GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2016-03-08 16:57:20 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000038 rev. 0,00MB Running: gmer.exe; Driver: C:\Users\Beata\AppData\Local\Temp\uxldqpod.sys ---- Kernel code sections - GMER 2.1 ---- .text C:\Windows\System32\win32k.sys!W32pServiceTable fffff960000e4300 15 bytes [80, 12, F1, 01, 00, 87, 6C, ...] .text C:\Windows\System32\win32k.sys!W32pServiceTable + 16 fffff960000e4310 11 bytes [00, 93, FC, FF, C0, 27, B9, ...] ---- User code sections - GMER 2.1 ---- .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5436] C:\Windows\system32\KERNEL32.DLL!CreateToolhelp32Snapshot 00007ffbe4b4db10 12 bytes [48, B8, 1E, 08, F5, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5436] C:\Windows\system32\KERNEL32.DLL!Process32NextW 00007ffbe4b4e1f0 12 bytes [48, B8, 02, 15, F5, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5436] C:\Windows\system32\KERNEL32.DLL!GetStartupInfoA + 1 00007ffbe4be34b1 11 bytes [B8, 36, 1D, F5, 00, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5436] C:\Windows\system32\KERNEL32.DLL!MoveFileExA + 1 00007ffbe4c0aba1 8 bytes [B8, F0, 17, F5, 00, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5436] C:\Windows\system32\KERNEL32.DLL!MoveFileExA + 10 00007ffbe4c0abaa 2 bytes [50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5436] C:\Windows\system32\KERNEL32.DLL!MoveFileWithProgressA + 1 00007ffbe4c0aca1 11 bytes [B8, 1C, 19, F5, 00, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5436] C:\Windows\system32\KERNELBASE.dll!CloseHandle 00007ffbe35f14c0 12 bytes [48, B8, CE, 0C, F5, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5436] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 00007ffbe35f21d1 11 bytes [B8, D6, 13, F5, 00, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5436] C:\Windows\system32\KERNELBASE.dll!GetProcAddress 00007ffbe35f42a0 12 bytes [48, B8, 6C, 14, F5, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5436] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 00007ffbe35f6750 12 bytes [48, B8, 38, 0C, F5, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5436] C:\Windows\system32\KERNELBASE.dll!OpenThread 00007ffbe35f6780 12 bytes [48, B8, E0, 09, F5, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5436] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 00007ffbe35f8931 11 bytes [B8, A2, 0B, F5, 00, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5436] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 1 00007ffbe35f8c41 11 bytes [B8, 40, 13, F5, 00, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5436] C:\Windows\system32\KERNELBASE.dll!FindClose + 1 00007ffbe35f9101 11 bytes [B8, A0, 1C, F5, 00, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5436] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 00007ffbe35f96b1 11 bytes [B8, AA, 12, F5, 00, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5436] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 00007ffbe35fc390 12 bytes [48, B8, 74, 1B, F5, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5436] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 00007ffbe3600a51 11 bytes [B8, 0A, 1C, F5, 00, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5436] C:\Windows\system32\KERNELBASE.dll!MoveFileWithProgressW + 1 00007ffbe3603901 11 bytes [B8, B2, 19, F5, 00, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5436] C:\Windows\system32\KERNELBASE.dll!CreateProcessInternalW 00007ffbe360b0a0 12 bytes [48, B8, 9A, 04, F5, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5436] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory + 1 00007ffbe3625bb1 11 bytes [B8, 0C, 0B, F5, 00, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5436] C:\Windows\system32\KERNELBASE.dll!MoveFileExW + 1 00007ffbe3648461 8 bytes [B8, 86, 18, F5, 00, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5436] C:\Windows\system32\KERNELBASE.dll!MoveFileExW + 10 00007ffbe364846a 2 bytes [50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5436] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 00007ffbe366a101 11 bytes [B8, 5A, 17, F5, 00, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5436] C:\Windows\system32\KERNELBASE.dll!CreateThread 00007ffbe366a510 12 bytes [48, B8, 76, 0A, F5, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5436] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputA + 1 00007ffbe36bf8f1 11 bytes [B8, FA, 0D, F5, 00, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5436] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputW + 1 00007ffbe36bf971 11 bytes [B8, 90, 0E, F5, 00, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5436] C:\Windows\system32\KERNELBASE.dll!ReadConsoleA 00007ffbe36c0420 12 bytes [48, B8, 26, 0F, F5, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5436] C:\Windows\system32\KERNELBASE.dll!ReadConsoleW 00007ffbe36c0650 12 bytes [48, B8, BC, 0F, F5, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5436] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread 00007ffbe36d0d60 12 bytes [48, B8, AC, 01, F5, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5436] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 1 00007ffbe49b1da1 5 bytes [B8, 86, 3F, F5, 00] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5436] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 7 00007ffbe49b1da7 5 bytes [00, 00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5436] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 1 00007ffbe49b2041 5 bytes [B8, 48, 41, F5, 00] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5436] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 7 00007ffbe49b2047 5 bytes [00, 00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5436] C:\Windows\system32\ADVAPI32.dll!CryptHashData + 1 00007ffbe49b2061 5 bytes [B8, 0A, 43, F5, 00] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5436] C:\Windows\system32\ADVAPI32.dll!CryptHashData + 7 00007ffbe49b2067 5 bytes [00, 00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5436] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 1 00007ffbe49b2071 5 bytes [B8, 74, 42, F5, 00] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5436] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 7 00007ffbe49b2077 5 bytes [00, 00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5436] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 1 00007ffbe49b2091 5 bytes [B8, A0, 43, F5, 00] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5436] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 7 00007ffbe49b2097 5 bytes [00, 00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5436] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 1 00007ffbe49b20a1 5 bytes [B8, DE, 41, F5, 00] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5436] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 7 00007ffbe49b20a7 5 bytes [00, 00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5436] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 1 00007ffbe49b2201 5 bytes [B8, F0, 3E, F5, 00] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5436] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 7 00007ffbe49b2207 5 bytes [00, 00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5436] C:\Windows\system32\ADVAPI32.dll!CryptGenKey + 1 00007ffbe49e0fd1 5 bytes [B8, 1C, 40, F5, 00] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5436] C:\Windows\system32\ADVAPI32.dll!CryptGenKey + 7 00007ffbe49e0fd7 5 bytes [00, 00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5436] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 1 00007ffbe49e0fe1 5 bytes [B8, B2, 40, F5, 00] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5436] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 7 00007ffbe49e0fe7 5 bytes [00, 00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5436] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 00007ffbe4a0dd30 12 bytes [48, B8, C4, 3D, F5, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5436] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 00007ffbe4a0ddc0 12 bytes [48, B8, 5A, 3E, F5, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5436] C:\Windows\system32\USER32.dll!ShowWindow 00007ffbe61a11b0 6 bytes [48, B8, DC, 2C, F5, 00] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5436] C:\Windows\system32\USER32.dll!ShowWindow + 8 00007ffbe61a11b8 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5436] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx 00007ffbe61a1210 6 bytes [48, B8, 1A, 2B, F5, 00] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5436] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx + 8 00007ffbe61a1218 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5436] C:\Windows\system32\USER32.dll!GetMessageW 00007ffbe61a25d0 12 bytes [48, B8, C2, 28, F5, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5436] C:\Windows\system32\USER32.dll!PeekMessageW + 1 00007ffbe61a28d1 11 bytes [B8, EE, 29, F5, 00, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5436] C:\Windows\system32\USER32.dll!GetWindowLongPtrW + 1 00007ffbe61a2a81 11 bytes [B8, E4, 33, F5, 00, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5436] C:\Windows\system32\USER32.dll!PostMessageW + 1 00007ffbe61a2f61 11 bytes [B8, E8, 37, F5, 00, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5436] C:\Windows\system32\USER32.dll!CallNextHookEx 00007ffbe61a3490 12 bytes [48, B8, 84, 2A, F5, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5436] C:\Windows\system32\USER32.dll!GetWindowLongPtrA + 1 00007ffbe61a46c1 11 bytes [B8, 4E, 33, F5, 00, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5436] C:\Windows\system32\USER32.dll!SetWindowTextW + 1 00007ffbe61a6431 11 bytes [B8, 60, 30, F5, 00, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5436] C:\Windows\system32\USER32.dll!GetWindowLongW + 1 00007ffbe61a65b1 11 bytes [B8, 10, 35, F5, 00, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5436] C:\Windows\system32\USER32.dll!GetWindowLongA 00007ffbe61a7e30 12 bytes [48, B8, 7A, 34, F5, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5436] C:\Windows\system32\USER32.dll!GetMessageA + 1 00007ffbe61a9251 11 bytes [B8, 2C, 28, F5, 00, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5436] C:\Windows\system32\USER32.dll!PostMessageA + 1 00007ffbe61a9371 11 bytes [B8, 52, 37, F5, 00, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5436] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ffbe61a9920 7 bytes [48, B8, B0, 2B, F5, 00, 00] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5436] C:\Windows\system32\USER32.dll!CreateWindowExW + 10 00007ffbe61a992a 2 bytes [50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5436] C:\Windows\system32\USER32.dll!SetWindowsHookExW + 1 00007ffbe61abf11 7 bytes [B8, 00, 27, F5, 00, 00, 00] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5436] C:\Windows\system32\USER32.dll!SetWindowsHookExW + 9 00007ffbe61abf19 3 bytes [00, 50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5436] C:\Windows\system32\USER32.dll!CreateWindowExA 00007ffbe61acf60 7 bytes [48, B8, 46, 2C, F5, 00, 00] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5436] C:\Windows\system32\USER32.dll!CreateWindowExA + 10 00007ffbe61acf6a 2 bytes [50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5436] C:\Windows\system32\USER32.dll!SendNotifyMessageW + 1 00007ffbe61adad1 11 bytes [B8, BC, 36, F5, 00, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5436] C:\Windows\system32\USER32.dll!PeekMessageA + 1 00007ffbe61ae611 11 bytes [B8, 58, 29, F5, 00, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5436] C:\Windows\system32\USER32.dll!UserClientDllInitialize + 1 00007ffbe61ae991 11 bytes [B8, 12, 23, F5, 00, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5436] C:\Windows\system32\USER32.dll!SetWinEventHook 00007ffbe61b4090 12 bytes [48, B8, 96, 27, F5, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5436] C:\Windows\system32\USER32.dll!CreateDialogIndirectParamAorW + 1 00007ffbe61b9951 11 bytes [B8, 72, 2D, F5, 00, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5436] C:\Windows\system32\USER32.dll!FindWindowExW + 1 00007ffbe61c41d1 11 bytes [B8, B8, 32, F5, 00, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5436] C:\Windows\system32\USER32.dll!FindWindowExA + 1 00007ffbe61c4701 5 bytes [B8, 8C, 31, F5, 00] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5436] C:\Windows\system32\USER32.dll!FindWindowExA + 9 00007ffbe61c4709 3 bytes [00, 50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5436] C:\Windows\system32\USER32.dll!FindWindowW + 1 00007ffbe61c64e1 7 bytes [B8, 22, 32, F5, 00, 00, 00] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5436] C:\Windows\system32\USER32.dll!FindWindowW + 9 00007ffbe61c64e9 3 bytes [00, 50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5436] C:\Windows\system32\USER32.dll!DialogBoxIndirectParamAorW + 1 00007ffbe61d8b51 11 bytes [B8, 08, 2E, F5, 00, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5436] C:\Windows\system32\USER32.dll!SendNotifyMessageA + 1 00007ffbe61dd9a1 11 bytes [B8, 26, 36, F5, 00, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5436] C:\Windows\system32\USER32.dll!SetWindowsHookExA + 1 00007ffbe6200da1 8 bytes [B8, 6A, 26, F5, 00, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5436] C:\Windows\system32\USER32.dll!SetWindowsHookExA + 10 00007ffbe6200daa 2 bytes [50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5436] C:\Windows\system32\USER32.dll!MessageBoxExA + 1 00007ffbe6227c31 11 bytes [B8, 9E, 2E, F5, 00, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5436] C:\Windows\system32\USER32.dll!MessageBoxExW + 1 00007ffbe6227c61 11 bytes [B8, 34, 2F, F5, 00, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5436] C:\Windows\system32\USER32.dll!FindWindowA + 1 00007ffbe6228e31 11 bytes [B8, F6, 30, F5, 00, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5436] C:\Windows\system32\USER32.dll!SetWindowTextA + 1 00007ffbe6230f71 11 bytes [B8, CA, 2F, F5, 00, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5436] C:\Windows\system32\GDI32.dll!GdiDllInitialize + 465 00007ffbe43940d1 11 bytes [B8, A8, 23, F5, 00, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5436] C:\Windows\system32\GDI32.dll!NamedEscape + 1 00007ffbe4454ca1 11 bytes [B8, D4, 25, F5, 00, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5436] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 00007ffbe3be47a1 11 bytes [B8, 2E, 3D, F5, 00, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5436] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 00007ffbe3be4d10 12 bytes [48, B8, 14, 39, F5, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5436] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 00007ffbe3bea830 12 bytes [48, B8, 7E, 38, F5, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5436] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 00007ffbe3beae11 11 bytes [B8, D6, 3A, F5, 00, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5436] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 00007ffbe3beed61 11 bytes [B8, 40, 3A, F5, 00, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5436] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW + 1 00007ffbe3c04021 11 bytes [B8, 98, 3C, F5, 00, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5436] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 00007ffbe3c0a1a1 11 bytes [B8, 6C, 3B, F5, 00, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5436] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA + 1 00007ffbe3c0de41 11 bytes [B8, 02, 3C, F5, 00, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5436] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 00007ffbe3c1ddf1 11 bytes [B8, AA, 39, F5, 00, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[5436] C:\Windows\system32\SHELL32.dll!Shell_NotifyIconW + 1 00007ffbe4d557c1 11 bytes [B8, CC, 44, F5, 00, 00, 00, ...] .text C:\Windows\system32\nvvsvc.exe[7336] C:\Windows\system32\KERNEL32.DLL!CreateToolhelp32Snapshot 00007ffbe4b4db10 12 bytes [48, B8, 1E, 08, 43, 00, 00, ...] .text C:\Windows\system32\nvvsvc.exe[7336] C:\Windows\system32\KERNEL32.DLL!Process32NextW 00007ffbe4b4e1f0 12 bytes [48, B8, 02, 15, 43, 00, 00, ...] .text C:\Windows\system32\nvvsvc.exe[7336] C:\Windows\system32\KERNEL32.DLL!GetStartupInfoA + 1 00007ffbe4be34b1 11 bytes [B8, 36, 1D, 43, 00, 00, 00, ...] .text C:\Windows\system32\nvvsvc.exe[7336] C:\Windows\system32\KERNEL32.DLL!MoveFileExA + 1 00007ffbe4c0aba1 8 bytes [B8, F0, 17, 43, 00, 00, 00, ...] .text C:\Windows\system32\nvvsvc.exe[7336] C:\Windows\system32\KERNEL32.DLL!MoveFileExA + 10 00007ffbe4c0abaa 2 bytes [50, C3] .text C:\Windows\system32\nvvsvc.exe[7336] C:\Windows\system32\KERNEL32.DLL!MoveFileWithProgressA + 1 00007ffbe4c0aca1 11 bytes [B8, 1C, 19, 43, 00, 00, 00, ...] .text C:\Windows\system32\nvvsvc.exe[7336] C:\Windows\system32\KERNELBASE.dll!CloseHandle 00007ffbe35f14c0 12 bytes [48, B8, CE, 0C, 43, 00, 00, ...] .text C:\Windows\system32\nvvsvc.exe[7336] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 00007ffbe35f21d1 11 bytes [B8, D6, 13, 43, 00, 00, 00, ...] .text C:\Windows\system32\nvvsvc.exe[7336] C:\Windows\system32\KERNELBASE.dll!GetProcAddress 00007ffbe35f42a0 12 bytes [48, B8, 6C, 14, 43, 00, 00, ...] .text C:\Windows\system32\nvvsvc.exe[7336] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 00007ffbe35f6750 12 bytes [48, B8, 38, 0C, 43, 00, 00, ...] .text C:\Windows\system32\nvvsvc.exe[7336] C:\Windows\system32\KERNELBASE.dll!OpenThread 00007ffbe35f6780 12 bytes [48, B8, E0, 09, 43, 00, 00, ...] .text C:\Windows\system32\nvvsvc.exe[7336] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 00007ffbe35f8931 11 bytes [B8, A2, 0B, 43, 00, 00, 00, ...] .text C:\Windows\system32\nvvsvc.exe[7336] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 1 00007ffbe35f8c41 11 bytes [B8, 40, 13, 43, 00, 00, 00, ...] .text C:\Windows\system32\nvvsvc.exe[7336] C:\Windows\system32\KERNELBASE.dll!FindClose + 1 00007ffbe35f9101 11 bytes [B8, A0, 1C, 43, 00, 00, 00, ...] .text C:\Windows\system32\nvvsvc.exe[7336] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 00007ffbe35f96b1 11 bytes [B8, AA, 12, 43, 00, 00, 00, ...] .text C:\Windows\system32\nvvsvc.exe[7336] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 00007ffbe35fc390 12 bytes [48, B8, 74, 1B, 43, 00, 00, ...] .text C:\Windows\system32\nvvsvc.exe[7336] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 00007ffbe3600a51 11 bytes [B8, 0A, 1C, 43, 00, 00, 00, ...] .text C:\Windows\system32\nvvsvc.exe[7336] C:\Windows\system32\KERNELBASE.dll!MoveFileWithProgressW + 1 00007ffbe3603901 11 bytes [B8, B2, 19, 43, 00, 00, 00, ...] .text C:\Windows\system32\nvvsvc.exe[7336] C:\Windows\system32\KERNELBASE.dll!CreateProcessInternalW 00007ffbe360b0a0 12 bytes [48, B8, 9A, 04, 43, 00, 00, ...] .text C:\Windows\system32\nvvsvc.exe[7336] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory + 1 00007ffbe3625bb1 11 bytes [B8, 0C, 0B, 43, 00, 00, 00, ...] .text C:\Windows\system32\nvvsvc.exe[7336] C:\Windows\system32\KERNELBASE.dll!MoveFileExW + 1 00007ffbe3648461 8 bytes [B8, 86, 18, 43, 00, 00, 00, ...] .text C:\Windows\system32\nvvsvc.exe[7336] C:\Windows\system32\KERNELBASE.dll!MoveFileExW + 10 00007ffbe364846a 2 bytes [50, C3] .text C:\Windows\system32\nvvsvc.exe[7336] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 00007ffbe366a101 11 bytes [B8, 5A, 17, 43, 00, 00, 00, ...] .text C:\Windows\system32\nvvsvc.exe[7336] C:\Windows\system32\KERNELBASE.dll!CreateThread 00007ffbe366a510 12 bytes [48, B8, 76, 0A, 43, 00, 00, ...] .text C:\Windows\system32\nvvsvc.exe[7336] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputA + 1 00007ffbe36bf8f1 11 bytes [B8, FA, 0D, 43, 00, 00, 00, ...] .text C:\Windows\system32\nvvsvc.exe[7336] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputW + 1 00007ffbe36bf971 11 bytes [B8, 90, 0E, 43, 00, 00, 00, ...] .text C:\Windows\system32\nvvsvc.exe[7336] C:\Windows\system32\KERNELBASE.dll!ReadConsoleA 00007ffbe36c0420 12 bytes [48, B8, 26, 0F, 43, 00, 00, ...] .text C:\Windows\system32\nvvsvc.exe[7336] C:\Windows\system32\KERNELBASE.dll!ReadConsoleW 00007ffbe36c0650 12 bytes [48, B8, BC, 0F, 43, 00, 00, ...] .text C:\Windows\system32\nvvsvc.exe[7336] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread 00007ffbe36d0d60 12 bytes [48, B8, AC, 01, 43, 00, 00, ...] .text C:\Windows\system32\nvvsvc.exe[7336] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 1 00007ffbe49b1da1 3 bytes [B8, 86, 3F] .text C:\Windows\system32\nvvsvc.exe[7336] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 5 00007ffbe49b1da5 1 byte [00] .text ... * 2 .text C:\Windows\system32\nvvsvc.exe[7336] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 1 00007ffbe49b2041 5 bytes [B8, 48, 41, 43, 00] .text C:\Windows\system32\nvvsvc.exe[7336] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 7 00007ffbe49b2047 5 bytes [00, 00, 00, 50, C3] .text C:\Windows\system32\nvvsvc.exe[7336] C:\Windows\system32\ADVAPI32.dll!CryptHashData + 1 00007ffbe49b2061 5 bytes [B8, 0A, 43, 43, 00] .text C:\Windows\system32\nvvsvc.exe[7336] C:\Windows\system32\ADVAPI32.dll!CryptHashData + 7 00007ffbe49b2067 5 bytes [00, 00, 00, 50, C3] .text C:\Windows\system32\nvvsvc.exe[7336] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 1 00007ffbe49b2071 5 bytes [B8, 74, 42, 43, 00] .text C:\Windows\system32\nvvsvc.exe[7336] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 7 00007ffbe49b2077 5 bytes [00, 00, 00, 50, C3] .text C:\Windows\system32\nvvsvc.exe[7336] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 1 00007ffbe49b2091 5 bytes [B8, A0, 43, 43, 00] .text C:\Windows\system32\nvvsvc.exe[7336] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 7 00007ffbe49b2097 5 bytes [00, 00, 00, 50, C3] .text C:\Windows\system32\nvvsvc.exe[7336] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 1 00007ffbe49b20a1 5 bytes [B8, DE, 41, 43, 00] .text C:\Windows\system32\nvvsvc.exe[7336] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 7 00007ffbe49b20a7 5 bytes [00, 00, 00, 50, C3] .text C:\Windows\system32\nvvsvc.exe[7336] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 1 00007ffbe49b2201 5 bytes [B8, F0, 3E, 43, 00] .text C:\Windows\system32\nvvsvc.exe[7336] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 7 00007ffbe49b2207 5 bytes [00, 00, 00, 50, C3] .text C:\Windows\system32\nvvsvc.exe[7336] C:\Windows\system32\ADVAPI32.dll!CryptGenKey + 1 00007ffbe49e0fd1 5 bytes [B8, 1C, 40, 43, 00] .text C:\Windows\system32\nvvsvc.exe[7336] C:\Windows\system32\ADVAPI32.dll!CryptGenKey + 7 00007ffbe49e0fd7 5 bytes [00, 00, 00, 50, C3] .text C:\Windows\system32\nvvsvc.exe[7336] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 1 00007ffbe49e0fe1 5 bytes [B8, B2, 40, 43, 00] .text C:\Windows\system32\nvvsvc.exe[7336] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 7 00007ffbe49e0fe7 5 bytes [00, 00, 00, 50, C3] .text C:\Windows\system32\nvvsvc.exe[7336] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 00007ffbe4a0dd30 12 bytes [48, B8, C4, 3D, 43, 00, 00, ...] .text C:\Windows\system32\nvvsvc.exe[7336] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 00007ffbe4a0ddc0 12 bytes [48, B8, 5A, 3E, 43, 00, 00, ...] .text C:\Windows\system32\nvvsvc.exe[7336] C:\Windows\system32\USER32.dll!ShowWindow 00007ffbe61a11b0 6 bytes [48, B8, DC, 2C, 43, 00] .text C:\Windows\system32\nvvsvc.exe[7336] C:\Windows\system32\USER32.dll!ShowWindow + 8 00007ffbe61a11b8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\nvvsvc.exe[7336] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx 00007ffbe61a1210 6 bytes [48, B8, 1A, 2B, 43, 00] .text C:\Windows\system32\nvvsvc.exe[7336] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx + 8 00007ffbe61a1218 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\nvvsvc.exe[7336] C:\Windows\system32\USER32.dll!GetMessageW 00007ffbe61a25d0 12 bytes [48, B8, C2, 28, 43, 00, 00, ...] .text C:\Windows\system32\nvvsvc.exe[7336] C:\Windows\system32\USER32.dll!PeekMessageW + 1 00007ffbe61a28d1 11 bytes [B8, EE, 29, 43, 00, 00, 00, ...] .text C:\Windows\system32\nvvsvc.exe[7336] C:\Windows\system32\USER32.dll!GetWindowLongPtrW + 1 00007ffbe61a2a81 11 bytes [B8, E4, 33, 43, 00, 00, 00, ...] .text C:\Windows\system32\nvvsvc.exe[7336] C:\Windows\system32\USER32.dll!PostMessageW + 1 00007ffbe61a2f61 11 bytes [B8, E8, 37, 43, 00, 00, 00, ...] .text C:\Windows\system32\nvvsvc.exe[7336] C:\Windows\system32\USER32.dll!CallNextHookEx 00007ffbe61a3490 12 bytes [48, B8, 84, 2A, 43, 00, 00, ...] .text C:\Windows\system32\nvvsvc.exe[7336] C:\Windows\system32\USER32.dll!GetWindowLongPtrA + 1 00007ffbe61a46c1 11 bytes [B8, 4E, 33, 43, 00, 00, 00, ...] .text C:\Windows\system32\nvvsvc.exe[7336] C:\Windows\system32\USER32.dll!SetWindowTextW + 1 00007ffbe61a6431 11 bytes [B8, 60, 30, 43, 00, 00, 00, ...] .text C:\Windows\system32\nvvsvc.exe[7336] C:\Windows\system32\USER32.dll!GetWindowLongW + 1 00007ffbe61a65b1 11 bytes [B8, 10, 35, 43, 00, 00, 00, ...] .text C:\Windows\system32\nvvsvc.exe[7336] C:\Windows\system32\USER32.dll!GetWindowLongA 00007ffbe61a7e30 12 bytes [48, B8, 7A, 34, 43, 00, 00, ...] .text C:\Windows\system32\nvvsvc.exe[7336] C:\Windows\system32\USER32.dll!GetMessageA + 1 00007ffbe61a9251 11 bytes [B8, 2C, 28, 43, 00, 00, 00, ...] .text C:\Windows\system32\nvvsvc.exe[7336] C:\Windows\system32\USER32.dll!PostMessageA + 1 00007ffbe61a9371 11 bytes [B8, 52, 37, 43, 00, 00, 00, ...] .text C:\Windows\system32\nvvsvc.exe[7336] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ffbe61a9920 7 bytes [48, B8, B0, 2B, 43, 00, 00] .text C:\Windows\system32\nvvsvc.exe[7336] C:\Windows\system32\USER32.dll!CreateWindowExW + 10 00007ffbe61a992a 2 bytes [50, C3] .text C:\Windows\system32\nvvsvc.exe[7336] C:\Windows\system32\USER32.dll!SetWindowsHookExW + 1 00007ffbe61abf11 7 bytes [B8, 00, 27, 43, 00, 00, 00] .text C:\Windows\system32\nvvsvc.exe[7336] C:\Windows\system32\USER32.dll!SetWindowsHookExW + 9 00007ffbe61abf19 3 bytes [00, 50, C3] .text C:\Windows\system32\nvvsvc.exe[7336] C:\Windows\system32\USER32.dll!CreateWindowExA 00007ffbe61acf60 7 bytes [48, B8, 46, 2C, 43, 00, 00] .text C:\Windows\system32\nvvsvc.exe[7336] C:\Windows\system32\USER32.dll!CreateWindowExA + 10 00007ffbe61acf6a 2 bytes [50, C3] .text C:\Windows\system32\nvvsvc.exe[7336] C:\Windows\system32\USER32.dll!SendNotifyMessageW + 1 00007ffbe61adad1 11 bytes [B8, BC, 36, 43, 00, 00, 00, ...] .text C:\Windows\system32\nvvsvc.exe[7336] C:\Windows\system32\USER32.dll!PeekMessageA + 1 00007ffbe61ae611 11 bytes [B8, 58, 29, 43, 00, 00, 00, ...] .text C:\Windows\system32\nvvsvc.exe[7336] C:\Windows\system32\USER32.dll!UserClientDllInitialize + 1 00007ffbe61ae991 11 bytes [B8, 12, 23, 43, 00, 00, 00, ...] .text C:\Windows\system32\nvvsvc.exe[7336] C:\Windows\system32\USER32.dll!SetWinEventHook 00007ffbe61b4090 12 bytes [48, B8, 96, 27, 43, 00, 00, ...] .text C:\Windows\system32\nvvsvc.exe[7336] C:\Windows\system32\USER32.dll!CreateDialogIndirectParamAorW + 1 00007ffbe61b9951 11 bytes [B8, 72, 2D, 43, 00, 00, 00, ...] .text C:\Windows\system32\nvvsvc.exe[7336] C:\Windows\system32\USER32.dll!FindWindowExW + 1 00007ffbe61c41d1 11 bytes [B8, B8, 32, 43, 00, 00, 00, ...] .text C:\Windows\system32\nvvsvc.exe[7336] C:\Windows\system32\USER32.dll!FindWindowExA + 1 00007ffbe61c4701 5 bytes [B8, 8C, 31, 43, 00] .text C:\Windows\system32\nvvsvc.exe[7336] C:\Windows\system32\USER32.dll!FindWindowExA + 9 00007ffbe61c4709 3 bytes [00, 50, C3] .text C:\Windows\system32\nvvsvc.exe[7336] C:\Windows\system32\USER32.dll!FindWindowW + 1 00007ffbe61c64e1 7 bytes [B8, 22, 32, 43, 00, 00, 00] .text C:\Windows\system32\nvvsvc.exe[7336] C:\Windows\system32\USER32.dll!FindWindowW + 9 00007ffbe61c64e9 3 bytes [00, 50, C3] .text C:\Windows\system32\nvvsvc.exe[7336] C:\Windows\system32\USER32.dll!DialogBoxIndirectParamAorW + 1 00007ffbe61d8b51 11 bytes [B8, 08, 2E, 43, 00, 00, 00, ...] .text C:\Windows\system32\nvvsvc.exe[7336] C:\Windows\system32\USER32.dll!SendNotifyMessageA + 1 00007ffbe61dd9a1 11 bytes [B8, 26, 36, 43, 00, 00, 00, ...] .text C:\Windows\system32\nvvsvc.exe[7336] C:\Windows\system32\USER32.dll!SetWindowsHookExA + 1 00007ffbe6200da1 8 bytes [B8, 6A, 26, 43, 00, 00, 00, ...] .text C:\Windows\system32\nvvsvc.exe[7336] C:\Windows\system32\USER32.dll!SetWindowsHookExA + 10 00007ffbe6200daa 2 bytes [50, C3] .text C:\Windows\system32\nvvsvc.exe[7336] C:\Windows\system32\USER32.dll!MessageBoxExA + 1 00007ffbe6227c31 11 bytes [B8, 9E, 2E, 43, 00, 00, 00, ...] .text C:\Windows\system32\nvvsvc.exe[7336] C:\Windows\system32\USER32.dll!MessageBoxExW + 1 00007ffbe6227c61 11 bytes [B8, 34, 2F, 43, 00, 00, 00, ...] .text C:\Windows\system32\nvvsvc.exe[7336] C:\Windows\system32\USER32.dll!FindWindowA + 1 00007ffbe6228e31 11 bytes [B8, F6, 30, 43, 00, 00, 00, ...] .text C:\Windows\system32\nvvsvc.exe[7336] C:\Windows\system32\USER32.dll!SetWindowTextA + 1 00007ffbe6230f71 11 bytes [B8, CA, 2F, 43, 00, 00, 00, ...] .text C:\Windows\system32\nvvsvc.exe[7336] C:\Windows\system32\GDI32.dll!GdiDllInitialize + 465 00007ffbe43940d1 11 bytes [B8, A8, 23, 43, 00, 00, 00, ...] .text C:\Windows\system32\nvvsvc.exe[7336] C:\Windows\system32\GDI32.dll!NamedEscape + 1 00007ffbe4454ca1 11 bytes [B8, D4, 25, 43, 00, 00, 00, ...] .text C:\Windows\system32\nvvsvc.exe[7336] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 00007ffbe3be47a1 11 bytes [B8, 2E, 3D, 43, 00, 00, 00, ...] .text C:\Windows\system32\nvvsvc.exe[7336] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 00007ffbe3be4d10 12 bytes [48, B8, 14, 39, 43, 00, 00, ...] .text C:\Windows\system32\nvvsvc.exe[7336] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 00007ffbe3bea830 12 bytes [48, B8, 7E, 38, 43, 00, 00, ...] .text C:\Windows\system32\nvvsvc.exe[7336] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 00007ffbe3beae11 11 bytes [B8, D6, 3A, 43, 00, 00, 00, ...] .text C:\Windows\system32\nvvsvc.exe[7336] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 00007ffbe3beed61 11 bytes [B8, 40, 3A, 43, 00, 00, 00, ...] .text C:\Windows\system32\nvvsvc.exe[7336] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW + 1 00007ffbe3c04021 11 bytes [B8, 98, 3C, 43, 00, 00, 00, ...] .text C:\Windows\system32\nvvsvc.exe[7336] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 00007ffbe3c0a1a1 11 bytes [B8, 6C, 3B, 43, 00, 00, 00, ...] .text C:\Windows\system32\nvvsvc.exe[7336] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA + 1 00007ffbe3c0de41 11 bytes [B8, 02, 3C, 43, 00, 00, 00, ...] .text C:\Windows\system32\nvvsvc.exe[7336] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 00007ffbe3c1ddf1 11 bytes [B8, AA, 39, 43, 00, 00, 00, ...] .text C:\Windows\system32\nvvsvc.exe[7336] C:\Windows\system32\SHELL32.dll!Shell_NotifyIconW + 1 00007ffbe4d557c1 11 bytes [B8, CC, 44, 43, 00, 00, 00, ...] .text C:\Windows\system32\nvvsvc.exe[7336] C:\Windows\System32\urlmon.dll!URLDownloadToCacheFileW 00007ffbe1258c80 12 bytes [48, B8, 8E, 46, 43, 00, 00, ...] .text C:\Windows\system32\nvvsvc.exe[7336] C:\Windows\System32\urlmon.dll!URLDownloadToFileW + 1 00007ffbe1274001 11 bytes [B8, F8, 45, 43, 00, 00, 00, ...] .text C:\Windows\system32\taskhostex.exe[7088] C:\Windows\system32\KERNEL32.DLL!CreateToolhelp32Snapshot 00007ffbe4b4db10 12 bytes [48, B8, 1E, 08, 21, FB, C4, ...] .text C:\Windows\system32\taskhostex.exe[7088] C:\Windows\system32\KERNEL32.DLL!Process32NextW 00007ffbe4b4e1f0 12 bytes [48, B8, 02, 15, 21, FB, C4, ...] .text C:\Windows\system32\taskhostex.exe[7088] C:\Windows\system32\KERNEL32.DLL!GetStartupInfoA + 1 00007ffbe4be34b1 11 bytes [B8, 36, 1D, 21, FB, C4, 00, ...] .text C:\Windows\system32\taskhostex.exe[7088] C:\Windows\system32\KERNEL32.DLL!MoveFileExA + 1 00007ffbe4c0aba1 8 bytes [B8, F0, 17, 21, FB, C4, 00, ...] .text C:\Windows\system32\taskhostex.exe[7088] C:\Windows\system32\KERNEL32.DLL!MoveFileExA + 10 00007ffbe4c0abaa 2 bytes [50, C3] .text C:\Windows\system32\taskhostex.exe[7088] C:\Windows\system32\KERNEL32.DLL!MoveFileWithProgressA + 1 00007ffbe4c0aca1 11 bytes [B8, 1C, 19, 21, FB, C4, 00, ...] .text C:\Windows\system32\taskhostex.exe[7088] C:\Windows\system32\KERNELBASE.dll!CloseHandle 00007ffbe35f14c0 12 bytes [48, B8, CE, 0C, 21, FB, C4, ...] .text C:\Windows\system32\taskhostex.exe[7088] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 00007ffbe35f21d1 11 bytes [B8, D6, 13, 21, FB, C4, 00, ...] .text C:\Windows\system32\taskhostex.exe[7088] C:\Windows\system32\KERNELBASE.dll!GetProcAddress 00007ffbe35f42a0 12 bytes [48, B8, 6C, 14, 21, FB, C4, ...] .text C:\Windows\system32\taskhostex.exe[7088] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 00007ffbe35f6750 12 bytes [48, B8, 38, 0C, 21, FB, C4, ...] .text C:\Windows\system32\taskhostex.exe[7088] C:\Windows\system32\KERNELBASE.dll!OpenThread 00007ffbe35f6780 12 bytes [48, B8, E0, 09, 21, FB, C4, ...] .text C:\Windows\system32\taskhostex.exe[7088] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 00007ffbe35f8931 11 bytes [B8, A2, 0B, 21, FB, C4, 00, ...] .text C:\Windows\system32\taskhostex.exe[7088] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 1 00007ffbe35f8c41 11 bytes [B8, 40, 13, 21, FB, C4, 00, ...] .text C:\Windows\system32\taskhostex.exe[7088] C:\Windows\system32\KERNELBASE.dll!FindClose + 1 00007ffbe35f9101 11 bytes [B8, A0, 1C, 21, FB, C4, 00, ...] .text C:\Windows\system32\taskhostex.exe[7088] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 00007ffbe35f96b1 11 bytes [B8, AA, 12, 21, FB, C4, 00, ...] .text C:\Windows\system32\taskhostex.exe[7088] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 00007ffbe35fc390 12 bytes [48, B8, 74, 1B, 21, FB, C4, ...] .text C:\Windows\system32\taskhostex.exe[7088] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 00007ffbe3600a51 11 bytes [B8, 0A, 1C, 21, FB, C4, 00, ...] .text C:\Windows\system32\taskhostex.exe[7088] C:\Windows\system32\KERNELBASE.dll!MoveFileWithProgressW + 1 00007ffbe3603901 11 bytes [B8, B2, 19, 21, FB, C4, 00, ...] .text C:\Windows\system32\taskhostex.exe[7088] C:\Windows\system32\KERNELBASE.dll!CreateProcessInternalW 00007ffbe360b0a0 12 bytes [48, B8, 9A, 04, 21, FB, C4, ...] .text C:\Windows\system32\taskhostex.exe[7088] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory + 1 00007ffbe3625bb1 11 bytes [B8, 0C, 0B, 21, FB, C4, 00, ...] .text C:\Windows\system32\taskhostex.exe[7088] C:\Windows\system32\KERNELBASE.dll!MoveFileExW + 1 00007ffbe3648461 8 bytes [B8, 86, 18, 21, FB, C4, 00, ...] .text C:\Windows\system32\taskhostex.exe[7088] C:\Windows\system32\KERNELBASE.dll!MoveFileExW + 10 00007ffbe364846a 2 bytes [50, C3] .text C:\Windows\system32\taskhostex.exe[7088] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 00007ffbe366a101 11 bytes [B8, 5A, 17, 21, FB, C4, 00, ...] .text C:\Windows\system32\taskhostex.exe[7088] C:\Windows\system32\KERNELBASE.dll!CreateThread 00007ffbe366a510 12 bytes [48, B8, 76, 0A, 21, FB, C4, ...] .text C:\Windows\system32\taskhostex.exe[7088] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputA + 1 00007ffbe36bf8f1 11 bytes [B8, FA, 0D, 21, FB, C4, 00, ...] .text C:\Windows\system32\taskhostex.exe[7088] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputW + 1 00007ffbe36bf971 11 bytes [B8, 90, 0E, 21, FB, C4, 00, ...] .text C:\Windows\system32\taskhostex.exe[7088] C:\Windows\system32\KERNELBASE.dll!ReadConsoleA 00007ffbe36c0420 12 bytes [48, B8, 26, 0F, 21, FB, C4, ...] .text C:\Windows\system32\taskhostex.exe[7088] C:\Windows\system32\KERNELBASE.dll!ReadConsoleW 00007ffbe36c0650 12 bytes [48, B8, BC, 0F, 21, FB, C4, ...] .text C:\Windows\system32\taskhostex.exe[7088] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread 00007ffbe36d0d60 12 bytes [48, B8, AC, 01, 21, FB, C4, ...] .text C:\Windows\system32\taskhostex.exe[7088] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 00007ffbe3be47a1 11 bytes [B8, C2, 27, 21, FB, C4, 00, ...] .text C:\Windows\system32\taskhostex.exe[7088] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 00007ffbe3be4d10 12 bytes [48, B8, A8, 23, 21, FB, C4, ...] .text C:\Windows\system32\taskhostex.exe[7088] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 00007ffbe3bea830 12 bytes [48, B8, 12, 23, 21, FB, C4, ...] .text C:\Windows\system32\taskhostex.exe[7088] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 00007ffbe3beae11 11 bytes [B8, 6A, 25, 21, FB, C4, 00, ...] .text C:\Windows\system32\taskhostex.exe[7088] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 00007ffbe3beed61 11 bytes [B8, D4, 24, 21, FB, C4, 00, ...] .text C:\Windows\system32\taskhostex.exe[7088] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW + 1 00007ffbe3c04021 11 bytes [B8, 2C, 27, 21, FB, C4, 00, ...] .text C:\Windows\system32\taskhostex.exe[7088] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 00007ffbe3c0a1a1 11 bytes [B8, 00, 26, 21, FB, C4, 00, ...] .text C:\Windows\system32\taskhostex.exe[7088] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA + 1 00007ffbe3c0de41 11 bytes [B8, 96, 26, 21, FB, C4, 00, ...] .text C:\Windows\system32\taskhostex.exe[7088] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 00007ffbe3c1ddf1 11 bytes [B8, 3E, 24, 21, FB, C4, 00, ...] .text C:\Windows\system32\taskhostex.exe[7088] C:\Windows\SYSTEM32\user32.dll!ShowWindow 00007ffbe61a11b0 7 bytes [48, B8, 8C, 31, 21, FB, C4] .text C:\Windows\system32\taskhostex.exe[7088] C:\Windows\SYSTEM32\user32.dll!ShowWindow + 8 00007ffbe61a11b8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhostex.exe[7088] C:\Windows\SYSTEM32\user32.dll!UnhookWindowsHookEx 00007ffbe61a1210 7 bytes [48, B8, CA, 2F, 21, FB, C4] .text C:\Windows\system32\taskhostex.exe[7088] C:\Windows\SYSTEM32\user32.dll!UnhookWindowsHookEx + 8 00007ffbe61a1218 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhostex.exe[7088] C:\Windows\SYSTEM32\user32.dll!GetMessageW 00007ffbe61a25d0 12 bytes [48, B8, 72, 2D, 21, FB, C4, ...] .text C:\Windows\system32\taskhostex.exe[7088] C:\Windows\SYSTEM32\user32.dll!PeekMessageW + 1 00007ffbe61a28d1 11 bytes [B8, 9E, 2E, 21, FB, C4, 00, ...] .text C:\Windows\system32\taskhostex.exe[7088] C:\Windows\SYSTEM32\user32.dll!GetWindowLongPtrW + 1 00007ffbe61a2a81 11 bytes [B8, 94, 38, 21, FB, C4, 00, ...] .text C:\Windows\system32\taskhostex.exe[7088] C:\Windows\SYSTEM32\user32.dll!PostMessageW + 1 00007ffbe61a2f61 11 bytes [B8, 98, 3C, 21, FB, C4, 00, ...] .text C:\Windows\system32\taskhostex.exe[7088] C:\Windows\SYSTEM32\user32.dll!CallNextHookEx 00007ffbe61a3490 12 bytes [48, B8, 34, 2F, 21, FB, C4, ...] .text C:\Windows\system32\taskhostex.exe[7088] C:\Windows\SYSTEM32\user32.dll!GetWindowLongPtrA + 1 00007ffbe61a46c1 11 bytes [B8, FE, 37, 21, FB, C4, 00, ...] .text C:\Windows\system32\taskhostex.exe[7088] C:\Windows\SYSTEM32\user32.dll!SetWindowTextW + 1 00007ffbe61a6431 11 bytes [B8, 10, 35, 21, FB, C4, 00, ...] .text C:\Windows\system32\taskhostex.exe[7088] C:\Windows\SYSTEM32\user32.dll!GetWindowLongW + 1 00007ffbe61a65b1 11 bytes [B8, C0, 39, 21, FB, C4, 00, ...] .text C:\Windows\system32\taskhostex.exe[7088] C:\Windows\SYSTEM32\user32.dll!GetWindowLongA 00007ffbe61a7e30 12 bytes [48, B8, 2A, 39, 21, FB, C4, ...] .text C:\Windows\system32\taskhostex.exe[7088] C:\Windows\SYSTEM32\user32.dll!GetMessageA + 1 00007ffbe61a9251 11 bytes [B8, DC, 2C, 21, FB, C4, 00, ...] .text C:\Windows\system32\taskhostex.exe[7088] C:\Windows\SYSTEM32\user32.dll!PostMessageA + 1 00007ffbe61a9371 11 bytes [B8, 02, 3C, 21, FB, C4, 00, ...] .text C:\Windows\system32\taskhostex.exe[7088] C:\Windows\SYSTEM32\user32.dll!CreateWindowExW 00007ffbe61a9920 7 bytes [48, B8, 60, 30, 21, FB, C4] .text C:\Windows\system32\taskhostex.exe[7088] C:\Windows\SYSTEM32\user32.dll!CreateWindowExW + 10 00007ffbe61a992a 2 bytes [50, C3] .text C:\Windows\system32\taskhostex.exe[7088] C:\Windows\SYSTEM32\user32.dll!SetWindowsHookExW + 1 00007ffbe61abf11 7 bytes [B8, B0, 2B, 21, FB, C4, 00] .text C:\Windows\system32\taskhostex.exe[7088] C:\Windows\SYSTEM32\user32.dll!SetWindowsHookExW + 9 00007ffbe61abf19 3 bytes [00, 50, C3] .text C:\Windows\system32\taskhostex.exe[7088] C:\Windows\SYSTEM32\user32.dll!CreateWindowExA 00007ffbe61acf60 7 bytes [48, B8, F6, 30, 21, FB, C4] .text C:\Windows\system32\taskhostex.exe[7088] C:\Windows\SYSTEM32\user32.dll!CreateWindowExA + 10 00007ffbe61acf6a 2 bytes [50, C3] .text C:\Windows\system32\taskhostex.exe[7088] C:\Windows\SYSTEM32\user32.dll!SendNotifyMessageW + 1 00007ffbe61adad1 11 bytes [B8, 6C, 3B, 21, FB, C4, 00, ...] .text C:\Windows\system32\taskhostex.exe[7088] C:\Windows\SYSTEM32\user32.dll!PeekMessageA + 1 00007ffbe61ae611 11 bytes [B8, 08, 2E, 21, FB, C4, 00, ...] .text C:\Windows\system32\taskhostex.exe[7088] C:\Windows\SYSTEM32\user32.dll!UserClientDllInitialize + 1 00007ffbe61ae991 11 bytes [B8, 58, 28, 21, FB, C4, 00, ...] .text C:\Windows\system32\taskhostex.exe[7088] C:\Windows\SYSTEM32\user32.dll!SetWinEventHook 00007ffbe61b4090 12 bytes [48, B8, 46, 2C, 21, FB, C4, ...] .text