:\WINDOWS\System32\svchost.exe[544] C:\WINDOWS\system32\USER32.dll!GetClipboardData 00007ffa0385efb0 6 bytes {JMP QWORD [RIP+0x971080]} .text C:\WINDOWS\System32\svchost.exe[544] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutA 00007ffa0385f600 6 bytes {JMP QWORD [RIP+0x750a30]} .text C:\WINDOWS\System32\svchost.exe[544] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 00007ffa03880f60 6 bytes {JMP QWORD [RIP+0x3cf0d0]} .text C:\WINDOWS\System32\svchost.exe[544] C:\WINDOWS\system32\USER32.dll!keybd_event 00007ffa038a9620 6 bytes {JMP QWORD [RIP+0x366a10]} .text C:\WINDOWS\System32\svchost.exe[544] C:\WINDOWS\system32\USER32.dll!SendDlgItemMessageA 00007ffa038b0f30 6 bytes {JMP QWORD [RIP+0x7bf100]} .text C:\WINDOWS\System32\svchost.exe[544] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackA 00007ffa038b18f0 6 bytes {JMP QWORD [RIP+0x73e740]} .text C:\WINDOWS\system32\svchost.exe[472] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW + 198 00007ffa00fe8e46 3 bytes [C4, 71, 11] .text C:\WINDOWS\system32\svchost.exe[472] C:\WINDOWS\system32\KERNELBASE.dll!SetProcessShutdownParameters 00007ffa00ff8ca0 5 bytes [FF, 25, 90, 73, 15] .text C:\WINDOWS\system32\svchost.exe[472] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW 00007ffa00ffef70 5 bytes JMP 00007ffb00fd00d8 .text C:\WINDOWS\system32\svchost.exe[472] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileWithProgressTransactedW + 1 00007ffa01039351 5 bytes {JMP QWORD [RIP+0x136ce0]} .text C:\WINDOWS\system32\svchost.exe[472] C:\WINDOWS\system32\KERNELBASE.dll!CopyFileExW 00007ffa0103a520 6 bytes {JMP QWORD [RIP+0x175b10]} .text C:\WINDOWS\system32\svchost.exe[472] C:\WINDOWS\system32\KERNELBASE.dll!CopyFile2 00007ffa0105bfb0 6 bytes {JMP QWORD [RIP+0x134080]} .text C:\WINDOWS\system32\svchost.exe[472] C:\WINDOWS\system32\RPCRT4.dll!RpcServerRegisterIf3 00007ffa036f4fc0 6 bytes {JMP QWORD [RIP+0x53b070]} .text C:\WINDOWS\system32\svchost.exe[472] C:\WINDOWS\system32\RPCRT4.dll!RpcServerRegisterIfEx 00007ffa0370fe20 6 bytes {JMP QWORD [RIP+0x500210]} .text C:\WINDOWS\system32\svchost.exe[472] C:\WINDOWS\system32\USER32.dll!MoveWindow 00007ffa038211d0 6 bytes {JMP QWORD [RIP+0x98ee60]} .text C:\WINDOWS\system32\svchost.exe[472] C:\WINDOWS\system32\USER32.dll!SetParent 00007ffa03821220 6 bytes {JMP QWORD [RIP+0x96ee10]} .text C:\WINDOWS\system32\svchost.exe[472] C:\WINDOWS\system32\USER32.dll!GetKeyboardState 00007ffa03821230 6 bytes {JMP QWORD [RIP+0x8eee00]} .text C:\WINDOWS\system32\svchost.exe[472] C:\WINDOWS\system32\USER32.dll!SendInput 00007ffa03821240 6 bytes {JMP QWORD [RIP+0x8cedf0]} .text C:\WINDOWS\system32\svchost.exe[472] C:\WINDOWS\system32\USER32.dll!SetClipboardViewer 00007ffa038214e0 6 bytes {JMP QWORD [RIP+0x9aeb50]} .text C:\WINDOWS\system32\svchost.exe[472] C:\WINDOWS\system32\USER32.dll!BlockInput 00007ffa03821530 6 bytes {JMP QWORD [RIP+0x9ceb00]} .text C:\WINDOWS\system32\svchost.exe[472] C:\WINDOWS\system32\USER32.dll!RegisterHotKey 00007ffa03821c90 6 bytes {JMP QWORD [RIP+0xa0e3a0]} .text C:\WINDOWS\system32\svchost.exe[472] C:\WINDOWS\system32\USER32.dll!RegisterRawInputDevices 00007ffa03821cb0 6 bytes {JMP QWORD [RIP+0x94e380]} .text C:\WINDOWS\system32\svchost.exe[472] C:\WINDOWS\system32\USER32.dll!PostMessageW 00007ffa038233f0 6 bytes {JMP QWORD [RIP+0x72cc40]} .text C:\WINDOWS\system32\svchost.exe[472] C:\WINDOWS\system32\USER32.dll!PostThreadMessageW 00007ffa038235a0 6 bytes {JMP QWORD [RIP+0x76ca90]} .text C:\WINDOWS\system32\svchost.exe[472] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutW + 1 00007ffa03824311 5 bytes {JMP QWORD [RIP+0x7ebd20]} .text C:\WINDOWS\system32\svchost.exe[472] C:\WINDOWS\system32\USER32.dll!SystemParametersInfoW 00007ffa038254e0 6 bytes {JMP QWORD [RIP+0xa4ab50]} .text C:\WINDOWS\system32\svchost.exe[472] C:\WINDOWS\system32\USER32.dll!SendMessageW 00007ffa03825720 6 bytes {JMP QWORD [RIP+0x7aa910]} .text C:\WINDOWS\system32\svchost.exe[472] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackW 00007ffa038262b0 6 bytes {JMP QWORD [RIP+0x829d80]} .text C:\WINDOWS\system32\svchost.exe[472] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 00007ffa03826390 6 bytes {JMP QWORD [RIP+0x489ca0]} .text C:\WINDOWS\system32\svchost.exe[472] C:\WINDOWS\system32\USER32.dll!SetWindowLongW 00007ffa038293d0 6 bytes {JMP QWORD [RIP+0x6e6c60]} .text C:\WINDOWS\system32\svchost.exe[472] C:\WINDOWS\system32\USER32.dll!mouse_event 00007ffa03829f00 6 bytes {JMP QWORD [RIP+0x446130]} .text C:\WINDOWS\system32\svchost.exe[472] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW 00007ffa0382b7f0 3 bytes [FF, 25, 40] .text C:\WINDOWS\system32\svchost.exe[472] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW + 4 00007ffa0382b7f4 2 bytes [86, 00] .text C:\WINDOWS\system32\svchost.exe[472] C:\WINDOWS\system32\USER32.dll!GetKeyState + 1 00007ffa0382fd81 5 bytes {JMP QWORD [RIP+0x9002b0]} .text C:\WINDOWS\system32\svchost.exe[472] C:\WINDOWS\system32\USER32.dll!SystemParametersInfoA 00007ffa03833740 6 bytes {JMP QWORD [RIP+0xa1c8f0]} .text C:\WINDOWS\system32\svchost.exe[472] C:\WINDOWS\system32\USER32.dll!SetWindowLongA 00007ffa03833c60 5 bytes [FF, 25, D0, C3, 6B] .text C:\WINDOWS\system32\svchost.exe[472] C:\WINDOWS\system32\USER32.dll!EnableWindow 00007ffa03834610 6 bytes {JMP QWORD [RIP+0xa5ba20]} .text C:\WINDOWS\system32\svchost.exe[472] C:\WINDOWS\system32\USER32.dll!GetAsyncKeyState 00007ffa03834b80 6 bytes {JMP QWORD [RIP+0x91b4b0]} .text C:\WINDOWS\system32\svchost.exe[472] C:\WINDOWS\system32\USER32.dll!SetWinEventHook + 1 00007ffa03837101 5 bytes {JMP QWORD [RIP+0x698f30]} .text C:\WINDOWS\system32\svchost.exe[472] C:\WINDOWS\system32\USER32.dll!PostThreadMessageA 00007ffa038455b0 6 bytes {JMP QWORD [RIP+0x72aa80]} .text C:\WINDOWS\system32\svchost.exe[472] C:\WINDOWS\system32\USER32.dll!PostMessageA 00007ffa03845920 6 bytes {JMP QWORD [RIP+0x6ea710]} .text C:\WINDOWS\system32\svchost.exe[472] C:\WINDOWS\system32\USER32.dll!SendMessageA 00007ffa03846190 6 bytes {JMP QWORD [RIP+0x769ea0]} .text C:\WINDOWS\system32\svchost.exe[472] C:\WINDOWS\system32\USER32.dll!ExitWindowsEx 00007ffa03854520 6 bytes {JMP QWORD [RIP+0xa5bb10]} .text C:\WINDOWS\system32\svchost.exe[472] C:\WINDOWS\system32\USER32.dll!SendDlgItemMessageW 00007ffa03856480 6 bytes {JMP QWORD [RIP+0x879bb0]} .text C:\WINDOWS\system32\svchost.exe[472] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageA 00007ffa0385c620 6 bytes {JMP QWORD [RIP+0x813a10]} .text C:\WINDOWS\system32\svchost.exe[472] C:\WINDOWS\system32\USER32.dll!GetClipboardData 00007ffa0385efb0 6 bytes {JMP QWORD [RIP+0x9b1080]} .text C:\WINDOWS\system32\svchost.exe[472] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutA 00007ffa0385f600 6 bytes {JMP QWORD [RIP+0x790a30]} .text C:\WINDOWS\system32\svchost.exe[472] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 00007ffa03880f60 6 bytes {JMP QWORD [RIP+0x40f0d0]} .text C:\WINDOWS\system32\svchost.exe[472] C:\WINDOWS\system32\USER32.dll!keybd_event 00007ffa038a9620 6 bytes {JMP QWORD [RIP+0x3a6a10]} .text C:\WINDOWS\system32\svchost.exe[472] C:\WINDOWS\system32\USER32.dll!SendDlgItemMessageA 00007ffa038b0f30 6 bytes {JMP QWORD [RIP+0x7ff100]} .text C:\WINDOWS\system32\svchost.exe[472] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackA 00007ffa038b18f0 6 bytes {JMP QWORD [RIP+0x77e740]} .text C:\WINDOWS\system32\svchost.exe[944] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW + 198 00007ffa00fe8e46 3 bytes [C4, 71, 11] .text C:\WINDOWS\system32\svchost.exe[944] C:\WINDOWS\system32\KERNELBASE.dll!SetProcessShutdownParameters 00007ffa00ff8ca0 5 bytes [FF, 25, 90, 73, 15] .text C:\WINDOWS\system32\svchost.exe[944] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW 00007ffa00ffef70 5 bytes JMP 00007ffb00fd00d8 .text C:\WINDOWS\system32\svchost.exe[944] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileWithProgressTransactedW + 1 00007ffa01039351 5 bytes {JMP QWORD [RIP+0x136ce0]} .text C:\WINDOWS\system32\svchost.exe[944] C:\WINDOWS\system32\KERNELBASE.dll!CopyFileExW 00007ffa0103a520 6 bytes {JMP QWORD [RIP+0x175b10]} .text C:\WINDOWS\system32\svchost.exe[944] C:\WINDOWS\system32\KERNELBASE.dll!CopyFile2 00007ffa0105bfb0 6 bytes {JMP QWORD [RIP+0x134080]} .text C:\WINDOWS\system32\svchost.exe[944] C:\WINDOWS\system32\USER32.dll!MoveWindow 00007ffa038211d0 6 bytes {JMP QWORD [RIP+0x94ee60]} .text C:\WINDOWS\system32\svchost.exe[944] C:\WINDOWS\system32\USER32.dll!SetParent 00007ffa03821220 6 bytes {JMP QWORD [RIP+0x92ee10]} .text C:\WINDOWS\system32\svchost.exe[944] C:\WINDOWS\system32\USER32.dll!GetKeyboardState 00007ffa03821230 6 bytes {JMP QWORD [RIP+0x8aee00]} .text C:\WINDOWS\system32\svchost.exe[944] C:\WINDOWS\system32\USER32.dll!SendInput 00007ffa03821240 6 bytes {JMP QWORD [RIP+0x88edf0]} .text C:\WINDOWS\system32\svchost.exe[944] C:\WINDOWS\system32\USER32.dll!SetClipboardViewer 00007ffa038214e0 6 bytes {JMP QWORD [RIP+0x96eb50]} .text C:\WINDOWS\system32\svchost.exe[944] C:\WINDOWS\system32\USER32.dll!BlockInput 00007ffa03821530 6 bytes {JMP QWORD [RIP+0x98eb00]} .text C:\WINDOWS\system32\svchost.exe[944] C:\WINDOWS\system32\USER32.dll!RegisterHotKey 00007ffa03821c90 6 bytes {JMP QWORD [RIP+0x9ce3a0]} .text C:\WINDOWS\system32\svchost.exe[944] C:\WINDOWS\system32\USER32.dll!RegisterRawInputDevices 00007ffa03821cb0 6 bytes {JMP QWORD [RIP+0x90e380]} .text C:\WINDOWS\system32\svchost.exe[944] C:\WINDOWS\system32\USER32.dll!PostMessageW 00007ffa038233f0 6 bytes {JMP QWORD [RIP+0x6ecc40]} .text C:\WINDOWS\system32\svchost.exe[944] C:\WINDOWS\system32\USER32.dll!PostThreadMessageW 00007ffa038235a0 6 bytes {JMP QWORD [RIP+0x72ca90]} .text C:\WINDOWS\system32\svchost.exe[944] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutW + 1 00007ffa03824311 5 bytes {JMP QWORD [RIP+0x7abd20]} .text C:\WINDOWS\system32\svchost.exe[944] C:\WINDOWS\system32\USER32.dll!SystemParametersInfoW 00007ffa038254e0 6 bytes {JMP QWORD [RIP+0xa0ab50]} .text C:\WINDOWS\system32\svchost.exe[944] C:\WINDOWS\system32\USER32.dll!SendMessageW 00007ffa03825720 6 bytes {JMP QWORD [RIP+0x76a910]} .text C:\WINDOWS\system32\svchost.exe[944] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackW 00007ffa038262b0 6 bytes {JMP QWORD [RIP+0x7e9d80]} .text C:\WINDOWS\system32\svchost.exe[944] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 00007ffa03826390 6 bytes {JMP QWORD [RIP+0x449ca0]} .text C:\WINDOWS\system32\svchost.exe[944] C:\WINDOWS\system32\USER32.dll!SetWindowLongW 00007ffa038293d0 6 bytes {JMP QWORD [RIP+0x6a6c60]} .text C:\WINDOWS\system32\svchost.exe[944] C:\WINDOWS\system32\USER32.dll!mouse_event 00007ffa03829f00 6 bytes {JMP QWORD [RIP+0x406130]} .text C:\WINDOWS\system32\svchost.exe[944] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW 00007ffa0382b7f0 3 bytes [FF, 25, 40] .text C:\WINDOWS\system32\svchost.exe[944] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW + 4 00007ffa0382b7f4 2 bytes [82, 00] .text C:\WINDOWS\system32\svchost.exe[944] C:\WINDOWS\system32\USER32.dll!GetKeyState + 1 00007ffa0382fd81 5 bytes {JMP QWORD [RIP+0x8c02b0]} .text C:\WINDOWS\system32\svchost.exe[944] C:\WINDOWS\system32\USER32.dll!SystemParametersInfoA 00007ffa03833740 6 bytes {JMP QWORD [RIP+0x9dc8f0]} .text C:\WINDOWS\system32\svchost.exe[944] C:\WINDOWS\system32\USER32.dll!SetWindowLongA 00007ffa03833c60 5 bytes [FF, 25, D0, C3, 47] .text C:\WINDOWS\system32\svchost.exe[944] C:\WINDOWS\system32\USER32.dll!EnableWindow 00007ffa03834610 6 bytes {JMP QWORD [RIP+0xa1ba20]} .text C:\WINDOWS\system32\svchost.exe[944] C:\WINDOWS\system32\USER32.dll!GetAsyncKeyState 00007ffa03834b80 6 bytes {JMP QWORD [RIP+0x8db4b0]} .text C:\WINDOWS\system32\svchost.exe[944] C:\WINDOWS\system32\USER32.dll!SetWinEventHook + 1 00007ffa03837101 5 bytes {JMP QWORD [RIP+0x458f30]} .text C:\WINDOWS\system32\svchost.exe[944] C:\WINDOWS\system32\USER32.dll!PostThreadMessageA 00007ffa038455b0 6 bytes {JMP QWORD [RIP+0x6eaa80]} .text C:\WINDOWS\system32\svchost.exe[944] C:\WINDOWS\system32\USER32.dll!PostMessageA 00007ffa03845920 6 bytes {JMP QWORD [RIP+0x6aa710]} .text C:\WINDOWS\system32\svchost.exe[944] C:\WINDOWS\system32\USER32.dll!SendMessageA 00007ffa03846190 6 bytes {JMP QWORD [RIP+0x729ea0]} .text C:\WINDOWS\system32\svchost.exe[944] C:\WINDOWS\system32\USER32.dll!ExitWindowsEx 00007ffa03854520 6 bytes {JMP QWORD [RIP+0xa1bb10]} .text C:\WINDOWS\system32\svchost.exe[944] C:\WINDOWS\system32\USER32.dll!SendDlgItemMessageW 00007ffa03856480 6 bytes {JMP QWORD [RIP+0x839bb0]} .text C:\WINDOWS\system32\svchost.exe[944] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageA 00007ffa0385c620 6 bytes {JMP QWORD [RIP+0x7d3a10]} .text C:\WINDOWS\system32\svchost.exe[944] C:\WINDOWS\system32\USER32.dll!GetClipboardData 00007ffa0385efb0 6 bytes {JMP QWORD [RIP+0x971080]} .text C:\WINDOWS\system32\svchost.exe[944] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutA 00007ffa0385f600 6 bytes {JMP QWORD [RIP+0x750a30]} .text C:\WINDOWS\system32\svchost.exe[944] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 00007ffa03880f60 6 bytes {JMP QWORD [RIP+0x3cf0d0]} .text C:\WINDOWS\system32\svchost.exe[944] C:\WINDOWS\system32\USER32.dll!keybd_event 00007ffa038a9620 6 bytes {JMP QWORD [RIP+0x366a10]} .text C:\WINDOWS\system32\svchost.exe[944] C:\WINDOWS\system32\USER32.dll!SendDlgItemMessageA 00007ffa038b0f30 6 bytes {JMP QWORD [RIP+0x7bf100]} .text C:\WINDOWS\system32\svchost.exe[944] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackA 00007ffa038b18f0 6 bytes {JMP QWORD [RIP+0x73e740]} .text C:\WINDOWS\System32\svchost.exe[1056] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW + 198 00007ffa00fe8e46 3 bytes [C4, 71, 11] .text C:\WINDOWS\System32\svchost.exe[1056] C:\WINDOWS\system32\KERNELBASE.dll!SetProcessShutdownParameters 00007ffa00ff8ca0 5 bytes [FF, 25, 90, 73, 15] .text C:\WINDOWS\System32\svchost.exe[1056] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW 00007ffa00ffef70 5 bytes JMP 00007ffb00fd00d8 .text C:\WINDOWS\System32\svchost.exe[1056] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileWithProgressTransactedW + 1 00007ffa01039351 5 bytes {JMP QWORD [RIP+0x136ce0]} .text C:\WINDOWS\System32\svchost.exe[1056] C:\WINDOWS\system32\KERNELBASE.dll!CopyFileExW 00007ffa0103a520 6 bytes {JMP QWORD [RIP+0x175b10]} .text C:\WINDOWS\System32\svchost.exe[1056] C:\WINDOWS\system32\KERNELBASE.dll!CopyFile2 00007ffa0105bfb0 6 bytes {JMP QWORD [RIP+0x134080]} .text C:\WINDOWS\System32\svchost.exe[1056] C:\WINDOWS\system32\USER32.dll!MoveWindow 00007ffa038211d0 6 bytes {JMP QWORD [RIP+0x94ee60]} .text C:\WINDOWS\System32\svchost.exe[1056] C:\WINDOWS\system32\USER32.dll!SetParent 00007ffa03821220 6 bytes {JMP QWORD [RIP+0x92ee10]} .text C:\WINDOWS\System32\svchost.exe[1056] C:\WINDOWS\system32\USER32.dll!GetKeyboardState 00007ffa03821230 6 bytes {JMP QWORD [RIP+0x8aee00]} .text C:\WINDOWS\System32\svchost.exe[1056] C:\WINDOWS\system32\USER32.dll!SendInput 00007ffa03821240 6 bytes {JMP QWORD [RIP+0x88edf0]} .text C:\WINDOWS\System32\svchost.exe[1056] C:\WINDOWS\system32\USER32.dll!SetClipboardViewer 00007ffa038214e0 6 bytes {JMP QWORD [RIP+0x96eb50]} .text C:\WINDOWS\System32\svchost.exe[1056] C:\WINDOWS\system32\USER32.dll!BlockInput 00007ffa03821530 6 bytes {JMP QWORD [RIP+0x98eb00]} .text C:\WINDOWS\System32\svchost.exe[1056] C:\WINDOWS\system32\USER32.dll!RegisterHotKey 00007ffa03821c90 6 bytes {JMP QWORD [RIP+0x9ce3a0]} .text C:\WINDOWS\System32\svchost.exe[1056] C:\WINDOWS\system32\USER32.dll!RegisterRawInputDevices 00007ffa03821cb0 6 bytes {JMP QWORD [RIP+0x90e380]} .text C:\WINDOWS\System32\svchost.exe[1056] C:\WINDOWS\system32\USER32.dll!PostMessageW 00007ffa038233f0 6 bytes {JMP QWORD [RIP+0x6ecc40]} .text C:\WINDOWS\System32\svchost.exe[1056] C:\WINDOWS\system32\USER32.dll!PostThreadMessageW 00007ffa038235a0 6 bytes {JMP QWORD [RIP+0x72ca90]} .text C:\WINDOWS\System32\svchost.exe[1056] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutW + 1 00007ffa03824311 5 bytes {JMP QWORD [RIP+0x7abd20]} .text C:\WINDOWS\System32\svchost.exe[1056] C:\WINDOWS\system32\USER32.dll!SystemParametersInfoW 00007ffa038254e0 6 bytes {JMP QWORD [RIP+0xa0ab50]} .text C:\WINDOWS\System32\svchost.exe[1056] C:\WINDOWS\system32\USER32.dll!SendMessageW 00007ffa03825720 6 bytes {JMP QWORD [RIP+0x76a910]} .text C:\WINDOWS\System32\svchost.exe[1056] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackW 00007ffa038262b0 6 bytes {JMP QWORD [RIP+0x7e9d80]} .text C:\WINDOWS\System32\svchost.exe[1056] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 00007ffa03826390 6 bytes {JMP QWORD [RIP+0x449ca0]} .text C:\WINDOWS\System32\svchost.exe[1056] C:\WINDOWS\system32\USER32.dll!SetWindowLongW 00007ffa038293d0 6 bytes {JMP QWORD [RIP+0x6a6c60]} .text C:\WINDOWS\System32\svchost.exe[1056] C:\WINDOWS\system32\USER32.dll!mouse_event 00007ffa03829f00 6 bytes {JMP QWORD [RIP+0x406130]} .text C:\WINDOWS\System32\svchost.exe[1056] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW 00007ffa0382b7f0 3 bytes [FF, 25, 40] .text C:\WINDOWS\System32\svchost.exe[1056] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW + 4 00007ffa0382b7f4 2 bytes [82, 00] .text C:\WINDOWS\System32\svchost.exe[1056] C:\WINDOWS\system32\USER32.dll!GetKeyState + 1 00007ffa0382fd81 5 bytes {JMP QWORD [RIP+0x8c02b0]} .text C:\WINDOWS\System32\svchost.exe[1056] C:\WINDOWS\system32\USER32.dll!SystemParametersInfoA 00007ffa03833740 6 bytes {JMP QWORD [RIP+0x9dc8f0]} .text C:\WINDOWS\System32\svchost.exe[1056] C:\WINDOWS\system32\USER32.dll!SetWindowLongA 00007ffa03833c60 5 bytes [FF, 25, D0, C3, 47] .text C:\WINDOWS\System32\svchost.exe[1056] C:\WINDOWS\system32\USER32.dll!EnableWindow 00007ffa03834610 6 bytes {JMP QWORD [RIP+0xa1ba20]} .text C:\WINDOWS\System32\svchost.exe[1056] C:\WINDOWS\system32\USER32.dll!GetAsyncKeyState 00007ffa03834b80 6 bytes {JMP QWORD [RIP+0x8db4b0]} .text C:\WINDOWS\System32\svchost.exe[1056] C:\WINDOWS\system32\USER32.dll!SetWinEventHook + 1 00007ffa03837101 5 bytes {JMP QWORD [RIP+0x458f30]} .text C:\WINDOWS\System32\svchost.exe[1056] C:\WINDOWS\system32\USER32.dll!PostThreadMessageA 00007ffa038455b0 6 bytes {JMP QWORD [RIP+0x6eaa80]} .text C:\WINDOWS\System32\svchost.exe[1056] C:\WINDOWS\system32\USER32.dll!PostMessageA 00007ffa03845920 6 bytes {JMP QWORD [RIP+0x6aa710]} .text C:\WINDOWS\System32\svchost.exe[1056] C:\WINDOWS\system32\USER32.dll!SendMessageA 00007ffa03846190 6 bytes {JMP QWORD [RIP+0x729ea0]} .text C:\WINDOWS\System32\svchost.exe[1056] C:\WINDOWS\system32\USER32.dll!ExitWindowsEx 00007ffa03854520 6 bytes {JMP QWORD [RIP+0xa1bb10]} .text C:\WINDOWS\System32\svchost.exe[1056] C:\WINDOWS\system32\USER32.dll!SendDlgItemMessageW 00007ffa03856480 6 bytes {JMP QWORD [RIP+0x839bb0]} .text C:\WINDOWS\System32\svchost.exe[1056] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageA 00007ffa0385c620 6 bytes {JMP QWORD [RIP+0x7d3a10]} .text C:\WINDOWS\System32\svchost.exe[1056] C:\WINDOWS\system32\USER32.dll!GetClipboardData 00007ffa0385efb0 6 bytes {JMP QWORD [RIP+0x971080]} .text C:\WINDOWS\System32\svchost.exe[1056] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutA 00007ffa0385f600 6 bytes {JMP QWORD [RIP+0x750a30]} .text C:\WINDOWS\System32\svchost.exe[1056] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 00007ffa03880f60 6 bytes {JMP QWORD [RIP+0x3cf0d0]} .text C:\WINDOWS\System32\svchost.exe[1056] C:\WINDOWS\system32\USER32.dll!keybd_event 00007ffa038a9620 6 bytes {JMP QWORD [RIP+0x366a10]} .text C:\WINDOWS\System32\svchost.exe[1056] C:\WINDOWS\system32\USER32.dll!SendDlgItemMessageA 00007ffa038b0f30 6 bytes {JMP QWORD [RIP+0x7bf100]} .text C:\WINDOWS\System32\svchost.exe[1056] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackA 00007ffa038b18f0 6 bytes {JMP QWORD [RIP+0x73e740]} .text C:\WINDOWS\System32\spoolsv.exe[1436] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW + 198 00007ffa00fe8e46 3 bytes [C4, 71, 11] .text C:\WINDOWS\System32\spoolsv.exe[1436] C:\WINDOWS\system32\KERNELBASE.dll!SetProcessShutdownParameters 00007ffa00ff8ca0 5 bytes [FF, 25, 90, 73, 15] .text C:\WINDOWS\System32\spoolsv.exe[1436] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW 00007ffa00ffef70 5 bytes JMP 00007ffb00fd00d8 .text C:\WINDOWS\System32\spoolsv.exe[1436] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileWithProgressTransactedW + 1 00007ffa01039351 5 bytes {JMP QWORD [RIP+0x136ce0]} .text C:\WINDOWS\System32\spoolsv.exe[1436] C:\WINDOWS\system32\KERNELBASE.dll!CopyFileExW 00007ffa0103a520 6 bytes {JMP QWORD [RIP+0x175b10]} .text C:\WINDOWS\System32\spoolsv.exe[1436] C:\WINDOWS\system32\KERNELBASE.dll!CopyFile2 00007ffa0105bfb0 6 bytes {JMP QWORD [RIP+0x134080]} .text C:\WINDOWS\System32\spoolsv.exe[1436] C:\WINDOWS\system32\USER32.dll!MoveWindow 00007ffa038211d0 6 bytes {JMP QWORD [RIP+0x94ee60]} .text C:\WINDOWS\System32\spoolsv.exe[1436] C:\WINDOWS\system32\USER32.dll!SetParent 00007ffa03821220 6 bytes {JMP QWORD [RIP+0x92ee10]} .text C:\WINDOWS\System32\spoolsv.exe[1436] C:\WINDOWS\system32\USER32.dll!GetKeyboardState 00007ffa03821230 6 bytes {JMP QWORD [RIP+0x8aee00]} .text C:\WINDOWS\System32\spoolsv.exe[1436] C:\WINDOWS\system32\USER32.dll!SendInput 00007ffa03821240 6 bytes {JMP QWORD [RIP+0x88edf0]} .text C:\WINDOWS\System32\spoolsv.exe[1436] C:\WINDOWS\system32\USER32.dll!SetClipboardViewer 00007ffa038214e0 6 bytes {JMP QWORD [RIP+0x96eb50]} .text C:\WINDOWS\System32\spoolsv.exe[1436] C:\WINDOWS\system32\USER32.dll!BlockInput 00007ffa03821530 6 bytes {JMP QWORD [RIP+0x98eb00]} .text C:\WINDOWS\System32\spoolsv.exe[1436] C:\WINDOWS\system32\USER32.dll!RegisterHotKey 00007ffa03821c90 6 bytes {JMP QWORD [RIP+0x9ce3a0]} .text C:\WINDOWS\System32\spoolsv.exe[1436] C:\WINDOWS\system32\USER32.dll!RegisterRawInputDevices 00007ffa03821cb0 6 bytes {JMP QWORD [RIP+0x90e380]} .text C:\WINDOWS\System32\spoolsv.exe[1436] C:\WINDOWS\system32\USER32.dll!PostMessageW 00007ffa038233f0 6 bytes {JMP QWORD [RIP+0x6ecc40]} .text C:\WINDOWS\System32\spoolsv.exe[1436] C:\WINDOWS\system32\USER32.dll!PostThreadMessageW 00007ffa038235a0 6 bytes {JMP QWORD [RIP+0x72ca90]} .text C:\WINDOWS\System32\spoolsv.exe[1436] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutW + 1 00007ffa03824311 5 bytes {JMP QWORD [RIP+0x7abd20]} .text C:\WINDOWS\System32\spoolsv.exe[1436] C:\WINDOWS\system32\USER32.dll!SystemParametersInfoW 00007ffa038254e0 6 bytes {JMP QWORD [RIP+0xa0ab50]} .text C:\WINDOWS\System32\spoolsv.exe[1436] C:\WINDOWS\system32\USER32.dll!SendMessageW 00007ffa03825720 6 bytes {JMP QWORD [RIP+0x76a910]} .text C:\WINDOWS\System32\spoolsv.exe[1436] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackW 00007ffa038262b0 6 bytes {JMP QWORD [RIP+0x7e9d80]} .text C:\WINDOWS\System32\spoolsv.exe[1436] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 00007ffa03826390 6 bytes {JMP QWORD [RIP+0x449ca0]} .text C:\WINDOWS\System32\spoolsv.exe[1436] C:\WINDOWS\system32\USER32.dll!SetWindowLongW 00007ffa038293d0 6 bytes {JMP QWORD [RIP+0x6a6c60]} .text C:\WINDOWS\System32\spoolsv.exe[1436] C:\WINDOWS\system32\USER32.dll!mouse_event 00007ffa03829f00 6 bytes {JMP QWORD [RIP+0x406130]} .text C:\WINDOWS\System32\spoolsv.exe[1436] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW 00007ffa0382b7f0 3 bytes [FF, 25, 40] .text C:\WINDOWS\System32\spoolsv.exe[1436] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW + 4 00007ffa0382b7f4 2 bytes [82, 00] .text C:\WINDOWS\System32\spoolsv.exe[1436] C:\WINDOWS\system32\USER32.dll!GetKeyState + 1 00007ffa0382fd81 5 bytes {JMP QWORD [RIP+0x8c02b0]} .text C:\WINDOWS\System32\spoolsv.exe[1436] C:\WINDOWS\system32\USER32.dll!SystemParametersInfoA 00007ffa03833740 6 bytes {JMP QWORD [RIP+0x9dc8f0]} .text C:\WINDOWS\System32\spoolsv.exe[1436] C:\WINDOWS\system32\USER32.dll!SetWindowLongA 00007ffa03833c60 5 bytes [FF, 25, D0, C3, 47] .text C:\WINDOWS\System32\spoolsv.exe[1436] C:\WINDOWS\system32\USER32.dll!EnableWindow 00007ffa03834610 6 bytes {JMP QWORD [RIP+0xa1ba20]} .text C:\WINDOWS\System32\spoolsv.exe[1436] C:\WINDOWS\system32\USER32.dll!GetAsyncKeyState 00007ffa03834b80 6 bytes {JMP QWORD [RIP+0x8db4b0]} .text C:\WINDOWS\System32\spoolsv.exe[1436] C:\WINDOWS\system32\USER32.dll!SetWinEventHook + 1 00007ffa03837101 5 bytes {JMP QWORD [RIP+0x458f30]} .text C:\WINDOWS\System32\spoolsv.exe[1436] C:\WINDOWS\system32\USER32.dll!PostThreadMessageA 00007ffa038455b0 6 bytes {JMP QWORD [RIP+0x6eaa80]} .text C:\WINDOWS\System32\spoolsv.exe[1436] C:\WINDOWS\system32\USER32.dll!PostMessageA 00007ffa03845920 6 bytes {JMP QWORD [RIP+0x6aa710]} .text C:\WINDOWS\System32\spoolsv.exe[1436] C:\WINDOWS\system32\USER32.dll!SendMessageA 00007ffa03846190 6 bytes {JMP QWORD [RIP+0x729ea0]} .text C:\WINDOWS\System32\spoolsv.exe[1436] C:\WINDOWS\system32\USER32.dll!ExitWindowsEx 00007ffa03854520 6 bytes {JMP QWORD [RIP+0xa1bb10]} .text C:\WINDOWS\System32\spoolsv.exe[1436] C:\WINDOWS\system32\USER32.dll!SendDlgItemMessageW 00007ffa03856480 6 bytes {JMP QWORD [RIP+0x839bb0]} .text C:\WINDOWS\System32\spoolsv.exe[1436] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageA 00007ffa0385c620 6 bytes {JMP QWORD [RIP+0x7d3a10]} .text C:\WINDOWS\System32\spoolsv.exe[1436] C:\WINDOWS\system32\USER32.dll!GetClipboardData 00007ffa0385efb0 6 bytes {JMP QWORD [RIP+0x971080]} .text C:\WINDOWS\System32\spoolsv.exe[1436] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutA 00007ffa0385f600 6 bytes {JMP QWORD [RIP+0x750a30]} .text C:\WINDOWS\System32\spoolsv.exe[1436] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 00007ffa03880f60 6 bytes {JMP QWORD [RIP+0x3cf0d0]} .text C:\WINDOWS\System32\spoolsv.exe[1436] C:\WINDOWS\system32\USER32.dll!keybd_event 00007ffa038a9620 6 bytes {JMP QWORD [RIP+0x366a10]} .text C:\WINDOWS\System32\spoolsv.exe[1436] C:\WINDOWS\system32\USER32.dll!SendDlgItemMessageA 00007ffa038b0f30 6 bytes {JMP QWORD [RIP+0x7bf100]} .text C:\WINDOWS\System32\spoolsv.exe[1436] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackA 00007ffa038b18f0 6 bytes {JMP QWORD [RIP+0x73e740]} .text C:\WINDOWS\system32\svchost.exe[1552] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW + 198 00007ffa00fe8e46 3 bytes [C4, 71, 11] .text C:\WINDOWS\system32\svchost.exe[1552] C:\WINDOWS\system32\KERNELBASE.dll!SetProcessShutdownParameters 00007ffa00ff8ca0 5 bytes [FF, 25, 90, 73, 15] .text C:\WINDOWS\system32\svchost.exe[1552] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW 00007ffa00ffef70 5 bytes JMP 00007ffb00fd00d8 .text C:\WINDOWS\system32\svchost.exe[1552] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileWithProgressTransactedW + 1 00007ffa01039351 5 bytes {JMP QWORD [RIP+0x136ce0]} .text C:\WINDOWS\system32\svchost.exe[1552] C:\WINDOWS\system32\KERNELBASE.dll!CopyFileExW 00007ffa0103a520 6 bytes {JMP QWORD [RIP+0x175b10]} .text C:\WINDOWS\system32\svchost.exe[1552] C:\WINDOWS\system32\KERNELBASE.dll!CopyFile2 00007ffa0105bfb0 6 bytes {JMP QWORD [RIP+0x134080]} .text C:\WINDOWS\system32\svchost.exe[1552] C:\WINDOWS\system32\RPCRT4.dll!RpcServerRegisterIf3 00007ffa036f4fc0 6 bytes {JMP QWORD [RIP+0x53b070]} .text C:\WINDOWS\system32\svchost.exe[1552] C:\WINDOWS\system32\RPCRT4.dll!RpcServerRegisterIfEx 00007ffa0370fe20 6 bytes {JMP QWORD [RIP+0x500210]} .text C:\WINDOWS\system32\svchost.exe[1552] C:\WINDOWS\system32\USER32.dll!MoveWindow 00007ffa038211d0 6 bytes {JMP QWORD [RIP+0x98ee60]} .text C:\WINDOWS\system32\svchost.exe[1552] C:\WINDOWS\system32\USER32.dll!SetParent 00007ffa03821220 6 bytes {JMP QWORD [RIP+0x96ee10]} .text C:\WINDOWS\system32\svchost.exe[1552] C:\WINDOWS\system32\USER32.dll!GetKeyboardState 00007ffa03821230 6 bytes {JMP QWORD [RIP+0x8eee00]} .text C:\WINDOWS\system32\svchost.exe[1552] C:\WINDOWS\system32\USER32.dll!SendInput 00007ffa03821240 6 bytes {JMP QWORD [RIP+0x8cedf0]} .text C:\WINDOWS\system32\svchost.exe[1552] C:\WINDOWS\system32\USER32.dll!SetClipboardViewer 00007ffa038214e0 6 bytes {JMP QWORD [RIP+0x9aeb50]} .text C:\WINDOWS\system32\svchost.exe[1552] C:\WINDOWS\system32\USER32.dll!BlockInput 00007ffa03821530 6 bytes {JMP QWORD [RIP+0x9ceb00]} .text C:\WINDOWS\system32\svchost.exe[1552] C:\WINDOWS\system32\USER32.dll!RegisterHotKey 00007ffa03821c90 6 bytes {JMP QWORD [RIP+0xa0e3a0]} .text C:\WINDOWS\system32\svchost.exe[1552] C:\WINDOWS\system32\USER32.dll!RegisterRawInputDevices 00007ffa03821cb0 6 bytes {JMP QWORD [RIP+0x94e380]} .text C:\WINDOWS\system32\svchost.exe[1552] C:\WINDOWS\system32\USER32.dll!PostMessageW 00007ffa038233f0 6 bytes {JMP QWORD [RIP+0x72cc40]} .text C:\WINDOWS\system32\svchost.exe[1552] C:\WINDOWS\system32\USER32.dll!PostThreadMessageW 00007ffa038235a0 6 bytes {JMP QWORD [RIP+0x76ca90]} .text C:\WINDOWS\system32\svchost.exe[1552] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutW + 1 00007ffa03824311 5 bytes {JMP QWORD [RIP+0x7ebd20]} .text C:\WINDOWS\system32\svchost.exe[1552] C:\WINDOWS\system32\USER32.dll!SystemParametersInfoW 00007ffa038254e0 6 bytes {JMP QWORD [RIP+0xa4ab50]} .text C:\WINDOWS\system32\svchost.exe[1552] C:\WINDOWS\system32\USER32.dll!SendMessageW 00007ffa03825720 6 bytes {JMP QWORD [RIP+0x7aa910]} .text C:\WINDOWS\system32\svchost.exe[1552] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackW 00007ffa038262b0 6 bytes {JMP QWORD [RIP+0x829d80]} .text C:\WINDOWS\system32\svchost.exe[1552] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 00007ffa03826390 6 bytes {JMP QWORD [RIP+0x489ca0]} .text C:\WINDOWS\system32\svchost.exe[1552] C:\WINDOWS\system32\USER32.dll!SetWindowLongW 00007ffa038293d0 6 bytes {JMP QWORD [RIP+0x6e6c60]} .text C:\WINDOWS\system32\svchost.exe[1552] C:\WINDOWS\system32\USER32.dll!mouse_event 00007ffa03829f00 6 bytes {JMP QWORD [RIP+0x446130]} .text C:\WINDOWS\system32\svchost.exe[1552] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW 00007ffa0382b7f0 3 bytes [FF, 25, 40] .text C:\WINDOWS\system32\svchost.exe[1552] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW + 4 00007ffa0382b7f4 2 bytes [86, 00] .text C:\WINDOWS\system32\svchost.exe[1552] C:\WINDOWS\system32\USER32.dll!GetKeyState + 1 00007ffa0382fd81 5 bytes {JMP QWORD [RIP+0x9002b0]} .text C:\WINDOWS\system32\svchost.exe[1552] C:\WINDOWS\system32\USER32.dll!SystemParametersInfoA 00007ffa03833740 6 bytes {JMP QWORD [RIP+0xa1c8f0]} .text C:\WINDOWS\system32\svchost.exe[1552] C:\WINDOWS\system32\USER32.dll!SetWindowLongA 00007ffa03833c60 5 bytes [FF, 25, D0, C3, 6B] .text C:\WINDOWS\system32\svchost.exe[1552] C:\WINDOWS\system32\USER32.dll!EnableWindow 00007ffa03834610 6 bytes {JMP QWORD [RIP+0xa5ba20]} .text C:\WINDOWS\system32\svchost.exe[1552] C:\WINDOWS\system32\USER32.dll!GetAsyncKeyState 00007ffa03834b80 6 bytes {JMP QWORD [RIP+0x91b4b0]} .text C:\WINDOWS\system32\svchost.exe[1552] C:\WINDOWS\system32\USER32.dll!SetWinEventHook + 1 00007ffa03837101 5 bytes {JMP QWORD [RIP+0x698f30]} .text C:\WINDOWS\system32\svchost.exe[1552] C:\WINDOWS\system32\USER32.dll!PostThreadMessageA 00007ffa038455b0 6 bytes {JMP QWORD [RIP+0x72aa80]} .text C:\WINDOWS\system32\svchost.exe[1552] C:\WINDOWS\system32\USER32.dll!PostMessageA 00007ffa03845920 6 bytes {JMP QWORD [RIP+0x6ea710]} .text C:\WINDOWS\system32\svchost.exe[1552] C:\WINDOWS\system32\USER32.dll!SendMessageA 00007ffa03846190 6 bytes {JMP QWORD [RIP+0x769ea0]} .text C:\WINDOWS\system32\svchost.exe[1552] C:\WINDOWS\system32\USER32.dll!ExitWindowsEx 00007ffa03854520 6 bytes {JMP QWORD [RIP+0xa5bb10]} .text C:\WINDOWS\system32\svchost.exe[1552] C:\WINDOWS\system32\USER32.dll!SendDlgItemMessageW 00007ffa03856480 6 bytes {JMP QWORD [RIP+0x879bb0]} .text C:\WINDOWS\system32\svchost.exe[1552] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageA 00007ffa0385c620 6 bytes {JMP QWORD [RIP+0x813a10]} .text C:\WINDOWS\system32\svchost.exe[1552] C:\WINDOWS\system32\USER32.dll!GetClipboardData 00007ffa0385efb0 6 bytes {JMP QWORD [RIP+0x9b1080]} .text C:\WINDOWS\system32\svchost.exe[1552] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutA 00007ffa0385f600 6 bytes {JMP QWORD [RIP+0x790a30]} .text C:\WINDOWS\system32\svchost.exe[1552] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 00007ffa03880f60 6 bytes {JMP QWORD [RIP+0x40f0d0]} .text C:\WINDOWS\system32\svchost.exe[1552] C:\WINDOWS\system32\USER32.dll!keybd_event 00007ffa038a9620 6 bytes {JMP QWORD [RIP+0x3a6a10]} .text C:\WINDOWS\system32\svchost.exe[1552] C:\WINDOWS\system32\USER32.dll!SendDlgItemMessageA 00007ffa038b0f30 6 bytes {JMP QWORD [RIP+0x7ff100]} .text C:\WINDOWS\system32\svchost.exe[1552] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackA 00007ffa038b18f0 6 bytes {JMP QWORD [RIP+0x77e740]} .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1376] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW + 198 00007ffa00fe8e46 3 bytes [C4, 71, 11] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1376] C:\WINDOWS\system32\KERNELBASE.dll!SetProcessShutdownParameters 00007ffa00ff8ca0 5 bytes [FF, 25, 90, 73, 15] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1376] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW 00007ffa00ffef70 5 bytes JMP 00007ffb00fd00d8 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1376] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileWithProgressTransactedW + 1 00007ffa01039351 5 bytes {JMP QWORD [RIP+0x136ce0]} .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1376] C:\WINDOWS\system32\KERNELBASE.dll!CopyFileExW 00007ffa0103a520 6 bytes {JMP QWORD [RIP+0x175b10]} .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1376] C:\WINDOWS\system32\KERNELBASE.dll!CopyFile2 00007ffa0105bfb0 6 bytes {JMP QWORD [RIP+0x134080]} .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1376] C:\WINDOWS\system32\USER32.dll!MoveWindow 00007ffa038211d0 6 bytes {JMP QWORD [RIP+0x94ee60]} .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1376] C:\WINDOWS\system32\USER32.dll!SetParent 00007ffa03821220 6 bytes {JMP QWORD [RIP+0x92ee10]} .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1376] C:\WINDOWS\system32\USER32.dll!GetKeyboardState 00007ffa03821230 6 bytes {JMP QWORD [RIP+0x8aee00]} .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1376] C:\WINDOWS\system32\USER32.dll!SendInput 00007ffa03821240 6 bytes {JMP QWORD [RIP+0x88edf0]} .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1376] C:\WINDOWS\system32\USER32.dll!SetClipboardViewer 00007ffa038214e0 6 bytes {JMP QWORD [RIP+0x96eb50]} .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1376] C:\WINDOWS\system32\USER32.dll!BlockInput 00007ffa03821530 6 bytes {JMP QWORD [RIP+0x98eb00]} .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1376] C:\WINDOWS\system32\USER32.dll!RegisterHotKey 00007ffa03821c90 6 bytes {JMP QWORD [RIP+0x9ce3a0]} .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1376] C:\WINDOWS\system32\USER32.dll!RegisterRawInputDevices 00007ffa03821cb0 6 bytes {JMP QWORD [RIP+0x90e380]} .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1376] C:\WINDOWS\system32\USER32.dll!PostMessageW 00007ffa038233f0 6 bytes {JMP QWORD [RIP+0x6ecc40]} .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1376] C:\WINDOWS\system32\USER32.dll!PostThreadMessageW 00007ffa038235a0 6 bytes {JMP QWORD [RIP+0x72ca90]} .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1376] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutW + 1 00007ffa03824311 5 bytes {JMP QWORD [RIP+0x7abd20]} .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1376] C:\WINDOWS\system32\USER32.dll!SystemParametersInfoW 00007ffa038254e0 6 bytes {JMP QWORD [RIP+0xa0ab50]} .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1376] C:\WINDOWS\system32\USER32.dll!SendMessageW 00007ffa03825720 6 bytes {JMP QWORD [RIP+0x76a910]} .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1376] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackW 00007ffa038262b0 6 bytes {JMP QWORD [RIP+0x7e9d80]} .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1376] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 00007ffa03826390 6 bytes JMP fecafdf4 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1376] C:\WINDOWS\system32\USER32.dll!SetWindowLongW 00007ffa038293d0 6 bytes {JMP QWORD [RIP+0x6a6c60]} .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1376] C:\WINDOWS\system32\USER32.dll!mouse_event 00007ffa03829f00 6 bytes JMP 1bdf9 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1376] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW 00007ffa0382b7f0 3 bytes [FF, 25, 40] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1376] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW + 4 00007ffa0382b7f4 2 bytes [82, 00] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1376] C:\WINDOWS\system32\USER32.dll!GetKeyState + 1 00007ffa0382fd81 5 bytes {JMP QWORD [RIP+0x8c02b0]} .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1376] C:\WINDOWS\system32\USER32.dll!SystemParametersInfoA 00007ffa03833740 6 bytes {JMP QWORD [RIP+0x9dc8f0]} .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1376] C:\WINDOWS\system32\USER32.dll!SetWindowLongA 00007ffa03833c60 5 bytes [FF, 25, D0, C3, 47] .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1376] C:\WINDOWS\system32\USER32.dll!EnableWindow 00007ffa03834610 6 bytes {JMP QWORD [RIP+0xa1ba20]} .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1376] C:\WINDOWS\system32\USER32.dll!GetAsyncKeyState 00007ffa03834b80 6 bytes {JMP QWORD [RIP+0x8db4b0]} .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1376] C:\WINDOWS\system32\USER32.dll!SetWinEventHook + 1 00007ffa03837101 5 bytes JMP 0 .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1376] C:\WINDOWS\system32\USER32.dll!PostThreadMessageA 00007ffa038455b0 6 bytes {JMP QWORD [RIP+0x6eaa80]} .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1376] C:\WINDOWS\system32\USER32.dll!PostMessageA 00007ffa03845920 6 bytes {JMP QWORD [RIP+0x6aa710]} .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1376] C:\WINDOWS\system32\USER32.dll!SendMessageA 00007ffa03846190 6 bytes {JMP QWORD [RIP+0x729ea0]} .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1376] C:\WINDOWS\system32\USER32.dll!ExitWindowsEx 00007ffa03854520 6 bytes {JMP QWORD [RIP+0xa1bb10]} .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1376] C:\WINDOWS\system32\USER32.dll!SendDlgItemMessageW 00007ffa03856480 6 bytes {JMP QWORD [RIP+0x839bb0]} .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1376] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageA 00007ffa0385c620 6 bytes {JMP QWORD [RIP+0x7d3a10]} .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1376] C:\WINDOWS\system32\USER32.dll!GetClipboardData 00007ffa0385efb0 6 bytes {JMP QWORD [RIP+0x971080]} .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1376] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutA 00007ffa0385f600 6 bytes {JMP QWORD [RIP+0x750a30]} .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1376] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 00007ffa03880f60 6 bytes {JMP QWORD [RIP+0x3cf0d0]} .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1376] C:\WINDOWS\system32\USER32.dll!keybd_event 00007ffa038a9620 6 bytes {JMP QWORD [RIP+0x366a10]} .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1376] C:\WINDOWS\system32\USER32.dll!SendDlgItemMessageA 00007ffa038b0f30 6 bytes {JMP QWORD [RIP+0x7bf100]} .text C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1376] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackA 00007ffa038b18f0 6 bytes {JMP QWORD [RIP+0x73e740]} .text C:\Program Files\Bonjour\mDNSResponder.exe[1660] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW + 198 00007ffa00fe8e46 3 bytes [C4, 71, 11] .text C:\Program Files\Bonjour\mDNSResponder.exe[1660] C:\WINDOWS\system32\KERNELBASE.dll!SetProcessShutdownParameters 00007ffa00ff8ca0 5 bytes [FF, 25, 90, 73, 15] .text C:\Program Files\Bonjour\mDNSResponder.exe[1660] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW 00007ffa00ffef70 5 bytes JMP 00007ffb00fd00d8 .text C:\Program Files\Bonjour\mDNSResponder.exe[1660] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileWithProgressTransactedW + 1 00007ffa01039351 5 bytes {JMP QWORD [RIP+0x136ce0]} .text C:\Program Files\Bonjour\mDNSResponder.exe[1660] C:\WINDOWS\system32\KERNELBASE.dll!CopyFileExW 00007ffa0103a520 6 bytes {JMP QWORD [RIP+0x175b10]} .text C:\Program Files\Bonjour\mDNSResponder.exe[1660] C:\WINDOWS\system32\KERNELBASE.dll!CopyFile2 00007ffa0105bfb0 6 bytes {JMP QWORD [RIP+0x134080]} .text C:\Program Files\Bonjour\mDNSResponder.exe[1660] C:\WINDOWS\system32\USER32.dll!MoveWindow 00007ffa038211d0 6 bytes {JMP QWORD [RIP+0x94ee60]} .text C:\Program Files\Bonjour\mDNSResponder.exe[1660] C:\WINDOWS\system32\USER32.dll!SetParent 00007ffa03821220 6 bytes {JMP QWORD [RIP+0x92ee10]} .text C:\Program Files\Bonjour\mDNSResponder.exe[1660] C:\WINDOWS\system32\USER32.dll!GetKeyboardState 00007ffa03821230 6 bytes {JMP QWORD [RIP+0x8aee00]} .text C:\Program Files\Bonjour\mDNSResponder.exe[1660] C:\WINDOWS\system32\USER32.dll!SendInput 00007ffa03821240 6 bytes {JMP QWORD [RIP+0x88edf0]} .text C:\Program Files\Bonjour\mDNSResponder.exe[1660] C:\WINDOWS\system32\USER32.dll!SetClipboardViewer 00007ffa038214e0 6 bytes JMP 0 .text C:\Program Files\Bonjour\mDNSResponder.exe[1660] C:\WINDOWS\system32\USER32.dll!BlockInput 00007ffa03821530 6 bytes JMP 0 .text C:\Program Files\Bonjour\mDNSResponder.exe[1660] C:\WINDOWS\system32\USER32.dll!RegisterHotKey 00007ffa03821c90 6 bytes {JMP QWORD [RIP+0x9ce3a0]} .text C:\Program Files\Bonjour\mDNSResponder.exe[1660] C:\WINDOWS\system32\USER32.dll!RegisterRawInputDevices 00007ffa03821cb0 6 bytes {JMP QWORD [RIP+0x90e380]} .text C:\Program Files\Bonjour\mDNSResponder.exe[1660] C:\WINDOWS\system32\USER32.dll!PostMessageW 00007ffa038233f0 6 bytes {JMP QWORD [RIP+0x6ecc40]} .text C:\Program Files\Bonjour\mDNSResponder.exe[1660] C:\WINDOWS\system32\USER32.dll!PostThreadMessageW 00007ffa038235a0 6 bytes {JMP QWORD [RIP+0x72ca90]} .text C:\Program Files\Bonjour\mDNSResponder.exe[1660] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutW + 1 00007ffa03824311 5 bytes {JMP QWORD [RIP+0x7abd20]} .text C:\Program Files\Bonjour\mDNSResponder.exe[1660] C:\WINDOWS\system32\USER32.dll!SystemParametersInfoW 00007ffa038254e0 6 bytes {JMP QWORD [RIP+0xa0ab50]} .text C:\Program Files\Bonjour\mDNSResponder.exe[1660] C:\WINDOWS\system32\USER32.dll!SendMessageW 00007ffa03825720 6 bytes {JMP QWORD [RIP+0x76a910]} .text C:\Program Files\Bonjour\mDNSResponder.exe[1660] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackW 00007ffa038262b0 6 bytes {JMP QWORD [RIP+0x7e9d80]} .text C:\Program Files\Bonjour\mDNSResponder.exe[1660] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 00007ffa03826390 6 bytes {JMP QWORD [RIP+0x449ca0]} .text C:\Program Files\Bonjour\mDNSResponder.exe[1660] C:\WINDOWS\system32\USER32.dll!SetWindowLongW 00007ffa038293d0 6 bytes {JMP QWORD [RIP+0x6a6c60]} .text C:\Program Files\Bonjour\mDNSResponder.exe[1660] C:\WINDOWS\system32\USER32.dll!mouse_event 00007ffa03829f00 6 bytes JMP 0 .text C:\Program Files\Bonjour\mDNSResponder.exe[1660] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW 00007ffa0382b7f0 3 bytes [FF, 25, 40] .text C:\Program Files\Bonjour\mDNSResponder.exe[1660] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW + 4 00007ffa0382b7f4 2 bytes [82, 00] .text C:\Program Files\Bonjour\mDNSResponder.exe[1660] C:\WINDOWS\system32\USER32.dll!GetKeyState + 1 00007ffa0382fd81 5 bytes {JMP QWORD [RIP+0x8c02b0]} .text C:\Program Files\Bonjour\mDNSResponder.exe[1660] C:\WINDOWS\system32\USER32.dll!SystemParametersInfoA 00007ffa03833740 6 bytes {JMP QWORD [RIP+0x9dc8f0]} .text C:\Program Files\Bonjour\mDNSResponder.exe[1660] C:\WINDOWS\system32\USER32.dll!SetWindowLongA 00007ffa03833c60 5 bytes [FF, 25, D0, C3, 47] .text C:\Program Files\Bonjour\mDNSResponder.exe[1660] C:\WINDOWS\system32\USER32.dll!EnableWindow 00007ffa03834610 6 bytes {JMP QWORD [RIP+0xa1ba20]} .text C:\Program Files\Bonjour\mDNSResponder.exe[1660] C:\WINDOWS\system32\USER32.dll!GetAsyncKeyState 00007ffa03834b80 6 bytes {JMP QWORD [RIP+0x8db4b0]} .text C:\Program Files\Bonjour\mDNSResponder.exe[1660] C:\WINDOWS\system32\USER32.dll!SetWinEventHook + 1 00007ffa03837101 5 bytes {JMP QWORD [RIP+0x458f30]} .text C:\Program Files\Bonjour\mDNSResponder.exe[1660] C:\WINDOWS\system32\USER32.dll!PostThreadMessageA 00007ffa038455b0 6 bytes {JMP QWORD [RIP+0x6eaa80]} .text C:\Program Files\Bonjour\mDNSResponder.exe[1660] C:\WINDOWS\system32\USER32.dll!PostMessageA 00007ffa03845920 6 bytes {JMP QWORD [RIP+0x6aa710]} .text C:\Program Files\Bonjour\mDNSResponder.exe[1660] C:\WINDOWS\system32\USER32.dll!SendMessageA 00007ffa03846190 6 bytes {JMP QWORD [RIP+0x729ea0]} .text C:\Program Files\Bonjour\mDNSResponder.exe[1660] C:\WINDOWS\system32\USER32.dll!ExitWindowsEx 00007ffa03854520 6 bytes {JMP QWORD [RIP+0xa1bb10]} .text C:\Program Files\Bonjour\mDNSResponder.exe[1660] C:\WINDOWS\system32\USER32.dll!SendDlgItemMessageW 00007ffa03856480 6 bytes {JMP QWORD [RIP+0x839bb0]} .text C:\Program Files\Bonjour\mDNSResponder.exe[1660] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageA 00007ffa0385c620 6 bytes {JMP QWORD [RIP+0x7d3a10]} .text C:\Program Files\Bonjour\mDNSResponder.exe[1660] C:\WINDOWS\system32\USER32.dll!GetClipboardData 00007ffa0385efb0 6 bytes JMP 0 .text C:\Program Files\Bonjour\mDNSResponder.exe[1660] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutA 00007ffa0385f600 6 bytes {JMP QWORD [RIP+0x750a30]} .text C:\Program Files\Bonjour\mDNSResponder.exe[1660] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 00007ffa03880f60 6 bytes JMP 0 .text C:\Program Files\Bonjour\mDNSResponder.exe[1660] C:\WINDOWS\system32\USER32.dll!keybd_event 00007ffa038a9620 6 bytes JMP 380030 .text C:\Program Files\Bonjour\mDNSResponder.exe[1660] C:\WINDOWS\system32\USER32.dll!SendDlgItemMessageA 00007ffa038b0f30 6 bytes {JMP QWORD [RIP+0x7bf100]} .text C:\Program Files\Bonjour\mDNSResponder.exe[1660] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackA 00007ffa038b18f0 6 bytes {JMP QWORD [RIP+0x73e740]} .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1380] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW + 198 00007ffa00fe8e46 3 bytes [C4, 71, 4B] .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1380] C:\WINDOWS\system32\KERNELBASE.dll!SetProcessShutdownParameters 00007ffa00ff8ca0 5 bytes [FF, 25, 90, 73, 4F] .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1380] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW 00007ffa00ffef70 5 bytes JMP 00007ffb00fd00d8 .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1380] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileWithProgressTransactedW + 1 00007ffa01039351 5 bytes {JMP QWORD [RIP+0x566ce0]} .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1380] C:\WINDOWS\system32\KERNELBASE.dll!CopyFileExW 00007ffa0103a520 6 bytes {JMP QWORD [RIP+0x5a5b10]} .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1380] C:\WINDOWS\system32\KERNELBASE.dll!CopyFile2 00007ffa0105bfb0 6 bytes {JMP QWORD [RIP+0x564080]} .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1380] C:\WINDOWS\system32\USER32.dll!MoveWindow 00007ffa038211d0 6 bytes {JMP QWORD [RIP+0x94ee60]} .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1380] C:\WINDOWS\system32\USER32.dll!SetParent 00007ffa03821220 6 bytes {JMP QWORD [RIP+0x92ee10]} .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1380] C:\WINDOWS\system32\USER32.dll!GetKeyboardState 00007ffa03821230 6 bytes {JMP QWORD [RIP+0x8aee00]} .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1380] C:\WINDOWS\system32\USER32.dll!SendInput 00007ffa03821240 6 bytes {JMP QWORD [RIP+0x88edf0]} .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1380] C:\WINDOWS\system32\USER32.dll!SetClipboardViewer 00007ffa038214e0 6 bytes {JMP QWORD [RIP+0x96eb50]} .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1380] C:\WINDOWS\system32\USER32.dll!BlockInput 00007ffa03821530 6 bytes {JMP QWORD [RIP+0x98eb00]} .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1380] C:\WINDOWS\system32\USER32.dll!RegisterHotKey 00007ffa03821c90 6 bytes {JMP QWORD [RIP+0x9ce3a0]} .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1380] C:\WINDOWS\system32\USER32.dll!RegisterRawInputDevices 00007ffa03821cb0 6 bytes {JMP QWORD [RIP+0x90e380]} .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1380] C:\WINDOWS\system32\USER32.dll!PostMessageW 00007ffa038233f0 6 bytes {JMP QWORD [RIP+0x6ecc40]} .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1380] C:\WINDOWS\system32\USER32.dll!PostThreadMessageW 00007ffa038235a0 6 bytes {JMP QWORD [RIP+0x72ca90]} .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1380] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutW + 1 00007ffa03824311 5 bytes {JMP QWORD [RIP+0x7abd20]} .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1380] C:\WINDOWS\system32\USER32.dll!SystemParametersInfoW 00007ffa038254e0 6 bytes {JMP QWORD [RIP+0xa0ab50]} .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1380] C:\WINDOWS\system32\USER32.dll!SendMessageW 00007ffa03825720 6 bytes {JMP QWORD [RIP+0x76a910]} .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1380] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackW 00007ffa038262b0 6 bytes {JMP QWORD [RIP+0x7e9d80]} .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1380] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 00007ffa03826390 6 bytes {JMP QWORD [RIP+0x449ca0]} .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1380] C:\WINDOWS\system32\USER32.dll!SetWindowLongW 00007ffa038293d0 6 bytes {JMP QWORD [RIP+0x6a6c60]} .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1380] C:\WINDOWS\system32\USER32.dll!mouse_event 00007ffa03829f00 6 bytes {JMP QWORD [RIP+0x406130]} .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1380] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW 00007ffa0382b7f0 3 bytes [FF, 25, 40] .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1380] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW + 4 00007ffa0382b7f4 2 bytes [82, 00] .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1380] C:\WINDOWS\system32\USER32.dll!GetKeyState + 1 00007ffa0382fd81 5 bytes {JMP QWORD [RIP+0x8c02b0]} .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1380] C:\WINDOWS\system32\USER32.dll!SystemParametersInfoA 00007ffa03833740 6 bytes {JMP QWORD [RIP+0x9dc8f0]} .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1380] C:\WINDOWS\system32\USER32.dll!SetWindowLongA 00007ffa03833c60 5 bytes [FF, 25, D0, C3, 47] .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1380] C:\WINDOWS\system32\USER32.dll!EnableWindow 00007ffa03834610 6 bytes {JMP QWORD [RIP+0xa1ba20]} .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1380] C:\WINDOWS\system32\USER32.dll!GetAsyncKeyState 00007ffa03834b80 6 bytes {JMP QWORD [RIP+0x8db4b0]} .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1380] C:\WINDOWS\system32\USER32.dll!SetWinEventHook + 1 00007ffa03837101 5 bytes {JMP QWORD [RIP+0x458f30]} .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1380] C:\WINDOWS\system32\USER32.dll!PostThreadMessageA 00007ffa038455b0 6 bytes {JMP QWORD [RIP+0x6eaa80]} .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1380] C:\WINDOWS\system32\USER32.dll!PostMessageA 00007ffa03845920 6 bytes {JMP QWORD [RIP+0x6aa710]} .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1380] C:\WINDOWS\system32\USER32.dll!SendMessageA 00007ffa03846190 6 bytes {JMP QWORD [RIP+0x729ea0]} .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1380] C:\WINDOWS\system32\USER32.dll!ExitWindowsEx 00007ffa03854520 6 bytes {JMP QWORD [RIP+0xa1bb10]} .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1380] C:\WINDOWS\system32\USER32.dll!SendDlgItemMessageW 00007ffa03856480 6 bytes {JMP QWORD [RIP+0x839bb0]} .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1380] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageA 00007ffa0385c620 6 bytes {JMP QWORD [RIP+0x7d3a10]} .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1380] C:\WINDOWS\system32\USER32.dll!GetClipboardData 00007ffa0385efb0 6 bytes {JMP QWORD [RIP+0x971080]} .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1380] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutA 00007ffa0385f600 6 bytes {JMP QWORD [RIP+0x750a30]} .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1380] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 00007ffa03880f60 6 bytes {JMP QWORD [RIP+0x3cf0d0]} .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1380] C:\WINDOWS\system32\USER32.dll!keybd_event 00007ffa038a9620 6 bytes {JMP QWORD [RIP+0x366a10]} .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1380] C:\WINDOWS\system32\USER32.dll!SendDlgItemMessageA 00007ffa038b0f30 6 bytes {JMP QWORD [RIP+0x7bf100]} .text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1380] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackA 00007ffa038b18f0 6 bytes {JMP QWORD [RIP+0x73e740]} .text C:\WINDOWS\system32\CxAudMsg64.exe[2444] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW + 198 00007ffa00fe8e46 3 bytes [C4, 71, 11] .text C:\WINDOWS\system32\CxAudMsg64.exe[2444] C:\WINDOWS\system32\KERNELBASE.dll!SetProcessShutdownParameters 00007ffa00ff8ca0 5 bytes [FF, 25, 90, 73, 15] .text C:\WINDOWS\system32\CxAudMsg64.exe[2444] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW 00007ffa00ffef70 5 bytes JMP 00007ffb00fd00d8 .text C:\WINDOWS\system32\CxAudMsg64.exe[2444] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileWithProgressTransactedW + 1 00007ffa01039351 5 bytes {JMP QWORD [RIP+0x136ce0]} .text C:\WINDOWS\system32\CxAudMsg64.exe[2444] C:\WINDOWS\system32\KERNELBASE.dll!CopyFileExW 00007ffa0103a520 6 bytes {JMP QWORD [RIP+0x175b10]} .text C:\WINDOWS\system32\CxAudMsg64.exe[2444] C:\WINDOWS\system32\KERNELBASE.dll!CopyFile2 00007ffa0105bfb0 6 bytes {JMP QWORD [RIP+0x134080]} .text C:\WINDOWS\system32\CxAudMsg64.exe[2444] C:\WINDOWS\system32\USER32.dll!MoveWindow 00007ffa038211d0 6 bytes {JMP QWORD [RIP+0x94ee60]} .text C:\WINDOWS\system32\CxAudMsg64.exe[2444] C:\WINDOWS\system32\USER32.dll!SetParent 00007ffa03821220 6 bytes {JMP QWORD [RIP+0x92ee10]} .text C:\WINDOWS\system32\CxAudMsg64.exe[2444] C:\WINDOWS\system32\USER32.dll!GetKeyboardState 00007ffa03821230 6 bytes {JMP QWORD [RIP+0x8aee00]} .text C:\WINDOWS\system32\CxAudMsg64.exe[2444] C:\WINDOWS\system32\USER32.dll!SendInput 00007ffa03821240 6 bytes {JMP QWORD [RIP+0x88edf0]} .text C:\WINDOWS\system32\CxAudMsg64.exe[2444] C:\WINDOWS\system32\USER32.dll!SetClipboardViewer 00007ffa038214e0 6 bytes {JMP QWORD [RIP+0x96eb50]} .text C:\WINDOWS\system32\CxAudMsg64.exe[2444] C:\WINDOWS\system32\USER32.dll!BlockInput 00007ffa03821530 6 bytes {JMP QWORD [RIP+0x98eb00]} .text C:\WINDOWS\system32\CxAudMsg64.exe[2444] C:\WINDOWS\system32\USER32.dll!RegisterHotKey 00007ffa03821c90 6 bytes {JMP QWORD [RIP+0x9ce3a0]} .text C:\WINDOWS\system32\CxAudMsg64.exe[2444] C:\WINDOWS\system32\USER32.dll!RegisterRawInputDevices 00007ffa03821cb0 6 bytes {JMP QWORD [RIP+0x90e380]} .text C:\WINDOWS\system32\CxAudMsg64.exe[2444] C:\WINDOWS\system32\USER32.dll!PostMessageW 00007ffa038233f0 6 bytes {JMP QWORD [RIP+0x6ecc40]} .text C:\WINDOWS\system32\CxAudMsg64.exe[2444] C:\WINDOWS\system32\USER32.dll!PostThreadMessageW 00007ffa038235a0 6 bytes {JMP QWORD [RIP+0x72ca90]} .text C:\WINDOWS\system32\CxAudMsg64.exe[2444] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutW + 1 00007ffa03824311 5 bytes {JMP QWORD [RIP+0x7abd20]} .text C:\WINDOWS\system32\CxAudMsg64.exe[2444] C:\WINDOWS\system32\USER32.dll!SystemParametersInfoW 00007ffa038254e0 6 bytes {JMP QWORD [RIP+0xa0ab50]} .text C:\WINDOWS\system32\CxAudMsg64.exe[2444] C:\WINDOWS\system32\USER32.dll!SendMessageW 00007ffa03825720 6 bytes {JMP QWORD [RIP+0x76a910]} .text C:\WINDOWS\system32\CxAudMsg64.exe[2444] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackW 00007ffa038262b0 6 bytes JMP 0 .text C:\WINDOWS\system32\CxAudMsg64.exe[2444] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 00007ffa03826390 6 bytes {JMP QWORD [RIP+0x449ca0]} .text C:\WINDOWS\system32\CxAudMsg64.exe[2444] C:\WINDOWS\system32\USER32.dll!SetWindowLongW 00007ffa038293d0 6 bytes {JMP QWORD [RIP+0x6a6c60]} .text C:\WINDOWS\system32\CxAudMsg64.exe[2444] C:\WINDOWS\system32\USER32.dll!mouse_event 00007ffa03829f00 6 bytes {JMP QWORD [RIP+0x406130]} .text C:\WINDOWS\system32\CxAudMsg64.exe[2444] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW 00007ffa0382b7f0 3 bytes JMP 0 .text C:\WINDOWS\system32\CxAudMsg64.exe[2444] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW + 4 00007ffa0382b7f4 2 bytes JMP 0 .text C:\WINDOWS\system32\CxAudMsg64.exe[2444] C:\WINDOWS\system32\USER32.dll!GetKeyState + 1 00007ffa0382fd81 5 bytes {JMP QWORD [RIP+0x8c02b0]} .text C:\WINDOWS\system32\CxAudMsg64.exe[2444] C:\WINDOWS\system32\USER32.dll!SystemParametersInfoA 00007ffa03833740 6 bytes {JMP QWORD [RIP+0x9dc8f0]} .text C:\WINDOWS\system32\CxAudMsg64.exe[2444] C:\WINDOWS\system32\USER32.dll!SetWindowLongA 00007ffa03833c60 5 bytes [FF, 25, D0, C3, 47] .text C:\WINDOWS\system32\CxAudMsg64.exe[2444] C:\WINDOWS\system32\USER32.dll!EnableWindow 00007ffa03834610 6 bytes {JMP QWORD [RIP+0xa1ba20]} .text C:\WINDOWS\system32\CxAudMsg64.exe[2444] C:\WINDOWS\system32\USER32.dll!GetAsyncKeyState 00007ffa03834b80 6 bytes {JMP QWORD [RIP+0x8db4b0]} .text C:\WINDOWS\system32\CxAudMsg64.exe[2444] C:\WINDOWS\system32\USER32.dll!SetWinEventHook + 1 00007ffa03837101 5 bytes {JMP QWORD [RIP+0x458f30]} .text C:\WINDOWS\system32\CxAudMsg64.exe[2444] C:\WINDOWS\system32\USER32.dll!PostThreadMessageA 00007ffa038455b0 6 bytes {JMP QWORD [RIP+0x6eaa80]} .text C:\WINDOWS\system32\CxAudMsg64.exe[2444] C:\WINDOWS\system32\USER32.dll!PostMessageA 00007ffa03845920 6 bytes {JMP QWORD [RIP+0x6aa710]} .text C:\WINDOWS\system32\CxAudMsg64.exe[2444] C:\WINDOWS\system32\USER32.dll!SendMessageA 00007ffa03846190 6 bytes {JMP QWORD [RIP+0x729ea0]} .text C:\WINDOWS\system32\CxAudMsg64.exe[2444] C:\WINDOWS\system32\USER32.dll!ExitWindowsEx 00007ffa03854520 6 bytes {JMP QWORD [RIP+0xa1bb10]} .text C:\WINDOWS\system32\CxAudMsg64.exe[2444] C:\WINDOWS\system32\USER32.dll!SendDlgItemMessageW 00007ffa03856480 6 bytes JMP 0 .text C:\WINDOWS\system32\CxAudMsg64.exe[2444] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageA 00007ffa0385c620 6 bytes JMP 1000100 .text C:\WINDOWS\system32\CxAudMsg64.exe[2444] C:\WINDOWS\system32\USER32.dll!GetClipboardData 00007ffa0385efb0 6 bytes {JMP QWORD [RIP+0x971080]} .text C:\WINDOWS\system32\CxAudMsg64.exe[2444] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutA 00007ffa0385f600 6 bytes JMP 0 .text C:\WINDOWS\system32\CxAudMsg64.exe[2444] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 00007ffa03880f60 6 bytes {JMP QWORD [RIP+0x3cf0d0]} .text C:\WINDOWS\system32\CxAudMsg64.exe[2444] C:\WINDOWS\system32\USER32.dll!keybd_event 00007ffa038a9620 6 bytes {JMP QWORD [RIP+0x366a10]} .text C:\WINDOWS\system32\CxAudMsg64.exe[2444] C:\WINDOWS\system32\USER32.dll!SendDlgItemMessageA 00007ffa038b0f30 6 bytes {JMP QWORD [RIP+0x7bf100]} .text C:\WINDOWS\system32\CxAudMsg64.exe[2444] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackA 00007ffa038b18f0 6 bytes JMP 0 .text C:\WINDOWS\system32\dashost.exe[2492] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW + 198 00007ffa00fe8e46 3 bytes [C4, 71, 11] .text C:\WINDOWS\system32\dashost.exe[2492] C:\WINDOWS\system32\KERNELBASE.dll!SetProcessShutdownParameters 00007ffa00ff8ca0 5 bytes [FF, 25, 90, 73, 15] .text C:\WINDOWS\system32\dashost.exe[2492] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW 00007ffa00ffef70 5 bytes JMP 00007ffb00fd00d8 .text C:\WINDOWS\system32\dashost.exe[2492] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileWithProgressTransactedW + 1 00007ffa01039351 5 bytes {JMP QWORD [RIP+0x136ce0]} .text C:\WINDOWS\system32\dashost.exe[2492] C:\WINDOWS\system32\KERNELBASE.dll!CopyFileExW 00007ffa0103a520 6 bytes {JMP QWORD [RIP+0x175b10]} .text C:\WINDOWS\system32\dashost.exe[2492] C:\WINDOWS\system32\KERNELBASE.dll!CopyFile2 00007ffa0105bfb0 6 bytes {JMP QWORD [RIP+0x134080]} .text C:\WINDOWS\system32\dashost.exe[2492] C:\WINDOWS\system32\USER32.dll!MoveWindow 00007ffa038211d0 6 bytes {JMP QWORD [RIP+0x94ee60]} .text C:\WINDOWS\system32\dashost.exe[2492] C:\WINDOWS\system32\USER32.dll!SetParent 00007ffa03821220 6 bytes {JMP QWORD [RIP+0x92ee10]} .text C:\WINDOWS\system32\dashost.exe[2492] C:\WINDOWS\system32\USER32.dll!GetKeyboardState 00007ffa03821230 6 bytes {JMP QWORD [RIP+0x8aee00]} .text C:\WINDOWS\system32\dashost.exe[2492] C:\WINDOWS\system32\USER32.dll!SendInput 00007ffa03821240 6 bytes {JMP QWORD [RIP+0x88edf0]} .text C:\WINDOWS\system32\dashost.exe[2492] C:\WINDOWS\system32\USER32.dll!SetClipboardViewer 00007ffa038214e0 6 bytes {JMP QWORD [RIP+0x96eb50]} .text C:\WINDOWS\system32\dashost.exe[2492] C:\WINDOWS\system32\USER32.dll!BlockInput 00007ffa03821530 6 bytes {JMP QWORD [RIP+0x98eb00]} .text C:\WINDOWS\system32\dashost.exe[2492] C:\WINDOWS\system32\USER32.dll!RegisterHotKey 00007ffa03821c90 6 bytes {JMP QWORD [RIP+0x9ce3a0]} .text C:\WINDOWS\system32\dashost.exe[2492] C:\WINDOWS\system32\USER32.dll!RegisterRawInputDevices 00007ffa03821cb0 6 bytes {JMP QWORD [RIP+0x90e380]} .text C:\WINDOWS\system32\dashost.exe[2492] C:\WINDOWS\system32\USER32.dll!PostMessageW 00007ffa038233f0 6 bytes {JMP QWORD [RIP+0x6ecc40]} .text C:\WINDOWS\system32\dashost.exe[2492] C:\WINDOWS\system32\USER32.dll!PostThreadMessageW 00007ffa038235a0 6 bytes {JMP QWORD [RIP+0x72ca90]} .text C:\WINDOWS\system32\dashost.exe[2492] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutW + 1 00007ffa03824311 5 bytes {JMP QWORD [RIP+0x7abd20]} .text C:\WINDOWS\system32\dashost.exe[2492] C:\WINDOWS\system32\USER32.dll!SystemParametersInfoW 00007ffa038254e0 6 bytes {JMP QWORD [RIP+0xa0ab50]} .text C:\WINDOWS\system32\dashost.exe[2492] C:\WINDOWS\system32\USER32.dll!SendMessageW 00007ffa03825720 6 bytes {JMP QWORD [RIP+0x76a910]} .text C:\WINDOWS\system32\dashost.exe[2492] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackW 00007ffa038262b0 6 bytes {JMP QWORD [RIP+0x7e9d80]} .text C:\WINDOWS\system32\dashost.exe[2492] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 00007ffa03826390 6 bytes {JMP QWORD [RIP+0x449ca0]} .text C:\WINDOWS\system32\dashost.exe[2492] C:\WINDOWS\system32\USER32.dll!SetWindowLongW 00007ffa038293d0 6 bytes {JMP QWORD [RIP+0x6a6c60]} .text C:\WINDOWS\system32\dashost.exe[2492] C:\WINDOWS\system32\USER32.dll!mouse_event 00007ffa03829f00 6 bytes {JMP QWORD [RIP+0x406130]} .text C:\WINDOWS\system32\dashost.exe[2492] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW 00007ffa0382b7f0 3 bytes [FF, 25, 40] .text C:\WINDOWS\system32\dashost.exe[2492] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW + 4 00007ffa0382b7f4 2 bytes [82, 00] .text C:\WINDOWS\system32\dashost.exe[2492] C:\WINDOWS\system32\USER32.dll!GetKeyState + 1 00007ffa0382fd81 5 bytes {JMP QWORD [RIP+0x8c02b0]} .text C:\WINDOWS\system32\dashost.exe[2492] C:\WINDOWS\system32\USER32.dll!SystemParametersInfoA 00007ffa03833740 6 bytes {JMP QWORD [RIP+0x9dc8f0]} .text C:\WINDOWS\system32\dashost.exe[2492] C:\WINDOWS\system32\USER32.dll!SetWindowLongA 00007ffa03833c60 5 bytes [FF, 25, D0, C3, 47] .text C:\WINDOWS\system32\dashost.exe[2492] C:\WINDOWS\system32\USER32.dll!EnableWindow 00007ffa03834610 6 bytes {JMP QWORD [RIP+0xa1ba20]} .text C:\WINDOWS\system32\dashost.exe[2492] C:\WINDOWS\system32\USER32.dll!GetAsyncKeyState 00007ffa03834b80 6 bytes {JMP QWORD [RIP+0x8db4b0]} .text C:\WINDOWS\system32\dashost.exe[2492] C:\WINDOWS\system32\USER32.dll!SetWinEventHook + 1 00007ffa03837101 5 bytes {JMP QWORD [RIP+0x458f30]} .text C:\WINDOWS\system32\dashost.exe[2492] C:\WINDOWS\system32\USER32.dll!PostThreadMessageA 00007ffa038455b0 6 bytes {JMP QWORD [RIP+0x6eaa80]} .text C:\WINDOWS\system32\dashost.exe[2492] C:\WINDOWS\system32\USER32.dll!PostMessageA 00007ffa03845920 6 bytes {JMP QWORD [RIP+0x6aa710]} .text C:\WINDOWS\system32\dashost.exe[2492] C:\WINDOWS\system32\USER32.dll!SendMessageA 00007ffa03846190 6 bytes {JMP QWORD [RIP+0x729ea0]} .text C:\WINDOWS\system32\dashost.exe[2492] C:\WINDOWS\system32\USER32.dll!ExitWindowsEx 00007ffa03854520 6 bytes {JMP QWORD [RIP+0xa1bb10]} .text C:\WINDOWS\system32\dashost.exe[2492] C:\WINDOWS\system32\USER32.dll!SendDlgItemMessageW 00007ffa03856480 6 bytes {JMP QWORD [RIP+0x839bb0]} .text C:\WINDOWS\system32\dashost.exe[2492] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageA 00007ffa0385c620 6 bytes {JMP QWORD [RIP+0x7d3a10]} .text C:\WINDOWS\system32\dashost.exe[2492] C:\WINDOWS\system32\USER32.dll!GetClipboardData 00007ffa0385efb0 6 bytes {JMP QWORD [RIP+0x971080]} .text C:\WINDOWS\system32\dashost.exe[2492] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutA 00007ffa0385f600 6 bytes {JMP QWORD [RIP+0x750a30]} .text C:\WINDOWS\system32\dashost.exe[2492] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 00007ffa03880f60 6 bytes {JMP QWORD [RIP+0x3cf0d0]} .text C:\WINDOWS\system32\dashost.exe[2492] C:\WINDOWS\system32\USER32.dll!keybd_event 00007ffa038a9620 6 bytes {JMP QWORD [RIP+0x366a10]} .text C:\WINDOWS\system32\dashost.exe[2492] C:\WINDOWS\system32\USER32.dll!SendDlgItemMessageA 00007ffa038b0f30 6 bytes {JMP QWORD [RIP+0x7bf100]} .text C:\WINDOWS\system32\dashost.exe[2492] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackA 00007ffa038b18f0 6 bytes {JMP QWORD [RIP+0x73e740]} .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2544] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW + 198 00007ffa00fe8e46 3 bytes CALL 69004d .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2544] C:\WINDOWS\system32\KERNELBASE.dll!SetProcessShutdownParameters 00007ffa00ff8ca0 5 bytes JMP 3a0055 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2544] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW 00007ffa00ffef70 5 bytes JMP 00007ffb00fd00d8 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2544] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileWithProgressTransactedW + 1 00007ffa01039351 5 bytes JMP 620066 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2544] C:\WINDOWS\system32\KERNELBASE.dll!CopyFileExW 00007ffa0103a520 6 bytes JMP 0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2544] C:\WINDOWS\system32\KERNELBASE.dll!CopyFile2 00007ffa0105bfb0 6 bytes JMP 22793f6 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2544] C:\WINDOWS\system32\USER32.dll!MoveWindow 00007ffa038211d0 6 bytes {JMP QWORD [RIP+0x94ee60]} .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2544] C:\WINDOWS\system32\USER32.dll!SetParent 00007ffa03821220 6 bytes {JMP QWORD [RIP+0x92ee10]} .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2544] C:\WINDOWS\system32\USER32.dll!GetKeyboardState 00007ffa03821230 6 bytes {JMP QWORD [RIP+0x8aee00]} .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2544] C:\WINDOWS\system32\USER32.dll!SendInput 00007ffa03821240 6 bytes {JMP QWORD [RIP+0x88edf0]} .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2544] C:\WINDOWS\system32\USER32.dll!SetClipboardViewer 00007ffa038214e0 6 bytes {JMP QWORD [RIP+0x96eb50]} .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2544] C:\WINDOWS\system32\USER32.dll!BlockInput 00007ffa03821530 6 bytes {JMP QWORD [RIP+0x98eb00]} .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2544] C:\WINDOWS\system32\USER32.dll!RegisterHotKey 00007ffa03821c90 6 bytes {JMP QWORD [RIP+0x9ce3a0]} .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2544] C:\WINDOWS\system32\USER32.dll!RegisterRawInputDevices 00007ffa03821cb0 6 bytes {JMP QWORD [RIP+0x90e380]} .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2544] C:\WINDOWS\system32\USER32.dll!PostMessageW 00007ffa038233f0 6 bytes {JMP QWORD [RIP+0x6ecc40]} .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2544] C:\WINDOWS\system32\USER32.dll!PostThreadMessageW 00007ffa038235a0 6 bytes {JMP QWORD [RIP+0x72ca90]} .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2544] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutW + 1 00007ffa03824311 5 bytes {JMP QWORD [RIP+0x7abd20]} .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2544] C:\WINDOWS\system32\USER32.dll!SystemParametersInfoW 00007ffa038254e0 6 bytes {JMP QWORD [RIP+0xa0ab50]} .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2544] C:\WINDOWS\system32\USER32.dll!SendMessageW 00007ffa03825720 6 bytes {JMP QWORD [RIP+0x76a910]} .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2544] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackW 00007ffa038262b0 6 bytes {JMP QWORD [RIP+0x7e9d80]} .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2544] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 00007ffa03826390 6 bytes JMP 25336ff .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2544] C:\WINDOWS\system32\USER32.dll!SetWindowLongW 00007ffa038293d0 6 bytes {JMP QWORD [RIP+0x6a6c60]} .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2544] C:\WINDOWS\system32\USER32.dll!mouse_event 00007ffa03829f00 6 bytes JMP 0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2544] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW 00007ffa0382b7f0 3 bytes [FF, 25, 40] .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2544] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW + 4 00007ffa0382b7f4 2 bytes [82, 00] .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2544] C:\WINDOWS\system32\USER32.dll!GetKeyState + 1 00007ffa0382fd81 5 bytes {JMP QWORD [RIP+0x8c02b0]} .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2544] C:\WINDOWS\system32\USER32.dll!SystemParametersInfoA 00007ffa03833740 6 bytes {JMP QWORD [RIP+0x9dc8f0]} .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2544] C:\WINDOWS\system32\USER32.dll!SetWindowLongA 00007ffa03833c60 5 bytes JMP 0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2544] C:\WINDOWS\system32\USER32.dll!EnableWindow 00007ffa03834610 6 bytes {JMP QWORD [RIP+0xa1ba20]} .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2544] C:\WINDOWS\system32\USER32.dll!GetAsyncKeyState 00007ffa03834b80 6 bytes {JMP QWORD [RIP+0x8db4b0]} .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2544] C:\WINDOWS\system32\USER32.dll!SetWinEventHook + 1 00007ffa03837101 5 bytes JMP 0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2544] C:\WINDOWS\system32\USER32.dll!PostThreadMessageA 00007ffa038455b0 6 bytes {JMP QWORD [RIP+0x6eaa80]} .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2544] C:\WINDOWS\system32\USER32.dll!PostMessageA 00007ffa03845920 6 bytes {JMP QWORD [RIP+0x6aa710]} .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2544] C:\WINDOWS\system32\USER32.dll!SendMessageA 00007ffa03846190 6 bytes {JMP QWORD [RIP+0x729ea0]} .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2544] C:\WINDOWS\system32\USER32.dll!ExitWindowsEx 00007ffa03854520 6 bytes {JMP QWORD [RIP+0xa1bb10]} .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2544] C:\WINDOWS\system32\USER32.dll!SendDlgItemMessageW 00007ffa03856480 6 bytes {JMP QWORD [RIP+0x839bb0]} .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2544] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageA 00007ffa0385c620 6 bytes {JMP QWORD [RIP+0x7d3a10]} .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2544] C:\WINDOWS\system32\USER32.dll!GetClipboardData 00007ffa0385efb0 6 bytes {JMP QWORD [RIP+0x971080]} .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2544] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutA 00007ffa0385f600 6 bytes {JMP QWORD [RIP+0x750a30]} .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2544] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 00007ffa03880f60 6 bytes JMP 52c988 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2544] C:\WINDOWS\system32\USER32.dll!keybd_event 00007ffa038a9620 6 bytes JMP 0 .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2544] C:\WINDOWS\system32\USER32.dll!SendDlgItemMessageA 00007ffa038b0f30 6 bytes {JMP QWORD [RIP+0x7bf100]} .text C:\ProgramData\DatacardService\HWDeviceService64.exe[2544] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackA 00007ffa038b18f0 6 bytes {JMP QWORD [RIP+0x73e740]} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2700] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW + 198 00007ffa00fe8e46 3 bytes [C4, 71, 11] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2700] C:\WINDOWS\system32\KERNELBASE.dll!SetProcessShutdownParameters 00007ffa00ff8ca0 5 bytes [FF, 25, 90, 73, 15] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2700] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW 00007ffa00ffef70 5 bytes JMP 00007ffb00fd00d8 .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2700] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileWithProgressTransactedW + 1 00007ffa01039351 5 bytes {JMP QWORD [RIP+0x136ce0]} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2700] C:\WINDOWS\system32\KERNELBASE.dll!CopyFileExW 00007ffa0103a520 6 bytes {JMP QWORD [RIP+0x175b10]} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2700] C:\WINDOWS\system32\KERNELBASE.dll!CopyFile2 00007ffa0105bfb0 6 bytes {JMP QWORD [RIP+0x134080]} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2700] C:\WINDOWS\system32\USER32.dll!MoveWindow 00007ffa038211d0 6 bytes {JMP QWORD [RIP+0x94ee60]} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2700] C:\WINDOWS\system32\USER32.dll!SetParent 00007ffa03821220 6 bytes {JMP QWORD [RIP+0x92ee10]} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2700] C:\WINDOWS\system32\USER32.dll!GetKeyboardState 00007ffa03821230 6 bytes {JMP QWORD [RIP+0x8aee00]} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2700] C:\WINDOWS\system32\USER32.dll!SendInput 00007ffa03821240 6 bytes {JMP QWORD [RIP+0x88edf0]} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2700] C:\WINDOWS\system32\USER32.dll!SetClipboardViewer 00007ffa038214e0 6 bytes {JMP QWORD [RIP+0x96eb50]} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2700] C:\WINDOWS\system32\USER32.dll!BlockInput 00007ffa03821530 6 bytes {JMP QWORD [RIP+0x98eb00]} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2700] C:\WINDOWS\system32\USER32.dll!RegisterHotKey 00007ffa03821c90 6 bytes {JMP QWORD [RIP+0x9ce3a0]} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2700] C:\WINDOWS\system32\USER32.dll!RegisterRawInputDevices 00007ffa03821cb0 6 bytes {JMP QWORD [RIP+0x90e380]} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2700] C:\WINDOWS\system32\USER32.dll!PostMessageW 00007ffa038233f0 6 bytes {JMP QWORD [RIP+0x6ecc40]} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2700] C:\WINDOWS\system32\USER32.dll!PostThreadMessageW 00007ffa038235a0 6 bytes {JMP QWORD [RIP+0x72ca90]} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2700] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutW + 1 00007ffa03824311 5 bytes {JMP QWORD [RIP+0x7abd20]} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2700] C:\WINDOWS\system32\USER32.dll!SystemParametersInfoW 00007ffa038254e0 6 bytes {JMP QWORD [RIP+0xa0ab50]} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2700] C:\WINDOWS\system32\USER32.dll!SendMessageW 00007ffa03825720 6 bytes {JMP QWORD [RIP+0x76a910]} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2700] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackW 00007ffa038262b0 6 bytes {JMP QWORD [RIP+0x7e9d80]} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2700] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 00007ffa03826390 6 bytes {JMP QWORD [RIP+0x449ca0]} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2700] C:\WINDOWS\system32\USER32.dll!SetWindowLongW 00007ffa038293d0 6 bytes {JMP QWORD [RIP+0x6a6c60]} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2700] C:\WINDOWS\system32\USER32.dll!mouse_event 00007ffa03829f00 6 bytes {JMP QWORD [RIP+0x406130]} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2700] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW 00007ffa0382b7f0 3 bytes [FF, 25, 40] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2700] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW + 4 00007ffa0382b7f4 2 bytes [82, 00] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2700] C:\WINDOWS\system32\USER32.dll!GetKeyState + 1 00007ffa0382fd81 5 bytes {JMP QWORD [RIP+0x8c02b0]} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2700] C:\WINDOWS\system32\USER32.dll!SystemParametersInfoA 00007ffa03833740 6 bytes {JMP QWORD [RIP+0x9dc8f0]} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2700] C:\WINDOWS\system32\USER32.dll!SetWindowLongA 00007ffa03833c60 5 bytes [FF, 25, D0, C3, 47] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2700] C:\WINDOWS\system32\USER32.dll!EnableWindow 00007ffa03834610 6 bytes {JMP QWORD [RIP+0xa1ba20]} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2700] C:\WINDOWS\system32\USER32.dll!GetAsyncKeyState 00007ffa03834b80 6 bytes {JMP QWORD [RIP+0x8db4b0]} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2700] C:\WINDOWS\system32\USER32.dll!SetWinEventHook + 1 00007ffa03837101 5 bytes {JMP QWORD [RIP+0x458f30]} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2700] C:\WINDOWS\system32\USER32.dll!PostThreadMessageA 00007ffa038455b0 6 bytes {JMP QWORD [RIP+0x6eaa80]} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2700] C:\WINDOWS\system32\USER32.dll!PostMessageA 00007ffa03845920 6 bytes {JMP QWORD [RIP+0x6aa710]} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2700] C:\WINDOWS\system32\USER32.dll!SendMessageA 00007ffa03846190 6 bytes {JMP QWORD [RIP+0x729ea0]} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2700] C:\WINDOWS\system32\USER32.dll!ExitWindowsEx 00007ffa03854520 6 bytes {JMP QWORD [RIP+0xa1bb10]} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2700] C:\WINDOWS\system32\USER32.dll!SendDlgItemMessageW 00007ffa03856480 6 bytes {JMP QWORD [RIP+0x839bb0]} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2700] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageA 00007ffa0385c620 6 bytes {JMP QWORD [RIP+0x7d3a10]} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2700] C:\WINDOWS\system32\USER32.dll!GetClipboardData 00007ffa0385efb0 6 bytes {JMP QWORD [RIP+0x971080]} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2700] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutA 00007ffa0385f600 6 bytes {JMP QWORD [RIP+0x750a30]} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2700] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 00007ffa03880f60 6 bytes {JMP QWORD [RIP+0x3cf0d0]} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2700] C:\WINDOWS\system32\USER32.dll!keybd_event 00007ffa038a9620 6 bytes {JMP QWORD [RIP+0x366a10]} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2700] C:\WINDOWS\system32\USER32.dll!SendDlgItemMessageA 00007ffa038b0f30 6 bytes {JMP QWORD [RIP+0x7bf100]} .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2700] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackA 00007ffa038b18f0 6 bytes {JMP QWORD [RIP+0x73e740]} .text C:\WINDOWS\system32\lxbkcoms.exe[2812] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW + 198 00007ffa00fe8e46 3 bytes [C4, 71, 11] .text C:\WINDOWS\system32\lxbkcoms.exe[2812] C:\WINDOWS\system32\KERNELBASE.dll!SetProcessShutdownParameters 00007ffa00ff8ca0 5 bytes [FF, 25, 90, 73, 15] .text C:\WINDOWS\system32\lxbkcoms.exe[2812] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW 00007ffa00ffef70 5 bytes JMP 00007ffb00fd00d8 .text C:\WINDOWS\system32\lxbkcoms.exe[2812] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileWithProgressTransactedW + 1 00007ffa01039351 5 bytes {JMP QWORD [RIP+0x136ce0]} .text C:\WINDOWS\system32\lxbkcoms.exe[2812] C:\WINDOWS\system32\KERNELBASE.dll!CopyFileExW 00007ffa0103a520 6 bytes JMP 430 .text C:\WINDOWS\system32\lxbkcoms.exe[2812] C:\WINDOWS\system32\KERNELBASE.dll!CopyFile2 00007ffa0105bfb0 6 bytes {JMP QWORD [RIP+0x134080]} .text C:\WINDOWS\system32\lxbkcoms.exe[2812] C:\WINDOWS\system32\USER32.dll!MoveWindow 00007ffa038211d0 6 bytes JMP 0 .text C:\WINDOWS\system32\lxbkcoms.exe[2812] C:\WINDOWS\system32\USER32.dll!SetParent 00007ffa03821220 6 bytes JMP b97e80 .text C:\WINDOWS\system32\lxbkcoms.exe[2812] C:\WINDOWS\system32\USER32.dll!GetKeyboardState 00007ffa03821230 6 bytes {JMP QWORD [RIP+0x8aee00]} .text C:\WINDOWS\system32\lxbkcoms.exe[2812] C:\WINDOWS\system32\USER32.dll!SendInput 00007ffa03821240 6 bytes {JMP QWORD [RIP+0x88edf0]} .text C:\WINDOWS\system32\lxbkcoms.exe[2812] C:\WINDOWS\system32\USER32.dll!SetClipboardViewer 00007ffa038214e0 6 bytes {JMP QWORD [RIP+0x96eb50]} .text C:\WINDOWS\system32\lxbkcoms.exe[2812] C:\WINDOWS\system32\USER32.dll!BlockInput 00007ffa03821530 6 bytes JMP 0 .text C:\WINDOWS\system32\lxbkcoms.exe[2812] C:\WINDOWS\system32\USER32.dll!RegisterHotKey 00007ffa03821c90 6 bytes {JMP QWORD [RIP+0x9ce3a0]} .text C:\WINDOWS\system32\lxbkcoms.exe[2812] C:\WINDOWS\system32\USER32.dll!RegisterRawInputDevices 00007ffa03821cb0 6 bytes {JMP QWORD [RIP+0x90e380]} .text C:\WINDOWS\system32\lxbkcoms.exe[2812] C:\WINDOWS\system32\USER32.dll!PostMessageW 00007ffa038233f0 6 bytes {JMP QWORD [RIP+0x6ecc40]} .text C:\WINDOWS\system32\lxbkcoms.exe[2812] C:\WINDOWS\system32\USER32.dll!PostThreadMessageW 00007ffa038235a0 6 bytes {JMP QWORD [RIP+0x72ca90]} .text C:\WINDOWS\system32\lxbkcoms.exe[2812] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutW + 1 00007ffa03824311 5 bytes {JMP QWORD [RIP+0x7abd20]} .text C:\WINDOWS\system32\lxbkcoms.exe[2812] C:\WINDOWS\system32\USER32.dll!SystemParametersInfoW 00007ffa038254e0 6 bytes {JMP QWORD [RIP+0xa0ab50]} .text C:\WINDOWS\system32\lxbkcoms.exe[2812] C:\WINDOWS\system32\USER32.dll!SendMessageW 00007ffa03825720 6 bytes {JMP QWORD [RIP+0x76a910]} .text C:\WINDOWS\system32\lxbkcoms.exe[2812] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackW 00007ffa038262b0 6 bytes {JMP QWORD [RIP+0x7e9d80]} .text C:\WINDOWS\system32\lxbkcoms.exe[2812] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 00007ffa03826390 6 bytes {JMP QWORD [RIP+0x449ca0]} .text C:\WINDOWS\system32\lxbkcoms.exe[2812] C:\WINDOWS\system32\USER32.dll!SetWindowLongW 00007ffa038293d0 6 bytes {JMP QWORD [RIP+0x6a6c60]} .text C:\WINDOWS\system32\lxbkcoms.exe[2812] C:\WINDOWS\system32\USER32.dll!mouse_event 00007ffa03829f00 6 bytes JMP 83485548 .text C:\WINDOWS\system32\lxbkcoms.exe[2812] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW 00007ffa0382b7f0 3 bytes [FF, 25, 40] .text C:\WINDOWS\system32\lxbkcoms.exe[2812] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW + 4 00007ffa0382b7f4 2 bytes [82, 00] .text C:\WINDOWS\system32\lxbkcoms.exe[2812] C:\WINDOWS\system32\USER32.dll!GetKeyState + 1 00007ffa0382fd81 5 bytes JMP 0 .text C:\WINDOWS\system32\lxbkcoms.exe[2812] C:\WINDOWS\system32\USER32.dll!SystemParametersInfoA 00007ffa03833740 6 bytes {JMP QWORD [RIP+0x9dc8f0]} .text C:\WINDOWS\system32\lxbkcoms.exe[2812] C:\WINDOWS\system32\USER32.dll!SetWindowLongA 00007ffa03833c60 5 bytes JMP 451b68 C:\WINDOWS\system32\lxbkcoms.exe .text C:\WINDOWS\system32\lxbkcoms.exe[2812] C:\WINDOWS\system32\USER32.dll!EnableWindow 00007ffa03834610 6 bytes {JMP QWORD [RIP+0xa1ba20]} .text C:\WINDOWS\system32\lxbkcoms.exe[2812] C:\WINDOWS\system32\USER32.dll!GetAsyncKeyState 00007ffa03834b80 6 bytes {JMP QWORD [RIP+0x8db4b0]} .text C:\WINDOWS\system32\lxbkcoms.exe[2812] C:\WINDOWS\system32\USER32.dll!SetWinEventHook + 1 00007ffa03837101 5 bytes {JMP QWORD [RIP+0x458f30]} .text C:\WINDOWS\system32\lxbkcoms.exe[2812] C:\WINDOWS\system32\USER32.dll!PostThreadMessageA 00007ffa038455b0 6 bytes {JMP QWORD [RIP+0x6eaa80]} .text C:\WINDOWS\system32\lxbkcoms.exe[2812] C:\WINDOWS\system32\USER32.dll!PostMessageA 00007ffa03845920 6 bytes {JMP QWORD [RIP+0x6aa710]} .text C:\WINDOWS\system32\lxbkcoms.exe[2812] C:\WINDOWS\system32\USER32.dll!SendMessageA 00007ffa03846190 6 bytes {JMP QWORD [RIP+0x729ea0]} .text C:\WINDOWS\system32\lxbkcoms.exe[2812] C:\WINDOWS\system32\USER32.dll!ExitWindowsEx 00007ffa03854520 6 bytes {JMP QWORD [RIP+0xa1bb10]} .text C:\WINDOWS\system32\lxbkcoms.exe[2812] C:\WINDOWS\system32\USER32.dll!SendDlgItemMessageW 00007ffa03856480 6 bytes {JMP QWORD [RIP+0x839bb0]} .text C:\WINDOWS\system32\lxbkcoms.exe[2812] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageA 00007ffa0385c620 6 bytes {JMP QWORD [RIP+0x7d3a10]} .text C:\WINDOWS\system32\lxbkcoms.exe[2812] C:\WINDOWS\system32\USER32.dll!GetClipboardData 00007ffa0385efb0 6 bytes JMP 0 .text C:\WINDOWS\system32\lxbkcoms.exe[2812] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutA 00007ffa0385f600 6 bytes {JMP QWORD [RIP+0x750a30]} .text C:\WINDOWS\system32\lxbkcoms.exe[2812] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 00007ffa03880f60 6 bytes {JMP QWORD [RIP+0x3cf0d0]} .text C:\WINDOWS\system32\lxbkcoms.exe[2812] C:\WINDOWS\system32\USER32.dll!keybd_event 00007ffa038a9620 6 bytes {JMP QWORD [RIP+0x366a10]} .text C:\WINDOWS\system32\lxbkcoms.exe[2812] C:\WINDOWS\system32\USER32.dll!SendDlgItemMessageA 00007ffa038b0f30 6 bytes {JMP QWORD [RIP+0x7bf100]} .text C:\WINDOWS\system32\lxbkcoms.exe[2812] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackA 00007ffa038b18f0 6 bytes {JMP QWORD [RIP+0x73e740]} .text C:\WINDOWS\system32\svchost.exe[2856] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW + 198 00007ffa00fe8e46 3 bytes [C4, 71, 11] .text C:\WINDOWS\system32\svchost.exe[2856] C:\WINDOWS\system32\KERNELBASE.dll!SetProcessShutdownParameters 00007ffa00ff8ca0 5 bytes [FF, 25, 90, 73, 15] .text C:\WINDOWS\system32\svchost.exe[2856] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW 00007ffa00ffef70 5 bytes JMP 00007ffb00fd00d8 .text C:\WINDOWS\system32\svchost.exe[2856] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileWithProgressTransactedW + 1 00007ffa01039351 5 bytes {JMP QWORD [RIP+0x136ce0]} .text C:\WINDOWS\system32\svchost.exe[2856] C:\WINDOWS\system32\KERNELBASE.dll!CopyFileExW 00007ffa0103a520 6 bytes {JMP QWORD [RIP+0x175b10]} .text C:\WINDOWS\system32\svchost.exe[2856] C:\WINDOWS\system32\KERNELBASE.dll!CopyFile2 00007ffa0105bfb0 6 bytes {JMP QWORD [RIP+0x134080]} .text C:\WINDOWS\system32\svchost.exe[2856] C:\WINDOWS\system32\USER32.dll!MoveWindow 00007ffa038211d0 6 bytes {JMP QWORD [RIP+0x94ee60]} .text C:\WINDOWS\system32\svchost.exe[2856] C:\WINDOWS\system32\USER32.dll!SetParent 00007ffa03821220 6 bytes {JMP QWORD [RIP+0x92ee10]} .text C:\WINDOWS\system32\svchost.exe[2856] C:\WINDOWS\system32\USER32.dll!GetKeyboardState 00007ffa03821230 6 bytes {JMP QWORD [RIP+0x8aee00]} .text C:\WINDOWS\system32\svchost.exe[2856] C:\WINDOWS\system32\USER32.dll!SendInput 00007ffa03821240 6 bytes {JMP QWORD [RIP+0x88edf0]} .text C:\WINDOWS\system32\svchost.exe[2856] C:\WINDOWS\system32\USER32.dll!SetClipboardViewer 00007ffa038214e0 6 bytes {JMP QWORD [RIP+0x96eb50]} .text C:\WINDOWS\system32\svchost.exe[2856] C:\WINDOWS\system32\USER32.dll!BlockInput 00007ffa03821530 6 bytes {JMP QWORD [RIP+0x98eb00]} .text C:\WINDOWS\system32\svchost.exe[2856] C:\WINDOWS\system32\USER32.dll!RegisterHotKey 00007ffa03821c90 6 bytes {JMP QWORD [RIP+0x9ce3a0]} .text C:\WINDOWS\system32\svchost.exe[2856] C:\WINDOWS\system32\USER32.dll!RegisterRawInputDevices 00007ffa03821cb0 6 bytes {JMP QWORD [RIP+0x90e380]} .text C:\WINDOWS\system32\svchost.exe[2856] C:\WINDOWS\system32\USER32.dll!PostMessageW 00007ffa038233f0 6 bytes {JMP QWORD [RIP+0x6ecc40]} .text C:\WINDOWS\system32\svchost.exe[2856] C:\WINDOWS\system32\USER32.dll!PostThreadMessageW 00007ffa038235a0 6 bytes {JMP QWORD [RIP+0x72ca90]} .text C:\WINDOWS\system32\svchost.exe[2856] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutW + 1 00007ffa03824311 5 bytes {JMP QWORD [RIP+0x7abd20]} .text C:\WINDOWS\system32\svchost.exe[2856] C:\WINDOWS\system32\USER32.dll!SystemParametersInfoW 00007ffa038254e0 6 bytes {JMP QWORD [RIP+0xa0ab50]} .text C:\WINDOWS\system32\svchost.exe[2856] C:\WINDOWS\system32\USER32.dll!SendMessageW 00007ffa03825720 6 bytes {JMP QWORD [RIP+0x76a910]} .text C:\WINDOWS\system32\svchost.exe[2856] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackW 00007ffa038262b0 6 bytes {JMP QWORD [RIP+0x7e9d80]} .text C:\WINDOWS\system32\svchost.exe[2856] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 00007ffa03826390 6 bytes {JMP QWORD [RIP+0x449ca0]} .text C:\WINDOWS\system32\svchost.exe[2856] C:\WINDOWS\system32\USER32.dll!SetWindowLongW 00007ffa038293d0 6 bytes {JMP QWORD [RIP+0x6a6c60]} .text C:\WINDOWS\system32\svchost.exe[2856] C:\WINDOWS\system32\USER32.dll!mouse_event 00007ffa03829f00 6 bytes {JMP QWORD [RIP+0x406130]} .text C:\WINDOWS\system32\svchost.exe[2856] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW 00007ffa0382b7f0 3 bytes [FF, 25, 40] .text C:\WINDOWS\system32\svchost.exe[2856] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW + 4 00007ffa0382b7f4 2 bytes [82, 00] .text C:\WINDOWS\system32\svchost.exe[2856] C:\WINDOWS\system32\USER32.dll!GetKeyState + 1 00007ffa0382fd81 5 bytes {JMP QWORD [RIP+0x8c02b0]} .text C:\WINDOWS\system32\svchost.exe[2856] C:\WINDOWS\system32\USER32.dll!SystemParametersInfoA 00007ffa03833740 6 bytes {JMP QWORD [RIP+0x9dc8f0]} .text C:\WINDOWS\system32\svchost.exe[2856] C:\WINDOWS\system32\USER32.dll!SetWindowLongA 00007ffa03833c60 5 bytes [FF, 25, D0, C3, 47] .text C:\WINDOWS\system32\svchost.exe[2856] C:\WINDOWS\system32\USER32.dll!EnableWindow 00007ffa03834610 6 bytes {JMP QWORD [RIP+0xa1ba20]} .text C:\WINDOWS\system32\svchost.exe[2856] C:\WINDOWS\system32\USER32.dll!GetAsyncKeyState 00007ffa03834b80 6 bytes {JMP QWORD [RIP+0x8db4b0]} .text C:\WINDOWS\system32\svchost.exe[2856] C:\WINDOWS\system32\USER32.dll!SetWinEventHook + 1 00007ffa03837101 5 bytes {JMP QWORD [RIP+0x458f30]} .text C:\WINDOWS\system32\svchost.exe[2856] C:\WINDOWS\system32\USER32.dll!PostThreadMessageA 00007ffa038455b0 6 bytes {JMP QWORD [RIP+0x6eaa80]} .text C:\WINDOWS\system32\svchost.exe[2856] C:\WINDOWS\system32\USER32.dll!PostMessageA 00007ffa03845920 6 bytes {JMP QWORD [RIP+0x6aa710]} .text C:\WINDOWS\system32\svchost.exe[2856] C:\WINDOWS\system32\USER32.dll!SendMessageA 00007ffa03846190 6 bytes {JMP QWORD [RIP+0x729ea0]} .text C:\WINDOWS\system32\svchost.exe[2856] C:\WINDOWS\system32\USER32.dll!ExitWindowsEx 00007ffa03854520 6 bytes {JMP QWORD [RIP+0xa1bb10]} .text C:\WINDOWS\system32\svchost.exe[2856] C:\WINDOWS\system32\USER32.dll!SendDlgItemMessageW 00007ffa03856480 6 bytes {JMP QWORD [RIP+0x839bb0]} .text C:\WINDOWS\system32\svchost.exe[2856] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageA 00007ffa0385c620 6 bytes {JMP QWORD [RIP+0x7d3a10]} .text C:\WINDOWS\system32\svchost.exe[2856] C:\WINDOWS\system32\USER32.dll!GetClipboardData 00007ffa0385efb0 6 bytes {JMP QWORD [RIP+0x971080]} .text C:\WINDOWS\system32\svchost.exe[2856] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutA 00007ffa0385f600 6 bytes {JMP QWORD [RIP+0x750a30]} .text C:\WINDOWS\system32\svchost.exe[2856] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 00007ffa03880f60 6 bytes {JMP QWORD [RIP+0x3cf0d0]} .text C:\WINDOWS\system32\svchost.exe[2856] C:\WINDOWS\system32\USER32.dll!keybd_event 00007ffa038a9620 6 bytes {JMP QWORD [RIP+0x366a10]} .text C:\WINDOWS\system32\svchost.exe[2856] C:\WINDOWS\system32\USER32.dll!SendDlgItemMessageA 00007ffa038b0f30 6 bytes {JMP QWORD [RIP+0x7bf100]} .text C:\WINDOWS\system32\svchost.exe[2856] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackA 00007ffa038b18f0 6 bytes {JMP QWORD [RIP+0x73e740]} .text C:\WINDOWS\system32\svchost.exe[1152] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW + 198 00007ffa00fe8e46 3 bytes [C4, 71, 11] .text C:\WINDOWS\system32\svchost.exe[1152] C:\WINDOWS\system32\KERNELBASE.dll!SetProcessShutdownParameters 00007ffa00ff8ca0 5 bytes [FF, 25, 90, 73, 15] .text C:\WINDOWS\system32\svchost.exe[1152] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW 00007ffa00ffef70 5 bytes JMP 00007ffb00fd00d8 .text C:\WINDOWS\system32\svchost.exe[1152] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileWithProgressTransactedW + 1 00007ffa01039351 5 bytes {JMP QWORD [RIP+0x136ce0]} .text C:\WINDOWS\system32\svchost.exe[1152] C:\WINDOWS\system32\KERNELBASE.dll!CopyFileExW 00007ffa0103a520 6 bytes {JMP QWORD [RIP+0x175b10]} .text C:\WINDOWS\system32\svchost.exe[1152] C:\WINDOWS\system32\KERNELBASE.dll!CopyFile2 00007ffa0105bfb0 6 bytes {JMP QWORD [RIP+0x134080]} .text C:\WINDOWS\system32\svchost.exe[1152] C:\WINDOWS\system32\USER32.dll!MoveWindow 00007ffa038211d0 6 bytes {JMP QWORD [RIP+0x94ee60]} .text C:\WINDOWS\system32\svchost.exe[1152] C:\WINDOWS\system32\USER32.dll!SetParent 00007ffa03821220 6 bytes {JMP QWORD [RIP+0x92ee10]} .text C:\WINDOWS\system32\svchost.exe[1152] C:\WINDOWS\system32\USER32.dll!GetKeyboardState 00007ffa03821230 6 bytes {JMP QWORD [RIP+0x8aee00]} .text C:\WINDOWS\system32\svchost.exe[1152] C:\WINDOWS\system32\USER32.dll!SendInput 00007ffa03821240 6 bytes {JMP QWORD [RIP+0x88edf0]} .text C:\WINDOWS\system32\svchost.exe[1152] C:\WINDOWS\system32\USER32.dll!SetClipboardViewer 00007ffa038214e0 6 bytes {JMP QWORD [RIP+0x96eb50]} .text C:\WINDOWS\system32\svchost.exe[1152] C:\WINDOWS\system32\USER32.dll!BlockInput 00007ffa03821530 6 bytes {JMP QWORD [RIP+0x98eb00]} .text C:\WINDOWS\system32\svchost.exe[1152] C:\WINDOWS\system32\USER32.dll!RegisterHotKey 00007ffa03821c90 6 bytes {JMP QWORD [RIP+0x9ce3a0]} .text C:\WINDOWS\system32\svchost.exe[1152] C:\WINDOWS\system32\USER32.dll!RegisterRawInputDevices 00007ffa03821cb0 6 bytes {JMP QWORD [RIP+0x90e380]} .text C:\WINDOWS\system32\svchost.exe[1152] C:\WINDOWS\system32\USER32.dll!PostMessageW 00007ffa038233f0 6 bytes {JMP QWORD [RIP+0x6ecc40]} .text C:\WINDOWS\system32\svchost.exe[1152] C:\WINDOWS\system32\USER32.dll!PostThreadMessageW 00007ffa038235a0 6 bytes {JMP QWORD [RIP+0x72ca90]} .text C:\WINDOWS\system32\svchost.exe[1152] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutW + 1 00007ffa03824311 5 bytes {JMP QWORD [RIP+0x7abd20]} .text C:\WINDOWS\system32\svchost.exe[1152] C:\WINDOWS\system32\USER32.dll!SystemParametersInfoW 00007ffa038254e0 6 bytes {JMP QWORD [RIP+0xa0ab50]} .text C:\WINDOWS\system32\svchost.exe[1152] C:\WINDOWS\system32\USER32.dll!SendMessageW 00007ffa03825720 6 bytes {JMP QWORD [RIP+0x76a910]} .text C:\WINDOWS\system32\svchost.exe[1152] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackW 00007ffa038262b0 6 bytes {JMP QWORD [RIP+0x7e9d80]} .text C:\WINDOWS\system32\svchost.exe[1152] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 00007ffa03826390 6 bytes {JMP QWORD [RIP+0x449ca0]} .text C:\WINDOWS\system32\svchost.exe[1152] C:\WINDOWS\system32\USER32.dll!SetWindowLongW 00007ffa038293d0 6 bytes {JMP QWORD [RIP+0x6a6c60]} .text C:\WINDOWS\system32\svchost.exe[1152] C:\WINDOWS\system32\USER32.dll!mouse_event 00007ffa03829f00 6 bytes {JMP QWORD [RIP+0x406130]} .text C:\WINDOWS\system32\svchost.exe[1152] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW 00007ffa0382b7f0 3 bytes [FF, 25, 40] .text C:\WINDOWS\system32\svchost.exe[1152] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW + 4 00007ffa0382b7f4 2 bytes [82, 00] .text C:\WINDOWS\system32\svchost.exe[1152] C:\WINDOWS\system32\USER32.dll!GetKeyState + 1 00007ffa0382fd81 5 bytes {JMP QWORD [RIP+0x8c02b0]} .text C:\WINDOWS\system32\svchost.exe[1152] C:\WINDOWS\system32\USER32.dll!SystemParametersInfoA 00007ffa03833740 6 bytes {JMP QWORD [RIP+0x9dc8f0]} .text C:\WINDOWS\system32\svchost.exe[1152] C:\WINDOWS\system32\USER32.dll!SetWindowLongA 00007ffa03833c60 5 bytes [FF, 25, D0, C3, 47] .text C:\WINDOWS\system32\svchost.exe[1152] C:\WINDOWS\system32\USER32.dll!EnableWindow 00007ffa03834610 6 bytes {JMP QWORD [RIP+0xa1ba20]} .text C:\WINDOWS\system32\svchost.exe[1152] C:\WINDOWS\system32\USER32.dll!GetAsyncKeyState 00007ffa03834b80 6 bytes {JMP QWORD [RIP+0x8db4b0]} .text C:\WINDOWS\system32\svchost.exe[1152] C:\WINDOWS\system32\USER32.dll!SetWinEventHook + 1 00007ffa03837101 5 bytes {JMP QWORD [RIP+0x458f30]} .text C:\WINDOWS\system32\svchost.exe[1152] C:\WINDOWS\system32\USER32.dll!PostThreadMessageA 00007ffa038455b0 6 bytes {JMP QWORD [RIP+0x6eaa80]} .text C:\WINDOWS\system32\svchost.exe[1152] C:\WINDOWS\system32\USER32.dll!PostMessageA 00007ffa03845920 6 bytes {JMP QWORD [RIP+0x6aa710]} .text C:\WINDOWS\system32\svchost.exe[1152] C:\WINDOWS\system32\USER32.dll!SendMessageA 00007ffa03846190 6 bytes {JMP QWORD [RIP+0x729ea0]} .text C:\WINDOWS\system32\svchost.exe[1152] C:\WINDOWS\system32\USER32.dll!ExitWindowsEx 00007ffa03854520 6 bytes {JMP QWORD [RIP+0xa1bb10]} .text C:\WINDOWS\system32\svchost.exe[1152] C:\WINDOWS\system32\USER32.dll!SendDlgItemMessageW 00007ffa03856480 6 bytes {JMP QWORD [RIP+0x839bb0]} .text C:\WINDOWS\system32\svchost.exe[1152] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageA 00007ffa0385c620 6 bytes {JMP QWORD [RIP+0x7d3a10]} .text C:\WINDOWS\system32\svchost.exe[1152] C:\WINDOWS\system32\USER32.dll!GetClipboardData 00007ffa0385efb0 6 bytes {JMP QWORD [RIP+0x971080]} .text C:\WINDOWS\system32\svchost.exe[1152] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutA 00007ffa0385f600 6 bytes {JMP QWORD [RIP+0x750a30]} .text C:\WINDOWS\system32\svchost.exe[1152] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 00007ffa03880f60 6 bytes {JMP QWORD [RIP+0x3cf0d0]} .text C:\WINDOWS\system32\svchost.exe[1152] C:\WINDOWS\system32\USER32.dll!keybd_event 00007ffa038a9620 6 bytes {JMP QWORD [RIP+0x366a10]} .text C:\WINDOWS\system32\svchost.exe[1152] C:\WINDOWS\system32\USER32.dll!SendDlgItemMessageA 00007ffa038b0f30 6 bytes {JMP QWORD [RIP+0x7bf100]} .text C:\WINDOWS\system32\svchost.exe[1152] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackA 00007ffa038b18f0 6 bytes {JMP QWORD [RIP+0x73e740]} .text C:\WINDOWS\system32\SearchIndexer.exe[3584] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW + 198 00007ffa00fe8e46 3 bytes [C4, 71, 11] .text C:\WINDOWS\system32\SearchIndexer.exe[3584] C:\WINDOWS\system32\KERNELBASE.dll!SetProcessShutdownParameters 00007ffa00ff8ca0 5 bytes [FF, 25, 90, 73, 15] .text C:\WINDOWS\system32\SearchIndexer.exe[3584] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW 00007ffa00ffef70 5 bytes JMP 00007ffb00fd00d8 .text C:\WINDOWS\system32\SearchIndexer.exe[3584] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileWithProgressTransactedW + 1 00007ffa01039351 5 bytes {JMP QWORD [RIP+0x136ce0]} .text C:\WINDOWS\system32\SearchIndexer.exe[3584] C:\WINDOWS\system32\KERNELBASE.dll!CopyFileExW 00007ffa0103a520 6 bytes {JMP QWORD [RIP+0x175b10]} .text C:\WINDOWS\system32\SearchIndexer.exe[3584] C:\WINDOWS\system32\KERNELBASE.dll!CopyFile2 00007ffa0105bfb0 6 bytes {JMP QWORD [RIP+0x134080]} .text C:\WINDOWS\system32\SearchIndexer.exe[3584] C:\WINDOWS\system32\USER32.dll!MoveWindow 00007ffa038211d0 6 bytes {JMP QWORD [RIP+0x94ee60]} .text C:\WINDOWS\system32\SearchIndexer.exe[3584] C:\WINDOWS\system32\USER32.dll!SetParent 00007ffa03821220 6 bytes {JMP QWORD [RIP+0x92ee10]} .text C:\WINDOWS\system32\SearchIndexer.exe[3584] C:\WINDOWS\system32\USER32.dll!GetKeyboardState 00007ffa03821230 6 bytes {JMP QWORD [RIP+0x8aee00]} .text C:\WINDOWS\system32\SearchIndexer.exe[3584] C:\WINDOWS\system32\USER32.dll!SendInput 00007ffa03821240 6 bytes {JMP QWORD [RIP+0x88edf0]} .text C:\WINDOWS\system32\SearchIndexer.exe[3584] C:\WINDOWS\system32\USER32.dll!SetClipboardViewer 00007ffa038214e0 6 bytes {JMP QWORD [RIP+0x96eb50]} .text C:\WINDOWS\system32\SearchIndexer.exe[3584] C:\WINDOWS\system32\USER32.dll!BlockInput 00007ffa03821530 6 bytes {JMP QWORD [RIP+0x98eb00]} .text C:\WINDOWS\system32\SearchIndexer.exe[3584] C:\WINDOWS\system32\USER32.dll!RegisterHotKey 00007ffa03821c90 6 bytes {JMP QWORD [RIP+0x9ce3a0]} .text C:\WINDOWS\system32\SearchIndexer.exe[3584] C:\WINDOWS\system32\USER32.dll!RegisterRawInputDevices 00007ffa03821cb0 6 bytes {JMP QWORD [RIP+0x90e380]} .text C:\WINDOWS\system32\SearchIndexer.exe[3584] C:\WINDOWS\system32\USER32.dll!PostMessageW 00007ffa038233f0 6 bytes {JMP QWORD [RIP+0x6ecc40]} .text C:\WINDOWS\system32\SearchIndexer.exe[3584] C:\WINDOWS\system32\USER32.dll!PostThreadMessageW 00007ffa038235a0 6 bytes {JMP QWORD [RIP+0x72ca90]} .text C:\WINDOWS\system32\SearchIndexer.exe[3584] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutW + 1 00007ffa03824311 5 bytes {JMP QWORD [RIP+0x7abd20]} .text C:\WINDOWS\system32\SearchIndexer.exe[3584] C:\WINDOWS\system32\USER32.dll!SystemParametersInfoW 00007ffa038254e0 6 bytes {JMP QWORD [RIP+0xa0ab50]} .text C:\WINDOWS\system32\SearchIndexer.exe[3584] C:\WINDOWS\system32\USER32.dll!SendMessageW 00007ffa03825720 6 bytes {JMP QWORD [RIP+0x76a910]} .text C:\WINDOWS\system32\SearchIndexer.exe[3584] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackW 00007ffa038262b0 6 bytes {JMP QWORD [RIP+0x7e9d80]} .text C:\WINDOWS\system32\SearchIndexer.exe[3584] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 00007ffa03826390 6 bytes {JMP QWORD [RIP+0x449ca0]} .text C:\WINDOWS\system32\SearchIndexer.exe[3584] C:\WINDOWS\system32\USER32.dll!SetWindowLongW 00007ffa038293d0 6 bytes {JMP QWORD [RIP+0x6a6c60]} .text C:\WINDOWS\system32\SearchIndexer.exe[3584] C:\WINDOWS\system32\USER32.dll!mouse_event 00007ffa03829f00 6 bytes {JMP QWORD [RIP+0x406130]} .text C:\WINDOWS\system32\SearchIndexer.exe[3584] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW 00007ffa0382b7f0 3 bytes [FF, 25, 40] .text C:\WINDOWS\system32\SearchIndexer.exe[3584] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW + 4 00007ffa0382b7f4 2 bytes [82, 00] .text C:\WINDOWS\system32\SearchIndexer.exe[3584] C:\WINDOWS\system32\USER32.dll!GetKeyState + 1 00007ffa0382fd81 5 bytes {JMP QWORD [RIP+0x8c02b0]} .text C:\WINDOWS\system32\SearchIndexer.exe[3584] C:\WINDOWS\system32\USER32.dll!SystemParametersInfoA 00007ffa03833740 6 bytes {JMP QWORD [RIP+0x9dc8f0]} .text C:\WINDOWS\system32\SearchIndexer.exe[3584] C:\WINDOWS\system32\USER32.dll!SetWindowLongA 00007ffa03833c60 5 bytes [FF, 25, D0, C3, 47] .text C:\WINDOWS\system32\SearchIndexer.exe[3584] C:\WINDOWS\system32\USER32.dll!EnableWindow 00007ffa03834610 6 bytes {JMP QWORD [RIP+0xa1ba20]} .text C:\WINDOWS\system32\SearchIndexer.exe[3584] C:\WINDOWS\system32\USER32.dll!GetAsyncKeyState 00007ffa03834b80 6 bytes {JMP QWORD [RIP+0x8db4b0]} .text C:\WINDOWS\system32\SearchIndexer.exe[3584] C:\WINDOWS\system32\USER32.dll!SetWinEventHook + 1 00007ffa03837101 5 bytes {JMP QWORD [RIP+0x458f30]} .text C:\WINDOWS\system32\SearchIndexer.exe[3584] C:\WINDOWS\system32\USER32.dll!PostThreadMessageA 00007ffa038455b0 6 bytes {JMP QWORD [RIP+0x6eaa80]} .text C:\WINDOWS\system32\SearchIndexer.exe[3584] C:\WINDOWS\system32\USER32.dll!PostMessageA 00007ffa03845920 6 bytes {JMP QWORD [RIP+0x6aa710]} .text C:\WINDOWS\system32\SearchIndexer.exe[3584] C:\WINDOWS\system32\USER32.dll!SendMessageA 00007ffa03846190 6 bytes {JMP QWORD [RIP+0x729ea0]} .text C:\WINDOWS\system32\SearchIndexer.exe[3584] C:\WINDOWS\system32\USER32.dll!ExitWindowsEx 00007ffa03854520 6 bytes {JMP QWORD [RIP+0xa1bb10]} .text C:\WINDOWS\system32\SearchIndexer.exe[3584] C:\WINDOWS\system32\USER32.dll!SendDlgItemMessageW 00007ffa03856480 6 bytes {JMP QWORD [RIP+0x839bb0]} .text C:\WINDOWS\system32\SearchIndexer.exe[3584] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageA 00007ffa0385c620 6 bytes {JMP QWORD [RIP+0x7d3a10]} .text C:\WINDOWS\system32\SearchIndexer.exe[3584] C:\WINDOWS\system32\USER32.dll!GetClipboardData 00007ffa0385efb0 6 bytes {JMP QWORD [RIP+0x971080]} .text C:\WINDOWS\system32\SearchIndexer.exe[3584] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutA 00007ffa0385f600 6 bytes {JMP QWORD [RIP+0x750a30]} .text C:\WINDOWS\system32\SearchIndexer.exe[3584] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 00007ffa03880f60 6 bytes {JMP QWORD [RIP+0x3cf0d0]} .text C:\WINDOWS\system32\SearchIndexer.exe[3584] C:\WINDOWS\system32\USER32.dll!keybd_event 00007ffa038a9620 6 bytes {JMP QWORD [RIP+0x366a10]} .text C:\WINDOWS\system32\SearchIndexer.exe[3584] C:\WINDOWS\system32\USER32.dll!SendDlgItemMessageA 00007ffa038b0f30 6 bytes {JMP QWORD [RIP+0x7bf100]} .text C:\WINDOWS\system32\SearchIndexer.exe[3584] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackA 00007ffa038b18f0 6 bytes {JMP QWORD [RIP+0x73e740]} .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3692] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW + 198 00007ffa00fe8e46 3 bytes [C4, 71, 11] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3692] C:\WINDOWS\system32\KERNELBASE.dll!SetProcessShutdownParameters 00007ffa00ff8ca0 5 bytes [FF, 25, 90, 73, 15] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3692] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW 00007ffa00ffef70 5 bytes JMP 00007ffb00fd00d8 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3692] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileWithProgressTransactedW + 1 00007ffa01039351 5 bytes {JMP QWORD [RIP+0x136ce0]} .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3692] C:\WINDOWS\system32\KERNELBASE.dll!CopyFileExW 00007ffa0103a520 6 bytes {JMP QWORD [RIP+0x175b10]} .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3692] C:\WINDOWS\system32\KERNELBASE.dll!CopyFile2 00007ffa0105bfb0 6 bytes {JMP QWORD [RIP+0x134080]} .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3692] C:\WINDOWS\system32\USER32.dll!MoveWindow 00007ffa038211d0 6 bytes {JMP QWORD [RIP+0x94ee60]} .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3692] C:\WINDOWS\system32\USER32.dll!SetParent 00007ffa03821220 6 bytes {JMP QWORD [RIP+0x92ee10]} .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3692] C:\WINDOWS\system32\USER32.dll!GetKeyboardState 00007ffa03821230 6 bytes {JMP QWORD [RIP+0x8aee00]} .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3692] C:\WINDOWS\system32\USER32.dll!SendInput 00007ffa03821240 6 bytes {JMP QWORD [RIP+0x88edf0]} .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3692] C:\WINDOWS\system32\USER32.dll!SetClipboardViewer 00007ffa038214e0 6 bytes {JMP QWORD [RIP+0x96eb50]} .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3692] C:\WINDOWS\system32\USER32.dll!BlockInput 00007ffa03821530 6 bytes {JMP QWORD [RIP+0x98eb00]} .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3692] C:\WINDOWS\system32\USER32.dll!RegisterHotKey 00007ffa03821c90 6 bytes {JMP QWORD [RIP+0x9ce3a0]} .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3692] C:\WINDOWS\system32\USER32.dll!RegisterRawInputDevices 00007ffa03821cb0 6 bytes {JMP QWORD [RIP+0x90e380]} .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3692] C:\WINDOWS\system32\USER32.dll!PostMessageW 00007ffa038233f0 6 bytes {JMP QWORD [RIP+0x6ecc40]} .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3692] C:\WINDOWS\system32\USER32.dll!PostThreadMessageW 00007ffa038235a0 6 bytes {JMP QWORD [RIP+0x72ca90]} .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3692] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutW + 1 00007ffa03824311 5 bytes {JMP QWORD [RIP+0x7abd20]} .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3692] C:\WINDOWS\system32\USER32.dll!SystemParametersInfoW 00007ffa038254e0 6 bytes {JMP QWORD [RIP+0xa0ab50]} .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3692] C:\WINDOWS\system32\USER32.dll!SendMessageW 00007ffa03825720 6 bytes {JMP QWORD [RIP+0x76a910]} .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3692] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackW 00007ffa038262b0 6 bytes {JMP QWORD [RIP+0x7e9d80]} .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3692] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 00007ffa03826390 6 bytes {JMP QWORD [RIP+0x449ca0]} .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3692] C:\WINDOWS\system32\USER32.dll!SetWindowLongW 00007ffa038293d0 6 bytes {JMP QWORD [RIP+0x6a6c60]} .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3692] C:\WINDOWS\system32\USER32.dll!mouse_event 00007ffa03829f00 6 bytes {JMP QWORD [RIP+0x406130]} .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3692] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW 00007ffa0382b7f0 3 bytes [FF, 25, 40] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3692] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW + 4 00007ffa0382b7f4 2 bytes [82, 00] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3692] C:\WINDOWS\system32\USER32.dll!GetKeyState + 1 00007ffa0382fd81 5 bytes {JMP QWORD [RIP+0x8c02b0]} .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3692] C:\WINDOWS\system32\USER32.dll!SystemParametersInfoA 00007ffa03833740 6 bytes {JMP QWORD [RIP+0x9dc8f0]} .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3692] C:\WINDOWS\system32\USER32.dll!SetWindowLongA 00007ffa03833c60 5 bytes [FF, 25, D0, C3, 47] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3692] C:\WINDOWS\system32\USER32.dll!EnableWindow 00007ffa03834610 6 bytes {JMP QWORD [RIP+0xa1ba20]} .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3692] C:\WINDOWS\system32\USER32.dll!GetAsyncKeyState 00007ffa03834b80 6 bytes {JMP QWORD [RIP+0x8db4b0]} .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3692] C:\WINDOWS\system32\USER32.dll!SetWinEventHook + 1 00007ffa03837101 5 bytes {JMP QWORD [RIP+0x458f30]} .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3692] C:\WINDOWS\system32\USER32.dll!PostThreadMessageA 00007ffa038455b0 6 bytes {JMP QWORD [RIP+0x6eaa80]} .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3692] C:\WINDOWS\system32\USER32.dll!PostMessageA 00007ffa03845920 6 bytes {JMP QWORD [RIP+0x6aa710]} .