C:\Windows\system32\taskhostex.exe[7088] C:\Windows\SYSTEM32\user32.dll!CreateDialogIndirectParamAorW + 1 00007ffbe61b9951 11 bytes [B8, 22, 32, 21, FB, C4, 00, ...] .text C:\Windows\system32\taskhostex.exe[7088] C:\Windows\SYSTEM32\user32.dll!FindWindowExW + 1 00007ffbe61c41d1 11 bytes [B8, 68, 37, 21, FB, C4, 00, ...] .text C:\Windows\system32\taskhostex.exe[7088] C:\Windows\SYSTEM32\user32.dll!FindWindowExA + 1 00007ffbe61c4701 6 bytes [B8, 3C, 36, 21, FB, C4] .text C:\Windows\system32\taskhostex.exe[7088] C:\Windows\SYSTEM32\user32.dll!FindWindowExA + 9 00007ffbe61c4709 3 bytes [00, 50, C3] .text C:\Windows\system32\taskhostex.exe[7088] C:\Windows\SYSTEM32\user32.dll!FindWindowW + 1 00007ffbe61c64e1 7 bytes [B8, D2, 36, 21, FB, C4, 00] .text C:\Windows\system32\taskhostex.exe[7088] C:\Windows\SYSTEM32\user32.dll!FindWindowW + 9 00007ffbe61c64e9 3 bytes [00, 50, C3] .text C:\Windows\system32\taskhostex.exe[7088] C:\Windows\SYSTEM32\user32.dll!DialogBoxIndirectParamAorW + 1 00007ffbe61d8b51 11 bytes [B8, B8, 32, 21, FB, C4, 00, ...] .text C:\Windows\system32\taskhostex.exe[7088] C:\Windows\SYSTEM32\user32.dll!SendNotifyMessageA + 1 00007ffbe61dd9a1 11 bytes [B8, D6, 3A, 21, FB, C4, 00, ...] .text C:\Windows\system32\taskhostex.exe[7088] C:\Windows\SYSTEM32\user32.dll!SetWindowsHookExA + 1 00007ffbe6200da1 8 bytes [B8, 1A, 2B, 21, FB, C4, 00, ...] .text C:\Windows\system32\taskhostex.exe[7088] C:\Windows\SYSTEM32\user32.dll!SetWindowsHookExA + 10 00007ffbe6200daa 2 bytes [50, C3] .text C:\Windows\system32\taskhostex.exe[7088] C:\Windows\SYSTEM32\user32.dll!MessageBoxExA + 1 00007ffbe6227c31 11 bytes [B8, 4E, 33, 21, FB, C4, 00, ...] .text C:\Windows\system32\taskhostex.exe[7088] C:\Windows\SYSTEM32\user32.dll!MessageBoxExW + 1 00007ffbe6227c61 11 bytes [B8, E4, 33, 21, FB, C4, 00, ...] .text C:\Windows\system32\taskhostex.exe[7088] C:\Windows\SYSTEM32\user32.dll!FindWindowA + 1 00007ffbe6228e31 11 bytes [B8, A6, 35, 21, FB, C4, 00, ...] .text C:\Windows\system32\taskhostex.exe[7088] C:\Windows\SYSTEM32\user32.dll!SetWindowTextA + 1 00007ffbe6230f71 11 bytes [B8, 7A, 34, 21, FB, C4, 00, ...] .text C:\Windows\system32\taskhostex.exe[7088] C:\Windows\system32\SHELL32.dll!Shell_NotifyIconW + 1 00007ffbe4d557c1 11 bytes [B8, C4, 3D, 21, FB, C4, 00, ...] .text C:\Windows\system32\taskhostex.exe[7088] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 1 00007ffbe49b1da1 11 bytes [B8, B2, 40, 21, FB, C4, 00, ...] .text C:\Windows\system32\taskhostex.exe[7088] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 1 00007ffbe49b2041 11 bytes [B8, 74, 42, 21, FB, C4, 00, ...] .text C:\Windows\system32\taskhostex.exe[7088] C:\Windows\system32\ADVAPI32.dll!CryptHashData + 1 00007ffbe49b2061 11 bytes [B8, 36, 44, 21, FB, C4, 00, ...] .text C:\Windows\system32\taskhostex.exe[7088] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 1 00007ffbe49b2071 11 bytes [B8, A0, 43, 21, FB, C4, 00, ...] .text C:\Windows\system32\taskhostex.exe[7088] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 1 00007ffbe49b2091 11 bytes [B8, CC, 44, 21, FB, C4, 00, ...] .text C:\Windows\system32\taskhostex.exe[7088] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 1 00007ffbe49b20a1 11 bytes [B8, 0A, 43, 21, FB, C4, 00, ...] .text C:\Windows\system32\taskhostex.exe[7088] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 1 00007ffbe49b2201 11 bytes [B8, 1C, 40, 21, FB, C4, 00, ...] .text C:\Windows\system32\taskhostex.exe[7088] C:\Windows\system32\ADVAPI32.dll!CryptGenKey + 1 00007ffbe49e0fd1 11 bytes [B8, 48, 41, 21, FB, C4, 00, ...] .text C:\Windows\system32\taskhostex.exe[7088] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 1 00007ffbe49e0fe1 11 bytes [B8, DE, 41, 21, FB, C4, 00, ...] .text C:\Windows\system32\taskhostex.exe[7088] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 00007ffbe4a0dd30 12 bytes [48, B8, F0, 3E, 21, FB, C4, ...] .text C:\Windows\system32\taskhostex.exe[7088] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 00007ffbe4a0ddc0 12 bytes [48, B8, 86, 3F, 21, FB, C4, ...] .text C:\Windows\Explorer.EXE[548] C:\Windows\system32\KERNEL32.DLL!CreateToolhelp32Snapshot 00007ffbe4b4db10 12 bytes [48, B8, 1E, 08, BC, 00, 00, ...] .text C:\Windows\Explorer.EXE[548] C:\Windows\system32\KERNEL32.DLL!GetStartupInfoA + 1 00007ffbe4be34b1 11 bytes [B8, D6, 13, BC, 00, 00, 00, ...] .text C:\Windows\Explorer.EXE[548] C:\Windows\system32\KERNEL32.DLL!MoveFileExA + 1 00007ffbe4c0aba1 8 bytes [B8, 26, 0F, BC, 00, 00, 00, ...] .text C:\Windows\Explorer.EXE[548] C:\Windows\system32\KERNEL32.DLL!MoveFileExA + 10 00007ffbe4c0abaa 2 bytes [50, C3] .text C:\Windows\Explorer.EXE[548] C:\Windows\system32\KERNEL32.DLL!MoveFileWithProgressA + 1 00007ffbe4c0aca1 11 bytes [B8, 52, 10, BC, 00, 00, 00, ...] .text C:\Windows\Explorer.EXE[548] C:\Windows\system32\KERNELBASE.dll!OpenThread 00007ffbe35f6780 12 bytes [48, B8, E0, 09, BC, 00, 00, ...] .text C:\Windows\Explorer.EXE[548] C:\Windows\system32\KERNELBASE.dll!FindClose + 1 00007ffbe35f9101 11 bytes [B8, 40, 13, BC, 00, 00, 00, ...] .text C:\Windows\Explorer.EXE[548] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 00007ffbe35fc390 12 bytes [48, B8, 14, 12, BC, 00, 00, ...] .text C:\Windows\Explorer.EXE[548] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 00007ffbe3600a51 11 bytes [B8, AA, 12, BC, 00, 00, 00, ...] .text C:\Windows\Explorer.EXE[548] C:\Windows\system32\KERNELBASE.dll!MoveFileWithProgressW + 1 00007ffbe3603901 11 bytes [B8, E8, 10, BC, 00, 00, 00, ...] .text C:\Windows\Explorer.EXE[548] C:\Windows\system32\KERNELBASE.dll!CreateProcessInternalW 00007ffbe360b0a0 12 bytes [48, B8, 9A, 04, BC, 00, 00, ...] .text C:\Windows\Explorer.EXE[548] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory + 1 00007ffbe3625bb1 11 bytes [B8, 0C, 0B, BC, 00, 00, 00, ...] .text C:\Windows\Explorer.EXE[548] C:\Windows\system32\KERNELBASE.dll!MoveFileExW + 1 00007ffbe3648461 8 bytes [B8, BC, 0F, BC, 00, 00, 00, ...] .text C:\Windows\Explorer.EXE[548] C:\Windows\system32\KERNELBASE.dll!MoveFileExW + 10 00007ffbe364846a 2 bytes [50, C3] .text C:\Windows\Explorer.EXE[548] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 00007ffbe366a101 11 bytes [B8, 90, 0E, BC, 00, 00, 00, ...] .text C:\Windows\Explorer.EXE[548] C:\Windows\system32\KERNELBASE.dll!CreateThread 00007ffbe366a510 12 bytes [48, B8, 76, 0A, BC, 00, 00, ...] .text C:\Windows\Explorer.EXE[548] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread 00007ffbe36d0d60 12 bytes [48, B8, AC, 01, BC, 00, 00, ...] .text C:\Windows\Explorer.EXE[548] C:\Windows\SYSTEM32\advapi32.dll!CryptAcquireContextW + 1 00007ffbe49b1da1 5 bytes [B8, 50, 21, BC, 00] .text C:\Windows\Explorer.EXE[548] C:\Windows\SYSTEM32\advapi32.dll!CryptAcquireContextW + 7 00007ffbe49b1da7 5 bytes [00, 00, 00, 50, C3] .text C:\Windows\Explorer.EXE[548] C:\Windows\SYSTEM32\advapi32.dll!CryptCreateHash + 1 00007ffbe49b2041 5 bytes [B8, 12, 23, BC, 00] .text C:\Windows\Explorer.EXE[548] C:\Windows\SYSTEM32\advapi32.dll!CryptCreateHash + 7 00007ffbe49b2047 5 bytes [00, 00, 00, 50, C3] .text C:\Windows\Explorer.EXE[548] C:\Windows\SYSTEM32\advapi32.dll!CryptHashData + 1 00007ffbe49b2061 5 bytes [B8, D4, 24, BC, 00] .text C:\Windows\Explorer.EXE[548] C:\Windows\SYSTEM32\advapi32.dll!CryptHashData + 7 00007ffbe49b2067 5 bytes [00, 00, 00, 50, C3] .text C:\Windows\Explorer.EXE[548] C:\Windows\SYSTEM32\advapi32.dll!CryptGetHashParam + 1 00007ffbe49b2071 5 bytes [B8, 3E, 24, BC, 00] .text C:\Windows\Explorer.EXE[548] C:\Windows\SYSTEM32\advapi32.dll!CryptGetHashParam + 7 00007ffbe49b2077 5 bytes [00, 00, 00, 50, C3] .text C:\Windows\Explorer.EXE[548] C:\Windows\SYSTEM32\advapi32.dll!CryptImportKey + 1 00007ffbe49b2091 5 bytes [B8, 6A, 25, BC, 00] .text C:\Windows\Explorer.EXE[548] C:\Windows\SYSTEM32\advapi32.dll!CryptImportKey + 7 00007ffbe49b2097 5 bytes [00, 00, 00, 50, C3] .text C:\Windows\Explorer.EXE[548] C:\Windows\SYSTEM32\advapi32.dll!CryptExportKey + 1 00007ffbe49b20a1 5 bytes [B8, A8, 23, BC, 00] .text C:\Windows\Explorer.EXE[548] C:\Windows\SYSTEM32\advapi32.dll!CryptExportKey + 7 00007ffbe49b20a7 5 bytes [00, 00, 00, 50, C3] .text C:\Windows\Explorer.EXE[548] C:\Windows\SYSTEM32\advapi32.dll!CryptAcquireContextA + 1 00007ffbe49b2201 5 bytes [B8, BA, 20, BC, 00] .text C:\Windows\Explorer.EXE[548] C:\Windows\SYSTEM32\advapi32.dll!CryptAcquireContextA + 7 00007ffbe49b2207 5 bytes [00, 00, 00, 50, C3] .text C:\Windows\Explorer.EXE[548] C:\Windows\SYSTEM32\advapi32.dll!CryptGenKey + 1 00007ffbe49e0fd1 5 bytes [B8, E6, 21, BC, 00] .text C:\Windows\Explorer.EXE[548] C:\Windows\SYSTEM32\advapi32.dll!CryptGenKey + 7 00007ffbe49e0fd7 5 bytes [00, 00, 00, 50, C3] .text C:\Windows\Explorer.EXE[548] C:\Windows\SYSTEM32\advapi32.dll!CryptEncrypt + 1 00007ffbe49e0fe1 5 bytes [B8, 7C, 22, BC, 00] .text C:\Windows\Explorer.EXE[548] C:\Windows\SYSTEM32\advapi32.dll!CryptEncrypt + 7 00007ffbe49e0fe7 5 bytes [00, 00, 00, 50, C3] .text C:\Windows\Explorer.EXE[548] C:\Windows\SYSTEM32\advapi32.dll!CreateServiceA 00007ffbe4a0dd30 12 bytes [48, B8, 8E, 1F, BC, 00, 00, ...] .text C:\Windows\Explorer.EXE[548] C:\Windows\SYSTEM32\advapi32.dll!CreateServiceW 00007ffbe4a0ddc0 12 bytes [48, B8, 24, 20, BC, 00, 00, ...] .text C:\Windows\Explorer.EXE[548] C:\Windows\system32\USER32.dll!GetMessageW 00007ffbe61a25d0 12 bytes [48, B8, 4A, 30, BC, 00, 00, ...] .text C:\Windows\Explorer.EXE[548] C:\Windows\system32\USER32.dll!GetWindowLongPtrW + 1 00007ffbe61a2a81 11 bytes [B8, 46, 2C, BC, 00, 00, 00, ...] .text C:\Windows\Explorer.EXE[548] C:\Windows\system32\USER32.dll!PostMessageW + 1 00007ffbe61a2f61 11 bytes [B8, 76, 31, BC, 00, 00, 00, ...] .text C:\Windows\Explorer.EXE[548] C:\Windows\system32\USER32.dll!GetWindowLongPtrA + 1 00007ffbe61a46c1 11 bytes [B8, B0, 2B, BC, 00, 00, 00, ...] .text C:\Windows\Explorer.EXE[548] C:\Windows\system32\USER32.dll!GetWindowLongW + 1 00007ffbe61a65b1 11 bytes [B8, 72, 2D, BC, 00, 00, 00, ...] .text C:\Windows\Explorer.EXE[548] C:\Windows\system32\USER32.dll!GetWindowLongA 00007ffbe61a7e30 12 bytes [48, B8, DC, 2C, BC, 00, 00, ...] .text C:\Windows\Explorer.EXE[548] C:\Windows\system32\USER32.dll!GetMessageA + 1 00007ffbe61a9251 11 bytes [B8, B4, 2F, BC, 00, 00, 00, ...] .text C:\Windows\Explorer.EXE[548] C:\Windows\system32\USER32.dll!PostMessageA + 1 00007ffbe61a9371 11 bytes [B8, E0, 30, BC, 00, 00, 00, ...] .text C:\Windows\Explorer.EXE[548] C:\Windows\system32\USER32.dll!SetWindowsHookExW + 1 00007ffbe61abf11 7 bytes [B8, 2C, 28, BC, 00, 00, 00] .text C:\Windows\Explorer.EXE[548] C:\Windows\system32\USER32.dll!SetWindowsHookExW + 9 00007ffbe61abf19 3 bytes [00, 50, C3] .text C:\Windows\Explorer.EXE[548] C:\Windows\system32\USER32.dll!SendNotifyMessageW + 1 00007ffbe61adad1 11 bytes [B8, 1E, 2F, BC, 00, 00, 00, ...] .text C:\Windows\Explorer.EXE[548] C:\Windows\system32\USER32.dll!UserClientDllInitialize + 1 00007ffbe61ae991 11 bytes [B8, 86, 18, BC, 00, 00, 00, ...] .text C:\Windows\Explorer.EXE[548] C:\Windows\system32\USER32.dll!SetWinEventHook 00007ffbe61b4090 12 bytes [48, B8, C2, 28, BC, 00, 00, ...] .text C:\Windows\Explorer.EXE[548] C:\Windows\system32\USER32.dll!FindWindowExW + 1 00007ffbe61c41d1 11 bytes [B8, 1A, 2B, BC, 00, 00, 00, ...] .text C:\Windows\Explorer.EXE[548] C:\Windows\system32\USER32.dll!FindWindowExA + 1 00007ffbe61c4701 5 bytes [B8, EE, 29, BC, 00] .text C:\Windows\Explorer.EXE[548] C:\Windows\system32\USER32.dll!FindWindowExA + 9 00007ffbe61c4709 3 bytes [00, 50, C3] .text C:\Windows\Explorer.EXE[548] C:\Windows\system32\USER32.dll!FindWindowW + 1 00007ffbe61c64e1 7 bytes [B8, 84, 2A, BC, 00, 00, 00] .text C:\Windows\Explorer.EXE[548] C:\Windows\system32\USER32.dll!FindWindowW + 9 00007ffbe61c64e9 3 bytes [00, 50, C3] .text C:\Windows\Explorer.EXE[548] C:\Windows\system32\USER32.dll!SendNotifyMessageA + 1 00007ffbe61dd9a1 11 bytes [B8, 88, 2E, BC, 00, 00, 00, ...] .text C:\Windows\Explorer.EXE[548] C:\Windows\system32\USER32.dll!SetWindowsHookExA + 1 00007ffbe6200da1 8 bytes [B8, 96, 27, BC, 00, 00, 00, ...] .text C:\Windows\Explorer.EXE[548] C:\Windows\system32\USER32.dll!SetWindowsHookExA + 10 00007ffbe6200daa 2 bytes [50, C3] .text C:\Windows\Explorer.EXE[548] C:\Windows\system32\USER32.dll!FindWindowA + 1 00007ffbe6228e31 11 bytes [B8, 58, 29, BC, 00, 00, 00, ...] .text C:\Windows\Explorer.EXE[548] C:\Windows\system32\GDI32.dll!GdiDllInitialize + 465 00007ffbe43940d1 11 bytes [B8, 1C, 19, BC, 00, 00, 00, ...] .text C:\Windows\Explorer.EXE[548] C:\Windows\system32\GDI32.dll!NamedEscape + 1 00007ffbe4454ca1 11 bytes [B8, 00, 27, BC, 00, 00, 00, ...] .text C:\Windows\Explorer.EXE[548] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 00007ffbe3be47a1 11 bytes [B8, F8, 1E, BC, 00, 00, 00, ...] .text C:\Windows\Explorer.EXE[548] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 00007ffbe3be4d10 12 bytes [48, B8, DE, 1A, BC, 00, 00, ...] .text C:\Windows\Explorer.EXE[548] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 00007ffbe3bea830 12 bytes [48, B8, 48, 1A, BC, 00, 00, ...] .text C:\Windows\Explorer.EXE[548] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 00007ffbe3beae11 11 bytes [B8, A0, 1C, BC, 00, 00, 00, ...] .text C:\Windows\Explorer.EXE[548] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 00007ffbe3beed61 11 bytes [B8, 0A, 1C, BC, 00, 00, 00, ...] .text C:\Windows\Explorer.EXE[548] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW + 1 00007ffbe3c04021 11 bytes [B8, 62, 1E, BC, 00, 00, 00, ...] .text C:\Windows\Explorer.EXE[548] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 00007ffbe3c0a1a1 11 bytes [B8, 36, 1D, BC, 00, 00, 00, ...] .text C:\Windows\Explorer.EXE[548] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA + 1 00007ffbe3c0de41 11 bytes [B8, CC, 1D, BC, 00, 00, 00, ...] .text C:\Windows\Explorer.EXE[548] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 00007ffbe3c1ddf1 11 bytes [B8, 74, 1B, BC, 00, 00, 00, ...] .text C:\Windows\Explorer.EXE[548] C:\Windows\system32\WS2_32.dll!connect 00007ffbe4935730 12 bytes [48, B8, A2, 32, BC, 00, 00, ...] .text C:\Windows\system32\igfxEM.exe[1992] C:\Windows\system32\KERNEL32.DLL!CreateToolhelp32Snapshot 00007ffbe4b4db10 12 bytes [48, B8, 1E, 08, F2, 4E, B4, ...] .text C:\Windows\system32\igfxEM.exe[1992] C:\Windows\system32\KERNEL32.DLL!Process32NextW 00007ffbe4b4e1f0 12 bytes [48, B8, 02, 15, F2, 4E, B4, ...] .text C:\Windows\system32\igfxEM.exe[1992] C:\Windows\system32\KERNEL32.DLL!GetStartupInfoA + 1 00007ffbe4be34b1 11 bytes [B8, 36, 1D, F2, 4E, B4, 00, ...] .text C:\Windows\system32\igfxEM.exe[1992] C:\Windows\system32\KERNEL32.DLL!MoveFileExA + 1 00007ffbe4c0aba1 8 bytes [B8, F0, 17, F2, 4E, B4, 00, ...] .text C:\Windows\system32\igfxEM.exe[1992] C:\Windows\system32\KERNEL32.DLL!MoveFileExA + 10 00007ffbe4c0abaa 2 bytes [50, C3] .text C:\Windows\system32\igfxEM.exe[1992] C:\Windows\system32\KERNEL32.DLL!MoveFileWithProgressA + 1 00007ffbe4c0aca1 11 bytes [B8, 1C, 19, F2, 4E, B4, 00, ...] .text C:\Windows\system32\igfxEM.exe[1992] C:\Windows\system32\KERNELBASE.dll!CloseHandle 00007ffbe35f14c0 12 bytes [48, B8, CE, 0C, F2, 4E, B4, ...] .text C:\Windows\system32\igfxEM.exe[1992] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 00007ffbe35f21d1 11 bytes [B8, D6, 13, F2, 4E, B4, 00, ...] .text C:\Windows\system32\igfxEM.exe[1992] C:\Windows\system32\KERNELBASE.dll!GetProcAddress 00007ffbe35f42a0 12 bytes [48, B8, 6C, 14, F2, 4E, B4, ...] .text C:\Windows\system32\igfxEM.exe[1992] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 00007ffbe35f6750 12 bytes [48, B8, 38, 0C, F2, 4E, B4, ...] .text C:\Windows\system32\igfxEM.exe[1992] C:\Windows\system32\KERNELBASE.dll!OpenThread 00007ffbe35f6780 12 bytes [48, B8, E0, 09, F2, 4E, B4, ...] .text C:\Windows\system32\igfxEM.exe[1992] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 00007ffbe35f8931 11 bytes [B8, A2, 0B, F2, 4E, B4, 00, ...] .text C:\Windows\system32\igfxEM.exe[1992] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 1 00007ffbe35f8c41 11 bytes [B8, 40, 13, F2, 4E, B4, 00, ...] .text C:\Windows\system32\igfxEM.exe[1992] C:\Windows\system32\KERNELBASE.dll!FindClose + 1 00007ffbe35f9101 11 bytes [B8, A0, 1C, F2, 4E, B4, 00, ...] .text C:\Windows\system32\igfxEM.exe[1992] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 00007ffbe35f96b1 11 bytes [B8, AA, 12, F2, 4E, B4, 00, ...] .text C:\Windows\system32\igfxEM.exe[1992] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 00007ffbe35fc390 12 bytes [48, B8, 74, 1B, F2, 4E, B4, ...] .text C:\Windows\system32\igfxEM.exe[1992] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 00007ffbe3600a51 11 bytes [B8, 0A, 1C, F2, 4E, B4, 00, ...] .text C:\Windows\system32\igfxEM.exe[1992] C:\Windows\system32\KERNELBASE.dll!MoveFileWithProgressW + 1 00007ffbe3603901 11 bytes [B8, B2, 19, F2, 4E, B4, 00, ...] .text C:\Windows\system32\igfxEM.exe[1992] C:\Windows\system32\KERNELBASE.dll!CreateProcessInternalW 00007ffbe360b0a0 12 bytes [48, B8, 9A, 04, F2, 4E, B4, ...] .text C:\Windows\system32\igfxEM.exe[1992] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory + 1 00007ffbe3625bb1 11 bytes [B8, 0C, 0B, F2, 4E, B4, 00, ...] .text C:\Windows\system32\igfxEM.exe[1992] C:\Windows\system32\KERNELBASE.dll!MoveFileExW + 1 00007ffbe3648461 8 bytes [B8, 86, 18, F2, 4E, B4, 00, ...] .text C:\Windows\system32\igfxEM.exe[1992] C:\Windows\system32\KERNELBASE.dll!MoveFileExW + 10 00007ffbe364846a 2 bytes [50, C3] .text C:\Windows\system32\igfxEM.exe[1992] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 00007ffbe366a101 11 bytes [B8, 5A, 17, F2, 4E, B4, 00, ...] .text C:\Windows\system32\igfxEM.exe[1992] C:\Windows\system32\KERNELBASE.dll!CreateThread 00007ffbe366a510 12 bytes [48, B8, 76, 0A, F2, 4E, B4, ...] .text C:\Windows\system32\igfxEM.exe[1992] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputA + 1 00007ffbe36bf8f1 11 bytes [B8, FA, 0D, F2, 4E, B4, 00, ...] .text C:\Windows\system32\igfxEM.exe[1992] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputW + 1 00007ffbe36bf971 11 bytes [B8, 90, 0E, F2, 4E, B4, 00, ...] .text C:\Windows\system32\igfxEM.exe[1992] C:\Windows\system32\KERNELBASE.dll!ReadConsoleA 00007ffbe36c0420 12 bytes [48, B8, 26, 0F, F2, 4E, B4, ...] .text C:\Windows\system32\igfxEM.exe[1992] C:\Windows\system32\KERNELBASE.dll!ReadConsoleW 00007ffbe36c0650 12 bytes [48, B8, BC, 0F, F2, 4E, B4, ...] .text C:\Windows\system32\igfxEM.exe[1992] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread 00007ffbe36d0d60 12 bytes [48, B8, AC, 01, F2, 4E, B4, ...] .text C:\Windows\system32\igfxEM.exe[1992] C:\Windows\system32\USER32.dll!ShowWindow 00007ffbe61a11b0 7 bytes [48, B8, 72, 2D, F2, 4E, B4] .text C:\Windows\system32\igfxEM.exe[1992] C:\Windows\system32\USER32.dll!ShowWindow + 8 00007ffbe61a11b8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\igfxEM.exe[1992] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx 00007ffbe61a1210 7 bytes [48, B8, B0, 2B, F2, 4E, B4] .text C:\Windows\system32\igfxEM.exe[1992] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx + 8 00007ffbe61a1218 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\igfxEM.exe[1992] C:\Windows\system32\USER32.dll!GetMessageW 00007ffbe61a25d0 12 bytes [48, B8, 58, 29, F2, 4E, B4, ...] .text C:\Windows\system32\igfxEM.exe[1992] C:\Windows\system32\USER32.dll!PeekMessageW + 1 00007ffbe61a28d1 11 bytes [B8, 84, 2A, F2, 4E, B4, 00, ...] .text C:\Windows\system32\igfxEM.exe[1992] C:\Windows\system32\USER32.dll!GetWindowLongPtrW + 1 00007ffbe61a2a81 11 bytes [B8, 7A, 34, F2, 4E, B4, 00, ...] .text C:\Windows\system32\igfxEM.exe[1992] C:\Windows\system32\USER32.dll!PostMessageW + 1 00007ffbe61a2f61 11 bytes [B8, 7E, 38, F2, 4E, B4, 00, ...] .text C:\Windows\system32\igfxEM.exe[1992] C:\Windows\system32\USER32.dll!CallNextHookEx 00007ffbe61a3490 12 bytes [48, B8, 1A, 2B, F2, 4E, B4, ...] .text C:\Windows\system32\igfxEM.exe[1992] C:\Windows\system32\USER32.dll!GetWindowLongPtrA + 1 00007ffbe61a46c1 11 bytes [B8, E4, 33, F2, 4E, B4, 00, ...] .text C:\Windows\system32\igfxEM.exe[1992] C:\Windows\system32\USER32.dll!SetWindowTextW + 1 00007ffbe61a6431 11 bytes [B8, F6, 30, F2, 4E, B4, 00, ...] .text C:\Windows\system32\igfxEM.exe[1992] C:\Windows\system32\USER32.dll!GetWindowLongW + 1 00007ffbe61a65b1 11 bytes [B8, A6, 35, F2, 4E, B4, 00, ...] .text C:\Windows\system32\igfxEM.exe[1992] C:\Windows\system32\USER32.dll!GetWindowLongA 00007ffbe61a7e30 12 bytes [48, B8, 10, 35, F2, 4E, B4, ...] .text C:\Windows\system32\igfxEM.exe[1992] C:\Windows\system32\USER32.dll!GetMessageA + 1 00007ffbe61a9251 11 bytes [B8, C2, 28, F2, 4E, B4, 00, ...] .text C:\Windows\system32\igfxEM.exe[1992] C:\Windows\system32\USER32.dll!PostMessageA + 1 00007ffbe61a9371 11 bytes [B8, E8, 37, F2, 4E, B4, 00, ...] .text C:\Windows\system32\igfxEM.exe[1992] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ffbe61a9920 7 bytes [48, B8, 46, 2C, F2, 4E, B4] .text C:\Windows\system32\igfxEM.exe[1992] C:\Windows\system32\USER32.dll!CreateWindowExW + 10 00007ffbe61a992a 2 bytes [50, C3] .text C:\Windows\system32\igfxEM.exe[1992] C:\Windows\system32\USER32.dll!SetWindowsHookExW + 1 00007ffbe61abf11 7 bytes [B8, 96, 27, F2, 4E, B4, 00] .text C:\Windows\system32\igfxEM.exe[1992] C:\Windows\system32\USER32.dll!SetWindowsHookExW + 9 00007ffbe61abf19 3 bytes [00, 50, C3] .text C:\Windows\system32\igfxEM.exe[1992] C:\Windows\system32\USER32.dll!CreateWindowExA 00007ffbe61acf60 2 bytes [48, B8] .text C:\Windows\system32\igfxEM.exe[1992] C:\Windows\system32\USER32.dll!CreateWindowExA + 3 00007ffbe61acf63 4 bytes [2C, F2, 4E, B4] .text ... * 2 .text C:\Windows\system32\igfxEM.exe[1992] C:\Windows\system32\USER32.dll!SendNotifyMessageW + 1 00007ffbe61adad1 11 bytes [B8, 52, 37, F2, 4E, B4, 00, ...] .text C:\Windows\system32\igfxEM.exe[1992] C:\Windows\system32\USER32.dll!PeekMessageA + 1 00007ffbe61ae611 11 bytes [B8, EE, 29, F2, 4E, B4, 00, ...] .text C:\Windows\system32\igfxEM.exe[1992] C:\Windows\system32\USER32.dll!UserClientDllInitialize + 1 00007ffbe61ae991 11 bytes [B8, 7C, 22, F2, 4E, B4, 00, ...] .text C:\Windows\system32\igfxEM.exe[1992] C:\Windows\system32\USER32.dll!SetWinEventHook 00007ffbe61b4090 12 bytes [48, B8, 2C, 28, F2, 4E, B4, ...] .text C:\Windows\system32\igfxEM.exe[1992] C:\Windows\system32\USER32.dll!CreateDialogIndirectParamAorW + 1 00007ffbe61b9951 11 bytes [B8, 08, 2E, F2, 4E, B4, 00, ...] .text C:\Windows\system32\igfxEM.exe[1992] C:\Windows\system32\USER32.dll!FindWindowExW + 1 00007ffbe61c41d1 11 bytes [B8, 4E, 33, F2, 4E, B4, 00, ...] .text C:\Windows\system32\igfxEM.exe[1992] C:\Windows\system32\USER32.dll!FindWindowExA + 1 00007ffbe61c4701 6 bytes [B8, 22, 32, F2, 4E, B4] .text C:\Windows\system32\igfxEM.exe[1992] C:\Windows\system32\USER32.dll!FindWindowExA + 9 00007ffbe61c4709 3 bytes [00, 50, C3] .text C:\Windows\system32\igfxEM.exe[1992] C:\Windows\system32\USER32.dll!FindWindowW + 1 00007ffbe61c64e1 7 bytes [B8, B8, 32, F2, 4E, B4, 00] .text C:\Windows\system32\igfxEM.exe[1992] C:\Windows\system32\USER32.dll!FindWindowW + 9 00007ffbe61c64e9 3 bytes [00, 50, C3] .text C:\Windows\system32\igfxEM.exe[1992] C:\Windows\system32\USER32.dll!DialogBoxIndirectParamAorW + 1 00007ffbe61d8b51 11 bytes [B8, 9E, 2E, F2, 4E, B4, 00, ...] .text C:\Windows\system32\igfxEM.exe[1992] C:\Windows\system32\USER32.dll!SendNotifyMessageA + 1 00007ffbe61dd9a1 11 bytes [B8, BC, 36, F2, 4E, B4, 00, ...] .text C:\Windows\system32\igfxEM.exe[1992] C:\Windows\system32\USER32.dll!SetWindowsHookExA + 1 00007ffbe6200da1 8 bytes [B8, 00, 27, F2, 4E, B4, 00, ...] .text C:\Windows\system32\igfxEM.exe[1992] C:\Windows\system32\USER32.dll!SetWindowsHookExA + 10 00007ffbe6200daa 2 bytes [50, C3] .text C:\Windows\system32\igfxEM.exe[1992] C:\Windows\system32\USER32.dll!MessageBoxExA + 1 00007ffbe6227c31 11 bytes [B8, 34, 2F, F2, 4E, B4, 00, ...] .text C:\Windows\system32\igfxEM.exe[1992] C:\Windows\system32\USER32.dll!MessageBoxExW + 1 00007ffbe6227c61 11 bytes [B8, CA, 2F, F2, 4E, B4, 00, ...] .text C:\Windows\system32\igfxEM.exe[1992] C:\Windows\system32\USER32.dll!FindWindowA + 1 00007ffbe6228e31 11 bytes [B8, 8C, 31, F2, 4E, B4, 00, ...] .text C:\Windows\system32\igfxEM.exe[1992] C:\Windows\system32\USER32.dll!SetWindowTextA + 1 00007ffbe6230f71 11 bytes [B8, 60, 30, F2, 4E, B4, 00, ...] .text C:\Windows\system32\igfxEM.exe[1992] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 1 00007ffbe49b1da1 11 bytes [B8, 1C, 40, F2, 4E, B4, 00, ...] .text C:\Windows\system32\igfxEM.exe[1992] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 1 00007ffbe49b2041 11 bytes [B8, DE, 41, F2, 4E, B4, 00, ...] .text C:\Windows\system32\igfxEM.exe[1992] C:\Windows\system32\ADVAPI32.dll!CryptHashData + 1 00007ffbe49b2061 11 bytes [B8, A0, 43, F2, 4E, B4, 00, ...] .text C:\Windows\system32\igfxEM.exe[1992] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 1 00007ffbe49b2071 11 bytes [B8, 0A, 43, F2, 4E, B4, 00, ...] .text C:\Windows\system32\igfxEM.exe[1992] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 1 00007ffbe49b2091 11 bytes [B8, 36, 44, F2, 4E, B4, 00, ...] .text C:\Windows\system32\igfxEM.exe[1992] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 1 00007ffbe49b20a1 11 bytes [B8, 74, 42, F2, 4E, B4, 00, ...] .text C:\Windows\system32\igfxEM.exe[1992] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 1 00007ffbe49b2201 11 bytes [B8, 86, 3F, F2, 4E, B4, 00, ...] .text C:\Windows\system32\igfxEM.exe[1992] C:\Windows\system32\ADVAPI32.dll!CryptGenKey + 1 00007ffbe49e0fd1 11 bytes [B8, B2, 40, F2, 4E, B4, 00, ...] .text C:\Windows\system32\igfxEM.exe[1992] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 1 00007ffbe49e0fe1 11 bytes [B8, 48, 41, F2, 4E, B4, 00, ...] .text C:\Windows\system32\igfxEM.exe[1992] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 00007ffbe4a0dd30 12 bytes [48, B8, 5A, 3E, F2, 4E, B4, ...] .text C:\Windows\system32\igfxEM.exe[1992] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 00007ffbe4a0ddc0 12 bytes [48, B8, F0, 3E, F2, 4E, B4, ...] .text C:\Windows\system32\igfxEM.exe[1992] C:\Windows\system32\SHELL32.dll!Shell_NotifyIconW + 1 00007ffbe4d557c1 11 bytes [B8, CC, 44, F2, 4E, B4, 00, ...] .text C:\Windows\system32\igfxEM.exe[1992] C:\Windows\system32\GDI32.dll!GdiDllInitialize + 465 00007ffbe43940d1 11 bytes [B8, 3E, 24, F2, 4E, B4, 00, ...] .text C:\Windows\system32\igfxEM.exe[1992] C:\Windows\system32\GDI32.dll!NamedEscape + 1 00007ffbe4454ca1 11 bytes [B8, 6A, 26, F2, 4E, B4, 00, ...] .text C:\Windows\system32\igfxEM.exe[1992] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 00007ffbe3be47a1 1 byte [B8] .text C:\Windows\system32\igfxEM.exe[1992] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 3 00007ffbe3be47a3 9 bytes [3D, F2, 4E, B4, 00, 00, 00, ...] .text C:\Windows\system32\igfxEM.exe[1992] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 00007ffbe3be4d10 12 bytes [48, B8, AA, 39, F2, 4E, B4, ...] .text C:\Windows\system32\igfxEM.exe[1992] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 00007ffbe3bea830 12 bytes [48, B8, 14, 39, F2, 4E, B4, ...] .text C:\Windows\system32\igfxEM.exe[1992] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 00007ffbe3beae11 11 bytes [B8, 6C, 3B, F2, 4E, B4, 00, ...] .text C:\Windows\system32\igfxEM.exe[1992] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 00007ffbe3beed61 11 bytes [B8, D6, 3A, F2, 4E, B4, 00, ...] .text C:\Windows\system32\igfxEM.exe[1992] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW + 1 00007ffbe3c04021 11 bytes [B8, 2E, 3D, F2, 4E, B4, 00, ...] .text C:\Windows\system32\igfxEM.exe[1992] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 00007ffbe3c0a1a1 11 bytes [B8, 02, 3C, F2, 4E, B4, 00, ...] .text C:\Windows\system32\igfxEM.exe[1992] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA + 1 00007ffbe3c0de41 11 bytes [B8, 98, 3C, F2, 4E, B4, 00, ...] .text C:\Windows\system32\igfxEM.exe[1992] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 00007ffbe3c1ddf1 11 bytes [B8, 40, 3A, F2, 4E, B4, 00, ...] .text C:\Windows\system32\igfxEM.exe[1992] C:\Windows\system32\urlmon.dll!URLDownloadToCacheFileW 00007ffbe1258c80 12 bytes [48, B8, 8E, 46, F2, 4E, B4, ...] .text C:\Windows\system32\igfxEM.exe[1992] C:\Windows\system32\urlmon.dll!URLDownloadToFileW + 1 00007ffbe1274001 11 bytes [B8, F8, 45, F2, 4E, B4, 00, ...] .text C:\Windows\system32\igfxHK.exe[1996] C:\Windows\system32\KERNEL32.DLL!CreateToolhelp32Snapshot 00007ffbe4b4db10 12 bytes [48, B8, 1E, 08, F3, B3, C6, ...] .text C:\Windows\system32\igfxHK.exe[1996] C:\Windows\system32\KERNEL32.DLL!Process32NextW 00007ffbe4b4e1f0 12 bytes [48, B8, 02, 15, F3, B3, C6, ...] .text C:\Windows\system32\igfxHK.exe[1996] C:\Windows\system32\KERNEL32.DLL!GetStartupInfoA + 1 00007ffbe4be34b1 11 bytes [B8, 36, 1D, F3, B3, C6, 00, ...] .text C:\Windows\system32\igfxHK.exe[1996] C:\Windows\system32\KERNEL32.DLL!MoveFileExA + 1 00007ffbe4c0aba1 8 bytes [B8, F0, 17, F3, B3, C6, 00, ...] .text C:\Windows\system32\igfxHK.exe[1996] C:\Windows\system32\KERNEL32.DLL!MoveFileExA + 10 00007ffbe4c0abaa 2 bytes [50, C3] .text C:\Windows\system32\igfxHK.exe[1996] C:\Windows\system32\KERNEL32.DLL!MoveFileWithProgressA + 1 00007ffbe4c0aca1 11 bytes [B8, 1C, 19, F3, B3, C6, 00, ...] .text C:\Windows\system32\igfxHK.exe[1996] C:\Windows\system32\KERNELBASE.dll!CloseHandle 00007ffbe35f14c0 12 bytes [48, B8, CE, 0C, F3, B3, C6, ...] .text C:\Windows\system32\igfxHK.exe[1996] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 00007ffbe35f21d1 11 bytes [B8, D6, 13, F3, B3, C6, 00, ...] .text C:\Windows\system32\igfxHK.exe[1996] C:\Windows\system32\KERNELBASE.dll!GetProcAddress 00007ffbe35f42a0 12 bytes [48, B8, 6C, 14, F3, B3, C6, ...] .text C:\Windows\system32\igfxHK.exe[1996] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 00007ffbe35f6750 12 bytes [48, B8, 38, 0C, F3, B3, C6, ...] .text C:\Windows\system32\igfxHK.exe[1996] C:\Windows\system32\KERNELBASE.dll!OpenThread 00007ffbe35f6780 12 bytes [48, B8, E0, 09, F3, B3, C6, ...] .text C:\Windows\system32\igfxHK.exe[1996] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 00007ffbe35f8931 11 bytes [B8, A2, 0B, F3, B3, C6, 00, ...] .text C:\Windows\system32\igfxHK.exe[1996] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 1 00007ffbe35f8c41 11 bytes [B8, 40, 13, F3, B3, C6, 00, ...] .text C:\Windows\system32\igfxHK.exe[1996] C:\Windows\system32\KERNELBASE.dll!FindClose + 1 00007ffbe35f9101 11 bytes [B8, A0, 1C, F3, B3, C6, 00, ...] .text C:\Windows\system32\igfxHK.exe[1996] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 00007ffbe35f96b1 11 bytes [B8, AA, 12, F3, B3, C6, 00, ...] .text C:\Windows\system32\igfxHK.exe[1996] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 00007ffbe35fc390 12 bytes [48, B8, 74, 1B, F3, B3, C6, ...] .text C:\Windows\system32\igfxHK.exe[1996] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 00007ffbe3600a51 11 bytes [B8, 0A, 1C, F3, B3, C6, 00, ...] .text C:\Windows\system32\igfxHK.exe[1996] C:\Windows\system32\KERNELBASE.dll!MoveFileWithProgressW + 1 00007ffbe3603901 11 bytes [B8, B2, 19, F3, B3, C6, 00, ...] .text C:\Windows\system32\igfxHK.exe[1996] C:\Windows\system32\KERNELBASE.dll!CreateProcessInternalW 00007ffbe360b0a0 12 bytes [48, B8, 9A, 04, F3, B3, C6, ...] .text C:\Windows\system32\igfxHK.exe[1996] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory + 1 00007ffbe3625bb1 11 bytes [B8, 0C, 0B, F3, B3, C6, 00, ...] .text C:\Windows\system32\igfxHK.exe[1996] C:\Windows\system32\KERNELBASE.dll!MoveFileExW + 1 00007ffbe3648461 8 bytes [B8, 86, 18, F3, B3, C6, 00, ...] .text C:\Windows\system32\igfxHK.exe[1996] C:\Windows\system32\KERNELBASE.dll!MoveFileExW + 10 00007ffbe364846a 2 bytes [50, C3] .text C:\Windows\system32\igfxHK.exe[1996] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 00007ffbe366a101 11 bytes [B8, 5A, 17, F3, B3, C6, 00, ...] .text C:\Windows\system32\igfxHK.exe[1996] C:\Windows\system32\KERNELBASE.dll!CreateThread 00007ffbe366a510 12 bytes [48, B8, 76, 0A, F3, B3, C6, ...] .text C:\Windows\system32\igfxHK.exe[1996] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputA + 1 00007ffbe36bf8f1 11 bytes [B8, FA, 0D, F3, B3, C6, 00, ...] .text C:\Windows\system32\igfxHK.exe[1996] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputW + 1 00007ffbe36bf971 5 bytes [B8, 90, 0E, F3, B3] .text C:\Windows\system32\igfxHK.exe[1996] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputW + 7 00007ffbe36bf977 5 bytes [00, 00, 00, 50, C3] .text C:\Windows\system32\igfxHK.exe[1996] C:\Windows\system32\KERNELBASE.dll!ReadConsoleA 00007ffbe36c0420 6 bytes [48, B8, 26, 0F, F3, B3] .text C:\Windows\system32\igfxHK.exe[1996] C:\Windows\system32\KERNELBASE.dll!ReadConsoleA + 7 00007ffbe36c0427 5 bytes [00, 00, 00, 50, C3] .text C:\Windows\system32\igfxHK.exe[1996] C:\Windows\system32\KERNELBASE.dll!ReadConsoleW 00007ffbe36c0650 12 bytes [48, B8, BC, 0F, F3, B3, C6, ...] .text C:\Windows\system32\igfxHK.exe[1996] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread 00007ffbe36d0d60 12 bytes [48, B8, AC, 01, F3, B3, C6, ...] .text C:\Windows\system32\igfxHK.exe[1996] C:\Windows\system32\USER32.dll!ShowWindow 00007ffbe61a11b0 7 bytes [48, B8, DC, 2C, F3, B3, C6] .text C:\Windows\system32\igfxHK.exe[1996] C:\Windows\system32\USER32.dll!ShowWindow + 8 00007ffbe61a11b8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\igfxHK.exe[1996] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx 00007ffbe61a1210 7 bytes [48, B8, 1A, 2B, F3, B3, C6] .text C:\Windows\system32\igfxHK.exe[1996] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx + 8 00007ffbe61a1218 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\igfxHK.exe[1996] C:\Windows\system32\USER32.dll!GetMessageW 00007ffbe61a25d0 12 bytes [48, B8, C2, 28, F3, B3, C6, ...] .text C:\Windows\system32\igfxHK.exe[1996] C:\Windows\system32\USER32.dll!PeekMessageW + 1 00007ffbe61a28d1 11 bytes [B8, EE, 29, F3, B3, C6, 00, ...] .text C:\Windows\system32\igfxHK.exe[1996] C:\Windows\system32\USER32.dll!GetWindowLongPtrW + 1 00007ffbe61a2a81 11 bytes [B8, E4, 33, F3, B3, C6, 00, ...] .text C:\Windows\system32\igfxHK.exe[1996] C:\Windows\system32\USER32.dll!PostMessageW + 1 00007ffbe61a2f61 11 bytes [B8, E8, 37, F3, B3, C6, 00, ...] .text C:\Windows\system32\igfxHK.exe[1996] C:\Windows\system32\USER32.dll!CallNextHookEx 00007ffbe61a3490 12 bytes [48, B8, 84, 2A, F3, B3, C6, ...] .text C:\Windows\system32\igfxHK.exe[1996] C:\Windows\system32\USER32.dll!GetWindowLongPtrA + 1 00007ffbe61a46c1 11 bytes [B8, 4E, 33, F3, B3, C6, 00, ...] .text C:\Windows\system32\igfxHK.exe[1996] C:\Windows\system32\USER32.dll!SetWindowTextW + 1 00007ffbe61a6431 11 bytes [B8, 60, 30, F3, B3, C6, 00, ...] .text C:\Windows\system32\igfxHK.exe[1996] C:\Windows\system32\USER32.dll!GetWindowLongW + 1 00007ffbe61a65b1 11 bytes [B8, 10, 35, F3, B3, C6, 00, ...] .text C:\Windows\system32\igfxHK.exe[1996] C:\Windows\system32\USER32.dll!GetWindowLongA 00007ffbe61a7e30 12 bytes [48, B8, 7A, 34, F3, B3, C6, ...] .text C:\Windows\system32\igfxHK.exe[1996] C:\Windows\system32\USER32.dll!GetMessageA + 1 00007ffbe61a9251 11 bytes [B8, 2C, 28, F3, B3, C6, 00, ...] .text C:\Windows\system32\igfxHK.exe[1996] C:\Windows\system32\USER32.dll!PostMessageA + 1 00007ffbe61a9371 11 bytes [B8, 52, 37, F3, B3, C6, 00, ...] .text C:\Windows\system32\igfxHK.exe[1996] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ffbe61a9920 7 bytes [48, B8, B0, 2B, F3, B3, C6] .text C:\Windows\system32\igfxHK.exe[1996] C:\Windows\system32\USER32.dll!CreateWindowExW + 10 00007ffbe61a992a 2 bytes [50, C3] .text C:\Windows\system32\igfxHK.exe[1996] C:\Windows\system32\USER32.dll!SetWindowsHookExW + 1 00007ffbe61abf11 7 bytes [B8, 00, 27, F3, B3, C6, 00] .text C:\Windows\system32\igfxHK.exe[1996] C:\Windows\system32\USER32.dll!SetWindowsHookExW + 9 00007ffbe61abf19 3 bytes [00, 50, C3] .text C:\Windows\system32\igfxHK.exe[1996] C:\Windows\system32\USER32.dll!CreateWindowExA 00007ffbe61acf60 7 bytes [48, B8, 46, 2C, F3, B3, C6] .text C:\Windows\system32\igfxHK.exe[1996] C:\Windows\system32\USER32.dll!CreateWindowExA + 10 00007ffbe61acf6a 2 bytes [50, C3] .text C:\Windows\system32\igfxHK.exe[1996] C:\Windows\system32\USER32.dll!SendNotifyMessageW + 1 00007ffbe61adad1 11 bytes [B8, BC, 36, F3, B3, C6, 00, ...] .text C:\Windows\system32\igfxHK.exe[1996] C:\Windows\system32\USER32.dll!PeekMessageA + 1 00007ffbe61ae611 11 bytes [B8, 58, 29, F3, B3, C6, 00, ...] .text C:\Windows\system32\igfxHK.exe[1996] C:\Windows\system32\USER32.dll!UserClientDllInitialize + 1 00007ffbe61ae991 11 bytes [B8, 7C, 22, F3, B3, C6, 00, ...] .text C:\Windows\system32\igfxHK.exe[1996] C:\Windows\system32\USER32.dll!SetWinEventHook 00007ffbe61b4090 12 bytes [48, B8, 96, 27, F3, B3, C6, ...] .text C:\Windows\system32\igfxHK.exe[1996] C:\Windows\system32\USER32.dll!CreateDialogIndirectParamAorW + 1 00007ffbe61b9951 11 bytes [B8, 72, 2D, F3, B3, C6, 00, ...] .text C:\Windows\system32\igfxHK.exe[1996] C:\Windows\system32\USER32.dll!FindWindowExW + 1 00007ffbe61c41d1 11 bytes [B8, B8, 32, F3, B3, C6, 00, ...] .text C:\Windows\system32\igfxHK.exe[1996] C:\Windows\system32\USER32.dll!FindWindowExA + 1 00007ffbe61c4701 6 bytes [B8, 8C, 31, F3, B3, C6] .text C:\Windows\system32\igfxHK.exe[1996] C:\Windows\system32\USER32.dll!FindWindowExA + 9 00007ffbe61c4709 3 bytes [00, 50, C3] .text C:\Windows\system32\igfxHK.exe[1996] C:\Windows\system32\USER32.dll!FindWindowW + 1 00007ffbe61c64e1 7 bytes [B8, 22, 32, F3, B3, C6, 00] .text C:\Windows\system32\igfxHK.exe[1996] C:\Windows\system32\USER32.dll!FindWindowW + 9 00007ffbe61c64e9 3 bytes [00, 50, C3] .text C:\Windows\system32\igfxHK.exe[1996] C:\Windows\system32\USER32.dll!DialogBoxIndirectParamAorW + 1 00007ffbe61d8b51 11 bytes [B8, 08, 2E, F3, B3, C6, 00, ...] .text C:\Windows\system32\igfxHK.exe[1996] C:\Windows\system32\USER32.dll!SendNotifyMessageA + 1 00007ffbe61dd9a1 11 bytes [B8, 26, 36, F3, B3, C6, 00, ...] .text C:\Windows\system32\igfxHK.exe[1996] C:\Windows\system32\USER32.dll!SetWindowsHookExA + 1 00007ffbe6200da1 8 bytes [B8, 6A, 26, F3, B3, C6, 00, ...] .text C:\Windows\system32\igfxHK.exe[1996] C:\Windows\system32\USER32.dll!SetWindowsHookExA + 10 00007ffbe6200daa 2 bytes [50, C3] .text C:\Windows\system32\igfxHK.exe[1996] C:\Windows\system32\USER32.dll!MessageBoxExA + 1 00007ffbe6227c31 11 bytes [B8, 9E, 2E, F3, B3, C6, 00, ...] .text C:\Windows\system32\igfxHK.exe[1996] C:\Windows\system32\USER32.dll!MessageBoxExW + 1 00007ffbe6227c61 11 bytes [B8, 34, 2F, F3, B3, C6, 00, ...] .text C:\Windows\system32\igfxHK.exe[1996] C:\Windows\system32\USER32.dll!FindWindowA + 1 00007ffbe6228e31 11 bytes [B8, F6, 30, F3, B3, C6, 00, ...] .text C:\Windows\system32\igfxHK.exe[1996] C:\Windows\system32\USER32.dll!SetWindowTextA + 1 00007ffbe6230f71 11 bytes [B8, CA, 2F, F3, B3, C6, 00, ...] .text C:\Windows\system32\igfxHK.exe[1996] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 1 00007ffbe49b1da1 11 bytes [B8, 86, 3F, F3, B3, C6, 00, ...] .text C:\Windows\system32\igfxHK.exe[1996] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 1 00007ffbe49b2041 11 bytes [B8, 48, 41, F3, B3, C6, 00, ...] .text C:\Windows\system32\igfxHK.exe[1996] C:\Windows\system32\ADVAPI32.dll!CryptHashData + 1 00007ffbe49b2061 11 bytes [B8, 0A, 43, F3, B3, C6, 00, ...] .text C:\Windows\system32\igfxHK.exe[1996] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 1 00007ffbe49b2071 11 bytes [B8, 74, 42, F3, B3, C6, 00, ...] .text C:\Windows\system32\igfxHK.exe[1996] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 1 00007ffbe49b2091 11 bytes [B8, A0, 43, F3, B3, C6, 00, ...] .text C:\Windows\system32\igfxHK.exe[1996] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 1 00007ffbe49b20a1 11 bytes [B8, DE, 41, F3, B3, C6, 00, ...] .text C:\Windows\system32\igfxHK.exe[1996] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 1 00007ffbe49b2201 11 bytes [B8, F0, 3E, F3, B3, C6, 00, ...] .text C:\Windows\system32\igfxHK.exe[1996] C:\Windows\system32\ADVAPI32.dll!CryptGenKey + 1 00007ffbe49e0fd1 11 bytes [B8, 1C, 40, F3, B3, C6, 00, ...] .text C:\Windows\system32\igfxHK.exe[1996] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 1 00007ffbe49e0fe1 11 bytes [B8, B2, 40, F3, B3, C6, 00, ...] .text C:\Windows\system32\igfxHK.exe[1996] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 00007ffbe4a0dd30 12 bytes [48, B8, C4, 3D, F3, B3, C6, ...] .text C:\Windows\system32\igfxHK.exe[1996] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 00007ffbe4a0ddc0 12 bytes [48, B8, 5A, 3E, F3, B3, C6, ...] .text C:\Windows\system32\igfxHK.exe[1996] C:\Windows\system32\GDI32.dll!GdiDllInitialize + 465 00007ffbe43940d1 11 bytes [B8, A8, 23, F3, B3, C6, 00, ...] .text C:\Windows\system32\igfxHK.exe[1996] C:\Windows\system32\GDI32.dll!NamedEscape + 1 00007ffbe4454ca1 11 bytes [B8, D4, 25, F3, B3, C6, 00, ...] .text C:\Windows\system32\igfxHK.exe[1996] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 00007ffbe3be47a1 11 bytes [B8, 2E, 3D, F3, B3, C6, 00, ...] .text