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3692] C:\WINDOWS\system32\USER32.dll!SendMessageA 00007ffa03846190 6 bytes {JMP QWORD [RIP+0x729ea0]} .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3692] C:\WINDOWS\system32\USER32.dll!ExitWindowsEx 00007ffa03854520 6 bytes {JMP QWORD [RIP+0xa1bb10]} .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3692] C:\WINDOWS\system32\USER32.dll!SendDlgItemMessageW 00007ffa03856480 6 bytes {JMP QWORD [RIP+0x839bb0]} .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3692] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageA 00007ffa0385c620 6 bytes {JMP QWORD [RIP+0x7d3a10]} .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3692] C:\WINDOWS\system32\USER32.dll!GetClipboardData 00007ffa0385efb0 6 bytes {JMP QWORD [RIP+0x971080]} .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3692] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutA 00007ffa0385f600 6 bytes {JMP QWORD [RIP+0x750a30]} .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3692] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 00007ffa03880f60 6 bytes {JMP QWORD [RIP+0x3cf0d0]} .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3692] C:\WINDOWS\system32\USER32.dll!keybd_event 00007ffa038a9620 6 bytes {JMP QWORD [RIP+0x366a10]} .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3692] C:\WINDOWS\system32\USER32.dll!SendDlgItemMessageA 00007ffa038b0f30 6 bytes {JMP QWORD [RIP+0x7bf100]} .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3692] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackA 00007ffa038b18f0 6 bytes {JMP QWORD [RIP+0x73e740]} .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3692] C:\WINDOWS\system32\GDI32.dll!BitBlt 00007ffa01343d80 6 bytes {JMP QWORD [RIP+0x20c2b0]} .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3692] C:\WINDOWS\system32\GDI32.dll!CreateDCW 00007ffa01354a00 6 bytes {JMP QWORD [RIP+0x18b630]} .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3692] C:\WINDOWS\system32\GDI32.dll!CreateDCA 00007ffa01354b70 6 bytes {JMP QWORD [RIP+0x16b4c0]} .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3692] C:\WINDOWS\system32\GDI32.dll!MaskBlt 00007ffa01357d30 6 bytes {JMP QWORD [RIP+0x218300]} .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3692] C:\WINDOWS\system32\GDI32.dll!StretchBlt 00007ffa01362e30 6 bytes {JMP QWORD [RIP+0x24d200]} .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3692] C:\WINDOWS\system32\GDI32.dll!GetPixel 00007ffa01362f40 6 bytes {JMP QWORD [RIP+0x19d0f0]} .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3692] C:\WINDOWS\system32\GDI32.dll!PlgBlt 00007ffa013c3f30 6 bytes {JMP QWORD [RIP+0x1cc100]} .text C:\WINDOWS\system32\svchost.exe[3900] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW + 198 00007ffa00fe8e46 3 bytes [C4, 71, 11] .text C:\WINDOWS\system32\svchost.exe[3900] C:\WINDOWS\system32\KERNELBASE.dll!SetProcessShutdownParameters 00007ffa00ff8ca0 5 bytes [FF, 25, 90, 73, 15] .text C:\WINDOWS\system32\svchost.exe[3900] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW 00007ffa00ffef70 5 bytes JMP 00007ffb00fd00d8 .text C:\WINDOWS\system32\svchost.exe[3900] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileWithProgressTransactedW + 1 00007ffa01039351 5 bytes {JMP QWORD [RIP+0x136ce0]} .text C:\WINDOWS\system32\svchost.exe[3900] C:\WINDOWS\system32\KERNELBASE.dll!CopyFileExW 00007ffa0103a520 6 bytes {JMP QWORD [RIP+0x175b10]} .text C:\WINDOWS\system32\svchost.exe[3900] C:\WINDOWS\system32\KERNELBASE.dll!CopyFile2 00007ffa0105bfb0 6 bytes {JMP QWORD [RIP+0x134080]} .text C:\WINDOWS\system32\svchost.exe[3900] C:\WINDOWS\system32\USER32.dll!MoveWindow 00007ffa038211d0 6 bytes {JMP QWORD [RIP+0x94ee60]} .text C:\WINDOWS\system32\svchost.exe[3900] C:\WINDOWS\system32\USER32.dll!SetParent 00007ffa03821220 6 bytes {JMP QWORD [RIP+0x92ee10]} .text C:\WINDOWS\system32\svchost.exe[3900] C:\WINDOWS\system32\USER32.dll!GetKeyboardState 00007ffa03821230 6 bytes {JMP QWORD [RIP+0x8aee00]} .text C:\WINDOWS\system32\svchost.exe[3900] C:\WINDOWS\system32\USER32.dll!SendInput 00007ffa03821240 6 bytes {JMP QWORD [RIP+0x88edf0]} .text C:\WINDOWS\system32\svchost.exe[3900] C:\WINDOWS\system32\USER32.dll!SetClipboardViewer 00007ffa038214e0 6 bytes {JMP QWORD [RIP+0x96eb50]} .text C:\WINDOWS\system32\svchost.exe[3900] C:\WINDOWS\system32\USER32.dll!BlockInput 00007ffa03821530 6 bytes {JMP QWORD [RIP+0x98eb00]} .text C:\WINDOWS\system32\svchost.exe[3900] C:\WINDOWS\system32\USER32.dll!RegisterHotKey 00007ffa03821c90 6 bytes {JMP QWORD [RIP+0x9ce3a0]} .text C:\WINDOWS\system32\svchost.exe[3900] C:\WINDOWS\system32\USER32.dll!RegisterRawInputDevices 00007ffa03821cb0 6 bytes {JMP QWORD [RIP+0x90e380]} .text C:\WINDOWS\system32\svchost.exe[3900] C:\WINDOWS\system32\USER32.dll!PostMessageW 00007ffa038233f0 6 bytes {JMP QWORD [RIP+0x6ecc40]} .text C:\WINDOWS\system32\svchost.exe[3900] C:\WINDOWS\system32\USER32.dll!PostThreadMessageW 00007ffa038235a0 6 bytes {JMP QWORD [RIP+0x72ca90]} .text C:\WINDOWS\system32\svchost.exe[3900] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutW + 1 00007ffa03824311 5 bytes {JMP QWORD [RIP+0x7abd20]} .text C:\WINDOWS\system32\svchost.exe[3900] C:\WINDOWS\system32\USER32.dll!SystemParametersInfoW 00007ffa038254e0 6 bytes {JMP QWORD [RIP+0xa0ab50]} .text C:\WINDOWS\system32\svchost.exe[3900] C:\WINDOWS\system32\USER32.dll!SendMessageW 00007ffa03825720 6 bytes {JMP QWORD [RIP+0x76a910]} .text C:\WINDOWS\system32\svchost.exe[3900] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackW 00007ffa038262b0 6 bytes {JMP QWORD [RIP+0x7e9d80]} .text C:\WINDOWS\system32\svchost.exe[3900] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 00007ffa03826390 6 bytes {JMP QWORD [RIP+0x449ca0]} .text C:\WINDOWS\system32\svchost.exe[3900] C:\WINDOWS\system32\USER32.dll!SetWindowLongW 00007ffa038293d0 6 bytes {JMP QWORD [RIP+0x6a6c60]} .text C:\WINDOWS\system32\svchost.exe[3900] C:\WINDOWS\system32\USER32.dll!mouse_event 00007ffa03829f00 6 bytes {JMP QWORD [RIP+0x406130]} .text C:\WINDOWS\system32\svchost.exe[3900] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW 00007ffa0382b7f0 3 bytes [FF, 25, 40] .text C:\WINDOWS\system32\svchost.exe[3900] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW + 4 00007ffa0382b7f4 2 bytes [82, 00] .text C:\WINDOWS\system32\svchost.exe[3900] C:\WINDOWS\system32\USER32.dll!GetKeyState + 1 00007ffa0382fd81 5 bytes {JMP QWORD [RIP+0x8c02b0]} .text C:\WINDOWS\system32\svchost.exe[3900] C:\WINDOWS\system32\USER32.dll!SystemParametersInfoA 00007ffa03833740 6 bytes {JMP QWORD [RIP+0x9dc8f0]} .text C:\WINDOWS\system32\svchost.exe[3900] C:\WINDOWS\system32\USER32.dll!SetWindowLongA 00007ffa03833c60 5 bytes [FF, 25, D0, C3, 47] .text C:\WINDOWS\system32\svchost.exe[3900] C:\WINDOWS\system32\USER32.dll!EnableWindow 00007ffa03834610 6 bytes {JMP QWORD [RIP+0xa1ba20]} .text C:\WINDOWS\system32\svchost.exe[3900] C:\WINDOWS\system32\USER32.dll!GetAsyncKeyState 00007ffa03834b80 6 bytes {JMP QWORD [RIP+0x8db4b0]} .text C:\WINDOWS\system32\svchost.exe[3900] C:\WINDOWS\system32\USER32.dll!SetWinEventHook + 1 00007ffa03837101 5 bytes {JMP QWORD [RIP+0x458f30]} .text C:\WINDOWS\system32\svchost.exe[3900] C:\WINDOWS\system32\USER32.dll!PostThreadMessageA 00007ffa038455b0 6 bytes {JMP QWORD [RIP+0x6eaa80]} .text C:\WINDOWS\system32\svchost.exe[3900] C:\WINDOWS\system32\USER32.dll!PostMessageA 00007ffa03845920 6 bytes {JMP QWORD [RIP+0x6aa710]} .text C:\WINDOWS\system32\svchost.exe[3900] C:\WINDOWS\system32\USER32.dll!SendMessageA 00007ffa03846190 6 bytes {JMP QWORD [RIP+0x729ea0]} .text C:\WINDOWS\system32\svchost.exe[3900] C:\WINDOWS\system32\USER32.dll!ExitWindowsEx 00007ffa03854520 6 bytes {JMP QWORD [RIP+0xa1bb10]} .text C:\WINDOWS\system32\svchost.exe[3900] C:\WINDOWS\system32\USER32.dll!SendDlgItemMessageW 00007ffa03856480 6 bytes {JMP QWORD [RIP+0x839bb0]} .text C:\WINDOWS\system32\svchost.exe[3900] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageA 00007ffa0385c620 6 bytes {JMP QWORD [RIP+0x7d3a10]} .text C:\WINDOWS\system32\svchost.exe[3900] C:\WINDOWS\system32\USER32.dll!GetClipboardData 00007ffa0385efb0 6 bytes {JMP QWORD [RIP+0x971080]} .text C:\WINDOWS\system32\svchost.exe[3900] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutA 00007ffa0385f600 6 bytes {JMP QWORD [RIP+0x750a30]} .text C:\WINDOWS\system32\svchost.exe[3900] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 00007ffa03880f60 6 bytes {JMP QWORD [RIP+0x3cf0d0]} .text C:\WINDOWS\system32\svchost.exe[3900] C:\WINDOWS\system32\USER32.dll!keybd_event 00007ffa038a9620 6 bytes {JMP QWORD [RIP+0x366a10]} .text C:\WINDOWS\system32\svchost.exe[3900] C:\WINDOWS\system32\USER32.dll!SendDlgItemMessageA 00007ffa038b0f30 6 bytes {JMP QWORD [RIP+0x7bf100]} .text C:\WINDOWS\system32\svchost.exe[3900] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackA 00007ffa038b18f0 6 bytes {JMP QWORD [RIP+0x73e740]} .text C:\Windows\System32\WUDFHost.exe[3120] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW + 198 00007ffa00fe8e46 3 bytes [C4, 71, 11] .text C:\Windows\System32\WUDFHost.exe[3120] C:\WINDOWS\system32\KERNELBASE.dll!SetProcessShutdownParameters 00007ffa00ff8ca0 5 bytes [FF, 25, 90, 73, 15] .text C:\Windows\System32\WUDFHost.exe[3120] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW 00007ffa00ffef70 5 bytes JMP 00007ffb00fd00d8 .text C:\Windows\System32\WUDFHost.exe[3120] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileWithProgressTransactedW + 1 00007ffa01039351 5 bytes {JMP QWORD [RIP+0x136ce0]} .text C:\Windows\System32\WUDFHost.exe[3120] C:\WINDOWS\system32\KERNELBASE.dll!CopyFileExW 00007ffa0103a520 6 bytes {JMP QWORD [RIP+0x175b10]} .text C:\Windows\System32\WUDFHost.exe[3120] C:\WINDOWS\system32\KERNELBASE.dll!CopyFile2 00007ffa0105bfb0 6 bytes {JMP QWORD [RIP+0x134080]} .text C:\Windows\System32\WUDFHost.exe[3120] C:\WINDOWS\system32\USER32.dll!MoveWindow 00007ffa038211d0 6 bytes {JMP QWORD [RIP+0x94ee60]} .text C:\Windows\System32\WUDFHost.exe[3120] C:\WINDOWS\system32\USER32.dll!SetParent 00007ffa03821220 6 bytes {JMP QWORD [RIP+0x92ee10]} .text C:\Windows\System32\WUDFHost.exe[3120] C:\WINDOWS\system32\USER32.dll!GetKeyboardState 00007ffa03821230 6 bytes {JMP QWORD [RIP+0x8aee00]} .text C:\Windows\System32\WUDFHost.exe[3120] C:\WINDOWS\system32\USER32.dll!SendInput 00007ffa03821240 6 bytes {JMP QWORD [RIP+0x88edf0]} .text C:\Windows\System32\WUDFHost.exe[3120] C:\WINDOWS\system32\USER32.dll!SetClipboardViewer 00007ffa038214e0 6 bytes {JMP QWORD [RIP+0x96eb50]} .text C:\Windows\System32\WUDFHost.exe[3120] C:\WINDOWS\system32\USER32.dll!BlockInput 00007ffa03821530 6 bytes {JMP QWORD [RIP+0x98eb00]} .text C:\Windows\System32\WUDFHost.exe[3120] C:\WINDOWS\system32\USER32.dll!RegisterHotKey 00007ffa03821c90 6 bytes {JMP QWORD [RIP+0x9ce3a0]} .text C:\Windows\System32\WUDFHost.exe[3120] C:\WINDOWS\system32\USER32.dll!RegisterRawInputDevices 00007ffa03821cb0 6 bytes {JMP QWORD [RIP+0x90e380]} .text C:\Windows\System32\WUDFHost.exe[3120] C:\WINDOWS\system32\USER32.dll!PostMessageW 00007ffa038233f0 6 bytes {JMP QWORD [RIP+0x6ecc40]} .text C:\Windows\System32\WUDFHost.exe[3120] C:\WINDOWS\system32\USER32.dll!PostThreadMessageW 00007ffa038235a0 6 bytes {JMP QWORD [RIP+0x72ca90]} .text C:\Windows\System32\WUDFHost.exe[3120] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutW + 1 00007ffa03824311 5 bytes {JMP QWORD [RIP+0x7abd20]} .text C:\Windows\System32\WUDFHost.exe[3120] C:\WINDOWS\system32\USER32.dll!SystemParametersInfoW 00007ffa038254e0 6 bytes {JMP QWORD [RIP+0xa0ab50]} .text C:\Windows\System32\WUDFHost.exe[3120] C:\WINDOWS\system32\USER32.dll!SendMessageW 00007ffa03825720 6 bytes {JMP QWORD [RIP+0x76a910]} .text C:\Windows\System32\WUDFHost.exe[3120] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackW 00007ffa038262b0 6 bytes {JMP QWORD [RIP+0x7e9d80]} .text C:\Windows\System32\WUDFHost.exe[3120] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 00007ffa03826390 6 bytes {JMP QWORD [RIP+0x449ca0]} .text C:\Windows\System32\WUDFHost.exe[3120] C:\WINDOWS\system32\USER32.dll!SetWindowLongW 00007ffa038293d0 6 bytes {JMP QWORD [RIP+0x6a6c60]} .text C:\Windows\System32\WUDFHost.exe[3120] C:\WINDOWS\system32\USER32.dll!mouse_event 00007ffa03829f00 6 bytes {JMP QWORD [RIP+0x406130]} .text C:\Windows\System32\WUDFHost.exe[3120] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW 00007ffa0382b7f0 3 bytes [FF, 25, 40] .text C:\Windows\System32\WUDFHost.exe[3120] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW + 4 00007ffa0382b7f4 2 bytes [82, 00] .text C:\Windows\System32\WUDFHost.exe[3120] C:\WINDOWS\system32\USER32.dll!GetKeyState + 1 00007ffa0382fd81 5 bytes {JMP QWORD [RIP+0x8c02b0]} .text C:\Windows\System32\WUDFHost.exe[3120] C:\WINDOWS\system32\USER32.dll!SystemParametersInfoA 00007ffa03833740 6 bytes {JMP QWORD [RIP+0x9dc8f0]} .text C:\Windows\System32\WUDFHost.exe[3120] C:\WINDOWS\system32\USER32.dll!SetWindowLongA 00007ffa03833c60 5 bytes [FF, 25, D0, C3, 47] .text C:\Windows\System32\WUDFHost.exe[3120] C:\WINDOWS\system32\USER32.dll!EnableWindow 00007ffa03834610 6 bytes {JMP QWORD [RIP+0xa1ba20]} .text C:\Windows\System32\WUDFHost.exe[3120] C:\WINDOWS\system32\USER32.dll!GetAsyncKeyState 00007ffa03834b80 6 bytes {JMP QWORD [RIP+0x8db4b0]} .text C:\Windows\System32\WUDFHost.exe[3120] C:\WINDOWS\system32\USER32.dll!SetWinEventHook + 1 00007ffa03837101 5 bytes {JMP QWORD [RIP+0x458f30]} .text C:\Windows\System32\WUDFHost.exe[3120] C:\WINDOWS\system32\USER32.dll!PostThreadMessageA 00007ffa038455b0 6 bytes {JMP QWORD [RIP+0x6eaa80]} .text C:\Windows\System32\WUDFHost.exe[3120] C:\WINDOWS\system32\USER32.dll!PostMessageA 00007ffa03845920 6 bytes {JMP QWORD [RIP+0x6aa710]} .text C:\Windows\System32\WUDFHost.exe[3120] C:\WINDOWS\system32\USER32.dll!SendMessageA 00007ffa03846190 6 bytes {JMP QWORD [RIP+0x729ea0]} .text C:\Windows\System32\WUDFHost.exe[3120] C:\WINDOWS\system32\USER32.dll!ExitWindowsEx 00007ffa03854520 6 bytes {JMP QWORD [RIP+0xa1bb10]} .text C:\Windows\System32\WUDFHost.exe[3120] C:\WINDOWS\system32\USER32.dll!SendDlgItemMessageW 00007ffa03856480 6 bytes {JMP QWORD [RIP+0x839bb0]} .text C:\Windows\System32\WUDFHost.exe[3120] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageA 00007ffa0385c620 6 bytes {JMP QWORD [RIP+0x7d3a10]} .text C:\Windows\System32\WUDFHost.exe[3120] C:\WINDOWS\system32\USER32.dll!GetClipboardData 00007ffa0385efb0 6 bytes {JMP QWORD [RIP+0x971080]} .text C:\Windows\System32\WUDFHost.exe[3120] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutA 00007ffa0385f600 6 bytes {JMP QWORD [RIP+0x750a30]} .text C:\Windows\System32\WUDFHost.exe[3120] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 00007ffa03880f60 6 bytes {JMP QWORD [RIP+0x3cf0d0]} .text C:\Windows\System32\WUDFHost.exe[3120] C:\WINDOWS\system32\USER32.dll!keybd_event 00007ffa038a9620 6 bytes {JMP QWORD [RIP+0x366a10]} .text C:\Windows\System32\WUDFHost.exe[3120] C:\WINDOWS\system32\USER32.dll!SendDlgItemMessageA 00007ffa038b0f30 6 bytes {JMP QWORD [RIP+0x7bf100]} .text C:\Windows\System32\WUDFHost.exe[3120] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackA 00007ffa038b18f0 6 bytes {JMP QWORD [RIP+0x73e740]} .text C:\WINDOWS\System32\dwm.exe[5944] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW + 198 00007ffa00fe8e46 3 bytes [C4, 71, 11] .text C:\WINDOWS\System32\dwm.exe[5944] C:\WINDOWS\system32\KERNELBASE.dll!SetProcessShutdownParameters 00007ffa00ff8ca0 5 bytes [FF, 25, 90, 73, 15] .text C:\WINDOWS\System32\dwm.exe[5944] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW 00007ffa00ffef70 5 bytes JMP 00007ffb00fd00d8 .text C:\WINDOWS\System32\dwm.exe[5944] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileWithProgressTransactedW + 1 00007ffa01039351 5 bytes {JMP QWORD [RIP+0x136ce0]} .text C:\WINDOWS\System32\dwm.exe[5944] C:\WINDOWS\system32\KERNELBASE.dll!CopyFileExW 00007ffa0103a520 6 bytes {JMP QWORD [RIP+0x175b10]} .text C:\WINDOWS\System32\dwm.exe[5944] C:\WINDOWS\system32\KERNELBASE.dll!CopyFile2 00007ffa0105bfb0 6 bytes {JMP QWORD [RIP+0x134080]} .text C:\WINDOWS\System32\dwm.exe[5944] C:\WINDOWS\system32\USER32.dll!MoveWindow 00007ffa038211d0 6 bytes {JMP QWORD [RIP+0x94ee60]} .text C:\WINDOWS\System32\dwm.exe[5944] C:\WINDOWS\system32\USER32.dll!SetParent 00007ffa03821220 6 bytes {JMP QWORD [RIP+0x92ee10]} .text C:\WINDOWS\System32\dwm.exe[5944] C:\WINDOWS\system32\USER32.dll!GetKeyboardState 00007ffa03821230 6 bytes {JMP QWORD [RIP+0x8aee00]} .text C:\WINDOWS\System32\dwm.exe[5944] C:\WINDOWS\system32\USER32.dll!SendInput 00007ffa03821240 6 bytes {JMP QWORD [RIP+0x88edf0]} .text C:\WINDOWS\System32\dwm.exe[5944] C:\WINDOWS\system32\USER32.dll!SetClipboardViewer 00007ffa038214e0 6 bytes {JMP QWORD [RIP+0x96eb50]} .text C:\WINDOWS\System32\dwm.exe[5944] C:\WINDOWS\system32\USER32.dll!BlockInput 00007ffa03821530 6 bytes {JMP QWORD [RIP+0x98eb00]} .text C:\WINDOWS\System32\dwm.exe[5944] C:\WINDOWS\system32\USER32.dll!RegisterHotKey 00007ffa03821c90 6 bytes {JMP QWORD [RIP+0x9ce3a0]} .text C:\WINDOWS\System32\dwm.exe[5944] C:\WINDOWS\system32\USER32.dll!RegisterRawInputDevices 00007ffa03821cb0 6 bytes {JMP QWORD [RIP+0x90e380]} .text C:\WINDOWS\System32\dwm.exe[5944] C:\WINDOWS\system32\USER32.dll!PostMessageW 00007ffa038233f0 6 bytes {JMP QWORD [RIP+0x6ecc40]} .text C:\WINDOWS\System32\dwm.exe[5944] C:\WINDOWS\system32\USER32.dll!PostThreadMessageW 00007ffa038235a0 6 bytes {JMP QWORD [RIP+0x72ca90]} .text C:\WINDOWS\System32\dwm.exe[5944] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutW + 1 00007ffa03824311 5 bytes {JMP QWORD [RIP+0x7abd20]} .text C:\WINDOWS\System32\dwm.exe[5944] C:\WINDOWS\system32\USER32.dll!SystemParametersInfoW 00007ffa038254e0 6 bytes {JMP QWORD [RIP+0xa0ab50]} .text C:\WINDOWS\System32\dwm.exe[5944] C:\WINDOWS\system32\USER32.dll!SendMessageW 00007ffa03825720 6 bytes {JMP QWORD [RIP+0x76a910]} .text C:\WINDOWS\System32\dwm.exe[5944] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackW 00007ffa038262b0 6 bytes {JMP QWORD [RIP+0x7e9d80]} .text C:\WINDOWS\System32\dwm.exe[5944] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 00007ffa03826390 6 bytes {JMP QWORD [RIP+0x449ca0]} .text C:\WINDOWS\System32\dwm.exe[5944] C:\WINDOWS\system32\USER32.dll!SetWindowLongW 00007ffa038293d0 6 bytes {JMP QWORD [RIP+0x6a6c60]} .text C:\WINDOWS\System32\dwm.exe[5944] C:\WINDOWS\system32\USER32.dll!mouse_event 00007ffa03829f00 6 bytes {JMP QWORD [RIP+0x406130]} .text C:\WINDOWS\System32\dwm.exe[5944] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW 00007ffa0382b7f0 3 bytes [FF, 25, 40] .text C:\WINDOWS\System32\dwm.exe[5944] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW + 4 00007ffa0382b7f4 2 bytes [82, 00] .text C:\WINDOWS\System32\dwm.exe[5944] C:\WINDOWS\system32\USER32.dll!GetKeyState + 1 00007ffa0382fd81 5 bytes {JMP QWORD [RIP+0x8c02b0]} .text C:\WINDOWS\System32\dwm.exe[5944] C:\WINDOWS\system32\USER32.dll!SystemParametersInfoA 00007ffa03833740 6 bytes {JMP QWORD [RIP+0x9dc8f0]} .text C:\WINDOWS\System32\dwm.exe[5944] C:\WINDOWS\system32\USER32.dll!SetWindowLongA 00007ffa03833c60 5 bytes [FF, 25, D0, C3, 47] .text C:\WINDOWS\System32\dwm.exe[5944] C:\WINDOWS\system32\USER32.dll!EnableWindow 00007ffa03834610 6 bytes {JMP QWORD [RIP+0xa1ba20]} .text C:\WINDOWS\System32\dwm.exe[5944] C:\WINDOWS\system32\USER32.dll!GetAsyncKeyState 00007ffa03834b80 6 bytes {JMP QWORD [RIP+0x8db4b0]} .text C:\WINDOWS\System32\dwm.exe[5944] C:\WINDOWS\system32\USER32.dll!SetWinEventHook + 1 00007ffa03837101 5 bytes {JMP QWORD [RIP+0x458f30]} .text C:\WINDOWS\System32\dwm.exe[5944] C:\WINDOWS\system32\USER32.dll!PostThreadMessageA 00007ffa038455b0 6 bytes {JMP QWORD [RIP+0x6eaa80]} .text C:\WINDOWS\System32\dwm.exe[5944] C:\WINDOWS\system32\USER32.dll!PostMessageA 00007ffa03845920 6 bytes {JMP QWORD [RIP+0x6aa710]} .text C:\WINDOWS\System32\dwm.exe[5944] C:\WINDOWS\system32\USER32.dll!SendMessageA 00007ffa03846190 6 bytes {JMP QWORD [RIP+0x729ea0]} .text C:\WINDOWS\System32\dwm.exe[5944] C:\WINDOWS\system32\USER32.dll!ExitWindowsEx 00007ffa03854520 6 bytes {JMP QWORD [RIP+0xa1bb10]} .text C:\WINDOWS\System32\dwm.exe[5944] C:\WINDOWS\system32\USER32.dll!SendDlgItemMessageW 00007ffa03856480 6 bytes {JMP QWORD [RIP+0x839bb0]} .text C:\WINDOWS\System32\dwm.exe[5944] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageA 00007ffa0385c620 6 bytes {JMP QWORD [RIP+0x7d3a10]} .text C:\WINDOWS\System32\dwm.exe[5944] C:\WINDOWS\system32\USER32.dll!GetClipboardData 00007ffa0385efb0 6 bytes {JMP QWORD [RIP+0x971080]} .text C:\WINDOWS\System32\dwm.exe[5944] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutA 00007ffa0385f600 6 bytes {JMP QWORD [RIP+0x750a30]} .text C:\WINDOWS\System32\dwm.exe[5944] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 00007ffa03880f60 6 bytes {JMP QWORD [RIP+0x3cf0d0]} .text C:\WINDOWS\System32\dwm.exe[5944] C:\WINDOWS\system32\USER32.dll!keybd_event 00007ffa038a9620 6 bytes {JMP QWORD [RIP+0x366a10]} .text C:\WINDOWS\System32\dwm.exe[5944] C:\WINDOWS\system32\USER32.dll!SendDlgItemMessageA 00007ffa038b0f30 6 bytes {JMP QWORD [RIP+0x7bf100]} .text C:\WINDOWS\System32\dwm.exe[5944] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackA 00007ffa038b18f0 6 bytes {JMP QWORD [RIP+0x73e740]} .text C:\WINDOWS\System32\dwm.exe[5944] C:\WINDOWS\system32\GDI32.dll!BitBlt 00007ffa01343d80 6 bytes {JMP QWORD [RIP+0x5ac2b0]} .text C:\WINDOWS\System32\dwm.exe[5944] C:\WINDOWS\system32\GDI32.dll!CreateDCW 00007ffa01354a00 6 bytes {JMP QWORD [RIP+0x32b630]} .text C:\WINDOWS\System32\dwm.exe[5944] C:\WINDOWS\system32\GDI32.dll!CreateDCA 00007ffa01354b70 6 bytes {JMP QWORD [RIP+0x30b4c0]} .text C:\WINDOWS\System32\dwm.exe[5944] C:\WINDOWS\system32\GDI32.dll!MaskBlt 00007ffa01357d30 6 bytes {JMP QWORD [RIP+0x5b8300]} .text C:\WINDOWS\System32\dwm.exe[5944] C:\WINDOWS\system32\GDI32.dll!StretchBlt 00007ffa01362e30 6 bytes {JMP QWORD [RIP+0x5ed200]} .text C:\WINDOWS\System32\dwm.exe[5944] C:\WINDOWS\system32\GDI32.dll!GetPixel 00007ffa01362f40 6 bytes {JMP QWORD [RIP+0x33d0f0]} .text C:\WINDOWS\System32\dwm.exe[5944] C:\WINDOWS\system32\GDI32.dll!PlgBlt 00007ffa013c3f30 6 bytes {JMP QWORD [RIP+0x56c100]} .text C:\WINDOWS\system32\taskhostex.exe[3748] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW + 198 00007ffa00fe8e46 3 bytes [C4, 71, 11] .text C:\WINDOWS\system32\taskhostex.exe[3748] C:\WINDOWS\system32\KERNELBASE.dll!SetProcessShutdownParameters 00007ffa00ff8ca0 5 bytes [FF, 25, 90, 73, 15] .text C:\WINDOWS\system32\taskhostex.exe[3748] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW 00007ffa00ffef70 5 bytes JMP 00007ffb00fd00d8 .text C:\WINDOWS\system32\taskhostex.exe[3748] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileWithProgressTransactedW + 1 00007ffa01039351 5 bytes {JMP QWORD [RIP+0x136ce0]} .text C:\WINDOWS\system32\taskhostex.exe[3748] C:\WINDOWS\system32\KERNELBASE.dll!CopyFileExW 00007ffa0103a520 6 bytes {JMP QWORD [RIP+0x175b10]} .text C:\WINDOWS\system32\taskhostex.exe[3748] C:\WINDOWS\system32\KERNELBASE.dll!CopyFile2 00007ffa0105bfb0 6 bytes {JMP QWORD [RIP+0x134080]} .text C:\WINDOWS\system32\taskhostex.exe[3748] C:\WINDOWS\system32\USER32.dll!MoveWindow 00007ffa038211d0 6 bytes {JMP QWORD [RIP+0x94ee60]} .text C:\WINDOWS\system32\taskhostex.exe[3748] C:\WINDOWS\system32\USER32.dll!SetParent 00007ffa03821220 6 bytes {JMP QWORD [RIP+0x92ee10]} .text C:\WINDOWS\system32\taskhostex.exe[3748] C:\WINDOWS\system32\USER32.dll!GetKeyboardState 00007ffa03821230 6 bytes {JMP QWORD [RIP+0x8aee00]} .text C:\WINDOWS\system32\taskhostex.exe[3748] C:\WINDOWS\system32\USER32.dll!SendInput 00007ffa03821240 6 bytes {JMP QWORD [RIP+0x88edf0]} .text C:\WINDOWS\system32\taskhostex.exe[3748] C:\WINDOWS\system32\USER32.dll!SetClipboardViewer 00007ffa038214e0 6 bytes {JMP QWORD [RIP+0x96eb50]} .text C:\WINDOWS\system32\taskhostex.exe[3748] C:\WINDOWS\system32\USER32.dll!BlockInput 00007ffa03821530 6 bytes {JMP QWORD [RIP+0x98eb00]} .text C:\WINDOWS\system32\taskhostex.exe[3748] C:\WINDOWS\system32\USER32.dll!RegisterHotKey 00007ffa03821c90 6 bytes {JMP QWORD [RIP+0x9ce3a0]} .text C:\WINDOWS\system32\taskhostex.exe[3748] C:\WINDOWS\system32\USER32.dll!RegisterRawInputDevices 00007ffa03821cb0 6 bytes {JMP QWORD [RIP+0x90e380]} .text C:\WINDOWS\system32\taskhostex.exe[3748] C:\WINDOWS\system32\USER32.dll!PostMessageW 00007ffa038233f0 6 bytes {JMP QWORD [RIP+0x6ecc40]} .text C:\WINDOWS\system32\taskhostex.exe[3748] C:\WINDOWS\system32\USER32.dll!PostThreadMessageW 00007ffa038235a0 6 bytes {JMP QWORD [RIP+0x72ca90]} .text C:\WINDOWS\system32\taskhostex.exe[3748] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutW + 1 00007ffa03824311 5 bytes {JMP QWORD [RIP+0x7abd20]} .text C:\WINDOWS\system32\taskhostex.exe[3748] C:\WINDOWS\system32\USER32.dll!SystemParametersInfoW 00007ffa038254e0 6 bytes {JMP QWORD [RIP+0xa0ab50]} .text C:\WINDOWS\system32\taskhostex.exe[3748] C:\WINDOWS\system32\USER32.dll!SendMessageW 00007ffa03825720 6 bytes {JMP QWORD [RIP+0x76a910]} .text C:\WINDOWS\system32\taskhostex.exe[3748] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackW 00007ffa038262b0 6 bytes {JMP QWORD [RIP+0x7e9d80]} .text C:\WINDOWS\system32\taskhostex.exe[3748] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 00007ffa03826390 6 bytes {JMP QWORD [RIP+0x449ca0]} .text C:\WINDOWS\system32\taskhostex.exe[3748] C:\WINDOWS\system32\USER32.dll!SetWindowLongW 00007ffa038293d0 6 bytes {JMP QWORD [RIP+0x6a6c60]} .text C:\WINDOWS\system32\taskhostex.exe[3748] C:\WINDOWS\system32\USER32.dll!mouse_event 00007ffa03829f00 6 bytes {JMP QWORD [RIP+0x406130]} .text C:\WINDOWS\system32\taskhostex.exe[3748] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW 00007ffa0382b7f0 3 bytes [FF, 25, 40] .text C:\WINDOWS\system32\taskhostex.exe[3748] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW + 4 00007ffa0382b7f4 2 bytes [82, 00] .text C:\WINDOWS\system32\taskhostex.exe[3748] C:\WINDOWS\system32\USER32.dll!GetKeyState + 1 00007ffa0382fd81 5 bytes {JMP QWORD [RIP+0x8c02b0]} .text C:\WINDOWS\system32\taskhostex.exe[3748] C:\WINDOWS\system32\USER32.dll!SystemParametersInfoA 00007ffa03833740 6 bytes {JMP QWORD [RIP+0x9dc8f0]} .text C:\WINDOWS\system32\taskhostex.exe[3748] C:\WINDOWS\system32\USER32.dll!SetWindowLongA 00007ffa03833c60 5 bytes [FF, 25, D0, C3, 47] .text C:\WINDOWS\system32\taskhostex.exe[3748] C:\WINDOWS\system32\USER32.dll!EnableWindow 00007ffa03834610 6 bytes {JMP QWORD [RIP+0xa1ba20]} .text C:\WINDOWS\system32\taskhostex.exe[3748] C:\WINDOWS\system32\USER32.dll!GetAsyncKeyState 00007ffa03834b80 6 bytes {JMP QWORD [RIP+0x8db4b0]} .text C:\WINDOWS\system32\taskhostex.exe[3748] C:\WINDOWS\system32\USER32.dll!SetWinEventHook + 1 00007ffa03837101 5 bytes {JMP QWORD [RIP+0x458f30]} .text C:\WINDOWS\system32\taskhostex.exe[3748] C:\WINDOWS\system32\USER32.dll!PostThreadMessageA 00007ffa038455b0 6 bytes {JMP QWORD [RIP+0x6eaa80]} .text C:\WINDOWS\system32\taskhostex.exe[3748] C:\WINDOWS\system32\USER32.dll!PostMessageA 00007ffa03845920 6 bytes {JMP QWORD [RIP+0x6aa710]} .text C:\WINDOWS\system32\taskhostex.exe[3748] C:\WINDOWS\system32\USER32.dll!SendMessageA 00007ffa03846190 6 bytes {JMP QWORD [RIP+0x729ea0]} .text C:\WINDOWS\system32\taskhostex.exe[3748] C:\WINDOWS\system32\USER32.dll!ExitWindowsEx 00007ffa03854520 6 bytes {JMP QWORD [RIP+0xa1bb10]} .text C:\WINDOWS\system32\taskhostex.exe[3748] C:\WINDOWS\system32\USER32.dll!SendDlgItemMessageW 00007ffa03856480 6 bytes {JMP QWORD [RIP+0x839bb0]} .text C:\WINDOWS\system32\taskhostex.exe[3748] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageA 00007ffa0385c620 6 bytes {JMP QWORD [RIP+0x7d3a10]} .text C:\WINDOWS\system32\taskhostex.exe[3748] C:\WINDOWS\system32\USER32.dll!GetClipboardData 00007ffa0385efb0 6 bytes {JMP QWORD [RIP+0x971080]} .text C:\WINDOWS\system32\taskhostex.exe[3748] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutA 00007ffa0385f600 6 bytes {JMP QWORD [RIP+0x750a30]} .text C:\WINDOWS\system32\taskhostex.exe[3748] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 00007ffa03880f60 6 bytes {JMP QWORD [RIP+0x3cf0d0]} .text C:\WINDOWS\system32\taskhostex.exe[3748] C:\WINDOWS\system32\USER32.dll!keybd_event 00007ffa038a9620 6 bytes {JMP QWORD [RIP+0x366a10]} .text C:\WINDOWS\system32\taskhostex.exe[3748] C:\WINDOWS\system32\USER32.dll!SendDlgItemMessageA 00007ffa038b0f30 6 bytes {JMP QWORD [RIP+0x7bf100]} .text C:\WINDOWS\system32\taskhostex.exe[3748] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackA 00007ffa038b18f0 6 bytes {JMP QWORD [RIP+0x73e740]} .text C:\WINDOWS\Explorer.EXE[1612] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW + 198 00007ffa00fe8e46 3 bytes [C4, 71, 11] .text C:\WINDOWS\Explorer.EXE[1612] C:\WINDOWS\system32\KERNELBASE.dll!SetProcessShutdownParameters 00007ffa00ff8ca0 5 bytes [FF, 25, 90, 73, 15] .text C:\WINDOWS\Explorer.EXE[1612] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW 00007ffa00ffef70 5 bytes JMP 00007ffb00fd00d8 .text C:\WINDOWS\Explorer.EXE[1612] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileWithProgressTransactedW + 1 00007ffa01039351 5 bytes {JMP QWORD [RIP+0x136ce0]} .text C:\WINDOWS\Explorer.EXE[1612] C:\WINDOWS\system32\KERNELBASE.dll!CopyFileExW 00007ffa0103a520 6 bytes {JMP QWORD [RIP+0x175b10]} .text C:\WINDOWS\Explorer.EXE[1612] C:\WINDOWS\system32\KERNELBASE.dll!CopyFile2 00007ffa0105bfb0 6 bytes {JMP QWORD [RIP+0x134080]} .text C:\WINDOWS\Explorer.EXE[1612] C:\WINDOWS\system32\USER32.dll!MoveWindow 00007ffa038211d0 6 bytes {JMP QWORD [RIP+0x94ee60]} .text C:\WINDOWS\Explorer.EXE[1612] C:\WINDOWS\system32\USER32.dll!SetParent 00007ffa03821220 6 bytes {JMP QWORD [RIP+0x92ee10]} .text C:\WINDOWS\Explorer.EXE[1612] C:\WINDOWS\system32\USER32.dll!GetKeyboardState 00007ffa03821230 6 bytes {JMP QWORD [RIP+0x8aee00]} .text C:\WINDOWS\Explorer.EXE[1612] C:\WINDOWS\system32\USER32.dll!SendInput 00007ffa03821240 6 bytes {JMP QWORD [RIP+0x88edf0]} .text C:\WINDOWS\Explorer.EXE[1612] C:\WINDOWS\system32\USER32.dll!SetClipboardViewer 00007ffa038214e0 6 bytes {JMP QWORD [RIP+0x96eb50]} .text C:\WINDOWS\Explorer.EXE[1612] C:\WINDOWS\system32\USER32.dll!BlockInput 00007ffa03821530 6 bytes {JMP QWORD [RIP+0x98eb00]} .text C:\WINDOWS\Explorer.EXE[1612] C:\WINDOWS\system32\USER32.dll!RegisterHotKey 00007ffa03821c90 6 bytes {JMP QWORD [RIP+0x9ce3a0]} .text C:\WINDOWS\Explorer.EXE[1612] C:\WINDOWS\system32\USER32.dll!RegisterRawInputDevices 00007ffa03821cb0 6 bytes {JMP QWORD [RIP+0x90e380]} .text C:\WINDOWS\Explorer.EXE[1612] C:\WINDOWS\system32\USER32.dll!PostMessageW 00007ffa038233f0 6 bytes {JMP QWORD [RIP+0x6ecc40]} .text C:\WINDOWS\Explorer.EXE[1612] C:\WINDOWS\system32\USER32.dll!PostThreadMessageW 00007ffa038235a0 6 bytes {JMP QWORD [RIP+0x72ca90]} .text C:\WINDOWS\Explorer.EXE[1612] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutW + 1 00007ffa03824311 5 bytes {JMP QWORD [RIP+0x7abd20]} .text C:\WINDOWS\Explorer.EXE[1612] C:\WINDOWS\system32\USER32.dll!SystemParametersInfoW 00007ffa038254e0 6 bytes {JMP QWORD [RIP+0xa0ab50]} .text C:\WINDOWS\Explorer.EXE[1612] C:\WINDOWS\system32\USER32.dll!SendMessageW 00007ffa03825720 6 bytes {JMP QWORD [RIP+0x76a910]} .text C:\WINDOWS\Explorer.EXE[1612] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackW 00007ffa038262b0 6 bytes {JMP QWORD [RIP+0x7e9d80]} .text C:\WINDOWS\Explorer.EXE[1612] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 00007ffa03826390 6 bytes {JMP QWORD [RIP+0x449ca0]} .text C:\WINDOWS\Explorer.EXE[1612] C:\WINDOWS\system32\USER32.dll!SetWindowLongW 00007ffa038293d0 6 bytes JMP 6c006f .text C:\WINDOWS\Explorer.EXE[1612] C:\WINDOWS\system32\USER32.dll!mouse_event 00007ffa03829f00 6 bytes {JMP QWORD [RIP+0x406130]} .text C:\WINDOWS\Explorer.EXE[1612] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW 00007ffa0382b7f0 3 bytes [FF, 25, 40] .text C:\WINDOWS\Explorer.EXE[1612] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW + 4 00007ffa0382b7f4 2 bytes [82, 00] .text C:\WINDOWS\Explorer.EXE[1612] C:\WINDOWS\system32\USER32.dll!GetKeyState + 1 00007ffa0382fd81 5 bytes {JMP QWORD [RIP+0x8c02b0]} .text C:\WINDOWS\Explorer.EXE[1612] C:\WINDOWS\system32\USER32.dll!SystemParametersInfoA 00007ffa03833740 6 bytes {JMP QWORD [RIP+0x9dc8f0]} .text C:\WINDOWS\Explorer.EXE[1612] C:\WINDOWS\system32\USER32.dll!SetWindowLongA 00007ffa03833c60 5 bytes [FF, 25, D0, C3, 47] .text C:\WINDOWS\Explorer.EXE[1612] C:\WINDOWS\system32\USER32.dll!EnableWindow 00007ffa03834610 6 bytes {JMP QWORD [RIP+0xa1ba20]} .text C:\WINDOWS\Explorer.EXE[1612] C:\WINDOWS\system32\USER32.dll!GetAsyncKeyState 00007ffa03834b80 6 bytes {JMP QWORD [RIP+0x8db4b0]} .text C:\WINDOWS\Explorer.EXE[1612] C:\WINDOWS\system32\USER32.dll!SetWinEventHook + 1 00007ffa03837101 5 bytes {JMP QWORD [RIP+0x458f30]} .text C:\WINDOWS\Explorer.EXE[1612] C:\WINDOWS\system32\USER32.dll!PostThreadMessageA 00007ffa038455b0 6 bytes {JMP QWORD [RIP+0x6eaa80]} .text C:\WINDOWS\Explorer.EXE[1612] C:\WINDOWS\system32\USER32.dll!PostMessageA 00007ffa03845920 6 bytes {JMP QWORD [RIP+0x6aa710]} .text C:\WINDOWS\Explorer.EXE[1612] C:\WINDOWS\system32\USER32.dll!SendMessageA 00007ffa03846190 6 bytes {JMP QWORD [RIP+0x729ea0]} .text C:\WINDOWS\Explorer.EXE[1612] C:\WINDOWS\system32\USER32.dll!ExitWindowsEx 00007ffa03854520 6 bytes {JMP QWORD [RIP+0xa1bb10]} .text C:\WINDOWS\Explorer.EXE[1612] C:\WINDOWS\system32\USER32.dll!SendDlgItemMessageW 00007ffa03856480 6 bytes {JMP QWORD [RIP+0x839bb0]} .text C:\WINDOWS\Explorer.EXE[1612] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageA 00007ffa0385c620 6 bytes {JMP QWORD [RIP+0x7d3a10]} .text C:\WINDOWS\Explorer.EXE[1612] C:\WINDOWS\system32\USER32.dll!GetClipboardData 00007ffa0385efb0 6 bytes {JMP QWORD [RIP+0x971080]} .text C:\WINDOWS\Explorer.EXE[1612] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutA 00007ffa0385f600 6 bytes {JMP QWORD [RIP+0x750a30]} .text C:\WINDOWS\Explorer.EXE[1612] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 00007ffa03880f60 6 bytes {JMP QWORD [RIP+0x3cf0d0]} .text C:\WINDOWS\Explorer.EXE[1612] C:\WINDOWS\system32\USER32.dll!keybd_event 00007ffa038a9620 6 bytes {JMP QWORD [RIP+0x366a10]} .text C:\WINDOWS\Explorer.EXE[1612] C:\WINDOWS\system32\USER32.dll!SendDlgItemMessageA 00007ffa038b0f30 6 bytes {JMP QWORD [RIP+0x7bf100]} .text C:\WINDOWS\Explorer.EXE[1612] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackA 00007ffa038b18f0 6 bytes {JMP QWORD [RIP+0x73e740]} .text C:\WINDOWS\Explorer.EXE[1612] C:\WINDOWS\system32\GDI32.dll!BitBlt 00007ffa01343d80 6 bytes {JMP QWORD [RIP+0x1b2c2b0]} .text C:\WINDOWS\Explorer.EXE[1612] C:\WINDOWS\system32\GDI32.dll!CreateDCW 00007ffa01354a00 6 bytes {JMP QWORD [RIP+0x32b630]} .text C:\WINDOWS\Explorer.EXE[1612] C:\WINDOWS\system32\GDI32.dll!CreateDCA 00007ffa01354b70 6 bytes {JMP QWORD [RIP+0x30b4c0]} .text C:\WINDOWS\Explorer.EXE[1612] C:\WINDOWS\system32\GDI32.dll!MaskBlt 00007ffa01357d30 6 bytes {JMP QWORD [RIP+0x1b38300]} .text C:\WINDOWS\Explorer.EXE[1612] C:\WINDOWS\system32\GDI32.dll!StretchBlt 00007ffa01362e30 6 bytes {JMP QWORD [RIP+0x1c3d200]} .text C:\WINDOWS\Explorer.EXE[1612] C:\WINDOWS\system32\GDI32.dll!GetPixel 00007ffa01362f40 6 bytes {JMP QWORD [RIP+0x33d0f0]} .text C:\WINDOWS\Explorer.EXE[1612] C:\WINDOWS\system32\GDI32.dll!PlgBlt 00007ffa013c3f30 6 bytes {JMP QWORD [RIP+0x1aec100]} .text C:\Program Files\Elantech\ETDCtrl.exe[5864] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW + 198 00007ffa00fe8e46 3 bytes [C4, 71, 11] .text C:\Program Files\Elantech\ETDCtrl.exe[5864] C:\WINDOWS\system32\KERNELBASE.dll!SetProcessShutdownParameters 00007ffa00ff8ca0 5 bytes [FF, 25, 90, 73, 15] .text C:\Program Files\Elantech\ETDCtrl.exe[5864] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW 00007ffa00ffef70 5 bytes JMP 00007ffb00fd00d8 .text C:\Program Files\Elantech\ETDCtrl.exe[5864] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileWithProgressTransactedW + 1 00007ffa01039351 5 bytes {JMP QWORD [RIP+0x136ce0]} .text C:\Program Files\Elantech\ETDCtrl.exe[5864] C:\WINDOWS\system32\KERNELBASE.dll!CopyFileExW 00007ffa0103a520 6 bytes {JMP QWORD [RIP+0x175b10]} .text C:\Program Files\Elantech\ETDCtrl.exe[5864] C:\WINDOWS\system32\KERNELBASE.dll!CopyFile2 00007ffa0105bfb0 6 bytes {JMP QWORD [RIP+0x134080]} .text C:\Program Files\Elantech\ETDCtrl.exe[5864] C:\WINDOWS\system32\USER32.dll!MoveWindow 00007ffa038211d0 6 bytes {JMP QWORD [RIP+0xa0ee60]} .text C:\Program Files\Elantech\ETDCtrl.exe[5864] C:\WINDOWS\system32\USER32.dll!SetParent 00007ffa03821220 6 bytes {JMP QWORD [RIP+0x9eee10]} .text C:\Program Files\Elantech\ETDCtrl.exe[5864] C:\WINDOWS\system32\USER32.dll!GetKeyboardState 00007ffa03821230 6 bytes {JMP QWORD [RIP+0x96ee00]} .text C:\Program Files\Elantech\ETDCtrl.exe[5864] C:\WINDOWS\system32\USER32.dll!SendInput 00007ffa03821240 6 bytes {JMP QWORD [RIP+0x94edf0]} .text C:\Program Files\Elantech\ETDCtrl.exe[5864] C:\WINDOWS\system32\USER32.dll!SetClipboardViewer 00007ffa038214e0 6 bytes {JMP QWORD [RIP+0xa2eb50]} .text C:\Program Files\Elantech\ETDCtrl.exe[5864] C:\WINDOWS\system32\USER32.dll!BlockInput 00007ffa03821530 6 bytes {JMP QWORD [RIP+0xa4eb00]} .text C:\Program Files\Elantech\ETDCtrl.exe[5864] C:\WINDOWS\system32\USER32.dll!RegisterHotKey 00007ffa03821c90 6 bytes {JMP QWORD [RIP+0xa8e3a0]} .text C:\Program Files\Elantech\ETDCtrl.exe[5864] C:\WINDOWS\system32\USER32.dll!RegisterRawInputDevices 00007ffa03821cb0 6 bytes {JMP QWORD [RIP+0x9ce380]} .text C:\Program Files\Elantech\ETDCtrl.exe[5864] C:\WINDOWS\system32\USER32.dll!PostMessageW 00007ffa038233f0 6 bytes {JMP QWORD [RIP+0x7acc40]} .text C:\Program Files\Elantech\ETDCtrl.exe[5864] C:\WINDOWS\system32\USER32.dll!PostThreadMessageW 00007ffa038235a0 6 bytes {JMP QWORD [RIP+0x7eca90]} .text C:\Program Files\Elantech\ETDCtrl.exe[5864] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutW + 1 00007ffa03824311 5 bytes {JMP QWORD [RIP+0x86bd20]} .text C:\Program Files\Elantech\ETDCtrl.exe[5864] C:\WINDOWS\system32\USER32.dll!SystemParametersInfoW 00007ffa038254e0 6 bytes {JMP QWORD [RIP+0xacab50]} .text C:\Program Files\Elantech\ETDCtrl.exe[5864] C:\WINDOWS\system32\USER32.dll!SendMessageW 00007ffa03825720 6 bytes {JMP QWORD [RIP+0x82a910]} .text C:\Program Files\Elantech\ETDCtrl.exe[5864] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackW 00007ffa038262b0 6 bytes {JMP QWORD [RIP+0x8a9d80]} .text C:\Program Files\Elantech\ETDCtrl.exe[5864] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 00007ffa03826390 6 bytes {JMP QWORD [RIP+0x709ca0]} .text C:\Program Files\Elantech\ETDCtrl.exe[5864] C:\WINDOWS\system32\USER32.dll!SetWindowLongW 00007ffa038293d0 6 bytes {JMP QWORD [RIP+0x766c60]} .text C:\Program Files\Elantech\ETDCtrl.exe[5864] C:\WINDOWS\system32\USER32.dll!mouse_event 00007ffa03829f00 6 bytes {JMP QWORD [RIP+0x6c6130]} .text C:\Program Files\Elantech\ETDCtrl.exe[5864] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW 00007ffa0382b7f0 3 bytes [FF, 25, 40] .text C:\Program Files\Elantech\ETDCtrl.exe[5864] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW + 4 00007ffa0382b7f4 2 bytes [8E, 00] .text C:\Program Files\Elantech\ETDCtrl.exe[5864] C:\WINDOWS\system32\USER32.dll!GetKeyState + 1 00007ffa0382fd81 5 bytes {JMP QWORD [RIP+0x9802b0]} .text C:\Program Files\Elantech\ETDCtrl.exe[5864] C:\WINDOWS\system32\USER32.dll!SystemParametersInfoA 00007ffa03833740 6 bytes {JMP QWORD [RIP+0xa9c8f0]} .text C:\Program Files\Elantech\ETDCtrl.exe[5864] C:\WINDOWS\system32\USER32.dll!SetWindowLongA 00007ffa03833c60 5 bytes [FF, 25, D0, C3, 73] .text C:\Program Files\Elantech\ETDCtrl.exe[5864] C:\WINDOWS\system32\USER32.dll!EnableWindow 00007ffa03834610 6 bytes {JMP QWORD [RIP+0xadba20]} .text C:\Program Files\Elantech\ETDCtrl.exe[5864] C:\WINDOWS\system32\USER32.dll!GetAsyncKeyState 00007ffa03834b80 6 bytes {JMP QWORD [RIP+0x99b4b0]} .text C:\Program Files\Elantech\ETDCtrl.exe[5864] C:\WINDOWS\system32\USER32.dll!SetWinEventHook + 1 00007ffa03837101 5 bytes {JMP QWORD [RIP+0x718f30]} .text C:\Program Files\Elantech\ETDCtrl.exe[5864] C:\WINDOWS\system32\USER32.dll!PostThreadMessageA 00007ffa038455b0 6 bytes {JMP QWORD [RIP+0x7aaa80]} .text C:\Program Files\Elantech\ETDCtrl.exe[5864] C:\WINDOWS\system32\USER32.dll!PostMessageA 00007ffa03845920 6 bytes {JMP QWORD [RIP+0x76a710]} .text C:\Program Files\Elantech\ETDCtrl.exe[5864] C:\WINDOWS\system32\USER32.dll!SendMessageA 00007ffa03846190 6 bytes {JMP QWORD [RIP+0x7e9ea0]} .text C:\Program Files\Elantech\ETDCtrl.exe[5864] C:\WINDOWS\system32\USER32.dll!ExitWindowsEx 00007ffa03854520 6 bytes {JMP QWORD [RIP+0xadbb10]} .text C:\Program Files\Elantech\ETDCtrl.exe[5864] C:\WINDOWS\system32\USER32.dll!SendDlgItemMessageW 00007ffa03856480 6 bytes {JMP QWORD [RIP+0x8f9bb0]} .text C:\Program Files\Elantech\ETDCtrl.exe[5864] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageA 00007ffa0385c620 4 bytes [FF, 25, 10, 3A] .text C:\Program Files\Elantech\ETDCtrl.exe[5864] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageA + 5 00007ffa0385c625 1 byte [00] .text C:\Program Files\Elantech\ETDCtrl.exe[5864] C:\WINDOWS\system32\USER32.dll!GetClipboardData 00007ffa0385efb0 6 bytes {JMP QWORD [RIP+0xa31080]} .text C:\Program Files\Elantech\ETDCtrl.exe[5864] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutA 00007ffa0385f600 6 bytes {JMP QWORD [RIP+0x810a30]} .text C:\Program Files\Elantech\ETDCtrl.exe[5864] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 00007ffa03880f60 6 bytes {JMP QWORD [RIP+0x68f0d0]} .text C:\Program Files\Elantech\ETDCtrl.exe[5864] C:\WINDOWS\system32\USER32.dll!keybd_event 00007ffa038a9620 6 bytes {JMP QWORD [RIP+0x626a10]} .text C:\Program Files\Elantech\ETDCtrl.exe[5864] C:\WINDOWS\system32\USER32.dll!SendDlgItemMessageA 00007ffa038b0f30 6 bytes {JMP QWORD [RIP+0x87f100]} .text C:\Program Files\Elantech\ETDCtrl.exe[5864] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackA 00007ffa038b18f0 6 bytes {JMP QWORD [RIP+0x7fe740]} .text C:\Program Files\Elantech\ETDCtrl.exe[5864] C:\WINDOWS\system32\GDI32.dll!BitBlt 00007ffa01343d80 6 bytes {JMP QWORD [RIP+0x1b2c2b0]} .text C:\Program Files\Elantech\ETDCtrl.exe[5864] C:\WINDOWS\system32\GDI32.dll!CreateDCW 00007ffa01354a00 6 bytes {JMP QWORD [RIP+0x32b630]} .text C:\Program Files\Elantech\ETDCtrl.exe[5864] C:\WINDOWS\system32\GDI32.dll!CreateDCA 00007ffa01354b70 6 bytes {JMP QWORD [RIP+0x30b4c0]} .text C:\Program Files\Elantech\ETDCtrl.exe[5864] C:\WINDOWS\system32\GDI32.dll!MaskBlt 00007ffa01357d30 6 bytes {JMP QWORD [RIP+0x1b38300]} .text C:\Program Files\Elantech\ETDCtrl.exe[5864] C:\WINDOWS\system32\GDI32.dll!StretchBlt 00007ffa01362e30 6 bytes {JMP QWORD [RIP+0x1c3d200]} .text C:\Program Files\Elantech\ETDCtrl.exe[5864] C:\WINDOWS\system32\GDI32.dll!GetPixel 00007ffa01362f40 6 bytes {JMP QWORD [RIP+0x33d0f0]} .text C:\Program Files\Elantech\ETDCtrl.exe[5864] C:\WINDOWS\system32\GDI32.dll!PlgBlt 00007ffa013c3f30 6 bytes {JMP QWORD [RIP+0x1aec100]} .text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[1864] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW + 198 00007ffa00fe8e46 3 bytes [C4, 71, 11] .text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[1864] C:\WINDOWS\system32\KERNELBASE.dll!SetProcessShutdownParameters 00007ffa00ff8ca0 5 bytes [FF, 25, 90, 73, 15] .text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[1864] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW 00007ffa00ffef70 5 bytes JMP 00007ffb00fd00d8 .text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[1864] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileWithProgressTransactedW + 1 00007ffa01039351 5 bytes {JMP QWORD [RIP+0x136ce0]} .text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[1864] C:\WINDOWS\system32\KERNELBASE.dll!CopyFileExW 00007ffa0103a520 6 bytes {JMP QWORD [RIP+0x175b10]} .text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[1864] C:\WINDOWS\system32\KERNELBASE.dll!CopyFile2 00007ffa0105bfb0 6 bytes {JMP QWORD [RIP+0x134080]} .text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[1864] C:\WINDOWS\system32\USER32.dll!MoveWindow 00007ffa038211d0 6 bytes {JMP QWORD [RIP+0x94ee60]} .text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[1864] C:\WINDOWS\system32\USER32.dll!SetParent 00007ffa03821220 6 bytes {JMP QWORD [RIP+0x92ee10]} .text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[1864] C:\WINDOWS\system32\USER32.dll!GetKeyboardState 00007ffa03821230 6 bytes {JMP QWORD [RIP+0x8aee00]} .text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[1864] C:\WINDOWS\system32\USER32.dll!SendInput 00007ffa03821240 6 bytes {JMP QWORD [RIP+0x88edf0]} .text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[1864] C:\WINDOWS\system32\USER32.dll!SetClipboardViewer 00007ffa038214e0 6 bytes {JMP QWORD [RIP+0x96eb50]} .text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[1864] C:\WINDOWS\system32\USER32.dll!BlockInput 00007ffa03821530 6 bytes {JMP QWORD [RIP+0x98eb00]} .text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[1864] C:\WINDOWS\system32\USER32.dll!RegisterHotKey 00007ffa03821c90 6 bytes {JMP QWORD [RIP+0x9ce3a0]} .text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[1864] C:\WINDOWS\system32\USER32.dll!RegisterRawInputDevices 00007ffa03821cb0 6 bytes {JMP QWORD [RIP+0x90e380]} .text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[1864] C:\WINDOWS\system32\USER32.dll!PostMessageW 00007ffa038233f0 6 bytes {JMP QWORD [RIP+0x6ecc40]} .text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[1864] C:\WINDOWS\system32\USER32.dll!PostThreadMessageW 00007ffa038235a0 6 bytes JMP 5c5ea0 .text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[1864] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutW + 1 00007ffa03824311 5 bytes {JMP QWORD [RIP+0x7abd20]} .text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[1864] C:\WINDOWS\system32\USER32.dll!SystemParametersInfoW 00007ffa038254e0 6 bytes {JMP QWORD [RIP+0xa0ab50]} .text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[1864] C:\WINDOWS\system32\USER32.dll!SendMessageW 00007ffa03825720 6 bytes {JMP QWORD [RIP+0x76a910]} .text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[1864] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackW 00007ffa038262b0 6 bytes {JMP QWORD [RIP+0x7e9d80]} .text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[1864] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 00007ffa03826390 6 bytes {JMP QWORD [RIP+0x449ca0]} .text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[1864] C:\WINDOWS\system32\USER32.dll!SetWindowLongW 00007ffa038293d0 6 bytes JMP 1c .text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[1864] C:\WINDOWS\system32\USER32.dll!mouse_event 00007ffa03829f00 6 bytes {JMP QWORD [RIP+0x406130]} .text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[1864] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW 00007ffa0382b7f0 3 bytes [FF, 25, 40] .text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[1864] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW + 4 00007ffa0382b7f4 2 bytes [82, 00] .text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[1864] C:\WINDOWS\system32\USER32.dll!GetKeyState + 1 00007ffa0382fd81 5 bytes {JMP QWORD [RIP+0x8c02b0]} .text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[1864] C:\WINDOWS\system32\USER32.dll!SystemParametersInfoA 00007ffa03833740 6 bytes {JMP QWORD [RIP+0x9dc8f0]} .text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[1864] C:\WINDOWS\system32\USER32.dll!SetWindowLongA 00007ffa03833c60 5 bytes [FF, 25, D0, C3, 47] .text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[1864] C:\WINDOWS\system32\USER32.dll!EnableWindow 00007ffa03834610 6 bytes {JMP QWORD [RIP+0xa1ba20]} .text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[1864] C:\WINDOWS\system32\USER32.dll!GetAsyncKeyState 00007ffa03834b80 6 bytes {JMP QWORD [RIP+0x8db4b0]} .text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[1864] C:\WINDOWS\system32\USER32.dll!SetWinEventHook + 1 00007ffa03837101 5 bytes {JMP QWORD [RIP+0x458f30]} .text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[1864] C:\WINDOWS\system32\USER32.dll!PostThreadMessageA 00007ffa038455b0 6 bytes {JMP QWORD [RIP+0x6eaa80]} .text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[1864] C:\WINDOWS\system32\USER32.dll!PostMessageA 00007ffa03845920 6 bytes JMP 0 .text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[1864] C:\WINDOWS\system32\USER32.dll!SendMessageA 00007ffa03846190 6 bytes JMP 0 .text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[1864] C:\WINDOWS\system32\USER32.dll!ExitWindowsEx 00007ffa03854520 6 bytes {JMP QWORD [RIP+0xa1bb10]} .text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[1864] C:\WINDOWS\system32\USER32.dll!SendDlgItemMessageW 00007ffa03856480 6 bytes {JMP QWORD [RIP+0x839bb0]} .text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[1864] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageA 00007ffa0385c620 6 bytes {JMP QWORD [RIP+0x7d3a10]} .text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[1864] C:\WINDOWS\system32\USER32.dll!GetClipboardData 00007ffa0385efb0 6 bytes {JMP QWORD [RIP+0x971080]} .text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[1864] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutA 00007ffa0385f600 6 bytes {JMP QWORD [RIP+0x750a30]} .text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[1864] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 00007ffa03880f60 6 bytes {JMP QWORD [RIP+0x3cf0d0]} .text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[1864] C:\WINDOWS\system32\USER32.dll!keybd_event 00007ffa038a9620 6 bytes {JMP QWORD [RIP+0x366a10]} .text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[1864] C:\WINDOWS\system32\USER32.dll!SendDlgItemMessageA 00007ffa038b0f30 6 bytes {JMP QWORD [RIP+0x7bf100]} .text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[1864] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackA 00007ffa038b18f0 6 bytes JMP 1c391478 .text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[1864] C:\WINDOWS\system32\GDI32.dll!BitBlt 00007ffa01343d80 6 bytes {JMP QWORD [RIP+0x5ac2b0]} .text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[1864] C:\WINDOWS\system32\GDI32.dll!CreateDCW 00007ffa01354a00 6 bytes {JMP QWORD [RIP+0x32b630]} .text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[1864] C:\WINDOWS\system32\GDI32.dll!CreateDCA 00007ffa01354b70 6 bytes {JMP QWORD [RIP+0x30b4c0]} .text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[1864] C:\WINDOWS\system32\GDI32.dll!MaskBlt 00007ffa01357d30 6 bytes JMP 90000 C:\Program Files (x86)\Bluetooth Suite\BtTray.exe .text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[1864] C:\WINDOWS\system32\GDI32.dll!StretchBlt 00007ffa01362e30 6 bytes JMP 0 .text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[1864] C:\WINDOWS\system32\GDI32.dll!GetPixel 00007ffa01362f40 6 bytes {JMP QWORD [RIP+0x33d0f0]} .text C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[1864] C:\WINDOWS\system32\GDI32.dll!PlgBlt 00007ffa013c3f30 6 bytes {JMP QWORD [RIP+0x56c100]} .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4216] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW + 198 00007ffa00fe8e46 3 bytes [C4, 71, 11] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4216] C:\WINDOWS\system32\KERNELBASE.dll!SetProcessShutdownParameters 00007ffa00ff8ca0 5 bytes [FF, 25, 90, 73, 15] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4216] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW 00007ffa00ffef70 5 bytes JMP 00007ffb00fd00d8 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4216] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileWithProgressTransactedW + 1 00007ffa01039351 5 bytes {JMP QWORD [RIP+0x136ce0]} .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4216] C:\WINDOWS\system32\KERNELBASE.dll!CopyFileExW 00007ffa0103a520 6 bytes {JMP QWORD [RIP+0x175b10]} .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4216] C:\WINDOWS\system32\KERNELBASE.dll!CopyFile2 00007ffa0105bfb0 6 bytes {JMP QWORD [RIP+0x134080]} .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4216] C:\WINDOWS\system32\USER32.dll!MoveWindow 00007ffa038211d0 6 bytes JMP 40a2ee20 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4216] C:\WINDOWS\system32\USER32.dll!SetParent 00007ffa03821220 6 bytes JMP 88564ca0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4216] C:\WINDOWS\system32\USER32.dll!GetKeyboardState 00007ffa03821230 6 bytes {JMP QWORD [RIP+0x8aee00]} .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4216] C:\WINDOWS\system32\USER32.dll!SendInput 00007ffa03821240 6 bytes {JMP QWORD [RIP+0x88edf0]} .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4216] C:\WINDOWS\system32\USER32.dll!SetClipboardViewer 00007ffa038214e0 6 bytes JMP 0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4216] C:\WINDOWS\system32\USER32.dll!BlockInput 00007ffa03821530 6 bytes {JMP QWORD [RIP+0x98eb00]} .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4216] C:\WINDOWS\system32\USER32.dll!RegisterHotKey 00007ffa03821c90 6 bytes {JMP QWORD [RIP+0x9ce3a0]} .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4216] C:\WINDOWS\system32\USER32.dll!RegisterRawInputDevices 00007ffa03821cb0 6 bytes {JMP QWORD [RIP+0x90e380]} .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4216] C:\WINDOWS\system32\USER32.dll!PostMessageW 00007ffa038233f0 6 bytes {JMP QWORD [RIP+0x6ecc40]} .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4216] C:\WINDOWS\system32\USER32.dll!PostThreadMessageW 00007ffa038235a0 6 bytes {JMP QWORD [RIP+0x72ca90]} .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4216] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutW + 1 00007ffa03824311 5 bytes {JMP QWORD [RIP+0x7abd20]} .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4216] C:\WINDOWS\system32\USER32.dll!SystemParametersInfoW 00007ffa038254e0 6 bytes {JMP QWORD [RIP+0xa0ab50]} .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4216] C:\WINDOWS\system32\USER32.dll!SendMessageW 00007ffa03825720 6 bytes {JMP QWORD [RIP+0x76a910]} .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4216] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackW 00007ffa038262b0 6 bytes {JMP QWORD [RIP+0x7e9d80]} .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4216] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 00007ffa03826390 6 bytes JMP 0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4216] C:\WINDOWS\system32\USER32.dll!SetWindowLongW 00007ffa038293d0 6 bytes {JMP QWORD [RIP+0x6a6c60]} .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4216] C:\WINDOWS\system32\USER32.dll!mouse_event 00007ffa03829f00 6 bytes JMP 1fffff .