C:\Windows\system32\igfxHK.exe[1996] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 00007ffbe3be4d10 12 bytes [48, B8, 14, 39, F3, B3, C6, ...] .text C:\Windows\system32\igfxHK.exe[1996] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 00007ffbe3bea830 12 bytes [48, B8, 7E, 38, F3, B3, C6, ...] .text C:\Windows\system32\igfxHK.exe[1996] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 00007ffbe3beae11 11 bytes [B8, D6, 3A, F3, B3, C6, 00, ...] .text C:\Windows\system32\igfxHK.exe[1996] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 00007ffbe3beed61 11 bytes [B8, 40, 3A, F3, B3, C6, 00, ...] .text C:\Windows\system32\igfxHK.exe[1996] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW + 1 00007ffbe3c04021 11 bytes [B8, 98, 3C, F3, B3, C6, 00, ...] .text C:\Windows\system32\igfxHK.exe[1996] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 00007ffbe3c0a1a1 11 bytes [B8, 6C, 3B, F3, B3, C6, 00, ...] .text C:\Windows\system32\igfxHK.exe[1996] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA + 1 00007ffbe3c0de41 11 bytes [B8, 02, 3C, F3, B3, C6, 00, ...] .text C:\Windows\system32\igfxHK.exe[1996] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 00007ffbe3c1ddf1 11 bytes [B8, AA, 39, F3, B3, C6, 00, ...] .text C:\Windows\system32\igfxHK.exe[1996] C:\Windows\system32\urlmon.dll!URLDownloadToCacheFileW 00007ffbe1258c80 12 bytes [48, B8, 62, 45, F3, B3, C6, ...] .text C:\Windows\system32\igfxHK.exe[1996] C:\Windows\system32\urlmon.dll!URLDownloadToFileW + 1 00007ffbe1274001 11 bytes [B8, CC, 44, F3, B3, C6, 00, ...] .text C:\Windows\system32\igfxTray.exe[2824] C:\Windows\system32\KERNEL32.DLL!CreateToolhelp32Snapshot 00007ffbe4b4db10 12 bytes [48, B8, 1E, 08, A1, 3D, 3D, ...] .text C:\Windows\system32\igfxTray.exe[2824] C:\Windows\system32\KERNEL32.DLL!Process32NextW 00007ffbe4b4e1f0 12 bytes [48, B8, 02, 15, A1, 3D, 3D, ...] .text C:\Windows\system32\igfxTray.exe[2824] C:\Windows\system32\KERNEL32.DLL!GetStartupInfoA + 1 00007ffbe4be34b1 11 bytes [B8, 36, 1D, A1, 3D, 3D, 00, ...] .text C:\Windows\system32\igfxTray.exe[2824] C:\Windows\system32\KERNEL32.DLL!MoveFileExA + 1 00007ffbe4c0aba1 8 bytes [B8, F0, 17, A1, 3D, 3D, 00, ...] .text C:\Windows\system32\igfxTray.exe[2824] C:\Windows\system32\KERNEL32.DLL!MoveFileExA + 10 00007ffbe4c0abaa 2 bytes [50, C3] .text C:\Windows\system32\igfxTray.exe[2824] C:\Windows\system32\KERNEL32.DLL!MoveFileWithProgressA + 1 00007ffbe4c0aca1 11 bytes [B8, 1C, 19, A1, 3D, 3D, 00, ...] .text C:\Windows\system32\igfxTray.exe[2824] C:\Windows\system32\KERNELBASE.dll!CloseHandle 00007ffbe35f14c0 12 bytes [48, B8, CE, 0C, A1, 3D, 3D, ...] .text C:\Windows\system32\igfxTray.exe[2824] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 00007ffbe35f21d1 11 bytes [B8, D6, 13, A1, 3D, 3D, 00, ...] .text C:\Windows\system32\igfxTray.exe[2824] C:\Windows\system32\KERNELBASE.dll!GetProcAddress 00007ffbe35f42a0 12 bytes [48, B8, 6C, 14, A1, 3D, 3D, ...] .text C:\Windows\system32\igfxTray.exe[2824] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 00007ffbe35f6750 12 bytes [48, B8, 38, 0C, A1, 3D, 3D, ...] .text C:\Windows\system32\igfxTray.exe[2824] C:\Windows\system32\KERNELBASE.dll!OpenThread 00007ffbe35f6780 12 bytes [48, B8, E0, 09, A1, 3D, 3D, ...] .text C:\Windows\system32\igfxTray.exe[2824] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 00007ffbe35f8931 11 bytes [B8, A2, 0B, A1, 3D, 3D, 00, ...] .text C:\Windows\system32\igfxTray.exe[2824] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 1 00007ffbe35f8c41 11 bytes [B8, 40, 13, A1, 3D, 3D, 00, ...] .text C:\Windows\system32\igfxTray.exe[2824] C:\Windows\system32\KERNELBASE.dll!FindClose + 1 00007ffbe35f9101 11 bytes [B8, A0, 1C, A1, 3D, 3D, 00, ...] .text C:\Windows\system32\igfxTray.exe[2824] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 00007ffbe35f96b1 11 bytes [B8, AA, 12, A1, 3D, 3D, 00, ...] .text C:\Windows\system32\igfxTray.exe[2824] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 00007ffbe35fc390 12 bytes [48, B8, 74, 1B, A1, 3D, 3D, ...] .text C:\Windows\system32\igfxTray.exe[2824] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 00007ffbe3600a51 11 bytes [B8, 0A, 1C, A1, 3D, 3D, 00, ...] .text C:\Windows\system32\igfxTray.exe[2824] C:\Windows\system32\KERNELBASE.dll!MoveFileWithProgressW + 1 00007ffbe3603901 11 bytes [B8, B2, 19, A1, 3D, 3D, 00, ...] .text C:\Windows\system32\igfxTray.exe[2824] C:\Windows\system32\KERNELBASE.dll!CreateProcessInternalW 00007ffbe360b0a0 12 bytes [48, B8, 9A, 04, A1, 3D, 3D, ...] .text C:\Windows\system32\igfxTray.exe[2824] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory + 1 00007ffbe3625bb1 11 bytes [B8, 0C, 0B, A1, 3D, 3D, 00, ...] .text C:\Windows\system32\igfxTray.exe[2824] C:\Windows\system32\KERNELBASE.dll!MoveFileExW + 1 00007ffbe3648461 8 bytes [B8, 86, 18, A1, 3D, 3D, 00, ...] .text C:\Windows\system32\igfxTray.exe[2824] C:\Windows\system32\KERNELBASE.dll!MoveFileExW + 10 00007ffbe364846a 2 bytes [50, C3] .text C:\Windows\system32\igfxTray.exe[2824] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 00007ffbe366a101 11 bytes [B8, 5A, 17, A1, 3D, 3D, 00, ...] .text C:\Windows\system32\igfxTray.exe[2824] C:\Windows\system32\KERNELBASE.dll!CreateThread 00007ffbe366a510 12 bytes [48, B8, 76, 0A, A1, 3D, 3D, ...] .text C:\Windows\system32\igfxTray.exe[2824] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputA + 1 00007ffbe36bf8f1 11 bytes [B8, FA, 0D, A1, 3D, 3D, 00, ...] .text C:\Windows\system32\igfxTray.exe[2824] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputW + 1 00007ffbe36bf971 11 bytes [B8, 90, 0E, A1, 3D, 3D, 00, ...] .text C:\Windows\system32\igfxTray.exe[2824] C:\Windows\system32\KERNELBASE.dll!ReadConsoleA 00007ffbe36c0420 12 bytes [48, B8, 26, 0F, A1, 3D, 3D, ...] .text C:\Windows\system32\igfxTray.exe[2824] C:\Windows\system32\KERNELBASE.dll!ReadConsoleW 00007ffbe36c0650 12 bytes [48, B8, BC, 0F, A1, 3D, 3D, ...] .text C:\Windows\system32\igfxTray.exe[2824] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread 00007ffbe36d0d60 12 bytes [48, B8, AC, 01, A1, 3D, 3D, ...] .text C:\Windows\system32\igfxTray.exe[2824] C:\Windows\system32\USER32.dll!ShowWindow 00007ffbe61a11b0 7 bytes [48, B8, 72, 2D, A1, 3D, 3D] .text C:\Windows\system32\igfxTray.exe[2824] C:\Windows\system32\USER32.dll!ShowWindow + 8 00007ffbe61a11b8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\igfxTray.exe[2824] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx 00007ffbe61a1210 7 bytes [48, B8, B0, 2B, A1, 3D, 3D] .text C:\Windows\system32\igfxTray.exe[2824] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx + 8 00007ffbe61a1218 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\igfxTray.exe[2824] C:\Windows\system32\USER32.dll!GetMessageW 00007ffbe61a25d0 12 bytes [48, B8, 58, 29, A1, 3D, 3D, ...] .text C:\Windows\system32\igfxTray.exe[2824] C:\Windows\system32\USER32.dll!PeekMessageW + 1 00007ffbe61a28d1 11 bytes [B8, 84, 2A, A1, 3D, 3D, 00, ...] .text C:\Windows\system32\igfxTray.exe[2824] C:\Windows\system32\USER32.dll!GetWindowLongPtrW + 1 00007ffbe61a2a81 11 bytes [B8, 7A, 34, A1, 3D, 3D, 00, ...] .text C:\Windows\system32\igfxTray.exe[2824] C:\Windows\system32\USER32.dll!PostMessageW + 1 00007ffbe61a2f61 11 bytes [B8, 7E, 38, A1, 3D, 3D, 00, ...] .text C:\Windows\system32\igfxTray.exe[2824] C:\Windows\system32\USER32.dll!CallNextHookEx 00007ffbe61a3490 12 bytes [48, B8, 1A, 2B, A1, 3D, 3D, ...] .text C:\Windows\system32\igfxTray.exe[2824] C:\Windows\system32\USER32.dll!GetWindowLongPtrA + 1 00007ffbe61a46c1 11 bytes [B8, E4, 33, A1, 3D, 3D, 00, ...] .text C:\Windows\system32\igfxTray.exe[2824] C:\Windows\system32\USER32.dll!SetWindowTextW + 1 00007ffbe61a6431 11 bytes [B8, F6, 30, A1, 3D, 3D, 00, ...] .text C:\Windows\system32\igfxTray.exe[2824] C:\Windows\system32\USER32.dll!GetWindowLongW + 1 00007ffbe61a65b1 11 bytes [B8, A6, 35, A1, 3D, 3D, 00, ...] .text C:\Windows\system32\igfxTray.exe[2824] C:\Windows\system32\USER32.dll!GetWindowLongA 00007ffbe61a7e30 12 bytes [48, B8, 10, 35, A1, 3D, 3D, ...] .text C:\Windows\system32\igfxTray.exe[2824] C:\Windows\system32\USER32.dll!GetMessageA + 1 00007ffbe61a9251 11 bytes [B8, C2, 28, A1, 3D, 3D, 00, ...] .text C:\Windows\system32\igfxTray.exe[2824] C:\Windows\system32\USER32.dll!PostMessageA + 1 00007ffbe61a9371 11 bytes [B8, E8, 37, A1, 3D, 3D, 00, ...] .text C:\Windows\system32\igfxTray.exe[2824] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ffbe61a9920 7 bytes [48, B8, 46, 2C, A1, 3D, 3D] .text C:\Windows\system32\igfxTray.exe[2824] C:\Windows\system32\USER32.dll!CreateWindowExW + 10 00007ffbe61a992a 2 bytes [50, C3] .text C:\Windows\system32\igfxTray.exe[2824] C:\Windows\system32\USER32.dll!SetWindowsHookExW + 1 00007ffbe61abf11 7 bytes [B8, 96, 27, A1, 3D, 3D, 00] .text C:\Windows\system32\igfxTray.exe[2824] C:\Windows\system32\USER32.dll!SetWindowsHookExW + 9 00007ffbe61abf19 3 bytes [00, 50, C3] .text C:\Windows\system32\igfxTray.exe[2824] C:\Windows\system32\USER32.dll!CreateWindowExA 00007ffbe61acf60 2 bytes [48, B8] .text C:\Windows\system32\igfxTray.exe[2824] C:\Windows\system32\USER32.dll!CreateWindowExA + 3 00007ffbe61acf63 4 bytes [2C, A1, 3D, 3D] .text ... * 2 .text C:\Windows\system32\igfxTray.exe[2824] C:\Windows\system32\USER32.dll!SendNotifyMessageW + 1 00007ffbe61adad1 11 bytes [B8, 52, 37, A1, 3D, 3D, 00, ...] .text C:\Windows\system32\igfxTray.exe[2824] C:\Windows\system32\USER32.dll!PeekMessageA + 1 00007ffbe61ae611 11 bytes [B8, EE, 29, A1, 3D, 3D, 00, ...] .text C:\Windows\system32\igfxTray.exe[2824] C:\Windows\system32\USER32.dll!UserClientDllInitialize + 1 00007ffbe61ae991 11 bytes [B8, 7C, 22, A1, 3D, 3D, 00, ...] .text C:\Windows\system32\igfxTray.exe[2824] C:\Windows\system32\USER32.dll!SetWinEventHook 00007ffbe61b4090 12 bytes [48, B8, 2C, 28, A1, 3D, 3D, ...] .text C:\Windows\system32\igfxTray.exe[2824] C:\Windows\system32\USER32.dll!CreateDialogIndirectParamAorW + 1 00007ffbe61b9951 11 bytes [B8, 08, 2E, A1, 3D, 3D, 00, ...] .text C:\Windows\system32\igfxTray.exe[2824] C:\Windows\system32\USER32.dll!FindWindowExW + 1 00007ffbe61c41d1 11 bytes [B8, 4E, 33, A1, 3D, 3D, 00, ...] .text C:\Windows\system32\igfxTray.exe[2824] C:\Windows\system32\USER32.dll!FindWindowExA + 1 00007ffbe61c4701 6 bytes [B8, 22, 32, A1, 3D, 3D] .text C:\Windows\system32\igfxTray.exe[2824] C:\Windows\system32\USER32.dll!FindWindowExA + 9 00007ffbe61c4709 3 bytes [00, 50, C3] .text C:\Windows\system32\igfxTray.exe[2824] C:\Windows\system32\USER32.dll!FindWindowW + 1 00007ffbe61c64e1 7 bytes [B8, B8, 32, A1, 3D, 3D, 00] .text C:\Windows\system32\igfxTray.exe[2824] C:\Windows\system32\USER32.dll!FindWindowW + 9 00007ffbe61c64e9 3 bytes [00, 50, C3] .text C:\Windows\system32\igfxTray.exe[2824] C:\Windows\system32\USER32.dll!DialogBoxIndirectParamAorW + 1 00007ffbe61d8b51 11 bytes [B8, 9E, 2E, A1, 3D, 3D, 00, ...] .text C:\Windows\system32\igfxTray.exe[2824] C:\Windows\system32\USER32.dll!SendNotifyMessageA + 1 00007ffbe61dd9a1 11 bytes [B8, BC, 36, A1, 3D, 3D, 00, ...] .text C:\Windows\system32\igfxTray.exe[2824] C:\Windows\system32\USER32.dll!SetWindowsHookExA + 1 00007ffbe6200da1 8 bytes [B8, 00, 27, A1, 3D, 3D, 00, ...] .text C:\Windows\system32\igfxTray.exe[2824] C:\Windows\system32\USER32.dll!SetWindowsHookExA + 10 00007ffbe6200daa 2 bytes [50, C3] .text C:\Windows\system32\igfxTray.exe[2824] C:\Windows\system32\USER32.dll!MessageBoxExA + 1 00007ffbe6227c31 11 bytes [B8, 34, 2F, A1, 3D, 3D, 00, ...] .text C:\Windows\system32\igfxTray.exe[2824] C:\Windows\system32\USER32.dll!MessageBoxExW + 1 00007ffbe6227c61 11 bytes [B8, CA, 2F, A1, 3D, 3D, 00, ...] .text C:\Windows\system32\igfxTray.exe[2824] C:\Windows\system32\USER32.dll!FindWindowA + 1 00007ffbe6228e31 11 bytes [B8, 8C, 31, A1, 3D, 3D, 00, ...] .text C:\Windows\system32\igfxTray.exe[2824] C:\Windows\system32\USER32.dll!SetWindowTextA + 1 00007ffbe6230f71 11 bytes [B8, 60, 30, A1, 3D, 3D, 00, ...] .text C:\Windows\system32\igfxTray.exe[2824] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 1 00007ffbe49b1da1 11 bytes [B8, 1C, 40, A1, 3D, 3D, 00, ...] .text C:\Windows\system32\igfxTray.exe[2824] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 1 00007ffbe49b2041 11 bytes [B8, DE, 41, A1, 3D, 3D, 00, ...] .text C:\Windows\system32\igfxTray.exe[2824] C:\Windows\system32\ADVAPI32.dll!CryptHashData + 1 00007ffbe49b2061 11 bytes [B8, A0, 43, A1, 3D, 3D, 00, ...] .text C:\Windows\system32\igfxTray.exe[2824] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 1 00007ffbe49b2071 11 bytes [B8, 0A, 43, A1, 3D, 3D, 00, ...] .text C:\Windows\system32\igfxTray.exe[2824] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 1 00007ffbe49b2091 11 bytes [B8, 36, 44, A1, 3D, 3D, 00, ...] .text C:\Windows\system32\igfxTray.exe[2824] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 1 00007ffbe49b20a1 11 bytes [B8, 74, 42, A1, 3D, 3D, 00, ...] .text C:\Windows\system32\igfxTray.exe[2824] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 1 00007ffbe49b2201 11 bytes [B8, 86, 3F, A1, 3D, 3D, 00, ...] .text C:\Windows\system32\igfxTray.exe[2824] C:\Windows\system32\ADVAPI32.dll!CryptGenKey + 1 00007ffbe49e0fd1 11 bytes [B8, B2, 40, A1, 3D, 3D, 00, ...] .text C:\Windows\system32\igfxTray.exe[2824] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 1 00007ffbe49e0fe1 11 bytes [B8, 48, 41, A1, 3D, 3D, 00, ...] .text C:\Windows\system32\igfxTray.exe[2824] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 00007ffbe4a0dd30 12 bytes [48, B8, 5A, 3E, A1, 3D, 3D, ...] .text C:\Windows\system32\igfxTray.exe[2824] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 00007ffbe4a0ddc0 12 bytes [48, B8, F0, 3E, A1, 3D, 3D, ...] .text C:\Windows\system32\igfxTray.exe[2824] C:\Windows\system32\SHELL32.dll!Shell_NotifyIconW + 1 00007ffbe4d557c1 11 bytes [B8, CC, 44, A1, 3D, 3D, 00, ...] .text C:\Windows\system32\igfxTray.exe[2824] C:\Windows\system32\GDI32.dll!GdiDllInitialize + 465 00007ffbe43940d1 11 bytes [B8, 3E, 24, A1, 3D, 3D, 00, ...] .text C:\Windows\system32\igfxTray.exe[2824] C:\Windows\system32\GDI32.dll!NamedEscape + 1 00007ffbe4454ca1 11 bytes [B8, 6A, 26, A1, 3D, 3D, 00, ...] .text C:\Windows\system32\igfxTray.exe[2824] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 00007ffbe3be47a1 1 byte [B8] .text C:\Windows\system32\igfxTray.exe[2824] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 3 00007ffbe3be47a3 9 bytes [3D, A1, 3D, 3D, 00, 00, 00, ...] .text C:\Windows\system32\igfxTray.exe[2824] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 00007ffbe3be4d10 12 bytes [48, B8, AA, 39, A1, 3D, 3D, ...] .text C:\Windows\system32\igfxTray.exe[2824] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 00007ffbe3bea830 12 bytes [48, B8, 14, 39, A1, 3D, 3D, ...] .text C:\Windows\system32\igfxTray.exe[2824] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 00007ffbe3beae11 11 bytes [B8, 6C, 3B, A1, 3D, 3D, 00, ...] .text C:\Windows\system32\igfxTray.exe[2824] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 00007ffbe3beed61 11 bytes [B8, D6, 3A, A1, 3D, 3D, 00, ...] .text C:\Windows\system32\igfxTray.exe[2824] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW + 1 00007ffbe3c04021 11 bytes [B8, 2E, 3D, A1, 3D, 3D, 00, ...] .text C:\Windows\system32\igfxTray.exe[2824] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 00007ffbe3c0a1a1 11 bytes [B8, 02, 3C, A1, 3D, 3D, 00, ...] .text C:\Windows\system32\igfxTray.exe[2824] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA + 1 00007ffbe3c0de41 11 bytes [B8, 98, 3C, A1, 3D, 3D, 00, ...] .text C:\Windows\system32\igfxTray.exe[2824] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 00007ffbe3c1ddf1 11 bytes [B8, 40, 3A, A1, 3D, 3D, 00, ...] .text C:\Windows\system32\igfxTray.exe[2824] C:\Windows\system32\urlmon.dll!URLDownloadToCacheFileW 00007ffbe1258c80 12 bytes [48, B8, 8E, 46, A1, 3D, 3D, ...] .text C:\Windows\system32\igfxTray.exe[2824] C:\Windows\system32\urlmon.dll!URLDownloadToFileW + 1 00007ffbe1274001 11 bytes [B8, F8, 45, A1, 3D, 3D, 00, ...] .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3820] C:\Windows\system32\KERNEL32.DLL!CreateToolhelp32Snapshot 00007ffbe4b4db10 12 bytes [48, B8, 1E, 08, 42, 25, BA, ...] .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3820] C:\Windows\system32\KERNEL32.DLL!Process32NextW 00007ffbe4b4e1f0 12 bytes [48, B8, 02, 15, 42, 25, BA, ...] .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3820] C:\Windows\system32\KERNEL32.DLL!GetStartupInfoA + 1 00007ffbe4be34b1 11 bytes [B8, 36, 1D, 42, 25, BA, 00, ...] .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3820] C:\Windows\system32\KERNEL32.DLL!MoveFileExA + 1 00007ffbe4c0aba1 8 bytes [B8, F0, 17, 42, 25, BA, 00, ...] .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3820] C:\Windows\system32\KERNEL32.DLL!MoveFileExA + 10 00007ffbe4c0abaa 2 bytes [50, C3] .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3820] C:\Windows\system32\KERNEL32.DLL!MoveFileWithProgressA + 1 00007ffbe4c0aca1 11 bytes [B8, 1C, 19, 42, 25, BA, 00, ...] .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3820] C:\Windows\system32\KERNELBASE.dll!CloseHandle 00007ffbe35f14c0 12 bytes [48, B8, CE, 0C, 42, 25, BA, ...] .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3820] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 00007ffbe35f21d1 11 bytes [B8, D6, 13, 42, 25, BA, 00, ...] .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3820] C:\Windows\system32\KERNELBASE.dll!GetProcAddress 00007ffbe35f42a0 12 bytes [48, B8, 6C, 14, 42, 25, BA, ...] .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3820] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 00007ffbe35f6750 12 bytes [48, B8, 38, 0C, 42, 25, BA, ...] .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3820] C:\Windows\system32\KERNELBASE.dll!OpenThread 00007ffbe35f6780 12 bytes [48, B8, E0, 09, 42, 25, BA, ...] .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3820] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 00007ffbe35f8931 11 bytes [B8, A2, 0B, 42, 25, BA, 00, ...] .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3820] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 1 00007ffbe35f8c41 11 bytes [B8, 40, 13, 42, 25, BA, 00, ...] .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3820] C:\Windows\system32\KERNELBASE.dll!FindClose + 1 00007ffbe35f9101 11 bytes [B8, A0, 1C, 42, 25, BA, 00, ...] .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3820] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 00007ffbe35f96b1 11 bytes [B8, AA, 12, 42, 25, BA, 00, ...] .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3820] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 00007ffbe35fc390 12 bytes [48, B8, 74, 1B, 42, 25, BA, ...] .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3820] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 00007ffbe3600a51 11 bytes [B8, 0A, 1C, 42, 25, BA, 00, ...] .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3820] C:\Windows\system32\KERNELBASE.dll!MoveFileWithProgressW + 1 00007ffbe3603901 11 bytes [B8, B2, 19, 42, 25, BA, 00, ...] .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3820] C:\Windows\system32\KERNELBASE.dll!CreateProcessInternalW 00007ffbe360b0a0 12 bytes [48, B8, 9A, 04, 42, 25, BA, ...] .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3820] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory + 1 00007ffbe3625bb1 11 bytes [B8, 0C, 0B, 42, 25, BA, 00, ...] .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3820] C:\Windows\system32\KERNELBASE.dll!MoveFileExW + 1 00007ffbe3648461 8 bytes [B8, 86, 18, 42, 25, BA, 00, ...] .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3820] C:\Windows\system32\KERNELBASE.dll!MoveFileExW + 10 00007ffbe364846a 2 bytes [50, C3] .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3820] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 00007ffbe366a101 11 bytes [B8, 5A, 17, 42, 25, BA, 00, ...] .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3820] C:\Windows\system32\KERNELBASE.dll!CreateThread 00007ffbe366a510 12 bytes [48, B8, 76, 0A, 42, 25, BA, ...] .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3820] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputA + 1 00007ffbe36bf8f1 11 bytes [B8, FA, 0D, 42, 25, BA, 00, ...] .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3820] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputW + 1 00007ffbe36bf971 11 bytes [B8, 90, 0E, 42, 25, BA, 00, ...] .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3820] C:\Windows\system32\KERNELBASE.dll!ReadConsoleA 00007ffbe36c0420 12 bytes [48, B8, 26, 0F, 42, 25, BA, ...] .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3820] C:\Windows\system32\KERNELBASE.dll!ReadConsoleW 00007ffbe36c0650 12 bytes [48, B8, BC, 0F, 42, 25, BA, ...] .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3820] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread 00007ffbe36d0d60 12 bytes [48, B8, AC, 01, 42, 25, BA, ...] .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3820] C:\Windows\system32\USER32.dll!ShowWindow 00007ffbe61a11b0 7 bytes [48, B8, B0, 2B, 42, 25, BA] .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3820] C:\Windows\system32\USER32.dll!ShowWindow + 8 00007ffbe61a11b8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3820] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx 00007ffbe61a1210 7 bytes [48, B8, EE, 29, 42, 25, BA] .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3820] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx + 8 00007ffbe61a1218 4 bytes [00, 00, 50, C3] .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3820] C:\Windows\system32\USER32.dll!GetMessageW 00007ffbe61a25d0 12 bytes [48, B8, 96, 27, 42, 25, BA, ...] .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3820] C:\Windows\system32\USER32.dll!PeekMessageW + 1 00007ffbe61a28d1 11 bytes [B8, C2, 28, 42, 25, BA, 00, ...] .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3820] C:\Windows\system32\USER32.dll!GetWindowLongPtrW + 1 00007ffbe61a2a81 11 bytes [B8, B8, 32, 42, 25, BA, 00, ...] .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3820] C:\Windows\system32\USER32.dll!PostMessageW + 1 00007ffbe61a2f61 11 bytes [B8, BC, 36, 42, 25, BA, 00, ...] .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3820] C:\Windows\system32\USER32.dll!CallNextHookEx 00007ffbe61a3490 12 bytes [48, B8, 58, 29, 42, 25, BA, ...] .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3820] C:\Windows\system32\USER32.dll!GetWindowLongPtrA + 1 00007ffbe61a46c1 11 bytes [B8, 22, 32, 42, 25, BA, 00, ...] .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3820] C:\Windows\system32\USER32.dll!SetWindowTextW + 1 00007ffbe61a6431 11 bytes [B8, 34, 2F, 42, 25, BA, 00, ...] .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3820] C:\Windows\system32\USER32.dll!GetWindowLongW + 1 00007ffbe61a65b1 11 bytes [B8, E4, 33, 42, 25, BA, 00, ...] .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3820] C:\Windows\system32\USER32.dll!GetWindowLongA 00007ffbe61a7e30 12 bytes [48, B8, 4E, 33, 42, 25, BA, ...] .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3820] C:\Windows\system32\USER32.dll!GetMessageA + 1 00007ffbe61a9251 11 bytes [B8, 00, 27, 42, 25, BA, 00, ...] .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3820] C:\Windows\system32\USER32.dll!PostMessageA + 1 00007ffbe61a9371 11 bytes [B8, 26, 36, 42, 25, BA, 00, ...] .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3820] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ffbe61a9920 7 bytes [48, B8, 84, 2A, 42, 25, BA] .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3820] C:\Windows\system32\USER32.dll!CreateWindowExW + 10 00007ffbe61a992a 2 bytes [50, C3] .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3820] C:\Windows\system32\USER32.dll!SetWindowsHookExW + 1 00007ffbe61abf11 7 bytes [B8, D4, 25, 42, 25, BA, 00] .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3820] C:\Windows\system32\USER32.dll!SetWindowsHookExW + 9 00007ffbe61abf19 3 bytes [00, 50, C3] .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3820] C:\Windows\system32\USER32.dll!CreateWindowExA 00007ffbe61acf60 7 bytes [48, B8, 1A, 2B, 42, 25, BA] .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3820] C:\Windows\system32\USER32.dll!CreateWindowExA + 10 00007ffbe61acf6a 2 bytes [50, C3] .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3820] C:\Windows\system32\USER32.dll!SendNotifyMessageW + 1 00007ffbe61adad1 11 bytes [B8, 90, 35, 42, 25, BA, 00, ...] .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3820] C:\Windows\system32\USER32.dll!PeekMessageA + 1 00007ffbe61ae611 11 bytes [B8, 2C, 28, 42, 25, BA, 00, ...] .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3820] C:\Windows\system32\USER32.dll!UserClientDllInitialize + 1 00007ffbe61ae991 11 bytes [B8, 7C, 22, 42, 25, BA, 00, ...] .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3820] C:\Windows\system32\USER32.dll!SetWinEventHook 00007ffbe61b4090 12 bytes [48, B8, 6A, 26, 42, 25, BA, ...] .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3820] C:\Windows\system32\USER32.dll!CreateDialogIndirectParamAorW + 1 00007ffbe61b9951 11 bytes [B8, 46, 2C, 42, 25, BA, 00, ...] .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3820] C:\Windows\system32\USER32.dll!FindWindowExW + 1 00007ffbe61c41d1 11 bytes [B8, 8C, 31, 42, 25, BA, 00, ...] .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3820] C:\Windows\system32\USER32.dll!FindWindowExA + 1 00007ffbe61c4701 6 bytes [B8, 60, 30, 42, 25, BA] .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3820] C:\Windows\system32\USER32.dll!FindWindowExA + 9 00007ffbe61c4709 3 bytes [00, 50, C3] .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3820] C:\Windows\system32\USER32.dll!FindWindowW + 1 00007ffbe61c64e1 7 bytes [B8, F6, 30, 42, 25, BA, 00] .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3820] C:\Windows\system32\USER32.dll!FindWindowW + 9 00007ffbe61c64e9 3 bytes [00, 50, C3] .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3820] C:\Windows\system32\USER32.dll!DialogBoxIndirectParamAorW + 1 00007ffbe61d8b51 11 bytes [B8, DC, 2C, 42, 25, BA, 00, ...] .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3820] C:\Windows\system32\USER32.dll!SendNotifyMessageA + 1 00007ffbe61dd9a1 11 bytes [B8, FA, 34, 42, 25, BA, 00, ...] .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3820] C:\Windows\system32\USER32.dll!SetWindowsHookExA + 1 00007ffbe6200da1 8 bytes [B8, 3E, 25, 42, 25, BA, 00, ...] .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3820] C:\Windows\system32\USER32.dll!SetWindowsHookExA + 10 00007ffbe6200daa 2 bytes [50, C3] .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3820] C:\Windows\system32\USER32.dll!MessageBoxExA + 1 00007ffbe6227c31 11 bytes [B8, 72, 2D, 42, 25, BA, 00, ...] .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3820] C:\Windows\system32\USER32.dll!MessageBoxExW + 1 00007ffbe6227c61 11 bytes [B8, 08, 2E, 42, 25, BA, 00, ...] .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3820] C:\Windows\system32\USER32.dll!FindWindowA + 1 00007ffbe6228e31 11 bytes [B8, CA, 2F, 42, 25, BA, 00, ...] .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3820] C:\Windows\system32\USER32.dll!SetWindowTextA + 1 00007ffbe6230f71 11 bytes [B8, 9E, 2E, 42, 25, BA, 00, ...] .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3820] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 00007ffbe3be47a1 11 bytes [B8, 98, 3C, 42, 25, BA, 00, ...] .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3820] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 00007ffbe3be4d10 12 bytes [48, B8, 7E, 38, 42, 25, BA, ...] .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3820] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 00007ffbe3bea830 12 bytes [48, B8, E8, 37, 42, 25, BA, ...] .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3820] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 00007ffbe3beae11 11 bytes [B8, 40, 3A, 42, 25, BA, 00, ...] .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3820] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 00007ffbe3beed61 11 bytes [B8, AA, 39, 42, 25, BA, 00, ...] .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3820] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW + 1 00007ffbe3c04021 11 bytes [B8, 02, 3C, 42, 25, BA, 00, ...] .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3820] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 00007ffbe3c0a1a1 11 bytes [B8, D6, 3A, 42, 25, BA, 00, ...] .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3820] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA + 1 00007ffbe3c0de41 11 bytes [B8, 6C, 3B, 42, 25, BA, 00, ...] .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3820] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 00007ffbe3c1ddf1 11 bytes [B8, 14, 39, 42, 25, BA, 00, ...] .text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[3820] C:\Windows\system32\shell32.dll!Shell_NotifyIconW + 1 00007ffbe4d557c1 11 bytes [B8, C4, 3D, 42, 25, BA, 00, ...] .text C:\Windows\System32\skydrive.exe[5036] C:\Windows\system32\KERNEL32.DLL!CreateToolhelp32Snapshot 00007ffbe4b4db10 12 bytes [48, B8, 1E, 08, 1E, 00, 01, ...] .text C:\Windows\System32\skydrive.exe[5036] C:\Windows\system32\KERNEL32.DLL!Process32NextW 00007ffbe4b4e1f0 12 bytes [48, B8, 02, 15, 1E, 00, 01, ...] .text C:\Windows\System32\skydrive.exe[5036] C:\Windows\system32\KERNEL32.DLL!GetStartupInfoA + 1 00007ffbe4be34b1 11 bytes [B8, 36, 1D, 1E, 00, 01, 00, ...] .text C:\Windows\System32\skydrive.exe[5036] C:\Windows\system32\KERNEL32.DLL!MoveFileExA + 1 00007ffbe4c0aba1 8 bytes [B8, F0, 17, 1E, 00, 01, 00, ...] .text C:\Windows\System32\skydrive.exe[5036] C:\Windows\system32\KERNEL32.DLL!MoveFileExA + 10 00007ffbe4c0abaa 2 bytes [50, C3] .text C:\Windows\System32\skydrive.exe[5036] C:\Windows\system32\KERNEL32.DLL!MoveFileWithProgressA + 1 00007ffbe4c0aca1 11 bytes [B8, 1C, 19, 1E, 00, 01, 00, ...] .text C:\Windows\System32\skydrive.exe[5036] C:\Windows\system32\KERNELBASE.dll!CloseHandle 00007ffbe35f14c0 12 bytes [48, B8, CE, 0C, 1E, 00, 01, ...] .text C:\Windows\System32\skydrive.exe[5036] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 00007ffbe35f21d1 11 bytes [B8, D6, 13, 1E, 00, 01, 00, ...] .text C:\Windows\System32\skydrive.exe[5036] C:\Windows\system32\KERNELBASE.dll!GetProcAddress 00007ffbe35f42a0 12 bytes [48, B8, 6C, 14, 1E, 00, 01, ...] .text C:\Windows\System32\skydrive.exe[5036] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 00007ffbe35f6750 12 bytes [48, B8, 38, 0C, 1E, 00, 01, ...] .text C:\Windows\System32\skydrive.exe[5036] C:\Windows\system32\KERNELBASE.dll!OpenThread 00007ffbe35f6780 12 bytes [48, B8, E0, 09, 1E, 00, 01, ...] .text C:\Windows\System32\skydrive.exe[5036] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 00007ffbe35f8931 11 bytes [B8, A2, 0B, 1E, 00, 01, 00, ...] .text C:\Windows\System32\skydrive.exe[5036] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 1 00007ffbe35f8c41 11 bytes [B8, 40, 13, 1E, 00, 01, 00, ...] .text C:\Windows\System32\skydrive.exe[5036] C:\Windows\system32\KERNELBASE.dll!FindClose + 1 00007ffbe35f9101 11 bytes [B8, A0, 1C, 1E, 00, 01, 00, ...] .text C:\Windows\System32\skydrive.exe[5036] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 00007ffbe35f96b1 11 bytes [B8, AA, 12, 1E, 00, 01, 00, ...] .text C:\Windows\System32\skydrive.exe[5036] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 00007ffbe35fc390 12 bytes [48, B8, 74, 1B, 1E, 00, 01, ...] .text C:\Windows\System32\skydrive.exe[5036] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 00007ffbe3600a51 11 bytes [B8, 0A, 1C, 1E, 00, 01, 00, ...] .text C:\Windows\System32\skydrive.exe[5036] C:\Windows\system32\KERNELBASE.dll!MoveFileWithProgressW + 1 00007ffbe3603901 11 bytes [B8, B2, 19, 1E, 00, 01, 00, ...] .text C:\Windows\System32\skydrive.exe[5036] C:\Windows\system32\KERNELBASE.dll!CreateProcessInternalW 00007ffbe360b0a0 12 bytes [48, B8, 9A, 04, 1E, 00, 01, ...] .text C:\Windows\System32\skydrive.exe[5036] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory + 1 00007ffbe3625bb1 11 bytes [B8, 0C, 0B, 1E, 00, 01, 00, ...] .text C:\Windows\System32\skydrive.exe[5036] C:\Windows\system32\KERNELBASE.dll!MoveFileExW + 1 00007ffbe3648461 8 bytes [B8, 86, 18, 1E, 00, 01, 00, ...] .text C:\Windows\System32\skydrive.exe[5036] C:\Windows\system32\KERNELBASE.dll!MoveFileExW + 10 00007ffbe364846a 2 bytes [50, C3] .text C:\Windows\System32\skydrive.exe[5036] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 00007ffbe366a101 11 bytes [B8, 5A, 17, 1E, 00, 01, 00, ...] .text C:\Windows\System32\skydrive.exe[5036] C:\Windows\system32\KERNELBASE.dll!CreateThread 00007ffbe366a510 12 bytes [48, B8, 76, 0A, 1E, 00, 01, ...] .text C:\Windows\System32\skydrive.exe[5036] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputA + 1 00007ffbe36bf8f1 11 bytes [B8, FA, 0D, 1E, 00, 01, 00, ...] .text C:\Windows\System32\skydrive.exe[5036] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputW + 1 00007ffbe36bf971 11 bytes [B8, 90, 0E, 1E, 00, 01, 00, ...] .text C:\Windows\System32\skydrive.exe[5036] C:\Windows\system32\KERNELBASE.dll!ReadConsoleA 00007ffbe36c0420 12 bytes [48, B8, 26, 0F, 1E, 00, 01, ...] .text C:\Windows\System32\skydrive.exe[5036] C:\Windows\system32\KERNELBASE.dll!ReadConsoleW 00007ffbe36c0650 12 bytes [48, B8, BC, 0F, 1E, 00, 01, ...] .text C:\Windows\System32\skydrive.exe[5036] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread 00007ffbe36d0d60 12 bytes [48, B8, AC, 01, 1E, 00, 01, ...] .text C:\Windows\System32\skydrive.exe[5036] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 00007ffbe3be47a1 11 bytes [B8, 46, 2B, 1E, 00, 01, 00, ...] .text C:\Windows\System32\skydrive.exe[5036] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 00007ffbe3be4d10 12 bytes [48, B8, 2C, 27, 1E, 00, 01, ...] .text C:\Windows\System32\skydrive.exe[5036] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 00007ffbe3bea830 12 bytes [48, B8, 96, 26, 1E, 00, 01, ...] .text C:\Windows\System32\skydrive.exe[5036] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 00007ffbe3beae11 11 bytes [B8, EE, 28, 1E, 00, 01, 00, ...] .text C:\Windows\System32\skydrive.exe[5036] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 00007ffbe3beed61 11 bytes [B8, 58, 28, 1E, 00, 01, 00, ...] .text C:\Windows\System32\skydrive.exe[5036] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW + 1 00007ffbe3c04021 11 bytes [B8, B0, 2A, 1E, 00, 01, 00, ...] .text C:\Windows\System32\skydrive.exe[5036] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 00007ffbe3c0a1a1 11 bytes [B8, 84, 29, 1E, 00, 01, 00, ...] .text C:\Windows\System32\skydrive.exe[5036] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA + 1 00007ffbe3c0de41 11 bytes [B8, 1A, 2A, 1E, 00, 01, 00, ...] .text C:\Windows\System32\skydrive.exe[5036] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 00007ffbe3c1ddf1 11 bytes [B8, C2, 27, 1E, 00, 01, 00, ...] .text C:\Windows\System32\skydrive.exe[5036] C:\Windows\system32\SHELL32.dll!Shell_NotifyIconW + 1 00007ffbe4d557c1 11 bytes [B8, BA, 47, 1E, 00, 01, 00, ...] .text C:\Windows\System32\skydrive.exe[5036] C:\Windows\system32\USER32.dll!ShowWindow 00007ffbe61a11b0 7 bytes [48, B8, E4, 33, 1E, 00, 01] .text C:\Windows\System32\skydrive.exe[5036] C:\Windows\system32\USER32.dll!ShowWindow + 8 00007ffbe61a11b8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\skydrive.exe[5036] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx 00007ffbe61a1210 7 bytes [48, B8, 22, 32, 1E, 00, 01] .text C:\Windows\System32\skydrive.exe[5036] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx + 8 00007ffbe61a1218 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\skydrive.exe[5036] C:\Windows\system32\USER32.dll!GetMessageW 00007ffbe61a25d0 12 bytes [48, B8, CA, 2F, 1E, 00, 01, ...] .text C:\Windows\System32\skydrive.exe[5036] C:\Windows\system32\USER32.dll!PeekMessageW + 1 00007ffbe61a28d1 11 bytes [B8, F6, 30, 1E, 00, 01, 00, ...] .text C:\Windows\System32\skydrive.exe[5036] C:\Windows\system32\USER32.dll!GetWindowLongPtrW + 1 00007ffbe61a2a81 11 bytes [B8, EC, 3A, 1E, 00, 01, 00, ...] .text C:\Windows\System32\skydrive.exe[5036] C:\Windows\system32\USER32.dll!PostMessageW + 1 00007ffbe61a2f61 11 bytes [B8, F0, 3E, 1E, 00, 01, 00, ...] .text C:\Windows\System32\skydrive.exe[5036] C:\Windows\system32\USER32.dll!CallNextHookEx 00007ffbe61a3490 12 bytes [48, B8, 8C, 31, 1E, 00, 01, ...] .text C:\Windows\System32\skydrive.exe[5036] C:\Windows\system32\USER32.dll!GetWindowLongPtrA + 1 00007ffbe61a46c1 11 bytes [B8, 56, 3A, 1E, 00, 01, 00, ...] .text C:\Windows\System32\skydrive.exe[5036] C:\Windows\system32\USER32.dll!SetWindowTextW + 1 00007ffbe61a6431 11 bytes [B8, 68, 37, 1E, 00, 01, 00, ...] .text C:\Windows\System32\skydrive.exe[5036] C:\Windows\system32\USER32.dll!GetWindowLongW + 1 00007ffbe61a65b1 11 bytes [B8, 18, 3C, 1E, 00, 01, 00, ...] .text C:\Windows\System32\skydrive.exe[5036] C:\Windows\system32\USER32.dll!GetWindowLongA 00007ffbe61a7e30 12 bytes [48, B8, 82, 3B, 1E, 00, 01, ...] .text C:\Windows\System32\skydrive.exe[5036] C:\Windows\system32\USER32.dll!GetMessageA + 1 00007ffbe61a9251 11 bytes [B8, 34, 2F, 1E, 00, 01, 00, ...] .text C:\Windows\System32\skydrive.exe[5036] C:\Windows\system32\USER32.dll!PostMessageA + 1 00007ffbe61a9371 11 bytes [B8, 5A, 3E, 1E, 00, 01, 00, ...] .text C:\Windows\System32\skydrive.exe[5036] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ffbe61a9920 7 bytes [48, B8, B8, 32, 1E, 00, 01] .text C:\Windows\System32\skydrive.exe[5036] C:\Windows\system32\USER32.dll!CreateWindowExW + 10 00007ffbe61a992a 2 bytes [50, C3] .text C:\Windows\System32\skydrive.exe[5036] C:\Windows\system32\USER32.dll!SetWindowsHookExW + 1 00007ffbe61abf11 7 bytes [B8, 08, 2E, 1E, 00, 01, 00] .text C:\Windows\System32\skydrive.exe[5036] C:\Windows\system32\USER32.dll!SetWindowsHookExW + 9 00007ffbe61abf19 3 bytes [00, 50, C3] .text C:\Windows\System32\skydrive.exe[5036] C:\Windows\system32\USER32.dll!CreateWindowExA 00007ffbe61acf60 7 bytes [48, B8, 4E, 33, 1E, 00, 01] .text C:\Windows\System32\skydrive.exe[5036] C:\Windows\system32\USER32.dll!CreateWindowExA + 10 00007ffbe61acf6a 2 bytes [50, C3] .text C:\Windows\System32\skydrive.exe[5036] C:\Windows\system32\USER32.dll!SendNotifyMessageW + 1 00007ffbe61adad1 1 byte [B8] .text C:\Windows\System32\skydrive.exe[5036] C:\Windows\system32\USER32.dll!SendNotifyMessageW + 3 00007ffbe61adad3 9 bytes [3D, 1E, 00, 01, 00, 00, 00, ...] .text C:\Windows\System32\skydrive.exe[5036] C:\Windows\system32\USER32.dll!PeekMessageA + 1 00007ffbe61ae611 11 bytes [B8, 60, 30, 1E, 00, 01, 00, ...] .text C:\Windows\System32\skydrive.exe[5036] C:\Windows\system32\USER32.dll!UserClientDllInitialize + 1 00007ffbe61ae991 2 bytes [B8, 3E] .text C:\Windows\System32\skydrive.exe[5036] C:\Windows\system32\USER32.dll!UserClientDllInitialize + 4 00007ffbe61ae994 8 bytes [1E, 00, 01, 00, 00, 00, 50, ...] .text C:\Windows\System32\skydrive.exe[5036] C:\Windows\system32\USER32.dll!SetWinEventHook 00007ffbe61b4090 12 bytes [48, B8, 9E, 2E, 1E, 00, 01, ...] .text C:\Windows\System32\skydrive.exe[5036] C:\Windows\system32\USER32.dll!CreateDialogIndirectParamAorW + 1 00007ffbe61b9951 11 bytes [B8, 7A, 34, 1E, 00, 01, 00, ...] .text C:\Windows\System32\skydrive.exe[5036] C:\Windows\system32\USER32.dll!FindWindowExW + 1 00007ffbe61c41d1 11 bytes [B8, C0, 39, 1E, 00, 01, 00, ...] .text C:\Windows\System32\skydrive.exe[5036] C:\Windows\system32\USER32.dll!FindWindowExA + 1 00007ffbe61c4701 2 bytes [B8, 94] .text C:\Windows\System32\skydrive.exe[5036] C:\Windows\system32\USER32.dll!FindWindowExA + 4 00007ffbe61c4704 3 bytes [1E, 00, 01] .text ... * 2 .text C:\Windows\System32\skydrive.exe[5036] C:\Windows\system32\USER32.dll!FindWindowW + 1 00007ffbe61c64e1 7 bytes [B8, 2A, 39, 1E, 00, 01, 00] .text C:\Windows\System32\skydrive.exe[5036] C:\Windows\system32\USER32.dll!FindWindowW + 9 00007ffbe61c64e9 3 bytes [00, 50, C3] .text C:\Windows\System32\skydrive.exe[5036] C:\Windows\system32\USER32.dll!DialogBoxIndirectParamAorW + 1 00007ffbe61d8b51 11 bytes [B8, 10, 35, 1E, 00, 01, 00, ...] .text C:\Windows\System32\skydrive.exe[5036] C:\Windows\system32\USER32.dll!SendNotifyMessageA + 1 00007ffbe61dd9a1 11 bytes [B8, 2E, 3D, 1E, 00, 01, 00, ...] .text C:\Windows\System32\skydrive.exe[5036] C:\Windows\system32\USER32.dll!SetWindowsHookExA + 1 00007ffbe6200da1 8 bytes [B8, 72, 2D, 1E, 00, 01, 00, ...] .text C:\Windows\System32\skydrive.exe[5036] C:\Windows\system32\USER32.dll!SetWindowsHookExA + 10 00007ffbe6200daa 2 bytes [50, C3] .text C:\Windows\System32\skydrive.exe[5036] C:\Windows\system32\USER32.dll!MessageBoxExA + 1 00007ffbe6227c31 11 bytes [B8, A6, 35, 1E, 00, 01, 00, ...] .text C:\Windows\System32\skydrive.exe[5036] C:\Windows\system32\USER32.dll!MessageBoxExW + 1 00007ffbe6227c61 11 bytes [B8, 3C, 36, 1E, 00, 01, 00, ...] .text C:\Windows\System32\skydrive.exe[5036] C:\Windows\system32\USER32.dll!FindWindowA + 1 00007ffbe6228e31 11 bytes [B8, FE, 37, 1E, 00, 01, 00, ...] .text C:\Windows\System32\skydrive.exe[5036] C:\Windows\system32\USER32.dll!SetWindowTextA + 1 00007ffbe6230f71 11 bytes [B8, D2, 36, 1E, 00, 01, 00, ...] .text C:\Windows\System32\skydrive.exe[5036] C:\Windows\System32\WINHTTP.dll!WinHttpCloseHandle + 1 00007ffbd7b19bd1 11 bytes [B8, 8E, 46, 1E, 00, 01, 00, ...] .text C:\Windows\System32\skydrive.exe[5036] C:\Windows\System32\WINHTTP.dll!WinHttpOpenRequest 00007ffbd7b2f2d0 12 bytes [48, B8, F8, 45, 1E, 00, 01, ...] .text C:\Windows\System32\skydrive.exe[5036] C:\Windows\System32\WINHTTP.dll!WinHttpConnect + 1 00007ffbd7b30441 11 bytes [B8, 24, 47, 1E, 00, 01, 00, ...] .text C:\Windows\System32\skydrive.exe[5036] C:\Windows\SYSTEM32\advapi32.dll!CryptAcquireContextW + 1 00007ffbe49b1da1 11 bytes [B8, 48, 41, 1E, 00, 01, 00, ...] .text C:\Windows\System32\skydrive.exe[5036] C:\Windows\SYSTEM32\advapi32.dll!CryptCreateHash + 1 00007ffbe49b2041 11 bytes [B8, 0A, 43, 1E, 00, 01, 00, ...] .text C:\Windows\System32\skydrive.exe[5036] C:\Windows\SYSTEM32\advapi32.dll!CryptHashData + 1 00007ffbe49b2061 11 bytes [B8, CC, 44, 1E, 00, 01, 00, ...] .text C:\Windows\System32\skydrive.exe[5036] C:\Windows\SYSTEM32\advapi32.dll!CryptGetHashParam + 1 00007ffbe49b2071 11 bytes [B8, 36, 44, 1E, 00, 01, 00, ...] .text C:\Windows\System32\skydrive.exe[5036] C:\Windows\SYSTEM32\advapi32.dll!CryptImportKey + 1 00007ffbe49b2091 11 bytes [B8, 62, 45, 1E, 00, 01, 00, ...] .text C:\Windows\System32\skydrive.exe[5036] C:\Windows\SYSTEM32\advapi32.dll!CryptExportKey + 1 00007ffbe49b20a1 11 bytes [B8, A0, 43, 1E, 00, 01, 00, ...] .text C:\Windows\System32\skydrive.exe[5036] C:\Windows\SYSTEM32\advapi32.dll!CryptAcquireContextA + 1 00007ffbe49b2201 11 bytes [B8, B2, 40, 1E, 00, 01, 00, ...] .text C:\Windows\System32\skydrive.exe[5036] C:\Windows\SYSTEM32\advapi32.dll!CryptGenKey + 1 00007ffbe49e0fd1 11 bytes [B8, DE, 41, 1E, 00, 01, 00, ...] .text C:\Windows\System32\skydrive.exe[5036] C:\Windows\SYSTEM32\advapi32.dll!CryptEncrypt + 1 00007ffbe49e0fe1 11 bytes [B8, 74, 42, 1E, 00, 01, 00, ...] .text C:\Windows\System32\skydrive.exe[5036] C:\Windows\SYSTEM32\advapi32.dll!CreateServiceA 00007ffbe4a0dd30 12 bytes [48, B8, 86, 3F, 1E, 00, 01, ...] .text C:\Windows\System32\skydrive.exe[5036] C:\Windows\SYSTEM32\advapi32.dll!CreateServiceW 00007ffbe4a0ddc0 12 bytes [48, B8, 1C, 40, 1E, 00, 01, ...] .text C:\Windows\System32\skydrive.exe[5036] C:\Windows\system32\WS2_32.dll!closesocket 00007ffbe4931be0 12 bytes [48, B8, D4, 4B, 1E, 00, 01, ...] .text C:\Windows\System32\skydrive.exe[5036] C:\Windows\system32\WS2_32.dll!recv + 1 00007ffbe4932571 11 bytes [B8, 2C, 4E, 1E, 00, 01, 00, ...] .text C:\Windows\System32\skydrive.exe[5036] C:\Windows\system32\WS2_32.dll!WSASend + 1 00007ffbe4932d61 11 bytes [B8, 6A, 4C, 1E, 00, 01, 00, ...] .text C:\Windows\System32\skydrive.exe[5036] C:\Windows\system32\WS2_32.dll!WSARecv + 1 00007ffbe4932ff1 11 bytes [B8, C2, 4E, 1E, 00, 01, 00, ...] .text C:\Windows\System32\skydrive.exe[5036] C:\Windows\system32\WS2_32.dll!WSASocketW 00007ffbe4933880 12 bytes [48, B8, 3E, 4B, 1E, 00, 01, ...] .text C:\Windows\System32\skydrive.exe[5036] C:\Windows\system32\WS2_32.dll!socket + 1 00007ffbe4933bd1 11 bytes [B8, 00, 4D, 1E, 00, 01, 00, ...] .text C:\Windows\System32\skydrive.exe[5036] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 00007ffbe4934230 12 bytes [48, B8, E6, 48, 1E, 00, 01, ...] .text C:\Windows\System32\skydrive.exe[5036] C:\Windows\system32\WS2_32.dll!connect 00007ffbe4935730 12 bytes [48, B8, 50, 48, 1E, 00, 01, ...] .text C:\Windows\System32\skydrive.exe[5036] C:\Windows\system32\WS2_32.dll!GetAddrInfoExW 00007ffbe49387e0 12 bytes [48, B8, 7C, 49, 1E, 00, 01, ...] .text C:\Windows\System32\skydrive.exe[5036] C:\Windows\system32\WS2_32.dll!send + 1 00007ffbe49442d1 11 bytes [B8, A8, 4A, 1E, 00, 01, 00, ...] .text C:\Windows\System32\skydrive.exe[5036] C:\Windows\system32\WS2_32.dll!WSAConnect + 1 00007ffbe4946fe1 11 bytes [B8, 96, 4D, 1E, 00, 01, 00, ...] .text C:\Windows\System32\skydrive.exe[5036] C:\Windows\system32\WS2_32.dll!gethostbyname + 1 00007ffbe49554b1 11 bytes [B8, 12, 4A, 1E, 00, 01, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2596] C:\Windows\system32\KERNEL32.DLL!CreateToolhelp32Snapshot 00007ffbe4b4db10 12 bytes [48, B8, 1E, 08, D6, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2596] C:\Windows\system32\KERNEL32.DLL!Process32NextW 00007ffbe4b4e1f0 12 bytes [48, B8, 02, 15, D6, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2596] C:\Windows\system32\KERNEL32.DLL!GetStartupInfoA + 1 00007ffbe4be34b1 11 bytes [B8, 36, 1D, D6, 00, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2596] C:\Windows\system32\KERNEL32.DLL!MoveFileExA + 1 00007ffbe4c0aba1 8 bytes [B8, F0, 17, D6, 00, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2596] C:\Windows\system32\KERNEL32.DLL!MoveFileExA + 10 00007ffbe4c0abaa 2 bytes [50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2596] C:\Windows\system32\KERNEL32.DLL!MoveFileWithProgressA + 1 00007ffbe4c0aca1 11 bytes [B8, 1C, 19, D6, 00, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2596] C:\Windows\system32\KERNELBASE.dll!CloseHandle 00007ffbe35f14c0 12 bytes [48, B8, CE, 0C, D6, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2596] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 00007ffbe35f21d1 11 bytes [B8, D6, 13, D6, 00, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2596] C:\Windows\system32\KERNELBASE.dll!GetProcAddress 00007ffbe35f42a0 12 bytes [48, B8, 6C, 14, D6, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2596] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 00007ffbe35f6750 12 bytes [48, B8, 38, 0C, D6, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2596] C:\Windows\system32\KERNELBASE.dll!OpenThread 00007ffbe35f6780 12 bytes [48, B8, E0, 09, D6, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2596] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 00007ffbe35f8931 11 bytes [B8, A2, 0B, D6, 00, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2596] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 1 00007ffbe35f8c41 11 bytes [B8, 40, 13, D6, 00, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2596] C:\Windows\system32\KERNELBASE.dll!FindClose + 1 00007ffbe35f9101 11 bytes [B8, A0, 1C, D6, 00, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2596] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 00007ffbe35f96b1 11 bytes [B8, AA, 12, D6, 00, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2596] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 00007ffbe35fc390 12 bytes [48, B8, 74, 1B, D6, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2596] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 00007ffbe3600a51 11 bytes [B8, 0A, 1C, D6, 00, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2596] C:\Windows\system32\KERNELBASE.dll!MoveFileWithProgressW + 1 00007ffbe3603901 11 bytes [B8, B2, 19, D6, 00, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2596] C:\Windows\system32\KERNELBASE.dll!CreateProcessInternalW 00007ffbe360b0a0 12 bytes [48, B8, 9A, 04, D6, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2596] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory + 1 00007ffbe3625bb1 11 bytes [B8, 0C, 0B, D6, 00, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2596] C:\Windows\system32\KERNELBASE.dll!MoveFileExW + 1 00007ffbe3648461 8 bytes [B8, 86, 18, D6, 00, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2596] C:\Windows\system32\KERNELBASE.dll!MoveFileExW + 10 00007ffbe364846a 2 bytes [50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2596] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 00007ffbe366a101 11 bytes [B8, 5A, 17, D6, 00, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2596] C:\Windows\system32\KERNELBASE.dll!CreateThread 00007ffbe366a510 12 bytes [48, B8, 76, 0A, D6, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2596] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputA + 1 00007ffbe36bf8f1 11 bytes [B8, FA, 0D, D6, 00, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2596] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputW + 1 00007ffbe36bf971 11 bytes [B8, 90, 0E, D6, 00, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2596] C:\Windows\system32\KERNELBASE.dll!ReadConsoleA 00007ffbe36c0420 12 bytes [48, B8, 26, 0F, D6, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2596] C:\Windows\system32\KERNELBASE.dll!ReadConsoleW 00007ffbe36c0650 12 bytes [48, B8, BC, 0F, D6, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2596] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread 00007ffbe36d0d60 12 bytes [48, B8, AC, 01, D6, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2596] C:\Windows\system32\USER32.dll!ShowWindow 00007ffbe61a11b0 6 bytes [48, B8, 94, 37, D6, 00] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2596] C:\Windows\system32\USER32.dll!ShowWindow + 8 00007ffbe61a11b8 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2596] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx 00007ffbe61a1210 6 bytes [48, B8, D2, 35, D6, 00] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2596] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx + 8 00007ffbe61a1218 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2596] C:\Windows\system32\USER32.dll!GetMessageW 00007ffbe61a25d0 12 bytes [48, B8, 7A, 33, D6, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2596] C:\Windows\system32\USER32.dll!PeekMessageW + 1 00007ffbe61a28d1 11 bytes [B8, A6, 34, D6, 00, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2596] C:\Windows\system32\USER32.dll!GetWindowLongPtrW + 1 00007ffbe61a2a81 11 bytes [B8, 9C, 3E, D6, 00, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2596] C:\Windows\system32\USER32.dll!PostMessageW + 1 00007ffbe61a2f61 11 bytes [B8, A0, 42, D6, 00, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2596] C:\Windows\system32\USER32.dll!CallNextHookEx 00007ffbe61a3490 12 bytes [48, B8, 3C, 35, D6, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2596] C:\Windows\system32\USER32.dll!GetWindowLongPtrA + 1 00007ffbe61a46c1 11 bytes [B8, 06, 3E, D6, 00, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2596] C:\Windows\system32\USER32.dll!SetWindowTextW + 1 00007ffbe61a6431 11 bytes [B8, 18, 3B, D6, 00, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2596] C:\Windows\system32\USER32.dll!GetWindowLongW + 1 00007ffbe61a65b1 11 bytes [B8, C8, 3F, D6, 00, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2596] C:\Windows\system32\USER32.dll!GetWindowLongA 00007ffbe61a7e30 12 bytes [48, B8, 32, 3F, D6, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2596] C:\Windows\system32\USER32.dll!GetMessageA + 1 00007ffbe61a9251 11 bytes [B8, E4, 32, D6, 00, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2596] C:\Windows\system32\USER32.dll!PostMessageA + 1 00007ffbe61a9371 11 bytes [B8, 0A, 42, D6, 00, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2596] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ffbe61a9920 7 bytes [48, B8, 68, 36, D6, 00, 00] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2596] C:\Windows\system32\USER32.dll!CreateWindowExW + 10 00007ffbe61a992a 2 bytes [50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2596] C:\Windows\system32\USER32.dll!SetWindowsHookExW + 1 00007ffbe61abf11 7 bytes [B8, B8, 31, D6, 00, 00, 00] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2596] C:\Windows\system32\USER32.dll!SetWindowsHookExW + 9 00007ffbe61abf19 3 bytes [00, 50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2596] C:\Windows\system32\USER32.dll!CreateWindowExA 00007ffbe61acf60 7 bytes [48, B8, FE, 36, D6, 00, 00] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2596] C:\Windows\system32\USER32.dll!CreateWindowExA + 10 00007ffbe61acf6a 2 bytes [50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2596] C:\Windows\system32\USER32.dll!SendNotifyMessageW + 1 00007ffbe61adad1 11 bytes [B8, 74, 41, D6, 00, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2596] C:\Windows\system32\USER32.dll!PeekMessageA + 1 00007ffbe61ae611 11 bytes [B8, 10, 34, D6, 00, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2596] C:\Windows\system32\USER32.dll!UserClientDllInitialize + 1 00007ffbe61ae991 11 bytes [B8, 7C, 22, D6, 00, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2596] C:\Windows\system32\USER32.dll!SetWinEventHook 00007ffbe61b4090 12 bytes [48, B8, 4E, 32, D6, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2596] C:\Windows\system32\USER32.dll!CreateDialogIndirectParamAorW + 1 00007ffbe61b9951 11 bytes [B8, 2A, 38, D6, 00, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2596] C:\Windows\system32\USER32.dll!FindWindowExW + 1 00007ffbe61c41d1 11 bytes [B8, 70, 3D, D6, 00, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2596] C:\Windows\system32\USER32.dll!FindWindowExA + 1 00007ffbe61c4701 5 bytes [B8, 44, 3C, D6, 00] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2596] C:\Windows\system32\USER32.dll!FindWindowExA + 9 00007ffbe61c4709 3 bytes [00, 50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2596] C:\Windows\system32\USER32.dll!FindWindowW + 1 00007ffbe61c64e1 7 bytes [B8, DA, 3C, D6, 00, 00, 00] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2596] C:\Windows\system32\USER32.dll!FindWindowW + 9 00007ffbe61c64e9 3 bytes [00, 50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2596] C:\Windows\system32\USER32.dll!DialogBoxIndirectParamAorW + 1 00007ffbe61d8b51 11 bytes [B8, C0, 38, D6, 00, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2596] C:\Windows\system32\USER32.dll!SendNotifyMessageA + 1 00007ffbe61dd9a1 11 bytes [B8, DE, 40, D6, 00, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2596] C:\Windows\system32\USER32.dll!SetWindowsHookExA + 1 00007ffbe6200da1 8 bytes [B8, 22, 31, D6, 00, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2596] C:\Windows\system32\USER32.dll!SetWindowsHookExA + 10 00007ffbe6200daa 2 bytes [50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2596] C:\Windows\system32\USER32.dll!MessageBoxExA + 1 00007ffbe6227c31 11 bytes [B8, 56, 39, D6, 00, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2596] C:\Windows\system32\USER32.dll!MessageBoxExW + 1 00007ffbe6227c61 1 byte [B8] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2596] C:\Windows\system32\USER32.dll!MessageBoxExW + 3 00007ffbe6227c63 9 bytes [39, D6, 00, 00, 00, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2596] C:\Windows\system32\USER32.dll!FindWindowA + 1 00007ffbe6228e31 11 bytes [B8, AE, 3B, D6, 00, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2596] C:\Windows\system32\USER32.dll!SetWindowTextA + 1 00007ffbe6230f71 11 bytes [B8, 82, 3A, D6, 00, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2596] C:\Windows\system32\GDI32.dll!GdiDllInitialize + 465 00007ffbe43940d1 11 bytes [B8, 12, 23, D6, 00, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2596] C:\Windows\system32\GDI32.dll!NamedEscape + 1 00007ffbe4454ca1 11 bytes [B8, 36, 44, D6, 00, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2596] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 1 00007ffbe49b1da1 5 bytes [B8, 72, 2C, D6, 00] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2596] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 7 00007ffbe49b1da7 5 bytes [00, 00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2596] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 1 00007ffbe49b2041 5 bytes [B8, 34, 2E, D6, 00] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2596] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 7 00007ffbe49b2047 5 bytes [00, 00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2596] C:\Windows\system32\ADVAPI32.dll!CryptHashData + 1 00007ffbe49b2061 5 bytes [B8, F6, 2F, D6, 00] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2596] C:\Windows\system32\ADVAPI32.dll!CryptHashData + 7 00007ffbe49b2067 5 bytes [00, 00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2596] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 1 00007ffbe49b2071 5 bytes [B8, 60, 2F, D6, 00] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2596] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 7 00007ffbe49b2077 5 bytes [00, 00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2596] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 1 00007ffbe49b2091 5 bytes [B8, 8C, 30, D6, 00] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2596] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 7 00007ffbe49b2097 5 bytes [00, 00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2596] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 1 00007ffbe49b20a1 5 bytes [B8, CA, 2E, D6, 00] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2596] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 7 00007ffbe49b20a7 5 bytes [00, 00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2596] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 1 00007ffbe49b2201 5 bytes [B8, DC, 2B, D6, 00] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2596] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 7 00007ffbe49b2207 5 bytes [00, 00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2596] C:\Windows\system32\ADVAPI32.dll!CryptGenKey + 1 00007ffbe49e0fd1 5 bytes [B8, 08, 2D, D6, 00] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2596] C:\Windows\system32\ADVAPI32.dll!CryptGenKey + 7 00007ffbe49e0fd7 5 bytes [00, 00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2596] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 1 00007ffbe49e0fe1 5 bytes [B8, 9E, 2D, D6, 00] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2596] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 7 00007ffbe49e0fe7 5 bytes [00, 00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2596] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 00007ffbe4a0dd30 12 bytes [48, B8, B0, 2A, D6, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2596] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 00007ffbe4a0ddc0 12 bytes [48, B8, 46, 2B, D6, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2596] C:\Windows\system32\SHELL32.dll!Shell_NotifyIconW + 1 00007ffbe4d557c1 11 bytes [B8, CC, 44, D6, 00, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2596] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 00007ffbe3be47a1 11 bytes [B8, 1A, 2A, D6, 00, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2596] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 00007ffbe3be4d10 12 bytes [48, B8, 00, 26, D6, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2596] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 00007ffbe3bea830 12 bytes [48, B8, 6A, 25, D6, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2596] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 00007ffbe3beae11 11 bytes [B8, C2, 27, D6, 00, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2596] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 00007ffbe3beed61 11 bytes [B8, 2C, 27, D6, 00, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2596] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW + 1 00007ffbe3c04021 11 bytes [B8, 84, 29, D6, 00, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2596] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 00007ffbe3c0a1a1 11 bytes [B8, 58, 28, D6, 00, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2596] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA + 1 00007ffbe3c0de41 11 bytes [B8, EE, 28, D6, 00, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2596] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 00007ffbe3c1ddf1 11 bytes [B8, 96, 26, D6, 00, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2596] C:\Windows\system32\WS2_32.dll!closesocket 00007ffbe4931be0 12 bytes [48, B8, 7C, 49, D6, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2596] C:\Windows\system32\WS2_32.dll!recv + 1 00007ffbe4932571 11 bytes [B8, D4, 4B, D6, 00, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2596] C:\Windows\system32\WS2_32.dll!WSASend + 1 00007ffbe4932d61 11 bytes [B8, 12, 4A, D6, 00, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2596] C:\Windows\system32\WS2_32.dll!WSARecv + 1 00007ffbe4932ff1 11 bytes [B8, 6A, 4C, D6, 00, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2596] C:\Windows\system32\WS2_32.dll!WSASocketW 00007ffbe4933880 12 bytes [48, B8, E6, 48, D6, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2596] C:\Windows\system32\WS2_32.dll!socket + 1 00007ffbe4933bd1 11 bytes [B8, A8, 4A, D6, 00, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2596] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 00007ffbe4934230 12 bytes [48, B8, 8E, 46, D6, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2596] C:\Windows\system32\WS2_32.dll!connect 00007ffbe4935730 12 bytes [48, B8, F8, 45, D6, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2596] C:\Windows\system32\WS2_32.dll!GetAddrInfoExW 00007ffbe49387e0 12 bytes [48, B8, 24, 47, D6, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2596] C:\Windows\system32\WS2_32.dll!send + 1 00007ffbe49442d1 11 bytes [B8, 50, 48, D6, 00, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2596] C:\Windows\system32\WS2_32.dll!WSAConnect + 1 00007ffbe4946fe1 11 bytes [B8, 3E, 4B, D6, 00, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2596] C:\Windows\system32\WS2_32.dll!gethostbyname + 1 00007ffbe49554b1 11 bytes [B8, BA, 47, D6, 00, 00, 00, ...] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[7100] C:\Windows\system32\KERNEL32.DLL!CreateToolhelp32Snapshot 00007ffbe4b4db10 12 bytes [48, B8, 1E, 08, 44, A3, 79, ...] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[7100] C:\Windows\system32\KERNEL32.DLL!Process32NextW 00007ffbe4b4e1f0 12 bytes [48, B8, 02, 15, 44, A3, 79, ...] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[7100] C:\Windows\system32\KERNEL32.DLL!GetStartupInfoA + 1 00007ffbe4be34b1 11 bytes [B8, 36, 1D, 44, A3, 79, 00, ...] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[7100] C:\Windows\system32\KERNEL32.DLL!MoveFileExA + 1 00007ffbe4c0aba1 8 bytes [B8, F0, 17, 44, A3, 79, 00, ...] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[7100] C:\Windows\system32\KERNEL32.DLL!MoveFileExA + 10 00007ffbe4c0abaa 2 bytes [50, C3] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[7100] C:\Windows\system32\KERNEL32.DLL!MoveFileWithProgressA + 1 00007ffbe4c0aca1 11 bytes [B8, 1C, 19, 44, A3, 79, 00, ...] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[7100] C:\Windows\system32\KERNELBASE.dll!CloseHandle 00007ffbe35f14c0 12 bytes [48, B8, CE, 0C, 44, A3, 79, ...] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[7100] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 00007ffbe35f21d1 11 bytes [B8, D6, 13, 44, A3, 79, 00, ...] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[7100] C:\Windows\system32\KERNELBASE.dll!GetProcAddress 00007ffbe35f42a0 12 bytes [48, B8, 6C, 14, 44, A3, 79, ...] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[7100] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 00007ffbe35f6750 12 bytes [48, B8, 38, 0C, 44, A3, 79, ...] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[7100] C:\Windows\system32\KERNELBASE.dll!OpenThread 00007ffbe35f6780 12 bytes [48, B8, E0, 09, 44, A3, 79, ...] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[7100] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 00007ffbe35f8931 11 bytes [B8, A2, 0B, 44, A3, 79, 00, ...] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[7100] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 1 00007ffbe35f8c41 11 bytes [B8, 40, 13, 44, A3, 79, 00, ...] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[7100] C:\Windows\system32\KERNELBASE.dll!FindClose + 1 00007ffbe35f9101 11 bytes [B8, A0, 1C, 44, A3, 79, 00, ...] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[7100] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 00007ffbe35f96b1 11 bytes [B8, AA, 12, 44, A3, 79, 00, ...] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[7100] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 00007ffbe35fc390 12 bytes [48, B8, 74, 1B, 44, A3, 79, ...] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[7100] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 00007ffbe3600a51 11 bytes [B8, 0A, 1C, 44, A3, 79, 00, ...] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[7100] C:\Windows\system32\KERNELBASE.dll!MoveFileWithProgressW + 1 00007ffbe3603901 11 bytes [B8, B2, 19, 44, A3, 79, 00, ...] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[7100] C:\Windows\system32\KERNELBASE.dll!CreateProcessInternalW 00007ffbe360b0a0 12 bytes [48, B8, 9A, 04, 44, A3, 79, ...] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[7100] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory + 1 00007ffbe3625bb1 11 bytes [B8, 0C, 0B, 44, A3, 79, 00, ...] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[7100] C:\Windows\system32\KERNELBASE.dll!MoveFileExW + 1 00007ffbe3648461 8 bytes [B8, 86, 18, 44, A3, 79, 00, ...] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[7100] C:\Windows\system32\KERNELBASE.dll!MoveFileExW + 10 00007ffbe364846a 2 bytes [50, C3] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[7100] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 00007ffbe366a101 11 bytes [B8, 5A, 17, 44, A3, 79, 00, ...] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[7100] C:\Windows\system32\KERNELBASE.dll!CreateThread 00007ffbe366a510 12 bytes [48, B8, 76, 0A, 44, A3, 79, ...] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[7100] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputA + 1 00007ffbe36bf8f1 11 bytes [B8, FA, 0D, 44, A3, 79, 00, ...] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[7100] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputW + 1 00007ffbe36bf971 11 bytes [B8, 90, 0E, 44, A3, 79, 00, ...] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[7100] C:\Windows\system32\KERNELBASE.dll!ReadConsoleA 00007ffbe36c0420 12 bytes [48, B8, 26, 0F, 44, A3, 79, ...] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[7100] C:\Windows\system32\KERNELBASE.dll!ReadConsoleW 00007ffbe36c0650 12 bytes [48, B8, BC, 0F, 44, A3, 79, ...] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[7100] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread 00007ffbe36d0d60 12 bytes [48, B8, AC, 01, 44, A3, 79, ...] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[7100] C:\Windows\system32\USER32.dll!ShowWindow 00007ffbe61a11b0 7 bytes [48, B8, 56, 3A, 44, A3, 79] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[7100] C:\Windows\system32\USER32.dll!ShowWindow + 8 00007ffbe61a11b8 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[7100] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx 00007ffbe61a1210 7 bytes [48, B8, 94, 38, 44, A3, 79] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[7100] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx + 8 00007ffbe61a1218 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[7100] C:\Windows\system32\USER32.dll!GetMessageW 00007ffbe61a25d0 12 bytes [48, B8, 3C, 36, 44, A3, 79, ...] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[7100] C:\Windows\system32\USER32.dll!PeekMessageW + 1 00007ffbe61a28d1 11 bytes [B8, 68, 37, 44, A3, 79, 00, ...] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[7100] C:\Windows\system32\USER32.dll!GetWindowLongPtrW + 1 00007ffbe61a2a81 11 bytes [B8, 5E, 41, 44, A3, 79, 00, ...] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[7100] C:\Windows\system32\USER32.dll!PostMessageW + 1 00007ffbe61a2f61 11 bytes [B8, 62, 45, 44, A3, 79, 00, ...] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[7100] C:\Windows\system32\USER32.dll!CallNextHookEx 00007ffbe61a3490 12 bytes [48, B8, FE, 37, 44, A3, 79, ...] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[7100] C:\Windows\system32\USER32.dll!GetWindowLongPtrA + 1 00007ffbe61a46c1 11 bytes [B8, C8, 40, 44, A3, 79, 00, ...] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[7100] C:\Windows\system32\USER32.dll!SetWindowTextW + 1 00007ffbe61a6431 11 bytes [B8, DA, 3D, 44, A3, 79, 00, ...] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[7100] C:\Windows\system32\USER32.dll!GetWindowLongW + 1 00007ffbe61a65b1 11 bytes [B8, 8A, 42, 44, A3, 79, 00, ...] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[7100] C:\Windows\system32\USER32.dll!GetWindowLongA 00007ffbe61a7e30 12 bytes [48, B8, F4, 41, 44, A3, 79, ...] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[7100] C:\Windows\system32\USER32.dll!GetMessageA + 1 00007ffbe61a9251 11 bytes [B8, A6, 35, 44, A3, 79, 00, ...] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[7100] C:\Windows\system32\USER32.dll!PostMessageA + 1 00007ffbe61a9371 11 bytes [B8, CC, 44, 44, A3, 79, 00, ...] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[7100] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ffbe61a9920 7 bytes [48, B8, 2A, 39, 44, A3, 79] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[7100] C:\Windows\system32\USER32.dll!CreateWindowExW + 10 00007ffbe61a992a 2 bytes [50, C3] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[7100] C:\Windows\system32\USER32.dll!SetWindowsHookExW + 1 00007ffbe61abf11 7 bytes [B8, 7A, 34, 44, A3, 79, 00] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[7100] C:\Windows\system32\USER32.dll!SetWindowsHookExW + 9 00007ffbe61abf19 3 bytes [00, 50, C3] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[7100] C:\Windows\system32\USER32.dll!CreateWindowExA 00007ffbe61acf60 7 bytes [48, B8, C0, 39, 44, A3, 79] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[7100] C:\Windows\system32\USER32.dll!CreateWindowExA + 10 00007ffbe61acf6a 2 bytes [50, C3] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[7100] C:\Windows\system32\USER32.dll!SendNotifyMessageW + 1 00007ffbe61adad1 11 bytes [B8, 36, 44, 44, A3, 79, 00, ...] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[7100] C:\Windows\system32\USER32.dll!PeekMessageA + 1 00007ffbe61ae611 11 bytes [B8, D2, 36, 44, A3, 79, 00, ...] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[7100] C:\Windows\system32\USER32.dll!UserClientDllInitialize + 1 00007ffbe61ae991 11 bytes [B8, 7C, 22, 44, A3, 79, 00, ...] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[7100] C:\Windows\system32\USER32.dll!SetWinEventHook 00007ffbe61b4090 12 bytes [48, B8, 10, 35, 44, A3, 79, ...] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[7100] C:\Windows\system32\USER32.dll!CreateDialogIndirectParamAorW + 1 00007ffbe61b9951 11 bytes [B8, EC, 3A, 44, A3, 79, 00, ...] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[7100] C:\Windows\system32\USER32.dll!FindWindowExW + 1 00007ffbe61c41d1 11 bytes [B8, 32, 40, 44, A3, 79, 00, ...] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[7100] C:\Windows\system32\USER32.dll!FindWindowExA + 1 00007ffbe61c4701 6 bytes [B8, 06, 3F, 44, A3, 79] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[7100] C:\Windows\system32\USER32.dll!FindWindowExA + 9 00007ffbe61c4709 3 bytes [00, 50, C3] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[7100] C:\Windows\system32\USER32.dll!FindWindowW + 1 00007ffbe61c64e1 7 bytes [B8, 9C, 3F, 44, A3, 79, 00] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[7100] C:\Windows\system32\USER32.dll!FindWindowW + 9 00007ffbe61c64e9 3 bytes [00, 50, C3] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[7100] C:\Windows\system32\USER32.dll!DialogBoxIndirectParamAorW + 1 00007ffbe61d8b51 11 bytes [B8, 82, 3B, 44, A3, 79, 00, ...] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[7100] C:\Windows\system32\USER32.dll!SendNotifyMessageA + 1 00007ffbe61dd9a1 11 bytes [B8, A0, 43, 44, A3, 79, 00, ...] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[7100] C:\Windows\system32\USER32.dll!SetWindowsHookExA + 1 00007ffbe6200da1 8 bytes [B8, E4, 33, 44, A3, 79, 00, ...] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[7100] C:\Windows\system32\USER32.dll!SetWindowsHookExA + 10 00007ffbe6200daa 2 bytes [50, C3] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[7100] C:\Windows\system32\USER32.dll!MessageBoxExA + 1 00007ffbe6227c31 11 bytes [B8, 18, 3C, 44, A3, 79, 00, ...] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[7100] C:\Windows\system32\USER32.dll!MessageBoxExW + 1 00007ffbe6227c61 11 bytes [B8, AE, 3C, 44, A3, 79, 00, ...] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[7100] C:\Windows\system32\USER32.dll!FindWindowA + 1 00007ffbe6228e31 11 bytes [B8, 70, 3E, 44, A3, 79, 00, ...] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[7100] C:\Windows\system32\USER32.dll!SetWindowTextA + 1 00007ffbe6230f71 11 bytes [B8, 44, 3D, 44, A3, 79, 00, ...] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[7100] C:\Windows\system32\GDI32.dll!GdiDllInitialize + 465 00007ffbe43940d1 11 bytes [B8, 12, 23, 44, A3, 79, 00, ...] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[7100] C:\Windows\system32\GDI32.dll!NamedEscape + 1 00007ffbe4454ca1 11 bytes [B8, 4E, 33, 44, A3, 79, 00, ...] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[7100] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 1 00007ffbe49b1da1 11 bytes [B8, 9E, 2D, 44, A3, 79, 00, ...] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[7100] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 1 00007ffbe49b2041 11 bytes [B8, 60, 2F, 44, A3, 79, 00, ...] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[7100] C:\Windows\system32\ADVAPI32.dll!CryptHashData + 1 00007ffbe49b2061 11 bytes [B8, 22, 31, 44, A3, 79, 00, ...] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[7100] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 1 00007ffbe49b2071 11 bytes [B8, 8C, 30, 44, A3, 79, 00, ...] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[7100] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 1 00007ffbe49b2091 11 bytes [B8, B8, 31, 44, A3, 79, 00, ...] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[7100] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 1 00007ffbe49b20a1 11 bytes [B8, F6, 2F, 44, A3, 79, 00, ...] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[7100] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 1 00007ffbe49b2201 11 bytes [B8, 08, 2D, 44, A3, 79, 00, ...] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[7100] C:\Windows\system32\ADVAPI32.dll!CryptGenKey + 1 00007ffbe49e0fd1 11 bytes [B8, 34, 2E, 44, A3, 79, 00, ...] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[7100] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 1 00007ffbe49e0fe1 11 bytes [B8, CA, 2E, 44, A3, 79, 00, ...] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[7100] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 00007ffbe4a0dd30 2 bytes [48, B8] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[7100] C:\Windows\system32\ADVAPI32.dll!CreateServiceA + 3 00007ffbe4a0dd33 9 bytes [2B, 44, A3, 79, 00, 00, 00, ...] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[7100] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 00007ffbe4a0ddc0 12 bytes [48, B8, 72, 2C, 44, A3, 79, ...] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[7100] C:\Windows\system32\SHELL32.dll!Shell_NotifyIconW + 1 00007ffbe4d557c1 11 bytes [B8, F8, 45, 44, A3, 79, 00, ...] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[7100] C:\Windows\system32\WS2_32.dll!closesocket 00007ffbe4931be0 12 bytes [48, B8, 12, 4A, 44, A3, 79, ...] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[7100] C:\Windows\system32\WS2_32.dll!recv + 1 00007ffbe4932571 11 bytes [B8, 6A, 4C, 44, A3, 79, 00, ...] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[7100] C:\Windows\system32\WS2_32.dll!WSASend + 1 00007ffbe4932d61 11 bytes [B8, A8, 4A, 44, A3, 79, 00, ...] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[7100] C:\Windows\system32\WS2_32.dll!WSARecv + 1 00007ffbe4932ff1 11 bytes [B8, 00, 4D, 44, A3, 79, 00, ...] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[7100] C:\Windows\system32\WS2_32.dll!WSASocketW 00007ffbe4933880 12 bytes [48, B8, 7C, 49, 44, A3, 79, ...] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[7100] C:\Windows\system32\WS2_32.dll!socket + 1 00007ffbe4933bd1 11 bytes [B8, 3E, 4B, 44, A3, 79, 00, ...] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[7100] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 00007ffbe4934230 12 bytes [48, B8, 24, 47, 44, A3, 79, ...] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[7100] C:\Windows\system32\WS2_32.dll!connect 00007ffbe4935730 12 bytes [48, B8, 8E, 46, 44, A3, 79, ...] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[7100] C:\Windows\system32\WS2_32.dll!GetAddrInfoExW 00007ffbe49387e0 12 bytes [48, B8, BA, 47, 44, A3, 79, ...] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[7100] C:\Windows\system32\WS2_32.dll!send + 1 00007ffbe49442d1 11 bytes [B8, E6, 48, 44, A3, 79, 00, ...] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[7100] C:\Windows\system32\WS2_32.dll!WSAConnect + 1 00007ffbe4946fe1 11 bytes [B8, D4, 4B, 44, A3, 79, 00, ...] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[7100] C:\Windows\system32\WS2_32.dll!gethostbyname + 1 00007ffbe49554b1 11 bytes [B8, 50, 48, 44, A3, 79, 00, ...] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[7100] C:\Windows\SYSTEM32\dbghelp.dll!MiniDumpWriteDump 00007ffbe1ff3a70 12 bytes [48, B8, 96, 4D, 44, A3, 79, ...] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[7100] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 00007ffbe3be47a1 11 bytes [B8, 46, 2B, 44, A3, 79, 00, ...] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[7100] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 00007ffbe3be4d10 12 bytes [48, B8, 2C, 27, 44, A3, 79, ...] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[7100] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 00007ffbe3bea830 12 bytes [48, B8, 96, 26, 44, A3, 79, ...] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[7100] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 00007ffbe3beae11 11 bytes [B8, EE, 28, 44, A3, 79, 00, ...] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[7100] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 00007ffbe3beed61 11 bytes [B8, 58, 28, 44, A3, 79, 00, ...] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[7100] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW + 1 00007ffbe3c04021 11 bytes [B8, B0, 2A, 44, A3, 79, 00, ...] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[7100] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 00007ffbe3c0a1a1 11 bytes [B8, 84, 29, 44, A3, 79, 00, ...] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[7100] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA + 1 00007ffbe3c0de41 11 bytes [B8, 1A, 2A, 44, A3, 79, 00, ...] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[7100] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 00007ffbe3c1ddf1 11 bytes [B8, C2, 27, 44, A3, 79, 00, ...] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[7100] C:\Windows\System32\urlmon.dll!URLDownloadToCacheFileW 00007ffbe1258c80 12 bytes [48, B8, 58, 4F, 44, A3, 79, ...] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[7100] C:\Windows\System32\urlmon.dll!URLDownloadToFileW + 1 00007ffbe1274001 11 bytes [B8, C2, 4E, 44, A3, 79, 00, ...] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[6592] C:\Windows\system32\KERNEL32.DLL!CreateToolhelp32Snapshot 00007ffbe4b4db10 12 bytes [48, B8, 1E, 08, 0F, 00, 00, ...] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[6592] C:\Windows\system32\KERNEL32.DLL!Process32NextW 00007ffbe4b4e1f0 12 bytes [48, B8, 02, 15, 0F, 00, 00, ...] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[6592] C:\Windows\system32\KERNEL32.DLL!GetStartupInfoA + 1 00007ffbe4be34b1 11 bytes [B8, 36, 1D, 0F, 00, 00, 00, ...] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[6592] C:\Windows\system32\KERNEL32.DLL!MoveFileExA + 1 00007ffbe4c0aba1 8 bytes [B8, F0, 17, 0F, 00, 00, 00, ...] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[6592] C:\Windows\system32\KERNEL32.DLL!MoveFileExA + 10 00007ffbe4c0abaa 2 bytes [50, C3] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[6592] C:\Windows\system32\KERNEL32.DLL!MoveFileWithProgressA + 1 00007ffbe4c0aca1 11 bytes [B8, 1C, 19, 0F, 00, 00, 00, ...] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[6592] C:\Windows\system32\KERNELBASE.dll!CloseHandle 00007ffbe35f14c0 12 bytes [48, B8, CE, 0C, 0F, 00, 00, ...] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[6592] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 00007ffbe35f21d1 11 bytes [B8, D6, 13, 0F, 00, 00, 00, ...] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[6592] C:\Windows\system32\KERNELBASE.dll!GetProcAddress 00007ffbe35f42a0 12 bytes [48, B8, 6C, 14, 0F, 00, 00, ...] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[6592] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 00007ffbe35f6750 12 bytes [48, B8, 38, 0C, 0F, 00, 00, ...] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[6592] C:\Windows\system32\KERNELBASE.dll!OpenThread 00007ffbe35f6780 12 bytes [48, B8, E0, 09, 0F, 00, 00, ...] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[6592] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 00007ffbe35f8931 11 bytes [B8, A2, 0B, 0F, 00, 00, 00, ...] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[6592] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 1 00007ffbe35f8c41 11 bytes [B8, 40, 13, 0F, 00, 00, 00, ...] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[6592] C:\Windows\system32\KERNELBASE.dll!FindClose + 1 00007ffbe35f9101 11 bytes [B8, A0, 1C, 0F, 00, 00, 00, ...] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[6592] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 00007ffbe35f96b1 11 bytes [B8, AA, 12, 0F, 00, 00, 00, ...] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[6592] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 00007ffbe35fc390 12 bytes [48, B8, 74, 1B, 0F, 00, 00, ...] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[6592] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 00007ffbe3600a51 11 bytes [B8, 0A, 1C, 0F, 00, 00, 00, ...] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[6592] C:\Windows\system32\KERNELBASE.dll!MoveFileWithProgressW + 1 00007ffbe3603901 11 bytes [B8, B2, 19, 0F, 00, 00, 00, ...] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[6592] C:\Windows\system32\KERNELBASE.dll!CreateProcessInternalW 00007ffbe360b0a0 12 bytes [48, B8, 9A, 04, 0F, 00, 00, ...] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[6592] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory + 1 00007ffbe3625bb1 11 bytes [B8, 0C, 0B, 0F, 00, 00, 00, ...] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[6592] C:\Windows\system32\KERNELBASE.dll!MoveFileExW + 1 00007ffbe3648461 8 bytes [B8, 86, 18, 0F, 00, 00, 00, ...] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[6592] C:\Windows\system32\KERNELBASE.dll!MoveFileExW + 10 00007ffbe364846a 2 bytes [50, C3] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[6592] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 00007ffbe366a101 11 bytes [B8, 5A, 17, 0F, 00, 00, 00, ...] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[6592] C:\Windows\system32\KERNELBASE.dll!CreateThread 00007ffbe366a510 12 bytes [48, B8, 76, 0A, 0F, 00, 00, ...] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[6592] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputA + 1 00007ffbe36bf8f1 11 bytes [B8, FA, 0D, 0F, 00, 00, 00, ...] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[6592] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputW + 1 00007ffbe36bf971 11 bytes [B8, 90, 0E, 0F, 00, 00, 00, ...] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[6592] C:\Windows\system32\KERNELBASE.dll!ReadConsoleA 00007ffbe36c0420 12 bytes [48, B8, 26, 0F, 0F, 00, 00, ...] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[6592] C:\Windows\system32\KERNELBASE.dll!ReadConsoleW 00007ffbe36c0650 12 bytes [48, B8, BC, 0F, 0F, 00, 00, ...] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[6592] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread 00007ffbe36d0d60 12 bytes [48, B8, AC, 01, 0F, 00, 00, ...] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[6592] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 1 00007ffbe49b1da1 5 bytes [B8, DC, 2B, 0F, 00] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[6592] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 7 00007ffbe49b1da7 5 bytes [00, 00, 00, 50, C3] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[6592] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 1 00007ffbe49b2041 5 bytes [B8, 9E, 2D, 0F, 00] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[6592] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 7 00007ffbe49b2047 5 bytes [00, 00, 00, 50, C3] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[6592] C:\Windows\system32\ADVAPI32.dll!CryptHashData + 1 00007ffbe49b2061 5 bytes [B8, 60, 2F, 0F, 00] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[6592] C:\Windows\system32\ADVAPI32.dll!CryptHashData + 7 00007ffbe49b2067 5 bytes [00, 00, 00, 50, C3] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[6592] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 1 00007ffbe49b2071 5 bytes [B8, CA, 2E, 0F, 00] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[6592] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 7 00007ffbe49b2077 5 bytes [00, 00, 00, 50, C3] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[6592] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 1 00007ffbe49b2091 5 bytes [B8, F6, 2F, 0F, 00] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[6592] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 7 00007ffbe49b2097 5 bytes [00, 00, 00, 50, C3] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[6592] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 1 00007ffbe49b20a1 5 bytes [B8, 34, 2E, 0F, 00] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[6592] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 7 00007ffbe49b20a7 5 bytes [00, 00, 00, 50, C3] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[6592] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 1 00007ffbe49b2201 5 bytes [B8, 46, 2B, 0F, 00] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[6592] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 7 00007ffbe49b2207 5 bytes [00, 00, 00, 50, C3] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[6592] C:\Windows\system32\ADVAPI32.dll!CryptGenKey + 1 00007ffbe49e0fd1 5 bytes [B8, 72, 2C, 0F, 00] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[6592] C:\Windows\system32\ADVAPI32.dll!CryptGenKey + 7 00007ffbe49e0fd7 5 bytes [00, 00, 00, 50, C3] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[6592] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 1 00007ffbe49e0fe1 5 bytes [B8, 08, 2D, 0F, 00] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[6592] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 7 00007ffbe49e0fe7 5 bytes [00, 00, 00, 50, C3] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[6592] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 00007ffbe4a0dd30 12 bytes [48, B8, 1A, 2A, 0F, 00, 00, ...] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[6592] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 00007ffbe4a0ddc0 12 bytes [48, B8, B0, 2A, 0F, 00, 00, ...] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[6592] C:\Windows\system32\USER32.dll!ShowWindow 00007ffbe61a11b0 6 bytes [48, B8, FE, 36, 0F, 00] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[6592] C:\Windows\system32\USER32.dll!ShowWindow + 8 00007ffbe61a11b8 4 bytes [00, 00, 50, C3] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[6592] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx 00007ffbe61a1210 6 bytes [48, B8, 3C, 35, 0F, 00] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[6592] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx + 8 00007ffbe61a1218 4 bytes [00, 00, 50, C3] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[6592] C:\Windows\system32\USER32.dll!GetMessageW 00007ffbe61a25d0 12 bytes [48, B8, E4, 32, 0F, 00, 00, ...] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[6592] C:\Windows\system32\USER32.dll!PeekMessageW + 1 00007ffbe61a28d1 11 bytes [B8, 10, 34, 0F, 00, 00, 00, ...] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[6592] C:\Windows\system32\USER32.dll!GetWindowLongPtrW + 1 00007ffbe61a2a81 11 bytes [B8, 06, 3E, 0F, 00, 00, 00, ...] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[6592] C:\Windows\system32\USER32.dll!PostMessageW + 1 00007ffbe61a2f61 11 bytes [B8, 0A, 42, 0F, 00, 00, 00, ...] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[6592] C:\Windows\system32\USER32.dll!CallNextHookEx 00007ffbe61a3490 12 bytes [48, B8, A6, 34, 0F, 00, 00, ...] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[6592] C:\Windows\system32\USER32.dll!GetWindowLongPtrA + 1 00007ffbe61a46c1 11 bytes [B8, 70, 3D, 0F, 00, 00, 00, ...] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[6592] C:\Windows\system32\USER32.dll!SetWindowTextW + 1 00007ffbe61a6431 11 bytes [B8, 82, 3A, 0F, 00, 00, 00, ...] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[6592] C:\Windows\system32\USER32.dll!GetWindowLongW + 1 00007ffbe61a65b1 11 bytes [B8, 32, 3F, 0F, 00, 00, 00, ...] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[6592] C:\Windows\system32\USER32.dll!GetWindowLongA 00007ffbe61a7e30 12 bytes [48, B8, 9C, 3E, 0F, 00, 00, ...] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[6592] C:\Windows\system32\USER32.dll!GetMessageA + 1 00007ffbe61a9251 11 bytes [B8, 4E, 32, 0F, 00, 00, 00, ...] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[6592] C:\Windows\system32\USER32.dll!PostMessageA + 1 00007ffbe61a9371 11 bytes [B8, 74, 41, 0F, 00, 00, 00, ...] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[6592] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ffbe61a9920 7 bytes [48, B8, D2, 35, 0F, 00, 00] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[6592] C:\Windows\system32\USER32.dll!CreateWindowExW + 10 00007ffbe61a992a 2 bytes [50, C3] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[6592] C:\Windows\system32\USER32.dll!SetWindowsHookExW + 1 00007ffbe61abf11 7 bytes [B8, 22, 31, 0F, 00, 00, 00] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[6592] C:\Windows\system32\USER32.dll!SetWindowsHookExW + 9 00007ffbe61abf19 3 bytes [00, 50, C3] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[6592] C:\Windows\system32\USER32.dll!CreateWindowExA 00007ffbe61acf60 7 bytes [48, B8, 68, 36, 0F, 00, 00] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[6592] C:\Windows\system32\USER32.dll!CreateWindowExA + 10 00007ffbe61acf6a 2 bytes [50, C3] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[6592] C:\Windows\system32\USER32.dll!SendNotifyMessageW + 1 00007ffbe61adad1 11 bytes [B8, DE, 40, 0F, 00, 00, 00, ...] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[6592] C:\Windows\system32\USER32.dll!PeekMessageA + 1 00007ffbe61ae611 11 bytes [B8, 7A, 33, 0F, 00, 00, 00, ...] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[6592] C:\Windows\system32\USER32.dll!UserClientDllInitialize + 1 00007ffbe61ae991 11 bytes [B8, A8, 23, 0F, 00, 00, 00, ...] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[6592] C:\Windows\system32\USER32.dll!SetWinEventHook 00007ffbe61b4090 12 bytes [48, B8, B8, 31, 0F, 00, 00, ...] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[6592] C:\Windows\system32\USER32.dll!CreateDialogIndirectParamAorW + 1 00007ffbe61b9951 11 bytes [B8, 94, 37, 0F, 00, 00, 00, ...] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[6592] C:\Windows\system32\USER32.dll!FindWindowExW + 1 00007ffbe61c41d1 11 bytes [B8, DA, 3C, 0F, 00, 00, 00, ...] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[6592] C:\Windows\system32\USER32.dll!FindWindowExA + 1 00007ffbe61c4701 5 bytes [B8, AE, 3B, 0F, 00] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[6592] C:\Windows\system32\USER32.dll!FindWindowExA + 9 00007ffbe61c4709 3 bytes [00, 50, C3] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[6592] C:\Windows\system32\USER32.dll!FindWindowW + 1 00007ffbe61c64e1 7 bytes [B8, 44, 3C, 0F, 00, 00, 00] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[6592] C:\Windows\system32\USER32.dll!FindWindowW + 9 00007ffbe61c64e9 3 bytes [00, 50, C3] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[6592] C:\Windows\system32\USER32.dll!DialogBoxIndirectParamAorW + 1 00007ffbe61d8b51 11 bytes [B8, 2A, 38, 0F, 00, 00, 00, ...] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[6592] C:\Windows\system32\USER32.dll!SendNotifyMessageA + 1 00007ffbe61dd9a1 11 bytes [B8, 48, 40, 0F, 00, 00, 00, ...] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[6592] C:\Windows\system32\USER32.dll!SetWindowsHookExA + 1 00007ffbe6200da1 8 bytes [B8, 8C, 30, 0F, 00, 00, 00, ...] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[6592] C:\Windows\system32\USER32.dll!SetWindowsHookExA + 10 00007ffbe6200daa 2 bytes [50, C3] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[6592] C:\Windows\system32\USER32.dll!MessageBoxExA + 1 00007ffbe6227c31 2 bytes [B8, C0] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[6592] C:\Windows\system32\USER32.dll!MessageBoxExA + 5 00007ffbe6227c35 7 bytes [00, 00, 00, 00, 00, 50, C3] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[6592] C:\Windows\system32\USER32.dll!MessageBoxExW + 1 00007ffbe6227c61 3 bytes [B8, 56, 39] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[6592] C:\Windows\system32\USER32.dll!MessageBoxExW + 5 00007ffbe6227c65 7 bytes [00, 00, 00, 00, 00, 50, C3] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[6592] C:\Windows\system32\USER32.dll!FindWindowA + 1 00007ffbe6228e31 11 bytes [B8, 18, 3B, 0F, 00, 00, 00, ...] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[6592] C:\Windows\system32\USER32.dll!SetWindowTextA + 1 00007ffbe6230f71 11 bytes [B8, EC, 39, 0F, 00, 00, 00, ...] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[6592] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 00007ffbe3be47a1 11 bytes [B8, 84, 29, 0F, 00, 00, 00, ...] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[6592] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 00007ffbe3be4d10 12 bytes [48, B8, 6A, 25, 0F, 00, 00, ...] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[6592] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 00007ffbe3bea830 12 bytes [48, B8, D4, 24, 0F, 00, 00, ...] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[6592] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 00007ffbe3beae11 11 bytes [B8, 2C, 27, 0F, 00, 00, 00, ...] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[6592] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 00007ffbe3beed61 11 bytes [B8, 96, 26, 0F, 00, 00, 00, ...] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[6592] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW + 1 00007ffbe3c04021 11 bytes [B8, EE, 28, 0F, 00, 00, 00, ...] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[6592] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 00007ffbe3c0a1a1 11 bytes [B8, C2, 27, 0F, 00, 00, 00, ...] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[6592] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA + 1 00007ffbe3c0de41 11 bytes [B8, 58, 28, 0F, 00, 00, 00, ...] .text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[6592] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 00007ffbe3c1ddf1 11 bytes [B8, 00, 26, 0F, 00, 00, 00, ...] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\SkypePlugin.exe[7496] C:\Windows\system32\KERNEL32.DLL!CreateToolhelp32Snapshot 00007ffbe4b4db10 12 bytes [48, B8, 1E, 08, 01, 01, 00, ...] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\SkypePlugin.exe[7496] C:\Windows\system32\KERNEL32.DLL!Process32NextW 00007ffbe4b4e1f0 12 bytes [48, B8, 02, 15, 01, 01, 00, ...] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\SkypePlugin.exe[7496] C:\Windows\system32\KERNEL32.DLL!GetStartupInfoA + 1 00007ffbe4be34b1 11 bytes [B8, 36, 1D, 01, 01, 00, 00, ...] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\SkypePlugin.exe[7496] C:\Windows\system32\KERNEL32.DLL!MoveFileExA + 1 00007ffbe4c0aba1 8 bytes [B8, F0, 17, 01, 01, 00, 00, ...] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\SkypePlugin.exe[7496] C:\Windows\system32\KERNEL32.DLL!MoveFileExA + 10 00007ffbe4c0abaa 2 bytes [50, C3] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\SkypePlugin.exe[7496] C:\Windows\system32\KERNEL32.DLL!MoveFileWithProgressA + 1 00007ffbe4c0aca1 11 bytes [B8, 1C, 19, 01, 01, 00, 00, ...] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\SkypePlugin.exe[7496] C:\Windows\system32\KERNELBASE.dll!CloseHandle 00007ffbe35f14c0 12 bytes [48, B8, CE, 0C, 01, 01, 00, ...] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\SkypePlugin.exe[7496] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 00007ffbe35f21d1 11 bytes [B8, D6, 13, 01, 01, 00, 00, ...] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\SkypePlugin.exe[7496] C:\Windows\system32\KERNELBASE.dll!GetProcAddress 00007ffbe35f42a0 12 bytes [48, B8, 6C, 14, 01, 01, 00, ...] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\SkypePlugin.exe[7496] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 00007ffbe35f6750 12 bytes [48, B8, 38, 0C, 01, 01, 00, ...] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\SkypePlugin.exe[7496] C:\Windows\system32\KERNELBASE.dll!OpenThread 00007ffbe35f6780 12 bytes [48, B8, E0, 09, 01, 01, 00, ...] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\SkypePlugin.exe[7496] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 00007ffbe35f8931 11 bytes [B8, A2, 0B, 01, 01, 00, 00, ...] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\SkypePlugin.exe[7496] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 1 00007ffbe35f8c41 11 bytes [B8, 40, 13, 01, 01, 00, 00, ...] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\SkypePlugin.exe[7496] C:\Windows\system32\KERNELBASE.dll!FindClose + 1 00007ffbe35f9101 11 bytes [B8, A0, 1C, 01, 01, 00, 00, ...] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\SkypePlugin.exe[7496] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 00007ffbe35f96b1 11 bytes [B8, AA, 12, 01, 01, 00, 00, ...] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\SkypePlugin.exe[7496] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 00007ffbe35fc390 12 bytes [48, B8, 74, 1B, 01, 01, 00, ...] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\SkypePlugin.exe[7496] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 00007ffbe3600a51 11 bytes [B8, 0A, 1C, 01, 01, 00, 00, ...] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\SkypePlugin.exe[7496] C:\Windows\system32\KERNELBASE.dll!MoveFileWithProgressW + 1 00007ffbe3603901 11 bytes [B8, B2, 19, 01, 01, 00, 00, ...] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\SkypePlugin.exe[7496] C:\Windows\system32\KERNELBASE.dll!CreateProcessInternalW 00007ffbe360b0a0 12 bytes [48, B8, 9A, 04, 01, 01, 00, ...] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\SkypePlugin.exe[7496] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory + 1 00007ffbe3625bb1 11 bytes [B8, 0C, 0B, 01, 01, 00, 00, ...] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\SkypePlugin.exe[7496] C:\Windows\system32\KERNELBASE.dll!MoveFileExW + 1 00007ffbe3648461 8 bytes [B8, 86, 18, 01, 01, 00, 00, ...] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\SkypePlugin.exe[7496] C:\Windows\system32\KERNELBASE.dll!MoveFileExW + 10 00007ffbe364846a 2 bytes [50, C3] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\SkypePlugin.exe[7496] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 00007ffbe366a101 11 bytes [B8, 5A, 17, 01, 01, 00, 00, ...] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\SkypePlugin.exe[7496] C:\Windows\system32\KERNELBASE.dll!CreateThread 00007ffbe366a510 12 bytes [48, B8, 76, 0A, 01, 01, 00, ...] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\SkypePlugin.exe[7496] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputA + 1 00007ffbe36bf8f1 11 bytes [B8, FA, 0D, 01, 01, 00, 00, ...] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\SkypePlugin.exe[7496] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputW + 1 00007ffbe36bf971 11 bytes [B8, 90, 0E, 01, 01, 00, 00, ...] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\SkypePlugin.exe[7496] C:\Windows\system32\KERNELBASE.dll!ReadConsoleA 00007ffbe36c0420 12 bytes [48, B8, 26, 0F, 01, 01, 00, ...] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\SkypePlugin.exe[7496] C:\Windows\system32\KERNELBASE.dll!ReadConsoleW 00007ffbe36c0650 12 bytes [48, B8, BC, 0F, 01, 01, 00, ...] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\SkypePlugin.exe[7496] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread 00007ffbe36d0d60 12 bytes [48, B8, AC, 01, 01, 01, 00, ...] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\SkypePlugin.exe[7496] C:\Windows\system32\USER32.dll!ShowWindow 00007ffbe61a11b0 6 bytes [48, B8, 72, 2D, 01, 01] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\SkypePlugin.exe[7496] C:\Windows\system32\USER32.dll!ShowWindow + 8 00007ffbe61a11b8 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\SkypePlugin.exe[7496] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx 00007ffbe61a1210 6 bytes [48, B8, B0, 2B, 01, 01] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\SkypePlugin.exe[7496] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx + 8 00007ffbe61a1218 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\SkypePlugin.exe[7496] C:\Windows\system32\USER32.dll!GetMessageW 00007ffbe61a25d0 12 bytes [48, B8, 58, 29, 01, 01, 00, ...] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\SkypePlugin.exe[7496] C:\Windows\system32\USER32.dll!PeekMessageW + 1 00007ffbe61a28d1 11 bytes [B8, 84, 2A, 01, 01, 00, 00, ...] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\SkypePlugin.exe[7496] C:\Windows\system32\USER32.dll!GetWindowLongPtrW + 1 00007ffbe61a2a81 11 bytes [B8, 7A, 34, 01, 01, 00, 00, ...] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\SkypePlugin.exe[7496] C:\Windows\system32\USER32.dll!PostMessageW + 1 00007ffbe61a2f61 11 bytes [B8, 7E, 38, 01, 01, 00, 00, ...] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\SkypePlugin.exe[7496] C:\Windows\system32\USER32.dll!CallNextHookEx 00007ffbe61a3490 12 bytes [48, B8, 1A, 2B, 01, 01, 00, ...] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\SkypePlugin.exe[7496] C:\Windows\system32\USER32.dll!GetWindowLongPtrA + 1 00007ffbe61a46c1 11 bytes [B8, E4, 33, 01, 01, 00, 00, ...] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\SkypePlugin.exe[7496] C:\Windows\system32\USER32.dll!SetWindowTextW + 1 00007ffbe61a6431 11 bytes [B8, F6, 30, 01, 01, 00, 00, ...] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\SkypePlugin.exe[7496] C:\Windows\system32\USER32.dll!GetWindowLongW + 1 00007ffbe61a65b1 11 bytes [B8, A6, 35, 01, 01, 00, 00, ...] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\SkypePlugin.exe[7496] C:\Windows\system32\USER32.dll!GetWindowLongA 00007ffbe61a7e30 12 bytes [48, B8, 10, 35, 01, 01, 00, ...] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\SkypePlugin.exe[7496] C:\Windows\system32\USER32.dll!GetMessageA + 1 00007ffbe61a9251 11 bytes [B8, C2, 28, 01, 01, 00, 00, ...] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\SkypePlugin.exe[7496] C:\Windows\system32\USER32.dll!PostMessageA + 1 00007ffbe61a9371 11 bytes [B8, E8, 37, 01, 01, 00, 00, ...] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\SkypePlugin.exe[7496] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ffbe61a9920 7 bytes [48, B8, 46, 2C, 01, 01, 00] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\SkypePlugin.exe[7496] C:\Windows\system32\USER32.dll!CreateWindowExW + 10 00007ffbe61a992a 2 bytes [50, C3] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\SkypePlugin.exe[7496] C:\Windows\system32\USER32.dll!SetWindowsHookExW + 1 00007ffbe61abf11 7 bytes [B8, 96, 27, 01, 01, 00, 00] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\SkypePlugin.exe[7496] C:\Windows\system32\USER32.dll!SetWindowsHookExW + 9 00007ffbe61abf19 3 bytes [00, 50, C3] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\SkypePlugin.exe[7496] C:\Windows\system32\USER32.dll!CreateWindowExA 00007ffbe61acf60 2 bytes [48, B8] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\SkypePlugin.exe[7496] C:\Windows\system32\USER32.dll!CreateWindowExA + 3 00007ffbe61acf63 4 bytes [2C, 01, 01, 00] .text ... * 2 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\SkypePlugin.exe[7496] C:\Windows\system32\USER32.dll!SendNotifyMessageW + 1 00007ffbe61adad1 11 bytes [B8, 52, 37, 01, 01, 00, 00, ...] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\SkypePlugin.exe[7496] C:\Windows\system32\USER32.dll!PeekMessageA + 1 00007ffbe61ae611 11 bytes [B8, EE, 29, 01, 01, 00, 00, ...] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\SkypePlugin.exe[7496] C:\Windows\system32\USER32.dll!UserClientDllInitialize + 1 00007ffbe61ae991 11 bytes [B8, 7C, 22, 01, 01, 00, 00, ...] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\SkypePlugin.exe[7496] C:\Windows\system32\USER32.dll!SetWinEventHook 00007ffbe61b4090 12 bytes [48, B8, 2C, 28, 01, 01, 00, ...] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\SkypePlugin.exe[7496] C:\Windows\system32\USER32.dll!CreateDialogIndirectParamAorW + 1 00007ffbe61b9951 11 bytes [B8, 08, 2E, 01, 01, 00, 00, ...] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\SkypePlugin.exe[7496] C:\Windows\system32\USER32.dll!FindWindowExW + 1 00007ffbe61c41d1 11 bytes [B8, 4E, 33, 01, 01, 00, 00, ...] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\SkypePlugin.exe[7496] C:\Windows\system32\USER32.dll!FindWindowExA + 1 00007ffbe61c4701 5 bytes [B8, 22, 32, 01, 01] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\SkypePlugin.exe[7496] C:\Windows\system32\USER32.dll!FindWindowExA + 9 00007ffbe61c4709 3 bytes [00, 50, C3] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\SkypePlugin.exe[7496] C:\Windows\system32\USER32.dll!FindWindowW + 1 00007ffbe61c64e1 7 bytes [B8, B8, 32, 01, 01, 00, 00] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\SkypePlugin.exe[7496] C:\Windows\system32\USER32.dll!FindWindowW + 9 00007ffbe61c64e9 3 bytes [00, 50, C3] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\SkypePlugin.exe[7496] C:\Windows\system32\USER32.dll!DialogBoxIndirectParamAorW + 1 00007ffbe61d8b51 11 bytes [B8, 9E, 2E, 01, 01, 00, 00, ...] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\SkypePlugin.exe[7496] C:\Windows\system32\USER32.dll!SendNotifyMessageA + 1 00007ffbe61dd9a1 11 bytes [B8, BC, 36, 01, 01, 00, 00, ...] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\SkypePlugin.exe[7496] C:\Windows\system32\USER32.dll!SetWindowsHookExA + 1 00007ffbe6200da1 8 bytes [B8, 00, 27, 01, 01, 00, 00, ...] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\SkypePlugin.exe[7496] C:\Windows\system32\USER32.dll!SetWindowsHookExA + 10 00007ffbe6200daa 2 bytes [50, C3] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\SkypePlugin.exe[7496] C:\Windows\system32\USER32.dll!MessageBoxExA + 1 00007ffbe6227c31 11 bytes [B8, 34, 2F, 01, 01, 00, 00, ...] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\SkypePlugin.exe[7496] C:\Windows\system32\USER32.dll!MessageBoxExW + 1 00007ffbe6227c61 11 bytes [B8, CA, 2F, 01, 01, 00, 00, ...] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\SkypePlugin.exe[7496] C:\Windows\system32\USER32.dll!FindWindowA + 1 00007ffbe6228e31 11 bytes [B8, 8C, 31, 01, 01, 00, 00, ...] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\SkypePlugin.exe[7496] C:\Windows\system32\USER32.dll!SetWindowTextA + 1 00007ffbe6230f71 11 bytes [B8, 60, 30, 01, 01, 00, 00, ...] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\SkypePlugin.exe[7496] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 1 00007ffbe49b1da1 5 bytes [B8, 1C, 40, 01, 01] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\SkypePlugin.exe[7496] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 7 00007ffbe49b1da7 5 bytes [00, 00, 00, 50, C3] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\SkypePlugin.exe[7496] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 1 00007ffbe49b2041 5 bytes [B8, DE, 41, 01, 01] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\SkypePlugin.exe[7496] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 7 00007ffbe49b2047 5 bytes [00, 00, 00, 50, C3] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\SkypePlugin.exe[7496] C:\Windows\system32\ADVAPI32.dll!CryptHashData + 1 00007ffbe49b2061 5 bytes [B8, A0, 43, 01, 01] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\SkypePlugin.exe[7496] C:\Windows\system32\ADVAPI32.dll!CryptHashData + 7 00007ffbe49b2067 5 bytes [00, 00, 00, 50, C3] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\SkypePlugin.exe[7496] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 1 00007ffbe49b2071 5 bytes [B8, 0A, 43, 01, 01] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\SkypePlugin.exe[7496] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 7 00007ffbe49b2077 5 bytes [00, 00, 00, 50, C3] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\SkypePlugin.exe[7496] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 1 00007ffbe49b2091 5 bytes [B8, 36, 44, 01, 01] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\SkypePlugin.exe[7496] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 7 00007ffbe49b2097 5 bytes [00, 00, 00, 50, C3] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\SkypePlugin.exe[7496] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 1 00007ffbe49b20a1 5 bytes [B8, 74, 42, 01, 01] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\SkypePlugin.exe[7496] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 7 00007ffbe49b20a7 5 bytes [00, 00, 00, 50, C3] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\SkypePlugin.exe[7496] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 1 00007ffbe49b2201 5 bytes [B8, 86, 3F, 01, 01] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\SkypePlugin.exe[7496] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 7 00007ffbe49b2207 5 bytes [00, 00, 00, 50, C3] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\SkypePlugin.exe[7496] C:\Windows\system32\ADVAPI32.dll!CryptGenKey + 1 00007ffbe49e0fd1 5 bytes [B8, B2, 40, 01, 01] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\SkypePlugin.exe[7496] C:\Windows\system32\ADVAPI32.dll!CryptGenKey + 7 00007ffbe49e0fd7 5 bytes [00, 00, 00, 50, C3] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\SkypePlugin.exe[7496] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 1 00007ffbe49e0fe1 5 bytes [B8, 48, 41, 01, 01] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\SkypePlugin.exe[7496] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 7 00007ffbe49e0fe7 5 bytes [00, 00, 00, 50, C3] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\SkypePlugin.exe[7496] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 00007ffbe4a0dd30 12 bytes [48, B8, 5A, 3E, 01, 01, 00, ...] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\SkypePlugin.exe[7496] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 00007ffbe4a0ddc0 12 bytes [48, B8, F0, 3E, 01, 01, 00, ...] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\SkypePlugin.exe[7496] C:\Windows\SYSTEM32\dbghelp.dll!MiniDumpWriteDump 00007ffbe1ff3a70 12 bytes [48, B8, CC, 44, 01, 01, 00, ...] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\SkypePlugin.exe[7496] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 00007ffbe3be47a1 1 byte [B8] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\SkypePlugin.exe[7496] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 3 00007ffbe3be47a3 9 bytes [3D, 01, 01, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\SkypePlugin.exe[7496] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 00007ffbe3be4d10 12 bytes [48, B8, AA, 39, 01, 01, 00, ...] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\SkypePlugin.exe[7496] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 00007ffbe3bea830 12 bytes [48, B8, 14, 39, 01, 01, 00, ...] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\SkypePlugin.exe[7496] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 00007ffbe3beae11 11 bytes [B8, 6C, 3B, 01, 01, 00, 00, ...] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\SkypePlugin.exe[7496] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 00007ffbe3beed61 11 bytes [B8, D6, 3A, 01, 01, 00, 00, ...] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\SkypePlugin.exe[7496] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW + 1 00007ffbe3c04021 11 bytes [B8, 2E, 3D, 01, 01, 00, 00, ...] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\SkypePlugin.exe[7496] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 00007ffbe3c0a1a1 11 bytes [B8, 02, 3C, 01, 01, 00, 00, ...] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\SkypePlugin.exe[7496] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA + 1 00007ffbe3c0de41 11 bytes [B8, 98, 3C, 01, 01, 00, 00, ...] .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\SkypePlugin.exe[7496] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 00007ffbe3c1ddf1 11 bytes [B8, 40, 3A, 01, 01, 00, 00, ...] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[6756] C:\Windows\system32\KERNEL32.DLL!CreateToolhelp32Snapshot 00007ffbe4b4db10 12 bytes [48, B8, 1E, 08, 27, 00, 00, ...] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[6756] C:\Windows\system32\KERNEL32.DLL!Process32NextW 00007ffbe4b4e1f0 12 bytes [48, B8, 02, 15, 27, 00, 00, ...] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[6756] C:\Windows\system32\KERNEL32.DLL!GetStartupInfoA + 1 00007ffbe4be34b1 11 bytes [B8, 36, 1D, 27, 00, 00, 00, ...] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[6756] C:\Windows\system32\KERNEL32.DLL!MoveFileExA + 1 00007ffbe4c0aba1 8 bytes [B8, F0, 17, 27, 00, 00, 00, ...] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[6756] C:\Windows\system32\KERNEL32.DLL!MoveFileExA + 10 00007ffbe4c0abaa 2 bytes [50, C3] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[6756] C:\Windows\system32\KERNEL32.DLL!MoveFileWithProgressA + 1 00007ffbe4c0aca1 11 bytes [B8, 1C, 19, 27, 00, 00, 00, ...] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[6756] C:\Windows\system32\KERNELBASE.dll!CloseHandle 00007ffbe35f14c0 12 bytes [48, B8, CE, 0C, 27, 00, 00, ...] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[6756] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 00007ffbe35f21d1 11 bytes [B8, D6, 13, 27, 00, 00, 00, ...] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[6756] C:\Windows\system32\KERNELBASE.dll!GetProcAddress 00007ffbe35f42a0 12 bytes [48, B8, 6C, 14, 27, 00, 00, ...] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[6756] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 00007ffbe35f6750 12 bytes [48, B8, 38, 0C, 27, 00, 00, ...] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[6756] C:\Windows\system32\KERNELBASE.dll!OpenThread 00007ffbe35f6780 12 bytes [48, B8, E0, 09, 27, 00, 00, ...] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[6756] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 00007ffbe35f8931 11 bytes [B8, A2, 0B, 27, 00, 00, 00, ...] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[6756] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 1 00007ffbe35f8c41 11 bytes [B8, 40, 13, 27, 00, 00, 00, ...] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[6756] C:\Windows\system32\KERNELBASE.dll!FindClose + 1 00007ffbe35f9101 11 bytes [B8, A0, 1C, 27, 00, 00, 00, ...] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[6756] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 00007ffbe35f96b1 11 bytes [B8, AA, 12, 27, 00, 00, 00, ...] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[6756] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 00007ffbe35fc390 12 bytes [48, B8, 74, 1B, 27, 00, 00, ...] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[6756] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 00007ffbe3600a51 11 bytes [B8, 0A, 1C, 27, 00, 00, 00, ...] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[6756] C:\Windows\system32\KERNELBASE.dll!MoveFileWithProgressW + 1 00007ffbe3603901 11 bytes [B8, B2, 19, 27, 00, 00, 00, ...] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[6756] C:\Windows\system32\KERNELBASE.dll!CreateProcessInternalW 00007ffbe360b0a0 12 bytes [48, B8, 9A, 04, 27, 00, 00, ...] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[6756] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory + 1 00007ffbe3625bb1 11 bytes [B8, 0C, 0B, 27, 00, 00, 00, ...] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[6756] C:\Windows\system32\KERNELBASE.dll!MoveFileExW + 1 00007ffbe3648461 8 bytes [B8, 86, 18, 27, 00, 00, 00, ...] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[6756] C:\Windows\system32\KERNELBASE.dll!MoveFileExW + 10 00007ffbe364846a 2 bytes [50, C3] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[6756] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 00007ffbe366a101 11 bytes [B8, 5A, 17, 27, 00, 00, 00, ...] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[6756] C:\Windows\system32\KERNELBASE.dll!CreateThread 00007ffbe366a510 12 bytes [48, B8, 76, 0A, 27, 00, 00, ...] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[6756] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputA + 1 00007ffbe36bf8f1 11 bytes [B8, FA, 0D, 27, 00, 00, 00, ...] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[6756] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputW + 1 00007ffbe36bf971 11 bytes [B8, 90, 0E, 27, 00, 00, 00, ...] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[6756] C:\Windows\system32\KERNELBASE.dll!ReadConsoleA 00007ffbe36c0420 12 bytes [48, B8, 26, 0F, 27, 00, 00, ...] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[6756] C:\Windows\system32\KERNELBASE.dll!ReadConsoleW 00007ffbe36c0650 12 bytes [48, B8, BC, 0F, 27, 00, 00, ...] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[6756] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread 00007ffbe36d0d60 12 bytes [48, B8, AC, 01, 27, 00, 00, ...] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[6756] C:\Windows\system32\USER32.dll!ShowWindow 00007ffbe61a11b0 6 bytes [48, B8, DC, 2B, 27, 00] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[6756] C:\Windows\system32\USER32.dll!ShowWindow + 8 00007ffbe61a11b8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[6756] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx 00007ffbe61a1210 6 bytes [48, B8, 1A, 2A, 27, 00] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[6756] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx + 8 00007ffbe61a1218 4 bytes [00, 00, 50, C3] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[6756] C:\Windows\system32\USER32.dll!GetMessageW 00007ffbe61a25d0 12 bytes [48, B8, C2, 27, 27, 00, 00, ...] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[6756] C:\Windows\system32\USER32.dll!PeekMessageW + 1 00007ffbe61a28d1 11 bytes [B8, EE, 28, 27, 00, 00, 00, ...] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[6756] C:\Windows\system32\USER32.dll!GetWindowLongPtrW + 1 00007ffbe61a2a81 11 bytes [B8, E4, 32, 27, 00, 00, 00, ...] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[6756] C:\Windows\system32\USER32.dll!PostMessageW + 1 00007ffbe61a2f61 11 bytes [B8, E8, 36, 27, 00, 00, 00, ...] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[6756] C:\Windows\system32\USER32.dll!CallNextHookEx 00007ffbe61a3490 12 bytes [48, B8, 84, 29, 27, 00, 00, ...] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[6756] C:\Windows\system32\USER32.dll!GetWindowLongPtrA + 1 00007ffbe61a46c1 11 bytes [B8, 4E, 32, 27, 00, 00, 00, ...] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[6756] C:\Windows\system32\USER32.dll!SetWindowTextW + 1 00007ffbe61a6431 11 bytes [B8, 60, 2F, 27, 00, 00, 00, ...] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[6756] C:\Windows\system32\USER32.dll!GetWindowLongW + 1 00007ffbe61a65b1 11 bytes [B8, 10, 34, 27, 00, 00, 00, ...] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[6756] C:\Windows\system32\USER32.dll!GetWindowLongA 00007ffbe61a7e30 12 bytes [48, B8, 7A, 33, 27, 00, 00, ...] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[6756] C:\Windows\system32\USER32.dll!GetMessageA + 1 00007ffbe61a9251 11 bytes [B8, 2C, 27, 27, 00, 00, 00, ...] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[6756] C:\Windows\system32\USER32.dll!PostMessageA + 1 00007ffbe61a9371 11 bytes [B8, 52, 36, 27, 00, 00, 00, ...] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[6756] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ffbe61a9920 7 bytes [48, B8, B0, 2A, 27, 00, 00] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[6756] C:\Windows\system32\USER32.dll!CreateWindowExW + 10 00007ffbe61a992a 2 bytes [50, C3] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[6756] C:\Windows\system32\USER32.dll!SetWindowsHookExW + 1 00007ffbe61abf11 7 bytes [B8, 00, 26, 27, 00, 00, 00] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[6756] C:\Windows\system32\USER32.dll!SetWindowsHookExW + 9 00007ffbe61abf19 3 bytes [00, 50, C3] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[6756] C:\Windows\system32\USER32.dll!CreateWindowExA 00007ffbe61acf60 7 bytes [48, B8, 46, 2B, 27, 00, 00] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[6756] C:\Windows\system32\USER32.dll!CreateWindowExA + 10 00007ffbe61acf6a 2 bytes [50, C3] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[6756] C:\Windows\system32\USER32.dll!SendNotifyMessageW + 1 00007ffbe61adad1 11 bytes [B8, BC, 35, 27, 00, 00, 00, ...] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[6756] C:\Windows\system32\USER32.dll!PeekMessageA + 1 00007ffbe61ae611 11 bytes [B8, 58, 28, 27, 00, 00, 00, ...] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[6756] C:\Windows\system32\USER32.dll!UserClientDllInitialize + 1 00007ffbe61ae991 11 bytes [B8, 7C, 22, 27, 00, 00, 00, ...] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[6756] C:\Windows\system32\USER32.dll!SetWinEventHook 00007ffbe61b4090 12 bytes [48, B8, 96, 26, 27, 00, 00, ...] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[6756] C:\Windows\system32\USER32.dll!CreateDialogIndirectParamAorW + 1 00007ffbe61b9951 11 bytes [B8, 72, 2C, 27, 00, 00, 00, ...] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[6756] C:\Windows\system32\USER32.dll!FindWindowExW + 1 00007ffbe61c41d1 11 bytes [B8, B8, 31, 27, 00, 00, 00, ...] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[6756] C:\Windows\system32\USER32.dll!FindWindowExA + 1 00007ffbe61c4701 5 bytes [B8, 8C, 30, 27, 00] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[6756] C:\Windows\system32\USER32.dll!FindWindowExA + 9 00007ffbe61c4709 3 bytes [00, 50, C3] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[6756] C:\Windows\system32\USER32.dll!FindWindowW + 1 00007ffbe61c64e1 7 bytes [B8, 22, 31, 27, 00, 00, 00] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[6756] C:\Windows\system32\USER32.dll!FindWindowW + 9 00007ffbe61c64e9 3 bytes [00, 50, C3] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[6756] C:\Windows\system32\USER32.dll!DialogBoxIndirectParamAorW + 1 00007ffbe61d8b51 11 bytes [B8, 08, 2D, 27, 00, 00, 00, ...] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[6756] C:\Windows\system32\USER32.dll!SendNotifyMessageA + 1 00007ffbe61dd9a1 11 bytes [B8, 26, 35, 27, 00, 00, 00, ...] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[6756] C:\Windows\system32\USER32.dll!SetWindowsHookExA + 1 00007ffbe6200da1 8 bytes [B8, 6A, 25, 27, 00, 00, 00, ...] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[6756] C:\Windows\system32\USER32.dll!SetWindowsHookExA + 10 00007ffbe6200daa 2 bytes [50, C3] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[6756] C:\Windows\system32\USER32.dll!MessageBoxExA + 1 00007ffbe6227c31 11 bytes [B8, 9E, 2D, 27, 00, 00, 00, ...] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[6756] C:\Windows\system32\USER32.dll!MessageBoxExW + 1 00007ffbe6227c61 11 bytes [B8, 34, 2E, 27, 00, 00, 00, ...] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[6756] C:\Windows\system32\USER32.dll!FindWindowA + 1 00007ffbe6228e31 11 bytes [B8, F6, 2F, 27, 00, 00, 00, ...] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[6756] C:\Windows\system32\USER32.dll!SetWindowTextA + 1 00007ffbe6230f71 11 bytes [B8, CA, 2E, 27, 00, 00, 00, ...] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[6756] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 1 00007ffbe49b1da1 5 bytes [B8, 1C, 40, 27, 00] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[6756] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 7 00007ffbe49b1da7 5 bytes [00, 00, 00, 50, C3] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[6756] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 1 00007ffbe49b2041 5 bytes [B8, DE, 41, 27, 00] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[6756] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 7 00007ffbe49b2047 5 bytes [00, 00, 00, 50, C3] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[6756] C:\Windows\system32\ADVAPI32.dll!CryptHashData + 1 00007ffbe49b2061 5 bytes [B8, A0, 43, 27, 00] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[6756] C:\Windows\system32\ADVAPI32.dll!CryptHashData + 7 00007ffbe49b2067 5 bytes [00, 00, 00, 50, C3] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[6756] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 1 00007ffbe49b2071 5 bytes [B8, 0A, 43, 27, 00] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[6756] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 7 00007ffbe49b2077 5 bytes [00, 00, 00, 50, C3] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[6756] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 1 00007ffbe49b2091 5 bytes [B8, 36, 44, 27, 00] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[6756] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 7 00007ffbe49b2097 5 bytes [00, 00, 00, 50, C3] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[6756] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 1 00007ffbe49b20a1 5 bytes [B8, 74, 42, 27, 00] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[6756] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 7 00007ffbe49b20a7 5 bytes [00, 00, 00, 50, C3] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[6756] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 1 00007ffbe49b2201 5 bytes [B8, 86, 3F, 27, 00] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[6756] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 7 00007ffbe49b2207 5 bytes [00, 00, 00, 50, C3] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[6756] C:\Windows\system32\ADVAPI32.dll!CryptGenKey + 1 00007ffbe49e0fd1 5 bytes [B8, B2, 40, 27, 00] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[6756] C:\Windows\system32\ADVAPI32.dll!CryptGenKey + 7 00007ffbe49e0fd7 5 bytes [00, 00, 00, 50, C3] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[6756] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 1 00007ffbe49e0fe1 5 bytes [B8, 48, 41, 27, 00] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[6756] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 7 00007ffbe49e0fe7 5 bytes [00, 00, 00, 50, C3] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[6756] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 00007ffbe4a0dd30 12 bytes [48, B8, 5A, 3E, 27, 00, 00, ...] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[6756] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 00007ffbe4a0ddc0 12 bytes [48, B8, F0, 3E, 27, 00, 00, ...] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[6756] C:\Windows\system32\SHELL32.dll!Shell_NotifyIconW + 1 00007ffbe4d557c1 11 bytes [B8, CC, 44, 27, 00, 00, 00, ...] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[6756] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 00007ffbe3be47a1 1 byte [B8] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[6756] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 3 00007ffbe3be47a3 9 bytes [3D, 27, 00, 00, 00, 00, 00, ...] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[6756] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 00007ffbe3be4d10 12 bytes [48, B8, AA, 39, 27, 00, 00, ...] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[6756] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 00007ffbe3bea830 12 bytes [48, B8, 14, 39, 27, 00, 00, ...] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[6756] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 00007ffbe3beae11 11 bytes [B8, 6C, 3B, 27, 00, 00, 00, ...] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[6756] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 00007ffbe3beed61 11 bytes [B8, D6, 3A, 27, 00, 00, 00, ...] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[6756] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW + 1 00007ffbe3c04021 11 bytes [B8, 2E, 3D, 27, 00, 00, 00, ...] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[6756] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 00007ffbe3c0a1a1 11 bytes [B8, 02, 3C, 27, 00, 00, 00, ...] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[6756] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA + 1 00007ffbe3c0de41 11 bytes [B8, 98, 3C, 27, 00, 00, 00, ...] .text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[6756] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 00007ffbe3c1ddf1 11 bytes [B8, 40, 3A, 27, 00, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[7012] C:\Windows\system32\KERNEL32.DLL!CreateToolhelp32Snapshot 00007ffbe4b4db10 12 bytes [48, B8, 1E, 08, 02, 57, B2, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[7012] C:\Windows\system32\KERNEL32.DLL!Process32NextW 00007ffbe4b4e1f0 5 bytes [48, B8, 02, 15, 02] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[7012] C:\Windows\system32\KERNEL32.DLL!Process32NextW + 6 00007ffbe4b4e1f6 6 bytes [B2, 00, 00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[7012] C:\Windows\system32\KERNEL32.DLL!GetStartupInfoA + 1 00007ffbe4be34b1 11 bytes [B8, 36, 1D, 02, 57, B2, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[7012] C:\Windows\system32\KERNEL32.DLL!MoveFileExA + 1 00007ffbe4c0aba1 8 bytes [B8, F0, 17, 02, 57, B2, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[7012] C:\Windows\system32\KERNEL32.DLL!MoveFileExA + 10 00007ffbe4c0abaa 2 bytes [50, C3] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[7012] C:\Windows\system32\KERNEL32.DLL!MoveFileWithProgressA + 1 00007ffbe4c0aca1 11 bytes [B8, 1C, 19, 02, 57, B2, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[7012] C:\Windows\system32\KERNELBASE.dll!CloseHandle 00007ffbe35f14c0 12 bytes [48, B8, CE, 0C, 02, 57, B2, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[7012] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 00007ffbe35f21d1 11 bytes [B8, D6, 13, 02, 57, B2, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[7012] C:\Windows\system32\KERNELBASE.dll!GetProcAddress 00007ffbe35f42a0 12 bytes [48, B8, 6C, 14, 02, 57, B2, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[7012] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 00007ffbe35f6750 12 bytes [48, B8, 38, 0C, 02, 57, B2, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[7012] C:\Windows\system32\KERNELBASE.dll!OpenThread 00007ffbe35f6780 12 bytes [48, B8, E0, 09, 02, 57, B2, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[7012] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 00007ffbe35f8931 11 bytes [B8, A2, 0B, 02, 57, B2, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[7012] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 1 00007ffbe35f8c41 11 bytes [B8, 40, 13, 02, 57, B2, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[7012] C:\Windows\system32\KERNELBASE.dll!FindClose + 1 00007ffbe35f9101 11 bytes [B8, A0, 1C, 02, 57, B2, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[7012] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 00007ffbe35f96b1 4 bytes [B8, AA, 12, 02] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[7012] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 6 00007ffbe35f96b6 6 bytes [B2, 00, 00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[7012] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 00007ffbe35fc390 12 bytes [48, B8, 74, 1B, 02, 57, B2, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[7012] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 00007ffbe3600a51 11 bytes [B8, 0A, 1C, 02, 57, B2, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[7012] C:\Windows\system32\KERNELBASE.dll!MoveFileWithProgressW + 1 00007ffbe3603901 11 bytes [B8, B2, 19, 02, 57, B2, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[7012] C:\Windows\system32\KERNELBASE.dll!CreateProcessInternalW 00007ffbe360b0a0 5 bytes [48, B8, 9A, 04, 02] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[7012] C:\Windows\system32\KERNELBASE.dll!CreateProcessInternalW + 6 00007ffbe360b0a6 6 bytes [B2, 00, 00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[7012] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory + 1 00007ffbe3625bb1 11 bytes [B8, 0C, 0B, 02, 57, B2, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[7012] C:\Windows\system32\KERNELBASE.dll!MoveFileExW + 1 00007ffbe3648461 8 bytes [B8, 86, 18, 02, 57, B2, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[7012] C:\Windows\system32\KERNELBASE.dll!MoveFileExW + 10 00007ffbe364846a 2 bytes [50, C3] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[7012] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 00007ffbe366a101 11 bytes [B8, 5A, 17, 02, 57, B2, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[7012] C:\Windows\system32\KERNELBASE.dll!CreateThread 00007ffbe366a510 12 bytes [48, B8, 76, 0A, 02, 57, B2, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[7012] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputA + 1 00007ffbe36bf8f1 11 bytes [B8, FA, 0D, 02, 57, B2, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[7012] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputW + 1 00007ffbe36bf971 11 bytes [B8, 90, 0E, 02, 57, B2, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[7012] C:\Windows\system32\KERNELBASE.dll!ReadConsoleA 00007ffbe36c0420 12 bytes [48, B8, 26, 0F, 02, 57, B2, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[7012] C:\Windows\system32\KERNELBASE.dll!ReadConsoleW 00007ffbe36c0650 12 bytes [48, B8, BC, 0F, 02, 57, B2, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[7012] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread 00007ffbe36d0d60 12 bytes [48, B8, AC, 01, 02, 57, B2, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[7012] C:\Windows\system32\WS2_32.dll!closesocket 00007ffbe4931be0 12 bytes [48, B8, 84, 29, 02, 57, B2, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[7012] C:\Windows\system32\WS2_32.dll!recv + 1 00007ffbe4932571 11 bytes [B8, DC, 2B, 02, 57, B2, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[7012] C:\Windows\system32\WS2_32.dll!WSASend + 1 00007ffbe4932d61 11 bytes [B8, 1A, 2A, 02, 57, B2, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[7012] C:\Windows\system32\WS2_32.dll!WSARecv + 1 00007ffbe4932ff1 11 bytes [B8, 72, 2C, 02, 57, B2, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[7012] C:\Windows\system32\WS2_32.dll!WSASocketW 00007ffbe4933880 12 bytes [48, B8, EE, 28, 02, 57, B2, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[7012] C:\Windows\system32\WS2_32.dll!socket + 1 00007ffbe4933bd1 11 bytes [B8, B0, 2A, 02, 57, B2, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[7012] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 00007ffbe4934230 12 bytes [48, B8, 96, 26, 02, 57, B2, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[7012] C:\Windows\system32\WS2_32.dll!connect 00007ffbe4935730 12 bytes [48, B8, 00, 26, 02, 57, B2, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[7012] C:\Windows\system32\WS2_32.dll!GetAddrInfoExW 00007ffbe49387e0 12 bytes [48, B8, 2C, 27, 02, 57, B2, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[7012] C:\Windows\system32\WS2_32.dll!send + 1 00007ffbe49442d1 11 bytes [B8, 58, 28, 02, 57, B2, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[7012] C:\Windows\system32\WS2_32.dll!WSAConnect + 1 00007ffbe4946fe1 11 bytes [B8, 46, 2B, 02, 57, B2, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[7012] C:\Windows\system32\WS2_32.dll!gethostbyname + 1 00007ffbe49554b1 4 bytes [B8, C2, 27, 02] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[7012] C:\Windows\system32\WS2_32.dll!gethostbyname + 6 00007ffbe49554b6 6 bytes [B2, 00, 00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[7012] C:\Windows\system32\USER32.dll!ShowWindow 00007ffbe61a11b0 7 bytes [48, B8, C0, 38, 02, 57, B2] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[7012] C:\Windows\system32\USER32.dll!ShowWindow + 8 00007ffbe61a11b8 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[7012] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx 00007ffbe61a1210 7 bytes [48, B8, FE, 36, 02, 57, B2] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[7012] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx + 8 00007ffbe61a1218 4 bytes [00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[7012] C:\Windows\system32\USER32.dll!GetMessageW 00007ffbe61a25d0 12 bytes [48, B8, A6, 34, 02, 57, B2, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[7012] C:\Windows\system32\USER32.dll!PeekMessageW + 1 00007ffbe61a28d1 11 bytes [B8, D2, 35, 02, 57, B2, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[7012] C:\Windows\system32\USER32.dll!GetWindowLongPtrW + 1 00007ffbe61a2a81 11 bytes [B8, C8, 3F, 02, 57, B2, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[7012] C:\Windows\system32\USER32.dll!PostMessageW + 1 00007ffbe61a2f61 11 bytes [B8, CC, 43, 02, 57, B2, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[7012] C:\Windows\system32\USER32.dll!CallNextHookEx 00007ffbe61a3490 12 bytes [48, B8, 68, 36, 02, 57, B2, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[7012] C:\Windows\system32\USER32.dll!GetWindowLongPtrA + 1 00007ffbe61a46c1 11 bytes [B8, 32, 3F, 02, 57, B2, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[7012] C:\Windows\system32\USER32.dll!SetWindowTextW + 1 00007ffbe61a6431 11 bytes [B8, 44, 3C, 02, 57, B2, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[7012] C:\Windows\system32\USER32.dll!GetWindowLongW + 1 00007ffbe61a65b1 11 bytes [B8, F4, 40, 02, 57, B2, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[7012] C:\Windows\system32\USER32.dll!GetWindowLongA 00007ffbe61a7e30 12 bytes [48, B8, 5E, 40, 02, 57, B2, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[7012] C:\Windows\system32\USER32.dll!GetMessageA + 1 00007ffbe61a9251 11 bytes [B8, 10, 34, 02, 57, B2, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[7012] C:\Windows\system32\USER32.dll!PostMessageA + 1 00007ffbe61a9371 11 bytes [B8, 36, 43, 02, 57, B2, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[7012] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ffbe61a9920 7 bytes [48, B8, 94, 37, 02, 57, B2] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[7012] C:\Windows\system32\USER32.dll!CreateWindowExW + 10 00007ffbe61a992a 2 bytes [50, C3] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[7012] C:\Windows\system32\USER32.dll!SetWindowsHookExW + 1 00007ffbe61abf11 7 bytes [B8, E4, 32, 02, 57, B2, 00] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[7012] C:\Windows\system32\USER32.dll!SetWindowsHookExW + 9 00007ffbe61abf19 3 bytes [00, 50, C3] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[7012] C:\Windows\system32\USER32.dll!CreateWindowExA 00007ffbe61acf60 7 bytes [48, B8, 2A, 38, 02, 57, B2] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[7012] C:\Windows\system32\USER32.dll!CreateWindowExA + 10 00007ffbe61acf6a 2 bytes [50, C3] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[7012] C:\Windows\system32\USER32.dll!SendNotifyMessageW + 1 00007ffbe61adad1 11 bytes [B8, A0, 42, 02, 57, B2, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[7012] C:\Windows\system32\USER32.dll!PeekMessageA + 1 00007ffbe61ae611 11 bytes [B8, 3C, 35, 02, 57, B2, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[7012] C:\Windows\system32\USER32.dll!UserClientDllInitialize + 1 00007ffbe61ae991 4 bytes [B8, 12, 23, 02] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[7012] C:\Windows\system32\USER32.dll!UserClientDllInitialize + 6 00007ffbe61ae996 6 bytes [B2, 00, 00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[7012] C:\Windows\system32\USER32.dll!SetWinEventHook 00007ffbe61b4090 12 bytes [48, B8, 7A, 33, 02, 57, B2, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[7012] C:\Windows\system32\USER32.dll!CreateDialogIndirectParamAorW + 1 00007ffbe61b9951 11 bytes [B8, 56, 39, 02, 57, B2, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[7012] C:\Windows\system32\USER32.dll!FindWindowExW + 1 00007ffbe61c41d1 11 bytes [B8, 9C, 3E, 02, 57, B2, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[7012] C:\Windows\system32\USER32.dll!FindWindowExA + 1 00007ffbe61c4701 6 bytes [B8, 70, 3D, 02, 57, B2] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[7012] C:\Windows\system32\USER32.dll!FindWindowExA + 9 00007ffbe61c4709 3 bytes [00, 50, C3] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[7012] C:\Windows\system32\USER32.dll!FindWindowW + 1 00007ffbe61c64e1 7 bytes [B8, 06, 3E, 02, 57, B2, 00] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[7012] C:\Windows\system32\USER32.dll!FindWindowW + 9 00007ffbe61c64e9 3 bytes [00, 50, C3] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[7012] C:\Windows\system32\USER32.dll!DialogBoxIndirectParamAorW + 1 00007ffbe61d8b51 11 bytes [B8, EC, 39, 02, 57, B2, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[7012] C:\Windows\system32\USER32.dll!SendNotifyMessageA + 1 00007ffbe61dd9a1 11 bytes [B8, 0A, 42, 02, 57, B2, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[7012] C:\Windows\system32\USER32.dll!SetWindowsHookExA + 1 00007ffbe6200da1 8 bytes [B8, 4E, 32, 02, 57, B2, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[7012] C:\Windows\system32\USER32.dll!SetWindowsHookExA + 10 00007ffbe6200daa 2 bytes [50, C3] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[7012] C:\Windows\system32\USER32.dll!MessageBoxExA + 1 00007ffbe6227c31 11 bytes [B8, 82, 3A, 02, 57, B2, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[7012] C:\Windows\system32\USER32.dll!MessageBoxExW + 1 00007ffbe6227c61 11 bytes [B8, 18, 3B, 02, 57, B2, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[7012] C:\Windows\system32\USER32.dll!FindWindowA + 1 00007ffbe6228e31 11 bytes [B8, DA, 3C, 02, 57, B2, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[7012] C:\Windows\system32\USER32.dll!SetWindowTextA + 1 00007ffbe6230f71 11 bytes [B8, AE, 3B, 02, 57, B2, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[7012] C:\Windows\system32\SHELL32.dll!Shell_NotifyIconW + 1 00007ffbe4d557c1 11 bytes [B8, F8, 45, 02, 57, B2, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[7012] C:\Windows\system32\GDI32.dll!GdiDllInitialize + 465 00007ffbe43940d1 11 bytes [B8, 3E, 24, 02, 57, B2, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[7012] C:\Windows\system32\GDI32.dll!NamedEscape + 1 00007ffbe4454ca1 11 bytes [B8, 62, 45, 02, 57, B2, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[7012] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 1 00007ffbe49b1da1 11 bytes [B8, 50, 48, 02, 57, B2, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[7012] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 1 00007ffbe49b2041 11 bytes [B8, 12, 4A, 02, 57, B2, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[7012] C:\Windows\system32\ADVAPI32.dll!CryptHashData + 1 00007ffbe49b2061 11 bytes [B8, D4, 4B, 02, 57, B2, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[7012] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 1 00007ffbe49b2071 11 bytes [B8, 3E, 4B, 02, 57, B2, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[7012] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 1 00007ffbe49b2091 11 bytes [B8, 6A, 4C, 02, 57, B2, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[7012] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 1 00007ffbe49b20a1 11 bytes [B8, A8, 4A, 02, 57, B2, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[7012] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 1 00007ffbe49b2201 11 bytes [B8, BA, 47, 02, 57, B2, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[7012] C:\Windows\system32\ADVAPI32.dll!CryptGenKey + 1 00007ffbe49e0fd1 11 bytes [B8, E6, 48, 02, 57, B2, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[7012] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 1 00007ffbe49e0fe1 11 bytes [B8, 7C, 49, 02, 57, B2, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[7012] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 00007ffbe4a0dd30 12 bytes [48, B8, 8E, 46, 02, 57, B2, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[7012] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 00007ffbe4a0ddc0 12 bytes [48, B8, 24, 47, 02, 57, B2, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[7012] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 00007ffbe3be47a1 11 bytes [B8, B8, 31, 02, 57, B2, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[7012] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 00007ffbe3be4d10 12 bytes [48, B8, 9E, 2D, 02, 57, B2, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[7012] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 00007ffbe3bea830 12 bytes [48, B8, 08, 2D, 02, 57, B2, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[7012] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 00007ffbe3beae11 11 bytes [B8, 60, 2F, 02, 57, B2, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[7012] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 00007ffbe3beed61 11 bytes [B8, CA, 2E, 02, 57, B2, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[7012] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW + 1 00007ffbe3c04021 11 bytes [B8, 22, 31, 02, 57, B2, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[7012] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 00007ffbe3c0a1a1 11 bytes [B8, F6, 2F, 02, 57, B2, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[7012] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA + 1 00007ffbe3c0de41 11 bytes [B8, 8C, 30, 02, 57, B2, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[7012] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 00007ffbe3c1ddf1 11 bytes [B8, 34, 2E, 02, 57, B2, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[7012] C:\Windows\SYSTEM32\DNSAPI.dll!DnsQueryEx 00007ffbe2914420 12 bytes [48, B8, 58, 4F, 02, 57, B2, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[7012] C:\Windows\SYSTEM32\DNSAPI.dll!DnsQuery_UTF8 00007ffbe2933cd0 12 bytes [48, B8, C2, 4E, 02, 57, B2, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[7012] C:\Windows\SYSTEM32\DNSAPI.dll!DnsQuery_W 00007ffbe2934350 12 bytes [48, B8, 2C, 4E, 02, 57, B2, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[7012] C:\Windows\SYSTEM32\DNSAPI.dll!DnsQuery_A 00007ffbe296fd90 12 bytes [48, B8, 96, 4D, 02, 57, B2, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[7012] C:\Windows\SYSTEM32\WINHTTP.dll!WinHttpCloseHandle + 1 00007ffbd7b19bd1 11 bytes [B8, 1A, 51, 02, 57, B2, 00, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[7012] C:\Windows\SYSTEM32\WINHTTP.dll!WinHttpOpenRequest 00007ffbd7b2f2d0 12 bytes [48, B8, 84, 50, 02, 57, B2, ...] .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe[7012] C:\Windows\SYSTEM32\WINHTTP.dll!WinHttpConnect + 1 00007ffbd7b30441 11 bytes [B8, B0, 51, 02, 57, B2, 00, ...] .text C:\Windows\System32\SettingSyncHost.exe[4196] C:\Windows\system32\KERNEL32.DLL!CreateToolhelp32Snapshot 00007ffbe4b4db10 12 bytes [48, B8, 1E, 08, F3, 61, C1, ...] .text C:\Windows\System32\SettingSyncHost.exe[4196] C:\Windows\system32\KERNEL32.DLL!Process32NextW 00007ffbe4b4e1f0 12 bytes [48, B8, 02, 15, F3, 61, C1, ...] .text C:\Windows\System32\SettingSyncHost.exe[4196] C:\Windows\system32\KERNEL32.DLL!GetStartupInfoA + 1 00007ffbe4be34b1 11 bytes [B8, 36, 1D, F3, 61, C1, 00, ...] .text C:\Windows\System32\SettingSyncHost.exe[4196] C:\Windows\system32\KERNEL32.DLL!MoveFileExA + 1 00007ffbe4c0aba1 8 bytes [B8, F0, 17, F3, 61, C1, 00, ...] .text C:\Windows\System32\SettingSyncHost.exe[4196] C:\Windows\system32\KERNEL32.DLL!MoveFileExA + 10 00007ffbe4c0abaa 2 bytes [50, C3] .text C:\Windows\System32\SettingSyncHost.exe[4196] C:\Windows\system32\KERNEL32.DLL!MoveFileWithProgressA + 1 00007ffbe4c0aca1 11 bytes [B8, 1C, 19, F3, 61, C1, 00, ...] .text C:\Windows\System32\SettingSyncHost.exe[4196] C:\Windows\system32\KERNELBASE.dll!CloseHandle 00007ffbe35f14c0 12 bytes [48, B8, CE, 0C, F3, 61, C1, ...] .text C:\Windows\System32\SettingSyncHost.exe[4196] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 00007ffbe35f21d1 11 bytes [B8, D6, 13, F3, 61, C1, 00, ...] .text C:\Windows\System32\SettingSyncHost.exe[4196] C:\Windows\system32\KERNELBASE.dll!GetProcAddress 00007ffbe35f42a0 12 bytes [48, B8, 6C, 14, F3, 61, C1, ...] .text C:\Windows\System32\SettingSyncHost.exe[4196] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 00007ffbe35f6750 12 bytes [48, B8, 38, 0C, F3, 61, C1, ...] .text C:\Windows\System32\SettingSyncHost.exe[4196] C:\Windows\system32\KERNELBASE.dll!OpenThread 00007ffbe35f6780 12 bytes [48, B8, E0, 09, F3, 61, C1, ...] .text C:\Windows\System32\SettingSyncHost.exe[4196] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 00007ffbe35f8931 11 bytes [B8, A2, 0B, F3, 61, C1, 00, ...] .text C:\Windows\System32\SettingSyncHost.exe[4196] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 1 00007ffbe35f8c41 11 bytes [B8, 40, 13, F3, 61, C1, 00, ...] .text C:\Windows\System32\SettingSyncHost.exe[4196] C:\Windows\system32\KERNELBASE.dll!FindClose + 1 00007ffbe35f9101 11 bytes [B8, A0, 1C, F3, 61, C1, 00, ...] .text C:\Windows\System32\SettingSyncHost.exe[4196] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 00007ffbe35f96b1 11 bytes [B8, AA, 12, F3, 61, C1, 00, ...] .text C:\Windows\System32\SettingSyncHost.exe[4196] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 00007ffbe35fc390 12 bytes [48, B8, 74, 1B, F3, 61, C1, ...] .text C:\Windows\System32\SettingSyncHost.exe[4196] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 00007ffbe3600a51 11 bytes [B8, 0A, 1C, F3, 61, C1, 00, ...] .text C:\Windows\System32\SettingSyncHost.exe[4196] C:\Windows\system32\KERNELBASE.dll!MoveFileWithProgressW + 1 00007ffbe3603901 11 bytes [B8, B2, 19, F3, 61, C1, 00, ...] .text C:\Windows\System32\SettingSyncHost.exe[4196] C:\Windows\system32\KERNELBASE.dll!CreateProcessInternalW 00007ffbe360b0a0 12 bytes [48, B8, 9A, 04, F3, 61, C1, ...] .text C:\Windows\System32\SettingSyncHost.exe[4196] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory + 1 00007ffbe3625bb1 11 bytes [B8, 0C, 0B, F3, 61, C1, 00, ...] .text C:\Windows\System32\SettingSyncHost.exe[4196] C:\Windows\system32\KERNELBASE.dll!MoveFileExW + 1 00007ffbe3648461 8 bytes [B8, 86, 18, F3, 61, C1, 00, ...] .text C:\Windows\System32\SettingSyncHost.exe[4196] C:\Windows\system32\KERNELBASE.dll!MoveFileExW + 10 00007ffbe364846a 2 bytes [50, C3] .text C:\Windows\System32\SettingSyncHost.exe[4196] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 00007ffbe366a101 11 bytes [B8, 5A, 17, F3, 61, C1, 00, ...] .text C:\Windows\System32\SettingSyncHost.exe[4196] C:\Windows\system32\KERNELBASE.dll!CreateThread 00007ffbe366a510 12 bytes [48, B8, 76, 0A, F3, 61, C1, ...] .text C:\Windows\System32\SettingSyncHost.exe[4196] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputA + 1 00007ffbe36bf8f1 11 bytes [B8, FA, 0D, F3, 61, C1, 00, ...] .text C:\Windows\System32\SettingSyncHost.exe[4196] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputW + 1 00007ffbe36bf971 11 bytes [B8, 90, 0E, F3, 61, C1, 00, ...] .text C:\Windows\System32\SettingSyncHost.exe[4196] C:\Windows\system32\KERNELBASE.dll!ReadConsoleA 00007ffbe36c0420 12 bytes [48, B8, 26, 0F, F3, 61, C1, ...] .text C:\Windows\System32\SettingSyncHost.exe[4196] C:\Windows\system32\KERNELBASE.dll!ReadConsoleW 00007ffbe36c0650 12 bytes [48, B8, BC, 0F, F3, 61, C1, ...] .text C:\Windows\System32\SettingSyncHost.exe[4196] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread 00007ffbe36d0d60 12 bytes [48, B8, AC, 01, F3, 61, C1, ...] .text C:\Windows\System32\SettingSyncHost.exe[4196] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 00007ffbe3be47a1 11 bytes [B8, 58, 28, F3, 61, C1, 00, ...] .text C:\Windows\System32\SettingSyncHost.exe[4196] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 00007ffbe3be4d10 12 bytes [48, B8, 3E, 24, F3, 61, C1, ...] .text C:\Windows\System32\SettingSyncHost.exe[4196] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 00007ffbe3bea830 12 bytes [48, B8, A8, 23, F3, 61, C1, ...] .text C:\Windows\System32\SettingSyncHost.exe[4196] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 00007ffbe3beae11 11 bytes [B8, 00, 26, F3, 61, C1, 00, ...] .text C:\Windows\System32\SettingSyncHost.exe[4196] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 00007ffbe3beed61 11 bytes [B8, 6A, 25, F3, 61, C1, 00, ...] .text C:\Windows\System32\SettingSyncHost.exe[4196] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW + 1 00007ffbe3c04021 11 bytes [B8, C2, 27, F3, 61, C1, 00, ...] .text C:\Windows\System32\SettingSyncHost.exe[4196] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 00007ffbe3c0a1a1 5 bytes [B8, 96, 26, F3, 61] .text C:\Windows\System32\SettingSyncHost.exe[4196] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 7 00007ffbe3c0a1a7 5 bytes [00, 00, 00, 50, C3] .text C:\Windows\System32\SettingSyncHost.exe[4196] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA + 1 00007ffbe3c0de41 11 bytes [B8, 2C, 27, F3, 61, C1, 00, ...] .text C:\Windows\System32\SettingSyncHost.exe[4196] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 00007ffbe3c1ddf1 11 bytes [B8, D4, 24, F3, 61, C1, 00, ...] .text C:\Windows\System32\SettingSyncHost.exe[4196] C:\Windows\SYSTEM32\advapi32.dll!CryptAcquireContextW + 1 00007ffbe49b1da1 11 bytes [B8, B0, 2A, F3, 61, C1, 00, ...] .text C:\Windows\System32\SettingSyncHost.exe[4196] C:\Windows\SYSTEM32\advapi32.dll!CryptCreateHash + 1 00007ffbe49b2041 11 bytes [B8, 72, 2C, F3, 61, C1, 00, ...] .text C:\Windows\System32\SettingSyncHost.exe[4196] C:\Windows\SYSTEM32\advapi32.dll!CryptHashData + 1 00007ffbe49b2061 11 bytes [B8, 34, 2E, F3, 61, C1, 00, ...] .text C:\Windows\System32\SettingSyncHost.exe[4196] C:\Windows\SYSTEM32\advapi32.dll!CryptGetHashParam + 1 00007ffbe49b2071 11 bytes [B8, 9E, 2D, F3, 61, C1, 00, ...] .text C:\Windows\System32\SettingSyncHost.exe[4196] C:\Windows\SYSTEM32\advapi32.dll!CryptImportKey + 1 00007ffbe49b2091 11 bytes [B8, CA, 2E, F3, 61, C1, 00, ...] .text C:\Windows\System32\SettingSyncHost.exe[4196] C:\Windows\SYSTEM32\advapi32.dll!CryptExportKey + 1 00007ffbe49b20a1 11 bytes [B8, 08, 2D, F3, 61, C1, 00, ...] .text C:\Windows\System32\SettingSyncHost.exe[4196] C:\Windows\SYSTEM32\advapi32.dll!CryptAcquireContextA + 1 00007ffbe49b2201 11 bytes [B8, 1A, 2A, F3, 61, C1, 00, ...] .text C:\Windows\System32\SettingSyncHost.exe[4196] C:\Windows\SYSTEM32\advapi32.dll!CryptGenKey + 1 00007ffbe49e0fd1 11 bytes [B8, 46, 2B, F3, 61, C1, 00, ...] .text C:\Windows\System32\SettingSyncHost.exe[4196] C:\Windows\SYSTEM32\advapi32.dll!CryptEncrypt + 1 00007ffbe49e0fe1 11 bytes [B8, DC, 2B, F3, 61, C1, 00, ...] .text C:\Windows\System32\SettingSyncHost.exe[4196] C:\Windows\SYSTEM32\advapi32.dll!CreateServiceA 00007ffbe4a0dd30 12 bytes [48, B8, EE, 28, F3, 61, C1, ...] .text C:\Windows\System32\SettingSyncHost.exe[4196] C:\Windows\SYSTEM32\advapi32.dll!CreateServiceW 00007ffbe4a0ddc0 12 bytes [48, B8, 84, 29, F3, 61, C1, ...] .text C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSPanel.exe[776] C:\Windows\system32\KERNEL32.dll!CreateToolhelp32Snapshot 00007ffbe4b4db10 12 bytes [48, B8, 1E, 08, 9F, 00, 00, ...] .text C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSPanel.exe[776] C:\Windows\system32\KERNEL32.dll!Process32NextW 00007ffbe4b4e1f0 12 bytes [48, B8, 02, 15, 9F, 00, 00, ...] .text C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSPanel.exe[776] C:\Windows\system32\KERNEL32.dll!GetStartupInfoA + 1 00007ffbe4be34b1 11 bytes [B8, 36, 1D, 9F, 00, 00, 00, ...] .text C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSPanel.exe[776] C:\Windows\system32\KERNEL32.dll!MoveFileExA + 1 00007ffbe4c0aba1 8 bytes [B8, F0, 17, 9F, 00, 00, 00, ...] .text C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSPanel.exe[776] C:\Windows\system32\KERNEL32.dll!MoveFileExA + 10 00007ffbe4c0abaa 2 bytes [50, C3] .text C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSPanel.exe[776] C:\Windows\system32\KERNEL32.dll!MoveFileWithProgressA + 1 00007ffbe4c0aca1 11 bytes [B8, 1C, 19, 9F, 00, 00, 00, ...] .text C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSPanel.exe[776] C:\Windows\system32\KERNELBASE.dll!CloseHandle 00007ffbe35f14c0 12 bytes [48, B8, CE, 0C, 9F, 00, 00, ...] .text C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSPanel.exe[776] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 00007ffbe35f21d1 11 bytes [B8, D6, 13, 9F, 00, 00, 00, ...] .text C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSPanel.exe[776] C:\Windows\system32\KERNELBASE.dll!GetProcAddress 00007ffbe35f42a0 12 bytes [48, B8, 6C, 14, 9F, 00, 00, ...] .text C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSPanel.exe[776] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 00007ffbe35f6750 12 bytes [48, B8, 38, 0C, 9F, 00, 00, ...] .text C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSPanel.exe[776] C:\Windows\system32\KERNELBASE.dll!OpenThread 00007ffbe35f6780 12 bytes [48, B8, E0, 09, 9F, 00, 00, ...] .text C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSPanel.exe[776] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 00007ffbe35f8931 11 bytes [B8, A2, 0B, 9F, 00, 00, 00, ...] .text C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSPanel.exe[776] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 1 00007ffbe35f8c41 11 bytes [B8, 40, 13, 9F, 00, 00, 00, ...] .text C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSPanel.exe[776] C:\Windows\system32\KERNELBASE.dll!FindClose + 1 00007ffbe35f9101 11 bytes [B8, A0, 1C, 9F, 00, 00, 00, ...] .text C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSPanel.exe[776] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 00007ffbe35f96b1 11 bytes [B8, AA, 12, 9F, 00, 00, 00, ...] .text C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSPanel.exe[776] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 00007ffbe35fc390 12 bytes [48, B8, 74, 1B, 9F, 00, 00, ...] .text C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSPanel.exe[776] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 00007ffbe3600a51 11 bytes [B8, 0A, 1C, 9F, 00, 00, 00, ...] .text C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSPanel.exe[776] C:\Windows\system32\KERNELBASE.dll!MoveFileWithProgressW + 1 00007ffbe3603901 11 bytes [B8, B2, 19, 9F, 00, 00, 00, ...] .text C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSPanel.exe[776] C:\Windows\system32\KERNELBASE.dll!CreateProcessInternalW 00007ffbe360b0a0 12 bytes [48, B8, 9A, 04, 9F, 00, 00, ...] .text C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSPanel.exe[776] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory + 1 00007ffbe3625bb1 11 bytes [B8, 0C, 0B, 9F, 00, 00, 00, ...] .text C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSPanel.exe[776] C:\Windows\system32\KERNELBASE.dll!MoveFileExW + 1 00007ffbe3648461 8 bytes [B8, 86, 18, 9F, 00, 00, 00, ...] .text C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSPanel.exe[776] C:\Windows\system32\KERNELBASE.dll!MoveFileExW + 10 00007ffbe364846a 2 bytes [50, C3] .text C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSPanel.exe[776] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 00007ffbe366a101 11 bytes [B8, 5A, 17, 9F, 00, 00, 00, ...] .text C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSPanel.exe[776] C:\Windows\system32\KERNELBASE.dll!CreateThread 00007ffbe366a510 12 bytes [48, B8, 76, 0A, 9F, 00, 00, ...] .text C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSPanel.exe[776] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputA + 1 00007ffbe36bf8f1 11 bytes [B8, FA, 0D, 9F, 00, 00, 00, ...] .text C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSPanel.exe[776] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputW + 1 00007ffbe36bf971 11 bytes [B8, 90, 0E, 9F, 00, 00, 00, ...] .text C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSPanel.exe[776] C:\Windows\system32\KERNELBASE.dll!ReadConsoleA 00007ffbe36c0420 12 bytes [48, B8, 26, 0F, 9F, 00, 00, ...] .text C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSPanel.exe[776] C:\Windows\system32\KERNELBASE.dll!ReadConsoleW 00007ffbe36c0650 12 bytes [48, B8, BC, 0F, 9F, 00, 00, ...] .text C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSPanel.exe[776] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread 00007ffbe36d0d60 12 bytes [48, B8, AC, 01, 9F, 00, 00, ...] .text C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSPanel.exe[776] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 1 00007ffbe49b1da1 5 bytes [B8, B0, 2A, 9F, 00] .text C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSPanel.exe[776] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 7 00007ffbe49b1da7 5 bytes [00, 00, 00, 50, C3] .text C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSPanel.exe[776] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 1 00007ffbe49b2041 5 bytes [B8, 72, 2C, 9F, 00] .text C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSPanel.exe[776] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 7 00007ffbe49b2047 5 bytes [00, 00, 00, 50, C3] .text C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSPanel.exe[776] C:\Windows\system32\ADVAPI32.dll!CryptHashData + 1 00007ffbe49b2061 5 bytes [B8, 34, 2E, 9F, 00] .text C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSPanel.exe[776] C:\Windows\system32\ADVAPI32.dll!CryptHashData + 7 00007ffbe49b2067 5 bytes [00, 00, 00, 50, C3] .text C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSPanel.exe[776] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 1 00007ffbe49b2071 5 bytes [B8, 9E, 