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4216] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW 00007ffa0382b7f0 3 bytes [FF, 25, 40] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4216] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW + 4 00007ffa0382b7f4 2 bytes [82, 00] .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4216] C:\WINDOWS\system32\USER32.dll!GetKeyState + 1 00007ffa0382fd81 5 bytes {JMP QWORD [RIP+0x8c02b0]} .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4216] C:\WINDOWS\system32\USER32.dll!SystemParametersInfoA 00007ffa03833740 6 bytes {JMP QWORD [RIP+0x9dc8f0]} .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4216] C:\WINDOWS\system32\USER32.dll!SetWindowLongA 00007ffa03833c60 5 bytes JMP 0 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4216] C:\WINDOWS\system32\USER32.dll!EnableWindow 00007ffa03834610 6 bytes {JMP QWORD [RIP+0xa1ba20]} .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4216] C:\WINDOWS\system32\USER32.dll!GetAsyncKeyState 00007ffa03834b80 6 bytes {JMP QWORD [RIP+0x8db4b0]} .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4216] C:\WINDOWS\system32\USER32.dll!SetWinEventHook + 1 00007ffa03837101 5 bytes JMP ffffffff .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4216] C:\WINDOWS\system32\USER32.dll!PostThreadMessageA 00007ffa038455b0 6 bytes {JMP QWORD [RIP+0x6eaa80]} .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4216] C:\WINDOWS\system32\USER32.dll!PostMessageA 00007ffa03845920 6 bytes {JMP QWORD [RIP+0x6aa710]} .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4216] C:\WINDOWS\system32\USER32.dll!SendMessageA 00007ffa03846190 6 bytes {JMP QWORD [RIP+0x729ea0]} .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4216] C:\WINDOWS\system32\USER32.dll!ExitWindowsEx 00007ffa03854520 6 bytes {JMP QWORD [RIP+0xa1bb10]} .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4216] C:\WINDOWS\system32\USER32.dll!SendDlgItemMessageW 00007ffa03856480 6 bytes {JMP QWORD [RIP+0x839bb0]} .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4216] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageA 00007ffa0385c620 6 bytes {JMP QWORD [RIP+0x7d3a10]} .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4216] C:\WINDOWS\system32\USER32.dll!GetClipboardData 00007ffa0385efb0 6 bytes JMP 74696445 .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4216] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutA 00007ffa0385f600 6 bytes {JMP QWORD [RIP+0x750a30]} .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4216] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 00007ffa03880f60 6 bytes {JMP QWORD [RIP+0x3cf0d0]} .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4216] C:\WINDOWS\system32\USER32.dll!keybd_event 00007ffa038a9620 6 bytes {JMP QWORD [RIP+0x366a10]} .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4216] C:\WINDOWS\system32\USER32.dll!SendDlgItemMessageA 00007ffa038b0f30 6 bytes {JMP QWORD [RIP+0x7bf100]} .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4216] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackA 00007ffa038b18f0 6 bytes {JMP QWORD [RIP+0x73e740]} .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4216] C:\WINDOWS\system32\GDI32.dll!BitBlt 00007ffa01343d80 6 bytes {JMP QWORD [RIP+0x1c6c2b0]} .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4216] C:\WINDOWS\system32\GDI32.dll!CreateDCW 00007ffa01354a00 6 bytes {JMP QWORD [RIP+0x33b630]} .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4216] C:\WINDOWS\system32\GDI32.dll!CreateDCA 00007ffa01354b70 6 bytes {JMP QWORD [RIP+0x31b4c0]} .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4216] C:\WINDOWS\system32\GDI32.dll!MaskBlt 00007ffa01357d30 6 bytes {JMP QWORD [RIP+0x1c78300]} .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4216] C:\WINDOWS\system32\GDI32.dll!StretchBlt 00007ffa01362e30 6 bytes {JMP QWORD [RIP+0x1cad200]} .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4216] C:\WINDOWS\system32\GDI32.dll!GetPixel 00007ffa01362f40 6 bytes {JMP QWORD [RIP+0x34d0f0]} .text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4216] C:\WINDOWS\system32\GDI32.dll!PlgBlt 00007ffa013c3f30 6 bytes {JMP QWORD [RIP+0x1c2c100]} .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4600] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW + 198 00007ffa00fe8e46 3 bytes [C4, 71, 11] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4600] C:\WINDOWS\system32\KERNELBASE.dll!SetProcessShutdownParameters 00007ffa00ff8ca0 5 bytes [FF, 25, 90, 73, 15] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4600] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW 00007ffa00ffef70 5 bytes JMP 00007ffb00fd00d8 .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4600] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileWithProgressTransactedW + 1 00007ffa01039351 5 bytes {JMP QWORD [RIP+0x136ce0]} .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4600] C:\WINDOWS\system32\KERNELBASE.dll!CopyFileExW 00007ffa0103a520 6 bytes {JMP QWORD [RIP+0x175b10]} .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4600] C:\WINDOWS\system32\KERNELBASE.dll!CopyFile2 00007ffa0105bfb0 6 bytes {JMP QWORD [RIP+0x134080]} .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4600] C:\WINDOWS\system32\USER32.dll!MoveWindow 00007ffa038211d0 6 bytes {JMP QWORD [RIP+0xa0ee60]} .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4600] C:\WINDOWS\system32\USER32.dll!SetParent 00007ffa03821220 6 bytes {JMP QWORD [RIP+0x9eee10]} .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4600] C:\WINDOWS\system32\USER32.dll!GetKeyboardState 00007ffa03821230 6 bytes {JMP QWORD [RIP+0x96ee00]} .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4600] C:\WINDOWS\system32\USER32.dll!SendInput 00007ffa03821240 6 bytes {JMP QWORD [RIP+0x94edf0]} .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4600] C:\WINDOWS\system32\USER32.dll!SetClipboardViewer 00007ffa038214e0 6 bytes {JMP QWORD [RIP+0xa2eb50]} .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4600] C:\WINDOWS\system32\USER32.dll!BlockInput 00007ffa03821530 6 bytes {JMP QWORD [RIP+0xa4eb00]} .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4600] C:\WINDOWS\system32\USER32.dll!RegisterHotKey 00007ffa03821c90 6 bytes {JMP QWORD [RIP+0xa8e3a0]} .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4600] C:\WINDOWS\system32\USER32.dll!RegisterRawInputDevices 00007ffa03821cb0 6 bytes {JMP QWORD [RIP+0x9ce380]} .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4600] C:\WINDOWS\system32\USER32.dll!PostMessageW 00007ffa038233f0 6 bytes {JMP QWORD [RIP+0x7acc40]} .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4600] C:\WINDOWS\system32\USER32.dll!PostThreadMessageW 00007ffa038235a0 6 bytes {JMP QWORD [RIP+0x7eca90]} .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4600] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutW + 1 00007ffa03824311 5 bytes {JMP QWORD [RIP+0x86bd20]} .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4600] C:\WINDOWS\system32\USER32.dll!SystemParametersInfoW 00007ffa038254e0 6 bytes {JMP QWORD [RIP+0xacab50]} .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4600] C:\WINDOWS\system32\USER32.dll!SendMessageW 00007ffa03825720 6 bytes {JMP QWORD [RIP+0x82a910]} .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4600] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackW 00007ffa038262b0 6 bytes {JMP QWORD [RIP+0x8a9d80]} .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4600] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 00007ffa03826390 6 bytes {JMP QWORD [RIP+0x709ca0]} .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4600] C:\WINDOWS\system32\USER32.dll!SetWindowLongW 00007ffa038293d0 6 bytes {JMP QWORD [RIP+0x766c60]} .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4600] C:\WINDOWS\system32\USER32.dll!mouse_event 00007ffa03829f00 6 bytes {JMP QWORD [RIP+0x6c6130]} .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4600] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW 00007ffa0382b7f0 3 bytes [FF, 25, 40] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4600] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW + 4 00007ffa0382b7f4 2 bytes [8E, 00] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4600] C:\WINDOWS\system32\USER32.dll!GetKeyState + 1 00007ffa0382fd81 5 bytes {JMP QWORD [RIP+0x9802b0]} .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4600] C:\WINDOWS\system32\USER32.dll!SystemParametersInfoA 00007ffa03833740 6 bytes {JMP QWORD [RIP+0xa9c8f0]} .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4600] C:\WINDOWS\system32\USER32.dll!SetWindowLongA 00007ffa03833c60 5 bytes [FF, 25, D0, C3, 73] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4600] C:\WINDOWS\system32\USER32.dll!EnableWindow 00007ffa03834610 6 bytes {JMP QWORD [RIP+0xadba20]} .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4600] C:\WINDOWS\system32\USER32.dll!GetAsyncKeyState 00007ffa03834b80 6 bytes {JMP QWORD [RIP+0x99b4b0]} .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4600] C:\WINDOWS\system32\USER32.dll!SetWinEventHook + 1 00007ffa03837101 5 bytes {JMP QWORD [RIP+0x718f30]} .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4600] C:\WINDOWS\system32\USER32.dll!PostThreadMessageA 00007ffa038455b0 6 bytes {JMP QWORD [RIP+0x7aaa80]} .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4600] C:\WINDOWS\system32\USER32.dll!PostMessageA 00007ffa03845920 6 bytes {JMP QWORD [RIP+0x76a710]} .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4600] C:\WINDOWS\system32\USER32.dll!SendMessageA 00007ffa03846190 6 bytes {JMP QWORD [RIP+0x7e9ea0]} .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4600] C:\WINDOWS\system32\USER32.dll!ExitWindowsEx 00007ffa03854520 6 bytes {JMP QWORD [RIP+0xadbb10]} .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4600] C:\WINDOWS\system32\USER32.dll!SendDlgItemMessageW 00007ffa03856480 6 bytes {JMP QWORD [RIP+0x8f9bb0]} .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4600] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageA 00007ffa0385c620 4 bytes [FF, 25, 10, 3A] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4600] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageA + 5 00007ffa0385c625 1 byte [00] .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4600] C:\WINDOWS\system32\USER32.dll!GetClipboardData 00007ffa0385efb0 6 bytes {JMP QWORD [RIP+0xa31080]} .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4600] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutA 00007ffa0385f600 6 bytes {JMP QWORD [RIP+0x810a30]} .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4600] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 00007ffa03880f60 6 bytes {JMP QWORD [RIP+0x68f0d0]} .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4600] C:\WINDOWS\system32\USER32.dll!keybd_event 00007ffa038a9620 6 bytes {JMP QWORD [RIP+0x626a10]} .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4600] C:\WINDOWS\system32\USER32.dll!SendDlgItemMessageA 00007ffa038b0f30 6 bytes {JMP QWORD [RIP+0x87f100]} .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4600] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackA 00007ffa038b18f0 6 bytes {JMP QWORD [RIP+0x7fe740]} .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4600] C:\WINDOWS\system32\GDI32.dll!BitBlt 00007ffa01343d80 6 bytes {JMP QWORD [RIP+0x1b2c2b0]} .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4600] C:\WINDOWS\system32\GDI32.dll!CreateDCW 00007ffa01354a00 6 bytes {JMP QWORD [RIP+0x32b630]} .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4600] C:\WINDOWS\system32\GDI32.dll!CreateDCA 00007ffa01354b70 6 bytes {JMP QWORD [RIP+0x30b4c0]} .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4600] C:\WINDOWS\system32\GDI32.dll!MaskBlt 00007ffa01357d30 6 bytes {JMP QWORD [RIP+0x1b38300]} .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4600] C:\WINDOWS\system32\GDI32.dll!StretchBlt 00007ffa01362e30 6 bytes {JMP QWORD [RIP+0x1c3d200]} .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4600] C:\WINDOWS\system32\GDI32.dll!GetPixel 00007ffa01362f40 6 bytes {JMP QWORD [RIP+0x33d0f0]} .text C:\Program Files\Elantech\ETDCtrlHelper.exe[4600] C:\WINDOWS\system32\GDI32.dll!PlgBlt 00007ffa013c3f30 6 bytes {JMP QWORD [RIP+0x1aec100]} .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3212] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW + 198 00007ffa00fe8e46 3 bytes [C4, 71, 11] .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3212] C:\WINDOWS\system32\KERNELBASE.dll!SetProcessShutdownParameters 00007ffa00ff8ca0 5 bytes [FF, 25, 90, 73, 15] .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3212] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW 00007ffa00ffef70 5 bytes JMP 00007ffb00fd00d8 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3212] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileWithProgressTransactedW + 1 00007ffa01039351 5 bytes JMP 0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3212] C:\WINDOWS\system32\KERNELBASE.dll!CopyFileExW 00007ffa0103a520 6 bytes JMP 15d4 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3212] C:\WINDOWS\system32\KERNELBASE.dll!CopyFile2 00007ffa0105bfb0 6 bytes {JMP QWORD [RIP+0x134080]} .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3212] C:\WINDOWS\system32\USER32.dll!MoveWindow 00007ffa038211d0 6 bytes {JMP QWORD [RIP+0x94ee60]} .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3212] C:\WINDOWS\system32\USER32.dll!SetParent 00007ffa03821220 6 bytes {JMP QWORD [RIP+0x92ee10]} .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3212] C:\WINDOWS\system32\USER32.dll!GetKeyboardState 00007ffa03821230 6 bytes {JMP QWORD [RIP+0x8aee00]} .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3212] C:\WINDOWS\system32\USER32.dll!SendInput 00007ffa03821240 6 bytes {JMP QWORD [RIP+0x88edf0]} .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3212] C:\WINDOWS\system32\USER32.dll!SetClipboardViewer 00007ffa038214e0 6 bytes {JMP QWORD [RIP+0x96eb50]} .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3212] C:\WINDOWS\system32\USER32.dll!BlockInput 00007ffa03821530 6 bytes {JMP QWORD [RIP+0x98eb00]} .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3212] C:\WINDOWS\system32\USER32.dll!RegisterHotKey 00007ffa03821c90 6 bytes {JMP QWORD [RIP+0x9ce3a0]} .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3212] C:\WINDOWS\system32\USER32.dll!RegisterRawInputDevices 00007ffa03821cb0 6 bytes {JMP QWORD [RIP+0x90e380]} .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3212] C:\WINDOWS\system32\USER32.dll!PostMessageW 00007ffa038233f0 6 bytes {JMP QWORD [RIP+0x6ecc40]} .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3212] C:\WINDOWS\system32\USER32.dll!PostThreadMessageW 00007ffa038235a0 6 bytes {JMP QWORD [RIP+0x72ca90]} .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3212] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutW + 1 00007ffa03824311 5 bytes JMP 10001 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3212] C:\WINDOWS\system32\USER32.dll!SystemParametersInfoW 00007ffa038254e0 6 bytes {JMP QWORD [RIP+0xa0ab50]} .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3212] C:\WINDOWS\system32\USER32.dll!SendMessageW 00007ffa03825720 6 bytes JMP 0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3212] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackW 00007ffa038262b0 6 bytes {JMP QWORD [RIP+0x7e9d80]} .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3212] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 00007ffa03826390 6 bytes JMP a0001 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3212] C:\WINDOWS\system32\USER32.dll!SetWindowLongW 00007ffa038293d0 6 bytes {JMP QWORD [RIP+0x6a6c60]} .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3212] C:\WINDOWS\system32\USER32.dll!mouse_event 00007ffa03829f00 6 bytes JMP 200065 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3212] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW 00007ffa0382b7f0 3 bytes [FF, 25, 40] .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3212] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW + 4 00007ffa0382b7f4 2 bytes [82, 00] .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3212] C:\WINDOWS\system32\USER32.dll!GetKeyState + 1 00007ffa0382fd81 5 bytes {JMP QWORD [RIP+0x8c02b0]} .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3212] C:\WINDOWS\system32\USER32.dll!SystemParametersInfoA 00007ffa03833740 6 bytes {JMP QWORD [RIP+0x9dc8f0]} .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3212] C:\WINDOWS\system32\USER32.dll!SetWindowLongA 00007ffa03833c60 5 bytes [FF, 25, D0, C3, 47] .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3212] C:\WINDOWS\system32\USER32.dll!EnableWindow 00007ffa03834610 6 bytes {JMP QWORD [RIP+0xa1ba20]} .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3212] C:\WINDOWS\system32\USER32.dll!GetAsyncKeyState 00007ffa03834b80 6 bytes {JMP QWORD [RIP+0x8db4b0]} .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3212] C:\WINDOWS\system32\USER32.dll!SetWinEventHook + 1 00007ffa03837101 5 bytes {JMP QWORD [RIP+0x458f30]} .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3212] C:\WINDOWS\system32\USER32.dll!PostThreadMessageA 00007ffa038455b0 6 bytes {JMP QWORD [RIP+0x6eaa80]} .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3212] C:\WINDOWS\system32\USER32.dll!PostMessageA 00007ffa03845920 6 bytes {JMP QWORD [RIP+0x6aa710]} .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3212] C:\WINDOWS\system32\USER32.dll!SendMessageA 00007ffa03846190 6 bytes {JMP QWORD [RIP+0x729ea0]} .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3212] C:\WINDOWS\system32\USER32.dll!ExitWindowsEx 00007ffa03854520 6 bytes {JMP QWORD [RIP+0xa1bb10]} .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3212] C:\WINDOWS\system32\USER32.dll!SendDlgItemMessageW 00007ffa03856480 6 bytes {JMP QWORD [RIP+0x839bb0]} .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3212] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageA 00007ffa0385c620 6 bytes JMP 0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3212] C:\WINDOWS\system32\USER32.dll!GetClipboardData 00007ffa0385efb0 6 bytes {JMP QWORD [RIP+0x971080]} .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3212] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutA 00007ffa0385f600 6 bytes JMP 0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3212] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 00007ffa03880f60 6 bytes JMP ffffffff .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3212] C:\WINDOWS\system32\USER32.dll!keybd_event 00007ffa038a9620 6 bytes {JMP QWORD [RIP+0x366a10]} .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3212] C:\WINDOWS\system32\USER32.dll!SendDlgItemMessageA 00007ffa038b0f30 6 bytes JMP 0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3212] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackA 00007ffa038b18f0 6 bytes {JMP QWORD [RIP+0x73e740]} .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3212] C:\WINDOWS\system32\GDI32.dll!BitBlt 00007ffa01343d80 6 bytes {JMP QWORD [RIP+0x1b2c2b0]} .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3212] C:\WINDOWS\system32\GDI32.dll!CreateDCW 00007ffa01354a00 6 bytes {JMP QWORD [RIP+0x32b630]} .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3212] C:\WINDOWS\system32\GDI32.dll!CreateDCA 00007ffa01354b70 6 bytes {JMP QWORD [RIP+0x30b4c0]} .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3212] C:\WINDOWS\system32\GDI32.dll!MaskBlt 00007ffa01357d30 6 bytes {JMP QWORD [RIP+0x1b38300]} .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3212] C:\WINDOWS\system32\GDI32.dll!StretchBlt 00007ffa01362e30 6 bytes JMP 0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3212] C:\WINDOWS\system32\GDI32.dll!GetPixel 00007ffa01362f40 6 bytes {JMP QWORD [RIP+0x33d0f0]} .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3212] C:\WINDOWS\system32\GDI32.dll!PlgBlt 00007ffa013c3f30 6 bytes {JMP QWORD [RIP+0x1aec100]} .text C:\Program Files\Elantech\ETDIntelligent.exe[3108] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW + 198 00007ffa00fe8e46 3 bytes [C4, 71, 11] .text C:\Program Files\Elantech\ETDIntelligent.exe[3108] C:\WINDOWS\system32\KERNELBASE.dll!SetProcessShutdownParameters 00007ffa00ff8ca0 5 bytes [FF, 25, 90, 73, 15] .text C:\Program Files\Elantech\ETDIntelligent.exe[3108] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW 00007ffa00ffef70 5 bytes JMP 00007ffb00fd00d8 .text C:\Program Files\Elantech\ETDIntelligent.exe[3108] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileWithProgressTransactedW + 1 00007ffa01039351 5 bytes {JMP QWORD [RIP+0x136ce0]} .text C:\Program Files\Elantech\ETDIntelligent.exe[3108] C:\WINDOWS\system32\KERNELBASE.dll!CopyFileExW 00007ffa0103a520 6 bytes {JMP QWORD [RIP+0x175b10]} .text C:\Program Files\Elantech\ETDIntelligent.exe[3108] C:\WINDOWS\system32\KERNELBASE.dll!CopyFile2 00007ffa0105bfb0 6 bytes {JMP QWORD [RIP+0x134080]} .text C:\Program Files\Elantech\ETDIntelligent.exe[3108] C:\WINDOWS\system32\USER32.dll!MoveWindow 00007ffa038211d0 6 bytes {JMP QWORD [RIP+0xa0ee60]} .text C:\Program Files\Elantech\ETDIntelligent.exe[3108] C:\WINDOWS\system32\USER32.dll!SetParent 00007ffa03821220 6 bytes {JMP QWORD [RIP+0x9eee10]} .text C:\Program Files\Elantech\ETDIntelligent.exe[3108] C:\WINDOWS\system32\USER32.dll!GetKeyboardState 00007ffa03821230 6 bytes {JMP QWORD [RIP+0x96ee00]} .text C:\Program Files\Elantech\ETDIntelligent.exe[3108] C:\WINDOWS\system32\USER32.dll!SendInput 00007ffa03821240 6 bytes {JMP QWORD [RIP+0x94edf0]} .text C:\Program Files\Elantech\ETDIntelligent.exe[3108] C:\WINDOWS\system32\USER32.dll!SetClipboardViewer 00007ffa038214e0 6 bytes {JMP QWORD [RIP+0xa2eb50]} .text C:\Program Files\Elantech\ETDIntelligent.exe[3108] C:\WINDOWS\system32\USER32.dll!BlockInput 00007ffa03821530 6 bytes {JMP QWORD [RIP+0xa4eb00]} .text C:\Program Files\Elantech\ETDIntelligent.exe[3108] C:\WINDOWS\system32\USER32.dll!RegisterHotKey 00007ffa03821c90 6 bytes {JMP QWORD [RIP+0xa8e3a0]} .text C:\Program Files\Elantech\ETDIntelligent.exe[3108] C:\WINDOWS\system32\USER32.dll!RegisterRawInputDevices 00007ffa03821cb0 6 bytes {JMP QWORD [RIP+0x9ce380]} .text C:\Program Files\Elantech\ETDIntelligent.exe[3108] C:\WINDOWS\system32\USER32.dll!PostMessageW 00007ffa038233f0 6 bytes JMP 0 .text C:\Program Files\Elantech\ETDIntelligent.exe[3108] C:\WINDOWS\system32\USER32.dll!PostThreadMessageW 00007ffa038235a0 6 bytes {JMP QWORD [RIP+0x7eca90]} .text C:\Program Files\Elantech\ETDIntelligent.exe[3108] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutW + 1 00007ffa03824311 5 bytes {JMP QWORD [RIP+0x86bd20]} .text C:\Program Files\Elantech\ETDIntelligent.exe[3108] C:\WINDOWS\system32\USER32.dll!SystemParametersInfoW 00007ffa038254e0 6 bytes {JMP QWORD [RIP+0xacab50]} .text C:\Program Files\Elantech\ETDIntelligent.exe[3108] C:\WINDOWS\system32\USER32.dll!SendMessageW 00007ffa03825720 6 bytes {JMP QWORD [RIP+0x82a910]} .text C:\Program Files\Elantech\ETDIntelligent.exe[3108] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackW 00007ffa038262b0 6 bytes JMP d0000 .text C:\Program Files\Elantech\ETDIntelligent.exe[3108] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 00007ffa03826390 6 bytes {JMP QWORD [RIP+0x709ca0]} .text C:\Program Files\Elantech\ETDIntelligent.exe[3108] C:\WINDOWS\system32\USER32.dll!SetWindowLongW 00007ffa038293d0 6 bytes {JMP QWORD [RIP+0x766c60]} .text C:\Program Files\Elantech\ETDIntelligent.exe[3108] C:\WINDOWS\system32\USER32.dll!mouse_event 00007ffa03829f00 6 bytes {JMP QWORD [RIP+0x6c6130]} .text C:\Program Files\Elantech\ETDIntelligent.exe[3108] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW 00007ffa0382b7f0 3 bytes JMP 170 .text C:\Program Files\Elantech\ETDIntelligent.exe[3108] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW + 4 00007ffa0382b7f4 2 bytes JMP 170 .text C:\Program Files\Elantech\ETDIntelligent.exe[3108] C:\WINDOWS\system32\USER32.dll!GetKeyState + 1 00007ffa0382fd81 5 bytes {JMP QWORD [RIP+0x9802b0]} .text C:\Program Files\Elantech\ETDIntelligent.exe[3108] C:\WINDOWS\system32\USER32.dll!SystemParametersInfoA 00007ffa03833740 6 bytes {JMP QWORD [RIP+0xa9c8f0]} .text C:\Program Files\Elantech\ETDIntelligent.exe[3108] C:\WINDOWS\system32\USER32.dll!SetWindowLongA 00007ffa03833c60 5 bytes [FF, 25, D0, C3, 73] .text C:\Program Files\Elantech\ETDIntelligent.exe[3108] C:\WINDOWS\system32\USER32.dll!EnableWindow 00007ffa03834610 6 bytes JMP 0 .text C:\Program Files\Elantech\ETDIntelligent.exe[3108] C:\WINDOWS\system32\USER32.dll!GetAsyncKeyState 00007ffa03834b80 6 bytes {JMP QWORD [RIP+0x99b4b0]} .text C:\Program Files\Elantech\ETDIntelligent.exe[3108] C:\WINDOWS\system32\USER32.dll!SetWinEventHook + 1 00007ffa03837101 5 bytes {JMP QWORD [RIP+0x718f30]} .text C:\Program Files\Elantech\ETDIntelligent.exe[3108] C:\WINDOWS\system32\USER32.dll!PostThreadMessageA 00007ffa038455b0 6 bytes JMP 0 .text C:\Program Files\Elantech\ETDIntelligent.exe[3108] C:\WINDOWS\system32\USER32.dll!PostMessageA 00007ffa03845920 6 bytes {JMP QWORD [RIP+0x76a710]} .text C:\Program Files\Elantech\ETDIntelligent.exe[3108] C:\WINDOWS\system32\USER32.dll!SendMessageA 00007ffa03846190 6 bytes {JMP QWORD [RIP+0x7e9ea0]} .text C:\Program Files\Elantech\ETDIntelligent.exe[3108] C:\WINDOWS\system32\USER32.dll!ExitWindowsEx 00007ffa03854520 6 bytes JMP 0 .text C:\Program Files\Elantech\ETDIntelligent.exe[3108] C:\WINDOWS\system32\USER32.dll!SendDlgItemMessageW 00007ffa03856480 6 bytes {JMP QWORD [RIP+0x8f9bb0]} .text C:\Program Files\Elantech\ETDIntelligent.exe[3108] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageA 00007ffa0385c620 4 bytes JMP c4b .text C:\Program Files\Elantech\ETDIntelligent.exe[3108] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageA + 5 00007ffa0385c625 1 byte [00] .text C:\Program Files\Elantech\ETDIntelligent.exe[3108] C:\WINDOWS\system32\USER32.dll!GetClipboardData 00007ffa0385efb0 6 bytes {JMP QWORD [RIP+0xa31080]} .text C:\Program Files\Elantech\ETDIntelligent.exe[3108] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutA 00007ffa0385f600 6 bytes {JMP QWORD [RIP+0x810a30]} .text C:\Program Files\Elantech\ETDIntelligent.exe[3108] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 00007ffa03880f60 6 bytes {JMP QWORD [RIP+0x68f0d0]} .text C:\Program Files\Elantech\ETDIntelligent.exe[3108] C:\WINDOWS\system32\USER32.dll!keybd_event 00007ffa038a9620 6 bytes {JMP QWORD [RIP+0x626a10]} .text C:\Program Files\Elantech\ETDIntelligent.exe[3108] C:\WINDOWS\system32\USER32.dll!SendDlgItemMessageA 00007ffa038b0f30 6 bytes JMP d71c .text C:\Program Files\Elantech\ETDIntelligent.exe[3108] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackA 00007ffa038b18f0 6 bytes {JMP QWORD [RIP+0x7fe740]} .text C:\Program Files\Elantech\ETDIntelligent.exe[3108] C:\WINDOWS\system32\GDI32.dll!BitBlt 00007ffa01343d80 6 bytes {JMP QWORD [RIP+0x1b2c2b0]} .text C:\Program Files\Elantech\ETDIntelligent.exe[3108] C:\WINDOWS\system32\GDI32.dll!CreateDCW 00007ffa01354a00 6 bytes {JMP QWORD [RIP+0x32b630]} .text C:\Program Files\Elantech\ETDIntelligent.exe[3108] C:\WINDOWS\system32\GDI32.dll!CreateDCA 00007ffa01354b70 6 bytes {JMP QWORD [RIP+0x30b4c0]} .text C:\Program Files\Elantech\ETDIntelligent.exe[3108] C:\WINDOWS\system32\GDI32.dll!MaskBlt 00007ffa01357d30 6 bytes {JMP QWORD [RIP+0x1b38300]} .text C:\Program Files\Elantech\ETDIntelligent.exe[3108] C:\WINDOWS\system32\GDI32.dll!StretchBlt 00007ffa01362e30 6 bytes {JMP QWORD [RIP+0x1c3d200]} .text C:\Program Files\Elantech\ETDIntelligent.exe[3108] C:\WINDOWS\system32\GDI32.dll!GetPixel 00007ffa01362f40 6 bytes {JMP QWORD [RIP+0x33d0f0]} .text C:\Program Files\Elantech\ETDIntelligent.exe[3108] C:\WINDOWS\system32\GDI32.dll!PlgBlt 00007ffa013c3f30 6 bytes {JMP QWORD [RIP+0x1aec100]} .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[684] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW + 198 00007ffa00fe8e46 3 bytes [C4, 71, 11] .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[684] C:\WINDOWS\system32\KERNELBASE.dll!SetProcessShutdownParameters 00007ffa00ff8ca0 5 bytes [FF, 25, 90, 73, 15] .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[684] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW 00007ffa00ffef70 5 bytes JMP 00007ffb00fd00d8 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[684] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileWithProgressTransactedW + 1 00007ffa01039351 5 bytes JMP 0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[684] C:\WINDOWS\system32\KERNELBASE.dll!CopyFileExW 00007ffa0103a520 6 bytes JMP 15d4 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[684] C:\WINDOWS\system32\KERNELBASE.dll!CopyFile2 00007ffa0105bfb0 6 bytes {JMP QWORD [RIP+0x134080]} .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[684] C:\WINDOWS\system32\USER32.dll!MoveWindow 00007ffa038211d0 6 bytes {JMP QWORD [RIP+0x94ee60]} .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[684] C:\WINDOWS\system32\USER32.dll!SetParent 00007ffa03821220 6 bytes {JMP QWORD [RIP+0x92ee10]} .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[684] C:\WINDOWS\system32\USER32.dll!GetKeyboardState 00007ffa03821230 6 bytes {JMP QWORD [RIP+0x8aee00]} .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[684] C:\WINDOWS\system32\USER32.dll!SendInput 00007ffa03821240 6 bytes {JMP QWORD [RIP+0x88edf0]} .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[684] C:\WINDOWS\system32\USER32.dll!SetClipboardViewer 00007ffa038214e0 6 bytes {JMP QWORD [RIP+0x96eb50]} .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[684] C:\WINDOWS\system32\USER32.dll!BlockInput 00007ffa03821530 6 bytes {JMP QWORD [RIP+0x98eb00]} .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[684] C:\WINDOWS\system32\USER32.dll!RegisterHotKey 00007ffa03821c90 6 bytes {JMP QWORD [RIP+0x9ce3a0]} .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[684] C:\WINDOWS\system32\USER32.dll!RegisterRawInputDevices 00007ffa03821cb0 6 bytes {JMP QWORD [RIP+0x90e380]} .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[684] C:\WINDOWS\system32\USER32.dll!PostMessageW 00007ffa038233f0 6 bytes {JMP QWORD [RIP+0x6ecc40]} .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[684] C:\WINDOWS\system32\USER32.dll!PostThreadMessageW 00007ffa038235a0 6 bytes {JMP QWORD [RIP+0x72ca90]} .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[684] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutW + 1 00007ffa03824311 5 bytes {JMP QWORD [RIP+0x7abd20]} .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[684] C:\WINDOWS\system32\USER32.dll!SystemParametersInfoW 00007ffa038254e0 6 bytes {JMP QWORD [RIP+0xa0ab50]} .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[684] C:\WINDOWS\system32\USER32.dll!SendMessageW 00007ffa03825720 6 bytes {JMP QWORD [RIP+0x76a910]} .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[684] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackW 00007ffa038262b0 6 bytes {JMP QWORD [RIP+0x7e9d80]} .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[684] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 00007ffa03826390 6 bytes {JMP QWORD [RIP+0x449ca0]} .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[684] C:\WINDOWS\system32\USER32.dll!SetWindowLongW 00007ffa038293d0 6 bytes {JMP QWORD [RIP+0x6a6c60]} .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[684] C:\WINDOWS\system32\USER32.dll!mouse_event 00007ffa03829f00 6 bytes JMP 3f7b90 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[684] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW 00007ffa0382b7f0 3 bytes [FF, 25, 40] .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[684] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW + 4 00007ffa0382b7f4 2 bytes [82, 00] .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[684] C:\WINDOWS\system32\USER32.dll!GetKeyState + 1 00007ffa0382fd81 5 bytes {JMP QWORD [RIP+0x8c02b0]} .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[684] C:\WINDOWS\system32\USER32.dll!SystemParametersInfoA 00007ffa03833740 6 bytes {JMP QWORD [RIP+0x9dc8f0]} .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[684] C:\WINDOWS\system32\USER32.dll!SetWindowLongA 00007ffa03833c60 5 bytes [FF, 25, D0, C3, 47] .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[684] C:\WINDOWS\system32\USER32.dll!EnableWindow 00007ffa03834610 6 bytes {JMP QWORD [RIP+0xa1ba20]} .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[684] C:\WINDOWS\system32\USER32.dll!GetAsyncKeyState 00007ffa03834b80 6 bytes {JMP QWORD [RIP+0x8db4b0]} .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[684] C:\WINDOWS\system32\USER32.dll!SetWinEventHook + 1 00007ffa03837101 5 bytes {JMP QWORD [RIP+0x458f30]} .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[684] C:\WINDOWS\system32\USER32.dll!PostThreadMessageA 00007ffa038455b0 6 bytes {JMP QWORD [RIP+0x6eaa80]} .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[684] C:\WINDOWS\system32\USER32.dll!PostMessageA 00007ffa03845920 6 bytes {JMP QWORD [RIP+0x6aa710]} .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[684] C:\WINDOWS\system32\USER32.dll!SendMessageA 00007ffa03846190 6 bytes {JMP QWORD [RIP+0x729ea0]} .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[684] C:\WINDOWS\system32\USER32.dll!ExitWindowsEx 00007ffa03854520 6 bytes {JMP QWORD [RIP+0xa1bb10]} .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[684] C:\WINDOWS\system32\USER32.dll!SendDlgItemMessageW 00007ffa03856480 6 bytes {JMP QWORD [RIP+0x839bb0]} .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[684] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageA 00007ffa0385c620 6 bytes {JMP QWORD [RIP+0x7d3a10]} .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[684] C:\WINDOWS\system32\USER32.dll!GetClipboardData 00007ffa0385efb0 6 bytes {JMP QWORD [RIP+0x971080]} .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[684] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutA 00007ffa0385f600 6 bytes {JMP QWORD [RIP+0x750a30]} .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[684] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 00007ffa03880f60 6 bytes JMP 0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[684] C:\WINDOWS\system32\USER32.dll!keybd_event 00007ffa038a9620 6 bytes JMP 20012 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[684] C:\WINDOWS\system32\USER32.dll!SendDlgItemMessageA 00007ffa038b0f30 6 bytes {JMP QWORD [RIP+0x7bf100]} .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[684] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackA 00007ffa038b18f0 6 bytes {JMP QWORD [RIP+0x73e740]} .text C:\Program Files\Logitech Gaming Software\LCore.exe[3364] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW + 198 00007ffa00fe8e46 3 bytes [C4, 71, 2F] .text C:\Program Files\Logitech Gaming Software\LCore.exe[3364] C:\WINDOWS\system32\KERNELBASE.dll!SetProcessShutdownParameters 00007ffa00ff8ca0 5 bytes [FF, 25, 90, 73, 33] .text C:\Program Files\Logitech Gaming Software\LCore.exe[3364] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW 00007ffa00ffef70 5 bytes JMP 00007ffb00fd00d8 .text C:\Program Files\Logitech Gaming Software\LCore.exe[3364] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileWithProgressTransactedW + 1 00007ffa01039351 5 bytes {JMP QWORD [RIP+0x1f66ce0]} .text C:\Program Files\Logitech Gaming Software\LCore.exe[3364] C:\WINDOWS\system32\KERNELBASE.dll!CopyFileExW 00007ffa0103a520 6 bytes {JMP QWORD [RIP+0x1fa5b10]} .text C:\Program Files\Logitech Gaming Software\LCore.exe[3364] C:\WINDOWS\system32\KERNELBASE.dll!CopyFile2 00007ffa0105bfb0 6 bytes {JMP QWORD [RIP+0x1f64080]} .text C:\Program Files\Logitech Gaming Software\LCore.exe[3364] C:\WINDOWS\system32\USER32.dll!MoveWindow 00007ffa038211d0 6 bytes {JMP QWORD [RIP+0x94ee60]} .text C:\Program Files\Logitech Gaming Software\LCore.exe[3364] C:\WINDOWS\system32\USER32.dll!SetParent 00007ffa03821220 6 bytes {JMP QWORD [RIP+0x92ee10]} .text C:\Program Files\Logitech Gaming Software\LCore.exe[3364] C:\WINDOWS\system32\USER32.dll!GetKeyboardState 00007ffa03821230 6 bytes {JMP QWORD [RIP+0x8aee00]} .text C:\Program Files\Logitech Gaming Software\LCore.exe[3364] C:\WINDOWS\system32\USER32.dll!SendInput 00007ffa03821240 6 bytes {JMP QWORD [RIP+0x88edf0]} .text C:\Program Files\Logitech Gaming Software\LCore.exe[3364] C:\WINDOWS\system32\USER32.dll!SetClipboardViewer 00007ffa038214e0 6 bytes {JMP QWORD [RIP+0x96eb50]} .text C:\Program Files\Logitech Gaming Software\LCore.exe[3364] C:\WINDOWS\system32\USER32.dll!BlockInput 00007ffa03821530 6 bytes {JMP QWORD [RIP+0x98eb00]} .text C:\Program Files\Logitech Gaming Software\LCore.exe[3364] C:\WINDOWS\system32\USER32.dll!RegisterHotKey 00007ffa03821c90 6 bytes {JMP QWORD [RIP+0x9ce3a0]} .text C:\Program Files\Logitech Gaming Software\LCore.exe[3364] C:\WINDOWS\system32\USER32.dll!RegisterRawInputDevices 00007ffa03821cb0 6 bytes {JMP QWORD [RIP+0x90e380]} .text C:\Program Files\Logitech Gaming Software\LCore.exe[3364] C:\WINDOWS\system32\USER32.dll!PostMessageW 00007ffa038233f0 6 bytes {JMP QWORD [RIP+0x6ecc40]} .text C:\Program Files\Logitech Gaming Software\LCore.exe[3364] C:\WINDOWS\system32\USER32.dll!PostThreadMessageW 00007ffa038235a0 6 bytes {JMP QWORD [RIP+0x72ca90]} .text C:\Program Files\Logitech Gaming Software\LCore.exe[3364] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutW + 1 00007ffa03824311 5 bytes {JMP QWORD [RIP+0x7abd20]} .text C:\Program Files\Logitech Gaming Software\LCore.exe[3364] C:\WINDOWS\system32\USER32.dll!SystemParametersInfoW 00007ffa038254e0 6 bytes {JMP QWORD [RIP+0xa0ab50]} .text C:\Program Files\Logitech Gaming Software\LCore.exe[3364] C:\WINDOWS\system32\USER32.dll!SendMessageW 00007ffa03825720 6 bytes {JMP QWORD [RIP+0x76a910]} .text C:\Program Files\Logitech Gaming Software\LCore.exe[3364] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackW 00007ffa038262b0 6 bytes {JMP QWORD [RIP+0x7e9d80]} .text C:\Program Files\Logitech Gaming Software\LCore.exe[3364] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 00007ffa03826390 6 bytes {JMP QWORD [RIP+0x449ca0]} .text C:\Program Files\Logitech Gaming Software\LCore.exe[3364] C:\WINDOWS\system32\USER32.dll!SetWindowLongW 00007ffa038293d0 6 bytes {JMP QWORD [RIP+0x6a6c60]} .text C:\Program Files\Logitech Gaming Software\LCore.exe[3364] C:\WINDOWS\system32\USER32.dll!mouse_event 00007ffa03829f00 6 bytes {JMP QWORD [RIP+0x406130]} .text C:\Program Files\Logitech Gaming Software\LCore.exe[3364] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW 00007ffa0382b7f0 3 bytes [FF, 25, 40] .text C:\Program Files\Logitech Gaming Software\LCore.exe[3364] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW + 4 00007ffa0382b7f4 2 bytes [82, 00] .text C:\Program Files\Logitech Gaming Software\LCore.exe[3364] C:\WINDOWS\system32\USER32.dll!GetKeyState + 1 00007ffa0382fd81 5 bytes {JMP QWORD [RIP+0x8c02b0]} .text C:\Program Files\Logitech Gaming Software\LCore.exe[3364] C:\WINDOWS\system32\USER32.dll!SystemParametersInfoA 00007ffa03833740 6 bytes {JMP QWORD [RIP+0x9dc8f0]} .text C:\Program Files\Logitech Gaming Software\LCore.exe[3364] C:\WINDOWS\system32\USER32.dll!SetWindowLongA 00007ffa03833c60 5 bytes [FF, 25, D0, C3, 47] .text C:\Program Files\Logitech Gaming Software\LCore.exe[3364] C:\WINDOWS\system32\USER32.dll!EnableWindow 00007ffa03834610 6 bytes {JMP QWORD [RIP+0xa1ba20]} .text C:\Program Files\Logitech Gaming Software\LCore.exe[3364] C:\WINDOWS\system32\USER32.dll!GetAsyncKeyState 00007ffa03834b80 6 bytes {JMP QWORD [RIP+0x8db4b0]} .text C:\Program Files\Logitech Gaming Software\LCore.exe[3364] C:\WINDOWS\system32\USER32.dll!SetWinEventHook + 1 00007ffa03837101 5 bytes {JMP QWORD [RIP+0x458f30]} .text C:\Program Files\Logitech Gaming Software\LCore.exe[3364] C:\WINDOWS\system32\USER32.dll!PostThreadMessageA 00007ffa038455b0 6 bytes {JMP QWORD [RIP+0x6eaa80]} .text C:\Program Files\Logitech Gaming Software\LCore.exe[3364] C:\WINDOWS\system32\USER32.dll!PostMessageA 00007ffa03845920 6 bytes {JMP QWORD [RIP+0x6aa710]} .text C:\Program Files\Logitech Gaming Software\LCore.exe[3364] C:\WINDOWS\system32\USER32.dll!SendMessageA 00007ffa03846190 6 bytes {JMP QWORD [RIP+0x729ea0]} .text C:\Program Files\Logitech Gaming Software\LCore.exe[3364] C:\WINDOWS\system32\USER32.dll!ExitWindowsEx 00007ffa03854520 6 bytes {JMP QWORD [RIP+0xa1bb10]} .text C:\Program Files\Logitech Gaming Software\LCore.exe[3364] C:\WINDOWS\system32\USER32.dll!SendDlgItemMessageW 00007ffa03856480 6 bytes {JMP QWORD [RIP+0x839bb0]} .text C:\Program Files\Logitech Gaming Software\LCore.exe[3364] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageA 00007ffa0385c620 6 bytes {JMP QWORD [RIP+0x7d3a10]} .text C:\Program Files\Logitech Gaming Software\LCore.exe[3364] C:\WINDOWS\system32\USER32.dll!GetClipboardData 00007ffa0385efb0 6 bytes {JMP QWORD [RIP+0x971080]} .text C:\Program Files\Logitech Gaming Software\LCore.exe[3364] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutA 00007ffa0385f600 6 bytes {JMP QWORD [RIP+0x750a30]} .text C:\Program Files\Logitech Gaming Software\LCore.exe[3364] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 00007ffa03880f60 6 bytes {JMP QWORD [RIP+0x3cf0d0]} .text C:\Program Files\Logitech Gaming Software\LCore.exe[3364] C:\WINDOWS\system32\USER32.dll!keybd_event 00007ffa038a9620 6 bytes {JMP QWORD [RIP+0x366a10]} .text C:\Program Files\Logitech Gaming Software\LCore.exe[3364] C:\WINDOWS\system32\USER32.dll!SendDlgItemMessageA 00007ffa038b0f30 6 bytes {JMP QWORD [RIP+0x7bf100]} .text C:\Program Files\Logitech Gaming Software\LCore.exe[3364] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackA 00007ffa038b18f0 6 bytes {JMP QWORD [RIP+0x73e740]} .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[3608] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW + 198 00007ffa00fe8e46 3 bytes [C4, 71, 11] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[3608] C:\WINDOWS\system32\KERNELBASE.dll!SetProcessShutdownParameters 00007ffa00ff8ca0 5 bytes JMP 101 .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[3608] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW 00007ffa00ffef70 5 bytes JMP 00007ffb00fd00d8 .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[3608] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileWithProgressTransactedW + 1 00007ffa01039351 5 bytes {JMP QWORD [RIP+0x136ce0]} .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[3608] C:\WINDOWS\system32\KERNELBASE.dll!CopyFileExW 00007ffa0103a520 6 bytes JMP 0 .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[3608] C:\WINDOWS\system32\KERNELBASE.dll!CopyFile2 00007ffa0105bfb0 6 bytes {JMP QWORD [RIP+0x134080]} .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[3608] C:\WINDOWS\system32\USER32.dll!MoveWindow 00007ffa038211d0 6 bytes {JMP QWORD [RIP+0x94ee60]} .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[3608] C:\WINDOWS\system32\USER32.dll!SetParent 00007ffa03821220 6 bytes {JMP QWORD [RIP+0x92ee10]} .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[3608] C:\WINDOWS\system32\USER32.dll!GetKeyboardState 00007ffa03821230 6 bytes {JMP QWORD [RIP+0x8aee00]} .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[3608] C:\WINDOWS\system32\USER32.dll!SendInput 00007ffa03821240 6 bytes {JMP QWORD [RIP+0x88edf0]} .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[3608] C:\WINDOWS\system32\USER32.dll!SetClipboardViewer 00007ffa038214e0 6 bytes {JMP QWORD [RIP+0x96eb50]} .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[3608] C:\WINDOWS\system32\USER32.dll!BlockInput 00007ffa03821530 6 bytes {JMP QWORD [RIP+0x98eb00]} .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[3608] C:\WINDOWS\system32\USER32.dll!RegisterHotKey 00007ffa03821c90 6 bytes {JMP QWORD [RIP+0x9ce3a0]} .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[3608] C:\WINDOWS\system32\USER32.dll!RegisterRawInputDevices 00007ffa03821cb0 6 bytes {JMP QWORD [RIP+0x90e380]} .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[3608] C:\WINDOWS\system32\USER32.dll!PostMessageW 00007ffa038233f0 6 bytes JMP 626f6c47 .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[3608] C:\WINDOWS\system32\USER32.dll!PostThreadMessageW 00007ffa038235a0 6 bytes {JMP QWORD [RIP+0x72ca90]} .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[3608] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutW + 1 00007ffa03824311 5 bytes {JMP QWORD [RIP+0x7abd20]} .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[3608] C:\WINDOWS\system32\USER32.dll!SystemParametersInfoW 00007ffa038254e0 6 bytes {JMP QWORD [RIP+0xa0ab50]} .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[3608] C:\WINDOWS\system32\USER32.dll!SendMessageW 00007ffa03825720 6 bytes {JMP QWORD [RIP+0x76a910]} .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[3608] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackW 00007ffa038262b0 6 bytes JMP 0 .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[3608] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 00007ffa03826390 6 bytes {JMP QWORD [RIP+0x449ca0]} .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[3608] C:\WINDOWS\system32\USER32.dll!SetWindowLongW 00007ffa038293d0 6 bytes {JMP QWORD [RIP+0x6a6c60]} .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[3608] C:\WINDOWS\system32\USER32.dll!mouse_event 00007ffa03829f00 6 bytes {JMP QWORD [RIP+0x406130]} .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[3608] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW 00007ffa0382b7f0 3 bytes [FF, 25, 40] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[3608] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW + 4 00007ffa0382b7f4 2 bytes [82, 00] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[3608] C:\WINDOWS\system32\USER32.dll!GetKeyState + 1 00007ffa0382fd81 5 bytes JMP 0 .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[3608] C:\WINDOWS\system32\USER32.dll!SystemParametersInfoA 00007ffa03833740 6 bytes {JMP QWORD [RIP+0x9dc8f0]} .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[3608] C:\WINDOWS\system32\USER32.dll!SetWindowLongA 00007ffa03833c60 5 bytes [FF, 25, D0, C3, 47] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[3608] C:\WINDOWS\system32\USER32.dll!EnableWindow 00007ffa03834610 6 bytes {JMP QWORD [RIP+0xa1ba20]} .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[3608] C:\WINDOWS\system32\USER32.dll!GetAsyncKeyState 00007ffa03834b80 6 bytes {JMP QWORD [RIP+0x8db4b0]} .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[3608] C:\WINDOWS\system32\USER32.dll!SetWinEventHook + 1 00007ffa03837101 5 bytes {JMP QWORD [RIP+0x458f30]} .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[3608] C:\WINDOWS\system32\USER32.dll!PostThreadMessageA 00007ffa038455b0 6 bytes JMP 108 .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[3608] C:\WINDOWS\system32\USER32.dll!PostMessageA 00007ffa03845920 6 bytes {JMP QWORD [RIP+0x6aa710]} .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[3608] C:\WINDOWS\system32\USER32.dll!SendMessageA 00007ffa03846190 6 bytes {JMP QWORD [RIP+0x729ea0]} .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[3608] C:\WINDOWS\system32\USER32.dll!ExitWindowsEx 00007ffa03854520 6 bytes {JMP QWORD [RIP+0xa1bb10]} .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[3608] C:\WINDOWS\system32\USER32.dll!SendDlgItemMessageW 00007ffa03856480 6 bytes {JMP QWORD [RIP+0x839bb0]} .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[3608] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageA 00007ffa0385c620 6 bytes {JMP QWORD [RIP+0x7d3a10]} .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[3608] C:\WINDOWS\system32\USER32.dll!GetClipboardData 00007ffa0385efb0 6 bytes {JMP QWORD [RIP+0x971080]} .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[3608] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutA 00007ffa0385f600 6 bytes {JMP QWORD [RIP+0x750a30]} .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[3608] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 00007ffa03880f60 6 bytes {JMP QWORD [RIP+0x3cf0d0]} .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[3608] C:\WINDOWS\system32\USER32.dll!keybd_event 00007ffa038a9620 6 bytes {JMP QWORD [RIP+0x366a10]} .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[3608] C:\WINDOWS\system32\USER32.dll!SendDlgItemMessageA 00007ffa038b0f30 6 bytes {JMP QWORD [RIP+0x7bf100]} .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[3608] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackA 00007ffa038b18f0 6 bytes {JMP QWORD [RIP+0x73e740]} .text C:\Windows\System32\igfxtray.exe[2148] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW + 198 00007ffa00fe8e46 3 bytes [C4, 71, 11] .text C:\Windows\System32\igfxtray.exe[2148] C:\WINDOWS\system32\KERNELBASE.dll!SetProcessShutdownParameters 00007ffa00ff8ca0 5 bytes [FF, 25, 90, 73, 15] .text C:\Windows\System32\igfxtray.exe[2148] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW 00007ffa00ffef70 5 bytes JMP 00007ffb00fd00d8 .text C:\Windows\System32\igfxtray.exe[2148] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileWithProgressTransactedW + 1 00007ffa01039351 5 bytes {JMP QWORD [RIP+0x136ce0]} .text C:\Windows\System32\igfxtray.exe[2148] C:\WINDOWS\system32\KERNELBASE.dll!CopyFileExW 00007ffa0103a520 6 bytes JMP 15d4 .text C:\Windows\System32\igfxtray.exe[2148] C:\WINDOWS\system32\KERNELBASE.dll!CopyFile2 00007ffa0105bfb0 6 bytes {JMP QWORD [RIP+0x134080]} .text C:\Windows\System32\igfxtray.exe[2148] C:\WINDOWS\system32\USER32.dll!MoveWindow 00007ffa038211d0 6 bytes {JMP QWORD [RIP+0x94ee60]} .text C:\Windows\System32\igfxtray.exe[2148] C:\WINDOWS\system32\USER32.dll!SetParent 00007ffa03821220 6 bytes {JMP QWORD [RIP+0x92ee10]} .text C:\Windows\System32\igfxtray.exe[2148] C:\WINDOWS\system32\USER32.dll!GetKeyboardState 00007ffa03821230 6 bytes {JMP QWORD [RIP+0x8aee00]} .text C:\Windows\System32\igfxtray.exe[2148] C:\WINDOWS\system32\USER32.dll!SendInput 00007ffa03821240 6 bytes {JMP QWORD [RIP+0x88edf0]} .text C:\Windows\System32\igfxtray.exe[2148] C:\WINDOWS\system32\USER32.dll!SetClipboardViewer 00007ffa038214e0 6 bytes {JMP QWORD [RIP+0x96eb50]} .text C:\Windows\System32\igfxtray.exe[2148] C:\WINDOWS\system32\USER32.dll!BlockInput 00007ffa03821530 6 bytes {JMP QWORD [RIP+0x98eb00]} .text C:\Windows\System32\igfxtray.exe[2148] C:\WINDOWS\system32\USER32.dll!RegisterHotKey 00007ffa03821c90 6 bytes {JMP QWORD [RIP+0x9ce3a0]} .text C:\Windows\System32\igfxtray.exe[2148] C:\WINDOWS\system32\USER32.dll!RegisterRawInputDevices 00007ffa03821cb0 6 bytes {JMP QWORD [RIP+0x90e380]} .text C:\Windows\System32\igfxtray.exe[2148] C:\WINDOWS\system32\USER32.dll!PostMessageW 00007ffa038233f0 6 bytes {JMP QWORD [RIP+0x6ecc40]} .text C:\Windows\System32\igfxtray.exe[2148] C:\WINDOWS\system32\USER32.dll!PostThreadMessageW 00007ffa038235a0 6 bytes {JMP QWORD [RIP+0x72ca90]} .text C:\Windows\System32\igfxtray.exe[2148] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutW + 1 00007ffa03824311 5 bytes {JMP QWORD [RIP+0x7abd20]} .text C:\Windows\System32\igfxtray.exe[2148] C:\WINDOWS\system32\USER32.dll!SystemParametersInfoW 00007ffa038254e0 6 bytes {JMP QWORD [RIP+0xa0ab50]} .text C:\Windows\System32\igfxtray.exe[2148] C:\WINDOWS\system32\USER32.dll!SendMessageW 00007ffa03825720 6 bytes {JMP QWORD [RIP+0x76a910]} .text C:\Windows\System32\igfxtray.exe[2148] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackW 00007ffa038262b0 6 bytes {JMP QWORD [RIP+0x7e9d80]} .text C:\Windows\System32\igfxtray.exe[2148] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 00007ffa03826390 6 bytes {JMP QWORD [RIP+0x449ca0]} .text C:\Windows\System32\igfxtray.exe[2148] C:\WINDOWS\system32\USER32.dll!SetWindowLongW 00007ffa038293d0 6 bytes {JMP QWORD [RIP+0x6a6c60]} .text C:\Windows\System32\igfxtray.exe[2148] C:\WINDOWS\system32\USER32.dll!mouse_event 00007ffa03829f00 6 bytes JMP 0 .text C:\Windows\System32\igfxtray.exe[2148] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW 00007ffa0382b7f0 3 bytes [FF, 25, 40] .text C:\Windows\System32\igfxtray.exe[2148] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW + 4 00007ffa0382b7f4 2 bytes [82, 00] .text C:\Windows\System32\igfxtray.exe[2148] C:\WINDOWS\system32\USER32.dll!GetKeyState + 1 00007ffa0382fd81 5 bytes {JMP QWORD [RIP+0x8c02b0]} .text C:\Windows\System32\igfxtray.exe[2148] C:\WINDOWS\system32\USER32.dll!SystemParametersInfoA 00007ffa03833740 6 bytes {JMP QWORD [RIP+0x9dc8f0]} .text C:\Windows\System32\igfxtray.exe[2148] C:\WINDOWS\system32\USER32.dll!SetWindowLongA 00007ffa03833c60 5 bytes [FF, 25, D0, C3, 47] .text C:\Windows\System32\igfxtray.exe[2148] C:\WINDOWS\system32\USER32.dll!EnableWindow 00007ffa03834610 6 bytes {JMP QWORD [RIP+0xa1ba20]} .text C:\Windows\System32\igfxtray.exe[2148] C:\WINDOWS\system32\USER32.dll!GetAsyncKeyState 00007ffa03834b80 6 bytes {JMP QWORD [RIP+0x8db4b0]} .text C:\Windows\System32\igfxtray.exe[2148] C:\WINDOWS\system32\USER32.dll!SetWinEventHook + 1 00007ffa03837101 5 bytes {JMP QWORD [RIP+0x458f30]} .text C:\Windows\System32\igfxtray.exe[2148] C:\WINDOWS\system32\USER32.dll!PostThreadMessageA 00007ffa038455b0 6 bytes {JMP QWORD [RIP+0x6eaa80]} .text C:\Windows\System32\igfxtray.exe[2148] C:\WINDOWS\system32\USER32.dll!PostMessageA 00007ffa03845920 6 bytes {JMP QWORD [RIP+0x6aa710]} .text C:\Windows\System32\igfxtray.exe[2148] C:\WINDOWS\system32\USER32.dll!SendMessageA 00007ffa03846190 6 bytes {JMP QWORD [RIP+0x729ea0]} .text C:\Windows\System32\igfxtray.exe[2148] C:\WINDOWS\system32\USER32.dll!ExitWindowsEx 00007ffa03854520 6 bytes {JMP QWORD [RIP+0xa1bb10]} .text C:\Windows\System32\igfxtray.exe[2148] C:\WINDOWS\system32\USER32.dll!SendDlgItemMessageW 00007ffa03856480 6 bytes {JMP QWORD [RIP+0x839bb0]} .text C:\Windows\System32\igfxtray.exe[2148] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageA 00007ffa0385c620 6 bytes {JMP QWORD [RIP+0x7d3a10]} .text C:\Windows\System32\igfxtray.exe[2148] C:\WINDOWS\system32\USER32.dll!GetClipboardData 00007ffa0385efb0 6 bytes {JMP QWORD [RIP+0x971080]} .text C:\Windows\System32\igfxtray.exe[2148] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutA 00007ffa0385f600 6 bytes {JMP QWORD [RIP+0x750a30]} .text C:\Windows\System32\igfxtray.exe[2148] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 00007ffa03880f60 6 bytes {JMP QWORD [RIP+0x3cf0d0]} .text C:\Windows\System32\igfxtray.exe[2148] C:\WINDOWS\system32\USER32.dll!keybd_event 00007ffa038a9620 6 bytes {JMP QWORD [RIP+0x366a10]} .text C:\Windows\System32\igfxtray.exe[2148] C:\WINDOWS\system32\USER32.dll!SendDlgItemMessageA 00007ffa038b0f30 6 bytes {JMP QWORD [RIP+0x7bf100]} .text C:\Windows\System32\igfxtray.exe[2148] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackA 00007ffa038b18f0 6 bytes JMP 1012c .text C:\Windows\System32\hkcmd.exe[3344] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW + 198 00007ffa00fe8e46 3 bytes [C4, 71, 11] .text C:\Windows\System32\hkcmd.exe[3344] C:\WINDOWS\system32\KERNELBASE.dll!SetProcessShutdownParameters 00007ffa00ff8ca0 5 bytes [FF, 25, 90, 73, 15] .text C:\Windows\System32\hkcmd.exe[3344] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW 00007ffa00ffef70 5 bytes JMP 00007ffb00fd00d8 .text C:\Windows\System32\hkcmd.exe[3344] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileWithProgressTransactedW + 1 00007ffa01039351 5 bytes {JMP QWORD [RIP+0x136ce0]} .text C:\Windows\System32\hkcmd.exe[3344] C:\WINDOWS\system32\KERNELBASE.dll!CopyFileExW 00007ffa0103a520 6 bytes JMP 15d4 .text C:\Windows\System32\hkcmd.exe[3344] C:\WINDOWS\system32\KERNELBASE.dll!CopyFile2 00007ffa0105bfb0 6 bytes {JMP QWORD [RIP+0x134080]} .text C:\Windows\System32\hkcmd.exe[3344] C:\WINDOWS\system32\USER32.dll!MoveWindow 00007ffa038211d0 6 bytes {JMP QWORD [RIP+0x94ee60]} .text C:\Windows\System32\hkcmd.exe[3344] C:\WINDOWS\system32\USER32.dll!SetParent 00007ffa03821220 6 bytes {JMP QWORD [RIP+0x92ee10]} .text C:\Windows\System32\hkcmd.exe[3344] C:\WINDOWS\system32\USER32.dll!GetKeyboardState 00007ffa03821230 6 bytes {JMP QWORD [RIP+0x8aee00]} .text C:\Windows\System32\hkcmd.exe[3344] C:\WINDOWS\system32\USER32.dll!SendInput 00007ffa03821240 6 bytes {JMP QWORD [RIP+0x88edf0]} .text C:\Windows\System32\hkcmd.exe[3344] C:\WINDOWS\system32\USER32.dll!SetClipboardViewer 00007ffa038214e0 6 bytes {JMP QWORD [RIP+0x96eb50]} .text C:\Windows\System32\hkcmd.exe[3344] C:\WINDOWS\system32\USER32.dll!BlockInput 00007ffa03821530 6 bytes {JMP QWORD [RIP+0x98eb00]} .text C:\Windows\System32\hkcmd.exe[3344] C:\WINDOWS\system32\USER32.dll!RegisterHotKey 00007ffa03821c90 6 bytes {JMP QWORD [RIP+0x9ce3a0]} .text C:\Windows\System32\hkcmd.exe[3344] C:\WINDOWS\system32\USER32.dll!RegisterRawInputDevices 00007ffa03821cb0 6 bytes {JMP QWORD [RIP+0x90e380]} .text C:\Windows\System32\hkcmd.exe[3344] C:\WINDOWS\system32\USER32.dll!PostMessageW 00007ffa038233f0 6 bytes {JMP QWORD [RIP+0x6ecc40]} .text C:\Windows\System32\hkcmd.exe[3344] C:\WINDOWS\system32\USER32.dll!PostThreadMessageW 00007ffa038235a0 6 bytes {JMP QWORD [RIP+0x72ca90]} .text C:\Windows\System32\hkcmd.exe[3344] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutW + 1 00007ffa03824311 5 bytes {JMP QWORD [RIP+0x7abd20]} .text C:\Windows\System32\hkcmd.exe[3344] C:\WINDOWS\system32\USER32.dll!SystemParametersInfoW 00007ffa038254e0 6 bytes {JMP QWORD [RIP+0xa0ab50]} .text C:\Windows\System32\hkcmd.exe[3344] C:\WINDOWS\system32\USER32.dll!SendMessageW 00007ffa03825720 6 bytes {JMP QWORD [RIP+0x76a910]} .text C:\Windows\System32\hkcmd.exe[3344] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackW 00007ffa038262b0 6 bytes {JMP QWORD [RIP+0x7e9d80]} .text C:\Windows\System32\hkcmd.exe[3344] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 00007ffa03826390 6 bytes {JMP QWORD [RIP+0x449ca0]} .text C:\Windows\System32\hkcmd.exe[3344] C:\WINDOWS\system32\USER32.dll!SetWindowLongW 00007ffa038293d0 6 bytes {JMP QWORD [RIP+0x6a6c60]} .text C:\Windows\System32\hkcmd.exe[3344] C:\WINDOWS\system32\USER32.dll!mouse_event 00007ffa03829f00 6 bytes {JMP QWORD [RIP+0x406130]} .text C:\Windows\System32\hkcmd.exe[3344] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW 00007ffa0382b7f0 3 bytes [FF, 25, 40] .text C:\Windows\System32\hkcmd.exe[3344] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW + 4 00007ffa0382b7f4 2 bytes [82, 00] .text C:\Windows\System32\hkcmd.exe[3344] C:\WINDOWS\system32\USER32.dll!GetKeyState + 1 00007ffa0382fd81 5 bytes {JMP QWORD [RIP+0x8c02b0]} .text C:\Windows\System32\hkcmd.exe[3344] C:\WINDOWS\system32\USER32.dll!SystemParametersInfoA 00007ffa03833740 6 bytes {JMP QWORD [RIP+0x9dc8f0]} .text C:\Windows\System32\hkcmd.exe[3344] C:\WINDOWS\system32\USER32.dll!SetWindowLongA 00007ffa03833c60 5 bytes [FF, 25, D0, C3, 47] .text C:\Windows\System32\hkcmd.exe[3344] C:\WINDOWS\system32\USER32.dll!EnableWindow 00007ffa03834610 6 bytes {JMP QWORD [RIP+0xa1ba20]} .text C:\Windows\System32\hkcmd.exe[3344] C:\WINDOWS\system32\USER32.dll!GetAsyncKeyState 00007ffa03834b80 6 bytes {JMP QWORD [RIP+0x8db4b0]} .text C:\Windows\System32\hkcmd.exe[3344] C:\WINDOWS\system32\USER32.dll!SetWinEventHook + 1 00007ffa03837101 5 bytes {JMP QWORD [RIP+0x458f30]} .text C:\Windows\System32\hkcmd.exe[3344] C:\WINDOWS\system32\USER32.dll!PostThreadMessageA 00007ffa038455b0 6 bytes {JMP QWORD [RIP+0x6eaa80]} .text C:\Windows\System32\hkcmd.exe[3344] C:\WINDOWS\system32\USER32.dll!PostMessageA 00007ffa03845920 6 bytes {JMP QWORD [RIP+0x6aa710]} .text C:\Windows\System32\hkcmd.exe[3344] C:\WINDOWS\system32\USER32.dll!SendMessageA 00007ffa03846190 6 bytes {JMP QWORD [RIP+0x729ea0]} .text C:\Windows\System32\hkcmd.exe[3344] C:\WINDOWS\system32\USER32.dll!ExitWindowsEx 00007ffa03854520 6 bytes {JMP QWORD [RIP+0xa1bb10]} .text C:\Windows\System32\hkcmd.exe[3344] C:\WINDOWS\system32\USER32.dll!SendDlgItemMessageW 00007ffa03856480 6 bytes {JMP QWORD [RIP+0x839bb0]} .text C:\Windows\System32\hkcmd.exe[3344] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageA 00007ffa0385c620 6 bytes JMP 40a339d0 .text C:\Windows\System32\hkcmd.exe[3344] C:\WINDOWS\system32\USER32.dll!GetClipboardData 00007ffa0385efb0 6 bytes {JMP QWORD [RIP+0x971080]} .text C:\Windows\System32\hkcmd.exe[3344] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutA 00007ffa0385f600 6 bytes {JMP QWORD [RIP+0x750a30]} .text C:\Windows\System32\hkcmd.exe[3344] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 00007ffa03880f60 6 bytes {JMP QWORD [RIP+0x3cf0d0]} .text C:\Windows\System32\hkcmd.exe[3344] C:\WINDOWS\system32\USER32.dll!keybd_event 00007ffa038a9620 6 bytes {JMP QWORD [RIP+0x366a10]} .text C:\Windows\System32\hkcmd.exe[3344] C:\WINDOWS\system32\USER32.dll!SendDlgItemMessageA 00007ffa038b0f30 6 bytes {JMP QWORD [RIP+0x7bf100]} .text C:\Windows\System32\hkcmd.exe[3344] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackA 00007ffa038b18f0 6 bytes {JMP QWORD [RIP+0x73e740]} .text C:\WINDOWS\system32\igfxsrvc.exe[5608] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW + 198 00007ffa00fe8e46 3 bytes CALL 0 .text C:\WINDOWS\system32\igfxsrvc.exe[5608] C:\WINDOWS\system32\KERNELBASE.dll!SetProcessShutdownParameters 00007ffa00ff8ca0 5 bytes [FF, 25, 90, 73, 15] .text C:\WINDOWS\system32\igfxsrvc.exe[5608] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW 00007ffa00ffef70 5 bytes JMP 00007ffb00fd00d8 .text C:\WINDOWS\system32\igfxsrvc.exe[5608] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileWithProgressTransactedW + 1 00007ffa01039351 5 bytes JMP 0 .text C:\WINDOWS\system32\igfxsrvc.exe[5608] C:\WINDOWS\system32\KERNELBASE.dll!CopyFileExW 00007ffa0103a520 6 bytes JMP 15d4 .text C:\WINDOWS\system32\igfxsrvc.exe[5608] C:\WINDOWS\system32\KERNELBASE.dll!CopyFile2 00007ffa0105bfb0 6 bytes JMP 0 .text C:\WINDOWS\system32\igfxsrvc.exe[5608] C:\WINDOWS\system32\USER32.dll!MoveWindow 00007ffa038211d0 6 bytes {JMP QWORD [RIP+0x94ee60]} .text C:\WINDOWS\system32\igfxsrvc.exe[5608] C:\WINDOWS\system32\USER32.dll!SetParent 00007ffa03821220 6 bytes {JMP QWORD [RIP+0x92ee10]} .text C:\WINDOWS\system32\igfxsrvc.exe[5608] C:\WINDOWS\system32\USER32.dll!GetKeyboardState 00007ffa03821230 6 bytes {JMP QWORD [RIP+0x8aee00]} .text C:\WINDOWS\system32\igfxsrvc.exe[5608] C:\WINDOWS\system32\USER32.dll!SendInput 00007ffa03821240 6 bytes {JMP QWORD [RIP+0x88edf0]} .text C:\WINDOWS\system32\igfxsrvc.exe[5608] C:\WINDOWS\system32\USER32.dll!SetClipboardViewer 00007ffa038214e0 6 bytes {JMP QWORD [RIP+0x96eb50]} .text C:\WINDOWS\system32\igfxsrvc.exe[5608] C:\WINDOWS\system32\USER32.dll!BlockInput 00007ffa03821530 6 bytes {JMP QWORD [RIP+0x98eb00]} .text C:\WINDOWS\system32\igfxsrvc.exe[5608] C:\WINDOWS\system32\USER32.dll!RegisterHotKey 00007ffa03821c90 6 bytes {JMP QWORD [RIP+0x9ce3a0]} .text C:\WINDOWS\system32\igfxsrvc.exe[5608] C:\WINDOWS\system32\USER32.dll!RegisterRawInputDevices 00007ffa03821cb0 6 bytes {JMP QWORD [RIP+0x90e380]} .text C:\WINDOWS\system32\igfxsrvc.exe[5608] C:\WINDOWS\system32\USER32.dll!PostMessageW 00007ffa038233f0 6 bytes {JMP QWORD [RIP+0x6ecc40]} .text C:\WINDOWS\system32\igfxsrvc.exe[5608] C:\WINDOWS\system32\USER32.dll!PostThreadMessageW 00007ffa038235a0 6 bytes {JMP QWORD [RIP+0x72ca90]} .text C:\WINDOWS\system32\igfxsrvc.exe[5608] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutW + 1 00007ffa03824311 5 bytes {JMP QWORD [RIP+0x7abd20]} .text C:\WINDOWS\system32\igfxsrvc.exe[5608] C:\WINDOWS\system32\USER32.dll!SystemParametersInfoW 00007ffa038254e0 6 bytes {JMP QWORD [RIP+0xa0ab50]} .text C:\WINDOWS\system32\igfxsrvc.exe[5608] C:\WINDOWS\system32\USER32.dll!SendMessageW 00007ffa03825720 6 bytes {JMP QWORD [RIP+0x76a910]} .text C:\WINDOWS\system32\igfxsrvc.exe[5608] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackW 00007ffa038262b0 6 bytes {JMP QWORD [RIP+0x7e9d80]} .text C:\WINDOWS\system32\igfxsrvc.exe[5608] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 00007ffa03826390 6 bytes JMP a0001 .text C:\WINDOWS\system32\igfxsrvc.exe[5608] C:\WINDOWS\system32\USER32.dll!SetWindowLongW 00007ffa038293d0 6 bytes {JMP QWORD [RIP+0x6a6c60]} .text C:\WINDOWS\system32\igfxsrvc.exe[5608] C:\WINDOWS\system32\USER32.dll!mouse_event 00007ffa03829f00 6 bytes {JMP QWORD [RIP+0x406130]} .text C:\WINDOWS\system32\igfxsrvc.exe[5608] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW 00007ffa0382b7f0 3 bytes [FF, 25, 40] .text C:\WINDOWS\system32\igfxsrvc.exe[5608] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW + 4 00007ffa0382b7f4 2 bytes [82, 00] .text C:\WINDOWS\system32\igfxsrvc.exe[5608] C:\WINDOWS\system32\USER32.dll!GetKeyState + 1 00007ffa0382fd81 5 bytes {JMP QWORD [RIP+0x8c02b0]} .text C:\WINDOWS\system32\igfxsrvc.exe[5608] C:\WINDOWS\system32\USER32.dll!SystemParametersInfoA 00007ffa03833740 6 bytes {JMP QWORD [RIP+0x9dc8f0]} .text C:\WINDOWS\system32\igfxsrvc.exe[5608] C:\WINDOWS\system32\USER32.dll!SetWindowLongA 00007ffa03833c60 5 bytes [FF, 25, D0, C3, 47] .text C:\WINDOWS\system32\igfxsrvc.exe[5608] C:\WINDOWS\system32\USER32.dll!EnableWindow 00007ffa03834610 6 bytes {JMP QWORD [RIP+0xa1ba20]} .text C:\WINDOWS\system32\igfxsrvc.exe[5608] C:\WINDOWS\system32\USER32.dll!GetAsyncKeyState 00007ffa03834b80 6 bytes {JMP QWORD [RIP+0x8db4b0]} .text C:\WINDOWS\system32\igfxsrvc.exe[5608] C:\WINDOWS\system32\USER32.dll!SetWinEventHook + 1 00007ffa03837101 5 bytes {JMP QWORD [RIP+0x458f30]} .text C:\WINDOWS\system32\igfxsrvc.exe[5608] C:\WINDOWS\system32\USER32.dll!PostThreadMessageA 00007ffa038455b0 6 bytes {JMP QWORD [RIP+0x6eaa80]} .text C:\WINDOWS\system32\igfxsrvc.exe[5608] C:\WINDOWS\system32\USER32.dll!PostMessageA 00007ffa03845920 6 bytes {JMP QWORD [RIP+0x6aa710]} .text C:\WINDOWS\system32\igfxsrvc.exe[5608] C:\WINDOWS\system32\USER32.dll!SendMessageA 00007ffa03846190 6 bytes {JMP QWORD [RIP+0x729ea0]} .text C:\WINDOWS\system32\igfxsrvc.exe[5608] C:\WINDOWS\system32\USER32.dll!ExitWindowsEx 00007ffa03854520 6 bytes {JMP QWORD [RIP+0xa1bb10]} .text C:\WINDOWS\system32\igfxsrvc.exe[5608] C:\WINDOWS\system32\USER32.dll!SendDlgItemMessageW 00007ffa03856480 6 bytes {JMP QWORD [RIP+0x839bb0]} .text C:\WINDOWS\system32\igfxsrvc.exe[5608] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageA 00007ffa0385c620 6 bytes JMP 0 .text C:\WINDOWS\system32\igfxsrvc.exe[5608] C:\WINDOWS\system32\USER32.dll!GetClipboardData 00007ffa0385efb0 6 bytes {JMP QWORD [RIP+0x971080]} .text C:\WINDOWS\system32\igfxsrvc.exe[5608] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutA 00007ffa0385f600 6 bytes JMP 0 .text C:\WINDOWS\system32\igfxsrvc.exe[5608] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 00007ffa03880f60 6 bytes {JMP QWORD [RIP+0x3cf0d0]} .text C:\WINDOWS\system32\igfxsrvc.exe[5608] C:\WINDOWS\system32\USER32.dll!keybd_event 00007ffa038a9620 6 bytes JMP 0 .text C:\WINDOWS\system32\igfxsrvc.exe[5608] C:\WINDOWS\system32\USER32.dll!SendDlgItemMessageA 00007ffa038b0f30 6 bytes {JMP QWORD [RIP+0x7bf100]} .text C:\WINDOWS\system32\igfxsrvc.exe[5608] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackA 00007ffa038b18f0 6 bytes {JMP QWORD [RIP+0x73e740]} .text C:\WINDOWS\system32\igfxsrvc.exe[5608] C:\WINDOWS\system32\GDI32.dll!BitBlt 00007ffa01343d80 6 bytes {JMP QWORD [RIP+0x5ac2b0]} .text C:\WINDOWS\system32\igfxsrvc.exe[5608] C:\WINDOWS\system32\GDI32.dll!CreateDCW 00007ffa01354a00 6 bytes {JMP QWORD [RIP+0x32b630]} .text C:\WINDOWS\system32\igfxsrvc.exe[5608] C:\WINDOWS\system32\GDI32.dll!CreateDCA 00007ffa01354b70 6 bytes {JMP QWORD [RIP+0x30b4c0]} .text C:\WINDOWS\system32\igfxsrvc.exe[5608] C:\WINDOWS\system32\GDI32.dll!MaskBlt 00007ffa01357d30 6 bytes {JMP QWORD [RIP+0x5b8300]} .text C:\WINDOWS\system32\igfxsrvc.exe[5608] C:\WINDOWS\system32\GDI32.dll!StretchBlt 00007ffa01362e30 6 bytes {JMP QWORD [RIP+0x5ed200]} .text C:\WINDOWS\system32\igfxsrvc.exe[5608] C:\WINDOWS\system32\GDI32.dll!GetPixel 00007ffa01362f40 6 bytes {JMP QWORD [RIP+0x33d0f0]} .text C:\WINDOWS\system32\igfxsrvc.exe[5608] C:\WINDOWS\system32\GDI32.dll!PlgBlt 00007ffa013c3f30 6 bytes {JMP QWORD [RIP+0x56c100]} .text C:\Windows\System32\igfxpers.exe[5840] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW + 198 00007ffa00fe8e46 3 bytes [C4, 71, 11] .text C:\Windows\System32\igfxpers.exe[5840] C:\WINDOWS\system32\KERNELBASE.dll!SetProcessShutdownParameters 00007ffa00ff8ca0 5 bytes [FF, 25, 90, 73, 15] .text C:\Windows\System32\igfxpers.exe[5840] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW 00007ffa00ffef70 5 bytes JMP 00007ffb00fd00d8 .text C:\Windows\System32\igfxpers.exe[5840] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileWithProgressTransactedW + 1 00007ffa01039351 5 bytes JMP 0 .text C:\Windows\System32\igfxpers.exe[5840] C:\WINDOWS\system32\KERNELBASE.dll!CopyFileExW 00007ffa0103a520 6 bytes JMP 0 .text C:\Windows\System32\igfxpers.exe[5840] C:\WINDOWS\system32\KERNELBASE.dll!CopyFile2 00007ffa0105bfb0 6 bytes {JMP QWORD [RIP+0x134080]} .text C:\Windows\System32\igfxpers.exe[5840] C:\WINDOWS\system32\USER32.dll!MoveWindow 00007ffa038211d0 6 bytes {JMP QWORD [RIP+0x94ee60]} .text C:\Windows\System32\igfxpers.exe[5840] C:\WINDOWS\system32\USER32.dll!SetParent 00007ffa03821220 6 bytes {JMP QWORD [RIP+0x92ee10]} .text C:\Windows\System32\igfxpers.exe[5840] C:\WINDOWS\system32\USER32.dll!GetKeyboardState 00007ffa03821230 6 bytes {JMP QWORD [RIP+0x8aee00]} .text C:\Windows\System32\igfxpers.exe[5840] C:\WINDOWS\system32\USER32.dll!SendInput 00007ffa03821240 6 bytes {JMP QWORD [RIP+0x88edf0]} .text C:\Windows\System32\igfxpers.exe[5840] C:\WINDOWS\system32\USER32.dll!SetClipboardViewer 00007ffa038214e0 6 bytes {JMP QWORD [RIP+0x96eb50]} .text C:\Windows\System32\igfxpers.exe[5840] C:\WINDOWS\system32\USER32.dll!BlockInput 00007ffa03821530 6 bytes {JMP QWORD [RIP+0x98eb00]} .text C:\Windows\System32\igfxpers.exe[5840] C:\WINDOWS\system32\USER32.dll!RegisterHotKey 00007ffa03821c90 6 bytes {JMP QWORD [RIP+0x9ce3a0]} .text C:\Windows\System32\igfxpers.exe[5840] C:\WINDOWS\system32\USER32.dll!RegisterRawInputDevices 00007ffa03821cb0 6 bytes {JMP QWORD [RIP+0x90e380]} .text C:\Windows\System32\igfxpers.exe[5840] C:\WINDOWS\system32\USER32.dll!PostMessageW 00007ffa038233f0 6 bytes JMP 0 .text C:\Windows\System32\igfxpers.exe[5840] C:\WINDOWS\system32\USER32.dll!PostThreadMessageW 00007ffa038235a0 6 bytes {JMP QWORD [RIP+0x72ca90]} .text C:\Windows\System32\igfxpers.exe[5840] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutW + 1 00007ffa03824311 5 bytes {JMP QWORD [RIP+0x7abd20]} .text C:\Windows\System32\igfxpers.exe[5840] C:\WINDOWS\system32\USER32.dll!SystemParametersInfoW 00007ffa038254e0 6 bytes {JMP QWORD [RIP+0xa0ab50]} .text C:\Windows\System32\igfxpers.exe[5840] C:\WINDOWS\system32\USER32.dll!SendMessageW 00007ffa03825720 6 bytes {JMP QWORD [RIP+0x76a910]} .text C:\Windows\System32\igfxpers.exe[5840] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackW 00007ffa038262b0 6 bytes {JMP QWORD [RIP+0x7e9d80]} .text C:\Windows\System32\igfxpers.exe[5840] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 00007ffa03826390 6 bytes {JMP QWORD [RIP+0x449ca0]} .text C:\Windows\System32\igfxpers.exe[5840] C:\WINDOWS\system32\USER32.dll!SetWindowLongW 00007ffa038293d0 6 bytes {JMP QWORD [RIP+0x6a6c60]} .text C:\Windows\System32\igfxpers.exe[5840] C:\WINDOWS\system32\USER32.dll!mouse_event 00007ffa03829f00 6 bytes {JMP QWORD [RIP+0x406130]} .text C:\Windows\System32\igfxpers.exe[5840] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW 00007ffa0382b7f0 3 bytes [FF, 25, 40] .text C:\Windows\System32\igfxpers.exe[5840] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW + 4 00007ffa0382b7f4 2 bytes [82, 00] .text C:\Windows\System32\igfxpers.exe[5840] C:\WINDOWS\system32\USER32.dll!GetKeyState + 1 00007ffa0382fd81 5 bytes {JMP QWORD [RIP+0x8c02b0]} .text C:\Windows\System32\igfxpers.exe[5840] C:\WINDOWS\system32\USER32.dll!SystemParametersInfoA 00007ffa03833740 6 bytes {JMP QWORD [RIP+0x9dc8f0]} .text C:\Windows\System32\igfxpers.exe[5840] C:\WINDOWS\system32\USER32.dll!SetWindowLongA 00007ffa03833c60 5 bytes [FF, 25, D0, C3, 47] .text C:\Windows\System32\igfxpers.exe[5840] C:\WINDOWS\system32\USER32.dll!EnableWindow 00007ffa03834610 6 bytes {JMP QWORD [RIP+0xa1ba20]} .text C:\Windows\System32\igfxpers.exe[5840] C:\WINDOWS\system32\USER32.dll!GetAsyncKeyState 00007ffa03834b80 6 bytes {JMP QWORD [RIP+0x8db4b0]} .text C:\Windows\System32\igfxpers.exe[5840] C:\WINDOWS\system32\USER32.dll!SetWinEventHook + 1 00007ffa03837101 5 bytes {JMP QWORD [RIP+0x458f30]} .text C:\Windows\System32\igfxpers.exe[5840] C:\WINDOWS\system32\USER32.dll!PostThreadMessageA 00007ffa038455b0 6 bytes JMP 0 .text C:\Windows\System32\igfxpers.exe[5840] C:\WINDOWS\system32\USER32.dll!PostMessageA 00007ffa03845920 6 bytes {JMP QWORD [RIP+0x6aa710]} .text C:\Windows\System32\igfxpers.exe[5840] C:\WINDOWS\system32\USER32.dll!SendMessageA 00007ffa03846190 6 bytes {JMP QWORD [RIP+0x729ea0]} .text C:\Windows\System32\igfxpers.exe[5840] C:\WINDOWS\system32\USER32.dll!ExitWindowsEx 00007ffa03854520 6 bytes {JMP QWORD [RIP+0xa1bb10]} .text C:\Windows\System32\igfxpers.exe[5840] C:\WINDOWS\system32\USER32.dll!SendDlgItemMessageW 00007ffa03856480 6 bytes {JMP QWORD [RIP+0x839bb0]} .text C:\Windows\System32\igfxpers.exe[5840] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageA 00007ffa0385c620 6 bytes {JMP QWORD [RIP+0x7d3a10]} .text C:\Windows\System32\igfxpers.exe[5840] C:\WINDOWS\system32\USER32.dll!GetClipboardData 00007ffa0385efb0 6 bytes {JMP QWORD [RIP+0x971080]} .text C:\Windows\System32\igfxpers.exe[5840] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutA 00007ffa0385f600 6 bytes {JMP QWORD [RIP+0x750a30]} .text C:\Windows\System32\igfxpers.exe[5840] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 00007ffa03880f60 6 bytes {JMP QWORD [RIP+0x3cf0d0]} .text C:\Windows\System32\igfxpers.exe[5840] C:\WINDOWS\system32\USER32.dll!keybd_event 00007ffa038a9620 6 bytes {JMP QWORD [RIP+0x366a10]} .text C:\Windows\System32\igfxpers.exe[5840] C:\WINDOWS\system32\USER32.dll!SendDlgItemMessageA 00007ffa038b0f30 6 bytes {JMP QWORD [RIP+0x7bf100]} .text C:\Windows\System32\igfxpers.exe[5840] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackA 00007ffa038b18f0 6 bytes {JMP QWORD [RIP+0x73e740]} .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[3992] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW + 198 00007ffa00fe8e46 3 bytes [C4, 71, 11] .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[3992] C:\WINDOWS\system32\KERNELBASE.dll!SetProcessShutdownParameters 00007ffa00ff8ca0 5 bytes [FF, 25, 90, 73, 15] .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[3992] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW 00007ffa00ffef70 5 bytes JMP 00007ffb00fd00d8 .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[3992] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileWithProgressTransactedW + 1 00007ffa01039351 5 bytes {JMP QWORD [RIP+0x136ce0]} .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[3992] C:\WINDOWS\system32\KERNELBASE.dll!CopyFileExW 00007ffa0103a520 6 bytes {JMP QWORD [RIP+0x175b10]} .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[3992] C:\WINDOWS\system32\KERNELBASE.dll!CopyFile2 00007ffa0105bfb0 6 bytes {JMP QWORD [RIP+0x134080]} .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[3992] C:\WINDOWS\system32\USER32.dll!MoveWindow 00007ffa038211d0 6 bytes {JMP QWORD [RIP+0x94ee60]} .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[3992] C:\WINDOWS\system32\USER32.dll!SetParent 00007ffa03821220 6 bytes {JMP QWORD [RIP+0x92ee10]} .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[3992] C:\WINDOWS\system32\USER32.dll!GetKeyboardState 00007ffa03821230 6 bytes {JMP QWORD [RIP+0x8aee00]} .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[3992] C:\WINDOWS\system32\USER32.dll!SendInput 00007ffa03821240 6 bytes {JMP QWORD [RIP+0x88edf0]} .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[3992] C:\WINDOWS\system32\USER32.dll!SetClipboardViewer 00007ffa038214e0 6 bytes {JMP QWORD [RIP+0x96eb50]} .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[3992] C:\WINDOWS\system32\USER32.dll!BlockInput 00007ffa03821530 6 bytes {JMP QWORD [RIP+0x98eb00]} .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[3992] C:\WINDOWS\system32\USER32.dll!RegisterHotKey 00007ffa03821c90 6 bytes {JMP QWORD [RIP+0x9ce3a0]} .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[3992] C:\WINDOWS\system32\USER32.dll!RegisterRawInputDevices 00007ffa03821cb0 6 bytes {JMP QWORD [RIP+0x90e380]} .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[3992] C:\WINDOWS\system32\USER32.dll!PostMessageW 00007ffa038233f0 6 bytes JMP 0 .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[3992] C:\WINDOWS\system32\USER32.dll!PostThreadMessageW 00007ffa038235a0 6 bytes {JMP QWORD [RIP+0x72ca90]} .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[3992] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutW + 1 00007ffa03824311 5 bytes JMP 0 .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[3992] C:\WINDOWS\system32\USER32.dll!SystemParametersInfoW 00007ffa038254e0 6 bytes {JMP QWORD [RIP+0xa0ab50]} .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[3992] C:\WINDOWS\system32\USER32.dll!SendMessageW 00007ffa03825720 6 bytes JMP 0 .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[3992] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackW 00007ffa038262b0 6 bytes JMP 640064 .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[3992] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 00007ffa03826390 6 bytes {JMP QWORD [RIP+0x449ca0]} .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[3992] C:\WINDOWS\system32\USER32.dll!SetWindowLongW 00007ffa038293d0 6 bytes {JMP QWORD [RIP+0x6a6c60]} .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[3992] C:\WINDOWS\system32\USER32.dll!mouse_event 00007ffa03829f00 6 bytes {JMP QWORD [RIP+0x406130]} .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[3992] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW 00007ffa0382b7f0 3 bytes JMP 1000100 .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[3992] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW + 4 00007ffa0382b7f4 2 bytes JMP 1000100 .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[3992] C:\WINDOWS\system32\USER32.dll!GetKeyState + 1 00007ffa0382fd81 5 bytes JMP 20001 .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[3992] C:\WINDOWS\system32\USER32.dll!SystemParametersInfoA 00007ffa03833740 6 bytes {JMP QWORD [RIP+0x9dc8f0]} .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[3992] C:\WINDOWS\system32\USER32.dll!SetWindowLongA 00007ffa03833c60 5 bytes [FF, 25, D0, C3, 47] .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[3992] C:\WINDOWS\system32\USER32.dll!EnableWindow 00007ffa03834610 6 bytes {JMP QWORD [RIP+0xa1ba20]} .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[3992] C:\WINDOWS\system32\USER32.dll!GetAsyncKeyState 00007ffa03834b80 6 bytes {JMP QWORD [RIP+0x8db4b0]} .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[3992] C:\WINDOWS\system32\USER32.dll!SetWinEventHook + 1 00007ffa03837101 5 bytes {JMP QWORD [RIP+0x458f30]} .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[3992] C:\WINDOWS\system32\USER32.dll!PostThreadMessageA 00007ffa038455b0 6 bytes JMP ffffffff .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[3992] C:\WINDOWS\system32\USER32.dll!PostMessageA 00007ffa03845920 6 bytes {JMP QWORD [RIP+0x6aa710]} .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[3992] C:\WINDOWS\system32\USER32.dll!SendMessageA 00007ffa03846190 6 bytes {JMP QWORD [RIP+0x729ea0]} .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[3992] C:\WINDOWS\system32\USER32.dll!ExitWindowsEx 00007ffa03854520 6 bytes {JMP QWORD [RIP+0xa1bb10]} .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[3992] C:\WINDOWS\system32\USER32.dll!SendDlgItemMessageW 00007ffa03856480 6 bytes JMP 0 .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[3992] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageA 00007ffa0385c620 6 bytes JMP 14be1 .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[3992] C:\WINDOWS\system32\USER32.dll!GetClipboardData 00007ffa0385efb0 6 bytes {JMP QWORD [RIP+0x971080]} .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[3992] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutA 00007ffa0385f600 6 bytes JMP 4b31bc C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[3992] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 00007ffa03880f60 6 bytes {JMP QWORD [RIP+0x3cf0d0]} .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[3992] C:\WINDOWS\system32\USER32.dll!keybd_event 00007ffa038a9620 6 bytes {JMP QWORD [RIP+0x366a10]} .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[3992] C:\WINDOWS\system32\USER32.dll!SendDlgItemMessageA 00007ffa038b0f30 6 bytes {JMP QWORD [RIP+0x7bf100]} .text C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[3992] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackA 00007ffa038b18f0 6 bytes JMP 0 .text C:\WINDOWS\system32\wuauclt.exe[548] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW + 198 00007ffa00fe8e46 3 bytes [C4, 71, 11] .text C:\WINDOWS\system32\wuauclt.exe[548] C:\WINDOWS\system32\KERNELBASE.dll!SetProcessShutdownParameters 00007ffa00ff8ca0 5 bytes [FF, 25, 90, 73, 15] .text C:\WINDOWS\system32\wuauclt.exe[548] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW 00007ffa00ffef70 5 bytes JMP 00007ffb00fd00d8 .text C:\WINDOWS\system32\wuauclt.exe[548] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileWithProgressTransactedW + 1 00007ffa01039351 5 bytes {JMP QWORD [RIP+0x136ce0]} .text C:\WINDOWS\system32\wuauclt.exe[548] C:\WINDOWS\system32\KERNELBASE.dll!CopyFileExW 00007ffa0103a520 6 bytes {JMP QWORD [RIP+0x175b10]} .text C:\WINDOWS\system32\wuauclt.exe[548] C:\WINDOWS\system32\KERNELBASE.dll!CopyFile2 00007ffa0105bfb0 6 bytes {JMP QWORD [RIP+0x134080]} .text C:\WINDOWS\system32\wuauclt.exe[548] C:\WINDOWS\system32\USER32.dll!MoveWindow 00007ffa038211d0 6 bytes {JMP QWORD [RIP+0x94ee60]} .text C:\WINDOWS\system32\wuauclt.exe[548] C:\WINDOWS\system32\USER32.dll!SetParent 00007ffa03821220 6 bytes {JMP QWORD [RIP+0x92ee10]} .text C:\WINDOWS\system32\wuauclt.exe[548] C:\WINDOWS\system32\USER32.dll!GetKeyboardState 00007ffa03821230 6 bytes {JMP QWORD [RIP+0x8aee00]} .text C:\WINDOWS\system32\wuauclt.exe[548] C:\WINDOWS\system32\USER32.dll!SendInput 00007ffa03821240 6 bytes {JMP QWORD [RIP+0x88edf0]} .text C:\WINDOWS\system32\wuauclt.exe[548] C:\WINDOWS\system32\USER32.dll!SetClipboardViewer 00007ffa038214e0 6 bytes {JMP QWORD [RIP+0x96eb50]} .text C:\WINDOWS\system32\wuauclt.exe[548] C:\WINDOWS\system32\USER32.dll!BlockInput 00007ffa03821530 6 bytes {JMP QWORD [RIP+0x98eb00]} .text C:\WINDOWS\system32\wuauclt.exe[548] C:\WINDOWS\system32\USER32.dll!RegisterHotKey 00007ffa03821c90 6 bytes {JMP QWORD [RIP+0x9ce3a0]} .text C:\WINDOWS\system32\wuauclt.exe[548] C:\WINDOWS\system32\USER32.dll!RegisterRawInputDevices 00007ffa03821cb0 6 bytes {JMP QWORD [RIP+0x90e380]} .text C:\WINDOWS\system32\wuauclt.exe[548] C:\WINDOWS\system32\USER32.dll!PostMessageW 00007ffa038233f0 6 bytes {JMP QWORD [RIP+0x6ecc40]} .text C:\WINDOWS\system32\wuauclt.exe[548] C:\WINDOWS\system32\USER32.dll!PostThreadMessageW 00007ffa038235a0 6 bytes {JMP QWORD [RIP+0x72ca90]} .text C:\WINDOWS\system32\wuauclt.exe[548] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutW + 1 00007ffa03824311 5 bytes {JMP QWORD [RIP+0x7abd20]} .text C:\WINDOWS\system32\wuauclt.exe[548] C:\WINDOWS\system32\USER32.dll!SystemParametersInfoW 00007ffa038254e0 6 bytes {JMP QWORD [RIP+0xa0ab50]} .text C:\WINDOWS\system32\wuauclt.exe[548] C:\WINDOWS\system32\USER32.dll!SendMessageW 00007ffa03825720 6 bytes {JMP QWORD [RIP+0x76a910]} .text C:\WINDOWS\system32\wuauclt.exe[548] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackW 00007ffa038262b0 6 bytes {JMP QWORD [RIP+0x7e9d80]} .text C:\WINDOWS\system32\wuauclt.exe[548] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 00007ffa03826390 6 bytes {JMP QWORD [RIP+0x449ca0]} .text C:\WINDOWS\system32\wuauclt.exe[548] C:\WINDOWS\system32\USER32.dll!SetWindowLongW 00007ffa038293d0 6 bytes {JMP QWORD [RIP+0x6a6c60]} .text C:\WINDOWS\system32\wuauclt.exe[548] C:\WINDOWS\system32\USER32.dll!mouse_event 00007ffa03829f00 6 bytes {JMP QWORD [RIP+0x406130]} .text C:\WINDOWS\system32\wuauclt.exe[548] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW 00007ffa0382b7f0 3 bytes [FF, 25, 40] .text C:\WINDOWS\system32\wuauclt.exe[548] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW + 4 00007ffa0382b7f4 2 bytes [82, 00] .text C:\WINDOWS\system32\wuauclt.exe[548] C:\WINDOWS\system32\USER32.dll!GetKeyState + 1 00007ffa0382fd81 5 bytes {JMP QWORD [RIP+0x8c02b0]} .text C:\WINDOWS\system32\wuauclt.exe[548] C:\WINDOWS\system32\USER32.dll!SystemParametersInfoA 00007ffa03833740 6 bytes {JMP QWORD [RIP+0x9dc8f0]} .text C:\WINDOWS\system32\wuauclt.exe[548] C:\WINDOWS\system32\USER32.dll!SetWindowLongA 00007ffa03833c60 5 bytes [FF, 25, D0, C3, 47] .text C:\WINDOWS\system32\wuauclt.exe[548] C:\WINDOWS\system32\USER32.dll!EnableWindow 00007ffa03834610 6 bytes {JMP QWORD [RIP+0xa1ba20]} .text C:\WINDOWS\system32\wuauclt.exe[548] C:\WINDOWS\system32\USER32.dll!GetAsyncKeyState 00007ffa03834b80 6 bytes {JMP QWORD [RIP+0x8db4b0]} .text C:\WINDOWS\system32\wuauclt.exe[548] C:\WINDOWS\system32\USER32.dll!SetWinEventHook + 1 00007ffa03837101 5 bytes {JMP QWORD [RIP+0x458f30]} .text C:\WINDOWS\system32\wuauclt.exe[548] C:\WINDOWS\system32\USER32.dll!PostThreadMessageA 00007ffa038455b0 6 bytes {JMP QWORD [RIP+0x6eaa80]} .text C:\WINDOWS\system32\wuauclt.exe[548] C:\WINDOWS\system32\USER32.dll!PostMessageA 00007ffa03845920 6 bytes {JMP QWORD [RIP+0x6aa710]} .text C:\WINDOWS\system32\wuauclt.exe[548] C:\WINDOWS\system32\USER32.dll!SendMessageA 00007ffa03846190 6 bytes {JMP QWORD [RIP+0x729ea0]} .text C:\WINDOWS\system32\wuauclt.exe[548] C:\WINDOWS\system32\USER32.dll!ExitWindowsEx 00007ffa03854520 6 bytes {JMP QWORD [RIP+0xa1bb10]} .text C:\WINDOWS\system32\wuauclt.exe[548] C:\WINDOWS\system32\USER32.dll!SendDlgItemMessageW 00007ffa03856480 6 bytes {JMP QWORD [RIP+0x839bb0]} .text C:\WINDOWS\system32\wuauclt.exe[548] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageA 00007ffa0385c620 6 bytes {JMP QWORD [RIP+0x7d3a10]} .text C:\WINDOWS\system32\wuauclt.exe[548] C:\WINDOWS\system32\USER32.dll!GetClipboardData 00007ffa0385efb0 6 bytes {JMP QWORD [RIP+0x971080]} .text C:\WINDOWS\system32\wuauclt.exe[548] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutA 00007ffa0385f600 6 bytes {JMP QWORD [RIP+0x750a30]} .text C:\WINDOWS\system32\wuauclt.exe[548] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 00007ffa03880f60 6 bytes {JMP QWORD [RIP+0x3cf0d0]} .text C:\WINDOWS\system32\wuauclt.exe[548] C:\WINDOWS\system32\USER32.dll!keybd_event 00007ffa038a9620 6 bytes {JMP QWORD [RIP+0x366a10]} .text C:\WINDOWS\system32\wuauclt.exe[548] C:\WINDOWS\system32\USER32.dll!SendDlgItemMessageA 00007ffa038b0f30 6 bytes {JMP QWORD [RIP+0x7bf100]} .text C:\WINDOWS\system32\wuauclt.exe[548] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackA 00007ffa038b18f0 6 bytes {JMP QWORD [RIP+0x73e740]} .text C:\WINDOWS\system32\wbem\unsecapp.exe[3492] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW + 198 00007ffa00fe8e46 3 bytes [C4, 71, 11] .text C:\WINDOWS\system32\wbem\unsecapp.exe[3492] C:\WINDOWS\system32\KERNELBASE.dll!SetProcessShutdownParameters 00007ffa00ff8ca0 5 bytes [FF, 25, 90, 73, 15] .text C:\WINDOWS\system32\wbem\unsecapp.exe[3492] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW 00007ffa00ffef70 5 bytes JMP 00007ffb00fd00d8 .text C:\WINDOWS\system32\wbem\unsecapp.exe[3492] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileWithProgressTransactedW + 1 00007ffa01039351 5 bytes {JMP QWORD [RIP+0x136ce0]} .text C:\WINDOWS\system32\wbem\unsecapp.exe[3492] C:\WINDOWS\system32\KERNELBASE.dll!CopyFileExW 00007ffa0103a520 6 bytes {JMP QWORD [RIP+0x175b10]} .text C:\WINDOWS\system32\wbem\unsecapp.exe[3492] C:\WINDOWS\system32\KERNELBASE.dll!CopyFile2 00007ffa0105bfb0 6 bytes {JMP QWORD [RIP+0x134080]} .text C:\WINDOWS\system32\wbem\unsecapp.exe[3492] C:\WINDOWS\system32\USER32.dll!MoveWindow 00007ffa038211d0 6 bytes {JMP QWORD [RIP+0x94ee60]} .text C:\WINDOWS\system32\wbem\unsecapp.exe[3492] C:\WINDOWS\system32\USER32.dll!SetParent 00007ffa03821220 6 bytes {JMP QWORD [RIP+0x92ee10]} .text C:\WINDOWS\system32\wbem\unsecapp.exe[3492] C:\WINDOWS\system32\USER32.dll!GetKeyboardState 00007ffa03821230 6 bytes {JMP QWORD [RIP+0x8aee00]} .text C:\WINDOWS\system32\wbem\unsecapp.exe[3492] C:\WINDOWS\system32\USER32.dll!SendInput 00007ffa03821240 6 bytes {JMP QWORD [RIP+0x88edf0]} .text C:\WINDOWS\system32\wbem\unsecapp.exe[3492] C:\WINDOWS\system32\USER32.dll!SetClipboardViewer 00007ffa038214e0 6 bytes {JMP QWORD [RIP+0x96eb50]} .text C:\WINDOWS\system32\wbem\unsecapp.exe[3492] C:\WINDOWS\system32\USER32.dll!BlockInput 00007ffa03821530 6 bytes {JMP QWORD [RIP+0x98eb00]} .text C:\WINDOWS\system32\wbem\unsecapp.exe[3492] C:\WINDOWS\system32\USER32.dll!RegisterHotKey 00007ffa03821c90 6 bytes {JMP QWORD [RIP+0x9ce3a0]} .text C:\WINDOWS\system32\wbem\unsecapp.exe[3492] C:\WINDOWS\system32\USER32.dll!RegisterRawInputDevices 00007ffa03821cb0 6 bytes {JMP QWORD [RIP+0x90e380]} .text C:\WINDOWS\system32\wbem\unsecapp.exe[3492] C:\WINDOWS\system32\USER32.dll!PostMessageW 00007ffa038233f0 6 bytes {JMP QWORD [RIP+0x6ecc40]} .text C:\WINDOWS\system32\wbem\unsecapp.exe[3492] C:\WINDOWS\system32\USER32.dll!PostThreadMessageW 00007ffa038235a0 6 bytes {JMP QWORD [RIP+0x72ca90]} .text C:\WINDOWS\system32\wbem\unsecapp.exe[3492] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutW + 1 00007ffa03824311 5 bytes {JMP QWORD [RIP+0x7abd20]} .text C:\WINDOWS\system32\wbem\unsecapp.exe[3492] C:\WINDOWS\system32\USER32.dll!SystemParametersInfoW 00007ffa038254e0 6 bytes {JMP QWORD [RIP+0xa0ab50]} .text C:\WINDOWS\system32\wbem\unsecapp.exe[3492] C:\WINDOWS\system32\USER32.dll!SendMessageW 00007ffa03825720 6 bytes {JMP QWORD [RIP+0x76a910]} .text C:\WINDOWS\system32\wbem\unsecapp.exe[3492] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackW 00007ffa038262b0 6 bytes {JMP QWORD [RIP+0x7e9d80]} .text C:\WINDOWS\system32\wbem\unsecapp.exe[3492] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 00007ffa03826390 6 bytes {JMP QWORD [RIP+0x449ca0]} .text C:\WINDOWS\system32\wbem\unsecapp.exe[3492] C:\WINDOWS\system32\USER32.dll!SetWindowLongW 00007ffa038293d0 6 bytes {JMP QWORD [RIP+0x6a6c60]} .text C:\WINDOWS\system32\wbem\unsecapp.exe[3492] C:\WINDOWS\system32\USER32.dll!mouse_event 00007ffa03829f00 6 bytes {JMP QWORD [RIP+0x406130]} .text C:\WINDOWS\system32\wbem\unsecapp.exe[3492] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW 00007ffa0382b7f0 3 bytes [FF, 25, 40] .text C:\WINDOWS\system32\wbem\unsecapp.exe[3492] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW + 4 00007ffa0382b7f4 2 bytes [82, 00] .text C:\WINDOWS\system32\wbem\unsecapp.exe[3492] C:\WINDOWS\system32\USER32.dll!GetKeyState + 1 00007ffa0382fd81 5 bytes {JMP QWORD [RIP+0x8c02b0]} .text C:\WINDOWS\system32\wbem\unsecapp.exe[3492] C:\WINDOWS\system32\USER32.dll!SystemParametersInfoA 00007ffa03833740 6 bytes {JMP QWORD [RIP+0x9dc8f0]} .text C:\WINDOWS\system32\wbem\unsecapp.exe[3492] C:\WINDOWS\system32\USER32.dll!SetWindowLongA 00007ffa03833c60 5 bytes [FF, 25, D0, C3, 47] .text C:\WINDOWS\system32\wbem\unsecapp.exe[3492] C:\WINDOWS\system32\USER32.dll!EnableWindow 00007ffa03834610 6 bytes {JMP QWORD [RIP+0xa1ba20]} .text C:\WINDOWS\system32\wbem\unsecapp.exe[3492] C:\WINDOWS\system32\USER32.dll!GetAsyncKeyState 00007ffa03834b80 6 bytes {JMP QWORD [RIP+0x8db4b0]} .text C:\WINDOWS\system32\wbem\unsecapp.exe[3492] C:\WINDOWS\system32\USER32.dll!SetWinEventHook + 1 00007ffa03837101 5 bytes {JMP QWORD [RIP+0x458f30]} .text C:\WINDOWS\system32\wbem\unsecapp.exe[3492] C:\WINDOWS\system32\USER32.dll!PostThreadMessageA 00007ffa038455b0 6 bytes {JMP QWORD [RIP+0x6eaa80]} .text C:\WINDOWS\system32\wbem\unsecapp.exe[3492] C:\WINDOWS\system32\USER32.dll!PostMessageA 00007ffa03845920 6 bytes {JMP QWORD [RIP+0x6aa710]} .text C:\WINDOWS\system32\wbem\unsecapp.exe[3492] C:\WINDOWS\system32\USER32.dll!SendMessageA 00007ffa03846190 6 bytes {JMP QWORD [RIP+0x729ea0]} .text C:\WINDOWS\system32\wbem\unsecapp.exe[3492] C:\WINDOWS\system32\USER32.dll!ExitWindowsEx 00007ffa03854520 6 bytes {JMP QWORD [RIP+0xa1bb10]} .text C:\WINDOWS\system32\wbem\unsecapp.exe[3492] C:\WINDOWS\system32\USER32.dll!SendDlgItemMessageW 00007ffa03856480 6 bytes {JMP QWORD [RIP+0x839bb0]} .text C:\WINDOWS\system32\wbem\unsecapp.exe[3492] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageA 00007ffa0385c620 6 bytes {JMP QWORD [RIP+0x7d3a10]} .text C:\WINDOWS\system32\wbem\unsecapp.exe[3492] C:\WINDOWS\system32\USER32.dll!GetClipboardData 00007ffa0385efb0 6 bytes {JMP QWORD [RIP+0x971080]} .text C:\WINDOWS\system32\wbem\unsecapp.exe[3492] C:\WINDOWS\system32\USER32.dll!SendMessageTimeoutA 00007ffa0385f600 6 bytes {JMP QWORD [RIP+0x750a30]} .text C:\WINDOWS\system32\wbem\unsecapp.exe[3492] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 00007ffa03880f60 6 bytes {JMP QWORD [RIP+0x3cf0d0]} .text C:\WINDOWS\system32\wbem\unsecapp.exe[3492] C:\WINDOWS\system32\USER32.dll!keybd_event 00007ffa038a9620 6 bytes {JMP QWORD [RIP+0x366a10]} .text C:\WINDOWS\system32\wbem\unsecapp.exe[3492] C:\WINDOWS\system32\USER32.dll!SendDlgItemMessageA 00007ffa038b0f30 6 bytes {JMP QWORD [RIP+0x7bf100]} .text C:\WINDOWS\system32\wbem\unsecapp.exe[3492] C:\WINDOWS\system32\USER32.dll!SendMessageCallbackA 00007ffa038b18f0 6 bytes {JMP QWORD [RIP+0x73e740]} ---- User IAT/EAT - GMER 2.1 ---- IAT C:\WINDOWS\system32\services.exe[756] @ C:\WINDOWS\system32\services.exe[ntdll.dll!NtLoadDriver] [7ffa044e0000] IAT C:\WINDOWS\system32\services.exe[756] @ C:\WINDOWS\system32\services.exe[ntdll.dll!NtShutdownSystem] [7ffa04450000] IAT C:\WINDOWS\system32\services.exe[756] @ C:\WINDOWS\system32\KERNEL32.DLL[ntdll.dll!NtCreateEvent] [7ffa04340000] IAT C:\WINDOWS\system32\services.exe[756] @ C:\WINDOWS\system32\KERNEL32.DLL[ntdll.dll!NtCreateSection] [7ffa04560000] IAT C:\WINDOWS\system32\services.exe[756] @ C:\WINDOWS\system32\KERNEL32.DLL[ntdll.dll!NtSetSystemInformation] [7ffa04530000] IAT C:\WINDOWS\system32\services.exe[756] @ C:\WINDOWS\system32\KERNEL32.DLL[ntdll.dll!NtTerminateProcess] [7ffa044b0000] IAT C:\WINDOWS\system32\services.exe[756] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateEvent] [7ffa04340000] IAT C:\WINDOWS\system32\services.exe[756] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtTerminateProcess] [7ffa044b0000] IAT C:\WINDOWS\system32\services.exe[756] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateSection] [7ffa04560000] IAT C:\WINDOWS\system32\services.exe[756] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtSetSystemInformation] [7ffa04530000] IAT C:\WINDOWS\system32\services.exe[756] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateSemaphore] [7ffa043a0000] IAT C:\WINDOWS\system32\services.exe[756] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateMutant] [7ffa042f0000] IAT C:\WINDOWS\system32\services.exe[756] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtOpenSection] [7ffa04590000] IAT C:\WINDOWS\system32\services.exe[756] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateThreadEx] [7ffa045c0000] IAT C:\WINDOWS\system32\services.exe[756] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtTerminateThread] [7ffa04420000] IAT C:\WINDOWS\system32\services.exe[756] @ C:\WINDOWS\system32\RPCRT4.dll[ntdll.dll!NtCreateSection] [7ffa04560000] IAT C:\WINDOWS\system32\services.exe[756] @ C:\WINDOWS\system32\RPCRT4.dll[ntdll.dll!NtAlpcSendWaitReceivePort] [7ffa042c0000] IAT C:\WINDOWS\system32\services.exe[756] @ C:\WINDOWS\SYSTEM32\sechost.dll[ntdll.dll!NtSetSystemInformation] [7ffa04530000] IAT C:\WINDOWS\system32\services.exe[756] @ C:\WINDOWS\SYSTEM32\sechost.dll[ntdll.dll!NtTerminateProcess] [7ffa044b0000] IAT C:\WINDOWS\system32\services.exe[756] @ C:\WINDOWS\system32\bcryptPrimitives.dll[ntdll.dll!NtTerminateProcess] [7ffa044b0000] IAT C:\WINDOWS\system32\services.exe[756] @ C:\WINDOWS\system32\USER32.dll[GDI32.dll!DeleteDC] [7ffa014a0000] IAT C:\WINDOWS\system32\services.exe[756] @ C:\WINDOWS\system32\GDI32.dll[ntdll.dll!NtCreateSection] [7ffa04560000] IAT C:\WINDOWS\system32\services.exe[756] @ C:\WINDOWS\system32\ADVAPI32.dll[ntdll.dll!NtSetSystemInformation] [7ffa04530000] IAT C:\WINDOWS\system32\services.exe[756] @ C:\WINDOWS\system32\ole32.dll[GDI32.dll!DeleteDC] [7ffa014a0000] IAT C:\WINDOWS\system32\services.exe[756] @ C:\WINDOWS\system32\SHLWAPI.dll[GDI32.dll!DeleteDC] [7ffa014a0000] IAT C:\WINDOWS\system32\services.exe[756] @ C:\WINDOWS\SYSTEM32\combase.dll[ntdll.dll!NtTerminateProcess] [7ffa044b0000] IAT C:\WINDOWS\system32\services.exe[756] @ C:\WINDOWS\SYSTEM32\ntmarta.dll[ntdll.dll!NtOpenSection] [7ffa04590000] IAT C:\WINDOWS\system32\services.exe[756] @ C:\WINDOWS\SYSTEM32\scesrv.dll[ntdll.dll!NtTerminateThread] [7ffa04420000] IAT C:\WINDOWS\system32\services.exe[756] @ C:\WINDOWS\system32\apphelp.dll[ntdll.dll!NtCreateSection] [7ffa04560000] IAT C:\WINDOWS\system32\services.exe[756] @ C:\WINDOWS\system32\WS2_32.dll[ntdll.dll!NtLoadDriver] [7ffa044e0000] IAT C:\WINDOWS\system32\services.exe[756] @ C:\WINDOWS\system32\NSI.dll[ntdll.dll!NtTerminateProcess] [7ffa044b0000] IAT C:\WINDOWS\system32\services.exe[756] @ C:\WINDOWS\system32\mswsock.dll[ntdll.dll!NtLoadDriver] [7ffa044e0000] IAT C:\WINDOWS\system32\services.exe[756] @ C:\WINDOWS\system32\mswsock.dll[ntdll.dll!NtCreateEvent] [7ffa04340000] IAT C:\WINDOWS\system32\lsass.exe[768] @ C:\WINDOWS\system32\KERNEL32.DLL[ntdll.dll!NtCreateEvent] [7ffa04300000] IAT C:\WINDOWS\system32\lsass.exe[768] @ C:\WINDOWS\system32\KERNEL32.DLL[ntdll.dll!NtCreateSection] [7ffa04520000] IAT C:\WINDOWS\system32\lsass.exe[768] @ C:\WINDOWS\system32\KERNEL32.DLL[ntdll.dll!NtSetSystemInformation] [7ffa044f0000] IAT C:\WINDOWS\system32\lsass.exe[768] @ C:\WINDOWS\system32\KERNEL32.DLL[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\WINDOWS\system32\lsass.exe[768] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateEvent] [7ffa04300000] IAT C:\WINDOWS\system32\lsass.exe[768] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\WINDOWS\system32\lsass.exe[768] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateSection] [7ffa04520000] IAT C:\WINDOWS\system32\lsass.exe[768] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtSetSystemInformation] [7ffa044f0000] IAT C:\WINDOWS\system32\lsass.exe[768] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateSemaphore] [7ffa04360000] IAT C:\WINDOWS\system32\lsass.exe[768] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateMutant] [7ffa042b0000] IAT C:\WINDOWS\system32\lsass.exe[768] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtOpenSection] [7ffa04550000] IAT C:\WINDOWS\system32\lsass.exe[768] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateThreadEx] [7ffa04580000] IAT C:\WINDOWS\system32\lsass.exe[768] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtTerminateThread] [7ffa043e0000] IAT C:\WINDOWS\system32\lsass.exe[768] @ C:\WINDOWS\system32\RPCRT4.dll[ntdll.dll!NtCreateSection] [7ffa04520000] IAT C:\WINDOWS\system32\lsass.exe[768] @ C:\WINDOWS\system32\RPCRT4.dll[ntdll.dll!NtAlpcSendWaitReceivePort] [7ffa04280000] IAT C:\WINDOWS\system32\lsass.exe[768] @ C:\WINDOWS\system32\USER32.dll[GDI32.dll!DeleteDC] [7ffa014a0000] IAT C:\WINDOWS\system32\lsass.exe[768] @ C:\WINDOWS\system32\GDI32.dll[ntdll.dll!NtCreateSection] [7ffa04520000] IAT C:\WINDOWS\system32\lsass.exe[768] @ C:\WINDOWS\system32\ADVAPI32.dll[ntdll.dll!NtSetSystemInformation] [7ffa044f0000] IAT C:\WINDOWS\system32\lsass.exe[768] @ C:\WINDOWS\system32\ole32.dll[GDI32.dll!DeleteDC] [7ffa014a0000] IAT C:\WINDOWS\system32\lsass.exe[768] @ C:\WINDOWS\system32\SHLWAPI.dll[GDI32.dll!DeleteDC] [7ffa014a0000] IAT C:\WINDOWS\system32\lsass.exe[768] @ C:\WINDOWS\SYSTEM32\sechost.dll[ntdll.dll!NtSetSystemInformation] [7ffa044f0000] IAT C:\WINDOWS\system32\lsass.exe[768] @ C:\WINDOWS\SYSTEM32\sechost.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\WINDOWS\system32\lsass.exe[768] @ C:\WINDOWS\SYSTEM32\combase.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\WINDOWS\system32\lsass.exe[768] @ C:\WINDOWS\SYSTEM32\ntmarta.dll[ntdll.dll!NtOpenSection] [7ffa04550000] IAT C:\WINDOWS\system32\lsass.exe[768] @ C:\WINDOWS\system32\lsasrv.dll[ntdll.dll!NtCreateEvent] [7ffa04300000] IAT C:\WINDOWS\system32\lsass.exe[768] @ C:\WINDOWS\system32\lsasrv.dll[ntdll.dll!NtShutdownSystem] [7ffa04410000] IAT C:\WINDOWS\system32\lsass.exe[768] @ C:\WINDOWS\system32\lsasrv.dll[ntdll.dll!NtCreateSection] [7ffa04520000] IAT C:\WINDOWS\system32\lsass.exe[768] @ C:\WINDOWS\SYSTEM32\samsrv.dll[ntdll.dll!NtCreateEvent] [7ffa04300000] IAT C:\WINDOWS\system32\lsass.exe[768] @ C:\WINDOWS\system32\bcrypt.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\WINDOWS\system32\lsass.exe[768] @ C:\WINDOWS\system32\ncrypt.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\WINDOWS\system32\lsass.exe[768] @ C:\WINDOWS\system32\negoexts.DLL[ntdll.dll!NtCreateEvent] [7ffa04300000] IAT C:\WINDOWS\system32\lsass.exe[768] @ C:\WINDOWS\system32\bcryptPrimitives.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\WINDOWS\system32\lsass.exe[768] @ C:\WINDOWS\system32\kerberos.DLL[ntdll.dll!NtCreateEvent] [7ffa04300000] IAT C:\WINDOWS\system32\lsass.exe[768] @ C:\WINDOWS\system32\CRYPTSP.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\WINDOWS\system32\lsass.exe[768] @ C:\WINDOWS\system32\WS2_32.dll[ntdll.dll!NtLoadDriver] [7ffa044a0000] IAT C:\WINDOWS\system32\lsass.exe[768] @ C:\WINDOWS\system32\NSI.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\WINDOWS\system32\lsass.exe[768] @ C:\WINDOWS\system32\mswsock.dll[ntdll.dll!NtLoadDriver] [7ffa044a0000] IAT C:\WINDOWS\system32\lsass.exe[768] @ C:\WINDOWS\system32\mswsock.dll[ntdll.dll!NtCreateEvent] [7ffa04300000] IAT C:\WINDOWS\system32\lsass.exe[768] @ C:\WINDOWS\system32\msv1_0.DLL[ntdll.dll!NtCreateEvent] [7ffa04300000] IAT C:\WINDOWS\system32\lsass.exe[768] @ C:\WINDOWS\system32\netlogon.DLL[ntdll.dll!NtCreateEvent] [7ffa04300000] IAT C:\WINDOWS\system32\lsass.exe[768] @ C:\WINDOWS\system32\logoncli.dll[ntdll.dll!NtCreateEvent] [7ffa04300000] IAT C:\WINDOWS\system32\lsass.exe[768] @ C:\WINDOWS\SYSTEM32\powrprof.dll[ntdll.dll!ZwAlpcSendWaitReceivePort] [7ffa04280000] IAT C:\WINDOWS\system32\lsass.exe[768] @ C:\WINDOWS\system32\tspkg.DLL[ntdll.dll!NtCreateEvent] [7ffa04300000] IAT C:\WINDOWS\system32\lsass.exe[768] @ C:\WINDOWS\system32\pku2u.DLL[ntdll.dll!NtCreateEvent] [7ffa04300000] IAT C:\WINDOWS\system32\lsass.exe[768] @ C:\WINDOWS\system32\rsaenh.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\WINDOWS\system32\lsass.exe[768] @ C:\WINDOWS\system32\wdigest.DLL[ntdll.dll!NtCreateEvent] [7ffa04300000] IAT C:\WINDOWS\system32\lsass.exe[768] @ C:\WINDOWS\system32\schannel.DLL[ntdll.dll!NtCreateEvent] [7ffa04300000] IAT C:\WINDOWS\system32\lsass.exe[768] @ C:\WINDOWS\system32\dpapisrv.dll[ntdll.dll!NtCreateEvent] [7ffa04300000] IAT C:\WINDOWS\system32\lsass.exe[768] @ C:\WINDOWS\SYSTEM32\winsta.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\WINDOWS\system32\lsass.exe[768] @ C:\WINDOWS\system32\bcd.dll[ntdll.dll!ZwCreateEvent] [7ffa04300000] IAT C:\WINDOWS\system32\lsass.exe[768] @ C:\WINDOWS\system32\bcd.dll[ntdll.dll!NtCreateEvent] [7ffa04300000] IAT C:\WINDOWS\system32\lsass.exe[768] @ C:\WINDOWS\system32\ncryptsslp.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\WINDOWS\system32\lsass.exe[768] @ C:\WINDOWS\system32\ncryptprov.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\WINDOWS\system32\lsass.exe[768] @ C:\WINDOWS\system32\dssenh.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\WINDOWS\system32\lsass.exe[768] @ C:\WINDOWS\system32\keyiso.