2D, 9F, 00] .text C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSPanel.exe[776] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 7 00007ffbe49b2077 5 bytes [00, 00, 00, 50, C3] .text C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSPanel.exe[776] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 1 00007ffbe49b2091 5 bytes [B8, CA, 2E, 9F, 00] .text C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSPanel.exe[776] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 7 00007ffbe49b2097 5 bytes [00, 00, 00, 50, C3] .text C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSPanel.exe[776] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 1 00007ffbe49b20a1 5 bytes [B8, 08, 2D, 9F, 00] .text C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSPanel.exe[776] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 7 00007ffbe49b20a7 5 bytes [00, 00, 00, 50, C3] .text C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSPanel.exe[776] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 1 00007ffbe49b2201 5 bytes [B8, 1A, 2A, 9F, 00] .text C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSPanel.exe[776] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 7 00007ffbe49b2207 5 bytes [00, 00, 00, 50, C3] .text C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSPanel.exe[776] C:\Windows\system32\ADVAPI32.dll!CryptGenKey + 1 00007ffbe49e0fd1 5 bytes [B8, 46, 2B, 9F, 00] .text C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSPanel.exe[776] C:\Windows\system32\ADVAPI32.dll!CryptGenKey + 7 00007ffbe49e0fd7 5 bytes [00, 00, 00, 50, C3] .text C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSPanel.exe[776] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 1 00007ffbe49e0fe1 5 bytes [B8, DC, 2B, 9F, 00] .text C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSPanel.exe[776] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 7 00007ffbe49e0fe7 5 bytes [00, 00, 00, 50, C3] .text C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSPanel.exe[776] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 00007ffbe4a0dd30 12 bytes [48, B8, EE, 28, 9F, 00, 00, ...] .text C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSPanel.exe[776] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 00007ffbe4a0ddc0 12 bytes [48, B8, 84, 29, 9F, 00, 00, ...] .text C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSPanel.exe[776] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 00007ffbe3be47a1 11 bytes [B8, 58, 28, 9F, 00, 00, 00, ...] .text C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSPanel.exe[776] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 00007ffbe3be4d10 12 bytes [48, B8, 3E, 24, 9F, 00, 00, ...] .text C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSPanel.exe[776] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 00007ffbe3bea830 12 bytes [48, B8, A8, 23, 9F, 00, 00, ...] .text C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSPanel.exe[776] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 00007ffbe3beae11 11 bytes [B8, 00, 26, 9F, 00, 00, 00, ...] .text C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSPanel.exe[776] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 00007ffbe3beed61 11 bytes [B8, 6A, 25, 9F, 00, 00, 00, ...] .text C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSPanel.exe[776] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW + 1 00007ffbe3c04021 11 bytes [B8, C2, 27, 9F, 00, 00, 00, ...] .text C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSPanel.exe[776] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 00007ffbe3c0a1a1 11 bytes [B8, 96, 26, 9F, 00, 00, 00, ...] .text C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSPanel.exe[776] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA + 1 00007ffbe3c0de41 11 bytes [B8, 2C, 27, 9F, 00, 00, 00, ...] .text C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSPanel.exe[776] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 00007ffbe3c1ddf1 11 bytes [B8, D4, 24, 9F, 00, 00, 00, ...] .text C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSPanel.exe[776] C:\Windows\system32\USER32.dll!ShowWindow 00007ffbe61a11b0 6 bytes [48, B8, 94, 38, 9F, 00] .text C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSPanel.exe[776] C:\Windows\system32\USER32.dll!ShowWindow + 8 00007ffbe61a11b8 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSPanel.exe[776] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx 00007ffbe61a1210 6 bytes [48, B8, D2, 36, 9F, 00] .text C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSPanel.exe[776] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx + 8 00007ffbe61a1218 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSPanel.exe[776] C:\Windows\system32\USER32.dll!GetMessageW 00007ffbe61a25d0 12 bytes [48, B8, 7A, 34, 9F, 00, 00, ...] .text C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSPanel.exe[776] C:\Windows\system32\USER32.dll!PeekMessageW + 1 00007ffbe61a28d1 11 bytes [B8, A6, 35, 9F, 00, 00, 00, ...] .text C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSPanel.exe[776] C:\Windows\system32\USER32.dll!GetWindowLongPtrW + 1 00007ffbe61a2a81 11 bytes [B8, 9C, 3F, 9F, 00, 00, 00, ...] .text C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSPanel.exe[776] C:\Windows\system32\USER32.dll!PostMessageW + 1 00007ffbe61a2f61 11 bytes [B8, A0, 43, 9F, 00, 00, 00, ...] .text C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSPanel.exe[776] C:\Windows\system32\USER32.dll!CallNextHookEx 00007ffbe61a3490 12 bytes [48, B8, 3C, 36, 9F, 00, 00, ...] .text C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSPanel.exe[776] C:\Windows\system32\USER32.dll!GetWindowLongPtrA + 1 00007ffbe61a46c1 11 bytes [B8, 06, 3F, 9F, 00, 00, 00, ...] .text C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSPanel.exe[776] C:\Windows\system32\USER32.dll!SetWindowTextW + 1 00007ffbe61a6431 11 bytes [B8, 18, 3C, 9F, 00, 00, 00, ...] .text C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSPanel.exe[776] C:\Windows\system32\USER32.dll!GetWindowLongW + 1 00007ffbe61a65b1 11 bytes [B8, C8, 40, 9F, 00, 00, 00, ...] .text C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSPanel.exe[776] C:\Windows\system32\USER32.dll!GetWindowLongA 00007ffbe61a7e30 12 bytes [48, B8, 32, 40, 9F, 00, 00, ...] .text C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSPanel.exe[776] C:\Windows\system32\USER32.dll!GetMessageA + 1 00007ffbe61a9251 11 bytes [B8, E4, 33, 9F, 00, 00, 00, ...] .text C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSPanel.exe[776] C:\Windows\system32\USER32.dll!PostMessageA + 1 00007ffbe61a9371 11 bytes [B8, 0A, 43, 9F, 00, 00, 00, ...] .text C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSPanel.exe[776] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ffbe61a9920 7 bytes [48, B8, 68, 37, 9F, 00, 00] .text C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSPanel.exe[776] C:\Windows\system32\USER32.dll!CreateWindowExW + 10 00007ffbe61a992a 2 bytes [50, C3] .text C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSPanel.exe[776] C:\Windows\system32\USER32.dll!SetWindowsHookExW + 1 00007ffbe61abf11 7 bytes [B8, B8, 32, 9F, 00, 00, 00] .text C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSPanel.exe[776] C:\Windows\system32\USER32.dll!SetWindowsHookExW + 9 00007ffbe61abf19 3 bytes [00, 50, C3] .text C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSPanel.exe[776] C:\Windows\system32\USER32.dll!CreateWindowExA 00007ffbe61acf60 7 bytes [48, B8, FE, 37, 9F, 00, 00] .text C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSPanel.exe[776] C:\Windows\system32\USER32.dll!CreateWindowExA + 10 00007ffbe61acf6a 2 bytes [50, C3] .text C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSPanel.exe[776] C:\Windows\system32\USER32.dll!SendNotifyMessageW + 1 00007ffbe61adad1 11 bytes [B8, 74, 42, 9F, 00, 00, 00, ...] .text C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSPanel.exe[776] C:\Windows\system32\USER32.dll!PeekMessageA + 1 00007ffbe61ae611 11 bytes [B8, 10, 35, 9F, 00, 00, 00, ...] .text C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSPanel.exe[776] C:\Windows\system32\USER32.dll!UserClientDllInitialize + 1 00007ffbe61ae991 11 bytes [B8, 60, 2F, 9F, 00, 00, 00, ...] .text C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSPanel.exe[776] C:\Windows\system32\USER32.dll!SetWinEventHook 00007ffbe61b4090 12 bytes [48, B8, 4E, 33, 9F, 00, 00, ...] .text C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSPanel.exe[776] C:\Windows\system32\USER32.dll!CreateDialogIndirectParamAorW + 1 00007ffbe61b9951 11 bytes [B8, 2A, 39, 9F, 00, 00, 00, ...] .text C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSPanel.exe[776] C:\Windows\system32\USER32.dll!FindWindowExW + 1 00007ffbe61c41d1 11 bytes [B8, 70, 3E, 9F, 00, 00, 00, ...] .text C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSPanel.exe[776] C:\Windows\system32\USER32.dll!FindWindowExA + 1 00007ffbe61c4701 5 bytes [B8, 44, 3D, 9F, 00] .text C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSPanel.exe[776] C:\Windows\system32\USER32.dll!FindWindowExA + 9 00007ffbe61c4709 3 bytes [00, 50, C3] .text C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSPanel.exe[776] C:\Windows\system32\USER32.dll!FindWindowW + 1 00007ffbe61c64e1 7 bytes [B8, DA, 3D, 9F, 00, 00, 00] .text C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSPanel.exe[776] C:\Windows\system32\USER32.dll!FindWindowW + 9 00007ffbe61c64e9 3 bytes [00, 50, C3] .text C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSPanel.exe[776] C:\Windows\system32\USER32.dll!DialogBoxIndirectParamAorW + 1 00007ffbe61d8b51 11 bytes [B8, C0, 39, 9F, 00, 00, 00, ...] .text C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSPanel.exe[776] C:\Windows\system32\USER32.dll!SendNotifyMessageA + 1 00007ffbe61dd9a1 11 bytes [B8, DE, 41, 9F, 00, 00, 00, ...] .text C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSPanel.exe[776] C:\Windows\system32\USER32.dll!SetWindowsHookExA + 1 00007ffbe6200da1 8 bytes [B8, 22, 32, 9F, 00, 00, 00, ...] .text C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSPanel.exe[776] C:\Windows\system32\USER32.dll!SetWindowsHookExA + 10 00007ffbe6200daa 2 bytes [50, C3] .text C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSPanel.exe[776] C:\Windows\system32\USER32.dll!MessageBoxExA + 1 00007ffbe6227c31 11 bytes [B8, 56, 3A, 9F, 00, 00, 00, ...] .text C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSPanel.exe[776] C:\Windows\system32\USER32.dll!MessageBoxExW + 1 00007ffbe6227c61 1 byte [B8] .text C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSPanel.exe[776] C:\Windows\system32\USER32.dll!MessageBoxExW + 3 00007ffbe6227c63 9 bytes [3A, 9F, 00, 00, 00, 00, 00, ...] .text C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSPanel.exe[776] C:\Windows\system32\USER32.dll!FindWindowA + 1 00007ffbe6228e31 11 bytes [B8, AE, 3C, 9F, 00, 00, 00, ...] .text C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSPanel.exe[776] C:\Windows\system32\USER32.dll!SetWindowTextA + 1 00007ffbe6230f71 11 bytes [B8, 82, 3B, 9F, 00, 00, 00, ...] .text C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSPanel.exe[776] C:\Windows\system32\ws2_32.dll!closesocket 00007ffbe4931be0 12 bytes [48, B8, 50, 48, 9F, 00, 00, ...] .text C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSPanel.exe[776] C:\Windows\system32\ws2_32.dll!recv + 1 00007ffbe4932571 11 bytes [B8, A8, 4A, 9F, 00, 00, 00, ...] .text C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSPanel.exe[776] C:\Windows\system32\ws2_32.dll!WSASend + 1 00007ffbe4932d61 11 bytes [B8, E6, 48, 9F, 00, 00, 00, ...] .text C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSPanel.exe[776] C:\Windows\system32\ws2_32.dll!WSARecv + 1 00007ffbe4932ff1 11 bytes [B8, 3E, 4B, 9F, 00, 00, 00, ...] .text C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSPanel.exe[776] C:\Windows\system32\ws2_32.dll!WSASocketW 00007ffbe4933880 12 bytes [48, B8, BA, 47, 9F, 00, 00, ...] .text C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSPanel.exe[776] C:\Windows\system32\ws2_32.dll!socket + 1 00007ffbe4933bd1 11 bytes [B8, 7C, 49, 9F, 00, 00, 00, ...] .text C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSPanel.exe[776] C:\Windows\system32\ws2_32.dll!GetAddrInfoW 00007ffbe4934230 12 bytes [48, B8, 62, 45, 9F, 00, 00, ...] .text C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSPanel.exe[776] C:\Windows\system32\ws2_32.dll!connect 00007ffbe4935730 12 bytes [48, B8, CC, 44, 9F, 00, 00, ...] .text C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSPanel.exe[776] C:\Windows\system32\ws2_32.dll!GetAddrInfoExW 00007ffbe49387e0 12 bytes [48, B8, F8, 45, 9F, 00, 00, ...] .text C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSPanel.exe[776] C:\Windows\system32\ws2_32.dll!send + 1 00007ffbe49442d1 11 bytes [B8, 24, 47, 9F, 00, 00, 00, ...] .text C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSPanel.exe[776] C:\Windows\system32\ws2_32.dll!WSAConnect + 1 00007ffbe4946fe1 11 bytes [B8, 12, 4A, 9F, 00, 00, 00, ...] .text C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSPanel.exe[776] C:\Windows\system32\ws2_32.dll!gethostbyname + 1 00007ffbe49554b1 11 bytes [B8, 8E, 46, 9F, 00, 00, 00, ...] .text C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSPanel.exe[776] C:\Windows\SYSTEM32\DNSAPI.dll!DnsQueryEx 00007ffbe2914420 12 bytes [48, B8, 2C, 4E, 9F, 00, 00, ...] .text C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSPanel.exe[776] C:\Windows\SYSTEM32\DNSAPI.dll!DnsQuery_UTF8 00007ffbe2933cd0 12 bytes [48, B8, 96, 4D, 9F, 00, 00, ...] .text C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSPanel.exe[776] C:\Windows\SYSTEM32\DNSAPI.dll!DnsQuery_W 00007ffbe2934350 12 bytes [48, B8, 00, 4D, 9F, 00, 00, ...] .text C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSPanel.exe[776] C:\Windows\SYSTEM32\DNSAPI.dll!DnsQuery_A 00007ffbe296fd90 12 bytes [48, B8, 6A, 4C, 9F, 00, 00, ...] .text C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSPanel.exe[776] C:\Windows\system32\shell32.dll!Shell_NotifyIconW + 1 00007ffbe4d557c1 11 bytes [B8, 58, 4F, 9F, 00, 00, 00, ...] .text C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSPanel.exe[776] C:\Windows\SYSTEM32\winhttp.dll!WinHttpCloseHandle + 1 00007ffbd7b19bd1 11 bytes [B8, 1A, 51, 9F, 00, 00, 00, ...] .text C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSPanel.exe[776] C:\Windows\SYSTEM32\winhttp.dll!WinHttpOpenRequest 00007ffbd7b2f2d0 12 bytes [48, B8, 84, 50, 9F, 00, 00, ...] .text C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSPanel.exe[776] C:\Windows\SYSTEM32\winhttp.dll!WinHttpConnect + 1 00007ffbd7b30441 11 bytes [B8, B0, 51, 9F, 00, 00, 00, ...] .text C:\Windows\System32\WUDFHost.exe[4460] C:\Windows\system32\KERNEL32.DLL!CreateToolhelp32Snapshot 00007ffbe4b4db10 12 bytes [48, B8, 1E, 08, 11, 92, E5, ...] .text C:\Windows\System32\WUDFHost.exe[4460] C:\Windows\system32\KERNEL32.DLL!Process32NextW 00007ffbe4b4e1f0 12 bytes [48, B8, 02, 15, 11, 92, E5, ...] .text C:\Windows\System32\WUDFHost.exe[4460] C:\Windows\system32\KERNEL32.DLL!GetStartupInfoA + 1 00007ffbe4be34b1 11 bytes [B8, 36, 1D, 11, 92, E5, 00, ...] .text C:\Windows\System32\WUDFHost.exe[4460] C:\Windows\system32\KERNEL32.DLL!MoveFileExA + 1 00007ffbe4c0aba1 8 bytes [B8, F0, 17, 11, 92, E5, 00, ...] .text C:\Windows\System32\WUDFHost.exe[4460] C:\Windows\system32\KERNEL32.DLL!MoveFileExA + 10 00007ffbe4c0abaa 2 bytes [50, C3] .text C:\Windows\System32\WUDFHost.exe[4460] C:\Windows\system32\KERNEL32.DLL!MoveFileWithProgressA + 1 00007ffbe4c0aca1 11 bytes [B8, 1C, 19, 11, 92, E5, 00, ...] .text C:\Windows\System32\WUDFHost.exe[4460] C:\Windows\system32\KERNELBASE.dll!CloseHandle 00007ffbe35f14c0 12 bytes [48, B8, CE, 0C, 11, 92, E5, ...] .text C:\Windows\System32\WUDFHost.exe[4460] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 00007ffbe35f21d1 11 bytes [B8, D6, 13, 11, 92, E5, 00, ...] .text C:\Windows\System32\WUDFHost.exe[4460] C:\Windows\system32\KERNELBASE.dll!GetProcAddress 00007ffbe35f42a0 12 bytes [48, B8, 6C, 14, 11, 92, E5, ...] .text C:\Windows\System32\WUDFHost.exe[4460] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 00007ffbe35f6750 12 bytes [48, B8, 38, 0C, 11, 92, E5, ...] .text C:\Windows\System32\WUDFHost.exe[4460] C:\Windows\system32\KERNELBASE.dll!OpenThread 00007ffbe35f6780 12 bytes [48, B8, E0, 09, 11, 92, E5, ...] .text C:\Windows\System32\WUDFHost.exe[4460] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 00007ffbe35f8931 11 bytes [B8, A2, 0B, 11, 92, E5, 00, ...] .text C:\Windows\System32\WUDFHost.exe[4460] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 1 00007ffbe35f8c41 11 bytes [B8, 40, 13, 11, 92, E5, 00, ...] .text C:\Windows\System32\WUDFHost.exe[4460] C:\Windows\system32\KERNELBASE.dll!FindClose + 1 00007ffbe35f9101 11 bytes [B8, A0, 1C, 11, 92, E5, 00, ...] .text C:\Windows\System32\WUDFHost.exe[4460] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 00007ffbe35f96b1 11 bytes [B8, AA, 12, 11, 92, E5, 00, ...] .text C:\Windows\System32\WUDFHost.exe[4460] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 00007ffbe35fc390 12 bytes [48, B8, 74, 1B, 11, 92, E5, ...] .text C:\Windows\System32\WUDFHost.exe[4460] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 00007ffbe3600a51 11 bytes [B8, 0A, 1C, 11, 92, E5, 00, ...] .text C:\Windows\System32\WUDFHost.exe[4460] C:\Windows\system32\KERNELBASE.dll!MoveFileWithProgressW + 1 00007ffbe3603901 11 bytes [B8, B2, 19, 11, 92, E5, 00, ...] .text C:\Windows\System32\WUDFHost.exe[4460] C:\Windows\system32\KERNELBASE.dll!CreateProcessInternalW 00007ffbe360b0a0 12 bytes [48, B8, 9A, 04, 11, 92, E5, ...] .text C:\Windows\System32\WUDFHost.exe[4460] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory + 1 00007ffbe3625bb1 11 bytes [B8, 0C, 0B, 11, 92, E5, 00, ...] .text C:\Windows\System32\WUDFHost.exe[4460] C:\Windows\system32\KERNELBASE.dll!MoveFileExW + 1 00007ffbe3648461 8 bytes [B8, 86, 18, 11, 92, E5, 00, ...] .text C:\Windows\System32\WUDFHost.exe[4460] C:\Windows\system32\KERNELBASE.dll!MoveFileExW + 10 00007ffbe364846a 2 bytes [50, C3] .text C:\Windows\System32\WUDFHost.exe[4460] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 00007ffbe366a101 11 bytes [B8, 5A, 17, 11, 92, E5, 00, ...] .text C:\Windows\System32\WUDFHost.exe[4460] C:\Windows\system32\KERNELBASE.dll!CreateThread 00007ffbe366a510 12 bytes [48, B8, 76, 0A, 11, 92, E5, ...] .text C:\Windows\System32\WUDFHost.exe[4460] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputA + 1 00007ffbe36bf8f1 11 bytes [B8, FA, 0D, 11, 92, E5, 00, ...] .text C:\Windows\System32\WUDFHost.exe[4460] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputW + 1 00007ffbe36bf971 11 bytes [B8, 90, 0E, 11, 92, E5, 00, ...] .text C:\Windows\System32\WUDFHost.exe[4460] C:\Windows\system32\KERNELBASE.dll!ReadConsoleA 00007ffbe36c0420 12 bytes [48, B8, 26, 0F, 11, 92, E5, ...] .text C:\Windows\System32\WUDFHost.exe[4460] C:\Windows\system32\KERNELBASE.dll!ReadConsoleW 00007ffbe36c0650 12 bytes [48, B8, BC, 0F, 11, 92, E5, ...] .text C:\Windows\System32\WUDFHost.exe[4460] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread 00007ffbe36d0d60 12 bytes [48, B8, AC, 01, 11, 92, E5, ...] .text C:\Windows\System32\WUDFHost.exe[4460] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 00007ffbe3be47a1 11 bytes [B8, 58, 28, 11, 92, E5, 00, ...] .text C:\Windows\System32\WUDFHost.exe[4460] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 00007ffbe3be4d10 12 bytes [48, B8, 3E, 24, 11, 92, E5, ...] .text C:\Windows\System32\WUDFHost.exe[4460] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 00007ffbe3bea830 12 bytes [48, B8, A8, 23, 11, 92, E5, ...] .text C:\Windows\System32\WUDFHost.exe[4460] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 00007ffbe3beae11 11 bytes [B8, 00, 26, 11, 92, E5, 00, ...] .text C:\Windows\System32\WUDFHost.exe[4460] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 00007ffbe3beed61 11 bytes [B8, 6A, 25, 11, 92, E5, 00, ...] .text C:\Windows\System32\WUDFHost.exe[4460] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW + 1 00007ffbe3c04021 11 bytes [B8, C2, 27, 11, 92, E5, 00, ...] .text C:\Windows\System32\WUDFHost.exe[4460] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 00007ffbe3c0a1a1 11 bytes [B8, 96, 26, 11, 92, E5, 00, ...] .text C:\Windows\System32\WUDFHost.exe[4460] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA + 1 00007ffbe3c0de41 11 bytes [B8, 2C, 27, 11, 92, E5, 00, ...] .text C:\Windows\System32\WUDFHost.exe[4460] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 00007ffbe3c1ddf1 11 bytes [B8, D4, 24, 11, 92, E5, 00, ...] .text C:\Windows\System32\WUDFHost.exe[4460] C:\Windows\SYSTEM32\advapi32.dll!CryptAcquireContextW + 1 00007ffbe49b1da1 11 bytes [B8, B0, 2A, 11, 92, E5, 00, ...] .text C:\Windows\System32\WUDFHost.exe[4460] C:\Windows\SYSTEM32\advapi32.dll!CryptCreateHash + 1 00007ffbe49b2041 11 bytes [B8, 72, 2C, 11, 92, E5, 00, ...] .text C:\Windows\System32\WUDFHost.exe[4460] C:\Windows\SYSTEM32\advapi32.dll!CryptHashData + 1 00007ffbe49b2061 11 bytes [B8, 34, 2E, 11, 92, E5, 00, ...] .text C:\Windows\System32\WUDFHost.exe[4460] C:\Windows\SYSTEM32\advapi32.dll!CryptGetHashParam + 1 00007ffbe49b2071 11 bytes [B8, 9E, 2D, 11, 92, E5, 00, ...] .text C:\Windows\System32\WUDFHost.exe[4460] C:\Windows\SYSTEM32\advapi32.dll!CryptImportKey + 1 00007ffbe49b2091 11 bytes [B8, CA, 2E, 11, 92, E5, 00, ...] .text C:\Windows\System32\WUDFHost.exe[4460] C:\Windows\SYSTEM32\advapi32.dll!CryptExportKey + 1 00007ffbe49b20a1 11 bytes [B8, 08, 2D, 11, 92, E5, 00, ...] .text C:\Windows\System32\WUDFHost.exe[4460] C:\Windows\SYSTEM32\advapi32.dll!CryptAcquireContextA + 1 00007ffbe49b2201 11 bytes [B8, 1A, 2A, 11, 92, E5, 00, ...] .text C:\Windows\System32\WUDFHost.exe[4460] C:\Windows\SYSTEM32\advapi32.dll!CryptGenKey + 1 00007ffbe49e0fd1 11 bytes [B8, 46, 2B, 11, 92, E5, 00, ...] .text C:\Windows\System32\WUDFHost.exe[4460] C:\Windows\SYSTEM32\advapi32.dll!CryptEncrypt + 1 00007ffbe49e0fe1 11 bytes [B8, DC, 2B, 11, 92, E5, 00, ...] .text C:\Windows\System32\WUDFHost.exe[4460] C:\Windows\SYSTEM32\advapi32.dll!CreateServiceA 00007ffbe4a0dd30 12 bytes [48, B8, EE, 28, 11, 92, E5, ...] .text C:\Windows\System32\WUDFHost.exe[4460] C:\Windows\SYSTEM32\advapi32.dll!CreateServiceW 00007ffbe4a0ddc0 12 bytes [48, B8, 84, 29, 11, 92, E5, ...] .text C:\Windows\System32\WUDFHost.exe[4460] C:\Windows\system32\USER32.dll!ShowWindow 00007ffbe61a11b0 7 bytes [48, B8, 94, 38, 11, 92, E5] .text C:\Windows\System32\WUDFHost.exe[4460] C:\Windows\system32\USER32.dll!ShowWindow + 8 00007ffbe61a11b8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\WUDFHost.exe[4460] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx 00007ffbe61a1210 7 bytes [48, B8, D2, 36, 11, 92, E5] .text C:\Windows\System32\WUDFHost.exe[4460] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx + 8 00007ffbe61a1218 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\WUDFHost.exe[4460] C:\Windows\system32\USER32.dll!GetMessageW 00007ffbe61a25d0 12 bytes [48, B8, 7A, 34, 11, 92, E5, ...] .text C:\Windows\System32\WUDFHost.exe[4460] C:\Windows\system32\USER32.dll!PeekMessageW + 1 00007ffbe61a28d1 11 bytes [B8, A6, 35, 11, 92, E5, 00, ...] .text C:\Windows\System32\WUDFHost.exe[4460] C:\Windows\system32\USER32.dll!GetWindowLongPtrW + 1 00007ffbe61a2a81 11 bytes [B8, 9C, 3F, 11, 92, E5, 00, ...] .text C:\Windows\System32\WUDFHost.exe[4460] C:\Windows\system32\USER32.dll!PostMessageW + 1 00007ffbe61a2f61 11 bytes [B8, A0, 43, 11, 92, E5, 00, ...] .text C:\Windows\System32\WUDFHost.exe[4460] C:\Windows\system32\USER32.dll!CallNextHookEx 00007ffbe61a3490 12 bytes [48, B8, 3C, 36, 11, 92, E5, ...] .text C:\Windows\System32\WUDFHost.exe[4460] C:\Windows\system32\USER32.dll!GetWindowLongPtrA + 1 00007ffbe61a46c1 11 bytes [B8, 06, 3F, 11, 92, E5, 00, ...] .text C:\Windows\System32\WUDFHost.exe[4460] C:\Windows\system32\USER32.dll!SetWindowTextW + 1 00007ffbe61a6431 11 bytes [B8, 18, 3C, 11, 92, E5, 00, ...] .text C:\Windows\System32\WUDFHost.exe[4460] C:\Windows\system32\USER32.dll!GetWindowLongW + 1 00007ffbe61a65b1 11 bytes [B8, C8, 40, 11, 92, E5, 00, ...] .text C:\Windows\System32\WUDFHost.exe[4460] C:\Windows\system32\USER32.dll!GetWindowLongA 00007ffbe61a7e30 12 bytes [48, B8, 32, 40, 11, 92, E5, ...] .text C:\Windows\System32\WUDFHost.exe[4460] C:\Windows\system32\USER32.dll!GetMessageA + 1 00007ffbe61a9251 11 bytes [B8, E4, 33, 11, 92, E5, 00, ...] .text C:\Windows\System32\WUDFHost.exe[4460] C:\Windows\system32\USER32.dll!PostMessageA + 1 00007ffbe61a9371 11 bytes [B8, 0A, 43, 11, 92, E5, 00, ...] .text C:\Windows\System32\WUDFHost.exe[4460] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ffbe61a9920 7 bytes [48, B8, 68, 37, 11, 92, E5] .text C:\Windows\System32\WUDFHost.exe[4460] C:\Windows\system32\USER32.dll!CreateWindowExW + 10 00007ffbe61a992a 2 bytes [50, C3] .text C:\Windows\System32\WUDFHost.exe[4460] C:\Windows\system32\USER32.dll!SetWindowsHookExW + 1 00007ffbe61abf11 7 bytes [B8, B8, 32, 11, 92, E5, 00] .text C:\Windows\System32\WUDFHost.exe[4460] C:\Windows\system32\USER32.dll!SetWindowsHookExW + 9 00007ffbe61abf19 3 bytes [00, 50, C3] .text C:\Windows\System32\WUDFHost.exe[4460] C:\Windows\system32\USER32.dll!CreateWindowExA 00007ffbe61acf60 7 bytes [48, B8, FE, 37, 11, 92, E5] .text C:\Windows\System32\WUDFHost.exe[4460] C:\Windows\system32\USER32.dll!CreateWindowExA + 10 00007ffbe61acf6a 2 bytes [50, C3] .text C:\Windows\System32\WUDFHost.exe[4460] C:\Windows\system32\USER32.dll!SendNotifyMessageW + 1 00007ffbe61adad1 11 bytes [B8, 74, 42, 11, 92, E5, 00, ...] .text C:\Windows\System32\WUDFHost.exe[4460] C:\Windows\system32\USER32.dll!PeekMessageA + 1 00007ffbe61ae611 11 bytes [B8, 10, 35, 11, 92, E5, 00, ...] .text C:\Windows\System32\WUDFHost.exe[4460] C:\Windows\system32\USER32.dll!UserClientDllInitialize + 1 00007ffbe61ae991 11 bytes [B8, 60, 2F, 11, 92, E5, 00, ...] .text C:\Windows\System32\WUDFHost.exe[4460] C:\Windows\system32\USER32.dll!SetWinEventHook 00007ffbe61b4090 12 bytes [48, B8, 4E, 33, 11, 92, E5, ...] .text C:\Windows\System32\WUDFHost.exe[4460] C:\Windows\system32\USER32.dll!CreateDialogIndirectParamAorW + 1 00007ffbe61b9951 11 bytes [B8, 2A, 39, 11, 92, E5, 00, ...] .text C:\Windows\System32\WUDFHost.exe[4460] C:\Windows\system32\USER32.dll!FindWindowExW + 1 00007ffbe61c41d1 11 bytes [B8, 70, 3E, 11, 92, E5, 00, ...] .text C:\Windows\System32\WUDFHost.exe[4460] C:\Windows\system32\USER32.dll!FindWindowExA + 1 00007ffbe61c4701 6 bytes [B8, 44, 3D, 11, 92, E5] .text C:\Windows\System32\WUDFHost.exe[4460] C:\Windows\system32\USER32.dll!FindWindowExA + 9 00007ffbe61c4709 3 bytes [00, 50, C3] .text C:\Windows\System32\WUDFHost.exe[4460] C:\Windows\system32\USER32.dll!FindWindowW + 1 00007ffbe61c64e1 7 bytes [B8, DA, 3D, 11, 92, E5, 00] .text C:\Windows\System32\WUDFHost.exe[4460] C:\Windows\system32\USER32.dll!FindWindowW + 9 00007ffbe61c64e9 3 bytes [00, 50, C3] .text C:\Windows\System32\WUDFHost.exe[4460] C:\Windows\system32\USER32.dll!DialogBoxIndirectParamAorW + 1 00007ffbe61d8b51 11 bytes [B8, C0, 39, 11, 92, E5, 00, ...] .text C:\Windows\System32\WUDFHost.exe[4460] C:\Windows\system32\USER32.dll!SendNotifyMessageA + 1 00007ffbe61dd9a1 11 bytes [B8, DE, 41, 11, 92, E5, 00, ...] .text C:\Windows\System32\WUDFHost.exe[4460] C:\Windows\system32\USER32.dll!SetWindowsHookExA + 1 00007ffbe6200da1 8 bytes [B8, 22, 32, 11, 92, E5, 00, ...] .text C:\Windows\System32\WUDFHost.exe[4460] C:\Windows\system32\USER32.dll!SetWindowsHookExA + 10 00007ffbe6200daa 2 bytes [50, C3] .text C:\Windows\System32\WUDFHost.exe[4460] C:\Windows\system32\USER32.dll!MessageBoxExA + 1 00007ffbe6227c31 11 bytes [B8, 56, 3A, 11, 92, E5, 00, ...] .text C:\Windows\System32\WUDFHost.exe[4460] C:\Windows\system32\USER32.dll!MessageBoxExW + 1 00007ffbe6227c61 1 byte [B8] .text C:\Windows\System32\WUDFHost.exe[4460] C:\Windows\system32\USER32.dll!MessageBoxExW + 3 00007ffbe6227c63 9 bytes [3A, 11, 92, E5, 00, 00, 00, ...] .text C:\Windows\System32\WUDFHost.exe[4460] C:\Windows\system32\USER32.dll!FindWindowA + 1 00007ffbe6228e31 11 bytes [B8, AE, 3C, 11, 92, E5, 00, ...] .text C:\Windows\System32\WUDFHost.exe[4460] C:\Windows\system32\USER32.dll!SetWindowTextA + 1 00007ffbe6230f71 11 bytes [B8, 82, 3B, 11, 92, E5, 00, ...] .text C:\Windows\ImmersiveControlPanel\SystemSettings.exe[5572] C:\Windows\system32\KERNEL32.DLL!CreateToolhelp32Snapshot 00007ffbe4b4db10 12 bytes [48, B8, 1E, 08, 5E, 82, 21, ...] .text C:\Windows\ImmersiveControlPanel\SystemSettings.exe[5572] C:\Windows\system32\KERNEL32.DLL!Process32NextW 00007ffbe4b4e1f0 12 bytes [48, B8, 02, 15, 5E, 82, 21, ...] .text C:\Windows\ImmersiveControlPanel\SystemSettings.exe[5572] C:\Windows\system32\KERNEL32.DLL!GetStartupInfoA + 1 00007ffbe4be34b1 11 bytes [B8, 36, 1D, 5E, 82, 21, 00, ...] .text C:\Windows\ImmersiveControlPanel\SystemSettings.exe[5572] C:\Windows\system32\KERNEL32.DLL!MoveFileExA + 1 00007ffbe4c0aba1 8 bytes [B8, F0, 17, 5E, 82, 21, 00, ...] .text C:\Windows\ImmersiveControlPanel\SystemSettings.exe[5572] C:\Windows\system32\KERNEL32.DLL!MoveFileExA + 10 00007ffbe4c0abaa 2 bytes [50, C3] .text C:\Windows\ImmersiveControlPanel\SystemSettings.exe[5572] C:\Windows\system32\KERNEL32.DLL!MoveFileWithProgressA + 1 00007ffbe4c0aca1 11 bytes [B8, 1C, 19, 5E, 82, 21, 00, ...] .text C:\Windows\ImmersiveControlPanel\SystemSettings.exe[5572] C:\Windows\system32\KERNELBASE.dll!CloseHandle 00007ffbe35f14c0 12 bytes [48, B8, CE, 0C, 5E, 82, 21, ...] .text C:\Windows\ImmersiveControlPanel\SystemSettings.exe[5572] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 00007ffbe35f21d1 11 bytes [B8, D6, 13, 5E, 82, 21, 00, ...] .text C:\Windows\ImmersiveControlPanel\SystemSettings.exe[5572] C:\Windows\system32\KERNELBASE.dll!GetProcAddress 00007ffbe35f42a0 12 bytes [48, B8, 6C, 14, 5E, 82, 21, ...] .text C:\Windows\ImmersiveControlPanel\SystemSettings.exe[5572] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 00007ffbe35f6750 12 bytes [48, B8, 38, 0C, 5E, 82, 21, ...] .text C:\Windows\ImmersiveControlPanel\SystemSettings.exe[5572] C:\Windows\system32\KERNELBASE.dll!OpenThread 00007ffbe35f6780 12 bytes [48, B8, E0, 09, 5E, 82, 21, ...] .text C:\Windows\ImmersiveControlPanel\SystemSettings.exe[5572] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 00007ffbe35f8931 11 bytes [B8, A2, 0B, 5E, 82, 21, 00, ...] .text C:\Windows\ImmersiveControlPanel\SystemSettings.exe[5572] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 1 00007ffbe35f8c41 11 bytes [B8, 40, 13, 5E, 82, 21, 00, ...] .text C:\Windows\ImmersiveControlPanel\SystemSettings.exe[5572] C:\Windows\system32\KERNELBASE.dll!FindClose + 1 00007ffbe35f9101 11 bytes [B8, A0, 1C, 5E, 82, 21, 00, ...] .text C:\Windows\ImmersiveControlPanel\SystemSettings.exe[5572] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 00007ffbe35f96b1 11 bytes [B8, AA, 12, 5E, 82, 21, 00, ...] .text C:\Windows\ImmersiveControlPanel\SystemSettings.exe[5572] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 00007ffbe35fc390 12 bytes [48, B8, 74, 1B, 5E, 82, 21, ...] .text C:\Windows\ImmersiveControlPanel\SystemSettings.exe[5572] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 00007ffbe3600a51 11 bytes [B8, 0A, 1C, 5E, 82, 21, 00, ...] .text C:\Windows\ImmersiveControlPanel\SystemSettings.exe[5572] C:\Windows\system32\KERNELBASE.dll!MoveFileWithProgressW + 1 00007ffbe3603901 11 bytes [B8, B2, 19, 5E, 82, 21, 00, ...] .text C:\Windows\ImmersiveControlPanel\SystemSettings.exe[5572] C:\Windows\system32\KERNELBASE.dll!CreateProcessInternalW 00007ffbe360b0a0 12 bytes [48, B8, 9A, 04, 5E, 82, 21, ...] .text C:\Windows\ImmersiveControlPanel\SystemSettings.exe[5572] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory + 1 00007ffbe3625bb1 11 bytes [B8, 0C, 0B, 5E, 82, 21, 00, ...] .text C:\Windows\ImmersiveControlPanel\SystemSettings.exe[5572] C:\Windows\system32\KERNELBASE.dll!MoveFileExW + 1 00007ffbe3648461 8 bytes [B8, 86, 18, 5E, 82, 21, 00, ...] .text C:\Windows\ImmersiveControlPanel\SystemSettings.exe[5572] C:\Windows\system32\KERNELBASE.dll!MoveFileExW + 10 00007ffbe364846a 2 bytes [50, C3] .text C:\Windows\ImmersiveControlPanel\SystemSettings.exe[5572] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 00007ffbe366a101 11 bytes [B8, 5A, 17, 5E, 82, 21, 00, ...] .text C:\Windows\ImmersiveControlPanel\SystemSettings.exe[5572] C:\Windows\system32\KERNELBASE.dll!CreateThread 00007ffbe366a510 12 bytes [48, B8, 76, 0A, 5E, 82, 21, ...] .text C:\Windows\ImmersiveControlPanel\SystemSettings.exe[5572] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputA + 1 00007ffbe36bf8f1 11 bytes [B8, FA, 0D, 5E, 82, 21, 00, ...] .text C:\Windows\ImmersiveControlPanel\SystemSettings.exe[5572] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputW + 1 00007ffbe36bf971 11 bytes [B8, 90, 0E, 5E, 82, 21, 00, ...] .text C:\Windows\ImmersiveControlPanel\SystemSettings.exe[5572] C:\Windows\system32\KERNELBASE.dll!ReadConsoleA 00007ffbe36c0420 12 bytes [48, B8, 26, 0F, 5E, 82, 21, ...] .text C:\Windows\ImmersiveControlPanel\SystemSettings.exe[5572] C:\Windows\system32\KERNELBASE.dll!ReadConsoleW 00007ffbe36c0650 12 bytes [48, B8, BC, 0F, 5E, 82, 21, ...] .text C:\Windows\ImmersiveControlPanel\SystemSettings.exe[5572] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread 00007ffbe36d0d60 12 bytes [48, B8, AC, 01, 5E, 82, 21, ...] .text C:\Windows\ImmersiveControlPanel\SystemSettings.exe[5572] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 1 00007ffbe49b1da1 11 bytes [B8, 72, 2C, 5E, 82, 21, 00, ...] .text C:\Windows\ImmersiveControlPanel\SystemSettings.exe[5572] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 1 00007ffbe49b2041 11 bytes [B8, 34, 2E, 5E, 82, 21, 00, ...] .text C:\Windows\ImmersiveControlPanel\SystemSettings.exe[5572] C:\Windows\system32\ADVAPI32.dll!CryptHashData + 1 00007ffbe49b2061 11 bytes [B8, F6, 2F, 5E, 82, 21, 00, ...] .text C:\Windows\ImmersiveControlPanel\SystemSettings.exe[5572] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 1 00007ffbe49b2071 11 bytes [B8, 60, 2F, 5E, 82, 21, 00, ...] .text C:\Windows\ImmersiveControlPanel\SystemSettings.exe[5572] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 1 00007ffbe49b2091 11 bytes [B8, 8C, 30, 5E, 82, 21, 00, ...] .text C:\Windows\ImmersiveControlPanel\SystemSettings.exe[5572] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 1 00007ffbe49b20a1 11 bytes [B8, CA, 2E, 5E, 82, 21, 00, ...] .text C:\Windows\ImmersiveControlPanel\SystemSettings.exe[5572] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 1 00007ffbe49b2201 11 bytes [B8, DC, 2B, 5E, 82, 21, 00, ...] .text C:\Windows\ImmersiveControlPanel\SystemSettings.exe[5572] C:\Windows\system32\ADVAPI32.dll!CryptGenKey + 1 00007ffbe49e0fd1 11 bytes [B8, 08, 2D, 5E, 82, 21, 00, ...] .text C:\Windows\ImmersiveControlPanel\SystemSettings.exe[5572] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 1 00007ffbe49e0fe1 11 bytes [B8, 9E, 2D, 5E, 82, 21, 00, ...] .text C:\Windows\ImmersiveControlPanel\SystemSettings.exe[5572] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 00007ffbe4a0dd30 12 bytes [48, B8, B0, 2A, 5E, 82, 21, ...] .text C:\Windows\ImmersiveControlPanel\SystemSettings.exe[5572] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 00007ffbe4a0ddc0 12 bytes [48, B8, 46, 2B, 5E, 82, 21, ...] .text C:\Windows\ImmersiveControlPanel\SystemSettings.exe[5572] C:\Windows\system32\SHELL32.dll!Shell_NotifyIconW + 1 00007ffbe4d557c1 11 bytes [B8, CC, 44, 5E, 82, 21, 00, ...] .text C:\Windows\ImmersiveControlPanel\SystemSettings.exe[5572] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 00007ffbe3be47a1 11 bytes [B8, 1A, 2A, 5E, 82, 21, 00, ...] .text C:\Windows\ImmersiveControlPanel\SystemSettings.exe[5572] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 00007ffbe3be4d10 12 bytes [48, B8, 00, 26, 5E, 82, 21, ...] .text C:\Windows\ImmersiveControlPanel\SystemSettings.exe[5572] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 00007ffbe3bea830 12 bytes [48, B8, 6A, 25, 5E, 82, 21, ...] .text C:\Windows\ImmersiveControlPanel\SystemSettings.exe[5572] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 00007ffbe3beae11 11 bytes [B8, C2, 27, 5E, 82, 21, 00, ...] .text C:\Windows\ImmersiveControlPanel\SystemSettings.exe[5572] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 00007ffbe3beed61 11 bytes [B8, 2C, 27, 5E, 82, 21, 00, ...] .text C:\Windows\ImmersiveControlPanel\SystemSettings.exe[5572] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW + 1 00007ffbe3c04021 11 bytes [B8, 84, 29, 5E, 82, 21, 00, ...] .text C:\Windows\ImmersiveControlPanel\SystemSettings.exe[5572] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 00007ffbe3c0a1a1 11 bytes [B8, 58, 28, 5E, 82, 21, 00, ...] .text C:\Windows\ImmersiveControlPanel\SystemSettings.exe[5572] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA + 1 00007ffbe3c0de41 11 bytes [B8, EE, 28, 5E, 82, 21, 00, ...] .text C:\Windows\ImmersiveControlPanel\SystemSettings.exe[5572] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 00007ffbe3c1ddf1 11 bytes [B8, 96, 26, 5E, 82, 21, 00, ...] .text C:\Windows\ImmersiveControlPanel\SystemSettings.exe[5572] C:\Windows\system32\USER32.dll!ShowWindow 00007ffbe61a11b0 7 bytes [48, B8, 2A, 39, 5E, 82, 21] .text C:\Windows\ImmersiveControlPanel\SystemSettings.exe[5572] C:\Windows\system32\USER32.dll!ShowWindow + 8 00007ffbe61a11b8 4 bytes [00, 00, 50, C3] .text C:\Windows\ImmersiveControlPanel\SystemSettings.exe[5572] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx 00007ffbe61a1210 7 bytes [48, B8, 68, 37, 5E, 82, 21] .text C:\Windows\ImmersiveControlPanel\SystemSettings.exe[5572] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx + 8 00007ffbe61a1218 4 bytes [00, 00, 50, C3] .text C:\Windows\ImmersiveControlPanel\SystemSettings.exe[5572] C:\Windows\system32\USER32.dll!GetMessageW 00007ffbe61a25d0 12 bytes [48, B8, 10, 35, 5E, 82, 21, ...] .text C:\Windows\ImmersiveControlPanel\SystemSettings.exe[5572] C:\Windows\system32\USER32.dll!PeekMessageW + 1 00007ffbe61a28d1 11 bytes [B8, 3C, 36, 5E, 82, 21, 00, ...] .text C:\Windows\ImmersiveControlPanel\SystemSettings.exe[5572] C:\Windows\system32\USER32.dll!GetWindowLongPtrW + 1 00007ffbe61a2a81 11 bytes [B8, 32, 40, 5E, 82, 21, 00, ...] .text C:\Windows\ImmersiveControlPanel\SystemSettings.exe[5572] C:\Windows\system32\USER32.dll!PostMessageW + 1 00007ffbe61a2f61 11 bytes [B8, 36, 44, 5E, 82, 21, 00, ...] .text C:\Windows\ImmersiveControlPanel\SystemSettings.exe[5572] C:\Windows\system32\USER32.dll!CallNextHookEx 00007ffbe61a3490 12 bytes [48, B8, D2, 36, 5E, 82, 21, ...] .text C:\Windows\ImmersiveControlPanel\SystemSettings.exe[5572] C:\Windows\system32\USER32.dll!GetWindowLongPtrA + 1 00007ffbe61a46c1 11 bytes [B8, 9C, 3F, 5E, 82, 21, 00, ...] .text C:\Windows\ImmersiveControlPanel\SystemSettings.exe[5572] C:\Windows\system32\USER32.dll!SetWindowTextW + 1 00007ffbe61a6431 11 bytes [B8, AE, 3C, 5E, 82, 21, 00, ...] .text C:\Windows\ImmersiveControlPanel\SystemSettings.exe[5572] C:\Windows\system32\USER32.dll!GetWindowLongW + 1 00007ffbe61a65b1 11 bytes [B8, 5E, 41, 5E, 82, 21, 00, ...] .text C:\Windows\ImmersiveControlPanel\SystemSettings.exe[5572] C:\Windows\system32\USER32.dll!GetWindowLongA 00007ffbe61a7e30 12 bytes [48, B8, C8, 40, 5E, 82, 21, ...] .text C:\Windows\ImmersiveControlPanel\SystemSettings.exe[5572] C:\Windows\system32\USER32.dll!GetMessageA + 1 00007ffbe61a9251 11 bytes [B8, 7A, 34, 5E, 82, 21, 00, ...] .text C:\Windows\ImmersiveControlPanel\SystemSettings.exe[5572] C:\Windows\system32\USER32.dll!PostMessageA + 1 00007ffbe61a9371 11 bytes [B8, A0, 43, 5E, 82, 21, 00, ...] .text C:\Windows\ImmersiveControlPanel\SystemSettings.exe[5572] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ffbe61a9920 7 bytes [48, B8, FE, 37, 5E, 82, 21] .text C:\Windows\ImmersiveControlPanel\SystemSettings.exe[5572] C:\Windows\system32\USER32.dll!CreateWindowExW + 10 00007ffbe61a992a 2 bytes [50, C3] .text C:\Windows\ImmersiveControlPanel\SystemSettings.exe[5572] C:\Windows\system32\USER32.dll!SetWindowsHookExW + 1 00007ffbe61abf11 7 bytes [B8, 4E, 33, 5E, 82, 21, 00] .text C:\Windows\ImmersiveControlPanel\SystemSettings.exe[5572] C:\Windows\system32\USER32.dll!SetWindowsHookExW + 9 00007ffbe61abf19 3 bytes [00, 50, C3] .text C:\Windows\ImmersiveControlPanel\SystemSettings.exe[5572] C:\Windows\system32\USER32.dll!CreateWindowExA 00007ffbe61acf60 7 bytes [48, B8, 94, 38, 5E, 82, 21] .text C:\Windows\ImmersiveControlPanel\SystemSettings.exe[5572] C:\Windows\system32\USER32.dll!CreateWindowExA + 10 00007ffbe61acf6a 2 bytes [50, C3] .text C:\Windows\ImmersiveControlPanel\SystemSettings.exe[5572] C:\Windows\system32\USER32.dll!SendNotifyMessageW + 1 00007ffbe61adad1 11 bytes [B8, 0A, 43, 5E, 82, 21, 00, ...] .text C:\Windows\ImmersiveControlPanel\SystemSettings.exe[5572] C:\Windows\system32\USER32.dll!PeekMessageA + 1 00007ffbe61ae611 11 bytes [B8, A6, 35, 5E, 82, 21, 00, ...] .text C:\Windows\ImmersiveControlPanel\SystemSettings.exe[5572] C:\Windows\system32\USER32.dll!UserClientDllInitialize + 1 00007ffbe61ae991 2 bytes [B8, 3E] .text C:\Windows\ImmersiveControlPanel\SystemSettings.exe[5572] C:\Windows\system32\USER32.dll!UserClientDllInitialize + 4 00007ffbe61ae994 8 bytes [5E, 82, 21, 00, 00, 00, 50, ...] .text C:\Windows\ImmersiveControlPanel\SystemSettings.exe[5572] C:\Windows\system32\USER32.dll!SetWinEventHook 00007ffbe61b4090 12 bytes [48, B8, E4, 33, 5E, 82, 21, ...] .text C:\Windows\ImmersiveControlPanel\SystemSettings.exe[5572] C:\Windows\system32\USER32.dll!CreateDialogIndirectParamAorW + 1 00007ffbe61b9951 11 bytes [B8, C0, 39, 5E, 82, 21, 00, ...] .text C:\Windows\ImmersiveControlPanel\SystemSettings.exe[5572] C:\Windows\system32\USER32.dll!FindWindowExW + 1 00007ffbe61c41d1 11 bytes [B8, 06, 3F, 5E, 82, 21, 00, ...] .text C:\Windows\ImmersiveControlPanel\SystemSettings.exe[5572] C:\Windows\system32\USER32.dll!FindWindowExA + 1 00007ffbe61c4701 6 bytes [B8, DA, 3D, 5E, 82, 21] .text C:\Windows\ImmersiveControlPanel\SystemSettings.exe[5572] C:\Windows\system32\USER32.dll!FindWindowExA + 9 00007ffbe61c4709 3 bytes [00, 50, C3] .text C:\Windows\ImmersiveControlPanel\SystemSettings.exe[5572] C:\Windows\system32\USER32.dll!FindWindowW + 1 00007ffbe61c64e1 7 bytes [B8, 70, 3E, 5E, 82, 21, 00] .text C:\Windows\ImmersiveControlPanel\SystemSettings.exe[5572] C:\Windows\system32\USER32.dll!FindWindowW + 9 00007ffbe61c64e9 3 bytes [00, 50, C3] .text C:\Windows\ImmersiveControlPanel\SystemSettings.exe[5572] C:\Windows\system32\USER32.dll!DialogBoxIndirectParamAorW + 1 00007ffbe61d8b51 11 bytes [B8, 56, 3A, 5E, 82, 21, 00, ...] .text C:\Windows\ImmersiveControlPanel\SystemSettings.exe[5572] C:\Windows\system32\USER32.dll!SendNotifyMessageA + 1 00007ffbe61dd9a1 11 bytes [B8, 74, 42, 5E, 82, 21, 00, ...] .text C:\Windows\ImmersiveControlPanel\SystemSettings.exe[5572] C:\Windows\system32\USER32.dll!SetWindowsHookExA + 1 00007ffbe6200da1 8 bytes [B8, B8, 32, 5E, 82, 21, 00, ...] .text C:\Windows\ImmersiveControlPanel\SystemSettings.exe[5572] C:\Windows\system32\USER32.dll!SetWindowsHookExA + 10 00007ffbe6200daa 2 bytes [50, C3] .text C:\Windows\ImmersiveControlPanel\SystemSettings.exe[5572] C:\Windows\system32\USER32.dll!MessageBoxExA + 1 00007ffbe6227c31 1 byte [B8] .text C:\Windows\ImmersiveControlPanel\SystemSettings.exe[5572] C:\Windows\system32\USER32.dll!MessageBoxExA + 3 00007ffbe6227c33 9 bytes [3A, 5E, 82, 21, 00, 00, 00, ...] .text C:\Windows\ImmersiveControlPanel\SystemSettings.exe[5572] C:\Windows\system32\USER32.dll!MessageBoxExW + 1 00007ffbe6227c61 11 bytes [B8, 82, 3B, 5E, 82, 21, 00, ...] .text C:\Windows\ImmersiveControlPanel\SystemSettings.exe[5572] C:\Windows\system32\USER32.dll!FindWindowA + 1 00007ffbe6228e31 11 bytes [B8, 44, 3D, 5E, 82, 21, 00, ...] .text C:\Windows\ImmersiveControlPanel\SystemSettings.exe[5572] C:\Windows\system32\USER32.dll!SetWindowTextA + 1 00007ffbe6230f71 11 bytes [B8, 18, 3C, 5E, 82, 21, 00, ...] .text C:\Windows\ImmersiveControlPanel\SystemSettings.exe[5572] C:\Windows\system32\GDI32.dll!GdiDllInitialize + 465 00007ffbe43940d1 11 bytes [B8, D4, 24, 5E, 82, 21, 00, ...] .text C:\Windows\ImmersiveControlPanel\SystemSettings.exe[5572] C:\Windows\system32\GDI32.dll!NamedEscape + 1 00007ffbe4454ca1 11 bytes [B8, 22, 32, 5E, 82, 21, 00, ...] .text C:\Windows\ImmersiveControlPanel\SystemSettings.exe[5572] C:\Windows\SYSTEM32\urlmon.dll!URLDownloadToCacheFileW 00007ffbe1258c80 12 bytes [48, B8, 8E, 46, 5E, 82, 21, ...] .text C:\Windows\ImmersiveControlPanel\SystemSettings.exe[5572] C:\Windows\SYSTEM32\urlmon.dll!URLDownloadToFileW + 1 00007ffbe1274001 11 bytes [B8, F8, 45, 5E, 82, 21, 00, ...] .text C:\Windows\ImmersiveControlPanel\SystemSettings.exe[5572] C:\Windows\system32\WS2_32.dll!closesocket 00007ffbe4931be0 12 bytes [48, B8, 3E, 4B, 5E, 82, 21, ...] .text C:\Windows\ImmersiveControlPanel\SystemSettings.exe[5572] C:\Windows\system32\WS2_32.dll!recv + 1 00007ffbe4932571 11 bytes [B8, 96, 4D, 5E, 82, 21, 00, ...] .text C:\Windows\ImmersiveControlPanel\SystemSettings.exe[5572] C:\Windows\system32\WS2_32.dll!WSASend + 1 00007ffbe4932d61 11 bytes [B8, D4, 4B, 5E, 82, 21, 00, ...] .text C:\Windows\ImmersiveControlPanel\SystemSettings.exe[5572] C:\Windows\system32\WS2_32.dll!WSARecv + 1 00007ffbe4932ff1 11 bytes [B8, 2C, 4E, 5E, 82, 21, 00, ...] .text C:\Windows\ImmersiveControlPanel\SystemSettings.exe[5572] C:\Windows\system32\WS2_32.dll!WSASocketW 00007ffbe4933880 12 bytes [48, B8, A8, 4A, 5E, 82, 21, ...] .text C:\Windows\ImmersiveControlPanel\SystemSettings.exe[5572] C:\Windows\system32\WS2_32.dll!socket + 1 00007ffbe4933bd1 11 bytes [B8, 6A, 4C, 5E, 82, 21, 00, ...] .text C:\Windows\ImmersiveControlPanel\SystemSettings.exe[5572] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 00007ffbe4934230 12 bytes [48, B8, 50, 48, 5E, 82, 21, ...] .text C:\Windows\ImmersiveControlPanel\SystemSettings.exe[5572] C:\Windows\system32\WS2_32.dll!connect 00007ffbe4935730 12 bytes [48, B8, BA, 47, 5E, 82, 21, ...] .text C:\Windows\ImmersiveControlPanel\SystemSettings.exe[5572] C:\Windows\system32\WS2_32.dll!GetAddrInfoExW 00007ffbe49387e0 12 bytes [48, B8, E6, 48, 5E, 82, 21, ...] .text C:\Windows\ImmersiveControlPanel\SystemSettings.exe[5572] C:\Windows\system32\WS2_32.dll!send + 1 00007ffbe49442d1 11 bytes [B8, 12, 4A, 5E, 82, 21, 00, ...] .text C:\Windows\ImmersiveControlPanel\SystemSettings.exe[5572] C:\Windows\system32\WS2_32.dll!WSAConnect + 1 00007ffbe4946fe1 11 bytes [B8, 00, 4D, 5E, 82, 21, 00, ...] .text C:\Windows\ImmersiveControlPanel\SystemSettings.exe[5572] C:\Windows\system32\WS2_32.dll!gethostbyname + 1 00007ffbe49554b1 11 bytes [B8, 7C, 49, 5E, 82, 21, 00, ...] .text C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe[1436] C:\Windows\system32\KERNEL32.DLL!CreateToolhelp32Snapshot 00007ffbe4b4db10 12 bytes [48, B8, 1E, 08, 37, 00, 00, ...] .text C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe[1436] C:\Windows\system32\KERNEL32.DLL!Process32NextW 00007ffbe4b4e1f0 12 bytes [48, B8, 02, 15, 37, 00, 00, ...] .text C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe[1436] C:\Windows\system32\KERNEL32.DLL!GetStartupInfoA + 1 00007ffbe4be34b1 11 bytes [B8, 36, 1D, 37, 00, 00, 00, ...] .text C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe[1436] C:\Windows\system32\KERNEL32.DLL!MoveFileExA + 1 00007ffbe4c0aba1 8 bytes [B8, F0, 17, 37, 00, 00, 00, ...] .text C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe[1436] C:\Windows\system32\KERNEL32.DLL!MoveFileExA + 10 00007ffbe4c0abaa 2 bytes [50, C3] .text C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe[1436] C:\Windows\system32\KERNEL32.DLL!MoveFileWithProgressA + 1 00007ffbe4c0aca1 11 bytes [B8, 1C, 19, 37, 00, 00, 00, ...] .text C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe[1436] C:\Windows\system32\KERNELBASE.dll!CloseHandle 00007ffbe35f14c0 12 bytes [48, B8, CE, 0C, 37, 00, 00, ...] .text C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe[1436] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 00007ffbe35f21d1 11 bytes [B8, D6, 13, 37, 00, 00, 00, ...] .text C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe[1436] C:\Windows\system32\KERNELBASE.dll!GetProcAddress 00007ffbe35f42a0 12 bytes [48, B8, 6C, 14, 37, 00, 00, ...] .text C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe[1436] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 00007ffbe35f6750 12 bytes [48, B8, 38, 0C, 37, 00, 00, ...] .text C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe[1436] C:\Windows\system32\KERNELBASE.dll!OpenThread 00007ffbe35f6780 12 bytes [48, B8, E0, 09, 37, 00, 00, ...] .text C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe[1436] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 00007ffbe35f8931 11 bytes [B8, A2, 0B, 37, 00, 00, 00, ...] .text C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe[1436] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 1 00007ffbe35f8c41 11 bytes [B8, 40, 13, 37, 00, 00, 00, ...] .text C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe[1436] C:\Windows\system32\KERNELBASE.dll!FindClose + 1 00007ffbe35f9101 11 bytes [B8, A0, 1C, 37, 00, 00, 00, ...] .text C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe[1436] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 00007ffbe35f96b1 11 bytes [B8, AA, 12, 37, 00, 00, 00, ...] .text C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe[1436] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 00007ffbe35fc390 12 bytes [48, B8, 74, 1B, 37, 00, 00, ...] .text C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe[1436] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 00007ffbe3600a51 11 bytes [B8, 0A, 1C, 37, 00, 00, 00, ...] .text C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe[1436] C:\Windows\system32\KERNELBASE.dll!MoveFileWithProgressW + 1 00007ffbe3603901 11 bytes [B8, B2, 19, 37, 00, 00, 00, ...] .text C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe[1436] C:\Windows\system32\KERNELBASE.dll!CreateProcessInternalW 00007ffbe360b0a0 12 bytes [48, B8, 9A, 04, 37, 00, 00, ...] .text C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe[1436] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory + 1 00007ffbe3625bb1 11 bytes [B8, 0C, 0B, 37, 00, 00, 00, ...] .text C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe[1436] C:\Windows\system32\KERNELBASE.dll!MoveFileExW + 1 00007ffbe3648461 8 bytes [B8, 86, 18, 37, 00, 00, 00, ...] .text C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe[1436] C:\Windows\system32\KERNELBASE.dll!MoveFileExW + 10 00007ffbe364846a 2 bytes [50, C3] .text C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe[1436] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 00007ffbe366a101 11 bytes [B8, 5A, 17, 37, 00, 00, 00, ...] .text C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe[1436] C:\Windows\system32\KERNELBASE.dll!CreateThread 00007ffbe366a510 12 bytes [48, B8, 76, 0A, 37, 00, 00, ...] .text C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe[1436] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputA + 1 00007ffbe36bf8f1 11 bytes [B8, FA, 0D, 37, 00, 00, 00, ...] .text C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe[1436] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputW + 1 00007ffbe36bf971 11 bytes [B8, 90, 0E, 37, 00, 00, 00, ...] .text C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe[1436] C:\Windows\system32\KERNELBASE.dll!ReadConsoleA 00007ffbe36c0420 12 bytes [48, B8, 26, 0F, 37, 00, 00, ...] .text C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe[1436] C:\Windows\system32\KERNELBASE.dll!ReadConsoleW 00007ffbe36c0650 12 bytes [48, B8, BC, 0F, 37, 00, 00, ...] .text C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe[1436] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread 00007ffbe36d0d60 12 bytes [48, B8, AC, 01, 37, 00, 00, ...] .text C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe[1436] C:\Windows\system32\apphelp.dll!SdbQueryDataExTagID + 497 00007ffbe1e593d1 11 bytes [B8, B0, 2B, 37, 00, 00, 00, ...] .text C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe[1436] C:\Windows\system32\USER32.dll!ShowWindow 00007ffbe61a11b0 6 bytes [48, B8, 08, 2E, 37, 00] .text C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe[1436] C:\Windows\system32\USER32.dll!ShowWindow + 8 00007ffbe61a11b8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe[1436] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx 00007ffbe61a1210 6 bytes [48, B8, 46, 2C, 37, 00] .text C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe[1436] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx + 8 00007ffbe61a1218 4 bytes [00, 00, 50, C3] .text C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe[1436] C:\Windows\system32\USER32.dll!GetMessageW 00007ffbe61a25d0 12 bytes [48, B8, EE, 29, 37, 00, 00, ...] .text C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe[1436] C:\Windows\system32\USER32.dll!PeekMessageW + 1 00007ffbe61a28d1 11 bytes [B8, 1A, 2B, 37, 00, 00, 00, ...] .text C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe[1436] C:\Windows\system32\USER32.dll!GetWindowLongPtrW + 1 00007ffbe61a2a81 11 bytes [B8, 10, 35, 37, 00, 00, 00, ...] .text C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe[1436] C:\Windows\system32\USER32.dll!PostMessageW + 1 00007ffbe61a2f61 11 bytes [B8, 14, 39, 37, 00, 00, 00, ...] .text C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe[1436] C:\Windows\system32\USER32.dll!GetWindowLongPtrA + 1 00007ffbe61a46c1 11 bytes [B8, 7A, 34, 37, 00, 00, 00, ...] .text C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe[1436] C:\Windows\system32\USER32.dll!SetWindowTextW + 1 00007ffbe61a6431 11 bytes [B8, 8C, 31, 37, 00, 00, 00, ...] .text C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe[1436] C:\Windows\system32\USER32.dll!GetWindowLongW + 1 00007ffbe61a65b1 11 bytes [B8, 3C, 36, 37, 00, 00, 00, ...] .text C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe[1436] C:\Windows\system32\USER32.dll!GetWindowLongA 00007ffbe61a7e30 12 bytes [48, B8, A6, 35, 37, 00, 00, ...] .text C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe[1436] C:\Windows\system32\USER32.dll!GetMessageA + 1 00007ffbe61a9251 11 bytes [B8, 58, 29, 37, 00, 00, 00, ...] .text C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe[1436] C:\Windows\system32\USER32.dll!PostMessageA + 1 00007ffbe61a9371 11 bytes [B8, 7E, 38, 37, 00, 00, 00, ...] .text C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe[1436] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ffbe61a9920 2 bytes [48, B8] .text C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe[1436] C:\Windows\system32\USER32.dll!CreateWindowExW + 3 00007ffbe61a9923 4 bytes [2C, 37, 00, 00] .text ... * 2 .text C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe[1436] C:\Windows\system32\USER32.dll!CreateWindowExA 00007ffbe61acf60 7 bytes [48, B8, 72, 2D, 37, 00, 00] .text C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe[1436] C:\Windows\system32\USER32.dll!CreateWindowExA + 10 00007ffbe61acf6a 2 bytes [50, C3] .text C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe[1436] C:\Windows\system32\USER32.dll!SendNotifyMessageW + 1 00007ffbe61adad1 11 bytes [B8, E8, 37, 37, 00, 00, 00, ...] .text C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe[1436] C:\Windows\system32\USER32.dll!PeekMessageA + 1 00007ffbe61ae611 11 bytes [B8, 84, 2A, 37, 00, 00, 00, ...] .text C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe[1436] C:\Windows\system32\USER32.dll!UserClientDllInitialize + 1 00007ffbe61ae991 11 bytes [B8, 7C, 22, 37, 00, 00, 00, ...] .text C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe[1436] C:\Windows\system32\USER32.dll!SetWinEventHook 00007ffbe61b4090 12 bytes [48, B8, C2, 28, 37, 00, 00, ...] .text C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe[1436] C:\Windows\system32\USER32.dll!CreateDialogIndirectParamAorW + 1 00007ffbe61b9951 11 bytes [B8, 9E, 2E, 37, 00, 00, 00, ...] .text C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe[1436] C:\Windows\system32\USER32.dll!FindWindowExW + 1 00007ffbe61c41d1 11 bytes [B8, E4, 33, 37, 00, 00, 00, ...] .text C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe[1436] C:\Windows\system32\USER32.dll!FindWindowExA + 1 00007ffbe61c4701 5 bytes [B8, B8, 32, 37, 00] .text C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe[1436] C:\Windows\system32\USER32.dll!FindWindowExA + 9 00007ffbe61c4709 3 bytes [00, 50, C3] .text C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe[1436] C:\Windows\system32\USER32.dll!FindWindowW + 1 00007ffbe61c64e1 7 bytes [B8, 4E, 33, 37, 00, 00, 00] .text C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe[1436] C:\Windows\system32\USER32.dll!FindWindowW + 9 00007ffbe61c64e9 3 bytes [00, 50, C3] .text C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe[1436] C:\Windows\system32\USER32.dll!DialogBoxIndirectParamAorW + 1 00007ffbe61d8b51 11 bytes [B8, 34, 2F, 37, 00, 00, 00, ...] .text C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe[1436] C:\Windows\system32\USER32.dll!SendNotifyMessageA + 1 00007ffbe61dd9a1 11 bytes [B8, 52, 37, 37, 00, 00, 00, ...] .text C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe[1436] C:\Windows\system32\USER32.dll!SetWindowsHookExA + 1 00007ffbe6200da1 8 bytes [B8, 96, 27, 37, 00, 00, 00, ...] .text C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe[1436] C:\Windows\system32\USER32.dll!SetWindowsHookExA + 10 00007ffbe6200daa 2 bytes [50, C3] .text C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe[1436] C:\Windows\system32\USER32.dll!MessageBoxExA + 1 00007ffbe6227c31 11 bytes [B8, CA, 2F, 37, 00, 00, 00, ...] .text C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe[1436] C:\Windows\system32\USER32.dll!MessageBoxExW + 1 00007ffbe6227c61 11 bytes [B8, 60, 30, 37, 00, 00, 00, ...] .text C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe[1436] C:\Windows\system32\USER32.dll!FindWindowA + 1 00007ffbe6228e31 11 bytes [B8, 22, 32, 37, 00, 00, 00, ...] .text C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe[1436] C:\Windows\system32\USER32.dll!SetWindowTextA + 1 00007ffbe6230f71 11 bytes [B8, F6, 30, 37, 00, 00, 00, ...] .text C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe[1436] C:\Windows\system32\GDI32.dll!GdiDllInitialize + 465 00007ffbe43940d1 11 bytes [B8, 12, 23, 37, 00, 00, 00, ...] .text C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe[1436] C:\Windows\system32\GDI32.dll!NamedEscape + 1 00007ffbe4454ca1 11 bytes [B8, 00, 27, 37, 00, 00, 00, ...] .text C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe[1436] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 1 00007ffbe49b1da1 5 bytes [B8, 48, 41, 37, 00] .text C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe[1436] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 7 00007ffbe49b1da7 5 bytes [00, 00, 00, 50, C3] .text C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe[1436] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 1 00007ffbe49b2041 5 bytes [B8, 0A, 43, 37, 00] .text C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe[1436] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 7 00007ffbe49b2047 5 bytes [00, 00, 00, 50, C3] .text C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe[1436] C:\Windows\system32\ADVAPI32.dll!CryptHashData + 1 00007ffbe49b2061 5 bytes [B8, CC, 44, 37, 00] .text C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe[1436] C:\Windows\system32\ADVAPI32.dll!CryptHashData + 7 00007ffbe49b2067 5 bytes [00, 00, 00, 50, C3] .text C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe[1436] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 1 00007ffbe49b2071 5 bytes [B8, 36, 44, 37, 00] .text C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe[1436] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 7 00007ffbe49b2077 5 bytes [00, 00, 00, 50, C3] .text C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe[1436] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 1 00007ffbe49b2091 5 bytes [B8, 62, 45, 37, 00] .text C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe[1436] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 7 00007ffbe49b2097 5 bytes [00, 00, 00, 50, C3] .text C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe[1436] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 1 00007ffbe49b20a1 5 bytes [B8, A0, 43, 37, 00] .text C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe[1436] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 7 00007ffbe49b20a7 5 bytes [00, 00, 00, 50, C3] .text C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe[1436] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 1 00007ffbe49b2201 5 bytes [B8, B2, 40, 37, 00] .text C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe[1436] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 7 00007ffbe49b2207 5 bytes [00, 00, 00, 50, C3] .text C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe[1436] C:\Windows\system32\ADVAPI32.dll!CryptGenKey + 1 00007ffbe49e0fd1 5 bytes [B8, DE, 41, 37, 00] .text C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe[1436] C:\Windows\system32\ADVAPI32.dll!CryptGenKey + 7 00007ffbe49e0fd7 5 bytes [00, 00, 00, 50, C3] .text C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe[1436] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 1 00007ffbe49e0fe1 5 bytes [B8, 74, 42, 37, 00] .text C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe[1436] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 7 00007ffbe49e0fe7 5 bytes [00, 00, 00, 50, C3] .text C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe[1436] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 00007ffbe4a0dd30 12 bytes [48, B8, 86, 3F, 37, 00, 00, ...] .text C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe[1436] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 00007ffbe4a0ddc0 12 bytes [48, B8, 1C, 40, 37, 00, 00, ...] .text C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe[1436] C:\Windows\system32\SHELL32.dll!Shell_NotifyIconW + 1 00007ffbe4d557c1 11 bytes [B8, AA, 39, 37, 00, 00, 00, ...] .text C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe[1436] C:\Windows\system32\WS2_32.dll!closesocket 00007ffbe4931be0 12 bytes [48, B8, 7C, 49, 37, 00, 00, ...] .text C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe[1436] C:\Windows\system32\WS2_32.dll!recv + 1 00007ffbe4932571 11 bytes [B8, D4, 4B, 37, 00, 00, 00, ...] .text C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe[1436] C:\Windows\system32\WS2_32.dll!WSASend + 1 00007ffbe4932d61 11 bytes [B8, 12, 4A, 37, 00, 00, 00, ...] .text C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe[1436] C:\Windows\system32\WS2_32.dll!WSARecv + 1 00007ffbe4932ff1 11 bytes [B8, 6A, 4C, 37, 00, 00, 00, ...] .text C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe[1436] C:\Windows\system32\WS2_32.dll!WSASocketW 00007ffbe4933880 12 bytes [48, B8, E6, 48, 37, 00, 00, ...] .text C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe[1436] C:\Windows\system32\WS2_32.dll!socket + 1 00007ffbe4933bd1 11 bytes [B8, A8, 4A, 37, 00, 00, 00, ...] .text C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe[1436] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 00007ffbe4934230 12 bytes [48, B8, 8E, 46, 37, 00, 00, ...] .text C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe[1436] C:\Windows\system32\WS2_32.dll!connect 00007ffbe4935730 12 bytes [48, B8, F8, 45, 37, 00, 00, ...] .text C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe[1436] C:\Windows\system32\WS2_32.dll!GetAddrInfoExW 00007ffbe49387e0 12 bytes [48, B8, 24, 47, 37, 00, 00, ...] .text C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe[1436] C:\Windows\system32\WS2_32.dll!send + 1 00007ffbe49442d1 11 bytes [B8, 50, 48, 37, 00, 00, 00, ...] .text C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe[1436] C:\Windows\system32\WS2_32.dll!WSAConnect + 1 00007ffbe4946fe1 11 bytes [B8, 3E, 4B, 37, 00, 00, 00, ...] .text C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe[1436] C:\Windows\system32\WS2_32.dll!gethostbyname + 1 00007ffbe49554b1 11 bytes [B8, BA, 47, 37, 00, 00, 00, ...] .text C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe[1436] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 00007ffbe3be47a1 11 bytes [B8, F0, 3E, 37, 00, 00, 00, ...] .text C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe[1436] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 00007ffbe3be4d10 12 bytes [48, B8, D6, 3A, 37, 00, 00, ...] .text C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe[1436] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 00007ffbe3bea830 12 bytes [48, B8, 40, 3A, 37, 00, 00, ...] .text C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe[1436] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 00007ffbe3beae11 11 bytes [B8, 98, 3C, 37, 00, 00, 00, ...] .text C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe[1436] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 00007ffbe3beed61 11 bytes [B8, 02, 3C, 37, 00, 00, 00, ...] .text C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe[1436] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW + 1 00007ffbe3c04021 11 bytes [B8, 5A, 3E, 37, 00, 00, 00, ...] .text C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe[1436] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 00007ffbe3c0a1a1 11 bytes [B8, 2E, 3D, 37, 00, 00, 00, ...] .text C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe[1436] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA + 1 00007ffbe3c0de41 1 byte [B8] .text C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe[1436] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA + 3 00007ffbe3c0de43 9 bytes [3D, 37, 00, 00, 00, 00, 00, ...] .text C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe[1436] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 00007ffbe3c1ddf1 11 bytes [B8, 6C, 3B, 37, 00, 00, 00, ...] .text C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe[1436] C:\Windows\SYSTEM32\DNSAPI.dll!DnsQueryEx 00007ffbe2914420 12 bytes [48, B8, 58, 4F, 37, 00, 00, ...] .text C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe[1436] C:\Windows\SYSTEM32\DNSAPI.dll!DnsQuery_UTF8 00007ffbe2933cd0 12 bytes [48, B8, C2, 4E, 37, 00, 00, ...] .text C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe[1436] C:\Windows\SYSTEM32\DNSAPI.dll!DnsQuery_W 00007ffbe2934350 12 bytes [48, B8, 2C, 4E, 37, 00, 00, ...] .text C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe[1436] C:\Windows\SYSTEM32\DNSAPI.dll!DnsQuery_A 00007ffbe296fd90 12 bytes [48, B8, 96, 4D, 37, 00, 00, ...] .text C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe[1436] C:\Windows\SYSTEM32\urlmon.dll!URLDownloadToCacheFileW 00007ffbe1258c80 12 bytes [48, B8, 1A, 51, 37, 00, 00, ...] .text C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe[1436] C:\Windows\SYSTEM32\urlmon.dll!URLDownloadToFileW + 1 00007ffbe1274001 11 bytes [B8, 84, 50, 37, 00, 00, 00, ...] .text C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe[1436] C:\Windows\SYSTEM32\WINHTTP.dll!WinHttpCloseHandle + 1 00007ffbd7b19bd1 11 bytes [B8, DC, 52, 37, 00, 00, 00, ...] .text C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe[1436] C:\Windows\SYSTEM32\WINHTTP.dll!WinHttpOpenRequest 00007ffbd7b2f2d0 12 bytes [48, B8, 46, 52, 37, 00, 00, ...] .text C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe[1436] C:\Windows\SYSTEM32\WINHTTP.dll!WinHttpConnect + 1 00007ffbd7b30441 11 bytes [B8, 72, 53, 37, 00, 00, 00, ...] .text C:\Windows\System32\RuntimeBroker.exe[8880] C:\Windows\system32\KERNEL32.DLL!CreateToolhelp32Snapshot 00007ffbe4b4db10 12 bytes [48, B8, 1E, 08, 96, DA, 0C, ...] .text C:\Windows\System32\RuntimeBroker.exe[8880] C:\Windows\system32\KERNEL32.DLL!Process32NextW 00007ffbe4b4e1f0 12 bytes [48, B8, 02, 15, 96, DA, 0C, ...] .text C:\Windows\System32\RuntimeBroker.exe[8880] C:\Windows\system32\KERNEL32.DLL!GetStartupInfoA + 1 00007ffbe4be34b1 11 bytes [B8, 36, 1D, 96, DA, 0C, 00, ...] .text C:\Windows\System32\RuntimeBroker.exe[8880] C:\Windows\system32\KERNEL32.DLL!MoveFileExA + 1 00007ffbe4c0aba1 8 bytes [B8, F0, 17, 96, DA, 0C, 00, ...] .text C:\Windows\System32\RuntimeBroker.exe[8880] C:\Windows\system32\KERNEL32.DLL!MoveFileExA + 10 00007ffbe4c0abaa 2 bytes [50, C3] .text C:\Windows\System32\RuntimeBroker.exe[8880] C:\Windows\system32\KERNEL32.DLL!MoveFileWithProgressA + 1 00007ffbe4c0aca1 11 bytes [B8, 1C, 19, 96, DA, 0C, 00, ...] .text C:\Windows\System32\RuntimeBroker.exe[8880] C:\Windows\system32\KERNELBASE.dll!CloseHandle 00007ffbe35f14c0 12 bytes [48, B8, CE, 0C, 96, DA, 0C, ...] .text C:\Windows\System32\RuntimeBroker.exe[8880] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 00007ffbe35f21d1 11 bytes [B8, D6, 13, 96, DA, 0C, 00, ...] .text C:\Windows\System32\RuntimeBroker.exe[8880] C:\Windows\system32\KERNELBASE.dll!GetProcAddress 00007ffbe35f42a0 12 bytes [48, B8, 6C, 14, 96, DA, 0C, ...] .text C:\Windows\System32\RuntimeBroker.exe[8880] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 00007ffbe35f6750 12 bytes [48, B8, 38, 0C, 96, DA, 0C, ...] .text C:\Windows\System32\RuntimeBroker.exe[8880] C:\Windows\system32\KERNELBASE.dll!OpenThread 00007ffbe35f6780 12 bytes [48, B8, E0, 09, 96, DA, 0C, ...] .text C:\Windows\System32\RuntimeBroker.exe[8880] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 00007ffbe35f8931 11 bytes [B8, A2, 0B, 96, DA, 0C, 00, ...] .text C:\Windows\System32\RuntimeBroker.exe[8880] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 1 00007ffbe35f8c41 11 bytes [B8, 40, 13, 96, DA, 0C, 00, ...] .text C:\Windows\System32\RuntimeBroker.exe[8880] C:\Windows\system32\KERNELBASE.dll!FindClose + 1 00007ffbe35f9101 11 bytes [B8, A0, 1C, 96, DA, 0C, 00, ...] .text C:\Windows\System32\RuntimeBroker.exe[8880] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 00007ffbe35f96b1 11 bytes [B8, AA, 12, 96, DA, 0C, 00, ...] .text C:\Windows\System32\RuntimeBroker.exe[8880] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 00007ffbe35fc390 12 bytes [48, B8, 74, 1B, 96, DA, 0C, ...] .text C:\Windows\System32\RuntimeBroker.exe[8880] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 00007ffbe3600a51 11 bytes [B8, 0A, 1C, 96, DA, 0C, 00, ...] .text C:\Windows\System32\RuntimeBroker.exe[8880] C:\Windows\system32\KERNELBASE.dll!MoveFileWithProgressW + 1 00007ffbe3603901 11 bytes [B8, B2, 19, 96, DA, 0C, 00, ...] .text C:\Windows\System32\RuntimeBroker.exe[8880] C:\Windows\system32\KERNELBASE.dll!CreateProcessInternalW 00007ffbe360b0a0 12 bytes [48, B8, 9A, 04, 96, DA, 0C, ...] .text C:\Windows\System32\RuntimeBroker.exe[8880] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory + 1 00007ffbe3625bb1 11 bytes [B8, 0C, 0B, 96, DA, 0C, 00, ...] .text C:\Windows\System32\RuntimeBroker.exe[8880] C:\Windows\system32\KERNELBASE.dll!MoveFileExW + 1 00007ffbe3648461 8 bytes [B8, 86, 18, 96, DA, 0C, 00, ...] .text C:\Windows\System32\RuntimeBroker.exe[8880] C:\Windows\system32\KERNELBASE.dll!MoveFileExW + 10 00007ffbe364846a 2 bytes [50, C3] .text C:\Windows\System32\RuntimeBroker.exe[8880] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 00007ffbe366a101 11 bytes [B8, 5A, 17, 96, DA, 0C, 00, ...] .text C:\Windows\System32\RuntimeBroker.exe[8880] C:\Windows\system32\KERNELBASE.dll!CreateThread 00007ffbe366a510 12 bytes [48, B8, 76, 0A, 96, DA, 0C, ...] .text C:\Windows\System32\RuntimeBroker.exe[8880] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputA + 1 00007ffbe36bf8f1 11 bytes [B8, FA, 0D, 96, DA, 0C, 00, ...] .text C:\Windows\System32\RuntimeBroker.exe[8880] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputW + 1 00007ffbe36bf971 11 bytes [B8, 90, 0E, 96, DA, 0C, 00, ...] .text C:\Windows\System32\RuntimeBroker.exe[8880] C:\Windows\system32\KERNELBASE.dll!ReadConsoleA 00007ffbe36c0420 12 bytes [48, B8, 26, 0F, 96, DA, 0C, ...] .text C:\Windows\System32\RuntimeBroker.exe[8880] C:\Windows\system32\KERNELBASE.dll!ReadConsoleW 00007ffbe36c0650 12 bytes [48, B8, BC, 0F, 96, DA, 0C, ...] .text C:\Windows\System32\RuntimeBroker.exe[8880] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread 00007ffbe36d0d60 12 bytes [48, B8, AC, 01, 96, DA, 0C, ...] .text C:\Windows\System32\RuntimeBroker.exe[8880] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 00007ffbe3be47a1 11 bytes [B8, C2, 27, 96, DA, 0C, 00, ...] .text C:\Windows\System32\RuntimeBroker.exe[8880] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 00007ffbe3be4d10 12 bytes [48, B8, A8, 23, 96, DA, 0C, ...] .text C:\Windows\System32\RuntimeBroker.exe[8880] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 00007ffbe3bea830 12 bytes [48, B8, 12, 23, 96, DA, 0C, ...] .text C:\Windows\System32\RuntimeBroker.exe[8880] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 00007ffbe3beae11 11 bytes [B8, 6A, 25, 96, DA, 0C, 00, ...] .text C:\Windows\System32\RuntimeBroker.exe[8880] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 00007ffbe3beed61 11 bytes [B8, D4, 24, 96, DA, 0C, 00, ...] .text C:\Windows\System32\RuntimeBroker.exe[8880] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW + 1 00007ffbe3c04021 11 bytes [B8, 2C, 27, 96, DA, 0C, 00, ...] .text C:\Windows\System32\RuntimeBroker.exe[8880] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 00007ffbe3c0a1a1 11 bytes [B8, 00, 26, 96, DA, 0C, 00, ...] .text C:\Windows\System32\RuntimeBroker.exe[8880] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA + 1 00007ffbe3c0de41 11 bytes [B8, 96, 26, 96, DA, 0C, 00, ...] .text C:\Windows\System32\RuntimeBroker.exe[8880] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 00007ffbe3c1ddf1 11 bytes [B8, 3E, 24, 96, DA, 0C, 00, ...] .text C:\Windows\System32\RuntimeBroker.exe[8880] C:\Windows\system32\USER32.dll!ShowWindow 00007ffbe61a11b0 7 bytes [48, B8, F6, 2F, 96, DA, 0C] .text C:\Windows\System32\RuntimeBroker.exe[8880] C:\Windows\system32\USER32.dll!ShowWindow + 8 00007ffbe61a11b8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\RuntimeBroker.exe[8880] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx 00007ffbe61a1210 7 bytes [48, B8, 34, 2E, 96, DA, 0C] .text C:\Windows\System32\RuntimeBroker.exe[8880] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx + 8 00007ffbe61a1218 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\RuntimeBroker.exe[8880] C:\Windows\system32\USER32.dll!GetMessageW 00007ffbe61a25d0 12 bytes [48, B8, DC, 2B, 96, DA, 0C, ...] .text C:\Windows\System32\RuntimeBroker.exe[8880] C:\Windows\system32\USER32.dll!PeekMessageW + 1 00007ffbe61a28d1 11 bytes [B8, 08, 2D, 96, DA, 0C, 00, ...] .text C:\Windows\System32\RuntimeBroker.exe[8880] C:\Windows\system32\USER32.dll!GetWindowLongPtrW + 1 00007ffbe61a2a81 11 bytes [B8, FE, 36, 96, DA, 0C, 00, ...] .text C:\Windows\System32\RuntimeBroker.exe[8880] C:\Windows\system32\USER32.dll!PostMessageW + 1 00007ffbe61a2f61 11 bytes [B8, 02, 3B, 96, DA, 0C, 00, ...] .text C:\Windows\System32\RuntimeBroker.exe[8880] C:\Windows\system32\USER32.dll!CallNextHookEx 00007ffbe61a3490 12 bytes [48, B8, 9E, 2D, 96, DA, 0C, ...] .text C:\Windows\System32\RuntimeBroker.exe[8880] C:\Windows\system32\USER32.dll!GetWindowLongPtrA + 1 00007ffbe61a46c1 11 bytes [B8, 68, 36, 96, DA, 0C, 00, ...] .text C:\Windows\System32\RuntimeBroker.exe[8880] C:\Windows\system32\USER32.dll!SetWindowTextW + 1 00007ffbe61a6431 11 bytes [B8, 7A, 33, 96, DA, 0C, 00, ...] .text C:\Windows\System32\RuntimeBroker.exe[8880] C:\Windows\system32\USER32.dll!GetWindowLongW + 1 00007ffbe61a65b1 11 bytes [B8, 2A, 38, 96, DA, 0C, 00, ...] .text C:\Windows\System32\RuntimeBroker.exe[8880] C:\Windows\system32\USER32.dll!GetWindowLongA 00007ffbe61a7e30 12 bytes [48, B8, 94, 37, 96, DA, 0C, ...] .text C:\Windows\System32\RuntimeBroker.exe[8880] C:\Windows\system32\USER32.dll!GetMessageA + 1 00007ffbe61a9251 11 bytes [B8, 46, 2B, 96, DA, 0C, 00, ...] .text C:\Windows\System32\RuntimeBroker.exe[8880] C:\Windows\system32\USER32.dll!PostMessageA + 1 00007ffbe61a9371 11 bytes [B8, 6C, 3A, 96, DA, 0C, 00, ...] .text C:\Windows\System32\RuntimeBroker.exe[8880] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ffbe61a9920 7 bytes [48, B8, CA, 2E, 96, DA, 0C] .text C:\Windows\System32\RuntimeBroker.exe[8880] C:\Windows\system32\USER32.dll!CreateWindowExW + 10 00007ffbe61a992a 2 bytes [50, C3] .text C:\Windows\System32\RuntimeBroker.exe[8880] C:\Windows\system32\USER32.dll!SetWindowsHookExW + 1 00007ffbe61abf11 7 bytes [B8, 1A, 2A, 96, DA, 0C, 00] .text C:\Windows\System32\RuntimeBroker.exe[8880] C:\Windows\system32\USER32.dll!SetWindowsHookExW + 9 00007ffbe61abf19 3 bytes [00, 50, C3] .text C:\Windows\System32\RuntimeBroker.exe[8880] C:\Windows\system32\USER32.dll!CreateWindowExA 00007ffbe61acf60 7 bytes [48, B8, 60, 2F, 96, DA, 0C] .text C:\Windows\System32\RuntimeBroker.exe[8880] C:\Windows\system32\USER32.dll!CreateWindowExA + 10 00007ffbe61acf6a 2 bytes [50, C3] .text C:\Windows\System32\RuntimeBroker.exe[8880] C:\Windows\system32\USER32.dll!SendNotifyMessageW + 1 00007ffbe61adad1 11 bytes [B8, D6, 39, 96, DA, 0C, 00, ...] .text C:\Windows\System32\RuntimeBroker.exe[8880] C:\Windows\system32\USER32.dll!PeekMessageA + 1 00007ffbe61ae611 11 bytes [B8, 72, 2C, 96, DA, 0C, 00, ...] .text C:\Windows\System32\RuntimeBroker.exe[8880] C:\Windows\system32\USER32.dll!UserClientDllInitialize + 1 00007ffbe61ae991 11 bytes [B8, EE, 28, 96, DA, 0C, 00, ...] .text C:\Windows\System32\RuntimeBroker.exe[8880] C:\Windows\system32\USER32.dll!SetWinEventHook 00007ffbe61b4090 12 bytes [48, B8, B0, 2A, 96, DA, 0C, ...] .text C:\Windows\System32\RuntimeBroker.exe[8880] C:\Windows\system32\USER32.dll!CreateDialogIndirectParamAorW + 1 00007ffbe61b9951 11 bytes [B8, 8C, 30, 96, DA, 0C, 00, ...] .text C:\Windows\System32\RuntimeBroker.exe[8880] C:\Windows\system32\USER32.dll!FindWindowExW + 1 00007ffbe61c41d1 11 bytes [B8, D2, 35, 96, DA, 0C, 00, ...] .text C:\Windows\System32\RuntimeBroker.exe[8880] C:\Windows\system32\USER32.dll!FindWindowExA + 1 00007ffbe61c4701 6 bytes [B8, A6, 34, 96, DA, 0C] .text C:\Windows\System32\RuntimeBroker.exe[8880] C:\Windows\system32\USER32.dll!FindWindowExA + 9 00007ffbe61c4709 3 bytes [00, 50, C3] .text C:\Windows\System32\RuntimeBroker.exe[8880] C:\Windows\system32\USER32.dll!FindWindowW + 1 00007ffbe61c64e1 7 bytes [B8, 3C, 35, 96, DA, 0C, 00] .text C:\Windows\System32\RuntimeBroker.exe[8880] C:\Windows\system32\USER32.dll!FindWindowW + 9 00007ffbe61c64e9 3 bytes [00, 50, C3] .text C:\Windows\System32\RuntimeBroker.exe[8880] C:\Windows\system32\USER32.dll!DialogBoxIndirectParamAorW + 1 00007ffbe61d8b51 11 bytes [B8, 22, 31, 96, DA, 0C, 00, ...] .text C:\Windows\System32\RuntimeBroker.exe[8880] C:\Windows\system32\USER32.dll!SendNotifyMessageA + 1 00007ffbe61dd9a1 11 bytes [B8, 40, 39, 96, DA, 0C, 00, ...] .text C:\Windows\System32\RuntimeBroker.exe[8880] C:\Windows\system32\USER32.dll!SetWindowsHookExA + 1 00007ffbe6200da1 8 bytes [B8, 84, 29, 96, DA, 0C, 00, ...] .text C:\Windows\System32\RuntimeBroker.exe[8880] C:\Windows\system32\USER32.dll!SetWindowsHookExA + 10 00007ffbe6200daa 2 bytes [50, C3] .text C:\Windows\System32\RuntimeBroker.exe[8880] C:\Windows\system32\USER32.dll!MessageBoxExA + 1 00007ffbe6227c31 11 bytes [B8, B8, 31, 96, DA, 0C, 00, ...] .text C:\Windows\System32\RuntimeBroker.exe[8880] C:\Windows\system32\USER32.dll!MessageBoxExW + 1 00007ffbe6227c61 11 bytes [B8, 4E, 32, 96, DA, 0C, 00, ...] .text C:\Windows\System32\RuntimeBroker.exe[8880] C:\Windows\system32\USER32.dll!FindWindowA + 1 00007ffbe6228e31 11 bytes [B8, 10, 34, 96, DA, 0C, 00, ...] .text C:\Windows\System32\RuntimeBroker.exe[8880] C:\Windows\system32\USER32.dll!SetWindowTextA + 1 00007ffbe6230f71 11 bytes [B8, E4, 32, 96, DA, 0C, 00, ...] .text C:\Windows\System32\RuntimeBroker.exe[8880] C:\Windows\system32\SHELL32.dll!Shell_NotifyIconW + 1 00007ffbe4d557c1 11 bytes [B8, C4, 3D, 96, DA, 0C, 00, ...] .text C:\Windows\System32\RuntimeBroker.exe[8880] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 1 00007ffbe49b1da1 11 bytes [B8, B2, 40, 96, DA, 0C, 00, ...] .text C:\Windows\System32\RuntimeBroker.exe[8880] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 1 00007ffbe49b2041 11 bytes [B8, 74, 42, 96, DA, 0C, 00, ...] .text C:\Windows\System32\RuntimeBroker.exe[8880] C:\Windows\system32\ADVAPI32.dll!CryptHashData + 1 00007ffbe49b2061 11 bytes [B8, 36, 44, 96, DA, 0C, 00, ...] .text C:\Windows\System32\RuntimeBroker.exe[8880] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 1 00007ffbe49b2071 11 bytes [B8, A0, 43, 96, DA, 0C, 00, ...] .text C:\Windows\System32\RuntimeBroker.exe[8880] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 1 00007ffbe49b2091 11 bytes [B8, CC, 44, 96, DA, 0C, 00, ...] .text C:\Windows\System32\RuntimeBroker.exe[8880] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 1 00007ffbe49b20a1 11 bytes [B8, 0A, 43, 96, DA, 0C, 00, ...] .text C:\Windows\System32\RuntimeBroker.exe[8880] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 1 00007ffbe49b2201 11 bytes [B8, 1C, 40, 96, DA, 0C, 00, ...] .text C:\Windows\System32\RuntimeBroker.exe[8880] C:\Windows\system32\ADVAPI32.dll!CryptGenKey + 1 00007ffbe49e0fd1 11 bytes [B8, 48, 41, 96, DA, 0C, 00, ...] .text C:\Windows\System32\RuntimeBroker.exe[8880] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 1 00007ffbe49e0fe1 11 bytes [B8, DE, 41, 96, DA, 0C, 00, ...] .text C:\Windows\System32\RuntimeBroker.exe[8880] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 00007ffbe4a0dd30 12 bytes [48, B8, F0, 3E, 96, DA, 0C, ...] .text C:\Windows\System32\RuntimeBroker.exe[8880] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 00007ffbe4a0ddc0 12 bytes [48, B8, 86, 3F, 96, DA, 0C, ...] ---- Threads - GMER 2.1 ---- Thread C:\Windows\system32\csrss.exe [7036:6960] fffff960008ff2d0 ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code Disk \Device\Harddisk0\DR0 sector 0: rootkit-like behavior ---- EOF - GMER 2.1 ----