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\WINDOWS\system32\svchost.exe[848] @ C:\WINDOWS\system32\KERNEL32.DLL[ntdll.dll!NtCreateEvent] [7ffa04340000] IAT C:\WINDOWS\system32\svchost.exe[848] @ C:\WINDOWS\system32\KERNEL32.DLL[ntdll.dll!NtCreateSection] [7ffa04560000] IAT C:\WINDOWS\system32\svchost.exe[848] @ C:\WINDOWS\system32\KERNEL32.DLL[ntdll.dll!NtSetSystemInformation] [7ffa04530000] IAT C:\WINDOWS\system32\svchost.exe[848] @ C:\WINDOWS\system32\KERNEL32.DLL[ntdll.dll!NtTerminateProcess] [7ffa044b0000] IAT C:\WINDOWS\system32\svchost.exe[848] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateEvent] [7ffa04340000] IAT C:\WINDOWS\system32\svchost.exe[848] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtTerminateProcess] [7ffa044b0000] IAT C:\WINDOWS\system32\svchost.exe[848] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateSection] [7ffa04560000] IAT C:\WINDOWS\system32\svchost.exe[848] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtSetSystemInformation] [7ffa04530000] IAT C:\WINDOWS\system32\svchost.exe[848] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateSemaphore] [7ffa043a0000] IAT C:\WINDOWS\system32\svchost.exe[848] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateMutant] [7ffa042f0000] IAT C:\WINDOWS\system32\svchost.exe[848] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtOpenSection] [7ffa04590000] IAT C:\WINDOWS\system32\svchost.exe[848] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateThreadEx] [7ffa045c0000] IAT C:\WINDOWS\system32\svchost.exe[848] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtTerminateThread] [7ffa04420000] IAT C:\WINDOWS\system32\svchost.exe[848] @ C:\WINDOWS\SYSTEM32\sechost.dll[ntdll.dll!NtSetSystemInformation] [7ffa04530000] IAT C:\WINDOWS\system32\svchost.exe[848] @ C:\WINDOWS\SYSTEM32\sechost.dll[ntdll.dll!NtTerminateProcess] [7ffa044b0000] IAT C:\WINDOWS\system32\svchost.exe[848] @ C:\WINDOWS\system32\RPCRT4.dll[ntdll.dll!NtCreateSection] [7ffa04560000] IAT C:\WINDOWS\system32\svchost.exe[848] @ C:\WINDOWS\system32\RPCRT4.dll[ntdll.dll!NtAlpcSendWaitReceivePort] [7ffa042c0000] IAT C:\WINDOWS\system32\svchost.exe[848] @ C:\WINDOWS\system32\USER32.dll[GDI32.dll!DeleteDC] [7ffa014a0000] IAT C:\WINDOWS\system32\svchost.exe[848] @ C:\WINDOWS\system32\GDI32.dll[ntdll.dll!NtCreateSection] [7ffa04560000] IAT C:\WINDOWS\system32\svchost.exe[848] @ C:\WINDOWS\system32\ADVAPI32.dll[ntdll.dll!NtSetSystemInformation] [7ffa04530000] IAT C:\WINDOWS\system32\svchost.exe[848] @ C:\WINDOWS\system32\ole32.dll[GDI32.dll!DeleteDC] [7ffa014a0000] IAT C:\WINDOWS\system32\svchost.exe[848] @ C:\WINDOWS\system32\SHLWAPI.dll[GDI32.dll!DeleteDC] [7ffa014a0000] IAT C:\WINDOWS\system32\svchost.exe[848] @ C:\WINDOWS\SYSTEM32\combase.dll[ntdll.dll!NtTerminateProcess] [7ffa044b0000] IAT C:\WINDOWS\system32\svchost.exe[848] @ C:\WINDOWS\SYSTEM32\ntmarta.dll[ntdll.dll!NtOpenSection] [7ffa04590000] IAT C:\WINDOWS\system32\svchost.exe[848] @ c:\windows\system32\umpo.dll[ntdll.dll!NtAlpcSendWaitReceivePort] [7ffa042c0000] IAT C:\WINDOWS\system32\svchost.exe[848] @ C:\WINDOWS\SYSTEM32\powrprof.dll[ntdll.dll!ZwAlpcSendWaitReceivePort] [7ffa042c0000] IAT C:\WINDOWS\system32\svchost.exe[848] @ c:\windows\system32\pcwum.dll[ntdll.dll!NtTerminateProcess] [7ffa044b0000] IAT C:\WINDOWS\system32\svchost.exe[848] @ c:\windows\system32\rpcss.dll[ntdll.dll!NtTerminateProcess] [7ffa044b0000] IAT C:\WINDOWS\system32\svchost.exe[848] @ c:\windows\system32\rpcss.dll[ntdll.dll!NtSetSystemInformation] [7ffa04530000] IAT C:\WINDOWS\system32\svchost.exe[848] @ c:\windows\system32\bisrv.dll[ntdll.dll!NtCreateEvent] [7ffa04340000] IAT C:\WINDOWS\system32\svchost.exe[848] @ c:\windows\system32\bisrv.dll[ntdll.dll!ZwAlpcSendWaitReceivePort] [7ffa042c0000] IAT C:\WINDOWS\system32\svchost.exe[848] @ c:\windows\system32\psmsrv.dll[ntdll.dll!NtAlpcSendWaitReceivePort] [7ffa042c0000] IAT C:\WINDOWS\system32\svchost.exe[848] @ c:\windows\system32\psmsrv.dll[ntdll.dll!NtCreateEvent] [7ffa04340000] IAT C:\WINDOWS\system32\svchost.exe[848] @ c:\windows\system32\psmsrv.dll[ntdll.dll!NtCreateSemaphore] [7ffa043a0000] IAT C:\WINDOWS\system32\svchost.exe[848] @ C:\WINDOWS\system32\bcryptPrimitives.dll[ntdll.dll!NtTerminateProcess] [7ffa044b0000] IAT C:\WINDOWS\system32\svchost.exe[848] @ c:\windows\system32\lsm.dll[ntdll.dll!NtTerminateProcess] [7ffa044b0000] IAT C:\WINDOWS\system32\svchost.exe[848] @ c:\windows\system32\lsm.dll[ntdll.dll!NtAlpcSendWaitReceivePort] [7ffa042c0000] IAT C:\WINDOWS\system32\svchost.exe[848] @ c:\windows\system32\lsm.dll[ntdll.dll!NtSetSystemInformation] [7ffa04530000] IAT C:\WINDOWS\system32\svchost.exe[848] @ c:\windows\system32\lsm.dll[ntdll.dll!NtCreateEvent] [7ffa04340000] IAT C:\WINDOWS\system32\svchost.exe[848] @ C:\WINDOWS\system32\CRYPTSP.dll[ntdll.dll!NtTerminateProcess] [7ffa044b0000] IAT C:\WINDOWS\system32\svchost.exe[848] @ C:\WINDOWS\system32\rsaenh.dll[ntdll.dll!NtTerminateProcess] [7ffa044b0000] IAT C:\WINDOWS\system32\svchost.exe[848] @ C:\WINDOWS\system32\bcrypt.dll[ntdll.dll!NtTerminateProcess] [7ffa044b0000] IAT C:\WINDOWS\system32\svchost.exe[848] @ C:\WINDOWS\SYSTEM32\WINSTA.dll[ntdll.dll!NtTerminateProcess] [7ffa044b0000] IAT C:\WINDOWS\system32\svchost.exe[848] @ C:\Windows\System32\twinapi.dll[ntdll.dll!NtCreateSection] [7ffa04560000] IAT C:\WINDOWS\system32\svchost.exe[892] @ C:\WINDOWS\system32\KERNEL32.DLL[ntdll.dll!NtCreateEvent] [7ffa04340000] IAT C:\WINDOWS\system32\svchost.exe[892] @ C:\WINDOWS\system32\KERNEL32.DLL[ntdll.dll!NtCreateSection] [7ffa04560000] IAT C:\WINDOWS\system32\svchost.exe[892] @ C:\WINDOWS\system32\KERNEL32.DLL[ntdll.dll!NtSetSystemInformation] [7ffa04530000] IAT C:\WINDOWS\system32\svchost.exe[892] @ C:\WINDOWS\system32\KERNEL32.DLL[ntdll.dll!NtTerminateProcess] [7ffa044b0000] IAT C:\WINDOWS\system32\svchost.exe[892] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateEvent] [7ffa04340000] IAT C:\WINDOWS\system32\svchost.exe[892] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtTerminateProcess] [7ffa044b0000] IAT C:\WINDOWS\system32\svchost.exe[892] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateSection] [7ffa04560000] IAT C:\WINDOWS\system32\svchost.exe[892] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtSetSystemInformation] [7ffa04530000] IAT C:\WINDOWS\system32\svchost.exe[892] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateSemaphore] [7ffa043a0000] IAT C:\WINDOWS\system32\svchost.exe[892] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateMutant] [7ffa042f0000] IAT C:\WINDOWS\system32\svchost.exe[892] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtOpenSection] [7ffa04590000] IAT C:\WINDOWS\system32\svchost.exe[892] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateThreadEx] [7ffa045c0000] IAT C:\WINDOWS\system32\svchost.exe[892] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtTerminateThread] [7ffa04420000] IAT C:\WINDOWS\system32\svchost.exe[892] @ C:\WINDOWS\SYSTEM32\sechost.dll[ntdll.dll!NtSetSystemInformation] [7ffa04530000] IAT C:\WINDOWS\system32\svchost.exe[892] @ C:\WINDOWS\SYSTEM32\sechost.dll[ntdll.dll!NtTerminateProcess] [7ffa044b0000] IAT C:\WINDOWS\system32\svchost.exe[892] @ C:\WINDOWS\system32\RPCRT4.dll[ntdll.dll!NtCreateSection] [7ffa04560000] IAT C:\WINDOWS\system32\svchost.exe[892] @ C:\WINDOWS\system32\RPCRT4.dll[ntdll.dll!NtAlpcSendWaitReceivePort] [7ffa042c0000] IAT C:\WINDOWS\system32\svchost.exe[892] @ C:\WINDOWS\system32\USER32.dll[GDI32.dll!DeleteDC] [7ffa014a0000] IAT C:\WINDOWS\system32\svchost.exe[892] @ C:\WINDOWS\system32\GDI32.dll[ntdll.dll!NtCreateSection] [7ffa04560000] IAT C:\WINDOWS\system32\svchost.exe[892] @ C:\WINDOWS\system32\ADVAPI32.dll[ntdll.dll!NtSetSystemInformation] [7ffa04530000] IAT C:\WINDOWS\system32\svchost.exe[892] @ C:\WINDOWS\system32\ole32.dll[GDI32.dll!DeleteDC] [7ffa014a0000] IAT C:\WINDOWS\system32\svchost.exe[892] @ C:\WINDOWS\system32\SHLWAPI.dll[GDI32.dll!DeleteDC] [7ffa014a0000] IAT C:\WINDOWS\system32\svchost.exe[892] @ C:\WINDOWS\SYSTEM32\combase.dll[ntdll.dll!NtTerminateProcess] [7ffa044b0000] IAT C:\WINDOWS\system32\svchost.exe[892] @ C:\WINDOWS\SYSTEM32\ntmarta.dll[ntdll.dll!NtOpenSection] [7ffa04590000] IAT C:\WINDOWS\system32\svchost.exe[892] @ c:\windows\system32\rpcepmap.dll[ntdll.dll!NtOpenSection] [7ffa04590000] IAT C:\WINDOWS\system32\svchost.exe[892] @ c:\windows\system32\rpcss.dll[ntdll.dll!NtTerminateProcess] [7ffa044b0000] IAT C:\WINDOWS\system32\svchost.exe[892] @ c:\windows\system32\rpcss.dll[ntdll.dll!NtSetSystemInformation] [7ffa04530000] IAT C:\WINDOWS\system32\svchost.exe[892] @ C:\WINDOWS\SYSTEM32\powrprof.dll[ntdll.dll!ZwAlpcSendWaitReceivePort] [7ffa042c0000] IAT C:\WINDOWS\system32\svchost.exe[892] @ c:\windows\system32\CRYPTSP.dll[ntdll.dll!NtTerminateProcess] [7ffa044b0000] IAT C:\WINDOWS\system32\svchost.exe[892] @ C:\WINDOWS\system32\rsaenh.dll[ntdll.dll!NtTerminateProcess] [7ffa044b0000] IAT C:\WINDOWS\system32\svchost.exe[892] @ C:\WINDOWS\system32\bcrypt.dll[ntdll.dll!NtTerminateProcess] [7ffa044b0000] IAT C:\WINDOWS\system32\svchost.exe[892] @ C:\WINDOWS\system32\bcryptPrimitives.dll[ntdll.dll!NtTerminateProcess] [7ffa044b0000] IAT C:\WINDOWS\system32\svchost.exe[892] @ C:\WINDOWS\system32\WS2_32.dll[ntdll.dll!NtLoadDriver] [7ffa044e0000] IAT C:\WINDOWS\system32\svchost.exe[892] @ C:\WINDOWS\system32\NSI.dll[ntdll.dll!NtTerminateProcess] [7ffa044b0000] IAT C:\WINDOWS\system32\svchost.exe[892] @ C:\WINDOWS\system32\mswsock.dll[ntdll.dll!NtLoadDriver] [7ffa044e0000] IAT C:\WINDOWS\system32\svchost.exe[892] @ C:\WINDOWS\system32\mswsock.dll[ntdll.dll!NtCreateEvent] [7ffa04340000] IAT C:\WINDOWS\system32\svchost.exe[892] @ C:\WINDOWS\SYSTEM32\WINSTA.dll[ntdll.dll!NtTerminateProcess] [7ffa044b0000] IAT C:\WINDOWS\system32\svchost.exe[468] @ C:\WINDOWS\system32\KERNEL32.DLL[ntdll.dll!NtCreateEvent] [7ffa04300000] IAT C:\WINDOWS\system32\svchost.exe[468] @ C:\WINDOWS\system32\KERNEL32.DLL[ntdll.dll!NtCreateSection] [7ffa04520000] IAT C:\WINDOWS\system32\svchost.exe[468] @ C:\WINDOWS\system32\KERNEL32.DLL[ntdll.dll!NtSetSystemInformation] [7ffa044f0000] IAT C:\WINDOWS\system32\svchost.exe[468] @ C:\WINDOWS\system32\KERNEL32.DLL[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\WINDOWS\system32\svchost.exe[468] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateEvent] [7ffa04300000] IAT C:\WINDOWS\system32\svchost.exe[468] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\WINDOWS\system32\svchost.exe[468] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateSection] [7ffa04520000] IAT C:\WINDOWS\system32\svchost.exe[468] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtSetSystemInformation] [7ffa044f0000] IAT C:\WINDOWS\system32\svchost.exe[468] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateSemaphore] [7ffa04360000] IAT C:\WINDOWS\system32\svchost.exe[468] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateMutant] [7ffa042b0000] IAT C:\WINDOWS\system32\svchost.exe[468] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtOpenSection] [7ffa04550000] IAT C:\WINDOWS\system32\svchost.exe[468] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateThreadEx] [7ffa04580000] IAT C:\WINDOWS\system32\svchost.exe[468] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtTerminateThread] [7ffa043e0000] IAT C:\WINDOWS\system32\svchost.exe[468] @ C:\WINDOWS\SYSTEM32\sechost.dll[ntdll.dll!NtSetSystemInformation] [7ffa044f0000] IAT C:\WINDOWS\system32\svchost.exe[468] @ C:\WINDOWS\SYSTEM32\sechost.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\WINDOWS\system32\svchost.exe[468] @ C:\WINDOWS\system32\RPCRT4.dll[ntdll.dll!NtCreateSection] [7ffa04520000] IAT C:\WINDOWS\system32\svchost.exe[468] @ C:\WINDOWS\system32\RPCRT4.dll[ntdll.dll!NtAlpcSendWaitReceivePort] [7ffa04280000] IAT C:\WINDOWS\system32\svchost.exe[468] @ C:\WINDOWS\system32\USER32.dll[GDI32.dll!DeleteDC] [7ffa014a0000] IAT C:\WINDOWS\system32\svchost.exe[468] @ C:\WINDOWS\system32\GDI32.dll[ntdll.dll!NtCreateSection] [7ffa04520000] IAT C:\WINDOWS\system32\svchost.exe[468] @ C:\WINDOWS\system32\ADVAPI32.dll[ntdll.dll!NtSetSystemInformation] [7ffa044f0000] IAT C:\WINDOWS\system32\svchost.exe[468] @ C:\WINDOWS\system32\ole32.dll[GDI32.dll!DeleteDC] [7ffa014a0000] IAT C:\WINDOWS\system32\svchost.exe[468] @ C:\WINDOWS\system32\SHLWAPI.dll[GDI32.dll!DeleteDC] [7ffa014a0000] IAT C:\WINDOWS\system32\svchost.exe[468] @ C:\WINDOWS\SYSTEM32\combase.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\WINDOWS\system32\svchost.exe[468] @ C:\WINDOWS\SYSTEM32\ntmarta.dll[ntdll.dll!NtOpenSection] [7ffa04550000] IAT C:\WINDOWS\system32\svchost.exe[468] @ C:\WINDOWS\system32\bcryptPrimitives.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\WINDOWS\system32\svchost.exe[468] @ C:\WINDOWS\system32\ncrypt.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\WINDOWS\system32\svchost.exe[468] @ C:\WINDOWS\system32\bcrypt.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\WINDOWS\system32\svchost.exe[468] @ C:\WINDOWS\system32\WS2_32.dll[ntdll.dll!NtLoadDriver] [7ffa044a0000] IAT C:\WINDOWS\system32\svchost.exe[468] @ C:\WINDOWS\system32\bcd.dll[ntdll.dll!ZwCreateEvent] [7ffa04300000] IAT C:\WINDOWS\system32\svchost.exe[468] @ C:\WINDOWS\system32\bcd.dll[ntdll.dll!NtCreateEvent] [7ffa04300000] IAT C:\WINDOWS\system32\svchost.exe[468] @ C:\WINDOWS\system32\NSI.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\WINDOWS\system32\svchost.exe[468] @ C:\WINDOWS\system32\CRYPTSP.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\WINDOWS\system32\svchost.exe[468] @ C:\WINDOWS\system32\rsaenh.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\WINDOWS\system32\svchost.exe[468] @ C:\WINDOWS\system32\mswsock.dll[ntdll.dll!NtLoadDriver] [7ffa044a0000] IAT C:\WINDOWS\system32\svchost.exe[468] @ C:\WINDOWS\system32\mswsock.dll[ntdll.dll!NtCreateEvent] [7ffa04300000] IAT C:\WINDOWS\system32\svchost.exe[468] @ c:\windows\system32\wkssvc.dll[ntdll.dll!NtCreateEvent] [7ffa04300000] IAT C:\WINDOWS\system32\svchost.exe[468] @ c:\windows\system32\ncsi.dll[ntdll.dll!ZwAlpcSendWaitReceivePort] [7ffa04280000] IAT C:\WINDOWS\system32\svchost.exe[468] @ C:\WINDOWS\SYSTEM32\powrprof.dll[ntdll.dll!ZwAlpcSendWaitReceivePort] [7ffa04280000] IAT C:\WINDOWS\system32\svchost.exe[468] @ c:\windows\system32\logoncli.dll[ntdll.dll!NtCreateEvent] [7ffa04300000] IAT C:\WINDOWS\system32\svchost.exe[468] @ c:\windows\system32\WINSTA.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\WINDOWS\system32\svchost.exe[468] @ C:\WINDOWS\system32\SHELL32.dll[GDI32.dll!DeleteDC] [7ffa014a0000] IAT C:\WINDOWS\system32\svchost.exe[468] @ C:\WINDOWS\system32\d3d9.dll[GDI32.dll!DeleteDC] [7ffa014a0000] IAT C:\WINDOWS\system32\svchost.exe[468] @ C:\WINDOWS\system32\dwmapi.dll[ntdll.dll!NtCreateSection] [7ffa04520000] IAT C:\WINDOWS\system32\svchost.exe[468] @ C:\WINDOWS\system32\dwmapi.dll[GDI32.dll!DeleteDC] [7ffa014a0000] IAT C:\WINDOWS\system32\svchost.exe[468] @ C:\Windows\System32\ATL.DLL[GDI32.dll!DeleteDC] [7ffa014a0000] IAT C:\WINDOWS\system32\svchost.exe[468] @ C:\WINDOWS\system32\WINMM.dll[ntdll.dll!NtCreateEvent] [7ffa04300000] IAT C:\WINDOWS\System32\svchost.exe[544] @ C:\WINDOWS\system32\USER32.dll[GDI32.dll!DeleteDC] [7ffa014a0000] IAT C:\WINDOWS\System32\svchost.exe[544] @ C:\WINDOWS\system32\ole32.dll[GDI32.dll!DeleteDC] [7ffa014a0000] IAT C:\WINDOWS\System32\svchost.exe[544] @ C:\WINDOWS\system32\SHLWAPI.dll[GDI32.dll!DeleteDC] [7ffa014a0000] IAT C:\WINDOWS\System32\svchost.exe[544] @ C:\WINDOWS\system32\SHELL32.dll[GDI32.dll!DeleteDC] [7ffa014a0000] IAT C:\WINDOWS\system32\svchost.exe[472] @ C:\WINDOWS\system32\KERNEL32.DLL[ntdll.dll!NtCreateEvent] [7ffa04340000] IAT C:\WINDOWS\system32\svchost.exe[472] @ C:\WINDOWS\system32\KERNEL32.DLL[ntdll.dll!NtCreateSection] [7ffa04560000] IAT C:\WINDOWS\system32\svchost.exe[472] @ C:\WINDOWS\system32\KERNEL32.DLL[ntdll.dll!NtSetSystemInformation] [7ffa04530000] IAT C:\WINDOWS\system32\svchost.exe[472] @ C:\WINDOWS\system32\KERNEL32.DLL[ntdll.dll!NtTerminateProcess] [7ffa044b0000] IAT C:\WINDOWS\system32\svchost.exe[472] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateEvent] [7ffa04340000] IAT C:\WINDOWS\system32\svchost.exe[472] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtTerminateProcess] [7ffa044b0000] IAT C:\WINDOWS\system32\svchost.exe[472] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateSection] [7ffa04560000] IAT C:\WINDOWS\system32\svchost.exe[472] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtSetSystemInformation] [7ffa04530000] IAT C:\WINDOWS\system32\svchost.exe[472] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateSemaphore] [7ffa043a0000] IAT C:\WINDOWS\system32\svchost.exe[472] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateMutant] [7ffa042f0000] IAT C:\WINDOWS\system32\svchost.exe[472] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtOpenSection] [7ffa04590000] IAT C:\WINDOWS\system32\svchost.exe[472] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateThreadEx] [7ffa045c0000] IAT C:\WINDOWS\system32\svchost.exe[472] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtTerminateThread] [7ffa04420000] IAT C:\WINDOWS\system32\svchost.exe[472] @ C:\WINDOWS\SYSTEM32\sechost.dll[ntdll.dll!NtSetSystemInformation] [7ffa04530000] IAT C:\WINDOWS\system32\svchost.exe[472] @ C:\WINDOWS\SYSTEM32\sechost.dll[ntdll.dll!NtTerminateProcess] [7ffa044b0000] IAT C:\WINDOWS\system32\svchost.exe[472] @ C:\WINDOWS\system32\RPCRT4.dll[ntdll.dll!NtCreateSection] [7ffa04560000] IAT C:\WINDOWS\system32\svchost.exe[472] @ C:\WINDOWS\system32\RPCRT4.dll[ntdll.dll!NtAlpcSendWaitReceivePort] [7ffa042c0000] IAT C:\WINDOWS\system32\svchost.exe[472] @ C:\WINDOWS\system32\USER32.dll[GDI32.dll!DeleteDC] [7ffa014a0000] IAT C:\WINDOWS\system32\svchost.exe[472] @ C:\WINDOWS\system32\GDI32.dll[ntdll.dll!NtCreateSection] [7ffa04560000] IAT C:\WINDOWS\system32\svchost.exe[472] @ C:\WINDOWS\system32\ADVAPI32.dll[ntdll.dll!NtSetSystemInformation] [7ffa04530000] IAT C:\WINDOWS\system32\svchost.exe[472] @ C:\WINDOWS\system32\ole32.dll[GDI32.dll!DeleteDC] [7ffa014a0000] IAT C:\WINDOWS\system32\svchost.exe[472] @ C:\WINDOWS\system32\SHLWAPI.dll[GDI32.dll!DeleteDC] [7ffa014a0000] IAT C:\WINDOWS\system32\svchost.exe[472] @ C:\WINDOWS\SYSTEM32\combase.dll[ntdll.dll!NtTerminateProcess] [7ffa044b0000] IAT C:\WINDOWS\system32\svchost.exe[472] @ C:\WINDOWS\SYSTEM32\ntmarta.dll[ntdll.dll!NtOpenSection] [7ffa04590000] IAT C:\WINDOWS\system32\svchost.exe[472] @ C:\WINDOWS\system32\bcryptPrimitives.dll[ntdll.dll!NtTerminateProcess] [7ffa044b0000] IAT C:\WINDOWS\system32\svchost.exe[472] @ C:\WINDOWS\system32\SHELL32.dll[GDI32.dll!DeleteDC] [7ffa014a0000] IAT C:\WINDOWS\system32\svchost.exe[472] @ c:\windows\system32\ATL.DLL[GDI32.dll!DeleteDC] [7ffa014a0000] IAT C:\WINDOWS\system32\svchost.exe[472] @ C:\WINDOWS\system32\WS2_32.dll[ntdll.dll!NtLoadDriver] [7ffa044e0000] IAT C:\WINDOWS\system32\svchost.exe[472] @ C:\WINDOWS\system32\NSI.dll[ntdll.dll!NtTerminateProcess] [7ffa044b0000] IAT C:\WINDOWS\system32\svchost.exe[472] @ c:\windows\system32\LOGONCLI.DLL[ntdll.dll!NtCreateEvent] [7ffa04340000] IAT C:\WINDOWS\system32\svchost.exe[472] @ c:\windows\system32\themeservice.dll[ntdll.dll!NtOpenSection] [7ffa04590000] IAT C:\WINDOWS\system32\svchost.exe[472] @ c:\windows\system32\gpsvc.dll[ntdll.dll!ZwAlpcSendWaitReceivePort] [7ffa042c0000] IAT C:\WINDOWS\system32\svchost.exe[472] @ C:\WINDOWS\system32\CRYPTSP.dll[ntdll.dll!NtTerminateProcess] [7ffa044b0000] IAT C:\WINDOWS\system32\svchost.exe[472] @ c:\windows\system32\WINSTA.dll[ntdll.dll!NtTerminateProcess] [7ffa044b0000] IAT C:\WINDOWS\system32\svchost.exe[472] @ C:\WINDOWS\system32\rsaenh.dll[ntdll.dll!NtTerminateProcess] [7ffa044b0000] IAT C:\WINDOWS\system32\svchost.exe[472] @ C:\WINDOWS\system32\bcrypt.dll[ntdll.dll!NtTerminateProcess] [7ffa044b0000] IAT C:\WINDOWS\system32\svchost.exe[472] @ c:\windows\system32\pcwum.dll[ntdll.dll!NtTerminateProcess] [7ffa044b0000] IAT C:\WINDOWS\system32\svchost.exe[472] @ c:\windows\system32\bcd.dll[ntdll.dll!ZwCreateEvent] [7ffa04340000] IAT C:\WINDOWS\system32\svchost.exe[472] @ c:\windows\system32\bcd.dll[ntdll.dll!NtCreateEvent] [7ffa04340000] IAT C:\WINDOWS\system32\svchost.exe[472] @ c:\windows\system32\POWRPROF.dll[ntdll.dll!ZwAlpcSendWaitReceivePort] [7ffa042c0000] IAT C:\WINDOWS\system32\svchost.exe[472] @ C:\WINDOWS\system32\mswsock.dll[ntdll.dll!NtLoadDriver] [7ffa044e0000] IAT C:\WINDOWS\system32\svchost.exe[472] @ C:\WINDOWS\system32\mswsock.dll[ntdll.dll!NtCreateEvent] [7ffa04340000] IAT C:\WINDOWS\system32\svchost.exe[472] @ c:\windows\system32\srvsvc.dll[ntdll.dll!NtCreateEvent] [7ffa04340000] IAT C:\WINDOWS\system32\svchost.exe[472] @ C:\WINDOWS\system32\SSCORE.DLL[ntdll.dll!NtCreateEvent] [7ffa04340000] IAT C:\WINDOWS\system32\svchost.exe[472] @ C:\WINDOWS\system32\cscapi.dll[ntdll.dll!NtCreateEvent] [7ffa04340000] IAT C:\WINDOWS\system32\svchost.exe[472] @ c:\windows\system32\apphelp.dll[ntdll.dll!NtCreateSection] [7ffa04560000] IAT C:\WINDOWS\system32\svchost.exe[472] @ C:\WINDOWS\system32\ncrypt.dll[ntdll.dll!NtTerminateProcess] [7ffa044b0000] IAT C:\WINDOWS\system32\svchost.exe[472] @ c:\windows\system32\appinfo.dll[ntdll.dll!NtCreateSection] [7ffa04560000] IAT C:\WINDOWS\system32\svchost.exe[472] @ c:\windows\system32\wuaueng.dll[ntdll.dll!ZwAlpcSendWaitReceivePort] [7ffa042c0000] IAT C:\WINDOWS\system32\svchost.exe[472] @ C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda\comctl32.dll[GDI32.dll!DeleteDC] [7ffa014a0000] IAT C:\WINDOWS\system32\svchost.exe[472] @ C:\WINDOWS\system32\kerberos.DLL[ntdll.dll!NtCreateEvent] [7ffa04340000] IAT C:\WINDOWS\system32\svchost.exe[472] @ C:\WINDOWS\system32\schannel.DLL[ntdll.dll!NtCreateEvent] [7ffa04340000] IAT C:\WINDOWS\system32\svchost.exe[944] @ C:\WINDOWS\system32\KERNEL32.DLL[ntdll.dll!NtCreateEvent] [7ffa04300000] IAT C:\WINDOWS\system32\svchost.exe[944] @ C:\WINDOWS\system32\KERNEL32.DLL[ntdll.dll!NtCreateSection] [7ffa04520000] IAT C:\WINDOWS\system32\svchost.exe[944] @ C:\WINDOWS\system32\KERNEL32.DLL[ntdll.dll!NtSetSystemInformation] [7ffa044f0000] IAT C:\WINDOWS\system32\svchost.exe[944] @ C:\WINDOWS\system32\KERNEL32.DLL[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\WINDOWS\system32\svchost.exe[944] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateEvent] [7ffa04300000] IAT C:\WINDOWS\system32\svchost.exe[944] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\WINDOWS\system32\svchost.exe[944] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateSection] [7ffa04520000] IAT C:\WINDOWS\system32\svchost.exe[944] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtSetSystemInformation] [7ffa044f0000] IAT C:\WINDOWS\system32\svchost.exe[944] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateSemaphore] [7ffa04360000] IAT C:\WINDOWS\system32\svchost.exe[944] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateMutant] [7ffa042b0000] IAT C:\WINDOWS\system32\svchost.exe[944] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtOpenSection] [7ffa04550000] IAT C:\WINDOWS\system32\svchost.exe[944] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateThreadEx] [7ffa04580000] IAT C:\WINDOWS\system32\svchost.exe[944] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtTerminateThread] [7ffa043e0000] IAT C:\WINDOWS\system32\svchost.exe[944] @ C:\WINDOWS\SYSTEM32\sechost.dll[ntdll.dll!NtSetSystemInformation] [7ffa044f0000] IAT C:\WINDOWS\system32\svchost.exe[944] @ C:\WINDOWS\SYSTEM32\sechost.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\WINDOWS\system32\svchost.exe[944] @ C:\WINDOWS\system32\RPCRT4.dll[ntdll.dll!NtCreateSection] [7ffa04520000] IAT C:\WINDOWS\system32\svchost.exe[944] @ C:\WINDOWS\system32\RPCRT4.dll[ntdll.dll!NtAlpcSendWaitReceivePort] [7ffa04280000] IAT C:\WINDOWS\system32\svchost.exe[944] @ C:\WINDOWS\system32\USER32.dll[GDI32.dll!DeleteDC] [7ffa014a0000] IAT C:\WINDOWS\system32\svchost.exe[944] @ C:\WINDOWS\system32\GDI32.dll[ntdll.dll!NtCreateSection] [7ffa04520000] IAT C:\WINDOWS\system32\svchost.exe[944] @ C:\WINDOWS\system32\ADVAPI32.dll[ntdll.dll!NtSetSystemInformation] [7ffa044f0000] IAT C:\WINDOWS\system32\svchost.exe[944] @ C:\WINDOWS\system32\ole32.dll[GDI32.dll!DeleteDC] [7ffa014a0000] IAT C:\WINDOWS\system32\svchost.exe[944] @ C:\WINDOWS\system32\SHLWAPI.dll[GDI32.dll!DeleteDC] [7ffa014a0000] IAT C:\WINDOWS\system32\svchost.exe[944] @ C:\WINDOWS\SYSTEM32\combase.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\WINDOWS\system32\svchost.exe[944] @ C:\WINDOWS\SYSTEM32\ntmarta.dll[ntdll.dll!NtOpenSection] [7ffa04550000] IAT C:\WINDOWS\system32\svchost.exe[944] @ C:\WINDOWS\system32\bcryptPrimitives.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\WINDOWS\system32\svchost.exe[944] @ C:\WINDOWS\system32\CRYPTSP.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\WINDOWS\system32\svchost.exe[944] @ C:\WINDOWS\system32\rsaenh.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\WINDOWS\system32\svchost.exe[944] @ C:\WINDOWS\system32\bcrypt.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\WINDOWS\system32\svchost.exe[944] @ C:\WINDOWS\system32\NSI.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\WINDOWS\system32\svchost.exe[944] @ C:\WINDOWS\system32\WS2_32.dll[ntdll.dll!NtLoadDriver] [7ffa044a0000] IAT C:\WINDOWS\system32\svchost.exe[944] @ C:\WINDOWS\system32\mswsock.dll[ntdll.dll!NtLoadDriver] [7ffa044a0000] IAT C:\WINDOWS\system32\svchost.exe[944] @ C:\WINDOWS\system32\mswsock.dll[ntdll.dll!NtCreateEvent] [7ffa04300000] IAT C:\WINDOWS\system32\svchost.exe[944] @ c:\windows\system32\wdi.dll[ntdll.dll!NtAlpcSendWaitReceivePort] [7ffa04280000] IAT C:\WINDOWS\system32\svchost.exe[944] @ C:\WINDOWS\system32\perftrack.dll[ntdll.dll!NtSetSystemInformation] [7ffa044f0000] IAT C:\WINDOWS\system32\svchost.exe[944] @ C:\WINDOWS\system32\wer.dll[ntdll.dll!NtAlpcSendWaitReceivePort] [7ffa04280000] IAT C:\WINDOWS\system32\svchost.exe[944] @ C:\WINDOWS\system32\AEPIC.dll[ntdll.dll!ZwCreateSection] [7ffa04520000] IAT C:\WINDOWS\system32\svchost.exe[944] @ C:\WINDOWS\system32\pcwum.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\WINDOWS\system32\svchost.exe[944] @ C:\WINDOWS\system32\apphelp.dll[ntdll.dll!NtCreateSection] [7ffa04520000] IAT C:\WINDOWS\system32\svchost.exe[944] @ C:\WINDOWS\system32\msv1_0.DLL[ntdll.dll!NtCreateEvent] [7ffa04300000] IAT C:\WINDOWS\system32\svchost.exe[944] @ C:\WINDOWS\SYSTEM32\powrprof.dll[ntdll.dll!ZwAlpcSendWaitReceivePort] [7ffa04280000] IAT C:\WINDOWS\system32\svchost.exe[944] @ c:\windows\system32\HTTPAPI.dll[ntdll.dll!NtCreateEvent] [7ffa04300000] IAT C:\WINDOWS\System32\svchost.exe[1056] @ C:\WINDOWS\system32\KERNEL32.DLL[ntdll.dll!NtCreateEvent] [7ffa04300000] IAT C:\WINDOWS\System32\svchost.exe[1056] @ C:\WINDOWS\system32\KERNEL32.DLL[ntdll.dll!NtCreateSection] [7ffa04520000] IAT C:\WINDOWS\System32\svchost.exe[1056] @ C:\WINDOWS\system32\KERNEL32.DLL[ntdll.dll!NtSetSystemInformation] [7ffa044f0000] IAT C:\WINDOWS\System32\svchost.exe[1056] @ C:\WINDOWS\system32\KERNEL32.DLL[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\WINDOWS\System32\svchost.exe[1056] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateEvent] [7ffa04300000] IAT C:\WINDOWS\System32\svchost.exe[1056] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\WINDOWS\System32\svchost.exe[1056] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateSection] [7ffa04520000] IAT C:\WINDOWS\System32\svchost.exe[1056] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtSetSystemInformation] [7ffa044f0000] IAT C:\WINDOWS\System32\svchost.exe[1056] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateSemaphore] [7ffa04360000] IAT C:\WINDOWS\System32\svchost.exe[1056] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateMutant] [7ffa042b0000] IAT C:\WINDOWS\System32\svchost.exe[1056] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtOpenSection] [7ffa04550000] IAT C:\WINDOWS\System32\svchost.exe[1056] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateThreadEx] [7ffa04580000] IAT C:\WINDOWS\System32\svchost.exe[1056] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtTerminateThread] [7ffa043e0000] IAT C:\WINDOWS\System32\svchost.exe[1056] @ C:\WINDOWS\SYSTEM32\sechost.dll[ntdll.dll!NtSetSystemInformation] [7ffa044f0000] IAT C:\WINDOWS\System32\svchost.exe[1056] @ C:\WINDOWS\SYSTEM32\sechost.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\WINDOWS\System32\svchost.exe[1056] @ C:\WINDOWS\system32\RPCRT4.dll[ntdll.dll!NtCreateSection] [7ffa04520000] IAT C:\WINDOWS\System32\svchost.exe[1056] @ C:\WINDOWS\system32\RPCRT4.dll[ntdll.dll!NtAlpcSendWaitReceivePort] [7ffa04280000] IAT C:\WINDOWS\System32\svchost.exe[1056] @ C:\WINDOWS\system32\USER32.dll[GDI32.dll!DeleteDC] [7ffa014a0000] IAT C:\WINDOWS\System32\svchost.exe[1056] @ C:\WINDOWS\system32\GDI32.dll[ntdll.dll!NtCreateSection] [7ffa04520000] IAT C:\WINDOWS\System32\svchost.exe[1056] @ C:\WINDOWS\system32\ADVAPI32.dll[ntdll.dll!NtSetSystemInformation] [7ffa044f0000] IAT C:\WINDOWS\System32\svchost.exe[1056] @ C:\WINDOWS\system32\ole32.dll[GDI32.dll!DeleteDC] [7ffa014a0000] IAT C:\WINDOWS\System32\svchost.exe[1056] @ C:\WINDOWS\system32\SHLWAPI.dll[GDI32.dll!DeleteDC] [7ffa014a0000] IAT C:\WINDOWS\System32\svchost.exe[1056] @ C:\WINDOWS\SYSTEM32\combase.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\WINDOWS\System32\svchost.exe[1056] @ C:\WINDOWS\SYSTEM32\ntmarta.dll[ntdll.dll!NtOpenSection] [7ffa04550000] IAT C:\WINDOWS\System32\svchost.exe[1056] @ C:\WINDOWS\System32\bcryptPrimitives.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\WINDOWS\System32\svchost.exe[1056] @ c:\windows\system32\bcrypt.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\WINDOWS\System32\svchost.exe[1056] @ C:\WINDOWS\SYSTEM32\powrprof.dll[ntdll.dll!ZwAlpcSendWaitReceivePort] [7ffa04280000] IAT C:\WINDOWS\System32\svchost.exe[1056] @ C:\WINDOWS\SYSTEM32\WINSTA.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\WINDOWS\System32\svchost.exe[1056] @ c:\windows\system32\CRYPTSP.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\WINDOWS\System32\svchost.exe[1056] @ C:\WINDOWS\system32\WS2_32.dll[ntdll.dll!NtLoadDriver] [7ffa044a0000] IAT C:\WINDOWS\System32\svchost.exe[1056] @ C:\WINDOWS\system32\NSI.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\WINDOWS\System32\svchost.exe[1056] @ C:\WINDOWS\system32\rsaenh.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\WINDOWS\System32\svchost.exe[1056] @ C:\WINDOWS\system32\kerberos.DLL[ntdll.dll!NtCreateEvent] [7ffa04300000] IAT C:\WINDOWS\System32\svchost.exe[1056] @ c:\windows\system32\pcasvc.dll[ntdll.dll!NtCreateSection] [7ffa04520000] IAT C:\WINDOWS\System32\svchost.exe[1056] @ c:\windows\system32\AEPIC.dll[ntdll.dll!ZwCreateSection] [7ffa04520000] IAT C:\WINDOWS\System32\svchost.exe[1056] @ c:\windows\system32\apphelp.dll[ntdll.dll!NtCreateSection] [7ffa04520000] IAT C:\WINDOWS\System32\svchost.exe[1056] @ c:\windows\system32\sysmain.dll[ntdll.dll!NtSetSystemInformation] [7ffa044f0000] IAT C:\WINDOWS\System32\svchost.exe[1056] @ c:\windows\system32\wdi.dll[ntdll.dll!NtAlpcSendWaitReceivePort] [7ffa04280000] IAT C:\WINDOWS\System32\svchost.exe[1056] @ C:\WINDOWS\system32\mswsock.dll[ntdll.dll!NtLoadDriver] [7ffa044a0000] IAT C:\WINDOWS\System32\svchost.exe[1056] @ C:\WINDOWS\system32\mswsock.dll[ntdll.dll!NtCreateEvent] [7ffa04300000] IAT C:\WINDOWS\System32\svchost.exe[1056] @ C:\WINDOWS\System32\wer.dll[ntdll.dll!NtAlpcSendWaitReceivePort] [7ffa04280000] IAT C:\WINDOWS\System32\svchost.exe[1056] @ C:\Windows\System32\twinapi.dll[ntdll.dll!NtCreateSection] [7ffa04520000] IAT C:\WINDOWS\System32\svchost.exe[1056] @ C:\WINDOWS\system32\SHELL32.dll[GDI32.dll!DeleteDC] [7ffa014a0000] IAT C:\WINDOWS\System32\svchost.exe[1056] @ C:\WINDOWS\system32\ATL.DLL[GDI32.dll!DeleteDC] [7ffa014a0000] IAT C:\WINDOWS\System32\svchost.exe[1056] @ c:\windows\system32\RASDLG.dll[GDI32.dll!DeleteDC] [7ffa014a0000] IAT C:\WINDOWS\System32\svchost.exe[1056] @ C:\WINDOWS\system32\ncrypt.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\WINDOWS\System32\spoolsv.exe[1436] @ C:\WINDOWS\system32\KERNEL32.DLL[ntdll.dll!NtCreateEvent] [7ffa04300000] IAT C:\WINDOWS\System32\spoolsv.exe[1436] @ C:\WINDOWS\system32\KERNEL32.DLL[ntdll.dll!NtCreateSection] [7ffa04520000] IAT C:\WINDOWS\System32\spoolsv.exe[1436] @ C:\WINDOWS\system32\KERNEL32.DLL[ntdll.dll!NtSetSystemInformation] [7ffa044f0000] IAT C:\WINDOWS\System32\spoolsv.exe[1436] @ C:\WINDOWS\system32\KERNEL32.DLL[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\WINDOWS\System32\spoolsv.exe[1436] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateEvent] [7ffa04300000] IAT C:\WINDOWS\System32\spoolsv.exe[1436] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\WINDOWS\System32\spoolsv.exe[1436] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateSection] [7ffa04520000] IAT C:\WINDOWS\System32\spoolsv.exe[1436] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtSetSystemInformation] [7ffa044f0000] IAT C:\WINDOWS\System32\spoolsv.exe[1436] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateSemaphore] [7ffa04360000] IAT C:\WINDOWS\System32\spoolsv.exe[1436] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateMutant] [7ffa042b0000] IAT C:\WINDOWS\System32\spoolsv.exe[1436] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtOpenSection] [7ffa04550000] IAT C:\WINDOWS\System32\spoolsv.exe[1436] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateThreadEx] [7ffa04580000] IAT C:\WINDOWS\System32\spoolsv.exe[1436] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtTerminateThread] [7ffa043e0000] IAT C:\WINDOWS\System32\spoolsv.exe[1436] @ C:\WINDOWS\system32\USER32.dll[GDI32.dll!DeleteDC] [7ffa014a0000] IAT C:\WINDOWS\System32\spoolsv.exe[1436] @ C:\WINDOWS\SYSTEM32\sechost.dll[ntdll.dll!NtSetSystemInformation] [7ffa044f0000] IAT C:\WINDOWS\System32\spoolsv.exe[1436] @ C:\WINDOWS\SYSTEM32\sechost.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\WINDOWS\System32\spoolsv.exe[1436] @ C:\WINDOWS\system32\RPCRT4.dll[ntdll.dll!NtCreateSection] [7ffa04520000] IAT C:\WINDOWS\System32\spoolsv.exe[1436] @ C:\WINDOWS\system32\RPCRT4.dll[ntdll.dll!NtAlpcSendWaitReceivePort] [7ffa04280000] IAT C:\WINDOWS\System32\spoolsv.exe[1436] @ C:\WINDOWS\SYSTEM32\powrprof.dll[ntdll.dll!ZwAlpcSendWaitReceivePort] [7ffa04280000] IAT C:\WINDOWS\System32\spoolsv.exe[1436] @ C:\WINDOWS\system32\GDI32.dll[ntdll.dll!NtCreateSection] [7ffa04520000] IAT C:\WINDOWS\System32\spoolsv.exe[1436] @ C:\WINDOWS\system32\WS2_32.dll[ntdll.dll!NtLoadDriver] [7ffa044a0000] IAT C:\WINDOWS\System32\spoolsv.exe[1436] @ C:\WINDOWS\system32\NSI.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\WINDOWS\System32\spoolsv.exe[1436] @ C:\WINDOWS\system32\ADVAPI32.dll[ntdll.dll!NtSetSystemInformation] [7ffa044f0000] IAT C:\WINDOWS\System32\spoolsv.exe[1436] @ C:\WINDOWS\system32\ole32.dll[GDI32.dll!DeleteDC] [7ffa014a0000] IAT C:\WINDOWS\System32\spoolsv.exe[1436] @ C:\WINDOWS\system32\SHLWAPI.dll[GDI32.dll!DeleteDC] [7ffa014a0000] IAT C:\WINDOWS\System32\spoolsv.exe[1436] @ C:\WINDOWS\SYSTEM32\combase.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\WINDOWS\System32\spoolsv.exe[1436] @ C:\WINDOWS\SYSTEM32\ntmarta.dll[ntdll.dll!NtOpenSection] [7ffa04550000] IAT C:\WINDOWS\System32\spoolsv.exe[1436] @ C:\WINDOWS\System32\bcryptPrimitives.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\WINDOWS\System32\spoolsv.exe[1436] @ C:\WINDOWS\system32\mswsock.dll[ntdll.dll!NtLoadDriver] [7ffa044a0000] IAT C:\WINDOWS\System32\spoolsv.exe[1436] @ C:\WINDOWS\system32\mswsock.dll[ntdll.dll!NtCreateEvent] [7ffa04300000] IAT C:\WINDOWS\System32\spoolsv.exe[1436] @ C:\WINDOWS\System32\WINSTA.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\WINDOWS\System32\spoolsv.exe[1436] @ C:\WINDOWS\System32\localspl.dll[GDI32.dll!DeleteDC] [7ffa014a0000] IAT C:\WINDOWS\System32\spoolsv.exe[1436] @ C:\WINDOWS\System32\CRYPTSP.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\WINDOWS\System32\spoolsv.exe[1436] @ C:\WINDOWS\System32\bcrypt.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\WINDOWS\System32\spoolsv.exe[1436] @ C:\WINDOWS\System32\PrintIsolationProxy.dll[GDI32.dll!DeleteDC] [7ffa014a0000] IAT C:\WINDOWS\System32\spoolsv.exe[1436] @ C:\Windows\System32\ATL.DLL[GDI32.dll!DeleteDC] [7ffa014a0000] IAT C:\WINDOWS\System32\spoolsv.exe[1436] @ C:\WINDOWS\system32\spool\PRTPROCS\x64\winprint.dll[GDI32.dll!DeleteDC] [7ffa014a0000] IAT C:\WINDOWS\System32\spoolsv.exe[1436] @ C:\WINDOWS\system32\rsaenh.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\WINDOWS\System32\spoolsv.exe[1436] @ C:\WINDOWS\System32\cscapi.dll[ntdll.dll!NtCreateEvent] [7ffa04300000] IAT C:\WINDOWS\System32\spoolsv.exe[1436] @ C:\WINDOWS\system32\SHELL32.dll[GDI32.dll!DeleteDC] [7ffa014a0000] IAT C:\WINDOWS\System32\spoolsv.exe[1436] @ C:\WINDOWS\system32\MSCTF.dll[ntdll.dll!NtAlpcSendWaitReceivePort] [7ffa04280000] IAT C:\WINDOWS\System32\spoolsv.exe[1436] @ C:\WINDOWS\system32\MSCTF.dll[GDI32.dll!DeleteDC] [7ffa014a0000] IAT C:\WINDOWS\System32\spoolsv.exe[1436] @ C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda\Comctl32.dll[GDI32.dll!DeleteDC] [7ffa014a0000] IAT C:\WINDOWS\System32\spoolsv.exe[1436] @ C:\WINDOWS\System32\UxTheme.dll[ntdll.dll!NtCreateSection] [7ffa04520000] IAT C:\WINDOWS\System32\spoolsv.exe[1436] @ C:\WINDOWS\System32\UxTheme.dll[ntdll.dll!NtOpenSection] [7ffa04550000] IAT C:\WINDOWS\System32\spoolsv.exe[1436] @ C:\WINDOWS\System32\UxTheme.dll[GDI32.dll!DeleteDC] [7ffa014a0000] IAT C:\WINDOWS\system32\svchost.exe[1552] @ C:\WINDOWS\system32\KERNEL32.DLL[ntdll.dll!NtCreateEvent] [7ffa04340000] IAT C:\WINDOWS\system32\svchost.exe[1552] @ C:\WINDOWS\system32\KERNEL32.DLL[ntdll.dll!NtCreateSection] [7ffa04560000] IAT C:\WINDOWS\system32\svchost.exe[1552] @ C:\WINDOWS\system32\KERNEL32.DLL[ntdll.dll!NtSetSystemInformation] [7ffa04530000] IAT C:\WINDOWS\system32\svchost.exe[1552] @ C:\WINDOWS\system32\KERNEL32.DLL[ntdll.dll!NtTerminateProcess] [7ffa044b0000] IAT C:\WINDOWS\system32\svchost.exe[1552] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateEvent] [7ffa04340000] IAT C:\WINDOWS\system32\svchost.exe[1552] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtTerminateProcess] [7ffa044b0000] IAT C:\WINDOWS\system32\svchost.exe[1552] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateSection] [7ffa04560000] IAT C:\WINDOWS\system32\svchost.exe[1552] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtSetSystemInformation] [7ffa04530000] IAT C:\WINDOWS\system32\svchost.exe[1552] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateSemaphore] [7ffa043a0000] IAT C:\WINDOWS\system32\svchost.exe[1552] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateMutant] [7ffa042f0000] IAT C:\WINDOWS\system32\svchost.exe[1552] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtOpenSection] [7ffa04590000] IAT C:\WINDOWS\system32\svchost.exe[1552] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateThreadEx] [7ffa045c0000] IAT C:\WINDOWS\system32\svchost.exe[1552] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtTerminateThread] [7ffa04420000] IAT C:\WINDOWS\system32\svchost.exe[1552] @ C:\WINDOWS\SYSTEM32\sechost.dll[ntdll.dll!NtSetSystemInformation] [7ffa04530000] IAT C:\WINDOWS\system32\svchost.exe[1552] @ C:\WINDOWS\SYSTEM32\sechost.dll[ntdll.dll!NtTerminateProcess] [7ffa044b0000] IAT C:\WINDOWS\system32\svchost.exe[1552] @ C:\WINDOWS\system32\RPCRT4.dll[ntdll.dll!NtCreateSection] [7ffa04560000] IAT C:\WINDOWS\system32\svchost.exe[1552] @ C:\WINDOWS\system32\RPCRT4.dll[ntdll.dll!NtAlpcSendWaitReceivePort] [7ffa042c0000] IAT C:\WINDOWS\system32\svchost.exe[1552] @ C:\WINDOWS\system32\USER32.dll[GDI32.dll!DeleteDC] [7ffa014a0000] IAT C:\WINDOWS\system32\svchost.exe[1552] @ C:\WINDOWS\system32\GDI32.dll[ntdll.dll!NtCreateSection] [7ffa04560000] IAT C:\WINDOWS\system32\svchost.exe[1552] @ C:\WINDOWS\system32\ADVAPI32.dll[ntdll.dll!NtSetSystemInformation] [7ffa04530000] IAT C:\WINDOWS\system32\svchost.exe[1552] @ C:\WINDOWS\system32\ole32.dll[GDI32.dll!DeleteDC] [7ffa014a0000] IAT C:\WINDOWS\system32\svchost.exe[1552] @ C:\WINDOWS\system32\SHLWAPI.dll[GDI32.dll!DeleteDC] [7ffa014a0000] IAT C:\WINDOWS\system32\svchost.exe[1552] @ C:\WINDOWS\SYSTEM32\combase.dll[ntdll.dll!NtTerminateProcess] [7ffa044b0000] IAT C:\WINDOWS\system32\svchost.exe[1552] @ C:\WINDOWS\SYSTEM32\ntmarta.dll[ntdll.dll!NtOpenSection] [7ffa04590000] IAT C:\WINDOWS\system32\svchost.exe[1552] @ C:\WINDOWS\system32\bcryptPrimitives.dll[ntdll.dll!NtTerminateProcess] [7ffa044b0000] IAT C:\WINDOWS\system32\svchost.exe[1552] @ C:\WINDOWS\system32\WS2_32.dll[ntdll.dll!NtLoadDriver] [7ffa044e0000] IAT C:\WINDOWS\system32\svchost.exe[1552] @ C:\WINDOWS\system32\NSI.dll[ntdll.dll!NtTerminateProcess] [7ffa044b0000] IAT C:\WINDOWS\system32\svchost.exe[1552] @ c:\windows\system32\pcwum.dll[ntdll.dll!NtTerminateProcess] [7ffa044b0000] IAT C:\WINDOWS\system32\svchost.exe[1552] @ C:\WINDOWS\system32\mswsock.dll[ntdll.dll!NtLoadDriver] [7ffa044e0000] IAT C:\WINDOWS\system32\svchost.exe[1552] @ C:\WINDOWS\system32\mswsock.dll[ntdll.dll!NtCreateEvent] [7ffa04340000] IAT C:\WINDOWS\system32\svchost.exe[1552] @ c:\windows\system32\dps.dll[ntdll.dll!NtAlpcSendWaitReceivePort] [7ffa042c0000] IAT C:\WINDOWS\system32\svchost.exe[1552] @ c:\windows\system32\bcrypt.dll[ntdll.dll!NtTerminateProcess] [7ffa044b0000] IAT C:\WINDOWS\system32\svchost.exe[1552] @ C:\WINDOWS\system32\CRYPTSP.dll[ntdll.dll!NtTerminateProcess] [7ffa044b0000] IAT C:\WINDOWS\system32\svchost.exe[1552] @ C:\WINDOWS\system32\rsaenh.dll[ntdll.dll!NtTerminateProcess] [7ffa044b0000] IAT C:\WINDOWS\system32\svchost.exe[1552] @ c:\windows\system32\wdi.dll[ntdll.dll!NtAlpcSendWaitReceivePort] [7ffa042c0000] IAT C:\WINDOWS\system32\svchost.exe[1552] @ C:\WINDOWS\system32\POWRPROF.dll[ntdll.dll!ZwAlpcSendWaitReceivePort] [7ffa042c0000] IAT C:\WINDOWS\system32\svchost.exe[1552] @ C:\WINDOWS\system32\WINSTA.dll[ntdll.dll!NtTerminateProcess] [7ffa044b0000] IAT C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1376] @ C:\WINDOWS\system32\KERNEL32.DLL[ntdll.dll!NtCreateEvent] [7ffa04300000] IAT C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1376] @ C:\WINDOWS\system32\KERNEL32.DLL[ntdll.dll!NtCreateSection] [7ffa04520000] IAT C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1376] @ C:\WINDOWS\system32\KERNEL32.DLL[ntdll.dll!NtSetSystemInformation] [7ffa044f0000] IAT C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1376] @ C:\WINDOWS\system32\KERNEL32.DLL[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1376] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateEvent] [7ffa04300000] IAT C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1376] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1376] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateSection] [7ffa04520000] IAT C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1376] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtSetSystemInformation] [7ffa044f0000] IAT C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1376] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateSemaphore] [7ffa04360000] IAT C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1376] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateMutant] [7ffa042b0000] IAT C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1376] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtOpenSection] [7ffa04550000] IAT C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1376] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateThreadEx] [7ffa04580000] IAT C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1376] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtTerminateThread] [7ffa043e0000] IAT C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1376] @ C:\WINDOWS\system32\ole32.dll[GDI32.dll!DeleteDC] [7ffa014a0000] IAT C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1376] @ C:\WINDOWS\system32\SHLWAPI.dll[GDI32.dll!DeleteDC] [7ffa014a0000] IAT C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1376] @ C:\WINDOWS\SYSTEM32\POWRPROF.dll[ntdll.dll!ZwAlpcSendWaitReceivePort] [7ffa04280000] IAT C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1376] @ C:\WINDOWS\system32\USER32.dll[GDI32.dll!DeleteDC] [7ffa014a0000] IAT C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1376] @ C:\WINDOWS\system32\ADVAPI32.dll[ntdll.dll!NtSetSystemInformation] [7ffa044f0000] IAT C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1376] @ C:\WINDOWS\system32\SHELL32.dll[GDI32.dll!DeleteDC] [7ffa014a0000] IAT C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1376] @ C:\WINDOWS\SYSTEM32\combase.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1376] @ C:\WINDOWS\system32\RPCRT4.dll[ntdll.dll!NtCreateSection] [7ffa04520000] IAT C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1376] @ C:\WINDOWS\system32\RPCRT4.dll[ntdll.dll!NtAlpcSendWaitReceivePort] [7ffa04280000] IAT C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1376] @ C:\WINDOWS\SYSTEM32\sechost.dll[ntdll.dll!NtSetSystemInformation] [7ffa044f0000] IAT C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1376] @ C:\WINDOWS\SYSTEM32\sechost.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1376] @ C:\WINDOWS\system32\GDI32.dll[ntdll.dll!NtCreateSection] [7ffa04520000] IAT C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1376] @ C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda\comctl32.dll[GDI32.dll!DeleteDC] [7ffa014a0000] IAT C:\Program Files (x86)\Bluetooth Suite\adminservice.exe[1376] @ C:\WINDOWS\SYSTEM32\ntmarta.dll[ntdll.dll!NtOpenSection] [7ffa04550000] IAT C:\Program Files\Bonjour\mDNSResponder.exe[1660] @ C:\WINDOWS\system32\KERNEL32.DLL[ntdll.dll!NtCreateEvent] [7ffa04300000] IAT C:\Program Files\Bonjour\mDNSResponder.exe[1660] @ C:\WINDOWS\system32\KERNEL32.DLL[ntdll.dll!NtCreateSection] [7ffa04520000] IAT C:\Program Files\Bonjour\mDNSResponder.exe[1660] @ C:\WINDOWS\system32\KERNEL32.DLL[ntdll.dll!NtSetSystemInformation] [7ffa044f0000] IAT C:\Program Files\Bonjour\mDNSResponder.exe[1660] @ C:\WINDOWS\system32\KERNEL32.DLL[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\Program Files\Bonjour\mDNSResponder.exe[1660] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateEvent] [7ffa04300000] IAT C:\Program Files\Bonjour\mDNSResponder.exe[1660] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\Program Files\Bonjour\mDNSResponder.exe[1660] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateSection] [7ffa04520000] IAT C:\Program Files\Bonjour\mDNSResponder.exe[1660] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtSetSystemInformation] [7ffa044f0000] IAT C:\Program Files\Bonjour\mDNSResponder.exe[1660] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateSemaphore] [7ffa04360000] IAT C:\Program Files\Bonjour\mDNSResponder.exe[1660] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateMutant] [7ffa042b0000] IAT C:\Program Files\Bonjour\mDNSResponder.exe[1660] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtOpenSection] [7ffa04550000] IAT C:\Program Files\Bonjour\mDNSResponder.exe[1660] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateThreadEx] [7ffa04580000] IAT C:\Program Files\Bonjour\mDNSResponder.exe[1660] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtTerminateThread] [7ffa043e0000] IAT C:\Program Files\Bonjour\mDNSResponder.exe[1660] @ C:\WINDOWS\system32\WS2_32.dll[ntdll.dll!NtLoadDriver] [7ffa044a0000] IAT C:\Program Files\Bonjour\mDNSResponder.exe[1660] @ C:\WINDOWS\SYSTEM32\POWRPROF.dll[ntdll.dll!ZwAlpcSendWaitReceivePort] [7ffa04280000] IAT C:\Program Files\Bonjour\mDNSResponder.exe[1660] @ C:\WINDOWS\system32\USER32.dll[GDI32.dll!DeleteDC] [7ffa014a0000] IAT C:\Program Files\Bonjour\mDNSResponder.exe[1660] @ C:\WINDOWS\system32\ADVAPI32.dll[ntdll.dll!NtSetSystemInformation] [7ffa044f0000] IAT C:\Program Files\Bonjour\mDNSResponder.exe[1660] @ C:\WINDOWS\system32\ole32.dll[GDI32.dll!DeleteDC] [7ffa014a0000] IAT C:\Program Files\Bonjour\mDNSResponder.exe[1660] @ C:\WINDOWS\system32\NSI.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\Program Files\Bonjour\mDNSResponder.exe[1660] @ C:\WINDOWS\system32\RPCRT4.dll[ntdll.dll!NtCreateSection] [7ffa04520000] IAT C:\Program Files\Bonjour\mDNSResponder.exe[1660] @ C:\WINDOWS\system32\RPCRT4.dll[ntdll.dll!NtAlpcSendWaitReceivePort] [7ffa04280000] IAT C:\Program Files\Bonjour\mDNSResponder.exe[1660] @ C:\WINDOWS\system32\GDI32.dll[ntdll.dll!NtCreateSection] [7ffa04520000] IAT C:\Program Files\Bonjour\mDNSResponder.exe[1660] @ C:\WINDOWS\SYSTEM32\sechost.dll[ntdll.dll!NtSetSystemInformation] [7ffa044f0000] IAT C:\Program Files\Bonjour\mDNSResponder.exe[1660] @ C:\WINDOWS\SYSTEM32\sechost.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\Program Files\Bonjour\mDNSResponder.exe[1660] @ C:\WINDOWS\SYSTEM32\combase.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\Program Files\Bonjour\mDNSResponder.exe[1660] @ C:\WINDOWS\system32\SHLWAPI.dll[GDI32.dll!DeleteDC] [7ffa014a0000] IAT C:\Program Files\Bonjour\mDNSResponder.exe[1660] @ C:\WINDOWS\SYSTEM32\ntmarta.dll[ntdll.dll!NtOpenSection] [7ffa04550000] IAT C:\Program Files\Bonjour\mDNSResponder.exe[1660] @ C:\WINDOWS\SYSTEM32\bcryptPrimitives.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\Program Files\Bonjour\mDNSResponder.exe[1660] @ C:\WINDOWS\system32\mswsock.dll[ntdll.dll!NtLoadDriver] [7ffa044a0000] IAT C:\Program Files\Bonjour\mDNSResponder.exe[1660] @ C:\WINDOWS\system32\mswsock.dll[ntdll.dll!NtCreateEvent] [7ffa04300000] IAT C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1380] @ C:\WINDOWS\system32\KERNEL32.DLL[ntdll.dll!NtCreateEvent] [7ffa04300000] IAT C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1380] @ C:\WINDOWS\system32\KERNEL32.DLL[ntdll.dll!NtCreateSection] [7ffa04520000] IAT C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1380] @ C:\WINDOWS\system32\KERNEL32.DLL[ntdll.dll!NtSetSystemInformation] [7ffa044f0000] IAT C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1380] @ C:\WINDOWS\system32\KERNEL32.DLL[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1380] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateEvent] [7ffa04300000] IAT C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1380] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1380] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateSection] [7ffa04520000] IAT C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1380] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtSetSystemInformation] [7ffa044f0000] IAT C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1380] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateSemaphore] [7ffa04360000] IAT C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1380] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateMutant] [7ffa042b0000] IAT C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1380] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtOpenSection] [7ffa04550000] IAT C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1380] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateThreadEx] [7ffa04580000] IAT C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1380] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtTerminateThread] [7ffa043e0000] IAT C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1380] @ C:\WINDOWS\system32\ADVAPI32.dll[ntdll.dll!NtSetSystemInformation] [7ffa044f0000] IAT C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1380] @ C:\WINDOWS\system32\ole32.dll[GDI32.dll!DeleteDC] [7ffa014b0000] IAT C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1380] @ C:\WINDOWS\system32\GDI32.dll[ntdll.dll!NtCreateSection] [7ffa04520000] IAT C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1380] @ C:\WINDOWS\system32\RPCRT4.dll[ntdll.dll!NtCreateSection] [7ffa04520000] IAT C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1380] @ C:\WINDOWS\system32\RPCRT4.dll[ntdll.dll!NtAlpcSendWaitReceivePort] [7ffa04280000] IAT C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1380] @ C:\WINDOWS\system32\WS2_32.dll[ntdll.dll!NtLoadDriver] [7ffa044a0000] IAT C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1380] @ C:\WINDOWS\SYSTEM32\sechost.dll[ntdll.dll!NtSetSystemInformation] [7ffa044f0000] IAT C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1380] @ C:\WINDOWS\SYSTEM32\sechost.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1380] @ C:\WINDOWS\SYSTEM32\combase.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1380] @ C:\WINDOWS\system32\USER32.dll[GDI32.dll!DeleteDC] [7ffa014b0000] IAT C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1380] @ C:\WINDOWS\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9600.17415_none_932b3b5547500489\gdiplus.dll[GDI32.dll!DeleteDC] [7ffa014b0000] IAT C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1380] @ C:\WINDOWS\system32\NSI.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1380] @ C:\WINDOWS\SYSTEM32\ncrypt.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1380] @ C:\WINDOWS\system32\SHLWAPI.dll[GDI32.dll!DeleteDC] [7ffa014b0000] IAT C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1380] @ C:\WINDOWS\SYSTEM32\bcrypt.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1380] @ C:\WINDOWS\SYSTEM32\ntmarta.dll[ntdll.dll!NtOpenSection] [7ffa04550000] IAT C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1380] @ C:\WINDOWS\SYSTEM32\bcryptPrimitives.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1380] @ C:\WINDOWS\system32\MSCTF.dll[ntdll.dll!NtAlpcSendWaitReceivePort] [7ffa04280000] IAT C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1380] @ C:\WINDOWS\system32\MSCTF.dll[GDI32.dll!DeleteDC] [7ffa014b0000] IAT C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1380] @ C:\WINDOWS\SYSTEM32\cryptsp.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1380] @ C:\WINDOWS\system32\rsaenh.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1380] @ C:\WINDOWS\system32\SHELL32.dll[GDI32.dll!DeleteDC] [7ffa014b0000] IAT C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1380] @ C:\WINDOWS\SYSTEM32\POWRPROF.DLL[ntdll.dll!ZwAlpcSendWaitReceivePort] [7ffa04280000] IAT C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1380] @ C:\WINDOWS\SYSTEM32\WINSTA.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1380] @ C:\WINDOWS\SYSTEM32\Secur32.dll[ntdll.dll!NtOpenSection] [7ffa04550000] IAT C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1380] @ C:\WINDOWS\system32\mswsock.dll[ntdll.dll!NtLoadDriver] [7ffa044a0000] IAT C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1380] @ C:\WINDOWS\system32\mswsock.dll[ntdll.dll!NtCreateEvent] [7ffa04300000] IAT C:\WINDOWS\system32\CxAudMsg64.exe[2444] @ C:\WINDOWS\system32\KERNEL32.DLL[ntdll.dll!NtCreateEvent] [7ffa04300000] IAT C:\WINDOWS\system32\CxAudMsg64.exe[2444] @ C:\WINDOWS\system32\KERNEL32.DLL[ntdll.dll!NtCreateSection] [7ffa04520000] IAT C:\WINDOWS\system32\CxAudMsg64.exe[2444] @ C:\WINDOWS\system32\KERNEL32.DLL[ntdll.dll!NtSetSystemInformation] [7ffa044f0000] IAT C:\WINDOWS\system32\CxAudMsg64.exe[2444] @ C:\WINDOWS\system32\KERNEL32.DLL[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\WINDOWS\system32\CxAudMsg64.exe[2444] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateEvent] [7ffa04300000] IAT C:\WINDOWS\system32\CxAudMsg64.exe[2444] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\WINDOWS\system32\CxAudMsg64.exe[2444] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateSection] [7ffa04520000] IAT C:\WINDOWS\system32\CxAudMsg64.exe[2444] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtSetSystemInformation] [7ffa044f0000] IAT C:\WINDOWS\system32\CxAudMsg64.exe[2444] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateSemaphore] [7ffa04360000] IAT C:\WINDOWS\system32\CxAudMsg64.exe[2444] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateMutant] [7ffa042b0000] IAT C:\WINDOWS\system32\CxAudMsg64.exe[2444] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtOpenSection] [7ffa04550000] IAT C:\WINDOWS\system32\CxAudMsg64.exe[2444] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateThreadEx] [7ffa04580000] IAT C:\WINDOWS\system32\CxAudMsg64.exe[2444] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtTerminateThread] [7ffa043e0000] IAT C:\WINDOWS\system32\CxAudMsg64.exe[2444] @ C:\WINDOWS\system32\ADVAPI32.dll[ntdll.dll!NtSetSystemInformation] [7ffa044f0000] IAT C:\WINDOWS\system32\CxAudMsg64.exe[2444] @ C:\WINDOWS\system32\USER32.dll[GDI32.dll!DeleteDC] [7ffa014a0000] IAT C:\WINDOWS\system32\CxAudMsg64.exe[2444] @ C:\WINDOWS\system32\ole32.dll[GDI32.dll!DeleteDC] [7ffa014a0000] IAT C:\WINDOWS\system32\CxAudMsg64.exe[2444] @ C:\WINDOWS\system32\SHLWAPI.dll[GDI32.dll!DeleteDC] [7ffa014a0000] IAT C:\WINDOWS\system32\CxAudMsg64.exe[2444] @ C:\WINDOWS\system32\SHELL32.dll[GDI32.dll!DeleteDC] [7ffa014a0000] IAT C:\WINDOWS\system32\CxAudMsg64.exe[2444] @ C:\WINDOWS\SYSTEM32\sechost.dll[ntdll.dll!NtSetSystemInformation] [7ffa044f0000] IAT C:\WINDOWS\system32\CxAudMsg64.exe[2444] @ C:\WINDOWS\SYSTEM32\sechost.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\WINDOWS\system32\CxAudMsg64.exe[2444] @ C:\WINDOWS\system32\RPCRT4.dll[ntdll.dll!NtCreateSection] [7ffa04520000] IAT C:\WINDOWS\system32\CxAudMsg64.exe[2444] @ C:\WINDOWS\system32\RPCRT4.dll[ntdll.dll!NtAlpcSendWaitReceivePort] [7ffa04280000] IAT C:\WINDOWS\system32\CxAudMsg64.exe[2444] @ C:\WINDOWS\system32\GDI32.dll[ntdll.dll!NtCreateSection] [7ffa04520000] IAT C:\WINDOWS\system32\CxAudMsg64.exe[2444] @ C:\WINDOWS\SYSTEM32\combase.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\WINDOWS\system32\CxAudMsg64.exe[2444] @ C:\WINDOWS\SYSTEM32\ntmarta.dll[ntdll.dll!NtOpenSection] [7ffa04550000] IAT C:\WINDOWS\system32\CxAudMsg64.exe[2444] @ C:\WINDOWS\system32\bcryptPrimitives.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\WINDOWS\system32\CxAudMsg64.exe[2444] @ C:\WINDOWS\System32\audioses.dll[ntdll.dll!NtAlpcSendWaitReceivePort] [7ffa04280000] IAT C:\WINDOWS\system32\CxAudMsg64.exe[2444] @ C:\WINDOWS\SYSTEM32\powrprof.dll[ntdll.dll!ZwAlpcSendWaitReceivePort] [7ffa04280000] IAT C:\WINDOWS\system32\dashost.exe[2492] @ C:\WINDOWS\system32\KERNEL32.DLL[ntdll.dll!NtCreateEvent] [7ffa04300000] IAT C:\WINDOWS\system32\dashost.exe[2492] @ C:\WINDOWS\system32\KERNEL32.DLL[ntdll.dll!NtCreateSection] [7ffa04520000] IAT C:\WINDOWS\system32\dashost.exe[2492] @ C:\WINDOWS\system32\KERNEL32.DLL[ntdll.dll!NtSetSystemInformation] [7ffa044f0000] IAT C:\WINDOWS\system32\dashost.exe[2492] @ C:\WINDOWS\system32\KERNEL32.DLL[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\WINDOWS\system32\dashost.exe[2492] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateEvent] [7ffa04300000] IAT C:\WINDOWS\system32\dashost.exe[2492] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\WINDOWS\system32\dashost.exe[2492] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateSection] [7ffa04520000] IAT C:\WINDOWS\system32\dashost.exe[2492] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtSetSystemInformation] [7ffa044f0000] IAT C:\WINDOWS\system32\dashost.exe[2492] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateSemaphore] [7ffa04360000] IAT C:\WINDOWS\system32\dashost.exe[2492] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateMutant] [7ffa042b0000] IAT C:\WINDOWS\system32\dashost.exe[2492] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtOpenSection] [7ffa04550000] IAT C:\WINDOWS\system32\dashost.exe[2492] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateThreadEx] [7ffa04580000] IAT C:\WINDOWS\system32\dashost.exe[2492] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtTerminateThread] [7ffa043e0000] IAT C:\WINDOWS\system32\dashost.exe[2492] @ C:\WINDOWS\system32\RPCRT4.dll[ntdll.dll!NtCreateSection] [7ffa04520000] IAT C:\WINDOWS\system32\dashost.exe[2492] @ C:\WINDOWS\system32\RPCRT4.dll[ntdll.dll!NtAlpcSendWaitReceivePort] [7ffa04280000] IAT C:\WINDOWS\system32\dashost.exe[2492] @ C:\WINDOWS\SYSTEM32\sechost.dll[ntdll.dll!NtSetSystemInformation] [7ffa044f0000] IAT C:\WINDOWS\system32\dashost.exe[2492] @ C:\WINDOWS\SYSTEM32\sechost.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\WINDOWS\system32\dashost.exe[2492] @ C:\WINDOWS\system32\USER32.dll[GDI32.dll!DeleteDC] [7ffa014a0000] IAT C:\WINDOWS\system32\dashost.exe[2492] @ C:\WINDOWS\system32\GDI32.dll[ntdll.dll!NtCreateSection] [7ffa04520000] IAT C:\WINDOWS\system32\dashost.exe[2492] @ C:\WINDOWS\system32\ADVAPI32.dll[ntdll.dll!NtSetSystemInformation] [7ffa044f0000] IAT C:\WINDOWS\system32\dashost.exe[2492] @ C:\WINDOWS\system32\ole32.dll[GDI32.dll!DeleteDC] [7ffa014a0000] IAT C:\WINDOWS\system32\dashost.exe[2492] @ C:\WINDOWS\system32\SHLWAPI.dll[GDI32.dll!DeleteDC] [7ffa014a0000] IAT C:\WINDOWS\system32\dashost.exe[2492] @ C:\WINDOWS\SYSTEM32\combase.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\WINDOWS\system32\dashost.exe[2492] @ C:\WINDOWS\SYSTEM32\ntmarta.dll[ntdll.dll!NtOpenSection] [7ffa04550000] IAT C:\WINDOWS\system32\dashost.exe[2492] @ C:\WINDOWS\system32\bcryptPrimitives.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\WINDOWS\system32\dashost.exe[2492] @ C:\WINDOWS\system32\WS2_32.dll[ntdll.dll!NtLoadDriver] [7ffa044a0000] IAT C:\WINDOWS\system32\dashost.exe[2492] @ C:\WINDOWS\system32\bcrypt.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\WINDOWS\system32\dashost.exe[2492] @ C:\WINDOWS\system32\NSI.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\WINDOWS\system32\dashost.exe[2492] @ C:\WINDOWS\system32\mswsock.dll[ntdll.dll!NtLoadDriver] [7ffa044a0000] IAT C:\WINDOWS\system32\dashost.exe[2492] @ C:\WINDOWS\system32\mswsock.dll[ntdll.dll!NtCreateEvent] [7ffa04300000] IAT C:\WINDOWS\system32\dashost.exe[2492] @ C:\WINDOWS\system32\SHELL32.dll[GDI32.dll!DeleteDC] [7ffa014a0000] IAT C:\WINDOWS\system32\dashost.exe[2492] @ C:\WINDOWS\system32\CRYPTSP.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\WINDOWS\system32\dashost.exe[2492] @ C:\WINDOWS\SYSTEM32\powrprof.dll[ntdll.dll!ZwAlpcSendWaitReceivePort] [7ffa04280000] IAT C:\WINDOWS\system32\dashost.exe[2492] @ C:\WINDOWS\system32\rsaenh.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\ProgramData\DatacardService\HWDeviceService64.exe[2544] @ C:\WINDOWS\system32\KERNEL32.DLL[ntdll.dll!NtCreateEvent] [7ffa04300000] IAT C:\ProgramData\DatacardService\HWDeviceService64.exe[2544] @ C:\WINDOWS\system32\KERNEL32.DLL[ntdll.dll!NtCreateSection] [7ffa04520000] IAT C:\ProgramData\DatacardService\HWDeviceService64.exe[2544] @ C:\WINDOWS\system32\KERNEL32.DLL[ntdll.dll!NtSetSystemInformation] [7ffa044f0000] IAT C:\ProgramData\DatacardService\HWDeviceService64.exe[2544] @ C:\WINDOWS\system32\KERNEL32.DLL[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\ProgramData\DatacardService\HWDeviceService64.exe[2544] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateEvent] [7ffa04300000] IAT C:\ProgramData\DatacardService\HWDeviceService64.exe[2544] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\ProgramData\DatacardService\HWDeviceService64.exe[2544] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateSection] [7ffa04520000] IAT C:\ProgramData\DatacardService\HWDeviceService64.exe[2544] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtSetSystemInformation] [7ffa044f0000] IAT C:\ProgramData\DatacardService\HWDeviceService64.exe[2544] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateSemaphore] [7ffa04360000] IAT C:\ProgramData\DatacardService\HWDeviceService64.exe[2544] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateMutant] [7ffa042b0000] IAT C:\ProgramData\DatacardService\HWDeviceService64.exe[2544] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtOpenSection] [7ffa04550000] IAT C:\ProgramData\DatacardService\HWDeviceService64.exe[2544] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateThreadEx] [7ffa04580000] IAT C:\ProgramData\DatacardService\HWDeviceService64.exe[2544] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtTerminateThread] [7ffa043e0000] IAT C:\ProgramData\DatacardService\HWDeviceService64.exe[2544] @ C:\WINDOWS\system32\apphelp.dll[ntdll.dll!NtCreateSection] [7ffa04520000] IAT C:\ProgramData\DatacardService\HWDeviceService64.exe[2544] @ C:\WINDOWS\AppPatch\AppPatch64\AcLayers.DLL[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\ProgramData\DatacardService\HWDeviceService64.exe[2544] @ C:\WINDOWS\system32\USER32.dll[GDI32.dll!DeleteDC] [7ffa014a0000] IAT C:\ProgramData\DatacardService\HWDeviceService64.exe[2544] @ C:\WINDOWS\system32\SHLWAPI.dll[GDI32.dll!DeleteDC] [7ffa014a0000] IAT C:\ProgramData\DatacardService\HWDeviceService64.exe[2544] @ C:\WINDOWS\system32\GDI32.dll[ntdll.dll!NtCreateSection] [7ffa04520000] IAT C:\ProgramData\DatacardService\HWDeviceService64.exe[2544] @ C:\WINDOWS\SYSTEM32\combase.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\ProgramData\DatacardService\HWDeviceService64.exe[2544] @ C:\WINDOWS\system32\RPCRT4.dll[ntdll.dll!NtCreateSection] [7ffa04520000] IAT C:\ProgramData\DatacardService\HWDeviceService64.exe[2544] @ C:\WINDOWS\system32\RPCRT4.dll[ntdll.dll!NtAlpcSendWaitReceivePort] [7ffa04280000] IAT C:\ProgramData\DatacardService\HWDeviceService64.exe[2544] @ C:\WINDOWS\system32\ADVAPI32.dll[ntdll.dll!NtSetSystemInformation] [7ffa044f0000] IAT C:\ProgramData\DatacardService\HWDeviceService64.exe[2544] @ C:\WINDOWS\system32\SHELL32.dll[GDI32.dll!DeleteDC] [7ffa014a0000] IAT C:\ProgramData\DatacardService\HWDeviceService64.exe[2544] @ C:\WINDOWS\system32\NSI.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\ProgramData\DatacardService\HWDeviceService64.exe[2544] @ C:\WINDOWS\SYSTEM32\sechost.dll[ntdll.dll!NtSetSystemInformation] [7ffa044f0000] IAT C:\ProgramData\DatacardService\HWDeviceService64.exe[2544] @ C:\WINDOWS\SYSTEM32\sechost.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\ProgramData\DatacardService\HWDeviceService64.exe[2544] @ C:\WINDOWS\system32\ole32.dll[GDI32.dll!DeleteDC] [7ffa014a0000] IAT C:\ProgramData\DatacardService\HWDeviceService64.exe[2544] @ C:\WINDOWS\SYSTEM32\ntmarta.dll[ntdll.dll!NtOpenSection] [7ffa04550000] IAT C:\Program Files\Intel\iCLS Client\HeciServer.exe[2700] @ C:\WINDOWS\system32\KERNEL32.DLL[ntdll.dll!NtCreateEvent] [7ffa04300000] IAT C:\Program Files\Intel\iCLS Client\HeciServer.exe[2700] @ C:\WINDOWS\system32\KERNEL32.DLL[ntdll.dll!NtCreateSection] [7ffa04520000] IAT C:\Program Files\Intel\iCLS Client\HeciServer.exe[2700] @ C:\WINDOWS\system32\KERNEL32.DLL[ntdll.dll!NtSetSystemInformation] [7ffa044f0000] IAT C:\Program Files\Intel\iCLS Client\HeciServer.exe[2700] @ C:\WINDOWS\system32\KERNEL32.DLL[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\Program Files\Intel\iCLS Client\HeciServer.exe[2700] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateEvent] [7ffa04300000] IAT C:\Program Files\Intel\iCLS Client\HeciServer.exe[2700] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\Program Files\Intel\iCLS Client\HeciServer.exe[2700] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateSection] [7ffa04520000] IAT C:\Program Files\Intel\iCLS Client\HeciServer.exe[2700] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtSetSystemInformation] [7ffa044f0000] IAT C:\Program Files\Intel\iCLS Client\HeciServer.exe[2700] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateSemaphore] [7ffa04360000] IAT C:\Program Files\Intel\iCLS Client\HeciServer.exe[2700] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateMutant] [7ffa042b0000] IAT C:\Program Files\Intel\iCLS Client\HeciServer.exe[2700] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtOpenSection] [7ffa04550000] IAT C:\Program Files\Intel\iCLS Client\HeciServer.exe[2700] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateThreadEx] [7ffa04580000] IAT C:\Program Files\Intel\iCLS Client\HeciServer.exe[2700] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtTerminateThread] [7ffa043e0000] IAT C:\Program Files\Intel\iCLS Client\HeciServer.exe[2700] @ C:\WINDOWS\system32\SHLWAPI.dll[GDI32.dll!DeleteDC] [7ffa014a0000] IAT C:\Program Files\Intel\iCLS Client\HeciServer.exe[2700] @ C:\WINDOWS\system32\USER32.dll[GDI32.dll!DeleteDC] [7ffa014a0000] IAT C:\Program Files\Intel\iCLS Client\HeciServer.exe[2700] @ C:\WINDOWS\system32\ADVAPI32.dll[ntdll.dll!NtSetSystemInformation] [7ffa044f0000] IAT C:\Program Files\Intel\iCLS Client\HeciServer.exe[2700] @ C:\WINDOWS\system32\SHELL32.dll[GDI32.dll!DeleteDC] [7ffa014a0000] IAT C:\Program Files\Intel\iCLS Client\HeciServer.exe[2700] @ C:\WINDOWS\system32\ole32.dll[GDI32.dll!DeleteDC] [7ffa014a0000] IAT C:\Program Files\Intel\iCLS Client\HeciServer.exe[2700] @ C:\WINDOWS\system32\RPCRT4.dll[ntdll.dll!NtCreateSection] [7ffa04520000] IAT C:\Program Files\Intel\iCLS Client\HeciServer.exe[2700] @ C:\WINDOWS\system32\RPCRT4.dll[ntdll.dll!NtAlpcSendWaitReceivePort] [7ffa04280000] IAT C:\Program Files\Intel\iCLS Client\HeciServer.exe[2700] @ C:\WINDOWS\SYSTEM32\combase.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\Program Files\Intel\iCLS Client\HeciServer.exe[2700] @ C:\WINDOWS\system32\GDI32.dll[ntdll.dll!NtCreateSection] [7ffa04520000] IAT C:\Program Files\Intel\iCLS Client\HeciServer.exe[2700] @ C:\WINDOWS\SYSTEM32\sechost.dll[ntdll.dll!NtSetSystemInformation] [7ffa044f0000] IAT C:\Program Files\Intel\iCLS Client\HeciServer.exe[2700] @ C:\WINDOWS\SYSTEM32\sechost.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\WINDOWS\system32\lxbkcoms.exe[2812] @ C:\WINDOWS\system32\KERNEL32.DLL[ntdll.dll!NtCreateEvent] [7ffa04300000] IAT C:\WINDOWS\system32\lxbkcoms.exe[2812] @ C:\WINDOWS\system32\KERNEL32.DLL[ntdll.dll!NtCreateSection] [7ffa04520000] IAT C:\WINDOWS\system32\lxbkcoms.exe[2812] @ C:\WINDOWS\system32\KERNEL32.DLL[ntdll.dll!NtSetSystemInformation] [7ffa044f0000] IAT C:\WINDOWS\system32\lxbkcoms.exe[2812] @ C:\WINDOWS\system32\KERNEL32.DLL[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\WINDOWS\system32\lxbkcoms.exe[2812] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateEvent] [7ffa04300000] IAT C:\WINDOWS\system32\lxbkcoms.exe[2812] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\WINDOWS\system32\lxbkcoms.exe[2812] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateSection] [7ffa04520000] IAT C:\WINDOWS\system32\lxbkcoms.exe[2812] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtSetSystemInformation] [7ffa044f0000] IAT C:\WINDOWS\system32\lxbkcoms.exe[2812] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateSemaphore] [7ffa04360000] IAT C:\WINDOWS\system32\lxbkcoms.exe[2812] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateMutant] [7ffa042b0000] IAT C:\WINDOWS\system32\lxbkcoms.exe[2812] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtOpenSection] [7ffa04550000] IAT C:\WINDOWS\system32\lxbkcoms.exe[2812] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateThreadEx] [7ffa04580000] IAT C:\WINDOWS\system32\lxbkcoms.exe[2812] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtTerminateThread] [7ffa043e0000] IAT C:\WINDOWS\system32\lxbkcoms.exe[2812] @ C:\WINDOWS\system32\USER32.dll[GDI32.dll!DeleteDC] [7ffa014a0000] IAT C:\WINDOWS\system32\lxbkcoms.exe[2812] @ C:\WINDOWS\system32\ADVAPI32.dll[ntdll.dll!NtSetSystemInformation] [7ffa044f0000] IAT C:\WINDOWS\system32\lxbkcoms.exe[2812] @ C:\WINDOWS\system32\ole32.dll[GDI32.dll!DeleteDC] [7ffa014a0000] IAT C:\WINDOWS\system32\lxbkcoms.exe[2812] @ C:\WINDOWS\system32\GDI32.dll[ntdll.dll!NtCreateSection] [7ffa04520000] IAT C:\WINDOWS\system32\lxbkcoms.exe[2812] @ C:\WINDOWS\SYSTEM32\sechost.dll[ntdll.dll!NtSetSystemInformation] [7ffa044f0000] IAT C:\WINDOWS\system32\lxbkcoms.exe[2812] @ C:\WINDOWS\SYSTEM32\sechost.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\WINDOWS\system32\lxbkcoms.exe[2812] @ C:\WINDOWS\system32\RPCRT4.dll[ntdll.dll!NtCreateSection] [7ffa04520000] IAT C:\WINDOWS\system32\lxbkcoms.exe[2812] @ C:\WINDOWS\system32\RPCRT4.dll[ntdll.dll!NtAlpcSendWaitReceivePort] [7ffa04280000] IAT C:\WINDOWS\system32\lxbkcoms.exe[2812] @ C:\WINDOWS\SYSTEM32\combase.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\WINDOWS\system32\lxbkcoms.exe[2812] @ C:\WINDOWS\system32\SHLWAPI.dll[GDI32.dll!DeleteDC] [7ffa014a0000] IAT C:\WINDOWS\system32\lxbkcoms.exe[2812] @ C:\WINDOWS\SYSTEM32\ntmarta.dll[ntdll.dll!NtOpenSection] [7ffa04550000] IAT C:\WINDOWS\system32\lxbkcoms.exe[2812] @ C:\WINDOWS\system32\MSCTF.dll[ntdll.dll!NtAlpcSendWaitReceivePort] [7ffa04280000] IAT C:\WINDOWS\system32\lxbkcoms.exe[2812] @ C:\WINDOWS\system32\MSCTF.dll[GDI32.dll!DeleteDC] [7ffa014a0000] IAT C:\WINDOWS\system32\lxbkcoms.exe[2812] @ C:\WINDOWS\system32\ws2_32.dll[ntdll.dll!NtLoadDriver] [7ffa044a0000] IAT C:\WINDOWS\system32\lxbkcoms.exe[2812] @ C:\WINDOWS\system32\NSI.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\WINDOWS\system32\lxbkcoms.exe[2812] @ C:\WINDOWS\system32\mswsock.dll[ntdll.dll!NtLoadDriver] [7ffa044a0000] IAT C:\WINDOWS\system32\lxbkcoms.exe[2812] @ C:\WINDOWS\system32\mswsock.dll[ntdll.dll!NtCreateEvent] [7ffa04300000] IAT C:\WINDOWS\system32\svchost.exe[2856] @ C:\WINDOWS\system32\USER32.dll[GDI32.dll!DeleteDC] [7ffa014a0000] IAT C:\WINDOWS\system32\svchost.exe[2856] @ C:\WINDOWS\system32\ole32.dll[GDI32.dll!DeleteDC] [7ffa014a0000] IAT C:\WINDOWS\system32\svchost.exe[2856] @ C:\WINDOWS\system32\SHLWAPI.dll[GDI32.dll!DeleteDC] [7ffa014a0000] IAT C:\WINDOWS\system32\svchost.exe[2856] @ C:\WINDOWS\system32\SHELL32.dll[GDI32.dll!DeleteDC] [7ffa014a0000] IAT C:\WINDOWS\system32\svchost.exe[1152] @ C:\WINDOWS\system32\KERNEL32.DLL[ntdll.dll!NtCreateEvent] [7ffa04300000] IAT C:\WINDOWS\system32\svchost.exe[1152] @ C:\WINDOWS\system32\KERNEL32.DLL[ntdll.dll!NtCreateSection] [7ffa04520000] IAT C:\WINDOWS\system32\svchost.exe[1152] @ C:\WINDOWS\system32\KERNEL32.DLL[ntdll.dll!NtSetSystemInformation] [7ffa044f0000] IAT C:\WINDOWS\system32\svchost.exe[1152] @ C:\WINDOWS\system32\KERNEL32.DLL[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\WINDOWS\system32\svchost.exe[1152] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateEvent] [7ffa04300000] IAT C:\WINDOWS\system32\svchost.exe[1152] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\WINDOWS\system32\svchost.exe[1152] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateSection] [7ffa04520000] IAT C:\WINDOWS\system32\svchost.exe[1152] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtSetSystemInformation] [7ffa044f0000] IAT C:\WINDOWS\system32\svchost.exe[1152] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateSemaphore] [7ffa04360000] IAT C:\WINDOWS\system32\svchost.exe[1152] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateMutant] [7ffa042b0000] IAT C:\WINDOWS\system32\svchost.exe[1152] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtOpenSection] [7ffa04550000] IAT C:\WINDOWS\system32\svchost.exe[1152] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateThreadEx] [7ffa04580000] IAT C:\WINDOWS\system32\svchost.exe[1152] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtTerminateThread] [7ffa043e0000] IAT C:\WINDOWS\system32\svchost.exe[1152] @ C:\WINDOWS\SYSTEM32\sechost.dll[ntdll.dll!NtSetSystemInformation] [7ffa044f0000] IAT C:\WINDOWS\system32\svchost.exe[1152] @ C:\WINDOWS\SYSTEM32\sechost.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\WINDOWS\system32\svchost.exe[1152] @ C:\WINDOWS\system32\RPCRT4.dll[ntdll.dll!NtCreateSection] [7ffa04520000] IAT C:\WINDOWS\system32\svchost.exe[1152] @ C:\WINDOWS\system32\RPCRT4.dll[ntdll.dll!NtAlpcSendWaitReceivePort] [7ffa04280000] IAT C:\WINDOWS\system32\svchost.exe[1152] @ C:\WINDOWS\system32\USER32.dll[GDI32.dll!DeleteDC] [7ffa014a0000] IAT C:\WINDOWS\system32\svchost.exe[1152] @ C:\WINDOWS\system32\GDI32.dll[ntdll.dll!NtCreateSection] [7ffa04520000] IAT C:\WINDOWS\system32\svchost.exe[1152] @ C:\WINDOWS\system32\ADVAPI32.dll[ntdll.dll!NtSetSystemInformation] [7ffa044f0000] IAT C:\WINDOWS\system32\svchost.exe[1152] @ C:\WINDOWS\system32\ole32.dll[GDI32.dll!DeleteDC] [7ffa014a0000] IAT C:\WINDOWS\system32\svchost.exe[1152] @ C:\WINDOWS\system32\SHLWAPI.dll[GDI32.dll!DeleteDC] [7ffa014a0000] IAT C:\WINDOWS\system32\svchost.exe[1152] @ C:\WINDOWS\SYSTEM32\combase.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\WINDOWS\system32\svchost.exe[1152] @ C:\WINDOWS\SYSTEM32\ntmarta.dll[ntdll.dll!NtOpenSection] [7ffa04550000] IAT C:\WINDOWS\system32\svchost.exe[1152] @ C:\WINDOWS\system32\bcryptPrimitives.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\WINDOWS\system32\svchost.exe[1152] @ C:\WINDOWS\system32\msv1_0.DLL[ntdll.dll!NtCreateEvent] [7ffa04300000] IAT C:\WINDOWS\system32\svchost.exe[1152] @ C:\WINDOWS\SYSTEM32\powrprof.dll[ntdll.dll!ZwAlpcSendWaitReceivePort] [7ffa04280000] IAT C:\WINDOWS\system32\svchost.exe[1152] @ C:\WINDOWS\system32\CRYPTSP.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\WINDOWS\system32\svchost.exe[1152] @ C:\WINDOWS\system32\rsaenh.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\WINDOWS\system32\svchost.exe[1152] @ C:\WINDOWS\system32\bcrypt.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\WINDOWS\system32\svchost.exe[1152] @ C:\Windows\System32\ATL.DLL[GDI32.dll!DeleteDC] [7ffa014a0000] IAT C:\WINDOWS\system32\SearchIndexer.exe[3584] @ C:\WINDOWS\system32\KERNEL32.DLL[ntdll.dll!NtCreateEvent] [7ffa04300000] IAT C:\WINDOWS\system32\SearchIndexer.exe[3584] @ C:\WINDOWS\system32\KERNEL32.DLL[ntdll.dll!NtCreateSection] [7ffa04520000] IAT C:\WINDOWS\system32\SearchIndexer.exe[3584] @ C:\WINDOWS\system32\KERNEL32.DLL[ntdll.dll!NtSetSystemInformation] [7ffa044f0000] IAT C:\WINDOWS\system32\SearchIndexer.exe[3584] @ C:\WINDOWS\system32\KERNEL32.DLL[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\WINDOWS\system32\SearchIndexer.exe[3584] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateEvent] [7ffa04300000] IAT C:\WINDOWS\system32\SearchIndexer.exe[3584] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\WINDOWS\system32\SearchIndexer.exe[3584] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateSection] [7ffa04520000] IAT C:\WINDOWS\system32\SearchIndexer.exe[3584] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtSetSystemInformation] [7ffa044f0000] IAT C:\WINDOWS\system32\SearchIndexer.exe[3584] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateSemaphore] [7ffa04360000] IAT C:\WINDOWS\system32\SearchIndexer.exe[3584] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateMutant] [7ffa042b0000] IAT C:\WINDOWS\system32\SearchIndexer.exe[3584] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtOpenSection] [7ffa04550000] IAT C:\WINDOWS\system32\SearchIndexer.exe[3584] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateThreadEx] [7ffa04580000] IAT C:\WINDOWS\system32\SearchIndexer.exe[3584] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtTerminateThread] [7ffa043e0000] IAT C:\WINDOWS\system32\SearchIndexer.exe[3584] @ C:\WINDOWS\system32\ADVAPI32.dll[ntdll.dll!NtSetSystemInformation] [7ffa044f0000] IAT C:\WINDOWS\system32\SearchIndexer.exe[3584] @ C:\WINDOWS\system32\USER32.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\WINDOWS\system32\SearchIndexer.exe[3584] @ C:\WINDOWS\SYSTEM32\combase.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\WINDOWS\system32\SearchIndexer.exe[3584] @ C:\WINDOWS\system32\SHLWAPI.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\WINDOWS\system32\SearchIndexer.exe[3584] @ C:\WINDOWS\SYSTEM32\sechost.dll[ntdll.dll!NtSetSystemInformation] [7ffa044f0000] IAT C:\WINDOWS\system32\SearchIndexer.exe[3584] @ C:\WINDOWS\SYSTEM32\sechost.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\WINDOWS\system32\SearchIndexer.exe[3584] @ C:\WINDOWS\system32\RPCRT4.dll[ntdll.dll!NtCreateSection] [7ffa04520000] IAT C:\WINDOWS\system32\SearchIndexer.exe[3584] @ C:\WINDOWS\system32\RPCRT4.dll[ntdll.dll!NtAlpcSendWaitReceivePort] [7ffa04280000] IAT C:\WINDOWS\system32\SearchIndexer.exe[3584] @ C:\WINDOWS\system32\MSCTF.dll[ntdll.dll!NtAlpcSendWaitReceivePort] [7ffa04280000] IAT C:\WINDOWS\system32\SearchIndexer.exe[3584] @ C:\WINDOWS\system32\MSCTF.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\WINDOWS\system32\SearchIndexer.exe[3584] @ C:\WINDOWS\system32\ole32.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\WINDOWS\system32\SearchIndexer.exe[3584] @ C:\WINDOWS\SYSTEM32\ntmarta.dll[ntdll.dll!NtOpenSection] [7ffa04550000] IAT C:\WINDOWS\system32\SearchIndexer.exe[3584] @ C:\WINDOWS\system32\SHELL32.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\WINDOWS\system32\SearchIndexer.exe[3584] @ C:\WINDOWS\system32\bcryptPrimitives.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\WINDOWS\system32\SearchIndexer.exe[3584] @ C:\WINDOWS\system32\POWRPROF.dll[ntdll.dll!ZwAlpcSendWaitReceivePort] [7ffa04280000] IAT C:\WINDOWS\system32\SearchIndexer.exe[3584] @ C:\WINDOWS\system32\CRYPTSP.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\WINDOWS\system32\SearchIndexer.exe[3584] @ C:\WINDOWS\system32\WS2_32.dll[ntdll.dll!NtLoadDriver] [7ffa044a0000] IAT C:\WINDOWS\system32\SearchIndexer.exe[3584] @ C:\WINDOWS\system32\bcd.dll[ntdll.dll!ZwCreateEvent] [7ffa04300000] IAT C:\WINDOWS\system32\SearchIndexer.exe[3584] @ C:\WINDOWS\system32\bcd.dll[ntdll.dll!NtCreateEvent] [7ffa04300000] IAT C:\WINDOWS\system32\SearchIndexer.exe[3584] @ C:\WINDOWS\system32\NSI.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\WINDOWS\system32\SearchIndexer.exe[3584] @ C:\WINDOWS\system32\WINSTA.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[3692] @ C:\WINDOWS\system32\KERNEL32.DLL[ntdll.dll!NtCreateEvent] [7ffa04300000] IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[3692] @ C:\WINDOWS\system32\KERNEL32.DLL[ntdll.dll!NtCreateSection] [7ffa04520000] IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[3692] @ C:\WINDOWS\system32\KERNEL32.DLL[ntdll.dll!NtSetSystemInformation] [7ffa044f0000] IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[3692] @ C:\WINDOWS\system32\KERNEL32.DLL[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[3692] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateEvent] [7ffa04300000] IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[3692] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[3692] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateSection] [7ffa04520000] IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[3692] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtSetSystemInformation] [7ffa044f0000] IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[3692] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateSemaphore] [7ffa04360000] IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[3692] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateMutant] [7ffa042b0000] IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[3692] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtOpenSection] [7ffa04550000] IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[3692] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateThreadEx] [7ffa04580000] IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[3692] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtTerminateThread] [7ffa043e0000] IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[3692] @ C:\WINDOWS\SYSTEM32\combase.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[3692] @ C:\WINDOWS\system32\WS2_32.dll[ntdll.dll!NtLoadDriver] [7ffa044a0000] IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[3692] @ C:\WINDOWS\SYSTEM32\sechost.dll[ntdll.dll!NtSetSystemInformation] [7ffa044f0000] IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[3692] @ C:\WINDOWS\SYSTEM32\sechost.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[3692] @ C:\WINDOWS\system32\RPCRT4.dll[ntdll.dll!NtCreateSection] [7ffa04520000] IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[3692] @ C:\WINDOWS\system32\RPCRT4.dll[ntdll.dll!NtAlpcSendWaitReceivePort] [7ffa04280000] IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[3692] @ C:\WINDOWS\system32\NSI.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[3692] @ C:\WINDOWS\system32\USER32.dll[GDI32.dll!DeleteDC] [7ffa014a0000] IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[3692] @ C:\WINDOWS\system32\GDI32.dll[ntdll.dll!NtCreateSection] [7ffa04520000] IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[3692] @ C:\WINDOWS\system32\ADVAPI32.dll[ntdll.dll!NtSetSystemInformation] [7ffa044f0000] IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[3692] @ C:\WINDOWS\system32\ole32.dll[GDI32.dll!DeleteDC] [7ffa014a0000] IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[3692] @ C:\WINDOWS\system32\SHLWAPI.dll[GDI32.dll!DeleteDC] [7ffa014a0000] IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[3692] @ C:\WINDOWS\SYSTEM32\ntmarta.dll[ntdll.dll!NtOpenSection] [7ffa04550000] IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[3692] @ C:\WINDOWS\SYSTEM32\bcryptPrimitives.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[3692] @ C:\WINDOWS\SYSTEM32\CRYPTSP.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[3692] @ C:\WINDOWS\system32\rsaenh.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[3692] @ C:\WINDOWS\SYSTEM32\bcrypt.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[3692] @ C:\WINDOWS\SYSTEM32\powrprof.dll[ntdll.dll!ZwAlpcSendWaitReceivePort] [7ffa04280000] IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[3692] @ C:\WINDOWS\system32\schannel.DLL[ntdll.dll!NtCreateEvent] [7ffa04300000] IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[3692] @ C:\WINDOWS\SYSTEM32\cscapi.dll[ntdll.dll!NtCreateEvent] [7ffa04300000] IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[3692] @ C:\WINDOWS\SYSTEM32\WINSTA.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\WINDOWS\system32\svchost.exe[3900] @ C:\WINDOWS\system32\KERNEL32.DLL[ntdll.dll!NtCreateEvent] [7ffa04300000] IAT C:\WINDOWS\system32\svchost.exe[3900] @ C:\WINDOWS\system32\KERNEL32.DLL[ntdll.dll!NtCreateSection] [7ffa04520000] IAT C:\WINDOWS\system32\svchost.exe[3900] @ C:\WINDOWS\system32\KERNEL32.DLL[ntdll.dll!NtSetSystemInformation] [7ffa044f0000] IAT C:\WINDOWS\system32\svchost.exe[3900] @ C:\WINDOWS\system32\KERNEL32.DLL[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\WINDOWS\system32\svchost.exe[3900] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateEvent] [7ffa04300000] IAT C:\WINDOWS\system32\svchost.exe[3900] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\WINDOWS\system32\svchost.exe[3900] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateSection] [7ffa04520000] IAT C:\WINDOWS\system32\svchost.exe[3900] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtSetSystemInformation] [7ffa044f0000] IAT C:\WINDOWS\system32\svchost.exe[3900] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateSemaphore] [7ffa04360000] IAT C:\WINDOWS\system32\svchost.exe[3900] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateMutant] [7ffa042b0000] IAT C:\WINDOWS\system32\svchost.exe[3900] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtOpenSection] [7ffa04550000] IAT C:\WINDOWS\system32\svchost.exe[3900] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateThreadEx] [7ffa04580000] IAT C:\WINDOWS\system32\svchost.exe[3900] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtTerminateThread] [7ffa043e0000] IAT C:\WINDOWS\system32\svchost.exe[3900] @ C:\WINDOWS\SYSTEM32\sechost.dll[ntdll.dll!NtSetSystemInformation] [7ffa044f0000] IAT C:\WINDOWS\system32\svchost.exe[3900] @ C:\WINDOWS\SYSTEM32\sechost.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\WINDOWS\system32\svchost.exe[3900] @ C:\WINDOWS\system32\RPCRT4.dll[ntdll.dll!NtCreateSection] [7ffa04520000] IAT C:\WINDOWS\system32\svchost.exe[3900] @ C:\WINDOWS\system32\RPCRT4.dll[ntdll.dll!NtAlpcSendWaitReceivePort] [7ffa04280000] IAT C:\WINDOWS\system32\svchost.exe[3900] @ C:\WINDOWS\system32\USER32.dll[GDI32.dll!DeleteDC] [7ffa014a0000] IAT C:\WINDOWS\system32\svchost.exe[3900] @ C:\WINDOWS\system32\GDI32.dll[ntdll.dll!NtCreateSection] [7ffa04520000] IAT C:\WINDOWS\system32\svchost.exe[3900] @ C:\WINDOWS\system32\ADVAPI32.dll[ntdll.dll!NtSetSystemInformation] [7ffa044f0000] IAT C:\WINDOWS\system32\svchost.exe[3900] @ C:\WINDOWS\system32\ole32.dll[GDI32.dll!DeleteDC] [7ffa014a0000] IAT C:\WINDOWS\system32\svchost.exe[3900] @ C:\WINDOWS\system32\SHLWAPI.dll[GDI32.dll!DeleteDC] [7ffa014a0000] IAT C:\WINDOWS\system32\svchost.exe[3900] @ C:\WINDOWS\SYSTEM32\combase.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\WINDOWS\system32\svchost.exe[3900] @ C:\WINDOWS\SYSTEM32\ntmarta.dll[ntdll.dll!NtOpenSection] [7ffa04550000] IAT C:\WINDOWS\system32\svchost.exe[3900] @ C:\WINDOWS\system32\bcryptPrimitives.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\WINDOWS\system32\svchost.exe[3900] @ C:\WINDOWS\system32\WS2_32.dll[ntdll.dll!NtLoadDriver] [7ffa044a0000] IAT C:\WINDOWS\system32\svchost.exe[3900] @ C:\WINDOWS\system32\NSI.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\WINDOWS\system32\svchost.exe[3900] @ C:\WINDOWS\system32\mswsock.dll[ntdll.dll!NtLoadDriver] [7ffa044a0000] IAT C:\WINDOWS\system32\svchost.exe[3900] @ C:\WINDOWS\system32\mswsock.dll[ntdll.dll!NtCreateEvent] [7ffa04300000] IAT C:\Windows\System32\WUDFHost.exe[3120] @ C:\WINDOWS\system32\KERNEL32.DLL[ntdll.dll!NtCreateEvent] [7ffa04300000] IAT C:\Windows\System32\WUDFHost.exe[3120] @ C:\WINDOWS\system32\KERNEL32.DLL[ntdll.dll!NtCreateSection] [7ffa04520000] IAT C:\Windows\System32\WUDFHost.exe[3120] @ C:\WINDOWS\system32\KERNEL32.DLL[ntdll.dll!NtSetSystemInformation] [7ffa044f0000] IAT C:\Windows\System32\WUDFHost.exe[3120] @ C:\WINDOWS\system32\KERNEL32.DLL[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\Windows\System32\WUDFHost.exe[3120] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateEvent] [7ffa04300000] IAT C:\Windows\System32\WUDFHost.exe[3120] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\Windows\System32\WUDFHost.exe[3120] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateSection] [7ffa04520000] IAT C:\Windows\System32\WUDFHost.exe[3120] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtSetSystemInformation] [7ffa044f0000] IAT C:\Windows\System32\WUDFHost.exe[3120] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateSemaphore] [7ffa04360000] IAT C:\Windows\System32\WUDFHost.exe[3120] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateMutant] [7ffa042b0000] IAT C:\Windows\System32\WUDFHost.exe[3120] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtOpenSection] [7ffa04550000] IAT C:\Windows\System32\WUDFHost.exe[3120] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateThreadEx] [7ffa04580000] IAT C:\Windows\System32\WUDFHost.exe[3120] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtTerminateThread] [7ffa043e0000] IAT C:\Windows\System32\WUDFHost.exe[3120] @ C:\WINDOWS\system32\RPCRT4.dll[ntdll.dll!NtCreateSection] [7ffa04520000] IAT C:\Windows\System32\WUDFHost.exe[3120] @ C:\WINDOWS\system32\RPCRT4.dll[ntdll.dll!NtAlpcSendWaitReceivePort] [7ffa04280000] IAT C:\Windows\System32\WUDFHost.exe[3120] @ C:\WINDOWS\SYSTEM32\combase.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\Windows\System32\WUDFHost.exe[3120] @ C:\WINDOWS\SYSTEM32\sechost.dll[ntdll.dll!NtSetSystemInformation] [7ffa044f0000] IAT C:\Windows\System32\WUDFHost.exe[3120] @ C:\WINDOWS\SYSTEM32\sechost.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\Windows\System32\WUDFHost.exe[3120] @ C:\WINDOWS\SYSTEM32\advapi32.dll[ntdll.dll!NtSetSystemInformation] [7ffa044f0000] IAT C:\Windows\System32\WUDFHost.exe[3120] @ C:\WINDOWS\system32\USER32.dll[GDI32.dll!DeleteDC] [7ffa014a0000] IAT C:\Windows\System32\WUDFHost.exe[3120] @ C:\WINDOWS\system32\GDI32.dll[ntdll.dll!NtCreateSection] [7ffa04520000] IAT C:\Windows\System32\WUDFHost.exe[3120] @ C:\WINDOWS\system32\ole32.dll[GDI32.dll!DeleteDC] [7ffa014a0000] IAT C:\Windows\System32\WUDFHost.exe[3120] @ C:\WINDOWS\system32\SHLWAPI.dll[GDI32.dll!DeleteDC] [7ffa014a0000] IAT C:\Windows\System32\WUDFHost.exe[3120] @ C:\WINDOWS\SYSTEM32\ntmarta.dll[ntdll.dll!NtOpenSection] [7ffa04550000] IAT C:\Windows\System32\WUDFHost.exe[3120] @ C:\Windows\System32\bcryptPrimitives.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\Windows\System32\WUDFHost.exe[3120] @ C:\WINDOWS\System32\POWRPROF.dll[ntdll.dll!ZwAlpcSendWaitReceivePort] [7ffa04280000] IAT C:\Windows\System32\WUDFHost.exe[3120] @ C:\WINDOWS\system32\SHELL32.dll[GDI32.dll!DeleteDC] [7ffa014a0000] IAT C:\Windows\System32\WUDFHost.exe[3120] @ C:\Windows\System32\CRYPTSP.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\Windows\System32\WUDFHost.exe[3120] @ C:\WINDOWS\system32\rsaenh.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\Windows\System32\WUDFHost.exe[3120] @ C:\Windows\System32\bcrypt.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\WINDOWS\System32\dwm.exe[5944] @ C:\WINDOWS\System32\dwm.exe[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\WINDOWS\System32\dwm.exe[5944] @ C:\WINDOWS\system32\USER32.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\WINDOWS\System32\dwm.exe[5944] @ C:\WINDOWS\System32\dwmredir.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\WINDOWS\System32\dwm.exe[5944] @ C:\WINDOWS\system32\MSCTF.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\WINDOWS\System32\dwm.exe[5944] @ C:\WINDOWS\system32\ole32.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\WINDOWS\System32\dwm.exe[5944] @ C:\WINDOWS\system32\SHLWAPI.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\WINDOWS\System32\dwm.exe[5944] @ C:\WINDOWS\system32\uxtheme.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\WINDOWS\System32\dwm.exe[5944] @ C:\WINDOWS\System32\uDWM.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\WINDOWS\System32\dwm.exe[5944] @ C:\WINDOWS\system32\dwmapi.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\WINDOWS\system32\taskhostex.exe[3748] @ C:\WINDOWS\system32\USER32.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\WINDOWS\system32\taskhostex.exe[3748] @ C:\WINDOWS\system32\ole32.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\WINDOWS\system32\taskhostex.exe[3748] @ C:\WINDOWS\system32\SHLWAPI.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\WINDOWS\system32\taskhostex.exe[3748] @ C:\WINDOWS\system32\MSCTF.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\WINDOWS\system32\taskhostex.exe[3748] @ C:\WINDOWS\system32\uxtheme.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\WINDOWS\system32\taskhostex.exe[3748] @ C:\WINDOWS\system32\dwmapi.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\WINDOWS\system32\taskhostex.exe[3748] @ C:\WINDOWS\system32\MSUTB.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\WINDOWS\system32\taskhostex.exe[3748] @ C:\WINDOWS\system32\SHELL32.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\WINDOWS\Explorer.EXE[1612] @ C:\WINDOWS\Explorer.EXE[ntdll.dll!NtSetSystemInformation] [7ffa044f0000] IAT C:\WINDOWS\Explorer.EXE[1612] @ C:\WINDOWS\Explorer.EXE[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\WINDOWS\Explorer.EXE[1612] @ C:\WINDOWS\system32\KERNEL32.DLL[ntdll.dll!NtCreateEvent] [7ffa04300000] IAT C:\WINDOWS\Explorer.EXE[1612] @ C:\WINDOWS\system32\KERNEL32.DLL[ntdll.dll!NtCreateSection] [7ffa04520000] IAT C:\WINDOWS\Explorer.EXE[1612] @ C:\WINDOWS\system32\KERNEL32.DLL[ntdll.dll!NtSetSystemInformation] [7ffa044f0000] IAT C:\WINDOWS\Explorer.EXE[1612] @ C:\WINDOWS\system32\KERNEL32.DLL[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\WINDOWS\Explorer.EXE[1612] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateEvent] [7ffa04300000] IAT C:\WINDOWS\Explorer.EXE[1612] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\WINDOWS\Explorer.EXE[1612] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateSection] [7ffa04520000] IAT C:\WINDOWS\Explorer.EXE[1612] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtSetSystemInformation] [7ffa044f0000] IAT C:\WINDOWS\Explorer.EXE[1612] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateSemaphore] [7ffa04360000] IAT C:\WINDOWS\Explorer.EXE[1612] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateMutant] [7ffa042b0000] IAT C:\WINDOWS\Explorer.EXE[1612] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtOpenSection] [7ffa04550000] IAT C:\WINDOWS\Explorer.EXE[1612] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateThreadEx] [7ffa04580000] IAT C:\WINDOWS\Explorer.EXE[1612] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtTerminateThread] [7ffa043e0000] IAT C:\WINDOWS\Explorer.EXE[1612] @ C:\WINDOWS\system32\apphelp.dll[ntdll.dll!NtCreateSection] [7ffa04520000] IAT C:\WINDOWS\Explorer.EXE[1612] @ C:\WINDOWS\SYSTEM32\combase.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\WINDOWS\Explorer.EXE[1612] @ C:\WINDOWS\SYSTEM32\powrprof.dll[ntdll.dll!ZwAlpcSendWaitReceivePort] [7ffa04280000] IAT C:\WINDOWS\Explorer.EXE[1612] @ C:\WINDOWS\SYSTEM32\advapi32.dll[ntdll.dll!NtSetSystemInformation] [7ffa044f0000] IAT C:\WINDOWS\Explorer.EXE[1612] @ C:\WINDOWS\system32\USER32.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\WINDOWS\Explorer.EXE[1612] @ C:\WINDOWS\system32\GDI32.dll[ntdll.dll!NtCreateSection] [7ffa04520000] IAT C:\WINDOWS\Explorer.EXE[1612] @ C:\WINDOWS\system32\SHLWAPI.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\WINDOWS\Explorer.EXE[1612] @ C:\WINDOWS\system32\SHELL32.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\WINDOWS\Explorer.EXE[1612] @ C:\WINDOWS\SYSTEM32\UxTheme.dll[ntdll.dll!NtCreateSection] [7ffa04520000] IAT C:\WINDOWS\Explorer.EXE[1612] @ C:\WINDOWS\SYSTEM32\UxTheme.dll[ntdll.dll!NtOpenSection] [7ffa04550000] IAT C:\WINDOWS\Explorer.EXE[1612] @ C:\WINDOWS\SYSTEM32\UxTheme.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\WINDOWS\Explorer.EXE[1612] @ C:\WINDOWS\SYSTEM32\dwmapi.dll[ntdll.dll!NtCreateSection] [7ffa04520000] IAT C:\WINDOWS\Explorer.EXE[1612] @ C:\WINDOWS\SYSTEM32\dwmapi.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\WINDOWS\Explorer.EXE[1612] @ C:\WINDOWS\SYSTEM32\TWINAPI.dll[ntdll.dll!NtCreateSection] [7ffa04520000] IAT C:\WINDOWS\Explorer.EXE[1612] @ C:\WINDOWS\SYSTEM32\sechost.dll[ntdll.dll!NtSetSystemInformation] [7ffa044f0000] IAT C:\WINDOWS\Explorer.EXE[1612] @ C:\WINDOWS\SYSTEM32\sechost.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\WINDOWS\Explorer.EXE[1612] @ C:\WINDOWS\system32\RPCRT4.dll[ntdll.dll!NtCreateSection] [7ffa04520000] IAT C:\WINDOWS\Explorer.EXE[1612] @ C:\WINDOWS\system32\RPCRT4.dll[ntdll.dll!NtAlpcSendWaitReceivePort] [7ffa04280000] IAT C:\WINDOWS\Explorer.EXE[1612] @ C:\WINDOWS\system32\MSCTF.dll[ntdll.dll!NtAlpcSendWaitReceivePort] [7ffa04280000] IAT C:\WINDOWS\Explorer.EXE[1612] @ C:\WINDOWS\system32\MSCTF.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\WINDOWS\Explorer.EXE[1612] @ C:\WINDOWS\system32\ole32.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\WINDOWS\Explorer.EXE[1612] @ C:\WINDOWS\SYSTEM32\ntmarta.dll[ntdll.dll!NtOpenSection] [7ffa04550000] IAT C:\WINDOWS\Explorer.EXE[1612] @ C:\WINDOWS\SYSTEM32\bcryptPrimitives.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\WINDOWS\Explorer.EXE[1612] @ C:\WINDOWS\SYSTEM32\WINSTA.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\WINDOWS\Explorer.EXE[1612] @ C:\WINDOWS\SYSTEM32\DUI70.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\WINDOWS\Explorer.EXE[1612] @ C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda\Comctl32.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\WINDOWS\Explorer.EXE[1612] @ C:\WINDOWS\SYSTEM32\DUser.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\WINDOWS\Explorer.EXE[1612] @ C:\WINDOWS\system32\twinui.dll[ntdll.dll!NtSetSystemInformation] [7ffa044f0000] IAT C:\WINDOWS\Explorer.EXE[1612] @ C:\WINDOWS\system32\twinui.dll[ntdll.dll!ZwAlpcSendWaitReceivePort] [7ffa04280000] IAT C:\WINDOWS\Explorer.EXE[1612] @ C:\WINDOWS\system32\twinui.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\WINDOWS\Explorer.EXE[1612] @ C:\WINDOWS\SYSTEM32\CRYPTSP.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\WINDOWS\Explorer.EXE[1612] @ C:\WINDOWS\system32\rsaenh.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\WINDOWS\Explorer.EXE[1612] @ C:\WINDOWS\SYSTEM32\bcrypt.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\WINDOWS\Explorer.EXE[1612] @ C:\WINDOWS\system32\explorerframe.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\WINDOWS\Explorer.EXE[1612] @ C:\WINDOWS\System32\twinui.appcore.dll[ntdll.dll!ZwAlpcSendWaitReceivePort] [7ffa04280000] IAT C:\WINDOWS\Explorer.EXE[1612] @ C:\WINDOWS\System32\wpncore.dll[ntdll.dll!ZwAlpcSendWaitReceivePort] [7ffa04280000] IAT C:\WINDOWS\Explorer.EXE[1612] @ C:\WINDOWS\system32\dwrite.dll[ntdll.dll!NtAlpcSendWaitReceivePort] [7ffa04280000] IAT C:\WINDOWS\Explorer.EXE[1612] @ C:\WINDOWS\SYSTEM32\ncrypt.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\WINDOWS\Explorer.EXE[1612] @ C:\Windows\System32\thumbcache.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\WINDOWS\Explorer.EXE[1612] @ C:\Windows\System32\InputSwitch.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\WINDOWS\Explorer.EXE[1612] @ C:\WINDOWS\system32\stobject.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\WINDOWS\Explorer.EXE[1612] @ C:\WINDOWS\system32\BatMeter.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\WINDOWS\Explorer.EXE[1612] @ C:\WINDOWS\system32\prnfldr.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\WINDOWS\Explorer.EXE[1612] @ C:\WINDOWS\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9600.17415_none_932b3b5547500489\gdiplus.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\WINDOWS\Explorer.EXE[1612] @ C:\WINDOWS\SYSTEM32\AUDIOSES.DLL[ntdll.dll!NtAlpcSendWaitReceivePort] [7ffa04280000] IAT C:\WINDOWS\Explorer.EXE[1612] @ C:\WINDOWS\SYSTEM32\Secur32.dll[ntdll.dll!NtOpenSection] [7ffa04550000] IAT C:\WINDOWS\Explorer.EXE[1612] @ C:\WINDOWS\system32\NSI.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\WINDOWS\Explorer.EXE[1612] @ C:\WINDOWS\System32\CSCAPI.dll[ntdll.dll!NtCreateEvent] [7ffa04300000] IAT C:\WINDOWS\Explorer.EXE[1612] @ C:\WINDOWS\System32\AltTab.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\WINDOWS\Explorer.EXE[1612] @ C:\WINDOWS\system32\authui.dll[ntdll.dll!NtSetSystemInformation] [7ffa044f0000] IAT C:\WINDOWS\Explorer.EXE[1612] @ C:\WINDOWS\system32\authui.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\WINDOWS\Explorer.EXE[1612] @ C:\WINDOWS\system32\WS2_32.dll[ntdll.dll!NtLoadDriver] [7ffa044a0000] IAT C:\WINDOWS\Explorer.EXE[1612] @ C:\WINDOWS\system32\mswsock.dll[ntdll.dll!NtLoadDriver] [7ffa044a0000] IAT C:\WINDOWS\Explorer.EXE[1612] @ C:\WINDOWS\system32\mswsock.dll[ntdll.dll!NtCreateEvent] [7ffa04300000] IAT C:\WINDOWS\Explorer.EXE[1612] @ C:\WINDOWS\System32\wpnprv.dll[ntdll.dll!ZwAlpcSendWaitReceivePort] [7ffa04280000] IAT C:\WINDOWS\Explorer.EXE[1612] @ C:\WINDOWS\SYSTEM32\ntshrui.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\WINDOWS\Explorer.EXE[1612] @ C:\WINDOWS\system32\WSClient.dll[ntdll.dll!NtSetSystemInformation] [7ffa044f0000] IAT C:\WINDOWS\Explorer.EXE[1612] @ C:\WINDOWS\system32\WSShared.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\WINDOWS\Explorer.EXE[1612] @ C:\WINDOWS\system32\wer.dll[ntdll.dll!NtAlpcSendWaitReceivePort] [7ffa04280000] IAT C:\WINDOWS\Explorer.EXE[1612] @ C:\Windows\System32\ieframe.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\WINDOWS\Explorer.EXE[1612] @ C:\WINDOWS\System32\hgcpl.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\WINDOWS\Explorer.EXE[1612] @ C:\Windows\System32\Windows.UI.Xaml.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\WINDOWS\Explorer.EXE[1612] @ C:\WINDOWS\SYSTEM32\MsftEdit.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\WINDOWS\Explorer.EXE[1612] @ C:\WINDOWS\system32\schannel.DLL[ntdll.dll!NtCreateEvent] [7ffa04300000] IAT C:\WINDOWS\Explorer.EXE[1612] @ C:\WINDOWS\system32\ncryptsslp.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\WINDOWS\Explorer.EXE[1612] @ C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\WINDOWS\Explorer.EXE[1612] @ C:\WINDOWS\SYSTEM32\tbs.dll[ntdll.dll!NtCreateEvent] [7ffa04300000] IAT C:\WINDOWS\Explorer.EXE[1612] @ C:\WINDOWS\System32\werconcpl.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\WINDOWS\Explorer.EXE[1612] @ C:\WINDOWS\system32\UIRibbon.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\WINDOWS\Explorer.EXE[1612] @ C:\WINDOWS\system32\NetworkExplorer.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\WINDOWS\Explorer.EXE[1612] @ C:\WINDOWS\system32\WINMM.dll[ntdll.dll!NtCreateEvent] [7ffa04300000] IAT C:\WINDOWS\Explorer.EXE[1612] @ C:\WINDOWS\SYSTEM32\AVRT.dll[ntdll.dll!NtAlpcSendWaitReceivePort] [7ffa04280000] IAT C:\WINDOWS\Explorer.EXE[1612] @ C:\WINDOWS\SYSTEM32\AVRT.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\WINDOWS\Explorer.EXE[1612] @ C:\WINDOWS\SYSTEM32\AVRT.dll[ntdll.dll!NtCreateEvent] [7ffa04300000] IAT C:\WINDOWS\Explorer.EXE[1612] @ C:\WINDOWS\system32\syncui.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\WINDOWS\Explorer.EXE[1612] @ C:\WINDOWS\SYSTEM32\mfc100u.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\WINDOWS\Explorer.EXE[1612] @ C:\Program Files (x86)\Notepad++\NppShell_06.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\WINDOWS\Explorer.EXE[1612] @ C:\WINDOWS\system32\acppage.dll[ntdll.dll!NtCreateSection] [7ffa04520000] IAT C:\WINDOWS\Explorer.EXE[1612] @ C:\WINDOWS\system32\OPENGL32.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\WINDOWS\Explorer.EXE[1612] @ C:\WINDOWS\system32\DDRAW.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\WINDOWS\Explorer.EXE[1612] @ C:\WINDOWS\system32\DCIMAN32.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\WINDOWS\system32\GWX\GWX.exe[3220] @ C:\WINDOWS\system32\KERNEL32.DLL[ntdll.dll!NtCreateEvent] [7ffa04300000] IAT C:\WINDOWS\system32\GWX\GWX.exe[3220] @ C:\WINDOWS\system32\KERNEL32.DLL[ntdll.dll!NtCreateSection] [7ffa04520000] IAT C:\WINDOWS\system32\GWX\GWX.exe[3220] @ C:\WINDOWS\system32\KERNEL32.DLL[ntdll.dll!NtSetSystemInformation] [7ffa044f0000] IAT C:\WINDOWS\system32\GWX\GWX.exe[3220] @ C:\WINDOWS\system32\KERNEL32.DLL[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\WINDOWS\system32\GWX\GWX.exe[3220] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateEvent] [7ffa04300000] IAT C:\WINDOWS\system32\GWX\GWX.exe[3220] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\WINDOWS\system32\GWX\GWX.exe[3220] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateSection] [7ffa04520000] IAT C:\WINDOWS\system32\GWX\GWX.exe[3220] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtSetSystemInformation] [7ffa044f0000] IAT C:\WINDOWS\system32\GWX\GWX.exe[3220] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateSemaphore] [7ffa04360000] IAT C:\WINDOWS\system32\GWX\GWX.exe[3220] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateMutant] [7ffa042b0000] IAT C:\WINDOWS\system32\GWX\GWX.exe[3220] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtOpenSection] [7ffa04550000] IAT C:\WINDOWS\system32\GWX\GWX.exe[3220] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateThreadEx] [7ffa04580000] IAT C:\WINDOWS\system32\GWX\GWX.exe[3220] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtTerminateThread] [7ffa043e0000] IAT C:\WINDOWS\system32\GWX\GWX.exe[3220] @ C:\WINDOWS\system32\ADVAPI32.dll[ntdll.dll!NtSetSystemInformation] [7ffa044f0000] IAT C:\Program Files\Elantech\ETDCtrl.exe[5864] @ C:\WINDOWS\system32\KERNEL32.DLL[ntdll.dll!NtCreateEvent] [7ffa043c0000] IAT C:\Program Files\Elantech\ETDCtrl.exe[5864] @ C:\WINDOWS\system32\KERNEL32.DLL[ntdll.dll!NtCreateSection] [7ffa045e0000] IAT C:\Program Files\Elantech\ETDCtrl.exe[5864] @ C:\WINDOWS\system32\KERNEL32.DLL[ntdll.dll!NtSetSystemInformation] [7ffa045b0000] IAT C:\Program Files\Elantech\ETDCtrl.exe[5864] @ C:\WINDOWS\system32\KERNEL32.DLL[ntdll.dll!NtTerminateProcess] [7ffa04530000] IAT C:\Program Files\Elantech\ETDCtrl.exe[5864] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateEvent] [7ffa043c0000] IAT C:\Program Files\Elantech\ETDCtrl.exe[5864] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtTerminateProcess] [7ffa04530000] IAT C:\Program Files\Elantech\ETDCtrl.exe[5864] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateSection] [7ffa045e0000] IAT C:\Program Files\Elantech\ETDCtrl.exe[5864] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtSetSystemInformation] [7ffa045b0000] IAT C:\Program Files\Elantech\ETDCtrl.exe[5864] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateSemaphore] [7ffa04420000] IAT C:\Program Files\Elantech\ETDCtrl.exe[5864] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateMutant] [7ffa04370000] IAT C:\Program Files\Elantech\ETDCtrl.exe[5864] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtOpenSection] [7ffa04610000] IAT C:\Program Files\Elantech\ETDCtrl.exe[5864] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateThreadEx] [7ffa04640000] IAT C:\Program Files\Elantech\ETDCtrl.exe[5864] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtTerminateThread] [7ffa044a0000] IAT C:\Program Files\Elantech\ETDCtrl.exe[5864] @ C:\WINDOWS\system32\USER32.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\Program Files\Elantech\ETDCtrl.exe[5864] @ C:\WINDOWS\system32\GDI32.dll[ntdll.dll!NtCreateSection] [7ffa045e0000] IAT C:\Program Files\Elantech\ETDCtrl.exe[5864] @ C:\WINDOWS\system32\COMDLG32.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\Program Files\Elantech\ETDCtrl.exe[5864] @ C:\WINDOWS\system32\ADVAPI32.dll[ntdll.dll!NtSetSystemInformation] [7ffa045b0000] IAT C:\Program Files\Elantech\ETDCtrl.exe[5864] @ C:\WINDOWS\system32\SHELL32.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\Program Files\Elantech\ETDCtrl.exe[5864] @ C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda\COMCTL32.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\Program Files\Elantech\ETDCtrl.exe[5864] @ C:\WINDOWS\system32\SHLWAPI.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\Program Files\Elantech\ETDCtrl.exe[5864] @ C:\WINDOWS\system32\ole32.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\Program Files\Elantech\ETDCtrl.exe[5864] @ C:\WINDOWS\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9600.17415_none_932b3b5547500489\gdiplus.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\Program Files\Elantech\ETDCtrl.exe[5864] @ C:\WINDOWS\SYSTEM32\WINMM.dll[ntdll.dll!NtCreateEvent] [7ffa043c0000] IAT C:\Program Files\Elantech\ETDCtrl.exe[5864] @ C:\WINDOWS\system32\RPCRT4.dll[ntdll.dll!NtCreateSection] [7ffa045e0000] IAT C:\Program Files\Elantech\ETDCtrl.exe[5864] @ C:\WINDOWS\system32\RPCRT4.dll[ntdll.dll!NtAlpcSendWaitReceivePort] [7ffa04340000] IAT C:\Program Files\Elantech\ETDCtrl.exe[5864] @ C:\WINDOWS\SYSTEM32\sechost.dll[ntdll.dll!NtSetSystemInformation] [7ffa045b0000] IAT C:\Program Files\Elantech\ETDCtrl.exe[5864] @ C:\WINDOWS\SYSTEM32\sechost.dll[ntdll.dll!NtTerminateProcess] [7ffa04530000] IAT C:\Program Files\Elantech\ETDCtrl.exe[5864] @ C:\WINDOWS\SYSTEM32\combase.dll[ntdll.dll!NtTerminateProcess] [7ffa04530000] IAT C:\Program Files\Elantech\ETDCtrl.exe[5864] @ C:\WINDOWS\system32\MSCTF.dll[ntdll.dll!NtAlpcSendWaitReceivePort] [7ffa04340000] IAT C:\Program Files\Elantech\ETDCtrl.exe[5864] @ C:\WINDOWS\system32\MSCTF.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\Program Files\Elantech\ETDCtrl.exe[5864] @ C:\WINDOWS\SYSTEM32\ntmarta.dll[ntdll.dll!NtOpenSection] [7ffa04610000] IAT C:\Program Files\Elantech\ETDCtrl.exe[5864] @ C:\WINDOWS\system32\uxtheme.dll[ntdll.dll!NtCreateSection] [7ffa045e0000] IAT C:\Program Files\Elantech\ETDCtrl.exe[5864] @ C:\WINDOWS\system32\uxtheme.dll[ntdll.dll!NtOpenSection] [7ffa04610000] IAT C:\Program Files\Elantech\ETDCtrl.exe[5864] @ C:\WINDOWS\system32\uxtheme.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\Program Files\Elantech\ETDCtrl.exe[5864] @ C:\WINDOWS\system32\dwmapi.dll[ntdll.dll!NtCreateSection] [7ffa045e0000] IAT C:\Program Files\Elantech\ETDCtrl.exe[5864] @ C:\WINDOWS\system32\dwmapi.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\Program Files\Elantech\ETDCtrl.exe[5864] @ C:\WINDOWS\SYSTEM32\riched20.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\Program Files\Elantech\ETDCtrl.exe[5864] @ C:\WINDOWS\SYSTEM32\WINSTA.dll[ntdll.dll!NtTerminateProcess] [7ffa04530000] IAT C:\Program Files\Elantech\ETDCtrl.exe[5864] @ C:\WINDOWS\SYSTEM32\bcryptPrimitives.dll[ntdll.dll!NtTerminateProcess] [7ffa04530000] IAT C:\Program Files\Elantech\ETDCtrl.exe[5864] @ C:\WINDOWS\SYSTEM32\CRYPTSP.dll[ntdll.dll!NtTerminateProcess] [7ffa04530000] IAT C:\Program Files\Elantech\ETDCtrl.exe[5864] @ C:\WINDOWS\system32\rsaenh.dll[ntdll.dll!NtTerminateProcess] [7ffa04530000] IAT C:\Program Files\Elantech\ETDCtrl.exe[5864] @ C:\WINDOWS\SYSTEM32\bcrypt.dll[ntdll.dll!NtTerminateProcess] [7ffa04530000] IAT C:\Program Files\Elantech\ETDCtrl.exe[5864] @ C:\WINDOWS\SYSTEM32\Secur32.dll[ntdll.dll!NtOpenSection] [7ffa04610000] IAT C:\Program Files\Elantech\ETDCtrl.exe[5864] @ C:\WINDOWS\SYSTEM32\apphelp.dll[ntdll.dll!NtCreateSection] [7ffa045e0000] IAT C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[1864] @ C:\WINDOWS\system32\USER32.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[1864] @ C:\WINDOWS\system32\ole32.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[1864] @ C:\WINDOWS\system32\SHLWAPI.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[1864] @ C:\WINDOWS\system32\MSCTF.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[1864] @ C:\WINDOWS\system32\uxtheme.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[1864] @ C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\wpfgfx_v0400.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[1864] @ C:\WINDOWS\system32\dwmapi.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[1864] @ C:\WINDOWS\system32\shell32.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[1864] @ C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda\comctl32.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[1864] @ C:\WINDOWS\WinSxS\amd64_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_044aad0bab1eb146\mfc90u.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[1864] @ C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9600.17810_none_34ae2abd958aedeb\COMCTL32.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[1864] @ C:\WINDOWS\SYSTEM32\mfc100u.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[1864] @ C:\WINDOWS\SYSTEM32\d3d9.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\Program Files (x86)\Bluetooth Suite\BtTray.exe[1864] @ C:\WINDOWS\system32\msctfui.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4216] @ C:\WINDOWS\system32\KERNEL32.DLL[ntdll.dll!NtCreateEvent] [7ffa04300000] IAT C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4216] @ C:\WINDOWS\system32\KERNEL32.DLL[ntdll.dll!NtCreateSection] [7ffa04520000] IAT C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4216] @ C:\WINDOWS\system32\KERNEL32.DLL[ntdll.dll!NtSetSystemInformation] [7ffa044f0000] IAT C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4216] @ C:\WINDOWS\system32\KERNEL32.DLL[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4216] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateEvent] [7ffa04300000] IAT C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4216] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4216] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateSection] [7ffa04520000] IAT C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4216] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtSetSystemInformation] [7ffa044f0000] IAT C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4216] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateSemaphore] [7ffa04360000] IAT C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4216] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateMutant] [7ffa042b0000] IAT C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4216] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtOpenSection] [7ffa04550000] IAT C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4216] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateThreadEx] [7ffa04580000] IAT C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4216] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtTerminateThread] [7ffa043e0000] IAT C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4216] @ C:\WINDOWS\system32\SHELL32.dll[GDI32.dll!DeleteDC] [7ffa01650000] IAT C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4216] @ C:\WINDOWS\system32\SHLWAPI.dll[GDI32.dll!DeleteDC] [7ffa01650000] IAT C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4216] @ C:\WINDOWS\system32\USER32.dll[GDI32.dll!DeleteDC] [7ffa01650000] IAT C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4216] @ C:\WINDOWS\system32\ADVAPI32.dll[ntdll.dll!NtSetSystemInformation] [7ffa044f0000] IAT C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4216] @ C:\WINDOWS\system32\ole32.dll[GDI32.dll!DeleteDC] [7ffa01650000] IAT C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4216] @ C:\WINDOWS\system32\WS2_32.dll[ntdll.dll!NtLoadDriver] [7ffa044a0000] IAT C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4216] @ C:\WINDOWS\SYSTEM32\Secur32.dll[ntdll.dll!NtOpenSection] [7ffa04550000] IAT C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4216] @ C:\WINDOWS\system32\GDI32.dll[ntdll.dll!NtCreateSection] [7ffa04520000] IAT C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4216] @ C:\WINDOWS\system32\RPCRT4.dll[ntdll.dll!NtCreateSection] [7ffa04520000] IAT C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4216] @ C:\WINDOWS\system32\RPCRT4.dll[ntdll.dll!NtAlpcSendWaitReceivePort] [7ffa04280000] IAT C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4216] @ C:\WINDOWS\SYSTEM32\combase.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4216] @ C:\WINDOWS\SYSTEM32\sechost.dll[ntdll.dll!NtSetSystemInformation] [7ffa044f0000] IAT C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4216] @ C:\WINDOWS\SYSTEM32\sechost.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4216] @ C:\WINDOWS\system32\NSI.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4216] @ C:\WINDOWS\system32\MSCTF.dll[ntdll.dll!NtAlpcSendWaitReceivePort] [7ffa04280000] IAT C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4216] @ C:\WINDOWS\system32\MSCTF.dll[GDI32.dll!DeleteDC] [7ffa01650000] IAT C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4216] @ C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda\comctl32.dll[GDI32.dll!DeleteDC] [7ffa01650000] IAT C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4216] @ C:\WINDOWS\SYSTEM32\ntmarta.dll[ntdll.dll!NtOpenSection] [7ffa04550000] IAT C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4216] @ C:\WINDOWS\system32\mswsock.dll[ntdll.dll!NtLoadDriver] [7ffa044a0000] IAT C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4216] @ C:\WINDOWS\system32\mswsock.dll[ntdll.dll!NtCreateEvent] [7ffa04300000] IAT C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4216] @ C:\WINDOWS\SYSTEM32\bcryptPrimitives.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4216] @ C:\WINDOWS\system32\uxtheme.dll[ntdll.dll!NtCreateSection] [7ffa04520000] IAT C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4216] @ C:\WINDOWS\system32\uxtheme.dll[ntdll.dll!NtOpenSection] [7ffa04550000] IAT C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4216] @ C:\WINDOWS\system32\uxtheme.dll[GDI32.dll!DeleteDC] [7ffa01650000] IAT C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4216] @ C:\WINDOWS\system32\dwmapi.dll[ntdll.dll!NtCreateSection] [7ffa04520000] IAT C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4216] @ C:\WINDOWS\system32\dwmapi.dll[GDI32.dll!DeleteDC] [7ffa01650000] IAT C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4216] @ C:\WINDOWS\SYSTEM32\WINMM.dll[ntdll.dll!NtCreateEvent] [7ffa04300000] IAT C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4216] @ C:\WINDOWS\SYSTEM32\mfc100u.dll[GDI32.dll!DeleteDC] [7ffa01650000] IAT C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4216] @ C:\WINDOWS\SYSTEM32\POWRPROF.dll[ntdll.dll!ZwAlpcSendWaitReceivePort] [7ffa04280000] IAT C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4216] @ C:\WINDOWS\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9600.17415_none_932b3b5547500489\gdiplus.dll[GDI32.dll!DeleteDC] [7ffa01650000] IAT C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4216] @ C:\WINDOWS\system32\COMDLG32.dll[GDI32.dll!DeleteDC] [7ffa01650000] IAT C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4216] @ C:\WINDOWS\SYSTEM32\CRYPTSP.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4216] @ C:\WINDOWS\system32\rsaenh.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4216] @ C:\WINDOWS\SYSTEM32\bcrypt.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4216] @ C:\WINDOWS\SYSTEM32\WINSTA.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[4216] @ C:\WINDOWS\SYSTEM32\mfc100.dll[GDI32.dll!DeleteDC] [7ffa01650000] IAT C:\Program Files\Elantech\ETDCtrlHelper.exe[4600] @ C:\WINDOWS\system32\KERNEL32.DLL[ntdll.dll!NtCreateEvent] [7ffa043c0000] IAT C:\Program Files\Elantech\ETDCtrlHelper.exe[4600] @ C:\WINDOWS\system32\KERNEL32.DLL[ntdll.dll!NtCreateSection] [7ffa045e0000] IAT C:\Program Files\Elantech\ETDCtrlHelper.exe[4600] @ C:\WINDOWS\system32\KERNEL32.DLL[ntdll.dll!NtSetSystemInformation] [7ffa045b0000] IAT C:\Program Files\Elantech\ETDCtrlHelper.exe[4600] @ C:\WINDOWS\system32\KERNEL32.DLL[ntdll.dll!NtTerminateProcess] [7ffa04530000] IAT C:\Program Files\Elantech\ETDCtrlHelper.exe[4600] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateEvent] [7ffa043c0000] IAT C:\Program Files\Elantech\ETDCtrlHelper.exe[4600] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtTerminateProcess] [7ffa04530000] IAT C:\Program Files\Elantech\ETDCtrlHelper.exe[4600] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateSection] [7ffa045e0000] IAT C:\Program Files\Elantech\ETDCtrlHelper.exe[4600] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtSetSystemInformation] [7ffa045b0000] IAT C:\Program Files\Elantech\ETDCtrlHelper.exe[4600] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateSemaphore] [7ffa04420000] IAT C:\Program Files\Elantech\ETDCtrlHelper.exe[4600] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateMutant] [7ffa04370000] IAT C:\Program Files\Elantech\ETDCtrlHelper.exe[4600] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtOpenSection] [7ffa04610000] IAT C:\Program Files\Elantech\ETDCtrlHelper.exe[4600] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateThreadEx] [7ffa04640000] IAT C:\Program Files\Elantech\ETDCtrlHelper.exe[4600] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtTerminateThread] [7ffa044a0000] IAT C:\Program Files\Elantech\ETDCtrlHelper.exe[4600] @ C:\WINDOWS\system32\USER32.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\Program Files\Elantech\ETDCtrlHelper.exe[4600] @ C:\WINDOWS\system32\GDI32.dll[ntdll.dll!NtCreateSection] [7ffa045e0000] IAT C:\Program Files\Elantech\ETDCtrlHelper.exe[4600] @ C:\WINDOWS\system32\COMDLG32.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\Program Files\Elantech\ETDCtrlHelper.exe[4600] @ C:\WINDOWS\system32\ADVAPI32.dll[ntdll.dll!NtSetSystemInformation] [7ffa045b0000] IAT C:\Program Files\Elantech\ETDCtrlHelper.exe[4600] @ C:\WINDOWS\system32\SHELL32.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\Program Files\Elantech\ETDCtrlHelper.exe[4600] @ C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9600.17810_none_34ae2abd958aedeb\COMCTL32.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\Program Files\Elantech\ETDCtrlHelper.exe[4600] @ C:\WINDOWS\system32\SHLWAPI.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\Program Files\Elantech\ETDCtrlHelper.exe[4600] @ C:\WINDOWS\system32\ole32.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\Program Files\Elantech\ETDCtrlHelper.exe[4600] @ C:\WINDOWS\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9600.17415_none_932b3b5547500489\gdiplus.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\Program Files\Elantech\ETDCtrlHelper.exe[4600] @ C:\WINDOWS\SYSTEM32\WINMM.dll[ntdll.dll!NtCreateEvent] [7ffa043c0000] IAT C:\Program Files\Elantech\ETDCtrlHelper.exe[4600] @ C:\WINDOWS\SYSTEM32\sechost.dll[ntdll.dll!NtSetSystemInformation] [7ffa045b0000] IAT C:\Program Files\Elantech\ETDCtrlHelper.exe[4600] @ C:\WINDOWS\SYSTEM32\sechost.dll[ntdll.dll!NtTerminateProcess] [7ffa04530000] IAT C:\Program Files\Elantech\ETDCtrlHelper.exe[4600] @ C:\WINDOWS\system32\RPCRT4.dll[ntdll.dll!NtCreateSection] [7ffa045e0000] IAT C:\Program Files\Elantech\ETDCtrlHelper.exe[4600] @ C:\WINDOWS\system32\RPCRT4.dll[ntdll.dll!NtAlpcSendWaitReceivePort] [7ffa04340000] IAT C:\Program Files\Elantech\ETDCtrlHelper.exe[4600] @ C:\WINDOWS\SYSTEM32\combase.dll[ntdll.dll!NtTerminateProcess] [7ffa04530000] IAT C:\Program Files\Elantech\ETDCtrlHelper.exe[4600] @ C:\WINDOWS\system32\MSCTF.dll[ntdll.dll!NtAlpcSendWaitReceivePort] [7ffa04340000] IAT C:\Program Files\Elantech\ETDCtrlHelper.exe[4600] @ C:\WINDOWS\system32\MSCTF.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\Program Files\Elantech\ETDCtrlHelper.exe[4600] @ C:\WINDOWS\SYSTEM32\ntmarta.dll[ntdll.dll!NtOpenSection] [7ffa04610000] IAT C:\Program Files\Elantech\ETDCtrlHelper.exe[4600] @ C:\WINDOWS\system32\uxtheme.dll[ntdll.dll!NtCreateSection] [7ffa045e0000] IAT C:\Program Files\Elantech\ETDCtrlHelper.exe[4600] @ C:\WINDOWS\system32\uxtheme.dll[ntdll.dll!NtOpenSection] [7ffa04610000] IAT C:\Program Files\Elantech\ETDCtrlHelper.exe[4600] @ C:\WINDOWS\system32\uxtheme.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\Program Files\Elantech\ETDCtrlHelper.exe[4600] @ C:\WINDOWS\system32\dwmapi.dll[ntdll.dll!NtCreateSection] [7ffa045e0000] IAT C:\Program Files\Elantech\ETDCtrlHelper.exe[4600] @ C:\WINDOWS\system32\dwmapi.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\Program Files\Elantech\ETDCtrlHelper.exe[4600] @ C:\WINDOWS\SYSTEM32\powrprof.dll[ntdll.dll!ZwAlpcSendWaitReceivePort] [7ffa04340000] IAT C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3212] @ C:\WINDOWS\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9600.17415_none_932b3b5547500489\gdiplus.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3212] @ C:\WINDOWS\system32\USER32.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3212] @ C:\WINDOWS\system32\SHELL32.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3212] @ C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9600.17810_none_34ae2abd958aedeb\COMCTL32.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3212] @ C:\WINDOWS\system32\SHLWAPI.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3212] @ C:\WINDOWS\SYSTEM32\UxTheme.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3212] @ C:\WINDOWS\SYSTEM32\dwmapi.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3212] @ C:\WINDOWS\system32\ole32.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3212] @ C:\WINDOWS\SYSTEM32\oledlg.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3212] @ C:\WINDOWS\system32\MSCTF.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\Program Files\Elantech\ETDIntelligent.exe[3108] @ C:\WINDOWS\system32\KERNEL32.DLL[ntdll.dll!NtCreateEvent] [7ffa043c0000] IAT C:\Program Files\Elantech\ETDIntelligent.exe[3108] @ C:\WINDOWS\system32\KERNEL32.DLL[ntdll.dll!NtCreateSection] [7ffa045e0000] IAT C:\Program Files\Elantech\ETDIntelligent.exe[3108] @ C:\WINDOWS\system32\KERNEL32.DLL[ntdll.dll!NtSetSystemInformation] [7ffa045b0000] IAT C:\Program Files\Elantech\ETDIntelligent.exe[3108] @ C:\WINDOWS\system32\KERNEL32.DLL[ntdll.dll!NtTerminateProcess] [7ffa04530000] IAT C:\Program Files\Elantech\ETDIntelligent.exe[3108] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateEvent] [7ffa043c0000] IAT C:\Program Files\Elantech\ETDIntelligent.exe[3108] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtTerminateProcess] [7ffa04530000] IAT C:\Program Files\Elantech\ETDIntelligent.exe[3108] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateSection] [7ffa045e0000] IAT C:\Program Files\Elantech\ETDIntelligent.exe[3108] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtSetSystemInformation] [7ffa045b0000] IAT C:\Program Files\Elantech\ETDIntelligent.exe[3108] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateSemaphore] [7ffa04420000] IAT C:\Program Files\Elantech\ETDIntelligent.exe[3108] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateMutant] [7ffa04370000] IAT C:\Program Files\Elantech\ETDIntelligent.exe[3108] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtOpenSection] [7ffa04610000] IAT C:\Program Files\Elantech\ETDIntelligent.exe[3108] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateThreadEx] [7ffa04640000] IAT C:\Program Files\Elantech\ETDIntelligent.exe[3108] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtTerminateThread] [7ffa044a0000] IAT C:\Program Files\Elantech\ETDIntelligent.exe[3108] @ C:\WINDOWS\system32\USER32.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\Program Files\Elantech\ETDIntelligent.exe[3108] @ C:\WINDOWS\system32\GDI32.dll[ntdll.dll!NtCreateSection] [7ffa045e0000] IAT C:\Program Files\Elantech\ETDIntelligent.exe[3108] @ C:\WINDOWS\system32\COMDLG32.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\Program Files\Elantech\ETDIntelligent.exe[3108] @ C:\WINDOWS\system32\ADVAPI32.dll[ntdll.dll!NtSetSystemInformation] [7ffa045b0000] IAT C:\Program Files\Elantech\ETDIntelligent.exe[3108] @ C:\WINDOWS\system32\SHELL32.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\Program Files\Elantech\ETDIntelligent.exe[3108] @ C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9600.17810_none_34ae2abd958aedeb\COMCTL32.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\Program Files\Elantech\ETDIntelligent.exe[3108] @ C:\WINDOWS\system32\SHLWAPI.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\Program Files\Elantech\ETDIntelligent.exe[3108] @ C:\WINDOWS\system32\ole32.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\Program Files\Elantech\ETDIntelligent.exe[3108] @ C:\WINDOWS\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9600.17415_none_932b3b5547500489\gdiplus.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\Program Files\Elantech\ETDIntelligent.exe[3108] @ C:\WINDOWS\SYSTEM32\WINMM.dll[ntdll.dll!NtCreateEvent] [7ffa043c0000] IAT C:\Program Files\Elantech\ETDIntelligent.exe[3108] @ C:\WINDOWS\SYSTEM32\sechost.dll[ntdll.dll!NtSetSystemInformation] [7ffa045b0000] IAT C:\Program Files\Elantech\ETDIntelligent.exe[3108] @ C:\WINDOWS\SYSTEM32\sechost.dll[ntdll.dll!NtTerminateProcess] [7ffa04530000] IAT C:\Program Files\Elantech\ETDIntelligent.exe[3108] @ C:\WINDOWS\system32\RPCRT4.dll[ntdll.dll!NtCreateSection] [7ffa045e0000] IAT C:\Program Files\Elantech\ETDIntelligent.exe[3108] @ C:\WINDOWS\system32\RPCRT4.dll[ntdll.dll!NtAlpcSendWaitReceivePort] [7ffa04340000] IAT C:\Program Files\Elantech\ETDIntelligent.exe[3108] @ C:\WINDOWS\SYSTEM32\combase.dll[ntdll.dll!NtTerminateProcess] [7ffa04530000] IAT C:\Program Files\Elantech\ETDIntelligent.exe[3108] @ C:\WINDOWS\system32\MSCTF.dll[ntdll.dll!NtAlpcSendWaitReceivePort] [7ffa04340000] IAT C:\Program Files\Elantech\ETDIntelligent.exe[3108] @ C:\WINDOWS\system32\MSCTF.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\Program Files\Elantech\ETDIntelligent.exe[3108] @ C:\WINDOWS\SYSTEM32\ntmarta.dll[ntdll.dll!NtOpenSection] [7ffa04610000] IAT C:\Program Files\Elantech\ETDIntelligent.exe[3108] @ C:\WINDOWS\system32\uxtheme.dll[ntdll.dll!NtCreateSection] [7ffa045e0000] IAT C:\Program Files\Elantech\ETDIntelligent.exe[3108] @ C:\WINDOWS\system32\uxtheme.dll[ntdll.dll!NtOpenSection] [7ffa04610000] IAT C:\Program Files\Elantech\ETDIntelligent.exe[3108] @ C:\WINDOWS\system32\uxtheme.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\Program Files\Elantech\ETDIntelligent.exe[3108] @ C:\WINDOWS\system32\dwmapi.dll[ntdll.dll!NtCreateSection] [7ffa045e0000] IAT C:\Program Files\Elantech\ETDIntelligent.exe[3108] @ C:\WINDOWS\system32\dwmapi.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\Program Files\Elantech\ETDIntelligent.exe[3108] @ C:\WINDOWS\SYSTEM32\bcryptPrimitives.dll[ntdll.dll!NtTerminateProcess] [7ffa04530000] IAT C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[684] @ C:\WINDOWS\system32\KERNEL32.dll[ntdll.dll!NtCreateEvent] [7ffa04300000] IAT C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[684] @ C:\WINDOWS\system32\KERNEL32.dll[ntdll.dll!NtCreateSection] [7ffa04520000] IAT C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[684] @ C:\WINDOWS\system32\KERNEL32.dll[ntdll.dll!NtSetSystemInformation] [7ffa044f0000] IAT C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[684] @ C:\WINDOWS\system32\KERNEL32.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[684] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateEvent] [7ffa04300000] IAT C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[684] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[684] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateSection] [7ffa04520000] IAT C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[684] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtSetSystemInformation] [7ffa044f0000] IAT C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[684] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateSemaphore] [7ffa04360000] IAT C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[684] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateMutant] [7ffa042b0000] IAT C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[684] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtOpenSection] [7ffa04550000] IAT C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[684] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateThreadEx] [7ffa04580000] IAT C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[684] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtTerminateThread] [7ffa043e0000] IAT C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[684] @ C:\WINDOWS\system32\SHLWAPI.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[684] @ C:\Program Files (x86)\Lenovo\Energy Management\mfc110ud.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[684] @ C:\WINDOWS\system32\USER32.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[684] @ C:\WINDOWS\system32\ADVAPI32.dll[ntdll.dll!NtSetSystemInformation] [7ffa044f0000] IAT C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[684] @ C:\WINDOWS\system32\SHELL32.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[684] @ C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9600.17810_none_34ae2abd958aedeb\COMCTL32.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[684] @ C:\WINDOWS\SYSTEM32\combase.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[684] @ C:\WINDOWS\system32\GDI32.dll[ntdll.dll!NtCreateSection] [7ffa04520000] IAT C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[684] @ C:\WINDOWS\SYSTEM32\sechost.dll[ntdll.dll!NtSetSystemInformation] [7ffa044f0000] IAT C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[684] @ C:\WINDOWS\SYSTEM32\sechost.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[684] @ C:\WINDOWS\system32\RPCRT4.dll[ntdll.dll!NtCreateSection] [7ffa04520000] IAT C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[684] @ C:\WINDOWS\system32\RPCRT4.dll[ntdll.dll!NtAlpcSendWaitReceivePort] [7ffa04280000] IAT C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[684] @ C:\WINDOWS\system32\MSCTF.dll[ntdll.dll!NtAlpcSendWaitReceivePort] [7ffa04280000] IAT C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[684] @ C:\WINDOWS\system32\MSCTF.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[684] @ C:\WINDOWS\system32\ole32.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[684] @ C:\WINDOWS\SYSTEM32\ntmarta.dll[ntdll.dll!NtOpenSection] [7ffa04550000] IAT C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[684] @ C:\WINDOWS\SYSTEM32\bcryptPrimitives.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[684] @ C:\WINDOWS\system32\uxtheme.dll[ntdll.dll!NtCreateSection] [7ffa04520000] IAT C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[684] @ C:\WINDOWS\system32\uxtheme.dll[ntdll.dll!NtOpenSection] [7ffa04550000] IAT C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[684] @ C:\WINDOWS\system32\uxtheme.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[684] @ C:\WINDOWS\SYSTEM32\Powrprof.dll[ntdll.dll!ZwAlpcSendWaitReceivePort] [7ffa04280000] IAT C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[684] @ C:\WINDOWS\system32\dwmapi.dll[ntdll.dll!NtCreateSection] [7ffa04520000] IAT C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[684] @ C:\WINDOWS\system32\dwmapi.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\Program Files\Logitech Gaming Software\LCore.exe[3364] @ C:\WINDOWS\system32\KERNEL32.DLL[ntdll.dll!NtCreateEvent] [7ffa04300000] IAT C:\Program Files\Logitech Gaming Software\LCore.exe[3364] @ C:\WINDOWS\system32\KERNEL32.DLL[ntdll.dll!NtCreateSection] [7ffa04520000] IAT C:\Program Files\Logitech Gaming Software\LCore.exe[3364] @ C:\WINDOWS\system32\KERNEL32.DLL[ntdll.dll!NtSetSystemInformation] [7ffa044f0000] IAT C:\Program Files\Logitech Gaming Software\LCore.exe[3364] @ C:\WINDOWS\system32\KERNEL32.DLL[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\Program Files\Logitech Gaming Software\LCore.exe[3364] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateEvent] [7ffa04300000] IAT C:\Program Files\Logitech Gaming Software\LCore.exe[3364] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\Program Files\Logitech Gaming Software\LCore.exe[3364] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateSection] [7ffa04520000] IAT C:\Program Files\Logitech Gaming Software\LCore.exe[3364] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtSetSystemInformation] [7ffa044f0000] IAT C:\Program Files\Logitech Gaming Software\LCore.exe[3364] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateSemaphore] [7ffa04360000] IAT C:\Program Files\Logitech Gaming Software\LCore.exe[3364] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateMutant] [7ffa042b0000] IAT C:\Program Files\Logitech Gaming Software\LCore.exe[3364] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtOpenSection] [7ffa04550000] IAT C:\Program Files\Logitech Gaming Software\LCore.exe[3364] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateThreadEx] [7ffa04580000] IAT C:\Program Files\Logitech Gaming Software\LCore.exe[3364] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtTerminateThread] [7ffa043e0000] IAT C:\Program Files\Logitech Gaming Software\LCore.exe[3364] @ C:\WINDOWS\SYSTEM32\POWRPROF.dll[ntdll.dll!ZwAlpcSendWaitReceivePort] [7ffa04280000] IAT C:\Program Files\Logitech Gaming Software\LCore.exe[3364] @ C:\WINDOWS\SYSTEM32\WINMM.dll[ntdll.dll!NtCreateEvent] [7ffa04300000] IAT C:\Program Files\Logitech Gaming Software\LCore.exe[3364] @ C:\WINDOWS\system32\USER32.dll[GDI32.dll!DeleteDC] [7ffa01650000] IAT C:\Program Files\Logitech Gaming Software\LCore.exe[3364] @ C:\WINDOWS\system32\GDI32.dll[ntdll.dll!NtCreateSection] [7ffa04520000] IAT C:\Program Files\Logitech Gaming Software\LCore.exe[3364] @ C:\WINDOWS\system32\ADVAPI32.dll[ntdll.dll!NtSetSystemInformation] [7ffa044f0000] IAT C:\Program Files\Logitech Gaming Software\LCore.exe[3364] @ C:\WINDOWS\system32\SHELL32.dll[GDI32.dll!DeleteDC] [7ffa01650000] IAT C:\Program Files\Logitech Gaming Software\LCore.exe[3364] @ C:\WINDOWS\system32\ole32.dll[GDI32.dll!DeleteDC] [7ffa01650000] IAT C:\Program Files\Logitech Gaming Software\LCore.exe[3364] @ C:\WINDOWS\SYSTEM32\QUARTZ.dll[GDI32.dll!DeleteDC] [7ffa01650000] IAT C:\Program Files\Logitech Gaming Software\LCore.exe[3364] @ C:\WINDOWS\system32\SHLWAPI.dll[GDI32.dll!DeleteDC] [7ffa01650000] IAT C:\Program Files\Logitech Gaming Software\LCore.exe[3364] @ C:\WINDOWS\system32\RPCRT4.dll[ntdll.dll!NtCreateSection] [7ffa04520000] IAT C:\Program Files\Logitech Gaming Software\LCore.exe[3364] @ C:\WINDOWS\system32\RPCRT4.dll[ntdll.dll!NtAlpcSendWaitReceivePort] [7ffa04280000] IAT C:\Program Files\Logitech Gaming Software\LCore.exe[3364] @ C:\WINDOWS\system32\WS2_32.dll[ntdll.dll!NtLoadDriver] [7ffa044a0000] IAT C:\Program Files\Logitech Gaming Software\LCore.exe[3364] @ C:\WINDOWS\SYSTEM32\sechost.dll[ntdll.dll!NtSetSystemInformation] [7ffa044f0000] IAT C:\Program Files\Logitech Gaming Software\LCore.exe[3364] @ C:\WINDOWS\SYSTEM32\sechost.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\Program Files\Logitech Gaming Software\LCore.exe[3364] @ C:\WINDOWS\SYSTEM32\combase.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\Program Files\Logitech Gaming Software\LCore.exe[3364] @ C:\WINDOWS\system32\NSI.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\Program Files\Logitech Gaming Software\LCore.exe[3364] @ C:\WINDOWS\SYSTEM32\d3d9.dll[GDI32.dll!DeleteDC] [7ffa01650000] IAT C:\Program Files\Logitech Gaming Software\LCore.exe[3364] @ C:\WINDOWS\SYSTEM32\dwmapi.dll[ntdll.dll!NtCreateSection] [7ffa04520000] IAT C:\Program Files\Logitech Gaming Software\LCore.exe[3364] @ C:\WINDOWS\SYSTEM32\dwmapi.dll[GDI32.dll!DeleteDC] [7ffa01650000] IAT C:\Program Files\Logitech Gaming Software\LCore.exe[3364] @ C:\WINDOWS\SYSTEM32\bcryptPrimitives.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\Program Files\Logitech Gaming Software\LCore.exe[3364] @ C:\WINDOWS\system32\MSCTF.dll[ntdll.dll!NtAlpcSendWaitReceivePort] [7ffa04280000] IAT C:\Program Files\Logitech Gaming Software\LCore.exe[3364] @ C:\WINDOWS\system32\MSCTF.dll[GDI32.dll!DeleteDC] [7ffa01650000] IAT C:\Program Files\Logitech Gaming Software\LCore.exe[3364] @ C:\WINDOWS\SYSTEM32\ntmarta.dll[ntdll.dll!NtOpenSection] [7ffa04550000] IAT C:\Program Files\Logitech Gaming Software\LCore.exe[3364] @ C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll[GDI32.dll!DeleteDC] [7ffa01650000] IAT C:\Program Files\Logitech Gaming Software\LCore.exe[3364] @ C:\WINDOWS\system32\uxtheme.dll[ntdll.dll!NtCreateSection] [7ffa04520000] IAT C:\Program Files\Logitech Gaming Software\LCore.exe[3364] @ C:\WINDOWS\system32\uxtheme.dll[ntdll.dll!NtOpenSection] [7ffa04550000] IAT C:\Program Files\Logitech Gaming Software\LCore.exe[3364] @ C:\WINDOWS\system32\uxtheme.dll[GDI32.dll!DeleteDC] [7ffa01650000] IAT C:\Program Files\Logitech Gaming Software\LCore.exe[3364] @ C:\WINDOWS\SYSTEM32\CRYPTSP.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\Program Files\Logitech Gaming Software\LCore.exe[3364] @ C:\WINDOWS\system32\rsaenh.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\Program Files\Logitech Gaming Software\LCore.exe[3364] @ C:\WINDOWS\SYSTEM32\bcrypt.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\Program Files\Logitech Gaming Software\LCore.exe[3364] @ C:\WINDOWS\system32\mswsock.dll[ntdll.dll!NtLoadDriver] [7ffa044a0000] IAT C:\Program Files\Logitech Gaming Software\LCore.exe[3364] @ C:\WINDOWS\system32\mswsock.dll[ntdll.dll!NtCreateEvent] [7ffa04300000] IAT C:\Program Files\Logitech Gaming Software\LCore.exe[3364] @ C:\WINDOWS\SYSTEM32\WINSTA.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[3608] @ C:\WINDOWS\system32\KERNEL32.DLL[ntdll.dll!NtCreateEvent] [7ffa04300000] IAT C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[3608] @ C:\WINDOWS\system32\KERNEL32.DLL[ntdll.dll!NtCreateSection] [7ffa04520000] IAT C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[3608] @ C:\WINDOWS\system32\KERNEL32.DLL[ntdll.dll!NtSetSystemInformation] [7ffa044f0000] IAT C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[3608] @ C:\WINDOWS\system32\KERNEL32.DLL[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[3608] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateEvent] [7ffa04300000] IAT C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[3608] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[3608] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateSection] [7ffa04520000] IAT C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[3608] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtSetSystemInformation] [7ffa044f0000] IAT C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[3608] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateSemaphore] [7ffa04360000] IAT C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[3608] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateMutant] [7ffa042b0000] IAT C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[3608] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtOpenSection] [7ffa04550000] IAT C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[3608] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateThreadEx] [7ffa04580000] IAT C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[3608] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtTerminateThread] [7ffa043e0000] IAT C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[3608] @ C:\WINDOWS\system32\ADVAPI32.dll[ntdll.dll!NtSetSystemInformation] [7ffa044f0000] IAT C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[3608] @ C:\WINDOWS\system32\GDI32.dll[ntdll.dll!NtCreateSection] [7ffa04520000] IAT C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[3608] @ C:\WINDOWS\system32\USER32.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[3608] @ C:\WINDOWS\system32\ole32.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[3608] @ C:\WINDOWS\SYSTEM32\WINMM.dll[ntdll.dll!NtCreateEvent] [7ffa04300000] IAT C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[3608] @ C:\WINDOWS\system32\SHLWAPI.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[3608] @ C:\WINDOWS\SYSTEM32\sechost.dll[ntdll.dll!NtSetSystemInformation] [7ffa044f0000] IAT C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[3608] @ C:\WINDOWS\SYSTEM32\sechost.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[3608] @ C:\WINDOWS\system32\RPCRT4.dll[ntdll.dll!NtCreateSection] [7ffa04520000] IAT C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[3608] @ C:\WINDOWS\system32\RPCRT4.dll[ntdll.dll!NtAlpcSendWaitReceivePort] [7ffa04280000] IAT C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[3608] @ C:\WINDOWS\SYSTEM32\combase.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[3608] @ C:\WINDOWS\system32\MSCTF.dll[ntdll.dll!NtAlpcSendWaitReceivePort] [7ffa04280000] IAT C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[3608] @ C:\WINDOWS\system32\MSCTF.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[3608] @ C:\WINDOWS\SYSTEM32\ntmarta.dll[ntdll.dll!NtOpenSection] [7ffa04550000] IAT C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[3608] @ C:\WINDOWS\SYSTEM32\bcryptPrimitives.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[3608] @ C:\WINDOWS\SYSTEM32\Avrt.DLL[ntdll.dll!NtAlpcSendWaitReceivePort] [7ffa04280000] IAT C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[3608] @ C:\WINDOWS\SYSTEM32\Avrt.DLL[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[3608] @ C:\WINDOWS\SYSTEM32\Avrt.DLL[ntdll.dll!NtCreateEvent] [7ffa04300000] IAT C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[3608] @ C:\WINDOWS\system32\uxtheme.dll[ntdll.dll!NtCreateSection] [7ffa04520000] IAT C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[3608] @ C:\WINDOWS\system32\uxtheme.dll[ntdll.dll!NtOpenSection] [7ffa04550000] IAT C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[3608] @ C:\WINDOWS\system32\uxtheme.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[3608] @ C:\WINDOWS\system32\dwmapi.dll[ntdll.dll!NtCreateSection] [7ffa04520000] IAT C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[3608] @ C:\WINDOWS\system32\dwmapi.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[3608] @ C:\WINDOWS\SYSTEM32\WINSTA.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\Windows\System32\igfxtray.exe[2148] @ C:\WINDOWS\system32\USER32.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\Windows\System32\igfxtray.exe[2148] @ C:\WINDOWS\system32\SHELL32.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\Windows\System32\igfxtray.exe[2148] @ C:\WINDOWS\system32\ole32.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\Windows\System32\igfxtray.exe[2148] @ C:\WINDOWS\system32\SHLWAPI.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\Windows\System32\igfxtray.exe[2148] @ C:\WINDOWS\system32\MSCTF.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\Windows\System32\igfxtray.exe[2148] @ C:\WINDOWS\system32\uxtheme.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\Windows\System32\igfxtray.exe[2148] @ C:\WINDOWS\system32\dwmapi.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\Windows\System32\hkcmd.exe[3344] @ C:\WINDOWS\system32\KERNEL32.DLL[ntdll.dll!NtCreateEvent] [7ffa04300000] IAT C:\Windows\System32\hkcmd.exe[3344] @ C:\WINDOWS\system32\KERNEL32.DLL[ntdll.dll!NtCreateSection] [7ffa04520000] IAT C:\Windows\System32\hkcmd.exe[3344] @ C:\WINDOWS\system32\KERNEL32.DLL[ntdll.dll!NtSetSystemInformation] [7ffa044f0000] IAT C:\Windows\System32\hkcmd.exe[3344] @ C:\WINDOWS\system32\KERNEL32.DLL[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\Windows\System32\hkcmd.exe[3344] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateEvent] [7ffa04300000] IAT C:\Windows\System32\hkcmd.exe[3344] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\Windows\System32\hkcmd.exe[3344] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateSection] [7ffa04520000] IAT C:\Windows\System32\hkcmd.exe[3344] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtSetSystemInformation] [7ffa044f0000] IAT C:\Windows\System32\hkcmd.exe[3344] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateSemaphore] [7ffa04360000] IAT C:\Windows\System32\hkcmd.exe[3344] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateMutant] [7ffa042b0000] IAT C:\Windows\System32\hkcmd.exe[3344] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtOpenSection] [7ffa04550000] IAT C:\Windows\System32\hkcmd.exe[3344] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateThreadEx] [7ffa04580000] IAT C:\Windows\System32\hkcmd.exe[3344] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtTerminateThread] [7ffa043e0000] IAT C:\Windows\System32\hkcmd.exe[3344] @ C:\WINDOWS\system32\USER32.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\Windows\System32\hkcmd.exe[3344] @ C:\WINDOWS\system32\ADVAPI32.dll[ntdll.dll!NtSetSystemInformation] [7ffa044f0000] IAT C:\Windows\System32\hkcmd.exe[3344] @ C:\WINDOWS\system32\SHELL32.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\Windows\System32\hkcmd.exe[3344] @ C:\WINDOWS\system32\ole32.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\Windows\System32\hkcmd.exe[3344] @ C:\WINDOWS\system32\GDI32.dll[ntdll.dll!NtCreateSection] [7ffa04520000] IAT C:\Windows\System32\hkcmd.exe[3344] @ C:\WINDOWS\SYSTEM32\sechost.dll[ntdll.dll!NtSetSystemInformation] [7ffa044f0000] IAT C:\Windows\System32\hkcmd.exe[3344] @ C:\WINDOWS\SYSTEM32\sechost.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\Windows\System32\hkcmd.exe[3344] @ C:\WINDOWS\system32\RPCRT4.dll[ntdll.dll!NtCreateSection] [7ffa04520000] IAT C:\Windows\System32\hkcmd.exe[3344] @ C:\WINDOWS\system32\RPCRT4.dll[ntdll.dll!NtAlpcSendWaitReceivePort] [7ffa04280000] IAT C:\Windows\System32\hkcmd.exe[3344] @ C:\WINDOWS\SYSTEM32\combase.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\Windows\System32\hkcmd.exe[3344] @ C:\WINDOWS\system32\SHLWAPI.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\Windows\System32\hkcmd.exe[3344] @ C:\WINDOWS\system32\MSCTF.dll[ntdll.dll!NtAlpcSendWaitReceivePort] [7ffa04280000] IAT C:\Windows\System32\hkcmd.exe[3344] @ C:\WINDOWS\system32\MSCTF.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\Windows\System32\hkcmd.exe[3344] @ C:\WINDOWS\SYSTEM32\ntmarta.dll[ntdll.dll!NtOpenSection] [7ffa04550000] IAT C:\Windows\System32\hkcmd.exe[3344] @ C:\Windows\System32\bcryptPrimitives.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\Windows\System32\hkcmd.exe[3344] @ C:\WINDOWS\system32\uxtheme.dll[ntdll.dll!NtCreateSection] [7ffa04520000] IAT C:\Windows\System32\hkcmd.exe[3344] @ C:\WINDOWS\system32\uxtheme.dll[ntdll.dll!NtOpenSection] [7ffa04550000] IAT C:\Windows\System32\hkcmd.exe[3344] @ C:\WINDOWS\system32\uxtheme.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\Windows\System32\hkcmd.exe[3344] @ C:\Windows\System32\CRYPTSP.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\Windows\System32\hkcmd.exe[3344] @ C:\WINDOWS\system32\rsaenh.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\Windows\System32\hkcmd.exe[3344] @ C:\Windows\System32\bcrypt.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\Windows\System32\hkcmd.exe[3344] @ C:\WINDOWS\system32\dwmapi.dll[ntdll.dll!NtCreateSection] [7ffa04520000] IAT C:\Windows\System32\hkcmd.exe[3344] @ C:\WINDOWS\system32\dwmapi.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\WINDOWS\system32\igfxsrvc.exe[5608] @ C:\WINDOWS\system32\USER32.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\WINDOWS\system32\igfxsrvc.exe[5608] @ C:\WINDOWS\system32\ole32.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\WINDOWS\system32\igfxsrvc.exe[5608] @ C:\WINDOWS\system32\MSCTF.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\WINDOWS\system32\igfxsrvc.exe[5608] @ C:\WINDOWS\system32\SHLWAPI.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\WINDOWS\system32\igfxsrvc.exe[5608] @ C:\WINDOWS\system32\uxtheme.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\WINDOWS\system32\igfxsrvc.exe[5608] @ C:\WINDOWS\system32\OPENGL32.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\WINDOWS\system32\igfxsrvc.exe[5608] @ C:\WINDOWS\system32\DDRAW.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\WINDOWS\system32\igfxsrvc.exe[5608] @ C:\WINDOWS\system32\DCIMAN32.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\Windows\System32\igfxpers.exe[5840] @ C:\WINDOWS\system32\KERNEL32.DLL[ntdll.dll!NtCreateEvent] [7ffa04300000] IAT C:\Windows\System32\igfxpers.exe[5840] @ C:\WINDOWS\system32\KERNEL32.DLL[ntdll.dll!NtCreateSection] [7ffa04520000] IAT C:\Windows\System32\igfxpers.exe[5840] @ C:\WINDOWS\system32\KERNEL32.DLL[ntdll.dll!NtSetSystemInformation] [7ffa044f0000] IAT C:\Windows\System32\igfxpers.exe[5840] @ C:\WINDOWS\system32\KERNEL32.DLL[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\Windows\System32\igfxpers.exe[5840] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateEvent] [7ffa04300000] IAT C:\Windows\System32\igfxpers.exe[5840] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\Windows\System32\igfxpers.exe[5840] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateSection] [7ffa04520000] IAT C:\Windows\System32\igfxpers.exe[5840] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtSetSystemInformation] [7ffa044f0000] IAT C:\Windows\System32\igfxpers.exe[5840] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateSemaphore] [7ffa04360000] IAT C:\Windows\System32\igfxpers.exe[5840] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateMutant] [7ffa042b0000] IAT C:\Windows\System32\igfxpers.exe[5840] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtOpenSection] [7ffa04550000] IAT C:\Windows\System32\igfxpers.exe[5840] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateThreadEx] [7ffa04580000] IAT C:\Windows\System32\igfxpers.exe[5840] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtTerminateThread] [7ffa043e0000] IAT C:\Windows\System32\igfxpers.exe[5840] @ C:\Windows\System32\POWRPROF.dll[ntdll.dll!ZwAlpcSendWaitReceivePort] [7ffa04280000] IAT C:\Windows\System32\igfxpers.exe[5840] @ C:\WINDOWS\system32\USER32.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\Windows\System32\igfxpers.exe[5840] @ C:\WINDOWS\system32\ADVAPI32.dll[ntdll.dll!NtSetSystemInformation] [7ffa044f0000] IAT C:\Windows\System32\igfxpers.exe[5840] @ C:\WINDOWS\system32\SHELL32.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\Windows\System32\igfxpers.exe[5840] @ C:\WINDOWS\system32\ole32.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\Windows\System32\igfxpers.exe[5840] @ C:\WINDOWS\system32\GDI32.dll[ntdll.dll!NtCreateSection] [7ffa04520000] IAT C:\Windows\System32\igfxpers.exe[5840] @ C:\WINDOWS\system32\RPCRT4.dll[ntdll.dll!NtCreateSection] [7ffa04520000] IAT C:\Windows\System32\igfxpers.exe[5840] @ C:\WINDOWS\system32\RPCRT4.dll[ntdll.dll!NtAlpcSendWaitReceivePort] [7ffa04280000] IAT C:\Windows\System32\igfxpers.exe[5840] @ C:\WINDOWS\SYSTEM32\sechost.dll[ntdll.dll!NtSetSystemInformation] [7ffa044f0000] IAT C:\Windows\System32\igfxpers.exe[5840] @ C:\WINDOWS\SYSTEM32\sechost.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\Windows\System32\igfxpers.exe[5840] @ C:\WINDOWS\SYSTEM32\combase.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\Windows\System32\igfxpers.exe[5840] @ C:\WINDOWS\system32\SHLWAPI.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\Windows\System32\igfxpers.exe[5840] @ C:\WINDOWS\system32\MSCTF.dll[ntdll.dll!NtAlpcSendWaitReceivePort] [7ffa04280000] IAT C:\Windows\System32\igfxpers.exe[5840] @ C:\WINDOWS\system32\MSCTF.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\Windows\System32\igfxpers.exe[5840] @ C:\WINDOWS\SYSTEM32\ntmarta.dll[ntdll.dll!NtOpenSection] [7ffa04550000] IAT C:\Windows\System32\igfxpers.exe[5840] @ C:\Windows\System32\bcryptPrimitives.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\Windows\System32\igfxpers.exe[5840] @ C:\WINDOWS\system32\uxtheme.dll[ntdll.dll!NtCreateSection] [7ffa04520000] IAT C:\Windows\System32\igfxpers.exe[5840] @ C:\WINDOWS\system32\uxtheme.dll[ntdll.dll!NtOpenSection] [7ffa04550000] IAT C:\Windows\System32\igfxpers.exe[5840] @ C:\WINDOWS\system32\uxtheme.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\Windows\System32\igfxpers.exe[5840] @ C:\Windows\System32\CRYPTSP.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\Windows\System32\igfxpers.exe[5840] @ C:\WINDOWS\system32\rsaenh.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\Windows\System32\igfxpers.exe[5840] @ C:\Windows\System32\bcrypt.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\Windows\System32\igfxpers.exe[5840] @ C:\WINDOWS\system32\dwmapi.dll[ntdll.dll!NtCreateSection] [7ffa04520000] IAT C:\Windows\System32\igfxpers.exe[5840] @ C:\WINDOWS\system32\dwmapi.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\Windows\System32\igfxpers.exe[5840] @ C:\Windows\System32\WINSTA.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[3992] @ C:\WINDOWS\system32\KERNEL32.dll[ntdll.dll!NtCreateEvent] [7ffa04300000] IAT C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[3992] @ C:\WINDOWS\system32\KERNEL32.dll[ntdll.dll!NtCreateSection] [7ffa04520000] IAT C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[3992] @ C:\WINDOWS\system32\KERNEL32.dll[ntdll.dll!NtSetSystemInformation] [7ffa044f0000] IAT C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[3992] @ C:\WINDOWS\system32\KERNEL32.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[3992] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateEvent] [7ffa04300000] IAT C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[3992] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[3992] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateSection] [7ffa04520000] IAT C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[3992] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtSetSystemInformation] [7ffa044f0000] IAT C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[3992] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateSemaphore] [7ffa04360000] IAT C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[3992] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateMutant] [7ffa042b0000] IAT C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[3992] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtOpenSection] [7ffa04550000] IAT C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[3992] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateThreadEx] [7ffa04580000] IAT C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[3992] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtTerminateThread] [7ffa043e0000] IAT C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[3992] @ C:\WINDOWS\system32\USER32.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[3992] @ C:\WINDOWS\system32\GDI32.dll[ntdll.dll!NtCreateSection] [7ffa04520000] IAT C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[3992] @ C:\WINDOWS\system32\ADVAPI32.dll[ntdll.dll!NtSetSystemInformation] [7ffa044f0000] IAT C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[3992] @ C:\WINDOWS\system32\ole32.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[3992] @ C:\WINDOWS\system32\SHLWAPI.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[3992] @ C:\WINDOWS\SYSTEM32\sechost.dll[ntdll.dll!NtSetSystemInformation] [7ffa044f0000] IAT C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[3992] @ C:\WINDOWS\SYSTEM32\sechost.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[3992] @ C:\WINDOWS\system32\RPCRT4.dll[ntdll.dll!NtCreateSection] [7ffa04520000] IAT C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[3992] @ C:\WINDOWS\system32\RPCRT4.dll[ntdll.dll!NtAlpcSendWaitReceivePort] [7ffa04280000] IAT C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[3992] @ C:\WINDOWS\SYSTEM32\combase.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[3992] @ C:\WINDOWS\system32\MSCTF.dll[ntdll.dll!NtAlpcSendWaitReceivePort] [7ffa04280000] IAT C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[3992] @ C:\WINDOWS\system32\MSCTF.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[3992] @ C:\WINDOWS\SYSTEM32\ntmarta.dll[ntdll.dll!NtOpenSection] [7ffa04550000] IAT C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[3992] @ C:\WINDOWS\SYSTEM32\bcryptPrimitives.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[3992] @ C:\WINDOWS\system32\uxtheme.dll[ntdll.dll!NtCreateSection] [7ffa04520000] IAT C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[3992] @ C:\WINDOWS\system32\uxtheme.dll[ntdll.dll!NtOpenSection] [7ffa04550000] IAT C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[3992] @ C:\WINDOWS\system32\uxtheme.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[3992] @ C:\WINDOWS\SYSTEM32\CRYPTSP.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[3992] @ C:\WINDOWS\system32\rsaenh.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[3992] @ C:\WINDOWS\SYSTEM32\bcrypt.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[3992] @ C:\WINDOWS\SYSTEM32\dwrite.dll[ntdll.dll!NtAlpcSendWaitReceivePort] [7ffa04280000] IAT C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[3992] @ C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\wpfgfx_v0400.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[3992] @ C:\WINDOWS\system32\SHELL32.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[3992] @ C:\WINDOWS\system32\dwmapi.dll[ntdll.dll!NtCreateSection] [7ffa04520000] IAT C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe[3992] @ C:\WINDOWS\system32\dwmapi.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\WINDOWS\system32\wuauclt.exe[548] @ C:\WINDOWS\system32\KERNEL32.DLL[ntdll.dll!NtCreateEvent] [7ffa04300000] IAT C:\WINDOWS\system32\wuauclt.exe[548] @ C:\WINDOWS\system32\KERNEL32.DLL[ntdll.dll!NtCreateSection] [7ffa04520000] IAT C:\WINDOWS\system32\wuauclt.exe[548] @ C:\WINDOWS\system32\KERNEL32.DLL[ntdll.dll!NtSetSystemInformation] [7ffa044f0000] IAT C:\WINDOWS\system32\wuauclt.exe[548] @ C:\WINDOWS\system32\KERNEL32.DLL[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\WINDOWS\system32\wuauclt.exe[548] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateEvent] [7ffa04300000] IAT C:\WINDOWS\system32\wuauclt.exe[548] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\WINDOWS\system32\wuauclt.exe[548] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateSection] [7ffa04520000] IAT C:\WINDOWS\system32\wuauclt.exe[548] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtSetSystemInformation] [7ffa044f0000] IAT C:\WINDOWS\system32\wuauclt.exe[548] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateSemaphore] [7ffa04360000] IAT C:\WINDOWS\system32\wuauclt.exe[548] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateMutant] [7ffa042b0000] IAT C:\WINDOWS\system32\wuauclt.exe[548] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtOpenSection] [7ffa04550000] IAT C:\WINDOWS\system32\wuauclt.exe[548] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtCreateThreadEx] [7ffa04580000] IAT C:\WINDOWS\system32\wuauclt.exe[548] @ C:\WINDOWS\system32\KERNELBASE.dll[ntdll.dll!NtTerminateThread] [7ffa043e0000] IAT C:\WINDOWS\system32\wuauclt.exe[548] @ C:\WINDOWS\SYSTEM32\combase.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\WINDOWS\system32\wuauclt.exe[548] @ C:\WINDOWS\system32\ole32.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\WINDOWS\system32\wuauclt.exe[548] @ C:\WINDOWS\system32\USER32.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\WINDOWS\system32\wuauclt.exe[548] @ C:\WINDOWS\system32\SHLWAPI.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\WINDOWS\system32\wuauclt.exe[548] @ C:\WINDOWS\system32\RPCRT4.dll[ntdll.dll!NtCreateSection] [7ffa04520000] IAT C:\WINDOWS\system32\wuauclt.exe[548] @ C:\WINDOWS\system32\RPCRT4.dll[ntdll.dll!NtAlpcSendWaitReceivePort] [7ffa04280000] IAT C:\WINDOWS\system32\wuauclt.exe[548] @ C:\WINDOWS\SYSTEM32\sechost.dll[ntdll.dll!NtSetSystemInformation] [7ffa044f0000] IAT C:\WINDOWS\system32\wuauclt.exe[548] @ C:\WINDOWS\SYSTEM32\sechost.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\WINDOWS\system32\wuauclt.exe[548] @ C:\WINDOWS\system32\GDI32.dll[ntdll.dll!NtCreateSection] [7ffa04520000] IAT C:\WINDOWS\system32\wuauclt.exe[548] @ C:\WINDOWS\system32\MSCTF.dll[ntdll.dll!NtAlpcSendWaitReceivePort] [7ffa04280000] IAT C:\WINDOWS\system32\wuauclt.exe[548] @ C:\WINDOWS\system32\MSCTF.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\WINDOWS\system32\wuauclt.exe[548] @ C:\WINDOWS\system32\ADVAPI32.dll[ntdll.dll!NtSetSystemInformation] [7ffa044f0000] IAT C:\WINDOWS\system32\wuauclt.exe[548] @ C:\WINDOWS\SYSTEM32\ntmarta.dll[ntdll.dll!NtOpenSection] [7ffa04550000] IAT C:\WINDOWS\system32\wuauclt.exe[548] @ C:\WINDOWS\SYSTEM32\wucltux.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\WINDOWS\system32\wuauclt.exe[548] @ C:\WINDOWS\SYSTEM32\DUser.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\WINDOWS\system32\wuauclt.exe[548] @ C:\WINDOWS\SYSTEM32\DUI70.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\WINDOWS\system32\wuauclt.exe[548] @ C:\WINDOWS\system32\SHELL32.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\WINDOWS\system32\wuauclt.exe[548] @ C:\WINDOWS\SYSTEM32\UxTheme.dll[ntdll.dll!NtCreateSection] [7ffa04520000] IAT C:\WINDOWS\system32\wuauclt.exe[548] @ C:\WINDOWS\SYSTEM32\UxTheme.dll[ntdll.dll!NtOpenSection] [7ffa04550000] IAT C:\WINDOWS\system32\wuauclt.exe[548] @ C:\WINDOWS\SYSTEM32\UxTheme.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\WINDOWS\system32\wuauclt.exe[548] @ C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda\comctl32.dll[GDI32.dll!DeleteDC] [7ffa01640000] IAT C:\WINDOWS\system32\wuauclt.exe[548] @ C:\WINDOWS\system32\bcryptPrimitives.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\WINDOWS\system32\wuauclt.exe[548] @ C:\WINDOWS\system32\CRYPTSP.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\WINDOWS\system32\wuauclt.exe[548] @ C:\WINDOWS\system32\rsaenh.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\WINDOWS\system32\wuauclt.exe[548] @ C:\WINDOWS\system32\bcrypt.dll[ntdll.dll!NtTerminateProcess] [7ffa04470000] IAT C:\WINDOWS\system32\wbem\unsecapp.exe[3492] @ C:\WINDOWS\system32\USER32.dll[GDI32.dll!DeleteDC] [7ffa01650000] IAT C:\WINDOWS\system32\wbem\unsecapp.exe[3492] @ C:\WINDOWS\system32\ole32.dll[GDI32.dll!DeleteDC] [7ffa01650000] IAT C:\WINDOWS\system32\wbem\unsecapp.exe[3492] @ C:\WINDOWS\system32\SHLWAPI.dll[GDI32.dll!DeleteDC] [7ffa01650000] IAT C:\WINDOWS\system32\wbem\unsecapp.exe[3492] @ C:\WINDOWS\system32\MSCTF.dll[GDI32.dll!DeleteDC] [7ffa01650000] IAT C:\WINDOWS\system32\wbem\unsecapp.exe[3492] @ C:\WINDOWS\system32\uxtheme.dll[GDI32.dll!DeleteDC] [7ffa01650000] ---- Threads - GMER 2.1 ---- Thread C:\WINDOWS\system32\svchost.exe [472:6812] 00007ff9fe504ee0 Thread C:\WINDOWS\system32\svchost.exe [472:6248] 00007ff9f89a1050 Thread C:\WINDOWS\system32\csrss.exe [6076:156] fffff960008be2d0 ---- Processes - GMER 2.1 ---- Library C:\ProgramData\Mobile Partner\OnlineUpdate\mingwm10.dll (*** suspicious ***) @ C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe [2992](2013-06-13 06:27:50) 000000006fbc0000 Library C:\ProgramData\Mobile Partner\OnlineUpdate\libgcc_s_dw2-1.dll (*** suspicious ***) @ C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe [2992](2013-06-13 06:27:50) 000000006e940000 Library C:\ProgramData\Mobile Partner\OnlineUpdate\QtCore4.dll (*** suspicious ***) @ C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe [2992](2013-06-13 06:27:50) 000000006a1c0000 Library C:\ProgramData\Mobile Partner\OnlineUpdate\QtNetwork4.dll (*** suspicious ***) @ C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe [2992](2013-06-13 06:27:50) 000000006ff00000 Library C:\ProgramData\Mobile Partner\OnlineUpdate\QueryStrategy.dll (*** suspicious ***) @ C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe [2992](2013-06-13 06:27:50) 000000006efc0000 Library C:\ProgramData\Mobile Partner\OnlineUpdate\QtXml4.dll (*** suspicious ***) @ C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe [2992](2013-06-13 06:27:50) 000000006ed40000 ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ----