GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-11-22 23:07:38 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000002e ST500LT012-1DG142 rev.0002LVM1 465,76GB Running: 3rw1symz.exe; Driver: C:\Users\Andrzej\AppData\Local\Temp\kfxcraow.sys ---- User code sections - GMER 2.2 ---- .text C:\WINDOWS\system32\dwm.exe[68] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 00007ffc4dfb9e70 5 bytes JMP 00007ffc4e0b60c9 .text C:\WINDOWS\system32\dwm.exe[68] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateFile 00007ffc4e0558f0 5 bytes JMP 00007ffc4e0b60d7 .text C:\WINDOWS\system32\dwm.exe[68] C:\WINDOWS\System32\USER32.dll!PeekMessageA 00007ffc4c37e300 5 bytes JMP 00007ffc4c3fde24 .text C:\WINDOWS\system32\dwm.exe[68] C:\WINDOWS\System32\USER32.dll!PeekMessageW 00007ffc4c37e430 5 bytes JMP 00007ffc4c3fde32 .text C:\WINDOWS\system32\dwm.exe[68] C:\WINDOWS\System32\USER32.dll!GetMessageA 00007ffc4c37e8b0 5 bytes JMP 00007ffc4c3fde08 .text C:\WINDOWS\system32\dwm.exe[68] C:\WINDOWS\System32\USER32.dll!GetMessageW 00007ffc4c384840 5 bytes JMP 00007ffc4c3fde16 .text C:\WINDOWS\system32\dwm.exe[68] C:\WINDOWS\System32\USER32.dll!GetClipboardData 00007ffc4c3900d0 5 bytes JMP 00007ffc4c3fde40 .text C:\WINDOWS\system32\dwm.exe[68] C:\WINDOWS\System32\CRYPT32.dll!PFXImportCertStore 00007ffc4b271020 5 bytes JMP 00007ffc4b36606a .text C:\WINDOWS\system32\dwm.exe[68] C:\WINDOWS\System32\WS2_32.dll!recv 00007ffc4ddcafc0 5 bytes JMP 00007ffc4de03905 .text C:\WINDOWS\system32\dwm.exe[68] C:\WINDOWS\System32\WS2_32.dll!closesocket 00007ffc4ddcb720 5 bytes JMP 00007ffc4de038e9 .text C:\WINDOWS\system32\dwm.exe[68] C:\WINDOWS\System32\WS2_32.dll!WSASend 00007ffc4ddcb920 5 bytes JMP 00007ffc4de03913 .text C:\WINDOWS\system32\dwm.exe[68] C:\WINDOWS\System32\WS2_32.dll!send 00007ffc4ddcc520 5 bytes JMP 00007ffc4de038f7 .text C:\WINDOWS\system32\dwm.exe[68] C:\WINDOWS\system32\WININET.dll!HttpSendRequestExA 00007ffc388cd360 5 bytes JMP 00007ffc38a5969f .text C:\WINDOWS\system32\dwm.exe[68] C:\WINDOWS\system32\WININET.dll!InternetReadFile 00007ffc388d89f0 5 bytes JMP 00007ffc38a596bb .text C:\WINDOWS\system32\dwm.exe[68] C:\WINDOWS\system32\WININET.dll!InternetQueryDataAvailable 00007ffc3891edb0 5 bytes JMP 00007ffc38a596d7 .text C:\WINDOWS\system32\dwm.exe[68] C:\WINDOWS\system32\WININET.dll!HttpSendRequestW 00007ffc389234e0 5 bytes JMP 00007ffc38a59675 .text C:\WINDOWS\system32\dwm.exe[68] C:\WINDOWS\system32\WININET.dll!InternetCloseHandle 00007ffc38924a50 5 bytes JMP 00007ffc38a596ad .text C:\WINDOWS\system32\dwm.exe[68] C:\WINDOWS\system32\WININET.dll!HttpQueryInfoW 00007ffc3892d8e0 5 bytes JMP 00007ffc38a596f3 .text C:\WINDOWS\system32\dwm.exe[68] C:\WINDOWS\system32\WININET.dll!InternetReadFileExA 00007ffc3892e5a0 5 bytes JMP 00007ffc38a596c9 .text C:\WINDOWS\system32\dwm.exe[68] C:\WINDOWS\system32\WININET.dll!HttpQueryInfoA 00007ffc3892edc0 5 bytes JMP 00007ffc38a596e5 .text C:\WINDOWS\system32\dwm.exe[68] C:\WINDOWS\system32\WININET.dll!HttpSendRequestExW 00007ffc3895de20 5 bytes JMP 00007ffc38a59691 .text C:\WINDOWS\system32\dwm.exe[68] C:\WINDOWS\system32\WININET.dll!HttpSendRequestA 00007ffc38964d50 5 bytes JMP 00007ffc38a59683 .text C:\Windows\System32\WUDFHost.exe[1140] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 00007ffc4dfb9e70 5 bytes JMP 00007ffc4e0b60c9 .text C:\Windows\System32\WUDFHost.exe[1140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateFile 00007ffc4e0558f0 5 bytes JMP 00007ffc4e0b60d7 .text C:\Windows\System32\WUDFHost.exe[1140] C:\WINDOWS\System32\USER32.dll!PeekMessageA 00007ffc4c37e300 5 bytes JMP 00007ffc4c3fde24 .text C:\Windows\System32\WUDFHost.exe[1140] C:\WINDOWS\System32\USER32.dll!PeekMessageW 00007ffc4c37e430 5 bytes JMP 00007ffc4c3fde32 .text C:\Windows\System32\WUDFHost.exe[1140] C:\WINDOWS\System32\USER32.dll!GetMessageA 00007ffc4c37e8b0 5 bytes JMP 00007ffc4c3fde08 .text C:\Windows\System32\WUDFHost.exe[1140] C:\WINDOWS\System32\USER32.dll!GetMessageW 00007ffc4c384840 5 bytes JMP 00007ffc4c3fde16 .text C:\Windows\System32\WUDFHost.exe[1140] C:\WINDOWS\System32\USER32.dll!GetClipboardData 00007ffc4c3900d0 5 bytes JMP 00007ffc4c3fde40 .text C:\Windows\System32\WUDFHost.exe[1140] C:\WINDOWS\System32\WS2_32.dll!recv 00007ffc4ddcafc0 5 bytes JMP 00007ffc4de03905 .text C:\Windows\System32\WUDFHost.exe[1140] C:\WINDOWS\System32\WS2_32.dll!closesocket 00007ffc4ddcb720 5 bytes JMP 00007ffc4de038e9 .text C:\Windows\System32\WUDFHost.exe[1140] C:\WINDOWS\System32\WS2_32.dll!WSASend 00007ffc4ddcb920 5 bytes JMP 00007ffc4de03913 .text C:\Windows\System32\WUDFHost.exe[1140] C:\WINDOWS\System32\WS2_32.dll!send 00007ffc4ddcc520 5 bytes JMP 00007ffc4de038f7 .text C:\Windows\System32\WUDFHost.exe[1140] C:\WINDOWS\System32\CRYPT32.dll!PFXImportCertStore 00007ffc4b271020 5 bytes JMP 00007ffc4b36606a .text C:\Windows\System32\WUDFHost.exe[1140] C:\Windows\System32\WININET.dll!HttpSendRequestExA 00007ffc388cd360 5 bytes JMP 00007ffc38a5969f .text C:\Windows\System32\WUDFHost.exe[1140] C:\Windows\System32\WININET.dll!InternetReadFile 00007ffc388d89f0 5 bytes JMP 00007ffc38a596bb .text C:\Windows\System32\WUDFHost.exe[1140] C:\Windows\System32\WININET.dll!InternetQueryDataAvailable 00007ffc3891edb0 5 bytes JMP 00007ffc38a596d7 .text C:\Windows\System32\WUDFHost.exe[1140] C:\Windows\System32\WININET.dll!HttpSendRequestW 00007ffc389234e0 5 bytes JMP 00007ffc38a59675 .text C:\Windows\System32\WUDFHost.exe[1140] C:\Windows\System32\WININET.dll!InternetCloseHandle 00007ffc38924a50 5 bytes JMP 00007ffc38a596ad .text C:\Windows\System32\WUDFHost.exe[1140] C:\Windows\System32\WININET.dll!HttpQueryInfoW 00007ffc3892d8e0 5 bytes JMP 00007ffc38a596f3 .text C:\Windows\System32\WUDFHost.exe[1140] C:\Windows\System32\WININET.dll!InternetReadFileExA 00007ffc3892e5a0 5 bytes JMP 00007ffc38a596c9 .text C:\Windows\System32\WUDFHost.exe[1140] C:\Windows\System32\WININET.dll!HttpQueryInfoA 00007ffc3892edc0 5 bytes JMP 00007ffc38a596e5 .text C:\Windows\System32\WUDFHost.exe[1140] C:\Windows\System32\WININET.dll!HttpSendRequestExW 00007ffc3895de20 5 bytes JMP 00007ffc38a59691 .text C:\Windows\System32\WUDFHost.exe[1140] C:\Windows\System32\WININET.dll!HttpSendRequestA 00007ffc38964d50 5 bytes JMP 00007ffc38a59683 .text C:\WINDOWS\system32\igfxCUIService.exe[1408] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 00007ffc4dfb9e70 5 bytes JMP 00007ffc4e0b60c9 .text C:\WINDOWS\system32\igfxCUIService.exe[1408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateFile 00007ffc4e0558f0 5 bytes JMP 00007ffc4e0b60d7 .text C:\WINDOWS\system32\igfxCUIService.exe[1408] C:\WINDOWS\System32\USER32.dll!PeekMessageA 00007ffc4c37e300 5 bytes JMP 00007ffc4c3fde24 .text C:\WINDOWS\system32\igfxCUIService.exe[1408] C:\WINDOWS\System32\USER32.dll!PeekMessageW 00007ffc4c37e430 5 bytes JMP 00007ffc4c3fde32 .text C:\WINDOWS\system32\igfxCUIService.exe[1408] C:\WINDOWS\System32\USER32.dll!GetMessageA 00007ffc4c37e8b0 5 bytes JMP 00007ffc4c3fde08 .text C:\WINDOWS\system32\igfxCUIService.exe[1408] C:\WINDOWS\System32\USER32.dll!GetMessageW 00007ffc4c384840 5 bytes JMP 00007ffc4c3fde16 .text C:\WINDOWS\system32\igfxCUIService.exe[1408] C:\WINDOWS\System32\USER32.dll!GetClipboardData 00007ffc4c3900d0 5 bytes JMP 00007ffc4c3fde40 .text C:\WINDOWS\system32\igfxCUIService.exe[1408] C:\WINDOWS\System32\CRYPT32.dll!PFXImportCertStore 00007ffc4b271020 5 bytes JMP 00007ffc4b36606a .text C:\WINDOWS\system32\igfxCUIService.exe[1408] C:\WINDOWS\System32\WS2_32.dll!recv 00007ffc4ddcafc0 5 bytes JMP 00007ffc4de03905 .text C:\WINDOWS\system32\igfxCUIService.exe[1408] C:\WINDOWS\System32\WS2_32.dll!closesocket 00007ffc4ddcb720 5 bytes JMP 00007ffc4de038e9 .text C:\WINDOWS\system32\igfxCUIService.exe[1408] C:\WINDOWS\System32\WS2_32.dll!WSASend 00007ffc4ddcb920 5 bytes JMP 00007ffc4de03913 .text C:\WINDOWS\system32\igfxCUIService.exe[1408] C:\WINDOWS\System32\WS2_32.dll!send 00007ffc4ddcc520 5 bytes JMP 00007ffc4de038f7 .text C:\WINDOWS\system32\igfxCUIService.exe[1408] C:\WINDOWS\system32\WININET.dll!HttpSendRequestExA 00007ffc388cd360 5 bytes JMP 00007ffc38a5969f .text C:\WINDOWS\system32\igfxCUIService.exe[1408] C:\WINDOWS\system32\WININET.dll!InternetReadFile 00007ffc388d89f0 5 bytes JMP 00007ffc38a596bb .text C:\WINDOWS\system32\igfxCUIService.exe[1408] C:\WINDOWS\system32\WININET.dll!InternetQueryDataAvailable 00007ffc3891edb0 5 bytes JMP 00007ffc38a596d7 .text C:\WINDOWS\system32\igfxCUIService.exe[1408] C:\WINDOWS\system32\WININET.dll!HttpSendRequestW 00007ffc389234e0 5 bytes JMP 00007ffc38a59675 .text C:\WINDOWS\system32\igfxCUIService.exe[1408] C:\WINDOWS\system32\WININET.dll!InternetCloseHandle 00007ffc38924a50 5 bytes JMP 00007ffc38a596ad .text C:\WINDOWS\system32\igfxCUIService.exe[1408] C:\WINDOWS\system32\WININET.dll!HttpQueryInfoW 00007ffc3892d8e0 5 bytes JMP 00007ffc38a596f3 .text C:\WINDOWS\system32\igfxCUIService.exe[1408] C:\WINDOWS\system32\WININET.dll!InternetReadFileExA 00007ffc3892e5a0 5 bytes JMP 00007ffc38a596c9 .text C:\WINDOWS\system32\igfxCUIService.exe[1408] C:\WINDOWS\system32\WININET.dll!HttpQueryInfoA 00007ffc3892edc0 5 bytes JMP 00007ffc38a596e5 .text C:\WINDOWS\system32\igfxCUIService.exe[1408] C:\WINDOWS\system32\WININET.dll!HttpSendRequestExW 00007ffc3895de20 5 bytes JMP 00007ffc38a59691 .text C:\WINDOWS\system32\igfxCUIService.exe[1408] C:\WINDOWS\system32\WININET.dll!HttpSendRequestA 00007ffc38964d50 5 bytes JMP 00007ffc38a59683 .text C:\WINDOWS\System32\spoolsv.exe[1800] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 00007ffc4dfb9e70 5 bytes JMP 00007ffc4e0b60c9 .text C:\WINDOWS\System32\spoolsv.exe[1800] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateFile 00007ffc4e0558f0 5 bytes JMP 00007ffc4e0b60d7 .text C:\WINDOWS\System32\spoolsv.exe[1800] C:\WINDOWS\System32\USER32.dll!PeekMessageA 00007ffc4c37e300 5 bytes JMP 00007ffc4c3fde24 .text C:\WINDOWS\System32\spoolsv.exe[1800] C:\WINDOWS\System32\USER32.dll!PeekMessageW 00007ffc4c37e430 5 bytes JMP 00007ffc4c3fde32 .text C:\WINDOWS\System32\spoolsv.exe[1800] C:\WINDOWS\System32\USER32.dll!GetMessageA 00007ffc4c37e8b0 5 bytes JMP 00007ffc4c3fde08 .text C:\WINDOWS\System32\spoolsv.exe[1800] C:\WINDOWS\System32\USER32.dll!GetMessageW 00007ffc4c384840 5 bytes JMP 00007ffc4c3fde16 .text C:\WINDOWS\System32\spoolsv.exe[1800] C:\WINDOWS\System32\USER32.dll!GetClipboardData 00007ffc4c3900d0 5 bytes JMP 00007ffc4c3fde40 .text C:\WINDOWS\System32\spoolsv.exe[1800] C:\WINDOWS\System32\WS2_32.dll!recv 00007ffc4ddcafc0 5 bytes JMP 00007ffc4de03905 .text C:\WINDOWS\System32\spoolsv.exe[1800] C:\WINDOWS\System32\WS2_32.dll!closesocket 00007ffc4ddcb720 5 bytes JMP 00007ffc4de038e9 .text C:\WINDOWS\System32\spoolsv.exe[1800] C:\WINDOWS\System32\WS2_32.dll!WSASend 00007ffc4ddcb920 5 bytes JMP 00007ffc4de03913 .text C:\WINDOWS\System32\spoolsv.exe[1800] C:\WINDOWS\System32\WS2_32.dll!send 00007ffc4ddcc520 5 bytes JMP 00007ffc4de038f7 .text C:\WINDOWS\System32\spoolsv.exe[1800] C:\WINDOWS\System32\CRYPT32.dll!PFXImportCertStore 00007ffc4b271020 5 bytes JMP 00007ffc4b36606a .text C:\WINDOWS\System32\spoolsv.exe[1800] C:\WINDOWS\System32\WININET.dll!HttpSendRequestExA 00007ffc388cd360 5 bytes JMP 00007ffc38a5969f .text C:\WINDOWS\System32\spoolsv.exe[1800] C:\WINDOWS\System32\WININET.dll!InternetReadFile 00007ffc388d89f0 5 bytes JMP 00007ffc38a596bb .text C:\WINDOWS\System32\spoolsv.exe[1800] C:\WINDOWS\System32\WININET.dll!InternetQueryDataAvailable 00007ffc3891edb0 5 bytes JMP 00007ffc38a596d7 .text C:\WINDOWS\System32\spoolsv.exe[1800] C:\WINDOWS\System32\WININET.dll!HttpSendRequestW 00007ffc389234e0 5 bytes JMP 00007ffc38a59675 .text C:\WINDOWS\System32\spoolsv.exe[1800] C:\WINDOWS\System32\WININET.dll!InternetCloseHandle 00007ffc38924a50 5 bytes JMP 00007ffc38a596ad .text C:\WINDOWS\System32\spoolsv.exe[1800] C:\WINDOWS\System32\WININET.dll!HttpQueryInfoW 00007ffc3892d8e0 5 bytes JMP 00007ffc38a596f3 .text C:\WINDOWS\System32\spoolsv.exe[1800] C:\WINDOWS\System32\WININET.dll!InternetReadFileExA 00007ffc3892e5a0 5 bytes JMP 00007ffc38a596c9 .text C:\WINDOWS\System32\spoolsv.exe[1800] C:\WINDOWS\System32\WININET.dll!HttpQueryInfoA 00007ffc3892edc0 5 bytes JMP 00007ffc38a596e5 .text C:\WINDOWS\System32\spoolsv.exe[1800] C:\WINDOWS\System32\WININET.dll!HttpSendRequestExW 00007ffc3895de20 5 bytes JMP 00007ffc38a59691 .text C:\WINDOWS\System32\spoolsv.exe[1800] C:\WINDOWS\System32\WININET.dll!HttpSendRequestA 00007ffc38964d50 5 bytes JMP 00007ffc38a59683 .text C:\WINDOWS\system32\dashost.exe[1964] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 00007ffc4dfb9e70 5 bytes JMP 00007ffc4e0b60c9 .text C:\WINDOWS\system32\dashost.exe[1964] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateFile 00007ffc4e0558f0 5 bytes JMP 00007ffc4e0b60d7 .text C:\WINDOWS\system32\dashost.exe[1964] C:\WINDOWS\System32\WS2_32.dll!recv 00007ffc4ddcafc0 5 bytes JMP 00007ffc4de03905 .text C:\WINDOWS\system32\dashost.exe[1964] C:\WINDOWS\System32\WS2_32.dll!closesocket 00007ffc4ddcb720 5 bytes JMP 00007ffc4de038e9 .text C:\WINDOWS\system32\dashost.exe[1964] C:\WINDOWS\System32\WS2_32.dll!WSASend 00007ffc4ddcb920 5 bytes JMP 00007ffc4de03913 .text C:\WINDOWS\system32\dashost.exe[1964] C:\WINDOWS\System32\WS2_32.dll!send 00007ffc4ddcc520 5 bytes JMP 00007ffc4de038f7 .text C:\WINDOWS\system32\dashost.exe[1964] C:\WINDOWS\System32\CRYPT32.dll!PFXImportCertStore 00007ffc4b271020 5 bytes JMP 00007ffc4b36606a .text C:\WINDOWS\system32\dashost.exe[1964] C:\WINDOWS\system32\WININET.dll!HttpSendRequestExA 00007ffc388cd360 5 bytes JMP 00007ffc38a5969f .text C:\WINDOWS\system32\dashost.exe[1964] C:\WINDOWS\system32\WININET.dll!InternetReadFile 00007ffc388d89f0 5 bytes JMP 00007ffc38a596bb .text C:\WINDOWS\system32\dashost.exe[1964] C:\WINDOWS\system32\WININET.dll!InternetQueryDataAvailable 00007ffc3891edb0 5 bytes JMP 00007ffc38a596d7 .text C:\WINDOWS\system32\dashost.exe[1964] C:\WINDOWS\system32\WININET.dll!HttpSendRequestW 00007ffc389234e0 5 bytes JMP 00007ffc38a59675 .text C:\WINDOWS\system32\dashost.exe[1964] C:\WINDOWS\system32\WININET.dll!InternetCloseHandle 00007ffc38924a50 5 bytes JMP 00007ffc38a596ad .text C:\WINDOWS\system32\dashost.exe[1964] C:\WINDOWS\system32\WININET.dll!HttpQueryInfoW 00007ffc3892d8e0 5 bytes JMP 00007ffc38a596f3 .text C:\WINDOWS\system32\dashost.exe[1964] C:\WINDOWS\system32\WININET.dll!InternetReadFileExA 00007ffc3892e5a0 5 bytes JMP 00007ffc38a596c9 .text C:\WINDOWS\system32\dashost.exe[1964] C:\WINDOWS\system32\WININET.dll!HttpQueryInfoA 00007ffc3892edc0 5 bytes JMP 00007ffc38a596e5 .text C:\WINDOWS\system32\dashost.exe[1964] C:\WINDOWS\system32\WININET.dll!HttpSendRequestExW 00007ffc3895de20 5 bytes JMP 00007ffc38a59691 .text C:\WINDOWS\system32\dashost.exe[1964] C:\WINDOWS\system32\WININET.dll!HttpSendRequestA 00007ffc38964d50 5 bytes JMP 00007ffc38a59683 .text C:\WINDOWS\system32\dashost.exe[1964] C:\WINDOWS\System32\USER32.dll!PeekMessageA 00007ffc4c37e300 5 bytes JMP 00007ffc4c3fde24 .text C:\WINDOWS\system32\dashost.exe[1964] C:\WINDOWS\System32\USER32.dll!PeekMessageW 00007ffc4c37e430 5 bytes JMP 00007ffc4c3fde32 .text C:\WINDOWS\system32\dashost.exe[1964] C:\WINDOWS\System32\USER32.dll!GetMessageA 00007ffc4c37e8b0 5 bytes JMP 00007ffc4c3fde08 .text C:\WINDOWS\system32\dashost.exe[1964] C:\WINDOWS\System32\USER32.dll!GetMessageW 00007ffc4c384840 5 bytes JMP 00007ffc4c3fde16 .text C:\WINDOWS\system32\dashost.exe[1964] C:\WINDOWS\System32\USER32.dll!GetClipboardData 00007ffc4c3900d0 5 bytes JMP 00007ffc4c3fde40 .text C:\Windows\System32\WUDFHost.exe[1972] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 00007ffc4dfb9e70 5 bytes JMP 00007ffc4e0b60c9 .text C:\Windows\System32\WUDFHost.exe[1972] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateFile 00007ffc4e0558f0 5 bytes JMP 00007ffc4e0b60d7 .text C:\Windows\System32\WUDFHost.exe[1972] C:\WINDOWS\System32\USER32.dll!PeekMessageA 00007ffc4c37e300 5 bytes JMP 00007ffc4c3fde24 .text C:\Windows\System32\WUDFHost.exe[1972] C:\WINDOWS\System32\USER32.dll!PeekMessageW 00007ffc4c37e430 5 bytes JMP 00007ffc4c3fde32 .text C:\Windows\System32\WUDFHost.exe[1972] C:\WINDOWS\System32\USER32.dll!GetMessageA 00007ffc4c37e8b0 5 bytes JMP 00007ffc4c3fde08 .text C:\Windows\System32\WUDFHost.exe[1972] C:\WINDOWS\System32\USER32.dll!GetMessageW 00007ffc4c384840 5 bytes JMP 00007ffc4c3fde16 .text C:\Windows\System32\WUDFHost.exe[1972] C:\WINDOWS\System32\USER32.dll!GetClipboardData 00007ffc4c3900d0 5 bytes JMP 00007ffc4c3fde40 .text C:\Windows\System32\WUDFHost.exe[1972] C:\WINDOWS\System32\WS2_32.dll!recv 00007ffc4ddcafc0 5 bytes JMP 00007ffc4de03905 .text C:\Windows\System32\WUDFHost.exe[1972] C:\WINDOWS\System32\WS2_32.dll!closesocket 00007ffc4ddcb720 5 bytes JMP 00007ffc4de038e9 .text C:\Windows\System32\WUDFHost.exe[1972] C:\WINDOWS\System32\WS2_32.dll!WSASend 00007ffc4ddcb920 5 bytes JMP 00007ffc4de03913 .text C:\Windows\System32\WUDFHost.exe[1972] C:\WINDOWS\System32\WS2_32.dll!send 00007ffc4ddcc520 5 bytes JMP 00007ffc4de038f7 .text C:\Windows\System32\WUDFHost.exe[1972] C:\Windows\System32\WININET.dll!HttpSendRequestExA 00007ffc388cd360 5 bytes JMP 00007ffc38a5969f .text C:\Windows\System32\WUDFHost.exe[1972] C:\Windows\System32\WININET.dll!InternetReadFile 00007ffc388d89f0 5 bytes JMP 00007ffc38a596bb .text C:\Windows\System32\WUDFHost.exe[1972] C:\Windows\System32\WININET.dll!InternetQueryDataAvailable 00007ffc3891edb0 5 bytes JMP 00007ffc38a596d7 .text C:\Windows\System32\WUDFHost.exe[1972] C:\Windows\System32\WININET.dll!HttpSendRequestW 00007ffc389234e0 5 bytes JMP 00007ffc38a59675 .text C:\Windows\System32\WUDFHost.exe[1972] C:\Windows\System32\WININET.dll!InternetCloseHandle 00007ffc38924a50 5 bytes JMP 00007ffc38a596ad .text C:\Windows\System32\WUDFHost.exe[1972] C:\Windows\System32\WININET.dll!HttpQueryInfoW 00007ffc3892d8e0 5 bytes JMP 00007ffc38a596f3 .text C:\Windows\System32\WUDFHost.exe[1972] C:\Windows\System32\WININET.dll!InternetReadFileExA 00007ffc3892e5a0 5 bytes JMP 00007ffc38a596c9 .text C:\Windows\System32\WUDFHost.exe[1972] C:\Windows\System32\WININET.dll!HttpQueryInfoA 00007ffc3892edc0 5 bytes JMP 00007ffc38a596e5 .text C:\Windows\System32\WUDFHost.exe[1972] C:\Windows\System32\WININET.dll!HttpSendRequestExW 00007ffc3895de20 5 bytes JMP 00007ffc38a59691 .text C:\Windows\System32\WUDFHost.exe[1972] C:\Windows\System32\WININET.dll!HttpSendRequestA 00007ffc38964d50 5 bytes JMP 00007ffc38a59683 .text C:\Windows\System32\WUDFHost.exe[1972] C:\WINDOWS\System32\CRYPT32.dll!PFXImportCertStore 00007ffc4b271020 5 bytes JMP 00007ffc4b36606a .text C:\WINDOWS\system32\sihost.exe[2236] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 00007ffc4dfb9e70 5 bytes JMP 00007ffc4e0b60c9 .text C:\WINDOWS\system32\sihost.exe[2236] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateFile 00007ffc4e0558f0 5 bytes JMP 00007ffc4e0b60d7 .text C:\WINDOWS\system32\sihost.exe[2236] C:\WINDOWS\System32\user32.dll!PeekMessageA 00007ffc4c37e300 5 bytes JMP 00007ffc4c3fde24 .text C:\WINDOWS\system32\sihost.exe[2236] C:\WINDOWS\System32\user32.dll!PeekMessageW 00007ffc4c37e430 5 bytes JMP 00007ffc4c3fde32 .text C:\WINDOWS\system32\sihost.exe[2236] C:\WINDOWS\System32\user32.dll!GetMessageA 00007ffc4c37e8b0 5 bytes JMP 00007ffc4c3fde08 .text C:\WINDOWS\system32\sihost.exe[2236] C:\WINDOWS\System32\user32.dll!GetMessageW 00007ffc4c384840 5 bytes JMP 00007ffc4c3fde16 .text C:\WINDOWS\system32\sihost.exe[2236] C:\WINDOWS\System32\user32.dll!GetClipboardData 00007ffc4c3900d0 5 bytes JMP 00007ffc4c3fde40 .text C:\WINDOWS\system32\sihost.exe[2236] C:\WINDOWS\System32\WS2_32.dll!recv 00007ffc4ddcafc0 5 bytes JMP 00007ffc4de03905 .text C:\WINDOWS\system32\sihost.exe[2236] C:\WINDOWS\System32\WS2_32.dll!closesocket 00007ffc4ddcb720 5 bytes JMP 00007ffc4de038e9 .text C:\WINDOWS\system32\sihost.exe[2236] C:\WINDOWS\System32\WS2_32.dll!WSASend 00007ffc4ddcb920 5 bytes JMP 00007ffc4de03913 .text C:\WINDOWS\system32\sihost.exe[2236] C:\WINDOWS\System32\WS2_32.dll!send 00007ffc4ddcc520 5 bytes JMP 00007ffc4de038f7 .text C:\WINDOWS\system32\sihost.exe[2236] C:\WINDOWS\system32\WININET.dll!HttpSendRequestExA 00007ffc388cd360 5 bytes JMP 00007ffc38a5969f .text C:\WINDOWS\system32\sihost.exe[2236] C:\WINDOWS\system32\WININET.dll!InternetReadFile 00007ffc388d89f0 5 bytes JMP 00007ffc38a596bb .text C:\WINDOWS\system32\sihost.exe[2236] C:\WINDOWS\system32\WININET.dll!InternetQueryDataAvailable 00007ffc3891edb0 5 bytes JMP 00007ffc38a596d7 .text C:\WINDOWS\system32\sihost.exe[2236] C:\WINDOWS\system32\WININET.dll!HttpSendRequestW 00007ffc389234e0 5 bytes JMP 00007ffc38a59675 .text C:\WINDOWS\system32\sihost.exe[2236] C:\WINDOWS\system32\WININET.dll!InternetCloseHandle 00007ffc38924a50 5 bytes JMP 00007ffc38a596ad .text C:\WINDOWS\system32\sihost.exe[2236] C:\WINDOWS\system32\WININET.dll!HttpQueryInfoW 00007ffc3892d8e0 5 bytes JMP 00007ffc38a596f3 .text C:\WINDOWS\system32\sihost.exe[2236] C:\WINDOWS\system32\WININET.dll!InternetReadFileExA 00007ffc3892e5a0 5 bytes JMP 00007ffc38a596c9 .text C:\WINDOWS\system32\sihost.exe[2236] C:\WINDOWS\system32\WININET.dll!HttpQueryInfoA 00007ffc3892edc0 5 bytes JMP 00007ffc38a596e5 .text C:\WINDOWS\system32\sihost.exe[2236] C:\WINDOWS\system32\WININET.dll!HttpSendRequestExW 00007ffc3895de20 5 bytes JMP 00007ffc38a59691 .text C:\WINDOWS\system32\sihost.exe[2236] C:\WINDOWS\system32\WININET.dll!HttpSendRequestA 00007ffc38964d50 5 bytes JMP 00007ffc38a59683 .text C:\WINDOWS\system32\sihost.exe[2236] C:\WINDOWS\System32\CRYPT32.dll!PFXImportCertStore 00007ffc4b271020 5 bytes JMP 00007ffc4b36606a .text C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2304] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 00007ffc4dfb9e70 5 bytes JMP 00007ffc4e0b60c9 .text C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2304] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateFile 00007ffc4e0558f0 5 bytes JMP 00007ffc4e0b60d7 .text C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2304] C:\WINDOWS\System32\USER32.dll!PeekMessageA 00007ffc4c37e300 5 bytes JMP 00007ffc4c3fde24 .text C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2304] C:\WINDOWS\System32\USER32.dll!PeekMessageW 00007ffc4c37e430 5 bytes JMP 00007ffc4c3fde32 .text C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2304] C:\WINDOWS\System32\USER32.dll!GetMessageA 00007ffc4c37e8b0 5 bytes JMP 00007ffc4c3fde08 .text C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2304] C:\WINDOWS\System32\USER32.dll!GetMessageW 00007ffc4c384840 5 bytes JMP 00007ffc4c3fde16 .text C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2304] C:\WINDOWS\System32\USER32.dll!GetClipboardData 00007ffc4c3900d0 5 bytes JMP 00007ffc4c3fde40 .text C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2304] C:\WINDOWS\System32\WS2_32.dll!recv 00007ffc4ddcafc0 5 bytes JMP 00007ffc4de03905 .text C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2304] C:\WINDOWS\System32\WS2_32.dll!closesocket 00007ffc4ddcb720 5 bytes JMP 00007ffc4de038e9 .text C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2304] C:\WINDOWS\System32\WS2_32.dll!WSASend 00007ffc4ddcb920 5 bytes JMP 00007ffc4de03913 .text C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2304] C:\WINDOWS\System32\WS2_32.dll!send 00007ffc4ddcc520 5 bytes JMP 00007ffc4de038f7 .text C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2304] C:\WINDOWS\SYSTEM32\WININET.dll!HttpSendRequestExA 00007ffc388cd360 5 bytes JMP 00007ffc38a5969f .text C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2304] C:\WINDOWS\SYSTEM32\WININET.dll!InternetReadFile 00007ffc388d89f0 5 bytes JMP 00007ffc38a596bb .text C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2304] C:\WINDOWS\SYSTEM32\WININET.dll!InternetQueryDataAvailable 00007ffc3891edb0 5 bytes JMP 00007ffc38a596d7 .text C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2304] C:\WINDOWS\SYSTEM32\WININET.dll!HttpSendRequestW 00007ffc389234e0 5 bytes JMP 00007ffc38a59675 .text C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2304] C:\WINDOWS\SYSTEM32\WININET.dll!InternetCloseHandle 00007ffc38924a50 5 bytes JMP 00007ffc38a596ad .text C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2304] C:\WINDOWS\SYSTEM32\WININET.dll!HttpQueryInfoW 00007ffc3892d8e0 5 bytes JMP 00007ffc38a596f3 .text C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2304] C:\WINDOWS\SYSTEM32\WININET.dll!InternetReadFileExA 00007ffc3892e5a0 5 bytes JMP 00007ffc38a596c9 .text C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2304] C:\WINDOWS\SYSTEM32\WININET.dll!HttpQueryInfoA 00007ffc3892edc0 5 bytes JMP 00007ffc38a596e5 .text C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2304] C:\WINDOWS\SYSTEM32\WININET.dll!HttpSendRequestExW 00007ffc3895de20 5 bytes JMP 00007ffc38a59691 .text C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2304] C:\WINDOWS\SYSTEM32\WININET.dll!HttpSendRequestA 00007ffc38964d50 5 bytes JMP 00007ffc38a59683 .text C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2304] C:\WINDOWS\System32\CRYPT32.dll!PFXImportCertStore 00007ffc4b271020 5 bytes JMP 00007ffc4b36606a .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe[2400] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 00007ffc4dfb9e70 5 bytes JMP 00007ffc4e0b60c9 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe[2400] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateFile 00007ffc4e0558f0 5 bytes JMP 00007ffc4e0b60d7 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe[2400] C:\WINDOWS\System32\USER32.dll!PeekMessageA 00007ffc4c37e300 5 bytes JMP 00007ffc4c3fde24 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe[2400] C:\WINDOWS\System32\USER32.dll!PeekMessageW 00007ffc4c37e430 5 bytes JMP 00007ffc4c3fde32 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe[2400] C:\WINDOWS\System32\USER32.dll!GetMessageA 00007ffc4c37e8b0 5 bytes JMP 00007ffc4c3fde08 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe[2400] C:\WINDOWS\System32\USER32.dll!GetMessageW 00007ffc4c384840 5 bytes JMP 00007ffc4c3fde16 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe[2400] C:\WINDOWS\System32\USER32.dll!GetClipboardData 00007ffc4c3900d0 5 bytes JMP 00007ffc4c3fde40 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe[2400] C:\WINDOWS\System32\WS2_32.dll!recv 00007ffc4ddcafc0 5 bytes JMP 00007ffc4de03905 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe[2400] C:\WINDOWS\System32\WS2_32.dll!closesocket 00007ffc4ddcb720 5 bytes JMP 00007ffc4de038e9 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe[2400] C:\WINDOWS\System32\WS2_32.dll!WSASend 00007ffc4ddcb920 5 bytes JMP 00007ffc4de03913 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe[2400] C:\WINDOWS\System32\WS2_32.dll!send 00007ffc4ddcc520 5 bytes JMP 00007ffc4de038f7 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe[2400] C:\WINDOWS\SYSTEM32\WININET.dll!HttpSendRequestExA 00007ffc388cd360 5 bytes JMP 00007ffc38a5969f .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe[2400] C:\WINDOWS\SYSTEM32\WININET.dll!InternetReadFile 00007ffc388d89f0 5 bytes JMP 00007ffc38a596bb .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe[2400] C:\WINDOWS\SYSTEM32\WININET.dll!InternetQueryDataAvailable 00007ffc3891edb0 5 bytes JMP 00007ffc38a596d7 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe[2400] C:\WINDOWS\SYSTEM32\WININET.dll!HttpSendRequestW 00007ffc389234e0 5 bytes JMP 00007ffc38a59675 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe[2400] C:\WINDOWS\SYSTEM32\WININET.dll!InternetCloseHandle 00007ffc38924a50 5 bytes JMP 00007ffc38a596ad .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe[2400] C:\WINDOWS\SYSTEM32\WININET.dll!HttpQueryInfoW 00007ffc3892d8e0 5 bytes JMP 00007ffc38a596f3 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe[2400] C:\WINDOWS\SYSTEM32\WININET.dll!InternetReadFileExA 00007ffc3892e5a0 5 bytes JMP 00007ffc38a596c9 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe[2400] C:\WINDOWS\SYSTEM32\WININET.dll!HttpQueryInfoA 00007ffc3892edc0 5 bytes JMP 00007ffc38a596e5 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe[2400] C:\WINDOWS\SYSTEM32\WININET.dll!HttpSendRequestExW 00007ffc3895de20 5 bytes JMP 00007ffc38a59691 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe[2400] C:\WINDOWS\SYSTEM32\WININET.dll!HttpSendRequestA 00007ffc38964d50 5 bytes JMP 00007ffc38a59683 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe[2400] C:\WINDOWS\System32\CRYPT32.dll!PFXImportCertStore 00007ffc4b271020 5 bytes JMP 00007ffc4b36606a .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe[2428] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 00007ffc4dfb9e70 5 bytes JMP 00007ffc4e0b60c9 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe[2428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateFile 00007ffc4e0558f0 5 bytes JMP 00007ffc4e0b60d7 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe[2428] C:\WINDOWS\System32\USER32.dll!PeekMessageA 00007ffc4c37e300 5 bytes JMP 00007ffc4c3fde24 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe[2428] C:\WINDOWS\System32\USER32.dll!PeekMessageW 00007ffc4c37e430 5 bytes JMP 00007ffc4c3fde32 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe[2428] C:\WINDOWS\System32\USER32.dll!GetMessageA 00007ffc4c37e8b0 5 bytes JMP 00007ffc4c3fde08 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe[2428] C:\WINDOWS\System32\USER32.dll!GetMessageW 00007ffc4c384840 5 bytes JMP 00007ffc4c3fde16 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe[2428] C:\WINDOWS\System32\USER32.dll!GetClipboardData 00007ffc4c3900d0 5 bytes JMP 00007ffc4c3fde40 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe[2428] C:\WINDOWS\System32\WS2_32.dll!recv 00007ffc4ddcafc0 5 bytes JMP 00007ffc4de03905 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe[2428] C:\WINDOWS\System32\WS2_32.dll!closesocket 00007ffc4ddcb720 5 bytes JMP 00007ffc4de038e9 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe[2428] C:\WINDOWS\System32\WS2_32.dll!WSASend 00007ffc4ddcb920 5 bytes JMP 00007ffc4de03913 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe[2428] C:\WINDOWS\System32\WS2_32.dll!send 00007ffc4ddcc520 5 bytes JMP 00007ffc4de038f7 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe[2428] C:\WINDOWS\System32\CRYPT32.dll!PFXImportCertStore 00007ffc4b271020 5 bytes JMP 00007ffc4b36606a .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe[2428] C:\WINDOWS\SYSTEM32\WININET.dll!HttpSendRequestExA 00007ffc388cd360 5 bytes JMP 00007ffc38a5969f .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe[2428] C:\WINDOWS\SYSTEM32\WININET.dll!InternetReadFile 00007ffc388d89f0 5 bytes JMP 00007ffc38a596bb .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe[2428] C:\WINDOWS\SYSTEM32\WININET.dll!InternetQueryDataAvailable 00007ffc3891edb0 5 bytes JMP 00007ffc38a596d7 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe[2428] C:\WINDOWS\SYSTEM32\WININET.dll!HttpSendRequestW 00007ffc389234e0 5 bytes JMP 00007ffc38a59675 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe[2428] C:\WINDOWS\SYSTEM32\WININET.dll!InternetCloseHandle 00007ffc38924a50 5 bytes JMP 00007ffc38a596ad .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe[2428] C:\WINDOWS\SYSTEM32\WININET.dll!HttpQueryInfoW 00007ffc3892d8e0 5 bytes JMP 00007ffc38a596f3 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe[2428] C:\WINDOWS\SYSTEM32\WININET.dll!InternetReadFileExA 00007ffc3892e5a0 5 bytes JMP 00007ffc38a596c9 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe[2428] C:\WINDOWS\SYSTEM32\WININET.dll!HttpQueryInfoA 00007ffc3892edc0 5 bytes JMP 00007ffc38a596e5 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe[2428] C:\WINDOWS\SYSTEM32\WININET.dll!HttpSendRequestExW 00007ffc3895de20 5 bytes JMP 00007ffc38a59691 .text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe[2428] C:\WINDOWS\SYSTEM32\WININET.dll!HttpSendRequestA 00007ffc38964d50 5 bytes JMP 00007ffc38a59683 ? C:\WINDOWS\SYSTEM32\dbgcore.DLL [2468] entry point in ".rdata" section 000000006a9fc940 ? C:\WINDOWS\SYSTEM32\NTASN1.dll [2468] entry point in ".rdata" section 000000006a11a020 ? C:\WINDOWS\system32\ncryptsslp.dll [2468] entry point in ".rdata" section 000000006a8404f0 ? C:\WINDOWS\system32\apphelp.dll [2468] entry point in ".rdata" section 00000000693af7c0 ? C:\WINDOWS\SYSTEM32\iertutil.dll [2468] entry point in ".rdata" section 0000000068b91590 .text C:\WINDOWS\SysWoW64\esif_uf.exe[2512] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 00007ffc4dfb9e70 5 bytes JMP 00007ffc4e0b60c9 .text C:\WINDOWS\SysWoW64\esif_uf.exe[2512] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateFile 00007ffc4e0558f0 5 bytes JMP 00007ffc4e0b60d7 .text C:\WINDOWS\SysWoW64\esif_uf.exe[2512] C:\WINDOWS\System32\USER32.dll!PeekMessageA 00007ffc4c37e300 5 bytes JMP 00007ffc4c3fde24 .text C:\WINDOWS\SysWoW64\esif_uf.exe[2512] C:\WINDOWS\System32\USER32.dll!PeekMessageW 00007ffc4c37e430 5 bytes JMP 00007ffc4c3fde32 .text C:\WINDOWS\SysWoW64\esif_uf.exe[2512] C:\WINDOWS\System32\USER32.dll!GetMessageA 00007ffc4c37e8b0 5 bytes JMP 00007ffc4c3fde08 .text C:\WINDOWS\SysWoW64\esif_uf.exe[2512] C:\WINDOWS\System32\USER32.dll!GetMessageW 00007ffc4c384840 5 bytes JMP 00007ffc4c3fde16 .text C:\WINDOWS\SysWoW64\esif_uf.exe[2512] C:\WINDOWS\System32\USER32.dll!GetClipboardData 00007ffc4c3900d0 5 bytes JMP 00007ffc4c3fde40 .text C:\WINDOWS\SysWoW64\esif_uf.exe[2512] C:\WINDOWS\System32\WS2_32.dll!recv 00007ffc4ddcafc0 5 bytes JMP 00007ffc4de03905 .text C:\WINDOWS\SysWoW64\esif_uf.exe[2512] C:\WINDOWS\System32\WS2_32.dll!closesocket 00007ffc4ddcb720 5 bytes JMP 00007ffc4de038e9 .text C:\WINDOWS\SysWoW64\esif_uf.exe[2512] C:\WINDOWS\System32\WS2_32.dll!WSASend 00007ffc4ddcb920 5 bytes JMP 00007ffc4de03913 .text C:\WINDOWS\SysWoW64\esif_uf.exe[2512] C:\WINDOWS\System32\WS2_32.dll!send 00007ffc4ddcc520 5 bytes JMP 00007ffc4de038f7 .text C:\WINDOWS\SysWoW64\esif_uf.exe[2512] C:\WINDOWS\SYSTEM32\WININET.dll!HttpSendRequestExA 00007ffc388cd360 5 bytes JMP 00007ffc38a5969f .text C:\WINDOWS\SysWoW64\esif_uf.exe[2512] C:\WINDOWS\SYSTEM32\WININET.dll!InternetReadFile 00007ffc388d89f0 5 bytes JMP 00007ffc38a596bb .text C:\WINDOWS\SysWoW64\esif_uf.exe[2512] C:\WINDOWS\SYSTEM32\WININET.dll!InternetQueryDataAvailable 00007ffc3891edb0 5 bytes JMP 00007ffc38a596d7 .text C:\WINDOWS\SysWoW64\esif_uf.exe[2512] C:\WINDOWS\SYSTEM32\WININET.dll!HttpSendRequestW 00007ffc389234e0 5 bytes JMP 00007ffc38a59675 .text C:\WINDOWS\SysWoW64\esif_uf.exe[2512] C:\WINDOWS\SYSTEM32\WININET.dll!InternetCloseHandle 00007ffc38924a50 5 bytes JMP 00007ffc38a596ad .text C:\WINDOWS\SysWoW64\esif_uf.exe[2512] C:\WINDOWS\SYSTEM32\WININET.dll!HttpQueryInfoW 00007ffc3892d8e0 5 bytes JMP 00007ffc38a596f3 .text C:\WINDOWS\SysWoW64\esif_uf.exe[2512] C:\WINDOWS\SYSTEM32\WININET.dll!InternetReadFileExA 00007ffc3892e5a0 5 bytes JMP 00007ffc38a596c9 .text C:\WINDOWS\SysWoW64\esif_uf.exe[2512] C:\WINDOWS\SYSTEM32\WININET.dll!HttpQueryInfoA 00007ffc3892edc0 5 bytes JMP 00007ffc38a596e5 .text C:\WINDOWS\SysWoW64\esif_uf.exe[2512] C:\WINDOWS\SYSTEM32\WININET.dll!HttpSendRequestExW 00007ffc3895de20 5 bytes JMP 00007ffc38a59691 .text C:\WINDOWS\SysWoW64\esif_uf.exe[2512] C:\WINDOWS\SYSTEM32\WININET.dll!HttpSendRequestA 00007ffc38964d50 5 bytes JMP 00007ffc38a59683 .text C:\WINDOWS\SysWoW64\esif_uf.exe[2512] C:\WINDOWS\System32\CRYPT32.dll!PFXImportCertStore 00007ffc4b271020 5 bytes JMP 00007ffc4b36606a .text C:\Windows\system32\HPSIsvc.exe[2580] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 00007ffc4dfb9e70 5 bytes JMP 00007ffc4e0b60c9 .text C:\Windows\system32\HPSIsvc.exe[2580] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateFile 00007ffc4e0558f0 5 bytes JMP 00007ffc4e0b60d7 .text C:\Windows\system32\HPSIsvc.exe[2580] C:\WINDOWS\System32\USER32.dll!PeekMessageA 00007ffc4c37e300 5 bytes JMP 00007ffc4c3fde24 .text C:\Windows\system32\HPSIsvc.exe[2580] C:\WINDOWS\System32\USER32.dll!PeekMessageW 00007ffc4c37e430 5 bytes JMP 00007ffc4c3fde32 .text C:\Windows\system32\HPSIsvc.exe[2580] C:\WINDOWS\System32\USER32.dll!GetMessageA 00007ffc4c37e8b0 5 bytes JMP 00007ffc4c3fde08 .text C:\Windows\system32\HPSIsvc.exe[2580] C:\WINDOWS\System32\USER32.dll!GetMessageW 00007ffc4c384840 5 bytes JMP 00007ffc4c3fde16 .text C:\Windows\system32\HPSIsvc.exe[2580] C:\WINDOWS\System32\USER32.dll!GetClipboardData 00007ffc4c3900d0 5 bytes JMP 00007ffc4c3fde40 .text C:\Windows\system32\HPSIsvc.exe[2580] C:\WINDOWS\System32\CRYPT32.dll!PFXImportCertStore 00007ffc4b271020 5 bytes JMP 00007ffc4b36606a .text C:\Windows\system32\HPSIsvc.exe[2580] C:\WINDOWS\System32\WS2_32.dll!recv 00007ffc4ddcafc0 5 bytes JMP 00007ffc4de03905 .text C:\Windows\system32\HPSIsvc.exe[2580] C:\WINDOWS\System32\WS2_32.dll!closesocket 00007ffc4ddcb720 5 bytes JMP 00007ffc4de038e9 .text C:\Windows\system32\HPSIsvc.exe[2580] C:\WINDOWS\System32\WS2_32.dll!WSASend 00007ffc4ddcb920 5 bytes JMP 00007ffc4de03913 .text C:\Windows\system32\HPSIsvc.exe[2580] C:\WINDOWS\System32\WS2_32.dll!send 00007ffc4ddcc520 5 bytes JMP 00007ffc4de038f7 .text C:\Windows\system32\HPSIsvc.exe[2580] C:\Windows\system32\WININET.dll!HttpSendRequestExA 00007ffc388cd360 5 bytes JMP 00007ffc38a5969f .text C:\Windows\system32\HPSIsvc.exe[2580] C:\Windows\system32\WININET.dll!InternetReadFile 00007ffc388d89f0 5 bytes JMP 00007ffc38a596bb .text C:\Windows\system32\HPSIsvc.exe[2580] C:\Windows\system32\WININET.dll!InternetQueryDataAvailable 00007ffc3891edb0 5 bytes JMP 00007ffc38a596d7 .text C:\Windows\system32\HPSIsvc.exe[2580] C:\Windows\system32\WININET.dll!HttpSendRequestW 00007ffc389234e0 5 bytes JMP 00007ffc38a59675 .text C:\Windows\system32\HPSIsvc.exe[2580] C:\Windows\system32\WININET.dll!InternetCloseHandle 00007ffc38924a50 5 bytes JMP 00007ffc38a596ad .text C:\Windows\system32\HPSIsvc.exe[2580] C:\Windows\system32\WININET.dll!HttpQueryInfoW 00007ffc3892d8e0 5 bytes JMP 00007ffc38a596f3 .text C:\Windows\system32\HPSIsvc.exe[2580] C:\Windows\system32\WININET.dll!InternetReadFileExA 00007ffc3892e5a0 5 bytes JMP 00007ffc38a596c9 .text C:\Windows\system32\HPSIsvc.exe[2580] C:\Windows\system32\WININET.dll!HttpQueryInfoA 00007ffc3892edc0 5 bytes JMP 00007ffc38a596e5 .text C:\Windows\system32\HPSIsvc.exe[2580] C:\Windows\system32\WININET.dll!HttpSendRequestExW 00007ffc3895de20 5 bytes JMP 00007ffc38a59691 .text C:\Windows\system32\HPSIsvc.exe[2580] C:\Windows\system32\WININET.dll!HttpSendRequestA 00007ffc38964d50 5 bytes JMP 00007ffc38a59683 ? C:\WINDOWS\SYSTEM32\NTASN1.dll [2664] entry point in ".rdata" section 000000006a11a020 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2776] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 00007ffc4dfb9e70 5 bytes JMP 00007ffc4e0b60c9 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2776] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateFile 00007ffc4e0558f0 5 bytes JMP 00007ffc4e0b60d7 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2776] C:\WINDOWS\System32\USER32.dll!PeekMessageA 00007ffc4c37e300 5 bytes JMP 00007ffc4c3fde24 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2776] C:\WINDOWS\System32\USER32.dll!PeekMessageW 00007ffc4c37e430 5 bytes JMP 00007ffc4c3fde32 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2776] C:\WINDOWS\System32\USER32.dll!GetMessageA 00007ffc4c37e8b0 5 bytes JMP 00007ffc4c3fde08 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2776] C:\WINDOWS\System32\USER32.dll!GetMessageW 00007ffc4c384840 5 bytes JMP 00007ffc4c3fde16 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2776] C:\WINDOWS\System32\USER32.dll!GetClipboardData 00007ffc4c3900d0 5 bytes JMP 00007ffc4c3fde40 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2776] C:\WINDOWS\System32\WS2_32.dll!recv 00007ffc4ddcafc0 5 bytes JMP 00007ffc4de03905 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2776] C:\WINDOWS\System32\WS2_32.dll!closesocket 00007ffc4ddcb720 5 bytes JMP 00007ffc4de038e9 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2776] C:\WINDOWS\System32\WS2_32.dll!WSASend 00007ffc4ddcb920 5 bytes JMP 00007ffc4de03913 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2776] C:\WINDOWS\System32\WS2_32.dll!send 00007ffc4ddcc520 5 bytes JMP 00007ffc4de038f7 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2776] C:\WINDOWS\SYSTEM32\WININET.dll!HttpSendRequestExA 00007ffc388cd360 5 bytes JMP 00007ffc38a5969f .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2776] C:\WINDOWS\SYSTEM32\WININET.dll!InternetReadFile 00007ffc388d89f0 5 bytes JMP 00007ffc38a596bb .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2776] C:\WINDOWS\SYSTEM32\WININET.dll!InternetQueryDataAvailable 00007ffc3891edb0 5 bytes JMP 00007ffc38a596d7 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2776] C:\WINDOWS\SYSTEM32\WININET.dll!HttpSendRequestW 00007ffc389234e0 5 bytes JMP 00007ffc38a59675 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2776] C:\WINDOWS\SYSTEM32\WININET.dll!InternetCloseHandle 00007ffc38924a50 5 bytes JMP 00007ffc38a596ad .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2776] C:\WINDOWS\SYSTEM32\WININET.dll!HttpQueryInfoW 00007ffc3892d8e0 5 bytes JMP 00007ffc38a596f3 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2776] C:\WINDOWS\SYSTEM32\WININET.dll!InternetReadFileExA 00007ffc3892e5a0 5 bytes JMP 00007ffc38a596c9 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2776] C:\WINDOWS\SYSTEM32\WININET.dll!HttpQueryInfoA 00007ffc3892edc0 5 bytes JMP 00007ffc38a596e5 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2776] C:\WINDOWS\SYSTEM32\WININET.dll!HttpSendRequestExW 00007ffc3895de20 5 bytes JMP 00007ffc38a59691 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2776] C:\WINDOWS\SYSTEM32\WININET.dll!HttpSendRequestA 00007ffc38964d50 5 bytes JMP 00007ffc38a59683 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2776] C:\WINDOWS\System32\CRYPT32.dll!PFXImportCertStore 00007ffc4b271020 5 bytes JMP 00007ffc4b36606a ? C:\WINDOWS\SYSTEM32\NTASN1.dll [2824] entry point in ".rdata" section 000000006a11a020 .text C:\WINDOWS\TEMP\DPTF\esif_assist_64.exe[3000] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 00007ffc4dfb9e70 5 bytes JMP 00007ffc4e0b60c9 .text C:\WINDOWS\TEMP\DPTF\esif_assist_64.exe[3000] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateFile 00007ffc4e0558f0 5 bytes JMP 00007ffc4e0b60d7 .text C:\WINDOWS\TEMP\DPTF\esif_assist_64.exe[3000] C:\WINDOWS\System32\USER32.dll!PeekMessageA 00007ffc4c37e300 5 bytes JMP 00007ffc4c3fde24 .text C:\WINDOWS\TEMP\DPTF\esif_assist_64.exe[3000] C:\WINDOWS\System32\USER32.dll!PeekMessageW 00007ffc4c37e430 5 bytes JMP 00007ffc4c3fde32 .text C:\WINDOWS\TEMP\DPTF\esif_assist_64.exe[3000] C:\WINDOWS\System32\USER32.dll!GetMessageA 00007ffc4c37e8b0 5 bytes JMP 00007ffc4c3fde08 .text C:\WINDOWS\TEMP\DPTF\esif_assist_64.exe[3000] C:\WINDOWS\System32\USER32.dll!GetMessageW 00007ffc4c384840 5 bytes JMP 00007ffc4c3fde16 .text C:\WINDOWS\TEMP\DPTF\esif_assist_64.exe[3000] C:\WINDOWS\System32\USER32.dll!GetClipboardData 00007ffc4c3900d0 5 bytes JMP 00007ffc4c3fde40 .text C:\WINDOWS\TEMP\DPTF\esif_assist_64.exe[3000] C:\WINDOWS\System32\WS2_32.dll!recv 00007ffc4ddcafc0 5 bytes JMP 00007ffc4de03905 .text C:\WINDOWS\TEMP\DPTF\esif_assist_64.exe[3000] C:\WINDOWS\System32\WS2_32.dll!closesocket 00007ffc4ddcb720 5 bytes JMP 00007ffc4de038e9 .text C:\WINDOWS\TEMP\DPTF\esif_assist_64.exe[3000] C:\WINDOWS\System32\WS2_32.dll!WSASend 00007ffc4ddcb920 5 bytes JMP 00007ffc4de03913 .text C:\WINDOWS\TEMP\DPTF\esif_assist_64.exe[3000] C:\WINDOWS\System32\WS2_32.dll!send 00007ffc4ddcc520 5 bytes JMP 00007ffc4de038f7 .text C:\WINDOWS\TEMP\DPTF\esif_assist_64.exe[3000] C:\WINDOWS\SYSTEM32\WININET.dll!HttpSendRequestExA 00007ffc388cd360 5 bytes JMP 00007ffc38a5969f .text C:\WINDOWS\TEMP\DPTF\esif_assist_64.exe[3000] C:\WINDOWS\SYSTEM32\WININET.dll!InternetReadFile 00007ffc388d89f0 5 bytes JMP 00007ffc38a596bb .text C:\WINDOWS\TEMP\DPTF\esif_assist_64.exe[3000] C:\WINDOWS\SYSTEM32\WININET.dll!InternetQueryDataAvailable 00007ffc3891edb0 5 bytes JMP 00007ffc38a596d7 .text C:\WINDOWS\TEMP\DPTF\esif_assist_64.exe[3000] C:\WINDOWS\SYSTEM32\WININET.dll!HttpSendRequestW 00007ffc389234e0 5 bytes JMP 00007ffc38a59675 .text C:\WINDOWS\TEMP\DPTF\esif_assist_64.exe[3000] C:\WINDOWS\SYSTEM32\WININET.dll!InternetCloseHandle 00007ffc38924a50 5 bytes JMP 00007ffc38a596ad .text C:\WINDOWS\TEMP\DPTF\esif_assist_64.exe[3000] C:\WINDOWS\SYSTEM32\WININET.dll!HttpQueryInfoW 00007ffc3892d8e0 5 bytes JMP 00007ffc38a596f3 .text C:\WINDOWS\TEMP\DPTF\esif_assist_64.exe[3000] C:\WINDOWS\SYSTEM32\WININET.dll!InternetReadFileExA 00007ffc3892e5a0 5 bytes JMP 00007ffc38a596c9 .text C:\WINDOWS\TEMP\DPTF\esif_assist_64.exe[3000] C:\WINDOWS\SYSTEM32\WININET.dll!HttpQueryInfoA 00007ffc3892edc0 5 bytes JMP 00007ffc38a596e5 .text C:\WINDOWS\TEMP\DPTF\esif_assist_64.exe[3000] C:\WINDOWS\SYSTEM32\WININET.dll!HttpSendRequestExW 00007ffc3895de20 5 bytes JMP 00007ffc38a59691 .text C:\WINDOWS\TEMP\DPTF\esif_assist_64.exe[3000] C:\WINDOWS\SYSTEM32\WININET.dll!HttpSendRequestA 00007ffc38964d50 5 bytes JMP 00007ffc38a59683 .text C:\WINDOWS\TEMP\DPTF\esif_assist_64.exe[3000] C:\WINDOWS\System32\CRYPT32.dll!PFXImportCertStore 00007ffc4b271020 5 bytes JMP 00007ffc4b36606a .text C:\WINDOWS\Explorer.EXE[3312] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 00007ffc4dfb9e70 5 bytes JMP 00007ffc4e0b60c9 .text C:\WINDOWS\Explorer.EXE[3312] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateFile 00007ffc4e0558f0 5 bytes JMP 00007ffc4e0b60d7 .text C:\WINDOWS\Explorer.EXE[3312] C:\WINDOWS\System32\USER32.dll!PeekMessageA 00007ffc4c37e300 5 bytes JMP 00007ffc4c3fde24 .text C:\WINDOWS\Explorer.EXE[3312] C:\WINDOWS\System32\USER32.dll!PeekMessageW 00007ffc4c37e430 5 bytes JMP 00007ffc4c3fde32 .text C:\WINDOWS\Explorer.EXE[3312] C:\WINDOWS\System32\USER32.dll!GetMessageA 00007ffc4c37e8b0 5 bytes JMP 00007ffc4c3fde08 .text C:\WINDOWS\Explorer.EXE[3312] C:\WINDOWS\System32\USER32.dll!GetMessageW 00007ffc4c384840 5 bytes JMP 00007ffc4c3fde16 .text C:\WINDOWS\Explorer.EXE[3312] C:\WINDOWS\System32\USER32.dll!GetClipboardData 00007ffc4c3900d0 5 bytes JMP 00007ffc4c3fde40 .text C:\WINDOWS\Explorer.EXE[3312] C:\WINDOWS\System32\CRYPT32.dll!PFXImportCertStore 00007ffc4b271020 5 bytes JMP 00007ffc4b36606a .text C:\WINDOWS\Explorer.EXE[3312] C:\WINDOWS\System32\WS2_32.dll!recv 00007ffc4ddcafc0 5 bytes JMP 00007ffc4de03905 .text C:\WINDOWS\Explorer.EXE[3312] C:\WINDOWS\System32\WS2_32.dll!closesocket 00007ffc4ddcb720 5 bytes JMP 00007ffc4de038e9 .text C:\WINDOWS\Explorer.EXE[3312] C:\WINDOWS\System32\WS2_32.dll!WSASend 00007ffc4ddcb920 5 bytes JMP 00007ffc4de03913 .text C:\WINDOWS\Explorer.EXE[3312] C:\WINDOWS\System32\WS2_32.dll!send 00007ffc4ddcc520 5 bytes JMP 00007ffc4de038f7 .text C:\WINDOWS\Explorer.EXE[3312] C:\WINDOWS\SYSTEM32\WININET.dll!HttpSendRequestExA 00007ffc388cd360 5 bytes JMP 00007ffc38a5969f .text C:\WINDOWS\Explorer.EXE[3312] C:\WINDOWS\SYSTEM32\WININET.dll!InternetReadFile 00007ffc388d89f0 5 bytes JMP 00007ffc38a596bb .text C:\WINDOWS\Explorer.EXE[3312] C:\WINDOWS\SYSTEM32\WININET.dll!InternetQueryDataAvailable 00007ffc3891edb0 5 bytes JMP 00007ffc38a596d7 .text C:\WINDOWS\Explorer.EXE[3312] C:\WINDOWS\SYSTEM32\WININET.dll!HttpSendRequestW 00007ffc389234e0 5 bytes JMP 00007ffc38a59675 .text C:\WINDOWS\Explorer.EXE[3312] C:\WINDOWS\SYSTEM32\WININET.dll!InternetCloseHandle 00007ffc38924a50 5 bytes JMP 00007ffc38a596ad .text C:\WINDOWS\Explorer.EXE[3312] C:\WINDOWS\SYSTEM32\WININET.dll!HttpQueryInfoW 00007ffc3892d8e0 5 bytes JMP 00007ffc38a596f3 .text C:\WINDOWS\Explorer.EXE[3312] C:\WINDOWS\SYSTEM32\WININET.dll!InternetReadFileExA 00007ffc3892e5a0 5 bytes JMP 00007ffc38a596c9 .text C:\WINDOWS\Explorer.EXE[3312] C:\WINDOWS\SYSTEM32\WININET.dll!HttpQueryInfoA 00007ffc3892edc0 5 bytes JMP 00007ffc38a596e5 .text C:\WINDOWS\Explorer.EXE[3312] C:\WINDOWS\SYSTEM32\WININET.dll!HttpSendRequestExW 00007ffc3895de20 5 bytes JMP 00007ffc38a59691 .text C:\WINDOWS\Explorer.EXE[3312] C:\WINDOWS\SYSTEM32\WININET.dll!HttpSendRequestA 00007ffc38964d50 5 bytes JMP 00007ffc38a59683 .text C:\Windows\System32\RuntimeBroker.exe[3884] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 00007ffc4dfb9e70 5 bytes JMP 00007ffc4e0b60c9 .text C:\Windows\System32\RuntimeBroker.exe[3884] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateFile 00007ffc4e0558f0 5 bytes JMP 00007ffc4e0b60d7 .text C:\Windows\System32\RuntimeBroker.exe[3884] C:\WINDOWS\System32\USER32.dll!PeekMessageA 00007ffc4c37e300 5 bytes JMP 00007ffc4c3fde24 .text C:\Windows\System32\RuntimeBroker.exe[3884] C:\WINDOWS\System32\USER32.dll!PeekMessageW 00007ffc4c37e430 5 bytes JMP 00007ffc4c3fde32 .text C:\Windows\System32\RuntimeBroker.exe[3884] C:\WINDOWS\System32\USER32.dll!GetMessageA 00007ffc4c37e8b0 5 bytes JMP 00007ffc4c3fde08 .text C:\Windows\System32\RuntimeBroker.exe[3884] C:\WINDOWS\System32\USER32.dll!GetMessageW 00007ffc4c384840 5 bytes JMP 00007ffc4c3fde16 .text C:\Windows\System32\RuntimeBroker.exe[3884] C:\WINDOWS\System32\USER32.dll!GetClipboardData 00007ffc4c3900d0 5 bytes JMP 00007ffc4c3fde40 .text C:\Windows\System32\RuntimeBroker.exe[3884] C:\Windows\System32\WININET.dll!HttpSendRequestExA 00007ffc388cd360 5 bytes JMP 00007ffc38a5969f .text C:\Windows\System32\RuntimeBroker.exe[3884] C:\Windows\System32\WININET.dll!InternetReadFile 00007ffc388d89f0 5 bytes JMP 00007ffc38a596bb .text C:\Windows\System32\RuntimeBroker.exe[3884] C:\Windows\System32\WININET.dll!InternetQueryDataAvailable 00007ffc3891edb0 5 bytes JMP 00007ffc38a596d7 .text C:\Windows\System32\RuntimeBroker.exe[3884] C:\Windows\System32\WININET.dll!HttpSendRequestW 00007ffc389234e0 5 bytes JMP 00007ffc38a59675 .text C:\Windows\System32\RuntimeBroker.exe[3884] C:\Windows\System32\WININET.dll!InternetCloseHandle 00007ffc38924a50 5 bytes JMP 00007ffc38a596ad .text C:\Windows\System32\RuntimeBroker.exe[3884] C:\Windows\System32\WININET.dll!HttpQueryInfoW 00007ffc3892d8e0 5 bytes JMP 00007ffc38a596f3 .text C:\Windows\System32\RuntimeBroker.exe[3884] C:\Windows\System32\WININET.dll!InternetReadFileExA 00007ffc3892e5a0 5 bytes JMP 00007ffc38a596c9 .text C:\Windows\System32\RuntimeBroker.exe[3884] C:\Windows\System32\WININET.dll!HttpQueryInfoA 00007ffc3892edc0 5 bytes JMP 00007ffc38a596e5 .text C:\Windows\System32\RuntimeBroker.exe[3884] C:\Windows\System32\WININET.dll!HttpSendRequestExW 00007ffc3895de20 5 bytes JMP 00007ffc38a59691 .text C:\Windows\System32\RuntimeBroker.exe[3884] C:\Windows\System32\WININET.dll!HttpSendRequestA 00007ffc38964d50 5 bytes JMP 00007ffc38a59683 .text C:\Windows\System32\RuntimeBroker.exe[3884] C:\WINDOWS\System32\WS2_32.dll!recv 00007ffc4ddcafc0 5 bytes JMP 00007ffc4de03905 .text C:\Windows\System32\RuntimeBroker.exe[3884] C:\WINDOWS\System32\WS2_32.dll!closesocket 00007ffc4ddcb720 5 bytes JMP 00007ffc4de038e9 .text C:\Windows\System32\RuntimeBroker.exe[3884] C:\WINDOWS\System32\WS2_32.dll!WSASend 00007ffc4ddcb920 5 bytes JMP 00007ffc4de03913 .text C:\Windows\System32\RuntimeBroker.exe[3884] C:\WINDOWS\System32\WS2_32.dll!send 00007ffc4ddcc520 5 bytes JMP 00007ffc4de038f7 .text C:\WINDOWS\system32\igfxEM.exe[4016] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 00007ffc4dfb9e70 5 bytes JMP 00007ffc4e0b60c9 .text C:\WINDOWS\system32\igfxEM.exe[4016] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateFile 00007ffc4e0558f0 5 bytes JMP 00007ffc4e0b60d7 .text C:\WINDOWS\system32\igfxEM.exe[4016] C:\WINDOWS\System32\USER32.dll!PeekMessageA 00007ffc4c37e300 5 bytes JMP 00007ffc4c3fde24 .text C:\WINDOWS\system32\igfxEM.exe[4016] C:\WINDOWS\System32\USER32.dll!PeekMessageW 00007ffc4c37e430 5 bytes JMP 00007ffc4c3fde32 .text C:\WINDOWS\system32\igfxEM.exe[4016] C:\WINDOWS\System32\USER32.dll!GetMessageA 00007ffc4c37e8b0 5 bytes JMP 00007ffc4c3fde08 .text C:\WINDOWS\system32\igfxEM.exe[4016] C:\WINDOWS\System32\USER32.dll!GetMessageW 00007ffc4c384840 5 bytes JMP 00007ffc4c3fde16 .text C:\WINDOWS\system32\igfxEM.exe[4016] C:\WINDOWS\System32\USER32.dll!GetClipboardData 00007ffc4c3900d0 5 bytes JMP 00007ffc4c3fde40 .text C:\WINDOWS\system32\igfxEM.exe[4016] C:\WINDOWS\System32\WS2_32.dll!recv 00007ffc4ddcafc0 5 bytes JMP 00007ffc4de03905 .text C:\WINDOWS\system32\igfxEM.exe[4016] C:\WINDOWS\System32\WS2_32.dll!closesocket 00007ffc4ddcb720 5 bytes JMP 00007ffc4de038e9 .text C:\WINDOWS\system32\igfxEM.exe[4016] C:\WINDOWS\System32\WS2_32.dll!WSASend 00007ffc4ddcb920 5 bytes JMP 00007ffc4de03913 .text C:\WINDOWS\system32\igfxEM.exe[4016] C:\WINDOWS\System32\WS2_32.dll!send 00007ffc4ddcc520 5 bytes JMP 00007ffc4de038f7 .text C:\WINDOWS\system32\igfxEM.exe[4016] C:\WINDOWS\system32\WININET.dll!HttpSendRequestExA 00007ffc388cd360 5 bytes JMP 00007ffc38a5969f .text C:\WINDOWS\system32\igfxEM.exe[4016] C:\WINDOWS\system32\WININET.dll!InternetReadFile 00007ffc388d89f0 5 bytes JMP 00007ffc38a596bb .text C:\WINDOWS\system32\igfxEM.exe[4016] C:\WINDOWS\system32\WININET.dll!InternetQueryDataAvailable 00007ffc3891edb0 5 bytes JMP 00007ffc38a596d7 .text C:\WINDOWS\system32\igfxEM.exe[4016] C:\WINDOWS\system32\WININET.dll!HttpSendRequestW 00007ffc389234e0 5 bytes JMP 00007ffc38a59675 .text C:\WINDOWS\system32\igfxEM.exe[4016] C:\WINDOWS\system32\WININET.dll!InternetCloseHandle 00007ffc38924a50 5 bytes JMP 00007ffc38a596ad .text C:\WINDOWS\system32\igfxEM.exe[4016] C:\WINDOWS\system32\WININET.dll!HttpQueryInfoW 00007ffc3892d8e0 5 bytes JMP 00007ffc38a596f3 .text C:\WINDOWS\system32\igfxEM.exe[4016] C:\WINDOWS\system32\WININET.dll!InternetReadFileExA 00007ffc3892e5a0 5 bytes JMP 00007ffc38a596c9 .text C:\WINDOWS\system32\igfxEM.exe[4016] C:\WINDOWS\system32\WININET.dll!HttpQueryInfoA 00007ffc3892edc0 5 bytes JMP 00007ffc38a596e5 .text C:\WINDOWS\system32\igfxEM.exe[4016] C:\WINDOWS\system32\WININET.dll!HttpSendRequestExW 00007ffc3895de20 5 bytes JMP 00007ffc38a59691 .text C:\WINDOWS\system32\igfxEM.exe[4016] C:\WINDOWS\system32\WININET.dll!HttpSendRequestA 00007ffc38964d50 5 bytes JMP 00007ffc38a59683 .text C:\WINDOWS\system32\igfxHK.exe[4080] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 00007ffc4dfb9e70 5 bytes JMP 00007ffc4e0b60c9 .text C:\WINDOWS\system32\igfxHK.exe[4080] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateFile 00007ffc4e0558f0 5 bytes JMP 00007ffc4e0b60d7 .text C:\WINDOWS\system32\igfxHK.exe[4080] C:\WINDOWS\System32\USER32.dll!PeekMessageA 00007ffc4c37e300 5 bytes JMP 00007ffc4c3fde24 .text C:\WINDOWS\system32\igfxHK.exe[4080] C:\WINDOWS\System32\USER32.dll!PeekMessageW 00007ffc4c37e430 5 bytes JMP 00007ffc4c3fde32 .text C:\WINDOWS\system32\igfxHK.exe[4080] C:\WINDOWS\System32\USER32.dll!GetMessageA 00007ffc4c37e8b0 5 bytes JMP 00007ffc4c3fde08 .text C:\WINDOWS\system32\igfxHK.exe[4080] C:\WINDOWS\System32\USER32.dll!GetMessageW 00007ffc4c384840 5 bytes JMP 00007ffc4c3fde16 .text C:\WINDOWS\system32\igfxHK.exe[4080] C:\WINDOWS\System32\USER32.dll!GetClipboardData 00007ffc4c3900d0 5 bytes JMP 00007ffc4c3fde40 .text C:\WINDOWS\system32\igfxHK.exe[4080] C:\WINDOWS\System32\WS2_32.dll!recv 00007ffc4ddcafc0 5 bytes JMP 00007ffc4de03905 .text C:\WINDOWS\system32\igfxHK.exe[4080] C:\WINDOWS\System32\WS2_32.dll!closesocket 00007ffc4ddcb720 5 bytes JMP 00007ffc4de038e9 .text C:\WINDOWS\system32\igfxHK.exe[4080] C:\WINDOWS\System32\WS2_32.dll!WSASend 00007ffc4ddcb920 5 bytes JMP 00007ffc4de03913 .text C:\WINDOWS\system32\igfxHK.exe[4080] C:\WINDOWS\System32\WS2_32.dll!send 00007ffc4ddcc520 5 bytes JMP 00007ffc4de038f7 .text C:\WINDOWS\system32\igfxHK.exe[4080] C:\WINDOWS\system32\WININET.dll!HttpSendRequestExA 00007ffc388cd360 5 bytes JMP 00007ffc38a5969f .text C:\WINDOWS\system32\igfxHK.exe[4080] C:\WINDOWS\system32\WININET.dll!InternetReadFile 00007ffc388d89f0 5 bytes JMP 00007ffc38a596bb .text C:\WINDOWS\system32\igfxHK.exe[4080] C:\WINDOWS\system32\WININET.dll!InternetQueryDataAvailable 00007ffc3891edb0 5 bytes JMP 00007ffc38a596d7 .text C:\WINDOWS\system32\igfxHK.exe[4080] C:\WINDOWS\system32\WININET.dll!HttpSendRequestW 00007ffc389234e0 5 bytes JMP 00007ffc38a59675 .text C:\WINDOWS\system32\igfxHK.exe[4080] C:\WINDOWS\system32\WININET.dll!InternetCloseHandle 00007ffc38924a50 5 bytes JMP 00007ffc38a596ad .text C:\WINDOWS\system32\igfxHK.exe[4080] C:\WINDOWS\system32\WININET.dll!HttpQueryInfoW 00007ffc3892d8e0 5 bytes JMP 00007ffc38a596f3 .text C:\WINDOWS\system32\igfxHK.exe[4080] C:\WINDOWS\system32\WININET.dll!InternetReadFileExA 00007ffc3892e5a0 5 bytes JMP 00007ffc38a596c9 .text C:\WINDOWS\system32\igfxHK.exe[4080] C:\WINDOWS\system32\WININET.dll!HttpQueryInfoA 00007ffc3892edc0 5 bytes JMP 00007ffc38a596e5 .text C:\WINDOWS\system32\igfxHK.exe[4080] C:\WINDOWS\system32\WININET.dll!HttpSendRequestExW 00007ffc3895de20 5 bytes JMP 00007ffc38a59691 .text C:\WINDOWS\system32\igfxHK.exe[4080] C:\WINDOWS\system32\WININET.dll!HttpSendRequestA 00007ffc38964d50 5 bytes JMP 00007ffc38a59683 .text C:\WINDOWS\system32\igfxTray.exe[2964] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 00007ffc4dfb9e70 5 bytes JMP 00007ffc4e0b60c9 .text C:\WINDOWS\system32\igfxTray.exe[2964] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateFile 00007ffc4e0558f0 5 bytes JMP 00007ffc4e0b60d7 .text C:\WINDOWS\system32\igfxTray.exe[2964] C:\WINDOWS\System32\USER32.dll!PeekMessageA 00007ffc4c37e300 5 bytes JMP 00007ffc4c3fde24 .text C:\WINDOWS\system32\igfxTray.exe[2964] C:\WINDOWS\System32\USER32.dll!PeekMessageW 00007ffc4c37e430 5 bytes JMP 00007ffc4c3fde32 .text C:\WINDOWS\system32\igfxTray.exe[2964] C:\WINDOWS\System32\USER32.dll!GetMessageA 00007ffc4c37e8b0 5 bytes JMP 00007ffc4c3fde08 .text C:\WINDOWS\system32\igfxTray.exe[2964] C:\WINDOWS\System32\USER32.dll!GetMessageW 00007ffc4c384840 5 bytes JMP 00007ffc4c3fde16 .text C:\WINDOWS\system32\igfxTray.exe[2964] C:\WINDOWS\System32\USER32.dll!GetClipboardData 00007ffc4c3900d0 5 bytes JMP 00007ffc4c3fde40 .text C:\WINDOWS\system32\igfxTray.exe[2964] C:\WINDOWS\System32\WS2_32.dll!recv 00007ffc4ddcafc0 5 bytes JMP 00007ffc4de03905 .text C:\WINDOWS\system32\igfxTray.exe[2964] C:\WINDOWS\System32\WS2_32.dll!closesocket 00007ffc4ddcb720 5 bytes JMP 00007ffc4de038e9 .text C:\WINDOWS\system32\igfxTray.exe[2964] C:\WINDOWS\System32\WS2_32.dll!WSASend 00007ffc4ddcb920 5 bytes JMP 00007ffc4de03913 .text C:\WINDOWS\system32\igfxTray.exe[2964] C:\WINDOWS\System32\WS2_32.dll!send 00007ffc4ddcc520 5 bytes JMP 00007ffc4de038f7 .text C:\WINDOWS\system32\igfxTray.exe[2964] C:\WINDOWS\system32\WININET.dll!HttpSendRequestExA 00007ffc388cd360 5 bytes JMP 00007ffc38a5969f .text C:\WINDOWS\system32\igfxTray.exe[2964] C:\WINDOWS\system32\WININET.dll!InternetReadFile 00007ffc388d89f0 5 bytes JMP 00007ffc38a596bb .text C:\WINDOWS\system32\igfxTray.exe[2964] C:\WINDOWS\system32\WININET.dll!InternetQueryDataAvailable 00007ffc3891edb0 5 bytes JMP 00007ffc38a596d7 .text C:\WINDOWS\system32\igfxTray.exe[2964] C:\WINDOWS\system32\WININET.dll!HttpSendRequestW 00007ffc389234e0 5 bytes JMP 00007ffc38a59675 .text C:\WINDOWS\system32\igfxTray.exe[2964] C:\WINDOWS\system32\WININET.dll!InternetCloseHandle 00007ffc38924a50 5 bytes JMP 00007ffc38a596ad .text C:\WINDOWS\system32\igfxTray.exe[2964] C:\WINDOWS\system32\WININET.dll!HttpQueryInfoW 00007ffc3892d8e0 5 bytes JMP 00007ffc38a596f3 .text C:\WINDOWS\system32\igfxTray.exe[2964] C:\WINDOWS\system32\WININET.dll!InternetReadFileExA 00007ffc3892e5a0 5 bytes JMP 00007ffc38a596c9 .text C:\WINDOWS\system32\igfxTray.exe[2964] C:\WINDOWS\system32\WININET.dll!HttpQueryInfoA 00007ffc3892edc0 5 bytes JMP 00007ffc38a596e5 .text C:\WINDOWS\system32\igfxTray.exe[2964] C:\WINDOWS\system32\WININET.dll!HttpSendRequestExW 00007ffc3895de20 5 bytes JMP 00007ffc38a59691 .text C:\WINDOWS\system32\igfxTray.exe[2964] C:\WINDOWS\system32\WININET.dll!HttpSendRequestA 00007ffc38964d50 5 bytes JMP 00007ffc38a59683 .text C:\WINDOWS\system32\taskhostw.exe[4460] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 00007ffc4dfb9e70 5 bytes JMP 00007ffc4e0b60c9 .text C:\WINDOWS\system32\taskhostw.exe[4460] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateFile 00007ffc4e0558f0 5 bytes JMP 00007ffc4e0b60d7 .text C:\WINDOWS\system32\taskhostw.exe[4460] C:\WINDOWS\System32\USER32.dll!PeekMessageA 00007ffc4c37e300 5 bytes JMP 00007ffc4c3fde24 .text C:\WINDOWS\system32\taskhostw.exe[4460] C:\WINDOWS\System32\USER32.dll!PeekMessageW 00007ffc4c37e430 5 bytes JMP 00007ffc4c3fde32 .text C:\WINDOWS\system32\taskhostw.exe[4460] C:\WINDOWS\System32\USER32.dll!GetMessageA 00007ffc4c37e8b0 5 bytes JMP 00007ffc4c3fde08 .text C:\WINDOWS\system32\taskhostw.exe[4460] C:\WINDOWS\System32\USER32.dll!GetMessageW 00007ffc4c384840 5 bytes JMP 00007ffc4c3fde16 .text C:\WINDOWS\system32\taskhostw.exe[4460] C:\WINDOWS\System32\USER32.dll!GetClipboardData 00007ffc4c3900d0 5 bytes JMP 00007ffc4c3fde40 .text C:\WINDOWS\system32\taskhostw.exe[4460] C:\WINDOWS\system32\wininet.dll!HttpSendRequestExA 00007ffc388cd360 5 bytes JMP 00007ffc38a5969f .text C:\WINDOWS\system32\taskhostw.exe[4460] C:\WINDOWS\system32\wininet.dll!InternetReadFile 00007ffc388d89f0 5 bytes JMP 00007ffc38a596bb .text C:\WINDOWS\system32\taskhostw.exe[4460] C:\WINDOWS\system32\wininet.dll!InternetQueryDataAvailable 00007ffc3891edb0 5 bytes JMP 00007ffc38a596d7 .text C:\WINDOWS\system32\taskhostw.exe[4460] C:\WINDOWS\system32\wininet.dll!HttpSendRequestW 00007ffc389234e0 5 bytes JMP 00007ffc38a59675 .text C:\WINDOWS\system32\taskhostw.exe[4460] C:\WINDOWS\system32\wininet.dll!InternetCloseHandle 00007ffc38924a50 5 bytes JMP 00007ffc38a596ad .text C:\WINDOWS\system32\taskhostw.exe[4460] C:\WINDOWS\system32\wininet.dll!HttpQueryInfoW 00007ffc3892d8e0 5 bytes JMP 00007ffc38a596f3 .text C:\WINDOWS\system32\taskhostw.exe[4460] C:\WINDOWS\system32\wininet.dll!InternetReadFileExA 00007ffc3892e5a0 5 bytes JMP 00007ffc38a596c9 .text C:\WINDOWS\system32\taskhostw.exe[4460] C:\WINDOWS\system32\wininet.dll!HttpQueryInfoA 00007ffc3892edc0 5 bytes JMP 00007ffc38a596e5 .text C:\WINDOWS\system32\taskhostw.exe[4460] C:\WINDOWS\system32\wininet.dll!HttpSendRequestExW 00007ffc3895de20 5 bytes JMP 00007ffc38a59691 .text C:\WINDOWS\system32\taskhostw.exe[4460] C:\WINDOWS\system32\wininet.dll!HttpSendRequestA 00007ffc38964d50 5 bytes JMP 00007ffc38a59683 .text C:\WINDOWS\system32\taskhostw.exe[4460] C:\WINDOWS\System32\WS2_32.dll!recv 00007ffc4ddcafc0 5 bytes JMP 00007ffc4de03905 .text C:\WINDOWS\system32\taskhostw.exe[4460] C:\WINDOWS\System32\WS2_32.dll!closesocket 00007ffc4ddcb720 5 bytes JMP 00007ffc4de038e9 .text C:\WINDOWS\system32\taskhostw.exe[4460] C:\WINDOWS\System32\WS2_32.dll!WSASend 00007ffc4ddcb920 5 bytes JMP 00007ffc4de03913 .text C:\WINDOWS\system32\taskhostw.exe[4460] C:\WINDOWS\System32\WS2_32.dll!send 00007ffc4ddcc520 5 bytes JMP 00007ffc4de038f7 .text C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe[4584] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 00007ffc4dfb9e70 5 bytes JMP 00007ffc4e0b60c9 .text C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe[4584] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateFile 00007ffc4e0558f0 5 bytes JMP 00007ffc4e0b60d7 .text C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe[4584] C:\WINDOWS\System32\user32.dll!PeekMessageA 00007ffc4c37e300 5 bytes JMP 00007ffc4c3fde24 .text C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe[4584] C:\WINDOWS\System32\user32.dll!PeekMessageW 00007ffc4c37e430 5 bytes JMP 00007ffc4c3fde32 .text C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe[4584] C:\WINDOWS\System32\user32.dll!GetMessageA 00007ffc4c37e8b0 5 bytes JMP 00007ffc4c3fde08 .text C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe[4584] C:\WINDOWS\System32\user32.dll!GetMessageW 00007ffc4c384840 5 bytes JMP 00007ffc4c3fde16 .text C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe[4584] C:\WINDOWS\System32\user32.dll!GetClipboardData 00007ffc4c3900d0 5 bytes JMP 00007ffc4c3fde40 .text C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe[4584] C:\WINDOWS\System32\WS2_32.dll!recv 00007ffc4ddcafc0 5 bytes JMP 00007ffc4de03905 .text C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe[4584] C:\WINDOWS\System32\WS2_32.dll!closesocket 00007ffc4ddcb720 5 bytes JMP 00007ffc4de038e9 .text C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe[4584] C:\WINDOWS\System32\WS2_32.dll!WSASend 00007ffc4ddcb920 5 bytes JMP 00007ffc4de03913 .text C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe[4584] C:\WINDOWS\System32\WS2_32.dll!send 00007ffc4ddcc520 5 bytes JMP 00007ffc4de038f7 .text C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe[4584] C:\WINDOWS\SYSTEM32\WININET.dll!HttpSendRequestExA 00007ffc388cd360 5 bytes JMP 00007ffc38a5969f .text C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe[4584] C:\WINDOWS\SYSTEM32\WININET.dll!InternetReadFile 00007ffc388d89f0 5 bytes JMP 00007ffc38a596bb .text C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe[4584] C:\WINDOWS\SYSTEM32\WININET.dll!InternetQueryDataAvailable 00007ffc3891edb0 5 bytes JMP 00007ffc38a596d7 .text C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe[4584] C:\WINDOWS\SYSTEM32\WININET.dll!HttpSendRequestW 00007ffc389234e0 5 bytes JMP 00007ffc38a59675 .text C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe[4584] C:\WINDOWS\SYSTEM32\WININET.dll!InternetCloseHandle 00007ffc38924a50 5 bytes JMP 00007ffc38a596ad .text C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe[4584] C:\WINDOWS\SYSTEM32\WININET.dll!HttpQueryInfoW 00007ffc3892d8e0 5 bytes JMP 00007ffc38a596f3 .text C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe[4584] C:\WINDOWS\SYSTEM32\WININET.dll!InternetReadFileExA 00007ffc3892e5a0 5 bytes JMP 00007ffc38a596c9 .text C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe[4584] C:\WINDOWS\SYSTEM32\WININET.dll!HttpQueryInfoA 00007ffc3892edc0 5 bytes JMP 00007ffc38a596e5 .text C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe[4584] C:\WINDOWS\SYSTEM32\WININET.dll!HttpSendRequestExW 00007ffc3895de20 5 bytes JMP 00007ffc38a59691 .text C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe[4584] C:\WINDOWS\SYSTEM32\WININET.dll!HttpSendRequestA 00007ffc38964d50 5 bytes JMP 00007ffc38a59683 .text C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe[1280] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 00007ffc4dfb9e70 5 bytes JMP 00007ffc4e0b60c9 .text C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe[1280] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateFile 00007ffc4e0558f0 5 bytes JMP 00007ffc4e0b60d7 .text C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe[1280] C:\WINDOWS\System32\user32.dll!PeekMessageA 00007ffc4c37e300 5 bytes JMP 00007ffc4c3fde24 .text C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe[1280] C:\WINDOWS\System32\user32.dll!PeekMessageW 00007ffc4c37e430 5 bytes JMP 00007ffc4c3fde32 .text C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe[1280] C:\WINDOWS\System32\user32.dll!GetMessageA 00007ffc4c37e8b0 5 bytes JMP 00007ffc4c3fde08 .text C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe[1280] C:\WINDOWS\System32\user32.dll!GetMessageW 00007ffc4c384840 5 bytes JMP 00007ffc4c3fde16 .text C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe[1280] C:\WINDOWS\System32\user32.dll!GetClipboardData 00007ffc4c3900d0 5 bytes JMP 00007ffc4c3fde40 .text C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe[1280] C:\WINDOWS\System32\WS2_32.dll!recv 00007ffc4ddcafc0 5 bytes JMP 00007ffc4de03905 .text C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe[1280] C:\WINDOWS\System32\WS2_32.dll!closesocket 00007ffc4ddcb720 5 bytes JMP 00007ffc4de038e9 .text C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe[1280] C:\WINDOWS\System32\WS2_32.dll!WSASend 00007ffc4ddcb920 5 bytes JMP 00007ffc4de03913 .text C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe[1280] C:\WINDOWS\System32\WS2_32.dll!send 00007ffc4ddcc520 5 bytes JMP 00007ffc4de038f7 .text C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe[1280] C:\WINDOWS\SYSTEM32\WININET.dll!HttpSendRequestExA 00007ffc388cd360 5 bytes JMP 00007ffc38a5969f .text C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe[1280] C:\WINDOWS\SYSTEM32\WININET.dll!InternetReadFile 00007ffc388d89f0 5 bytes JMP 00007ffc38a596bb .text C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe[1280] C:\WINDOWS\SYSTEM32\WININET.dll!InternetQueryDataAvailable 00007ffc3891edb0 5 bytes JMP 00007ffc38a596d7 .text C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe[1280] C:\WINDOWS\SYSTEM32\WININET.dll!HttpSendRequestW 00007ffc389234e0 5 bytes JMP 00007ffc38a59675 .text C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe[1280] C:\WINDOWS\SYSTEM32\WININET.dll!InternetCloseHandle 00007ffc38924a50 5 bytes JMP 00007ffc38a596ad .text C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe[1280] C:\WINDOWS\SYSTEM32\WININET.dll!HttpQueryInfoW 00007ffc3892d8e0 5 bytes JMP 00007ffc38a596f3 .text C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe[1280] C:\WINDOWS\SYSTEM32\WININET.dll!InternetReadFileExA 00007ffc3892e5a0 5 bytes JMP 00007ffc38a596c9 .text C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe[1280] C:\WINDOWS\SYSTEM32\WININET.dll!HttpQueryInfoA 00007ffc3892edc0 5 bytes JMP 00007ffc38a596e5 .text C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe[1280] C:\WINDOWS\SYSTEM32\WININET.dll!HttpSendRequestExW 00007ffc3895de20 5 bytes JMP 00007ffc38a59691 .text C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe[1280] C:\WINDOWS\SYSTEM32\WININET.dll!HttpSendRequestA 00007ffc38964d50 5 bytes JMP 00007ffc38a59683 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5976] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 00007ffc4dfb9e70 5 bytes JMP 00007ffc4e0b60c9 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5976] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateFile 00007ffc4e0558f0 5 bytes JMP 00007ffc4e0b60d7 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5976] C:\WINDOWS\System32\USER32.dll!PeekMessageA 00007ffc4c37e300 5 bytes JMP 00007ffc4c3fde24 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5976] C:\WINDOWS\System32\USER32.dll!PeekMessageW 00007ffc4c37e430 5 bytes JMP 00007ffc4c3fde32 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5976] C:\WINDOWS\System32\USER32.dll!GetMessageA 00007ffc4c37e8b0 5 bytes JMP 00007ffc4c3fde08 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5976] C:\WINDOWS\System32\USER32.dll!GetMessageW 00007ffc4c384840 5 bytes JMP 00007ffc4c3fde16 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5976] C:\WINDOWS\System32\USER32.dll!GetClipboardData 00007ffc4c3900d0 5 bytes JMP 00007ffc4c3fde40 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5976] C:\WINDOWS\System32\WS2_32.dll!recv 00007ffc4ddcafc0 5 bytes JMP 00007ffc4de03905 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5976] C:\WINDOWS\System32\WS2_32.dll!closesocket 00007ffc4ddcb720 5 bytes JMP 00007ffc4de038e9 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5976] C:\WINDOWS\System32\WS2_32.dll!WSASend 00007ffc4ddcb920 5 bytes JMP 00007ffc4de03913 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5976] C:\WINDOWS\System32\WS2_32.dll!send 00007ffc4ddcc520 5 bytes JMP 00007ffc4de038f7 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5976] C:\WINDOWS\SYSTEM32\WININET.dll!HttpSendRequestExA 00007ffc388cd360 5 bytes JMP 00007ffc38a5969f .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5976] C:\WINDOWS\SYSTEM32\WININET.dll!InternetReadFile 00007ffc388d89f0 5 bytes JMP 00007ffc38a596bb .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5976] C:\WINDOWS\SYSTEM32\WININET.dll!InternetQueryDataAvailable 00007ffc3891edb0 5 bytes JMP 00007ffc38a596d7 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5976] C:\WINDOWS\SYSTEM32\WININET.dll!HttpSendRequestW 00007ffc389234e0 5 bytes JMP 00007ffc38a59675 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5976] C:\WINDOWS\SYSTEM32\WININET.dll!InternetCloseHandle 00007ffc38924a50 5 bytes JMP 00007ffc38a596ad .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5976] C:\WINDOWS\SYSTEM32\WININET.dll!HttpQueryInfoW 00007ffc3892d8e0 5 bytes JMP 00007ffc38a596f3 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5976] C:\WINDOWS\SYSTEM32\WININET.dll!InternetReadFileExA 00007ffc3892e5a0 5 bytes JMP 00007ffc38a596c9 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5976] C:\WINDOWS\SYSTEM32\WININET.dll!HttpQueryInfoA 00007ffc3892edc0 5 bytes JMP 00007ffc38a596e5 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5976] C:\WINDOWS\SYSTEM32\WININET.dll!HttpSendRequestExW 00007ffc3895de20 5 bytes JMP 00007ffc38a59691 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5976] C:\WINDOWS\SYSTEM32\WININET.dll!HttpSendRequestA 00007ffc38964d50 5 bytes JMP 00007ffc38a59683 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[804] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 00007ffc4dfb9e70 5 bytes JMP 00007ffc4e0b60c9 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[804] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateFile 00007ffc4e0558f0 5 bytes JMP 00007ffc4e0b60d7 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[804] C:\WINDOWS\System32\USER32.dll!PeekMessageA 00007ffc4c37e300 5 bytes JMP 00007ffc4c3fde24 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[804] C:\WINDOWS\System32\USER32.dll!PeekMessageW 00007ffc4c37e430 5 bytes JMP 00007ffc4c3fde32 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[804] C:\WINDOWS\System32\USER32.dll!GetMessageA 00007ffc4c37e8b0 5 bytes JMP 00007ffc4c3fde08 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[804] C:\WINDOWS\System32\USER32.dll!GetMessageW 00007ffc4c384840 5 bytes JMP 00007ffc4c3fde16 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[804] C:\WINDOWS\System32\USER32.dll!GetClipboardData 00007ffc4c3900d0 5 bytes JMP 00007ffc4c3fde40 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[804] C:\WINDOWS\System32\WS2_32.dll!recv 00007ffc4ddcafc0 5 bytes JMP 00007ffc4de03905 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[804] C:\WINDOWS\System32\WS2_32.dll!closesocket 00007ffc4ddcb720 5 bytes JMP 00007ffc4de038e9 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[804] C:\WINDOWS\System32\WS2_32.dll!WSASend 00007ffc4ddcb920 5 bytes JMP 00007ffc4de03913 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[804] C:\WINDOWS\System32\WS2_32.dll!send 00007ffc4ddcc520 5 bytes JMP 00007ffc4de038f7 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[804] C:\WINDOWS\SYSTEM32\WININET.dll!HttpSendRequestExA 00007ffc388cd360 5 bytes JMP 00007ffc38a5969f .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[804] C:\WINDOWS\SYSTEM32\WININET.dll!InternetReadFile 00007ffc388d89f0 5 bytes JMP 00007ffc38a596bb .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[804] C:\WINDOWS\SYSTEM32\WININET.dll!InternetQueryDataAvailable 00007ffc3891edb0 5 bytes JMP 00007ffc38a596d7 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[804] C:\WINDOWS\SYSTEM32\WININET.dll!HttpSendRequestW 00007ffc389234e0 5 bytes JMP 00007ffc38a59675 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[804] C:\WINDOWS\SYSTEM32\WININET.dll!InternetCloseHandle 00007ffc38924a50 5 bytes JMP 00007ffc38a596ad .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[804] C:\WINDOWS\SYSTEM32\WININET.dll!HttpQueryInfoW 00007ffc3892d8e0 5 bytes JMP 00007ffc38a596f3 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[804] C:\WINDOWS\SYSTEM32\WININET.dll!InternetReadFileExA 00007ffc3892e5a0 5 bytes JMP 00007ffc38a596c9 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[804] C:\WINDOWS\SYSTEM32\WININET.dll!HttpQueryInfoA 00007ffc3892edc0 5 bytes JMP 00007ffc38a596e5 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[804] C:\WINDOWS\SYSTEM32\WININET.dll!HttpSendRequestExW 00007ffc3895de20 5 bytes JMP 00007ffc38a59691 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[804] C:\WINDOWS\SYSTEM32\WININET.dll!HttpSendRequestA 00007ffc38964d50 5 bytes JMP 00007ffc38a59683 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[452] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 00007ffc4dfb9e70 5 bytes JMP 00007ffc4e0b60c9 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[452] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateFile 00007ffc4e0558f0 5 bytes JMP 00007ffc4e0b60d7 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[452] C:\WINDOWS\System32\USER32.dll!PeekMessageA 00007ffc4c37e300 5 bytes JMP 00007ffc4c3fde24 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[452] C:\WINDOWS\System32\USER32.dll!PeekMessageW 00007ffc4c37e430 5 bytes JMP 00007ffc4c3fde32 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[452] C:\WINDOWS\System32\USER32.dll!GetMessageA 00007ffc4c37e8b0 5 bytes JMP 00007ffc4c3fde08 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[452] C:\WINDOWS\System32\USER32.dll!GetMessageW 00007ffc4c384840 5 bytes JMP 00007ffc4c3fde16 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[452] C:\WINDOWS\System32\USER32.dll!GetClipboardData 00007ffc4c3900d0 5 bytes JMP 00007ffc4c3fde40 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[452] C:\WINDOWS\System32\WS2_32.dll!recv 00007ffc4ddcafc0 5 bytes JMP 00007ffc4de03905 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[452] C:\WINDOWS\System32\WS2_32.dll!closesocket 00007ffc4ddcb720 5 bytes JMP 00007ffc4de038e9 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[452] C:\WINDOWS\System32\WS2_32.dll!WSASend 00007ffc4ddcb920 5 bytes JMP 00007ffc4de03913 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[452] C:\WINDOWS\System32\WS2_32.dll!send 00007ffc4ddcc520 5 bytes JMP 00007ffc4de038f7 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[452] C:\WINDOWS\SYSTEM32\WININET.dll!HttpSendRequestExA 00007ffc388cd360 5 bytes JMP 00007ffc38a5969f .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[452] C:\WINDOWS\SYSTEM32\WININET.dll!InternetReadFile 00007ffc388d89f0 5 bytes JMP 00007ffc38a596bb .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[452] C:\WINDOWS\SYSTEM32\WININET.dll!InternetQueryDataAvailable 00007ffc3891edb0 5 bytes JMP 00007ffc38a596d7 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[452] C:\WINDOWS\SYSTEM32\WININET.dll!HttpSendRequestW 00007ffc389234e0 5 bytes JMP 00007ffc38a59675 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[452] C:\WINDOWS\SYSTEM32\WININET.dll!InternetCloseHandle 00007ffc38924a50 5 bytes JMP 00007ffc38a596ad .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[452] C:\WINDOWS\SYSTEM32\WININET.dll!HttpQueryInfoW 00007ffc3892d8e0 5 bytes JMP 00007ffc38a596f3 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[452] C:\WINDOWS\SYSTEM32\WININET.dll!InternetReadFileExA 00007ffc3892e5a0 5 bytes JMP 00007ffc38a596c9 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[452] C:\WINDOWS\SYSTEM32\WININET.dll!HttpQueryInfoA 00007ffc3892edc0 5 bytes JMP 00007ffc38a596e5 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[452] C:\WINDOWS\SYSTEM32\WININET.dll!HttpSendRequestExW 00007ffc3895de20 5 bytes JMP 00007ffc38a59691 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[452] C:\WINDOWS\SYSTEM32\WININET.dll!HttpSendRequestA 00007ffc38964d50 5 bytes JMP 00007ffc38a59683 .text C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe[6196] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 00007ffc4dfb9e70 5 bytes JMP 00007ffc4e0b60c9 .text C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe[6196] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateFile 00007ffc4e0558f0 5 bytes JMP 00007ffc4e0b60d7 .text C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe[6196] C:\WINDOWS\System32\USER32.dll!PeekMessageA 00007ffc4c37e300 5 bytes JMP 00007ffc4c3fde24 .text C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe[6196] C:\WINDOWS\System32\USER32.dll!PeekMessageW 00007ffc4c37e430 5 bytes JMP 00007ffc4c3fde32 .text C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe[6196] C:\WINDOWS\System32\USER32.dll!GetMessageA 00007ffc4c37e8b0 5 bytes JMP 00007ffc4c3fde08 .text C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe[6196] C:\WINDOWS\System32\USER32.dll!GetMessageW 00007ffc4c384840 5 bytes JMP 00007ffc4c3fde16 .text C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe[6196] C:\WINDOWS\System32\USER32.dll!GetClipboardData 00007ffc4c3900d0 5 bytes JMP 00007ffc4c3fde40 .text C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe[6196] C:\WINDOWS\System32\WS2_32.dll!recv 00007ffc4ddcafc0 5 bytes JMP 00007ffc4de03905 .text C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe[6196] C:\WINDOWS\System32\WS2_32.dll!closesocket 00007ffc4ddcb720 5 bytes JMP 00007ffc4de038e9 .text C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe[6196] C:\WINDOWS\System32\WS2_32.dll!WSASend 00007ffc4ddcb920 5 bytes JMP 00007ffc4de03913 .text C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe[6196] C:\WINDOWS\System32\WS2_32.dll!send 00007ffc4ddcc520 5 bytes JMP 00007ffc4de038f7 .text C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe[6196] C:\WINDOWS\SYSTEM32\WININET.dll!HttpSendRequestExA 00007ffc388cd360 5 bytes JMP 00007ffc38a5969f .text C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe[6196] C:\WINDOWS\SYSTEM32\WININET.dll!InternetReadFile 00007ffc388d89f0 5 bytes JMP 00007ffc38a596bb .text C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe[6196] C:\WINDOWS\SYSTEM32\WININET.dll!InternetQueryDataAvailable 00007ffc3891edb0 5 bytes JMP 00007ffc38a596d7 .text C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe[6196] C:\WINDOWS\SYSTEM32\WININET.dll!HttpSendRequestW 00007ffc389234e0 5 bytes JMP 00007ffc38a59675 .text C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe[6196] C:\WINDOWS\SYSTEM32\WININET.dll!InternetCloseHandle 00007ffc38924a50 5 bytes JMP 00007ffc38a596ad .text C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe[6196] C:\WINDOWS\SYSTEM32\WININET.dll!HttpQueryInfoW 00007ffc3892d8e0 5 bytes JMP 00007ffc38a596f3 .text C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe[6196] C:\WINDOWS\SYSTEM32\WININET.dll!InternetReadFileExA 00007ffc3892e5a0 5 bytes JMP 00007ffc38a596c9 .text C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe[6196] C:\WINDOWS\SYSTEM32\WININET.dll!HttpQueryInfoA 00007ffc3892edc0 5 bytes JMP 00007ffc38a596e5 .text C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe[6196] C:\WINDOWS\SYSTEM32\WININET.dll!HttpSendRequestExW 00007ffc3895de20 5 bytes JMP 00007ffc38a59691 .text C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe[6196] C:\WINDOWS\SYSTEM32\WININET.dll!HttpSendRequestA 00007ffc38964d50 5 bytes JMP 00007ffc38a59683 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1424] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 00007ffc4dfb9e70 5 bytes JMP 00007ffc4e0b60c9 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1424] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateFile 00007ffc4e0558f0 5 bytes JMP 00007ffc4e0b60d7 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1424] C:\WINDOWS\System32\USER32.dll!PeekMessageA 00007ffc4c37e300 5 bytes JMP 00007ffc4c3fde24 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1424] C:\WINDOWS\System32\USER32.dll!PeekMessageW 00007ffc4c37e430 5 bytes JMP 00007ffc4c3fde32 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1424] C:\WINDOWS\System32\USER32.dll!GetMessageA 00007ffc4c37e8b0 5 bytes JMP 00007ffc4c3fde08 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1424] C:\WINDOWS\System32\USER32.dll!GetMessageW 00007ffc4c384840 5 bytes JMP 00007ffc4c3fde16 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1424] C:\WINDOWS\System32\USER32.dll!GetClipboardData 00007ffc4c3900d0 5 bytes JMP 00007ffc4c3fde40 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1424] C:\WINDOWS\System32\WS2_32.dll!recv 00007ffc4ddcafc0 5 bytes JMP 00007ffc4de03905 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1424] C:\WINDOWS\System32\WS2_32.dll!closesocket 00007ffc4ddcb720 5 bytes JMP 00007ffc4de038e9 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1424] C:\WINDOWS\System32\WS2_32.dll!WSASend 00007ffc4ddcb920 5 bytes JMP 00007ffc4de03913 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1424] C:\WINDOWS\System32\WS2_32.dll!send 00007ffc4ddcc520 5 bytes JMP 00007ffc4de038f7 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1424] C:\WINDOWS\SYSTEM32\WININET.dll!HttpSendRequestExA 00007ffc388cd360 5 bytes JMP 00007ffc38a5969f .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1424] C:\WINDOWS\SYSTEM32\WININET.dll!InternetReadFile 00007ffc388d89f0 5 bytes JMP 00007ffc38a596bb .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1424] C:\WINDOWS\SYSTEM32\WININET.dll!InternetQueryDataAvailable 00007ffc3891edb0 5 bytes JMP 00007ffc38a596d7 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1424] C:\WINDOWS\SYSTEM32\WININET.dll!HttpSendRequestW 00007ffc389234e0 5 bytes JMP 00007ffc38a59675 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1424] C:\WINDOWS\SYSTEM32\WININET.dll!InternetCloseHandle 00007ffc38924a50 5 bytes JMP 00007ffc38a596ad .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1424] C:\WINDOWS\SYSTEM32\WININET.dll!HttpQueryInfoW 00007ffc3892d8e0 5 bytes JMP 00007ffc38a596f3 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1424] C:\WINDOWS\SYSTEM32\WININET.dll!InternetReadFileExA 00007ffc3892e5a0 5 bytes JMP 00007ffc38a596c9 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1424] C:\WINDOWS\SYSTEM32\WININET.dll!HttpQueryInfoA 00007ffc3892edc0 5 bytes JMP 00007ffc38a596e5 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1424] C:\WINDOWS\SYSTEM32\WININET.dll!HttpSendRequestExW 00007ffc3895de20 5 bytes JMP 00007ffc38a59691 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1424] C:\WINDOWS\SYSTEM32\WININET.dll!HttpSendRequestA 00007ffc38964d50 5 bytes JMP 00007ffc38a59683 .text C:\Program Files (x86)\Realtek\Realtek Bluetooth\SkypePlugin.exe[7180] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 00007ffc4dfb9e70 5 bytes JMP 00007ffc4e0b60c9 .text C:\Program Files (x86)\Realtek\Realtek Bluetooth\SkypePlugin.exe[7180] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateFile 00007ffc4e0558f0 5 bytes JMP 00007ffc4e0b60d7 .text C:\Program Files (x86)\Realtek\Realtek Bluetooth\SkypePlugin.exe[7180] C:\WINDOWS\System32\USER32.dll!PeekMessageA 00007ffc4c37e300 5 bytes JMP 00007ffc4c3fde24 .text C:\Program Files (x86)\Realtek\Realtek Bluetooth\SkypePlugin.exe[7180] C:\WINDOWS\System32\USER32.dll!PeekMessageW 00007ffc4c37e430 5 bytes JMP 00007ffc4c3fde32 .text C:\Program Files (x86)\Realtek\Realtek Bluetooth\SkypePlugin.exe[7180] C:\WINDOWS\System32\USER32.dll!GetMessageA 00007ffc4c37e8b0 5 bytes JMP 00007ffc4c3fde08 .text C:\Program Files (x86)\Realtek\Realtek Bluetooth\SkypePlugin.exe[7180] C:\WINDOWS\System32\USER32.dll!GetMessageW 00007ffc4c384840 5 bytes JMP 00007ffc4c3fde16 .text C:\Program Files (x86)\Realtek\Realtek Bluetooth\SkypePlugin.exe[7180] C:\WINDOWS\System32\USER32.dll!GetClipboardData 00007ffc4c3900d0 5 bytes JMP 00007ffc4c3fde40 .text C:\Program Files (x86)\Realtek\Realtek Bluetooth\SkypePlugin.exe[7180] C:\WINDOWS\System32\WS2_32.dll!recv 00007ffc4ddcafc0 5 bytes JMP 00007ffc4de03905 .text C:\Program Files (x86)\Realtek\Realtek Bluetooth\SkypePlugin.exe[7180] C:\WINDOWS\System32\WS2_32.dll!closesocket 00007ffc4ddcb720 5 bytes JMP 00007ffc4de038e9 .text C:\Program Files (x86)\Realtek\Realtek Bluetooth\SkypePlugin.exe[7180] C:\WINDOWS\System32\WS2_32.dll!WSASend 00007ffc4ddcb920 5 bytes JMP 00007ffc4de03913 .text C:\Program Files (x86)\Realtek\Realtek Bluetooth\SkypePlugin.exe[7180] C:\WINDOWS\System32\WS2_32.dll!send 00007ffc4ddcc520 5 bytes JMP 00007ffc4de038f7 .text C:\Program Files (x86)\Realtek\Realtek Bluetooth\SkypePlugin.exe[7180] C:\WINDOWS\SYSTEM32\WININET.dll!HttpSendRequestExA 00007ffc388cd360 5 bytes JMP 00007ffc38a5969f .text C:\Program Files (x86)\Realtek\Realtek Bluetooth\SkypePlugin.exe[7180] C:\WINDOWS\SYSTEM32\WININET.dll!InternetReadFile 00007ffc388d89f0 5 bytes JMP 00007ffc38a596bb .text C:\Program Files (x86)\Realtek\Realtek Bluetooth\SkypePlugin.exe[7180] C:\WINDOWS\SYSTEM32\WININET.dll!InternetQueryDataAvailable 00007ffc3891edb0 5 bytes JMP 00007ffc38a596d7 .text C:\Program Files (x86)\Realtek\Realtek Bluetooth\SkypePlugin.exe[7180] C:\WINDOWS\SYSTEM32\WININET.dll!HttpSendRequestW 00007ffc389234e0 5 bytes JMP 00007ffc38a59675 .text C:\Program Files (x86)\Realtek\Realtek Bluetooth\SkypePlugin.exe[7180] C:\WINDOWS\SYSTEM32\WININET.dll!InternetCloseHandle 00007ffc38924a50 5 bytes JMP 00007ffc38a596ad .text C:\Program Files (x86)\Realtek\Realtek Bluetooth\SkypePlugin.exe[7180] C:\WINDOWS\SYSTEM32\WININET.dll!HttpQueryInfoW 00007ffc3892d8e0 5 bytes JMP 00007ffc38a596f3 .text C:\Program Files (x86)\Realtek\Realtek Bluetooth\SkypePlugin.exe[7180] C:\WINDOWS\SYSTEM32\WININET.dll!InternetReadFileExA 00007ffc3892e5a0 5 bytes JMP 00007ffc38a596c9 .text C:\Program Files (x86)\Realtek\Realtek Bluetooth\SkypePlugin.exe[7180] C:\WINDOWS\SYSTEM32\WININET.dll!HttpQueryInfoA 00007ffc3892edc0 5 bytes JMP 00007ffc38a596e5 .text C:\Program Files (x86)\Realtek\Realtek Bluetooth\SkypePlugin.exe[7180] C:\WINDOWS\SYSTEM32\WININET.dll!HttpSendRequestExW 00007ffc3895de20 5 bytes JMP 00007ffc38a59691 .text C:\Program Files (x86)\Realtek\Realtek Bluetooth\SkypePlugin.exe[7180] C:\WINDOWS\SYSTEM32\WININET.dll!HttpSendRequestA 00007ffc38964d50 5 bytes JMP 00007ffc38a59683 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[7388] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 00007ffc4dfb9e70 5 bytes JMP 00007ffc4e0b60c9 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[7388] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateFile 00007ffc4e0558f0 5 bytes JMP 00007ffc4e0b60d7 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[7388] C:\WINDOWS\System32\USER32.dll!PeekMessageA 00007ffc4c37e300 5 bytes JMP 00007ffc4c3fde24 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[7388] C:\WINDOWS\System32\USER32.dll!PeekMessageW 00007ffc4c37e430 5 bytes JMP 00007ffc4c3fde32 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[7388] C:\WINDOWS\System32\USER32.dll!GetMessageA 00007ffc4c37e8b0 5 bytes JMP 00007ffc4c3fde08 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[7388] C:\WINDOWS\System32\USER32.dll!GetMessageW 00007ffc4c384840 5 bytes JMP 00007ffc4c3fde16 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[7388] C:\WINDOWS\System32\USER32.dll!GetClipboardData 00007ffc4c3900d0 5 bytes JMP 00007ffc4c3fde40 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[7388] C:\WINDOWS\System32\WS2_32.dll!recv 00007ffc4ddcafc0 5 bytes JMP 00007ffc4de03905 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[7388] C:\WINDOWS\System32\WS2_32.dll!closesocket 00007ffc4ddcb720 5 bytes JMP 00007ffc4de038e9 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[7388] C:\WINDOWS\System32\WS2_32.dll!WSASend 00007ffc4ddcb920 5 bytes JMP 00007ffc4de03913 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[7388] C:\WINDOWS\System32\WS2_32.dll!send 00007ffc4ddcc520 5 bytes JMP 00007ffc4de038f7 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[7388] C:\WINDOWS\SYSTEM32\WININET.dll!HttpSendRequestExA 00007ffc388cd360 5 bytes JMP 00007ffc38a5969f .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[7388] C:\WINDOWS\SYSTEM32\WININET.dll!InternetReadFile 00007ffc388d89f0 5 bytes JMP 00007ffc38a596bb .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[7388] C:\WINDOWS\SYSTEM32\WININET.dll!InternetQueryDataAvailable 00007ffc3891edb0 5 bytes JMP 00007ffc38a596d7 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[7388] C:\WINDOWS\SYSTEM32\WININET.dll!HttpSendRequestW 00007ffc389234e0 5 bytes JMP 00007ffc38a59675 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[7388] C:\WINDOWS\SYSTEM32\WININET.dll!InternetCloseHandle 00007ffc38924a50 5 bytes JMP 00007ffc38a596ad .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[7388] C:\WINDOWS\SYSTEM32\WININET.dll!HttpQueryInfoW 00007ffc3892d8e0 5 bytes JMP 00007ffc38a596f3 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[7388] C:\WINDOWS\SYSTEM32\WININET.dll!InternetReadFileExA 00007ffc3892e5a0 5 bytes JMP 00007ffc38a596c9 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[7388] C:\WINDOWS\SYSTEM32\WININET.dll!HttpQueryInfoA 00007ffc3892edc0 5 bytes JMP 00007ffc38a596e5 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[7388] C:\WINDOWS\SYSTEM32\WININET.dll!HttpSendRequestExW 00007ffc3895de20 5 bytes JMP 00007ffc38a59691 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[7388] C:\WINDOWS\SYSTEM32\WININET.dll!HttpSendRequestA 00007ffc38964d50 5 bytes JMP 00007ffc38a59683 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[7388] C:\WINDOWS\System32\CRYPT32.dll!PFXImportCertStore 00007ffc4b271020 5 bytes JMP 00007ffc4b36606a ? C:\WINDOWS\system32\apphelp.dll [7560] entry point in ".rdata" section 00000000693af7c0 ? C:\WINDOWS\SYSTEM32\iertutil.dll [7560] entry point in ".rdata" section 0000000068b91590 .text C:\WINDOWS\system32\conhost.exe[5140] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 00007ffc4dfb9e70 5 bytes JMP 00007ffc4e0b60c9 .text C:\WINDOWS\system32\conhost.exe[5140] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateFile 00007ffc4e0558f0 5 bytes JMP 00007ffc4e0b60d7 .text C:\WINDOWS\system32\conhost.exe[5140] C:\WINDOWS\System32\USER32.dll!PeekMessageA 00007ffc4c37e300 5 bytes JMP 00007ffc4c3fde24 .text C:\WINDOWS\system32\conhost.exe[5140] C:\WINDOWS\System32\USER32.dll!PeekMessageW 00007ffc4c37e430 5 bytes JMP 00007ffc4c3fde32 .text C:\WINDOWS\system32\conhost.exe[5140] C:\WINDOWS\System32\USER32.dll!GetMessageA 00007ffc4c37e8b0 5 bytes JMP 00007ffc4c3fde08 .text C:\WINDOWS\system32\conhost.exe[5140] C:\WINDOWS\System32\USER32.dll!GetMessageW 00007ffc4c384840 5 bytes JMP 00007ffc4c3fde16 .text C:\WINDOWS\system32\conhost.exe[5140] C:\WINDOWS\System32\USER32.dll!GetClipboardData 00007ffc4c3900d0 5 bytes JMP 00007ffc4c3fde40 .text C:\WINDOWS\system32\conhost.exe[5140] C:\WINDOWS\System32\WS2_32.dll!recv 00007ffc4ddcafc0 5 bytes JMP 00007ffc4de03905 .text C:\WINDOWS\system32\conhost.exe[5140] C:\WINDOWS\System32\WS2_32.dll!closesocket 00007ffc4ddcb720 5 bytes JMP 00007ffc4de038e9 .text C:\WINDOWS\system32\conhost.exe[5140] C:\WINDOWS\System32\WS2_32.dll!WSASend 00007ffc4ddcb920 5 bytes JMP 00007ffc4de03913 .text C:\WINDOWS\system32\conhost.exe[5140] C:\WINDOWS\System32\WS2_32.dll!send 00007ffc4ddcc520 5 bytes JMP 00007ffc4de038f7 .text C:\WINDOWS\system32\conhost.exe[5140] C:\WINDOWS\system32\WININET.dll!HttpSendRequestExA 00007ffc388cd360 5 bytes JMP 00007ffc38a5969f .text C:\WINDOWS\system32\conhost.exe[5140] C:\WINDOWS\system32\WININET.dll!InternetReadFile 00007ffc388d89f0 5 bytes JMP 00007ffc38a596bb .text C:\WINDOWS\system32\conhost.exe[5140] C:\WINDOWS\system32\WININET.dll!InternetQueryDataAvailable 00007ffc3891edb0 5 bytes JMP 00007ffc38a596d7 .text C:\WINDOWS\system32\conhost.exe[5140] C:\WINDOWS\system32\WININET.dll!HttpSendRequestW 00007ffc389234e0 5 bytes JMP 00007ffc38a59675 .text C:\WINDOWS\system32\conhost.exe[5140] C:\WINDOWS\system32\WININET.dll!InternetCloseHandle 00007ffc38924a50 5 bytes JMP 00007ffc38a596ad .text C:\WINDOWS\system32\conhost.exe[5140] C:\WINDOWS\system32\WININET.dll!HttpQueryInfoW 00007ffc3892d8e0 5 bytes JMP 00007ffc38a596f3 .text C:\WINDOWS\system32\conhost.exe[5140] C:\WINDOWS\system32\WININET.dll!InternetReadFileExA 00007ffc3892e5a0 5 bytes JMP 00007ffc38a596c9 .text C:\WINDOWS\system32\conhost.exe[5140] C:\WINDOWS\system32\WININET.dll!HttpQueryInfoA 00007ffc3892edc0 5 bytes JMP 00007ffc38a596e5 .text C:\WINDOWS\system32\conhost.exe[5140] C:\WINDOWS\system32\WININET.dll!HttpSendRequestExW 00007ffc3895de20 5 bytes JMP 00007ffc38a59691 .text C:\WINDOWS\system32\conhost.exe[5140] C:\WINDOWS\system32\WININET.dll!HttpSendRequestA 00007ffc38964d50 5 bytes JMP 00007ffc38a59683 .text C:\Windows\System32\InstallAgent.exe[8508] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 00007ffc4dfb9e70 5 bytes JMP 00007ffc4e0b60c9 .text C:\Windows\System32\InstallAgent.exe[8508] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateFile 00007ffc4e0558f0 5 bytes JMP 00007ffc4e0b60d7 .text C:\Windows\System32\InstallAgent.exe[8508] C:\WINDOWS\System32\user32.dll!PeekMessageA 00007ffc4c37e300 5 bytes JMP 00007ffc4c3fde24 .text C:\Windows\System32\InstallAgent.exe[8508] C:\WINDOWS\System32\user32.dll!PeekMessageW 00007ffc4c37e430 5 bytes JMP 00007ffc4c3fde32 .text C:\Windows\System32\InstallAgent.exe[8508] C:\WINDOWS\System32\user32.dll!GetMessageA 00007ffc4c37e8b0 5 bytes JMP 00007ffc4c3fde08 .text C:\Windows\System32\InstallAgent.exe[8508] C:\WINDOWS\System32\user32.dll!GetMessageW 00007ffc4c384840 5 bytes JMP 00007ffc4c3fde16 .text C:\Windows\System32\InstallAgent.exe[8508] C:\WINDOWS\System32\user32.dll!GetClipboardData 00007ffc4c3900d0 5 bytes JMP 00007ffc4c3fde40 .text C:\Windows\System32\InstallAgent.exe[8508] C:\WINDOWS\System32\WS2_32.dll!recv 00007ffc4ddcafc0 5 bytes JMP 00007ffc4de03905 .text C:\Windows\System32\InstallAgent.exe[8508] C:\WINDOWS\System32\WS2_32.dll!closesocket 00007ffc4ddcb720 5 bytes JMP 00007ffc4de038e9 .text C:\Windows\System32\InstallAgent.exe[8508] C:\WINDOWS\System32\WS2_32.dll!WSASend 00007ffc4ddcb920 5 bytes JMP 00007ffc4de03913 .text C:\Windows\System32\InstallAgent.exe[8508] C:\WINDOWS\System32\WS2_32.dll!send 00007ffc4ddcc520 5 bytes JMP 00007ffc4de038f7 .text C:\Windows\System32\InstallAgent.exe[8508] C:\Windows\System32\WININET.dll!HttpSendRequestExA 00007ffc388cd360 5 bytes JMP 00007ffc38a5969f .text C:\Windows\System32\InstallAgent.exe[8508] C:\Windows\System32\WININET.dll!InternetReadFile 00007ffc388d89f0 5 bytes JMP 00007ffc38a596bb .text C:\Windows\System32\InstallAgent.exe[8508] C:\Windows\System32\WININET.dll!InternetQueryDataAvailable 00007ffc3891edb0 5 bytes JMP 00007ffc38a596d7 .text C:\Windows\System32\InstallAgent.exe[8508] C:\Windows\System32\WININET.dll!HttpSendRequestW 00007ffc389234e0 5 bytes JMP 00007ffc38a59675 .text C:\Windows\System32\InstallAgent.exe[8508] C:\Windows\System32\WININET.dll!InternetCloseHandle 00007ffc38924a50 5 bytes JMP 00007ffc38a596ad .text C:\Windows\System32\InstallAgent.exe[8508] C:\Windows\System32\WININET.dll!HttpQueryInfoW 00007ffc3892d8e0 5 bytes JMP 00007ffc38a596f3 .text C:\Windows\System32\InstallAgent.exe[8508] C:\Windows\System32\WININET.dll!InternetReadFileExA 00007ffc3892e5a0 5 bytes JMP 00007ffc38a596c9 .text C:\Windows\System32\InstallAgent.exe[8508] C:\Windows\System32\WININET.dll!HttpQueryInfoA 00007ffc3892edc0 5 bytes JMP 00007ffc38a596e5 .text C:\Windows\System32\InstallAgent.exe[8508] C:\Windows\System32\WININET.dll!HttpSendRequestExW 00007ffc3895de20 5 bytes JMP 00007ffc38a59691 .text C:\Windows\System32\InstallAgent.exe[8508] C:\Windows\System32\WININET.dll!HttpSendRequestA 00007ffc38964d50 5 bytes JMP 00007ffc38a59683 .text C:\Windows\System32\InstallAgentUserBroker.exe[8560] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 00007ffc4dfb9e70 5 bytes JMP 00007ffc4e0b60c9 .text C:\Windows\System32\InstallAgentUserBroker.exe[8560] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateFile 00007ffc4e0558f0 5 bytes JMP 00007ffc4e0b60d7 .text C:\Windows\System32\InstallAgentUserBroker.exe[8560] C:\WINDOWS\System32\user32.dll!PeekMessageA 00007ffc4c37e300 5 bytes JMP 00007ffc4c3fde24 .text C:\Windows\System32\InstallAgentUserBroker.exe[8560] C:\WINDOWS\System32\user32.dll!PeekMessageW 00007ffc4c37e430 5 bytes JMP 00007ffc4c3fde32 .text C:\Windows\System32\InstallAgentUserBroker.exe[8560] C:\WINDOWS\System32\user32.dll!GetMessageA 00007ffc4c37e8b0 5 bytes JMP 00007ffc4c3fde08 .text C:\Windows\System32\InstallAgentUserBroker.exe[8560] C:\WINDOWS\System32\user32.dll!GetMessageW 00007ffc4c384840 5 bytes JMP 00007ffc4c3fde16 .text C:\Windows\System32\InstallAgentUserBroker.exe[8560] C:\WINDOWS\System32\user32.dll!GetClipboardData 00007ffc4c3900d0 5 bytes JMP 00007ffc4c3fde40 .text C:\Windows\System32\InstallAgentUserBroker.exe[8560] C:\WINDOWS\System32\WS2_32.dll!recv 00007ffc4ddcafc0 5 bytes JMP 00007ffc4de03905 .text C:\Windows\System32\InstallAgentUserBroker.exe[8560] C:\WINDOWS\System32\WS2_32.dll!closesocket 00007ffc4ddcb720 5 bytes JMP 00007ffc4de038e9 .text C:\Windows\System32\InstallAgentUserBroker.exe[8560] C:\WINDOWS\System32\WS2_32.dll!WSASend 00007ffc4ddcb920 5 bytes JMP 00007ffc4de03913 .text C:\Windows\System32\InstallAgentUserBroker.exe[8560] C:\WINDOWS\System32\WS2_32.dll!send 00007ffc4ddcc520 5 bytes JMP 00007ffc4de038f7 .text C:\Windows\System32\InstallAgentUserBroker.exe[8560] C:\Windows\System32\WININET.dll!HttpSendRequestExA 00007ffc388cd360 5 bytes JMP 00007ffc38a5969f .text C:\Windows\System32\InstallAgentUserBroker.exe[8560] C:\Windows\System32\WININET.dll!InternetReadFile 00007ffc388d89f0 5 bytes JMP 00007ffc38a596bb .text C:\Windows\System32\InstallAgentUserBroker.exe[8560] C:\Windows\System32\WININET.dll!InternetQueryDataAvailable 00007ffc3891edb0 5 bytes JMP 00007ffc38a596d7 .text C:\Windows\System32\InstallAgentUserBroker.exe[8560] C:\Windows\System32\WININET.dll!HttpSendRequestW 00007ffc389234e0 5 bytes JMP 00007ffc38a59675 .text C:\Windows\System32\InstallAgentUserBroker.exe[8560] C:\Windows\System32\WININET.dll!InternetCloseHandle 00007ffc38924a50 5 bytes JMP 00007ffc38a596ad .text C:\Windows\System32\InstallAgentUserBroker.exe[8560] C:\Windows\System32\WININET.dll!HttpQueryInfoW 00007ffc3892d8e0 5 bytes JMP 00007ffc38a596f3 .text C:\Windows\System32\InstallAgentUserBroker.exe[8560] C:\Windows\System32\WININET.dll!InternetReadFileExA 00007ffc3892e5a0 5 bytes JMP 00007ffc38a596c9 .text C:\Windows\System32\InstallAgentUserBroker.exe[8560] C:\Windows\System32\WININET.dll!HttpQueryInfoA 00007ffc3892edc0 5 bytes JMP 00007ffc38a596e5 .text C:\Windows\System32\InstallAgentUserBroker.exe[8560] C:\Windows\System32\WININET.dll!HttpSendRequestExW 00007ffc3895de20 5 bytes JMP 00007ffc38a59691 .text C:\Windows\System32\InstallAgentUserBroker.exe[8560] C:\Windows\System32\WININET.dll!HttpSendRequestA 00007ffc38964d50 5 bytes JMP 00007ffc38a59683 .text C:\WINDOWS\system32\DllHost.exe[7144] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 00007ffc4dfb9e70 5 bytes JMP 00007ffc4e0b60c9 .text C:\WINDOWS\system32\DllHost.exe[7144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateFile 00007ffc4e0558f0 5 bytes JMP 00007ffc4e0b60d7 .text C:\WINDOWS\system32\DllHost.exe[7144] C:\WINDOWS\System32\user32.dll!PeekMessageA 00007ffc4c37e300 5 bytes JMP 00007ffc4c3fde24 .text C:\WINDOWS\system32\DllHost.exe[7144] C:\WINDOWS\System32\user32.dll!PeekMessageW 00007ffc4c37e430 5 bytes JMP 00007ffc4c3fde32 .text C:\WINDOWS\system32\DllHost.exe[7144] C:\WINDOWS\System32\user32.dll!GetMessageA 00007ffc4c37e8b0 5 bytes JMP 00007ffc4c3fde08 .text C:\WINDOWS\system32\DllHost.exe[7144] C:\WINDOWS\System32\user32.dll!GetMessageW 00007ffc4c384840 5 bytes JMP 00007ffc4c3fde16 .text C:\WINDOWS\system32\DllHost.exe[7144] C:\WINDOWS\System32\user32.dll!GetClipboardData 00007ffc4c3900d0 5 bytes JMP 00007ffc4c3fde40 .text C:\WINDOWS\system32\DllHost.exe[7144] C:\WINDOWS\System32\WS2_32.dll!recv 00007ffc4ddcafc0 5 bytes JMP 00007ffc4de03905 .text C:\WINDOWS\system32\DllHost.exe[7144] C:\WINDOWS\System32\WS2_32.dll!closesocket 00007ffc4ddcb720 5 bytes JMP 00007ffc4de038e9 .text C:\WINDOWS\system32\DllHost.exe[7144] C:\WINDOWS\System32\WS2_32.dll!WSASend 00007ffc4ddcb920 5 bytes JMP 00007ffc4de03913 .text C:\WINDOWS\system32\DllHost.exe[7144] C:\WINDOWS\System32\WS2_32.dll!send 00007ffc4ddcc520 5 bytes JMP 00007ffc4de038f7 .text C:\WINDOWS\system32\DllHost.exe[7144] C:\WINDOWS\system32\WININET.dll!HttpSendRequestExA 00007ffc388cd360 5 bytes JMP 00007ffc38a5969f .text C:\WINDOWS\system32\DllHost.exe[7144] C:\WINDOWS\system32\WININET.dll!InternetReadFile 00007ffc388d89f0 5 bytes JMP 00007ffc38a596bb .text C:\WINDOWS\system32\DllHost.exe[7144] C:\WINDOWS\system32\WININET.dll!InternetQueryDataAvailable 00007ffc3891edb0 5 bytes JMP 00007ffc38a596d7 .text C:\WINDOWS\system32\DllHost.exe[7144] C:\WINDOWS\system32\WININET.dll!HttpSendRequestW 00007ffc389234e0 5 bytes JMP 00007ffc38a59675 .text C:\WINDOWS\system32\DllHost.exe[7144] C:\WINDOWS\system32\WININET.dll!InternetCloseHandle 00007ffc38924a50 5 bytes JMP 00007ffc38a596ad .text C:\WINDOWS\system32\DllHost.exe[7144] C:\WINDOWS\system32\WININET.dll!HttpQueryInfoW 00007ffc3892d8e0 5 bytes JMP 00007ffc38a596f3 .text C:\WINDOWS\system32\DllHost.exe[7144] C:\WINDOWS\system32\WININET.dll!InternetReadFileExA 00007ffc3892e5a0 5 bytes JMP 00007ffc38a596c9 .text C:\WINDOWS\system32\DllHost.exe[7144] C:\WINDOWS\system32\WININET.dll!HttpQueryInfoA 00007ffc3892edc0 5 bytes JMP 00007ffc38a596e5 .text C:\WINDOWS\system32\DllHost.exe[7144] C:\WINDOWS\system32\WININET.dll!HttpSendRequestExW 00007ffc3895de20 5 bytes JMP 00007ffc38a59691 .text C:\WINDOWS\system32\DllHost.exe[7144] C:\WINDOWS\system32\WININET.dll!HttpSendRequestA 00007ffc38964d50 5 bytes JMP 00007ffc38a59683 .text C:\WINDOWS\system32\ApplicationFrameHost.exe[5748] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 00007ffc4dfb9e70 5 bytes JMP 00007ffc4e0b60c9 .text C:\WINDOWS\system32\ApplicationFrameHost.exe[5748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateFile 00007ffc4e0558f0 5 bytes JMP 00007ffc4e0b60d7 .text C:\WINDOWS\system32\ApplicationFrameHost.exe[5748] C:\WINDOWS\System32\USER32.dll!PeekMessageA 00007ffc4c37e300 5 bytes JMP 00007ffc4c3fde24 .text C:\WINDOWS\system32\ApplicationFrameHost.exe[5748] C:\WINDOWS\System32\USER32.dll!PeekMessageW 00007ffc4c37e430 5 bytes JMP 00007ffc4c3fde32 .text C:\WINDOWS\system32\ApplicationFrameHost.exe[5748] C:\WINDOWS\System32\USER32.dll!GetMessageA 00007ffc4c37e8b0 5 bytes JMP 00007ffc4c3fde08 .text C:\WINDOWS\system32\ApplicationFrameHost.exe[5748] C:\WINDOWS\System32\USER32.dll!GetMessageW 00007ffc4c384840 5 bytes JMP 00007ffc4c3fde16 .text C:\WINDOWS\system32\ApplicationFrameHost.exe[5748] C:\WINDOWS\System32\USER32.dll!GetClipboardData 00007ffc4c3900d0 5 bytes JMP 00007ffc4c3fde40 .text C:\WINDOWS\system32\ApplicationFrameHost.exe[5748] C:\WINDOWS\System32\CRYPT32.dll!PFXImportCertStore 00007ffc4b271020 5 bytes JMP 00007ffc4b36606a .text C:\WINDOWS\system32\ApplicationFrameHost.exe[5748] C:\WINDOWS\System32\WS2_32.dll!recv 00007ffc4ddcafc0 5 bytes JMP 00007ffc4de03905 .text C:\WINDOWS\system32\ApplicationFrameHost.exe[5748] C:\WINDOWS\System32\WS2_32.dll!closesocket 00007ffc4ddcb720 5 bytes JMP 00007ffc4de038e9 .text C:\WINDOWS\system32\ApplicationFrameHost.exe[5748] C:\WINDOWS\System32\WS2_32.dll!WSASend 00007ffc4ddcb920 5 bytes JMP 00007ffc4de03913 .text C:\WINDOWS\system32\ApplicationFrameHost.exe[5748] C:\WINDOWS\System32\WS2_32.dll!send 00007ffc4ddcc520 5 bytes JMP 00007ffc4de038f7 .text C:\WINDOWS\system32\ApplicationFrameHost.exe[5748] C:\WINDOWS\system32\WININET.dll!HttpSendRequestExA 00007ffc388cd360 5 bytes JMP 00007ffc38a5969f .text C:\WINDOWS\system32\ApplicationFrameHost.exe[5748] C:\WINDOWS\system32\WININET.dll!InternetReadFile 00007ffc388d89f0 5 bytes JMP 00007ffc38a596bb .text C:\WINDOWS\system32\ApplicationFrameHost.exe[5748] C:\WINDOWS\system32\WININET.dll!InternetQueryDataAvailable 00007ffc3891edb0 5 bytes JMP 00007ffc38a596d7 .text C:\WINDOWS\system32\ApplicationFrameHost.exe[5748] C:\WINDOWS\system32\WININET.dll!HttpSendRequestW 00007ffc389234e0 5 bytes JMP 00007ffc38a59675 .text C:\WINDOWS\system32\ApplicationFrameHost.exe[5748] C:\WINDOWS\system32\WININET.dll!InternetCloseHandle 00007ffc38924a50 5 bytes JMP 00007ffc38a596ad .text C:\WINDOWS\system32\ApplicationFrameHost.exe[5748] C:\WINDOWS\system32\WININET.dll!HttpQueryInfoW 00007ffc3892d8e0 5 bytes JMP 00007ffc38a596f3 .text C:\WINDOWS\system32\ApplicationFrameHost.exe[5748] C:\WINDOWS\system32\WININET.dll!InternetReadFileExA 00007ffc3892e5a0 5 bytes JMP 00007ffc38a596c9 .text C:\WINDOWS\system32\ApplicationFrameHost.exe[5748] C:\WINDOWS\system32\WININET.dll!HttpQueryInfoA 00007ffc3892edc0 5 bytes JMP 00007ffc38a596e5 .text C:\WINDOWS\system32\ApplicationFrameHost.exe[5748] C:\WINDOWS\system32\WININET.dll!HttpSendRequestExW 00007ffc3895de20 5 bytes JMP 00007ffc38a59691 .text C:\WINDOWS\system32\ApplicationFrameHost.exe[5748] C:\WINDOWS\system32\WININET.dll!HttpSendRequestA 00007ffc38964d50 5 bytes JMP 00007ffc38a59683 ? C:\WINDOWS\system32\apphelp.dll [2832] entry point in ".rdata" section 00000000693af7c0 ---- User IAT/EAT - GMER 2.2 ---- IAT C:\WINDOWS\system32\dwm.exe[68] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtQueryVolumeInformationFile] [1d914ea93a8] IAT C:\WINDOWS\system32\dwm.exe[68] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtOpenFile] [1d914ea8f20] IAT C:\WINDOWS\system32\dwm.exe[68] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtClose] [1d914ea89e0] IAT C:\WINDOWS\system32\dwm.exe[68] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtQueryInformationFile] [1d914ea92c8] IAT C:\WINDOWS\system32\dwm.exe[68] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtSetInformationFile] [1d914ea9534] IAT C:\WINDOWS\system32\dwm.exe[68] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtCreateFile] [1d914ea8a4c] IAT C:\WINDOWS\system32\dwm.exe[68] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtLockFile] [1d914ea8e2c] IAT C:\WINDOWS\system32\dwm.exe[68] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtUnlockFile] [1d914ea97f4] IAT C:\WINDOWS\system32\dwm.exe[68] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtReadFile] [1d914ea93f0] IAT C:\WINDOWS\system32\dwm.exe[68] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtWriteFile] [1d914ea98a0] IAT C:\WINDOWS\system32\dwm.exe[68] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtQueryDirectoryFile] [1d914ea9124] IAT C:\WINDOWS\system32\dwm.exe[68] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtDeviceIoControlFile] [1d914ea8ce4] IAT C:\WINDOWS\system32\dwm.exe[68] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!ZwClose] [1d914ea89e0] IAT C:\WINDOWS\system32\dwm.exe[68] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!ZwCreateFile] [1d914ea8a4c] IAT C:\WINDOWS\system32\dwm.exe[68] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!ZwQueryInformationFile] [1d914ea92c8] IAT C:\WINDOWS\system32\dwm.exe[68] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtQueryInformationFile] [1d914ea92c8] IAT C:\WINDOWS\system32\dwm.exe[68] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtOpenFile] [1d914ea8f20] IAT C:\WINDOWS\system32\dwm.exe[68] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtSetInformationFile] [1d914ea9534] IAT C:\WINDOWS\system32\dwm.exe[68] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtQueryVolumeInformationFile] [1d914ea93a8] IAT C:\WINDOWS\system32\dwm.exe[68] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtCreateFile] [1d914ea8a4c] IAT C:\WINDOWS\system32\dwm.exe[68] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtQueryDirectoryFile] [1d914ea9124] IAT C:\WINDOWS\system32\dwm.exe[68] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!ZwClose] [1d914ea89e0] IAT C:\WINDOWS\system32\dwm.exe[68] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtDeviceIoControlFile] [1d914ea8ce4] IAT C:\WINDOWS\system32\dwm.exe[68] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtClose] [1d914ea89e0] IAT C:\WINDOWS\system32\dwm.exe[68] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtReadFile] [1d914ea93f0] IAT C:\WINDOWS\system32\dwm.exe[68] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtWriteFile] [1d914ea98a0] IAT C:\WINDOWS\system32\dwm.exe[68] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtLockFile] [1d914ea8e2c] IAT C:\WINDOWS\system32\dwm.exe[68] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtUnlockFile] [1d914ea97f4] IAT C:\WINDOWS\system32\dwm.exe[68] @ C:\WINDOWS\System32\RPCRT4.dll[ntdll.dll!NtQueryVolumeInformationFile] [1d914ea93a8] IAT C:\WINDOWS\system32\dwm.exe[68] @ C:\WINDOWS\System32\RPCRT4.dll[ntdll.dll!NtClose] [1d914ea89e0] IAT C:\WINDOWS\system32\dwm.exe[68] @ C:\WINDOWS\System32\RPCRT4.dll[ntdll.dll!NtWriteFile] [1d914ea98a0] IAT C:\WINDOWS\system32\dwm.exe[68] @ C:\WINDOWS\System32\RPCRT4.dll[ntdll.dll!NtReadFile] [1d914ea93f0] IAT C:\WINDOWS\system32\dwm.exe[68] @ C:\WINDOWS\System32\RPCRT4.dll[ntdll.dll!NtSetInformationFile] [1d914ea9534] IAT C:\WINDOWS\system32\dwm.exe[68] @ C:\WINDOWS\System32\gdi32full.dll[ntdll.dll!NtQueryInformationFile] [1d914ea92c8] IAT C:\WINDOWS\system32\dwm.exe[68] @ C:\WINDOWS\System32\gdi32full.dll[ntdll.dll!NtOpenFile] [1d914ea8f20] IAT C:\WINDOWS\system32\dwm.exe[68] @ C:\WINDOWS\System32\gdi32full.dll[ntdll.dll!NtClose] [1d914ea89e0] IAT C:\WINDOWS\system32\dwm.exe[68] @ C:\WINDOWS\System32\USER32.dll[ntdll.dll!NtClose] [1d914ea89e0] IAT C:\WINDOWS\system32\dwm.exe[68] @ C:\WINDOWS\System32\bcryptPrimitives.dll[ntdll.dll!NtClose] [1d914ea89e0] IAT C:\WINDOWS\system32\dwm.exe[68] @ C:\WINDOWS\System32\bcryptPrimitives.dll[ntdll.dll!NtOpenFile] [1d914ea8f20] IAT C:\WINDOWS\system32\dwm.exe[68] @ C:\WINDOWS\system32\CoreMessaging.dll[ntdll.dll!NtClose] [1d914ea89e0] IAT C:\WINDOWS\system32\dwm.exe[68] @ C:\WINDOWS\system32\uxtheme.dll[ntdll.dll!NtClose] [1d914ea89e0] IAT C:\WINDOWS\system32\dwm.exe[68] @ C:\WINDOWS\System32\shcore.dll[ntdll.dll!NtCreateFile] [1d914ea8a4c] IAT C:\WINDOWS\system32\dwm.exe[68] @ C:\WINDOWS\System32\cfgmgr32.dll[ntdll.dll!NtCreateFile] [1d914ea8a4c] IAT C:\WINDOWS\system32\dwm.exe[68] @ C:\Windows\System32\twinapi.appcore.dll[ntdll.dll!NtClose] [1d914ea89e0] IAT C:\WINDOWS\system32\dwm.exe[68] @ C:\WINDOWS\System32\CRYPT32.dll[ntdll.dll!NtQueryInformationFile] [1d914ea92c8] IAT C:\WINDOWS\system32\dwm.exe[68] @ C:\WINDOWS\system32\Cabinet.dll[ntdll.dll!NtClose] [1d914ea89e0] IAT C:\WINDOWS\system32\dwm.exe[68] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtClose] [1d914ea89e0] IAT C:\WINDOWS\system32\dwm.exe[68] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtCreateFile] [1d914ea8a4c] IAT C:\WINDOWS\system32\dwm.exe[68] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtQueryInformationFile] [1d914ea92c8] IAT C:\WINDOWS\system32\dwm.exe[68] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtQueryDirectoryFile] [1d914ea9124] IAT C:\WINDOWS\system32\dwm.exe[68] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtQueryVolumeInformationFile] [1d914ea93a8] IAT C:\WINDOWS\system32\dwm.exe[68] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtOpenFile] [1d914ea8f20] IAT C:\WINDOWS\system32\dwm.exe[68] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtSetInformationFile] [1d914ea9534] IAT C:\Windows\System32\WUDFHost.exe[1140] @ C:\Windows\System32\WUDFHost.exe[ntdll.dll!NtSetInformationFile] [1b31f2a9534] IAT C:\Windows\System32\WUDFHost.exe[1140] @ C:\Windows\System32\WUDFHost.exe[ntdll.dll!NtQueryInformationFile] [1b31f2a92c8] IAT C:\Windows\System32\WUDFHost.exe[1140] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtQueryVolumeInformationFile] [1b31f2a93a8] IAT C:\Windows\System32\WUDFHost.exe[1140] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtOpenFile] [1b31f2a8f20] IAT C:\Windows\System32\WUDFHost.exe[1140] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtClose] [1b31f2a89e0] IAT C:\Windows\System32\WUDFHost.exe[1140] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtQueryInformationFile] [1b31f2a92c8] IAT C:\Windows\System32\WUDFHost.exe[1140] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtSetInformationFile] [1b31f2a9534] IAT C:\Windows\System32\WUDFHost.exe[1140] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtCreateFile] [1b31f2a8a4c] IAT C:\Windows\System32\WUDFHost.exe[1140] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtLockFile] [1b31f2a8e2c] IAT C:\Windows\System32\WUDFHost.exe[1140] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtUnlockFile] [1b31f2a97f4] IAT C:\Windows\System32\WUDFHost.exe[1140] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtReadFile] [1b31f2a93f0] IAT C:\Windows\System32\WUDFHost.exe[1140] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtWriteFile] [1b31f2a98a0] IAT C:\Windows\System32\WUDFHost.exe[1140] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtQueryDirectoryFile] [1b31f2a9124] IAT C:\Windows\System32\WUDFHost.exe[1140] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtDeviceIoControlFile] [1b31f2a8ce4] IAT C:\Windows\System32\WUDFHost.exe[1140] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!ZwClose] [1b31f2a89e0] IAT C:\Windows\System32\WUDFHost.exe[1140] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!ZwCreateFile] [1b31f2a8a4c] IAT C:\Windows\System32\WUDFHost.exe[1140] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!ZwQueryInformationFile] [1b31f2a92c8] IAT C:\Windows\System32\WUDFHost.exe[1140] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtQueryInformationFile] [1b31f2a92c8] IAT C:\Windows\System32\WUDFHost.exe[1140] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtOpenFile] [1b31f2a8f20] IAT C:\Windows\System32\WUDFHost.exe[1140] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtSetInformationFile] [1b31f2a9534] IAT C:\Windows\System32\WUDFHost.exe[1140] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtQueryVolumeInformationFile] [1b31f2a93a8] IAT C:\Windows\System32\WUDFHost.exe[1140] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtCreateFile] [1b31f2a8a4c] IAT C:\Windows\System32\WUDFHost.exe[1140] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtQueryDirectoryFile] [1b31f2a9124] IAT C:\Windows\System32\WUDFHost.exe[1140] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!ZwClose] [1b31f2a89e0] IAT C:\Windows\System32\WUDFHost.exe[1140] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtDeviceIoControlFile] [1b31f2a8ce4] IAT C:\Windows\System32\WUDFHost.exe[1140] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtClose] [1b31f2a89e0] IAT C:\Windows\System32\WUDFHost.exe[1140] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtReadFile] [1b31f2a93f0] IAT C:\Windows\System32\WUDFHost.exe[1140] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtWriteFile] [1b31f2a98a0] IAT C:\Windows\System32\WUDFHost.exe[1140] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtLockFile] [1b31f2a8e2c] IAT C:\Windows\System32\WUDFHost.exe[1140] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtUnlockFile] [1b31f2a97f4] IAT C:\Windows\System32\WUDFHost.exe[1140] @ C:\WINDOWS\System32\RPCRT4.dll[ntdll.dll!NtQueryVolumeInformationFile] [1b31f2a93a8] IAT C:\Windows\System32\WUDFHost.exe[1140] @ C:\WINDOWS\System32\RPCRT4.dll[ntdll.dll!NtClose] [1b31f2a89e0] IAT C:\Windows\System32\WUDFHost.exe[1140] @ C:\WINDOWS\System32\RPCRT4.dll[ntdll.dll!NtWriteFile] [1b31f2a98a0] IAT C:\Windows\System32\WUDFHost.exe[1140] @ C:\WINDOWS\System32\RPCRT4.dll[ntdll.dll!NtReadFile] [1b31f2a93f0] IAT C:\Windows\System32\WUDFHost.exe[1140] @ C:\WINDOWS\System32\RPCRT4.dll[ntdll.dll!NtSetInformationFile] [1b31f2a9534] IAT C:\Windows\System32\WUDFHost.exe[1140] @ C:\WINDOWS\System32\bcryptPrimitives.dll[ntdll.dll!NtClose] [1b31f2a89e0] IAT C:\Windows\System32\WUDFHost.exe[1140] @ C:\WINDOWS\System32\bcryptPrimitives.dll[ntdll.dll!NtOpenFile] [1b31f2a8f20] IAT C:\Windows\System32\WUDFHost.exe[1140] @ C:\WINDOWS\SYSTEM32\WUDFPlatform.dll[ntdll.dll!NtDeviceIoControlFile] [1b31f2a8ce4] IAT C:\Windows\System32\WUDFHost.exe[1140] @ C:\WINDOWS\System32\USER32.dll[ntdll.dll!NtClose] [1b31f2a89e0] IAT C:\Windows\System32\WUDFHost.exe[1140] @ C:\WINDOWS\System32\POWRPROF.dll[ntdll.dll!ZwClose] [1b31f2a89e0] IAT C:\Windows\System32\WUDFHost.exe[1140] @ C:\WINDOWS\System32\POWRPROF.dll[ntdll.dll!NtCreateFile] [1b31f2a8a4c] IAT C:\Windows\System32\WUDFHost.exe[1140] @ C:\WINDOWS\System32\POWRPROF.dll[ntdll.dll!NtQueryVolumeInformationFile] [1b31f2a93a8] IAT C:\Windows\System32\WUDFHost.exe[1140] @ C:\WINDOWS\System32\POWRPROF.dll[ntdll.dll!NtClose] [1b31f2a89e0] IAT C:\Windows\System32\WUDFHost.exe[1140] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtClose] [1b31f2a89e0] IAT C:\Windows\System32\WUDFHost.exe[1140] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtCreateFile] [1b31f2a8a4c] IAT C:\Windows\System32\WUDFHost.exe[1140] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtQueryInformationFile] [1b31f2a92c8] IAT C:\Windows\System32\WUDFHost.exe[1140] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtQueryDirectoryFile] [1b31f2a9124] IAT C:\Windows\System32\WUDFHost.exe[1140] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtQueryVolumeInformationFile] [1b31f2a93a8] IAT C:\Windows\System32\WUDFHost.exe[1140] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtOpenFile] [1b31f2a8f20] IAT C:\Windows\System32\WUDFHost.exe[1140] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtSetInformationFile] [1b31f2a9534] IAT C:\Windows\System32\WUDFHost.exe[1140] @ C:\WINDOWS\System32\shcore.dll[ntdll.dll!NtCreateFile] [1b31f2a8a4c] IAT C:\Windows\System32\WUDFHost.exe[1140] @ C:\WINDOWS\System32\CRYPT32.dll[ntdll.dll!NtQueryInformationFile] [1b31f2a92c8] IAT C:\Windows\System32\WUDFHost.exe[1140] @ C:\Windows\System32\WININET.dll[ntdll.dll!NtSetInformationFile] [1b31f2a9534] IAT C:\Windows\System32\WUDFHost.exe[1140] @ C:\Windows\System32\WININET.dll[ntdll.dll!NtClose] [1b31f2a89e0] IAT C:\Windows\System32\WUDFHost.exe[1140] @ C:\Windows\System32\WININET.dll[ntdll.dll!NtQueryVolumeInformationFile] [1b31f2a93a8] IAT C:\Windows\System32\WUDFHost.exe[1140] @ C:\Windows\System32\WININET.dll[ntdll.dll!NtCreateFile] [1b31f2a8a4c] IAT C:\WINDOWS\system32\igfxCUIService.exe[1408] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtQueryVolumeInformationFile] [25133f493a8] IAT C:\WINDOWS\system32\igfxCUIService.exe[1408] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtOpenFile] [25133f48f20] IAT C:\WINDOWS\system32\igfxCUIService.exe[1408] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtClose] [25133f489e0] IAT C:\WINDOWS\system32\igfxCUIService.exe[1408] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtQueryInformationFile] [25133f492c8] IAT C:\WINDOWS\system32\igfxCUIService.exe[1408] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtSetInformationFile] [25133f49534] IAT C:\WINDOWS\system32\igfxCUIService.exe[1408] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtQueryInformationFile] [25133f492c8] IAT C:\WINDOWS\system32\igfxCUIService.exe[1408] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtOpenFile] [25133f48f20] IAT C:\WINDOWS\system32\igfxCUIService.exe[1408] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtSetInformationFile] [25133f49534] IAT C:\WINDOWS\system32\igfxCUIService.exe[1408] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtQueryVolumeInformationFile] [25133f493a8] IAT C:\WINDOWS\system32\igfxCUIService.exe[1408] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtCreateFile] [25133f48a4c] IAT C:\WINDOWS\system32\igfxCUIService.exe[1408] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtQueryDirectoryFile] [25133f49124] IAT C:\WINDOWS\system32\igfxCUIService.exe[1408] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!ZwClose] [25133f489e0] IAT C:\WINDOWS\system32\igfxCUIService.exe[1408] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtDeviceIoControlFile] [25133f48ce4] IAT C:\WINDOWS\system32\igfxCUIService.exe[1408] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtClose] [25133f489e0] IAT C:\WINDOWS\system32\igfxCUIService.exe[1408] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtReadFile] [25133f493f0] IAT C:\WINDOWS\system32\igfxCUIService.exe[1408] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtWriteFile] [25133f498a0] IAT C:\WINDOWS\system32\igfxCUIService.exe[1408] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtLockFile] [25133f48e2c] IAT C:\WINDOWS\system32\igfxCUIService.exe[1408] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtUnlockFile] [25133f497f4] IAT C:\WINDOWS\system32\igfxCUIService.exe[1408] @ C:\WINDOWS\System32\gdi32full.dll[ntdll.dll!NtQueryInformationFile] [25133f492c8] IAT C:\WINDOWS\system32\igfxCUIService.exe[1408] @ C:\WINDOWS\System32\gdi32full.dll[ntdll.dll!NtOpenFile] [25133f48f20] IAT C:\WINDOWS\system32\igfxCUIService.exe[1408] @ C:\WINDOWS\System32\gdi32full.dll[ntdll.dll!NtClose] [25133f489e0] IAT C:\WINDOWS\system32\igfxCUIService.exe[1408] @ C:\WINDOWS\System32\RPCRT4.dll[ntdll.dll!NtQueryVolumeInformationFile] [25133f493a8] IAT C:\WINDOWS\system32\igfxCUIService.exe[1408] @ C:\WINDOWS\System32\RPCRT4.dll[ntdll.dll!NtClose] [25133f489e0] IAT C:\WINDOWS\system32\igfxCUIService.exe[1408] @ C:\WINDOWS\System32\RPCRT4.dll[ntdll.dll!NtWriteFile] [25133f498a0] IAT C:\WINDOWS\system32\igfxCUIService.exe[1408] @ C:\WINDOWS\System32\RPCRT4.dll[ntdll.dll!NtReadFile] [25133f493f0] IAT C:\WINDOWS\system32\igfxCUIService.exe[1408] @ C:\WINDOWS\System32\RPCRT4.dll[ntdll.dll!NtSetInformationFile] [25133f49534] IAT C:\WINDOWS\system32\igfxCUIService.exe[1408] @ C:\WINDOWS\System32\SETUPAPI.dll[ntdll.dll!NtQueryInformationFile] [25133f492c8] IAT C:\WINDOWS\system32\igfxCUIService.exe[1408] @ C:\WINDOWS\System32\SETUPAPI.dll[ntdll.dll!NtSetInformationFile] [25133f49534] IAT C:\WINDOWS\system32\igfxCUIService.exe[1408] @ C:\WINDOWS\System32\SETUPAPI.dll[ntdll.dll!NtClose] [25133f489e0] IAT C:\WINDOWS\system32\igfxCUIService.exe[1408] @ C:\WINDOWS\System32\CRYPT32.dll[ntdll.dll!NtQueryInformationFile] [25133f492c8] IAT C:\WINDOWS\system32\igfxCUIService.exe[1408] @ C:\WINDOWS\system32\WININET.dll[ntdll.dll!NtSetInformationFile] [25133f49534] IAT C:\WINDOWS\system32\igfxCUIService.exe[1408] @ C:\WINDOWS\system32\WININET.dll[ntdll.dll!NtClose] [25133f489e0] IAT C:\WINDOWS\system32\igfxCUIService.exe[1408] @ C:\WINDOWS\system32\WININET.dll[ntdll.dll!NtQueryVolumeInformationFile] [25133f493a8] IAT C:\WINDOWS\system32\igfxCUIService.exe[1408] @ C:\WINDOWS\system32\WININET.dll[ntdll.dll!NtCreateFile] [25133f48a4c] IAT C:\WINDOWS\system32\igfxCUIService.exe[1408] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtClose] [25133f489e0] IAT C:\WINDOWS\system32\igfxCUIService.exe[1408] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtCreateFile] [25133f48a4c] IAT C:\WINDOWS\system32\igfxCUIService.exe[1408] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtQueryInformationFile] [25133f492c8] IAT C:\WINDOWS\system32\igfxCUIService.exe[1408] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtQueryDirectoryFile] [25133f49124] IAT C:\WINDOWS\system32\igfxCUIService.exe[1408] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtQueryVolumeInformationFile] [25133f493a8] IAT C:\WINDOWS\system32\igfxCUIService.exe[1408] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtOpenFile] [25133f48f20] IAT C:\WINDOWS\system32\igfxCUIService.exe[1408] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtSetInformationFile] [25133f49534] IAT C:\WINDOWS\system32\igfxCUIService.exe[1408] @ C:\WINDOWS\System32\shcore.dll[ntdll.dll!NtCreateFile] [25133f48a4c] IAT C:\WINDOWS\System32\spoolsv.exe[1800] @ C:\WINDOWS\System32\spoolsv.exe[ntdll.dll!NtClose] [1eb89e0] IAT C:\WINDOWS\System32\spoolsv.exe[1800] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtQueryVolumeInformationFile] [1eb93a8] IAT C:\WINDOWS\System32\spoolsv.exe[1800] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtOpenFile] [1eb8f20] IAT C:\WINDOWS\System32\spoolsv.exe[1800] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtClose] [1eb89e0] IAT C:\WINDOWS\System32\spoolsv.exe[1800] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtQueryInformationFile] [1eb92c8] IAT C:\WINDOWS\System32\spoolsv.exe[1800] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtSetInformationFile] [1eb9534] IAT C:\WINDOWS\System32\spoolsv.exe[1800] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtCreateFile] [1eb8a4c] IAT C:\WINDOWS\System32\spoolsv.exe[1800] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtLockFile] [1eb8e2c] IAT C:\WINDOWS\System32\spoolsv.exe[1800] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtUnlockFile] [1eb97f4] IAT C:\WINDOWS\System32\spoolsv.exe[1800] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtReadFile] [1eb93f0] IAT C:\WINDOWS\System32\spoolsv.exe[1800] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtWriteFile] [1eb98a0] IAT C:\WINDOWS\System32\spoolsv.exe[1800] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtQueryDirectoryFile] [1eb9124] IAT C:\WINDOWS\System32\spoolsv.exe[1800] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtDeviceIoControlFile] [1eb8ce4] IAT C:\WINDOWS\System32\spoolsv.exe[1800] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!ZwClose] [1eb89e0] IAT C:\WINDOWS\System32\spoolsv.exe[1800] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!ZwCreateFile] [1eb8a4c] IAT C:\WINDOWS\System32\spoolsv.exe[1800] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!ZwQueryInformationFile] [1eb92c8] IAT C:\WINDOWS\System32\spoolsv.exe[1800] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtQueryInformationFile] [1eb92c8] IAT C:\WINDOWS\System32\spoolsv.exe[1800] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtOpenFile] [1eb8f20] IAT C:\WINDOWS\System32\spoolsv.exe[1800] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtSetInformationFile] [1eb9534] IAT C:\WINDOWS\System32\spoolsv.exe[1800] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtQueryVolumeInformationFile] [1eb93a8] IAT C:\WINDOWS\System32\spoolsv.exe[1800] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtCreateFile] [1eb8a4c] IAT C:\WINDOWS\System32\spoolsv.exe[1800] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtQueryDirectoryFile] [1eb9124] IAT C:\WINDOWS\System32\spoolsv.exe[1800] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!ZwClose] [1eb89e0] IAT C:\WINDOWS\System32\spoolsv.exe[1800] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtDeviceIoControlFile] [1eb8ce4] IAT C:\WINDOWS\System32\spoolsv.exe[1800] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtClose] [1eb89e0] IAT C:\WINDOWS\System32\spoolsv.exe[1800] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtReadFile] [1eb93f0] IAT C:\WINDOWS\System32\spoolsv.exe[1800] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtWriteFile] [1eb98a0] IAT C:\WINDOWS\System32\spoolsv.exe[1800] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtLockFile] [1eb8e2c] IAT C:\WINDOWS\System32\spoolsv.exe[1800] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtUnlockFile] [1eb97f4] IAT C:\WINDOWS\System32\spoolsv.exe[1800] @ C:\WINDOWS\System32\USER32.dll[ntdll.dll!NtClose] [1eb89e0] IAT C:\WINDOWS\System32\spoolsv.exe[1800] @ C:\WINDOWS\System32\gdi32full.dll[ntdll.dll!NtQueryInformationFile] [1eb92c8] IAT C:\WINDOWS\System32\spoolsv.exe[1800] @ C:\WINDOWS\System32\gdi32full.dll[ntdll.dll!NtOpenFile] [1eb8f20] IAT C:\WINDOWS\System32\spoolsv.exe[1800] @ C:\WINDOWS\System32\gdi32full.dll[ntdll.dll!NtClose] [1eb89e0] IAT C:\WINDOWS\System32\spoolsv.exe[1800] @ C:\WINDOWS\System32\sechost.dll[ntdll.dll!NtClose] [1eb89e0] IAT C:\WINDOWS\System32\spoolsv.exe[1800] @ C:\WINDOWS\System32\sechost.dll[ntdll.dll!NtQueryInformationFile] [1eb92c8] IAT C:\WINDOWS\System32\spoolsv.exe[1800] @ C:\WINDOWS\System32\RPCRT4.dll[ntdll.dll!NtQueryVolumeInformationFile] [1eb93a8] IAT C:\WINDOWS\System32\spoolsv.exe[1800] @ C:\WINDOWS\System32\RPCRT4.dll[ntdll.dll!NtClose] [1eb89e0] IAT C:\WINDOWS\System32\spoolsv.exe[1800] @ C:\WINDOWS\System32\RPCRT4.dll[ntdll.dll!NtWriteFile] [1eb98a0] IAT C:\WINDOWS\System32\spoolsv.exe[1800] @ C:\WINDOWS\System32\RPCRT4.dll[ntdll.dll!NtReadFile] [1eb93f0] IAT C:\WINDOWS\System32\spoolsv.exe[1800] @ C:\WINDOWS\System32\RPCRT4.dll[ntdll.dll!NtSetInformationFile] [1eb9534] IAT C:\WINDOWS\System32\spoolsv.exe[1800] @ C:\WINDOWS\System32\DNSAPI.dll[ntdll.dll!NtDeviceIoControlFile] [1eb8ce4] IAT C:\WINDOWS\System32\spoolsv.exe[1800] @ C:\WINDOWS\System32\DNSAPI.dll[ntdll.dll!NtCreateFile] [1eb8a4c] IAT C:\WINDOWS\System32\spoolsv.exe[1800] @ C:\WINDOWS\System32\WS2_32.dll[ntdll.dll!NtCreateFile] [1eb8a4c] IAT C:\WINDOWS\System32\spoolsv.exe[1800] @ C:\WINDOWS\System32\WS2_32.dll[ntdll.dll!NtClose] [1eb89e0] IAT C:\WINDOWS\System32\spoolsv.exe[1800] @ C:\WINDOWS\System32\WS2_32.dll[ntdll.dll!NtDeviceIoControlFile] [1eb8ce4] IAT C:\WINDOWS\System32\spoolsv.exe[1800] @ C:\WINDOWS\System32\WS2_32.dll[ntdll.dll!NtQueryDirectoryFile] [1eb9124] IAT C:\WINDOWS\System32\spoolsv.exe[1800] @ C:\WINDOWS\System32\WS2_32.dll[ntdll.dll!NtOpenFile] [1eb8f20] IAT C:\WINDOWS\System32\spoolsv.exe[1800] @ C:\WINDOWS\System32\bcryptPrimitives.dll[ntdll.dll!NtClose] [1eb89e0] IAT C:\WINDOWS\System32\spoolsv.exe[1800] @ C:\WINDOWS\System32\bcryptPrimitives.dll[ntdll.dll!NtOpenFile] [1eb8f20] IAT C:\WINDOWS\System32\spoolsv.exe[1800] @ C:\WINDOWS\System32\powrprof.dll[ntdll.dll!ZwClose] [1eb89e0] IAT C:\WINDOWS\System32\spoolsv.exe[1800] @ C:\WINDOWS\System32\powrprof.dll[ntdll.dll!NtCreateFile] [1eb8a4c] IAT C:\WINDOWS\System32\spoolsv.exe[1800] @ C:\WINDOWS\System32\powrprof.dll[ntdll.dll!NtQueryVolumeInformationFile] [1eb93a8] IAT C:\WINDOWS\System32\spoolsv.exe[1800] @ C:\WINDOWS\System32\powrprof.dll[ntdll.dll!NtClose] [1eb89e0] IAT C:\WINDOWS\System32\spoolsv.exe[1800] @ C:\WINDOWS\system32\mswsock.dll[ntdll.dll!NtQueryInformationFile] [1eb92c8] IAT C:\WINDOWS\System32\spoolsv.exe[1800] @ C:\WINDOWS\system32\mswsock.dll[ntdll.dll!NtDeviceIoControlFile] [1eb8ce4] IAT C:\WINDOWS\System32\spoolsv.exe[1800] @ C:\WINDOWS\system32\mswsock.dll[ntdll.dll!NtClose] [1eb89e0] IAT C:\WINDOWS\System32\spoolsv.exe[1800] @ C:\WINDOWS\system32\mswsock.dll[ntdll.dll!NtSetInformationFile] [1eb9534] IAT C:\WINDOWS\System32\spoolsv.exe[1800] @ C:\WINDOWS\system32\mswsock.dll[ntdll.dll!NtCreateFile] [1eb8a4c] IAT C:\WINDOWS\System32\spoolsv.exe[1800] @ C:\WINDOWS\system32\mswsock.dll[ntdll.dll!NtReadFile] [1eb93f0] IAT C:\WINDOWS\System32\spoolsv.exe[1800] @ C:\WINDOWS\System32\WINSTA.dll[ntdll.dll!NtClose] [1eb89e0] IAT C:\WINDOWS\System32\spoolsv.exe[1800] @ C:\WINDOWS\System32\localspl.dll[ntdll.dll!NtClose] [1eb89e0] IAT C:\WINDOWS\System32\spoolsv.exe[1800] @ C:\WINDOWS\System32\CRYPT32.dll[ntdll.dll!NtQueryInformationFile] [1eb92c8] IAT C:\WINDOWS\System32\spoolsv.exe[1800] @ C:\WINDOWS\System32\cfgmgr32.dll[ntdll.dll!NtCreateFile] [1eb8a4c] IAT C:\WINDOWS\System32\spoolsv.exe[1800] @ C:\WINDOWS\System32\SETUPAPI.dll[ntdll.dll!NtQueryInformationFile] [1eb92c8] IAT C:\WINDOWS\System32\spoolsv.exe[1800] @ C:\WINDOWS\System32\SETUPAPI.dll[ntdll.dll!NtSetInformationFile] [1eb9534] IAT C:\WINDOWS\System32\spoolsv.exe[1800] @ C:\WINDOWS\System32\SETUPAPI.dll[ntdll.dll!NtClose] [1eb89e0] IAT C:\WINDOWS\System32\spoolsv.exe[1800] @ C:\WINDOWS\System32\sfc_os.dll[ntdll.dll!NtClose] [1eb89e0] IAT C:\WINDOWS\System32\spoolsv.exe[1800] @ C:\WINDOWS\System32\sfc_os.dll[ntdll.dll!NtQueryInformationFile] [1eb92c8] IAT C:\WINDOWS\System32\spoolsv.exe[1800] @ C:\WINDOWS\System32\sfc_os.dll[ntdll.dll!ZwQueryInformationFile] [1eb92c8] IAT C:\WINDOWS\System32\spoolsv.exe[1800] @ C:\WINDOWS\System32\sfc_os.dll[ntdll.dll!NtReadFile] [1eb93f0] IAT C:\WINDOWS\System32\spoolsv.exe[1800] @ C:\WINDOWS\System32\sfc_os.dll[ntdll.dll!NtOpenFile] [1eb8f20] IAT C:\WINDOWS\System32\spoolsv.exe[1800] @ C:\WINDOWS\System32\sfc_os.dll[ntdll.dll!NtQueryDirectoryFile] [1eb9124] IAT C:\WINDOWS\System32\spoolsv.exe[1800] @ C:\WINDOWS\System32\sfc_os.dll[ntdll.dll!ZwClose] [1eb89e0] IAT C:\WINDOWS\System32\spoolsv.exe[1800] @ C:\WINDOWS\System32\Secur32.dll[ntdll.dll!NtClose] [1eb89e0] IAT C:\WINDOWS\System32\spoolsv.exe[1800] @ C:\WINDOWS\System32\wshirda.dll[ntdll.dll!NtCreateFile] [1eb8a4c] IAT C:\WINDOWS\System32\spoolsv.exe[1800] @ C:\WINDOWS\System32\wshirda.dll[ntdll.dll!NtClose] [1eb89e0] IAT C:\WINDOWS\System32\spoolsv.exe[1800] @ C:\WINDOWS\System32\wshirda.dll[ntdll.dll!NtDeviceIoControlFile] [1eb8ce4] IAT C:\WINDOWS\System32\spoolsv.exe[1800] @ C:\WINDOWS\System32\SHLWAPI.dll[ntdll.dll!NtClose] [1eb89e0] IAT C:\WINDOWS\System32\spoolsv.exe[1800] @ C:\WINDOWS\System32\netutils.dll[ntdll.dll!NtClose] [1eb89e0] IAT C:\WINDOWS\System32\spoolsv.exe[1800] @ C:\WINDOWS\System32\netutils.dll[ntdll.dll!NtCreateFile] [1eb8a4c] IAT C:\WINDOWS\System32\spoolsv.exe[1800] @ C:\WINDOWS\System32\WINHTTP.dll[ntdll.dll!NtOpenFile] [1eb8f20] IAT C:\WINDOWS\System32\spoolsv.exe[1800] @ C:\WINDOWS\System32\drvstore.dll[ntdll.dll!NtSetInformationFile] [1eb9534] IAT C:\WINDOWS\System32\spoolsv.exe[1800] @ C:\WINDOWS\System32\drvstore.dll[ntdll.dll!NtCreateFile] [1eb8a4c] IAT C:\WINDOWS\System32\spoolsv.exe[1800] @ C:\WINDOWS\System32\drvstore.dll[ntdll.dll!NtQueryInformationFile] [1eb92c8] IAT C:\WINDOWS\System32\spoolsv.exe[1800] @ C:\WINDOWS\System32\drvstore.dll[ntdll.dll!NtClose] [1eb89e0] IAT C:\WINDOWS\System32\spoolsv.exe[1800] @ C:\WINDOWS\System32\win32spl.dll[ntdll.dll!NtClose] [1eb89e0] IAT C:\WINDOWS\System32\spoolsv.exe[1800] @ C:\WINDOWS\System32\win32spl.dll[ntdll.dll!NtCreateFile] [1eb8a4c] IAT C:\WINDOWS\System32\spoolsv.exe[1800] @ C:\WINDOWS\system32\rsaenh.dll[ntdll.dll!NtClose] [1eb89e0] IAT C:\WINDOWS\System32\spoolsv.exe[1800] @ C:\WINDOWS\system32\rsaenh.dll[ntdll.dll!NtCreateFile] [1eb8a4c] IAT C:\WINDOWS\System32\spoolsv.exe[1800] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtClose] [1eb89e0] IAT C:\WINDOWS\System32\spoolsv.exe[1800] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtCreateFile] [1eb8a4c] IAT C:\WINDOWS\System32\spoolsv.exe[1800] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtQueryInformationFile] [1eb92c8] IAT C:\WINDOWS\System32\spoolsv.exe[1800] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtQueryDirectoryFile] [1eb9124] IAT C:\WINDOWS\System32\spoolsv.exe[1800] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtQueryVolumeInformationFile] [1eb93a8] IAT C:\WINDOWS\System32\spoolsv.exe[1800] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtOpenFile] [1eb8f20] IAT C:\WINDOWS\System32\spoolsv.exe[1800] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtSetInformationFile] [1eb9534] IAT C:\WINDOWS\System32\spoolsv.exe[1800] @ C:\WINDOWS\System32\shcore.dll[ntdll.dll!NtCreateFile] [1eb8a4c] IAT C:\WINDOWS\System32\spoolsv.exe[1800] @ C:\WINDOWS\System32\WININET.dll[ntdll.dll!NtSetInformationFile] [1eb9534] IAT C:\WINDOWS\System32\spoolsv.exe[1800] @ C:\WINDOWS\System32\WININET.dll[ntdll.dll!NtClose] [1eb89e0] IAT C:\WINDOWS\System32\spoolsv.exe[1800] @ C:\WINDOWS\System32\WININET.dll[ntdll.dll!NtQueryVolumeInformationFile] [1eb93a8] IAT C:\WINDOWS\System32\spoolsv.exe[1800] @ C:\WINDOWS\System32\WININET.dll[ntdll.dll!NtCreateFile] [1eb8a4c] IAT C:\WINDOWS\system32\dashost.exe[1964] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtQueryVolumeInformationFile] [244a73193a8] IAT C:\WINDOWS\system32\dashost.exe[1964] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtOpenFile] [244a7318f20] IAT C:\WINDOWS\system32\dashost.exe[1964] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtClose] [244a73189e0] IAT C:\WINDOWS\system32\dashost.exe[1964] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtQueryInformationFile] [244a73192c8] IAT C:\WINDOWS\system32\dashost.exe[1964] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtSetInformationFile] [244a7319534] IAT C:\WINDOWS\system32\dashost.exe[1964] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtQueryInformationFile] [244a73192c8] IAT C:\WINDOWS\system32\dashost.exe[1964] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtOpenFile] [244a7318f20] IAT C:\WINDOWS\system32\dashost.exe[1964] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtSetInformationFile] [244a7319534] IAT C:\WINDOWS\system32\dashost.exe[1964] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtQueryVolumeInformationFile] [244a73193a8] IAT C:\WINDOWS\system32\dashost.exe[1964] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtCreateFile] [244a7318a4c] IAT C:\WINDOWS\system32\dashost.exe[1964] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtQueryDirectoryFile] [244a7319124] IAT C:\WINDOWS\system32\dashost.exe[1964] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!ZwClose] [244a73189e0] IAT C:\WINDOWS\system32\dashost.exe[1964] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtDeviceIoControlFile] [244a7318ce4] IAT C:\WINDOWS\system32\dashost.exe[1964] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtClose] [244a73189e0] IAT C:\WINDOWS\system32\dashost.exe[1964] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtReadFile] [244a73193f0] IAT C:\WINDOWS\system32\dashost.exe[1964] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtWriteFile] [244a73198a0] IAT C:\WINDOWS\system32\dashost.exe[1964] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtLockFile] [244a7318e2c] IAT C:\WINDOWS\system32\dashost.exe[1964] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtUnlockFile] [244a73197f4] IAT C:\WINDOWS\system32\dashost.exe[1964] @ C:\WINDOWS\System32\RPCRT4.dll[ntdll.dll!NtQueryVolumeInformationFile] [244a73193a8] IAT C:\WINDOWS\system32\dashost.exe[1964] @ C:\WINDOWS\System32\RPCRT4.dll[ntdll.dll!NtClose] [244a73189e0] IAT C:\WINDOWS\system32\dashost.exe[1964] @ C:\WINDOWS\System32\RPCRT4.dll[ntdll.dll!NtWriteFile] [244a73198a0] IAT C:\WINDOWS\system32\dashost.exe[1964] @ C:\WINDOWS\System32\RPCRT4.dll[ntdll.dll!NtReadFile] [244a73193f0] IAT C:\WINDOWS\system32\dashost.exe[1964] @ C:\WINDOWS\System32\RPCRT4.dll[ntdll.dll!NtSetInformationFile] [244a7319534] IAT C:\WINDOWS\system32\dashost.exe[1964] @ C:\WINDOWS\System32\WS2_32.dll[ntdll.dll!NtCreateFile] [244a7318a4c] IAT C:\WINDOWS\system32\dashost.exe[1964] @ C:\WINDOWS\System32\WS2_32.dll[ntdll.dll!NtClose] [244a73189e0] IAT C:\WINDOWS\system32\dashost.exe[1964] @ C:\WINDOWS\System32\WS2_32.dll[ntdll.dll!NtDeviceIoControlFile] [244a7318ce4] IAT C:\WINDOWS\system32\dashost.exe[1964] @ C:\WINDOWS\System32\WS2_32.dll[ntdll.dll!NtQueryDirectoryFile] [244a7319124] IAT C:\WINDOWS\system32\dashost.exe[1964] @ C:\WINDOWS\System32\WS2_32.dll[ntdll.dll!NtOpenFile] [244a7318f20] IAT C:\WINDOWS\system32\dashost.exe[1964] @ C:\WINDOWS\system32\IPHLPAPI.DLL[ntdll.dll!NtClose] [244a73189e0] IAT C:\WINDOWS\system32\dashost.exe[1964] @ C:\WINDOWS\system32\IPHLPAPI.DLL[ntdll.dll!NtDeviceIoControlFile] [244a7318ce4] IAT C:\WINDOWS\system32\dashost.exe[1964] @ C:\WINDOWS\system32\IPHLPAPI.DLL[ntdll.dll!NtCreateFile] [244a7318a4c] IAT C:\WINDOWS\system32\dashost.exe[1964] @ C:\WINDOWS\system32\IPHLPAPI.DLL[ntdll.dll!ZwClose] [244a73189e0] IAT C:\WINDOWS\system32\dashost.exe[1964] @ C:\WINDOWS\system32\IPHLPAPI.DLL[ntdll.dll!ZwCreateFile] [244a7318a4c] IAT C:\WINDOWS\system32\dashost.exe[1964] @ C:\WINDOWS\system32\IPHLPAPI.DLL[ntdll.dll!ZwDeviceIoControlFile] [244a7318ce4] IAT C:\WINDOWS\system32\dashost.exe[1964] @ C:\WINDOWS\System32\NSI.dll[ntdll.dll!NtDeviceIoControlFile] [244a7318ce4] IAT C:\WINDOWS\system32\dashost.exe[1964] @ C:\WINDOWS\system32\fwbase.dll[ntdll.dll!NtClose] [244a73189e0] IAT C:\WINDOWS\system32\dashost.exe[1964] @ C:\WINDOWS\System32\CRYPT32.dll[ntdll.dll!NtQueryInformationFile] [244a73192c8] IAT C:\WINDOWS\system32\dashost.exe[1964] @ C:\WINDOWS\system32\mswsock.dll[ntdll.dll!NtQueryInformationFile] [244a73192c8] IAT C:\WINDOWS\system32\dashost.exe[1964] @ C:\WINDOWS\system32\mswsock.dll[ntdll.dll!NtDeviceIoControlFile] [244a7318ce4] IAT C:\WINDOWS\system32\dashost.exe[1964] @ C:\WINDOWS\system32\mswsock.dll[ntdll.dll!NtClose] [244a73189e0] IAT C:\WINDOWS\system32\dashost.exe[1964] @ C:\WINDOWS\system32\mswsock.dll[ntdll.dll!NtSetInformationFile] [244a7319534] IAT C:\WINDOWS\system32\dashost.exe[1964] @ C:\WINDOWS\system32\mswsock.dll[ntdll.dll!NtCreateFile] [244a7318a4c] IAT C:\WINDOWS\system32\dashost.exe[1964] @ C:\WINDOWS\system32\mswsock.dll[ntdll.dll!NtReadFile] [244a73193f0] IAT C:\WINDOWS\system32\dashost.exe[1964] @ C:\WINDOWS\System32\powrprof.dll[ntdll.dll!ZwClose] [244a73189e0] IAT C:\WINDOWS\system32\dashost.exe[1964] @ C:\WINDOWS\System32\powrprof.dll[ntdll.dll!NtCreateFile] [244a7318a4c] IAT C:\WINDOWS\system32\dashost.exe[1964] @ C:\WINDOWS\System32\powrprof.dll[ntdll.dll!NtQueryVolumeInformationFile] [244a73193a8] IAT C:\WINDOWS\system32\dashost.exe[1964] @ C:\WINDOWS\System32\powrprof.dll[ntdll.dll!NtClose] [244a73189e0] IAT C:\WINDOWS\system32\dashost.exe[1964] @ C:\WINDOWS\system32\WININET.dll[ntdll.dll!NtSetInformationFile] [244a7319534] IAT C:\WINDOWS\system32\dashost.exe[1964] @ C:\WINDOWS\system32\WININET.dll[ntdll.dll!NtClose] [244a73189e0] IAT C:\WINDOWS\system32\dashost.exe[1964] @ C:\WINDOWS\system32\WININET.dll[ntdll.dll!NtQueryVolumeInformationFile] [244a73193a8] IAT C:\WINDOWS\system32\dashost.exe[1964] @ C:\WINDOWS\system32\WININET.dll[ntdll.dll!NtCreateFile] [244a7318a4c] IAT C:\WINDOWS\system32\dashost.exe[1964] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtClose] [244a73189e0] IAT C:\WINDOWS\system32\dashost.exe[1964] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtCreateFile] [244a7318a4c] IAT C:\WINDOWS\system32\dashost.exe[1964] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtQueryInformationFile] [244a73192c8] IAT C:\WINDOWS\system32\dashost.exe[1964] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtQueryDirectoryFile] [244a7319124] IAT C:\WINDOWS\system32\dashost.exe[1964] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtQueryVolumeInformationFile] [244a73193a8] IAT C:\WINDOWS\system32\dashost.exe[1964] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtOpenFile] [244a7318f20] IAT C:\WINDOWS\system32\dashost.exe[1964] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtSetInformationFile] [244a7319534] IAT C:\WINDOWS\system32\dashost.exe[1964] @ C:\WINDOWS\System32\shcore.dll[ntdll.dll!NtCreateFile] [244a7318a4c] IAT C:\Windows\System32\WUDFHost.exe[1972] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtQueryVolumeInformationFile] [255a67493a8] IAT C:\Windows\System32\WUDFHost.exe[1972] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtOpenFile] [255a6748f20] IAT C:\Windows\System32\WUDFHost.exe[1972] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtClose] [255a67489e0] IAT C:\Windows\System32\WUDFHost.exe[1972] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtQueryInformationFile] [255a67492c8] IAT C:\Windows\System32\WUDFHost.exe[1972] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtSetInformationFile] [255a6749534] IAT C:\Windows\System32\WUDFHost.exe[1972] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtQueryInformationFile] [255a67492c8] IAT C:\Windows\System32\WUDFHost.exe[1972] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtOpenFile] [255a6748f20] IAT C:\Windows\System32\WUDFHost.exe[1972] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtSetInformationFile] [255a6749534] IAT C:\Windows\System32\WUDFHost.exe[1972] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtQueryVolumeInformationFile] [255a67493a8] IAT C:\Windows\System32\WUDFHost.exe[1972] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtCreateFile] [255a6748a4c] IAT C:\Windows\System32\WUDFHost.exe[1972] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtQueryDirectoryFile] [255a6749124] IAT C:\Windows\System32\WUDFHost.exe[1972] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!ZwClose] [255a67489e0] IAT C:\Windows\System32\WUDFHost.exe[1972] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtDeviceIoControlFile] [255a6748ce4] IAT C:\Windows\System32\WUDFHost.exe[1972] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtClose] [255a67489e0] IAT C:\Windows\System32\WUDFHost.exe[1972] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtReadFile] [255a67493f0] IAT C:\Windows\System32\WUDFHost.exe[1972] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtWriteFile] [255a67498a0] IAT C:\Windows\System32\WUDFHost.exe[1972] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtLockFile] [255a6748e2c] IAT C:\Windows\System32\WUDFHost.exe[1972] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtUnlockFile] [255a67497f4] IAT C:\Windows\System32\WUDFHost.exe[1972] @ C:\WINDOWS\System32\RPCRT4.dll[ntdll.dll!NtQueryVolumeInformationFile] [255a67493a8] IAT C:\Windows\System32\WUDFHost.exe[1972] @ C:\WINDOWS\System32\RPCRT4.dll[ntdll.dll!NtClose] [255a67489e0] IAT C:\Windows\System32\WUDFHost.exe[1972] @ C:\WINDOWS\System32\RPCRT4.dll[ntdll.dll!NtWriteFile] [255a67498a0] IAT C:\Windows\System32\WUDFHost.exe[1972] @ C:\WINDOWS\System32\RPCRT4.dll[ntdll.dll!NtReadFile] [255a67493f0] IAT C:\Windows\System32\WUDFHost.exe[1972] @ C:\WINDOWS\System32\RPCRT4.dll[ntdll.dll!NtSetInformationFile] [255a6749534] IAT C:\Windows\System32\WUDFHost.exe[1972] @ C:\WINDOWS\System32\cfgmgr32.dll[ntdll.dll!NtCreateFile] [255a6748a4c] IAT C:\Windows\System32\WUDFHost.exe[1972] @ C:\Windows\System32\WININET.dll[ntdll.dll!NtSetInformationFile] [255a6749534] IAT C:\Windows\System32\WUDFHost.exe[1972] @ C:\Windows\System32\WININET.dll[ntdll.dll!NtClose] [255a67489e0] IAT C:\Windows\System32\WUDFHost.exe[1972] @ C:\Windows\System32\WININET.dll[ntdll.dll!NtQueryVolumeInformationFile] [255a67493a8] IAT C:\Windows\System32\WUDFHost.exe[1972] @ C:\Windows\System32\WININET.dll[ntdll.dll!NtCreateFile] [255a6748a4c] IAT C:\Windows\System32\WUDFHost.exe[1972] @ C:\WINDOWS\System32\CRYPT32.dll[ntdll.dll!NtQueryInformationFile] [255a67492c8] IAT C:\Windows\System32\WUDFHost.exe[1972] @ C:\Windows\System32\Secur32.dll[ntdll.dll!NtClose] [255a67489e0] IAT C:\Windows\System32\WUDFHost.exe[1972] @ C:\WINDOWS\System32\SHELL32.dll[ntdll.dll!NtQueryVolumeInformationFile] [255a67493a8] IAT C:\Windows\System32\WUDFHost.exe[1972] @ C:\WINDOWS\System32\SHELL32.dll[ntdll.dll!NtOpenFile] [255a6748f20] IAT C:\Windows\System32\WUDFHost.exe[1972] @ C:\WINDOWS\System32\SHELL32.dll[ntdll.dll!NtSetInformationFile] [255a6749534] IAT C:\Windows\System32\WUDFHost.exe[1972] @ C:\WINDOWS\System32\SHELL32.dll[ntdll.dll!NtClose] [255a67489e0] IAT C:\Windows\System32\WUDFHost.exe[1972] @ C:\WINDOWS\System32\SHELL32.dll[ntdll.dll!NtCreateFile] [255a6748a4c] IAT C:\Windows\System32\WUDFHost.exe[1972] @ C:\WINDOWS\System32\SHELL32.dll[ntdll.dll!NtQueryInformationFile] [255a67492c8] IAT C:\Windows\System32\WUDFHost.exe[1972] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtClose] [255a67489e0] IAT C:\Windows\System32\WUDFHost.exe[1972] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtCreateFile] [255a6748a4c] IAT C:\Windows\System32\WUDFHost.exe[1972] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtQueryInformationFile] [255a67492c8] IAT C:\Windows\System32\WUDFHost.exe[1972] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtQueryDirectoryFile] [255a6749124] IAT C:\Windows\System32\WUDFHost.exe[1972] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtQueryVolumeInformationFile] [255a67493a8] IAT C:\Windows\System32\WUDFHost.exe[1972] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtOpenFile] [255a6748f20] IAT C:\Windows\System32\WUDFHost.exe[1972] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtSetInformationFile] [255a6749534] IAT C:\Windows\System32\WUDFHost.exe[1972] @ C:\WINDOWS\System32\shcore.dll[ntdll.dll!NtCreateFile] [255a6748a4c] IAT C:\WINDOWS\system32\sihost.exe[2236] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtQueryVolumeInformationFile] [21792fc93a8] IAT C:\WINDOWS\system32\sihost.exe[2236] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtOpenFile] [21792fc8f20] IAT C:\WINDOWS\system32\sihost.exe[2236] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtClose] [21792fc89e0] IAT C:\WINDOWS\system32\sihost.exe[2236] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtQueryInformationFile] [21792fc92c8] IAT C:\WINDOWS\system32\sihost.exe[2236] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtSetInformationFile] [21792fc9534] IAT C:\WINDOWS\system32\sihost.exe[2236] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtCreateFile] [21792fc8a4c] IAT C:\WINDOWS\system32\sihost.exe[2236] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtLockFile] [21792fc8e2c] IAT C:\WINDOWS\system32\sihost.exe[2236] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtUnlockFile] [21792fc97f4] IAT C:\WINDOWS\system32\sihost.exe[2236] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtReadFile] [21792fc93f0] IAT C:\WINDOWS\system32\sihost.exe[2236] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtWriteFile] [21792fc98a0] IAT C:\WINDOWS\system32\sihost.exe[2236] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtQueryDirectoryFile] [21792fc9124] IAT C:\WINDOWS\system32\sihost.exe[2236] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtDeviceIoControlFile] [21792fc8ce4] IAT C:\WINDOWS\system32\sihost.exe[2236] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!ZwClose] [21792fc89e0] IAT C:\WINDOWS\system32\sihost.exe[2236] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!ZwCreateFile] [21792fc8a4c] IAT C:\WINDOWS\system32\sihost.exe[2236] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!ZwQueryInformationFile] [21792fc92c8] IAT C:\WINDOWS\system32\sihost.exe[2236] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtQueryInformationFile] [21792fc92c8] IAT C:\WINDOWS\system32\sihost.exe[2236] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtOpenFile] [21792fc8f20] IAT C:\WINDOWS\system32\sihost.exe[2236] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtSetInformationFile] [21792fc9534] IAT C:\WINDOWS\system32\sihost.exe[2236] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtQueryVolumeInformationFile] [21792fc93a8] IAT C:\WINDOWS\system32\sihost.exe[2236] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtCreateFile] [21792fc8a4c] IAT C:\WINDOWS\system32\sihost.exe[2236] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtQueryDirectoryFile] [21792fc9124] IAT C:\WINDOWS\system32\sihost.exe[2236] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!ZwClose] [21792fc89e0] IAT C:\WINDOWS\system32\sihost.exe[2236] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtDeviceIoControlFile] [21792fc8ce4] IAT C:\WINDOWS\system32\sihost.exe[2236] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtClose] [21792fc89e0] IAT C:\WINDOWS\system32\sihost.exe[2236] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtReadFile] [21792fc93f0] IAT C:\WINDOWS\system32\sihost.exe[2236] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtWriteFile] [21792fc98a0] IAT C:\WINDOWS\system32\sihost.exe[2236] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtLockFile] [21792fc8e2c] IAT C:\WINDOWS\system32\sihost.exe[2236] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtUnlockFile] [21792fc97f4] IAT C:\WINDOWS\system32\sihost.exe[2236] @ C:\WINDOWS\System32\RPCRT4.dll[ntdll.dll!NtQueryVolumeInformationFile] [21792fc93a8] IAT C:\WINDOWS\system32\sihost.exe[2236] @ C:\WINDOWS\System32\RPCRT4.dll[ntdll.dll!NtClose] [21792fc89e0] IAT C:\WINDOWS\system32\sihost.exe[2236] @ C:\WINDOWS\System32\RPCRT4.dll[ntdll.dll!NtWriteFile] [21792fc98a0] IAT C:\WINDOWS\system32\sihost.exe[2236] @ C:\WINDOWS\System32\RPCRT4.dll[ntdll.dll!NtReadFile] [21792fc93f0] IAT C:\WINDOWS\system32\sihost.exe[2236] @ C:\WINDOWS\System32\RPCRT4.dll[ntdll.dll!NtSetInformationFile] [21792fc9534] IAT C:\WINDOWS\system32\sihost.exe[2236] @ C:\WINDOWS\System32\bcryptPrimitives.dll[ntdll.dll!NtClose] [21792fc89e0] IAT C:\WINDOWS\system32\sihost.exe[2236] @ C:\WINDOWS\System32\bcryptPrimitives.dll[ntdll.dll!NtOpenFile] [21792fc8f20] IAT C:\WINDOWS\system32\sihost.exe[2236] @ C:\WINDOWS\System32\sechost.dll[ntdll.dll!NtClose] [21792fc89e0] IAT C:\WINDOWS\system32\sihost.exe[2236] @ C:\WINDOWS\System32\sechost.dll[ntdll.dll!NtQueryInformationFile] [21792fc92c8] IAT C:\WINDOWS\system32\sihost.exe[2236] @ C:\WINDOWS\system32\CoreMessaging.dll[ntdll.dll!NtClose] [21792fc89e0] IAT C:\WINDOWS\system32\sihost.exe[2236] @ C:\WINDOWS\System32\kernel.appcore.dll[ntdll.dll!NtClose] [21792fc89e0] IAT C:\WINDOWS\system32\sihost.exe[2236] @ C:\WINDOWS\System32\user32.dll[ntdll.dll!NtClose] [21792fc89e0] IAT C:\WINDOWS\system32\sihost.exe[2236] @ C:\WINDOWS\System32\shcore.dll[ntdll.dll!NtCreateFile] [21792fc8a4c] IAT C:\WINDOWS\system32\sihost.exe[2236] @ C:\WINDOWS\SYSTEM32\WINSTA.dll[ntdll.dll!NtClose] [21792fc89e0] IAT C:\WINDOWS\system32\sihost.exe[2236] @ C:\Windows\System32\modernexecserver.dll[ntdll.dll!ZwClose] [21792fc89e0] IAT C:\WINDOWS\system32\sihost.exe[2236] @ C:\Windows\System32\modernexecserver.dll[ntdll.dll!NtClose] [21792fc89e0] IAT C:\WINDOWS\system32\sihost.exe[2236] @ C:\WINDOWS\System32\powrprof.dll[ntdll.dll!ZwClose] [21792fc89e0] IAT C:\WINDOWS\system32\sihost.exe[2236] @ C:\WINDOWS\System32\powrprof.dll[ntdll.dll!NtCreateFile] [21792fc8a4c] IAT C:\WINDOWS\system32\sihost.exe[2236] @ C:\WINDOWS\System32\powrprof.dll[ntdll.dll!NtQueryVolumeInformationFile] [21792fc93a8] IAT C:\WINDOWS\system32\sihost.exe[2236] @ C:\WINDOWS\System32\powrprof.dll[ntdll.dll!NtClose] [21792fc89e0] IAT C:\WINDOWS\system32\sihost.exe[2236] @ C:\Windows\System32\ResourcePolicyClient.dll[ntdll.dll!NtClose] [21792fc89e0] IAT C:\WINDOWS\system32\sihost.exe[2236] @ C:\WINDOWS\SYSTEM32\twinapi.appcore.dll[ntdll.dll!NtClose] [21792fc89e0] IAT C:\WINDOWS\system32\sihost.exe[2236] @ C:\Windows\System32\bcrypt.dll[ntdll.dll!NtClose] [21792fc89e0] IAT C:\WINDOWS\system32\sihost.exe[2236] @ C:\Windows\System32\bcrypt.dll[ntdll.dll!NtDeviceIoControlFile] [21792fc8ce4] IAT C:\WINDOWS\system32\sihost.exe[2236] @ C:\Windows\System32\bcrypt.dll[ntdll.dll!NtOpenFile] [21792fc8f20] IAT C:\WINDOWS\system32\sihost.exe[2236] @ C:\WINDOWS\system32\uxtheme.dll[ntdll.dll!NtClose] [21792fc89e0] IAT C:\WINDOWS\system32\sihost.exe[2236] @ C:\WINDOWS\System32\ole32.dll[ntdll.dll!ZwClose] [21792fc89e0] IAT C:\WINDOWS\system32\sihost.exe[2236] @ C:\WINDOWS\System32\ole32.dll[ntdll.dll!NtSetInformationFile] [21792fc9534] IAT C:\WINDOWS\system32\sihost.exe[2236] @ C:\WINDOWS\System32\Windows.Storage.dll[ntdll.dll!NtClose] [21792fc89e0] IAT C:\WINDOWS\system32\sihost.exe[2236] @ C:\WINDOWS\System32\Windows.Storage.dll[ntdll.dll!NtCreateFile] [21792fc8a4c] IAT C:\WINDOWS\system32\sihost.exe[2236] @ C:\WINDOWS\System32\Windows.Storage.dll[ntdll.dll!NtQueryInformationFile] [21792fc92c8] IAT C:\WINDOWS\system32\sihost.exe[2236] @ C:\WINDOWS\System32\Windows.Storage.dll[ntdll.dll!NtQueryDirectoryFile] [21792fc9124] IAT C:\WINDOWS\system32\sihost.exe[2236] @ C:\WINDOWS\System32\Windows.Storage.dll[ntdll.dll!NtQueryVolumeInformationFile] [21792fc93a8] IAT C:\WINDOWS\system32\sihost.exe[2236] @ C:\WINDOWS\System32\Windows.Storage.dll[ntdll.dll!NtOpenFile] [21792fc8f20] IAT C:\WINDOWS\system32\sihost.exe[2236] @ C:\WINDOWS\System32\Windows.Storage.dll[ntdll.dll!NtSetInformationFile] [21792fc9534] IAT C:\WINDOWS\system32\sihost.exe[2236] @ C:\WINDOWS\system32\WININET.dll[ntdll.dll!NtSetInformationFile] [21792fc9534] IAT C:\WINDOWS\system32\sihost.exe[2236] @ C:\WINDOWS\system32\WININET.dll[ntdll.dll!NtClose] [21792fc89e0] IAT C:\WINDOWS\system32\sihost.exe[2236] @ C:\WINDOWS\system32\WININET.dll[ntdll.dll!NtQueryVolumeInformationFile] [21792fc93a8] IAT C:\WINDOWS\system32\sihost.exe[2236] @ C:\WINDOWS\system32\WININET.dll[ntdll.dll!NtCreateFile] [21792fc8a4c] IAT C:\WINDOWS\system32\sihost.exe[2236] @ C:\WINDOWS\System32\CRYPT32.dll[ntdll.dll!NtQueryInformationFile] [21792fc92c8] IAT C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2304] @ C:\WINDOWS\System32\KERNEL32.dll[ntdll.dll!NtQueryVolumeInformationFile] [9293a8] IAT C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2304] @ C:\WINDOWS\System32\KERNEL32.dll[ntdll.dll!NtOpenFile] [928f20] IAT C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2304] @ C:\WINDOWS\System32\KERNEL32.dll[ntdll.dll!NtClose] [9289e0] IAT C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2304] @ C:\WINDOWS\System32\KERNEL32.dll[ntdll.dll!NtQueryInformationFile] [9292c8] IAT C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2304] @ C:\WINDOWS\System32\KERNEL32.dll[ntdll.dll!NtSetInformationFile] [929534] IAT C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2304] @ C:\WINDOWS\System32\KERNEL32.dll[ntdll.dll!NtCreateFile] [928a4c] IAT C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2304] @ C:\WINDOWS\System32\KERNEL32.dll[ntdll.dll!NtLockFile] [928e2c] IAT C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2304] @ C:\WINDOWS\System32\KERNEL32.dll[ntdll.dll!NtUnlockFile] [9297f4] IAT C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2304] @ C:\WINDOWS\System32\KERNEL32.dll[ntdll.dll!NtReadFile] [9293f0] IAT C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2304] @ C:\WINDOWS\System32\KERNEL32.dll[ntdll.dll!NtWriteFile] [9298a0] IAT C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2304] @ C:\WINDOWS\System32\KERNEL32.dll[ntdll.dll!NtQueryDirectoryFile] [929124] IAT C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2304] @ C:\WINDOWS\System32\KERNEL32.dll[ntdll.dll!NtDeviceIoControlFile] [928ce4] IAT C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2304] @ C:\WINDOWS\System32\KERNEL32.dll[ntdll.dll!ZwClose] [9289e0] IAT C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2304] @ C:\WINDOWS\System32\KERNEL32.dll[ntdll.dll!ZwCreateFile] [928a4c] IAT C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2304] @ C:\WINDOWS\System32\KERNEL32.dll[ntdll.dll!ZwQueryInformationFile] [9292c8] IAT C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2304] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtQueryInformationFile] [9292c8] IAT C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2304] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtOpenFile] [928f20] IAT C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2304] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtSetInformationFile] [929534] IAT C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2304] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtQueryVolumeInformationFile] [9293a8] IAT C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2304] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtCreateFile] [928a4c] IAT C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2304] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtQueryDirectoryFile] [929124] IAT C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2304] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!ZwClose] [9289e0] IAT C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2304] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtDeviceIoControlFile] [928ce4] IAT C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2304] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtClose] [9289e0] IAT C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2304] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtReadFile] [9293f0] IAT C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2304] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtWriteFile] [9298a0] IAT C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2304] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtLockFile] [928e2c] IAT C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2304] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtUnlockFile] [9297f4] IAT C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2304] @ C:\WINDOWS\System32\sechost.dll[ntdll.dll!NtClose] [9289e0] IAT C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2304] @ C:\WINDOWS\System32\sechost.dll[ntdll.dll!NtQueryInformationFile] [9292c8] IAT C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2304] @ C:\WINDOWS\System32\RPCRT4.dll[ntdll.dll!NtQueryVolumeInformationFile] [9293a8] IAT C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2304] @ C:\WINDOWS\System32\RPCRT4.dll[ntdll.dll!NtClose] [9289e0] IAT C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2304] @ C:\WINDOWS\System32\RPCRT4.dll[ntdll.dll!NtWriteFile] [9298a0] IAT C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2304] @ C:\WINDOWS\System32\RPCRT4.dll[ntdll.dll!NtReadFile] [9293f0] IAT C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2304] @ C:\WINDOWS\System32\RPCRT4.dll[ntdll.dll!NtSetInformationFile] [929534] IAT C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2304] @ C:\WINDOWS\System32\kernel.appcore.dll[ntdll.dll!NtClose] [9289e0] IAT C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2304] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtClose] [9289e0] IAT C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2304] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtCreateFile] [928a4c] IAT C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2304] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtQueryInformationFile] [9292c8] IAT C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2304] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtQueryDirectoryFile] [929124] IAT C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2304] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtQueryVolumeInformationFile] [9293a8] IAT C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2304] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtOpenFile] [928f20] IAT C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2304] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtSetInformationFile] [929534] IAT C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2304] @ C:\WINDOWS\System32\shcore.dll[ntdll.dll!NtCreateFile] [928a4c] IAT C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2304] @ C:\WINDOWS\System32\ole32.dll[ntdll.dll!ZwClose] [9289e0] IAT C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2304] @ C:\WINDOWS\System32\ole32.dll[ntdll.dll!NtSetInformationFile] [929534] IAT C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2304] @ C:\WINDOWS\SYSTEM32\CRYPTSP.dll[ntdll.dll!NtClose] [9289e0] IAT C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2304] @ C:\WINDOWS\system32\rsaenh.dll[ntdll.dll!NtClose] [9289e0] IAT C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2304] @ C:\WINDOWS\system32\rsaenh.dll[ntdll.dll!NtCreateFile] [928a4c] IAT C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2304] @ C:\WINDOWS\SYSTEM32\WININET.dll[ntdll.dll!NtSetInformationFile] [929534] IAT C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2304] @ C:\WINDOWS\SYSTEM32\WININET.dll[ntdll.dll!NtClose] [9289e0] IAT C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2304] @ C:\WINDOWS\SYSTEM32\WININET.dll[ntdll.dll!NtQueryVolumeInformationFile] [9293a8] IAT C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2304] @ C:\WINDOWS\SYSTEM32\WININET.dll[ntdll.dll!NtCreateFile] [928a4c] IAT C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[2304] @ C:\WINDOWS\System32\CRYPT32.dll[ntdll.dll!NtQueryInformationFile] [9292c8] IAT C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe[2400] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtQueryVolumeInformationFile] [13f93a8] IAT C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe[2400] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtOpenFile] [13f8f20] IAT C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe[2400] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtClose] [13f89e0] IAT C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe[2400] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtQueryInformationFile] [13f92c8] IAT C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe[2400] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtSetInformationFile] [13f9534] IAT C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe[2400] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtCreateFile] [13f8a4c] IAT C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe[2400] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtLockFile] [13f8e2c] IAT C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe[2400] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtUnlockFile] [13f97f4] IAT C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe[2400] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtReadFile] [13f93f0] IAT C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe[2400] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtWriteFile] [13f98a0] IAT C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe[2400] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtQueryDirectoryFile] [13f9124] IAT C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe[2400] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtDeviceIoControlFile] [13f8ce4] IAT C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe[2400] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!ZwClose] [13f89e0] IAT C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe[2400] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!ZwCreateFile] [13f8a4c] IAT C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe[2400] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!ZwQueryInformationFile] [13f92c8] IAT C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe[2400] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtQueryInformationFile] [13f92c8] IAT C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe[2400] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtOpenFile] [13f8f20] IAT C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe[2400] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtSetInformationFile] [13f9534] IAT C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe[2400] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtQueryVolumeInformationFile] [13f93a8] IAT C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe[2400] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtCreateFile] [13f8a4c] IAT C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe[2400] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtQueryDirectoryFile] [13f9124] IAT C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe[2400] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!ZwClose] [13f89e0] IAT C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe[2400] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtDeviceIoControlFile] [13f8ce4] IAT C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe[2400] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtClose] [13f89e0] IAT C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe[2400] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtReadFile] [13f93f0] IAT C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe[2400] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtWriteFile] [13f98a0] IAT C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe[2400] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtLockFile] [13f8e2c] IAT C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe[2400] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtUnlockFile] [13f97f4] IAT C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe[2400] @ C:\WINDOWS\System32\USER32.dll[ntdll.dll!NtClose] [13f89e0] IAT C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe[2400] @ C:\WINDOWS\System32\RPCRT4.dll[ntdll.dll!NtQueryVolumeInformationFile] [13f93a8] IAT C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe[2400] @ C:\WINDOWS\System32\RPCRT4.dll[ntdll.dll!NtClose] [13f89e0] IAT C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe[2400] @ C:\WINDOWS\System32\RPCRT4.dll[ntdll.dll!NtWriteFile] [13f98a0] IAT C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe[2400] @ C:\WINDOWS\System32\RPCRT4.dll[ntdll.dll!NtReadFile] [13f93f0] IAT C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe[2400] @ C:\WINDOWS\System32\RPCRT4.dll[ntdll.dll!NtSetInformationFile] [13f9534] IAT C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe[2400] @ C:\WINDOWS\System32\shcore.dll[ntdll.dll!NtCreateFile] [13f8a4c] IAT C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe[2400] @ C:\WINDOWS\System32\WS2_32.dll[ntdll.dll!NtCreateFile] [13f8a4c] IAT C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe[2400] @ C:\WINDOWS\System32\WS2_32.dll[ntdll.dll!NtClose] [13f89e0] IAT C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe[2400] @ C:\WINDOWS\System32\WS2_32.dll[ntdll.dll!NtDeviceIoControlFile] [13f8ce4] IAT C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe[2400] @ C:\WINDOWS\System32\WS2_32.dll[ntdll.dll!NtQueryDirectoryFile] [13f9124] IAT C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe[2400] @ C:\WINDOWS\System32\WS2_32.dll[ntdll.dll!NtOpenFile] [13f8f20] IAT C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe[2400] @ C:\WINDOWS\SYSTEM32\WININET.dll[ntdll.dll!NtSetInformationFile] [13f9534] IAT C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe[2400] @ C:\WINDOWS\SYSTEM32\WININET.dll[ntdll.dll!NtClose] [13f89e0] IAT C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe[2400] @ C:\WINDOWS\SYSTEM32\WININET.dll[ntdll.dll!NtQueryVolumeInformationFile] [13f93a8] IAT C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe[2400] @ C:\WINDOWS\SYSTEM32\WININET.dll[ntdll.dll!NtCreateFile] [13f8a4c] IAT C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe[2400] @ C:\WINDOWS\System32\CRYPT32.dll[ntdll.dll!NtQueryInformationFile] [13f92c8] IAT C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe[2400] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtClose] [13f89e0] IAT C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe[2400] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtCreateFile] [13f8a4c] IAT C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe[2400] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtQueryInformationFile] [13f92c8] IAT C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe[2400] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtQueryDirectoryFile] [13f9124] IAT C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe[2400] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtQueryVolumeInformationFile] [13f93a8] IAT C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe[2400] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtOpenFile] [13f8f20] IAT C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe[2400] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtSetInformationFile] [13f9534] IAT C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe[2428] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtQueryVolumeInformationFile] [c293a8] IAT C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe[2428] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtOpenFile] [c28f20] IAT C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe[2428] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtClose] [c289e0] IAT C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe[2428] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtQueryInformationFile] [c292c8] IAT C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe[2428] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtSetInformationFile] [c29534] IAT C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe[2428] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtCreateFile] [c28a4c] IAT C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe[2428] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtLockFile] [c28e2c] IAT C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe[2428] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtUnlockFile] [c297f4] IAT C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe[2428] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtReadFile] [c293f0] IAT C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe[2428] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtWriteFile] [c298a0] IAT C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe[2428] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtQueryDirectoryFile] [c29124] IAT C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe[2428] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtDeviceIoControlFile] [c28ce4] IAT C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe[2428] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!ZwClose] [c289e0] IAT C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe[2428] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!ZwCreateFile] [c28a4c] IAT C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe[2428] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!ZwQueryInformationFile] [c292c8] IAT C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe[2428] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtQueryInformationFile] [c292c8] IAT C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe[2428] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtOpenFile] [c28f20] IAT C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe[2428] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtSetInformationFile] [c29534] IAT C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe[2428] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtQueryVolumeInformationFile] [c293a8] IAT C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe[2428] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtCreateFile] [c28a4c] IAT C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe[2428] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtQueryDirectoryFile] [c29124] IAT C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe[2428] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!ZwClose] [c289e0] IAT C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe[2428] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtDeviceIoControlFile] [c28ce4] IAT C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe[2428] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtClose] [c289e0] IAT C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe[2428] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtReadFile] [c293f0] IAT C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe[2428] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtWriteFile] [c298a0] IAT C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe[2428] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtLockFile] [c28e2c] IAT C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe[2428] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtUnlockFile] [c297f4] IAT C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe[2428] @ C:\WINDOWS\System32\USER32.dll[ntdll.dll!NtClose] [c289e0] IAT C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe[2428] @ C:\WINDOWS\System32\ADVAPI32.dll[ntdll.dll!NtClose] [c289e0] IAT C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe[2428] @ C:\WINDOWS\System32\ADVAPI32.dll[ntdll.dll!NtOpenFile] [c28f20] IAT C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe[2428] @ C:\WINDOWS\System32\ADVAPI32.dll[ntdll.dll!NtDeviceIoControlFile] [c28ce4] IAT C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe[2428] @ C:\WINDOWS\System32\ADVAPI32.dll[ntdll.dll!NtQueryVolumeInformationFile] [c293a8] IAT C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe[2428] @ C:\WINDOWS\System32\ADVAPI32.dll[ntdll.dll!NtQueryInformationFile] [c292c8] IAT C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe[2428] @ C:\WINDOWS\System32\sechost.dll[ntdll.dll!NtClose] [c289e0] IAT C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe[2428] @ C:\WINDOWS\System32\sechost.dll[ntdll.dll!NtQueryInformationFile] [c292c8] IAT C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe[2428] @ C:\WINDOWS\System32\RPCRT4.dll[ntdll.dll!NtQueryVolumeInformationFile] [c293a8] IAT C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe[2428] @ C:\WINDOWS\System32\RPCRT4.dll[ntdll.dll!NtClose] [c289e0] IAT C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe[2428] @ C:\WINDOWS\System32\RPCRT4.dll[ntdll.dll!NtWriteFile] [c298a0] IAT C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe[2428] @ C:\WINDOWS\System32\RPCRT4.dll[ntdll.dll!NtReadFile] [c293f0] IAT C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe[2428] @ C:\WINDOWS\System32\RPCRT4.dll[ntdll.dll!NtSetInformationFile] [c29534] IAT C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe[2428] @ C:\WINDOWS\System32\cfgmgr32.dll[ntdll.dll!NtCreateFile] [c28a4c] IAT C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe[2428] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtClose] [c289e0] IAT C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe[2428] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtCreateFile] [c28a4c] IAT C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe[2428] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtQueryInformationFile] [c292c8] IAT C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe[2428] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtQueryDirectoryFile] [c29124] IAT C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe[2428] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtQueryVolumeInformationFile] [c293a8] IAT C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe[2428] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtOpenFile] [c28f20] IAT C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe[2428] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtSetInformationFile] [c29534] IAT C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe[2428] @ C:\WINDOWS\System32\shcore.dll[ntdll.dll!NtCreateFile] [c28a4c] IAT C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe[2428] @ C:\WINDOWS\System32\SETUPAPI.dll[ntdll.dll!NtQueryInformationFile] [c292c8] IAT C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe[2428] @ C:\WINDOWS\System32\SETUPAPI.dll[ntdll.dll!NtSetInformationFile] [c29534] IAT C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe[2428] @ C:\WINDOWS\System32\SETUPAPI.dll[ntdll.dll!NtClose] [c289e0] IAT C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe[2428] @ C:\WINDOWS\System32\CRYPT32.dll[ntdll.dll!NtQueryInformationFile] [c292c8] IAT C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe[2428] @ C:\WINDOWS\SYSTEM32\WININET.dll[ntdll.dll!NtSetInformationFile] [c29534] IAT C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe[2428] @ C:\WINDOWS\SYSTEM32\WININET.dll[ntdll.dll!NtClose] [c289e0] IAT C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe[2428] @ C:\WINDOWS\SYSTEM32\WININET.dll[ntdll.dll!NtQueryVolumeInformationFile] [c293a8] IAT C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe[2428] @ C:\WINDOWS\SYSTEM32\WININET.dll[ntdll.dll!NtCreateFile] [c28a4c] IAT C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe[2428] @ C:\WINDOWS\SYSTEM32\Secur32.dll[ntdll.dll!NtClose] [c289e0] IAT C:\WINDOWS\SysWoW64\esif_uf.exe[2512] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtQueryVolumeInformationFile] [236831c93a8] IAT C:\WINDOWS\SysWoW64\esif_uf.exe[2512] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtOpenFile] [236831c8f20] IAT C:\WINDOWS\SysWoW64\esif_uf.exe[2512] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtClose] [236831c89e0] IAT C:\WINDOWS\SysWoW64\esif_uf.exe[2512] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtQueryInformationFile] [236831c92c8] IAT C:\WINDOWS\SysWoW64\esif_uf.exe[2512] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtSetInformationFile] [236831c9534] IAT C:\WINDOWS\SysWoW64\esif_uf.exe[2512] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtQueryInformationFile] [236831c92c8] IAT C:\WINDOWS\SysWoW64\esif_uf.exe[2512] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtOpenFile] [236831c8f20] IAT C:\WINDOWS\SysWoW64\esif_uf.exe[2512] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtSetInformationFile] [236831c9534] IAT C:\WINDOWS\SysWoW64\esif_uf.exe[2512] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtQueryVolumeInformationFile] [236831c93a8] IAT C:\WINDOWS\SysWoW64\esif_uf.exe[2512] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtCreateFile] [236831c8a4c] IAT C:\WINDOWS\SysWoW64\esif_uf.exe[2512] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtQueryDirectoryFile] [236831c9124] IAT C:\WINDOWS\SysWoW64\esif_uf.exe[2512] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!ZwClose] [236831c89e0] IAT C:\WINDOWS\SysWoW64\esif_uf.exe[2512] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtDeviceIoControlFile] [236831c8ce4] IAT C:\WINDOWS\SysWoW64\esif_uf.exe[2512] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtClose] [236831c89e0] IAT C:\WINDOWS\SysWoW64\esif_uf.exe[2512] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtReadFile] [236831c93f0] IAT C:\WINDOWS\SysWoW64\esif_uf.exe[2512] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtWriteFile] [236831c98a0] IAT C:\WINDOWS\SysWoW64\esif_uf.exe[2512] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtLockFile] [236831c8e2c] IAT C:\WINDOWS\SysWoW64\esif_uf.exe[2512] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtUnlockFile] [236831c97f4] IAT C:\WINDOWS\SysWoW64\esif_uf.exe[2512] @ C:\WINDOWS\System32\ole32.dll[ntdll.dll!ZwClose] [236831c89e0] IAT C:\WINDOWS\SysWoW64\esif_uf.exe[2512] @ C:\WINDOWS\System32\ole32.dll[ntdll.dll!NtSetInformationFile] [236831c9534] IAT C:\WINDOWS\SysWoW64\esif_uf.exe[2512] @ C:\WINDOWS\System32\RPCRT4.dll[ntdll.dll!NtQueryVolumeInformationFile] [236831c93a8] IAT C:\WINDOWS\SysWoW64\esif_uf.exe[2512] @ C:\WINDOWS\System32\RPCRT4.dll[ntdll.dll!NtClose] [236831c89e0] IAT C:\WINDOWS\SysWoW64\esif_uf.exe[2512] @ C:\WINDOWS\System32\RPCRT4.dll[ntdll.dll!NtWriteFile] [236831c98a0] IAT C:\WINDOWS\SysWoW64\esif_uf.exe[2512] @ C:\WINDOWS\System32\RPCRT4.dll[ntdll.dll!NtReadFile] [236831c93f0] IAT C:\WINDOWS\SysWoW64\esif_uf.exe[2512] @ C:\WINDOWS\System32\RPCRT4.dll[ntdll.dll!NtSetInformationFile] [236831c9534] IAT C:\WINDOWS\SysWoW64\esif_uf.exe[2512] @ C:\WINDOWS\System32\sechost.dll[ntdll.dll!NtClose] [236831c89e0] IAT C:\WINDOWS\SysWoW64\esif_uf.exe[2512] @ C:\WINDOWS\System32\sechost.dll[ntdll.dll!NtQueryInformationFile] [236831c92c8] IAT C:\WINDOWS\SysWoW64\esif_uf.exe[2512] @ C:\WINDOWS\System32\SETUPAPI.dll[ntdll.dll!NtQueryInformationFile] [236831c92c8] IAT C:\WINDOWS\SysWoW64\esif_uf.exe[2512] @ C:\WINDOWS\System32\SETUPAPI.dll[ntdll.dll!NtSetInformationFile] [236831c9534] IAT C:\WINDOWS\SysWoW64\esif_uf.exe[2512] @ C:\WINDOWS\System32\SETUPAPI.dll[ntdll.dll!NtClose] [236831c89e0] IAT C:\WINDOWS\SysWoW64\esif_uf.exe[2512] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtClose] [236831c89e0] IAT C:\WINDOWS\SysWoW64\esif_uf.exe[2512] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtCreateFile] [236831c8a4c] IAT C:\WINDOWS\SysWoW64\esif_uf.exe[2512] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtQueryInformationFile] [236831c92c8] IAT C:\WINDOWS\SysWoW64\esif_uf.exe[2512] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtQueryDirectoryFile] [236831c9124] IAT C:\WINDOWS\SysWoW64\esif_uf.exe[2512] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtQueryVolumeInformationFile] [236831c93a8] IAT C:\WINDOWS\SysWoW64\esif_uf.exe[2512] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtOpenFile] [236831c8f20] IAT C:\WINDOWS\SysWoW64\esif_uf.exe[2512] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtSetInformationFile] [236831c9534] IAT C:\WINDOWS\SysWoW64\esif_uf.exe[2512] @ C:\WINDOWS\System32\shcore.dll[ntdll.dll!NtCreateFile] [236831c8a4c] IAT C:\WINDOWS\SysWoW64\esif_uf.exe[2512] @ C:\WINDOWS\SYSTEM32\WININET.dll[ntdll.dll!NtSetInformationFile] [236831c9534] IAT C:\WINDOWS\SysWoW64\esif_uf.exe[2512] @ C:\WINDOWS\SYSTEM32\WININET.dll[ntdll.dll!NtClose] [236831c89e0] IAT C:\WINDOWS\SysWoW64\esif_uf.exe[2512] @ C:\WINDOWS\SYSTEM32\WININET.dll[ntdll.dll!NtQueryVolumeInformationFile] [236831c93a8] IAT C:\WINDOWS\SysWoW64\esif_uf.exe[2512] @ C:\WINDOWS\SYSTEM32\WININET.dll[ntdll.dll!NtCreateFile] [236831c8a4c] IAT C:\WINDOWS\SysWoW64\esif_uf.exe[2512] @ C:\WINDOWS\System32\CRYPT32.dll[ntdll.dll!NtQueryInformationFile] [236831c92c8] IAT C:\Windows\system32\HPSIsvc.exe[2580] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtQueryVolumeInformationFile] [4f93a8] IAT C:\Windows\system32\HPSIsvc.exe[2580] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtOpenFile] [4f8f20] IAT C:\Windows\system32\HPSIsvc.exe[2580] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtClose] [4f89e0] IAT C:\Windows\system32\HPSIsvc.exe[2580] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtQueryInformationFile] [4f92c8] IAT C:\Windows\system32\HPSIsvc.exe[2580] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtSetInformationFile] [4f9534] IAT C:\Windows\system32\HPSIsvc.exe[2580] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtCreateFile] [4f8a4c] IAT C:\Windows\system32\HPSIsvc.exe[2580] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtLockFile] [4f8e2c] IAT C:\Windows\system32\HPSIsvc.exe[2580] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtUnlockFile] [4f97f4] IAT C:\Windows\system32\HPSIsvc.exe[2580] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtReadFile] [4f93f0] IAT C:\Windows\system32\HPSIsvc.exe[2580] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtWriteFile] [4f98a0] IAT C:\Windows\system32\HPSIsvc.exe[2580] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtQueryDirectoryFile] [4f9124] IAT C:\Windows\system32\HPSIsvc.exe[2580] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtDeviceIoControlFile] [4f8ce4] IAT C:\Windows\system32\HPSIsvc.exe[2580] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!ZwClose] [4f89e0] IAT C:\Windows\system32\HPSIsvc.exe[2580] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!ZwCreateFile] [4f8a4c] IAT C:\Windows\system32\HPSIsvc.exe[2580] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!ZwQueryInformationFile] [4f92c8] IAT C:\Windows\system32\HPSIsvc.exe[2580] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtQueryInformationFile] [4f92c8] IAT C:\Windows\system32\HPSIsvc.exe[2580] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtOpenFile] [4f8f20] IAT C:\Windows\system32\HPSIsvc.exe[2580] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtSetInformationFile] [4f9534] IAT C:\Windows\system32\HPSIsvc.exe[2580] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtQueryVolumeInformationFile] [4f93a8] IAT C:\Windows\system32\HPSIsvc.exe[2580] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtCreateFile] [4f8a4c] IAT C:\Windows\system32\HPSIsvc.exe[2580] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtQueryDirectoryFile] [4f9124] IAT C:\Windows\system32\HPSIsvc.exe[2580] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!ZwClose] [4f89e0] IAT C:\Windows\system32\HPSIsvc.exe[2580] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtDeviceIoControlFile] [4f8ce4] IAT C:\Windows\system32\HPSIsvc.exe[2580] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtClose] [4f89e0] IAT C:\Windows\system32\HPSIsvc.exe[2580] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtReadFile] [4f93f0] IAT C:\Windows\system32\HPSIsvc.exe[2580] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtWriteFile] [4f98a0] IAT C:\Windows\system32\HPSIsvc.exe[2580] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtLockFile] [4f8e2c] IAT C:\Windows\system32\HPSIsvc.exe[2580] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtUnlockFile] [4f97f4] IAT C:\Windows\system32\HPSIsvc.exe[2580] @ C:\WINDOWS\System32\SETUPAPI.dll[ntdll.dll!NtQueryInformationFile] [4f92c8] IAT C:\Windows\system32\HPSIsvc.exe[2580] @ C:\WINDOWS\System32\SETUPAPI.dll[ntdll.dll!NtSetInformationFile] [4f9534] IAT C:\Windows\system32\HPSIsvc.exe[2580] @ C:\WINDOWS\System32\SETUPAPI.dll[ntdll.dll!NtClose] [4f89e0] IAT C:\Windows\system32\HPSIsvc.exe[2580] @ C:\WINDOWS\System32\cfgmgr32.dll[ntdll.dll!NtCreateFile] [4f8a4c] IAT C:\Windows\system32\HPSIsvc.exe[2580] @ C:\WINDOWS\System32\RPCRT4.dll[ntdll.dll!NtQueryVolumeInformationFile] [4f93a8] IAT C:\Windows\system32\HPSIsvc.exe[2580] @ C:\WINDOWS\System32\RPCRT4.dll[ntdll.dll!NtClose] [4f89e0] IAT C:\Windows\system32\HPSIsvc.exe[2580] @ C:\WINDOWS\System32\RPCRT4.dll[ntdll.dll!NtWriteFile] [4f98a0] IAT C:\Windows\system32\HPSIsvc.exe[2580] @ C:\WINDOWS\System32\RPCRT4.dll[ntdll.dll!NtReadFile] [4f93f0] IAT C:\Windows\system32\HPSIsvc.exe[2580] @ C:\WINDOWS\System32\RPCRT4.dll[ntdll.dll!NtSetInformationFile] [4f9534] IAT C:\Windows\system32\HPSIsvc.exe[2580] @ C:\WINDOWS\System32\USER32.dll[ntdll.dll!NtClose] [4f89e0] IAT C:\Windows\system32\HPSIsvc.exe[2580] @ C:\WINDOWS\System32\ADVAPI32.dll[ntdll.dll!NtClose] [4f89e0] IAT C:\Windows\system32\HPSIsvc.exe[2580] @ C:\WINDOWS\System32\ADVAPI32.dll[ntdll.dll!NtOpenFile] [4f8f20] IAT C:\Windows\system32\HPSIsvc.exe[2580] @ C:\WINDOWS\System32\ADVAPI32.dll[ntdll.dll!NtDeviceIoControlFile] [4f8ce4] IAT C:\Windows\system32\HPSIsvc.exe[2580] @ C:\WINDOWS\System32\ADVAPI32.dll[ntdll.dll!NtQueryVolumeInformationFile] [4f93a8] IAT C:\Windows\system32\HPSIsvc.exe[2580] @ C:\WINDOWS\System32\ADVAPI32.dll[ntdll.dll!NtQueryInformationFile] [4f92c8] IAT C:\Windows\system32\HPSIsvc.exe[2580] @ C:\WINDOWS\System32\CRYPT32.dll[ntdll.dll!NtQueryInformationFile] [4f92c8] IAT C:\Windows\system32\HPSIsvc.exe[2580] @ C:\Windows\system32\WININET.dll[ntdll.dll!NtSetInformationFile] [4f9534] IAT C:\Windows\system32\HPSIsvc.exe[2580] @ C:\Windows\system32\WININET.dll[ntdll.dll!NtClose] [4f89e0] IAT C:\Windows\system32\HPSIsvc.exe[2580] @ C:\Windows\system32\WININET.dll[ntdll.dll!NtQueryVolumeInformationFile] [4f93a8] IAT C:\Windows\system32\HPSIsvc.exe[2580] @ C:\Windows\system32\WININET.dll[ntdll.dll!NtCreateFile] [4f8a4c] IAT C:\Windows\system32\HPSIsvc.exe[2580] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtClose] [4f89e0] IAT C:\Windows\system32\HPSIsvc.exe[2580] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtCreateFile] [4f8a4c] IAT C:\Windows\system32\HPSIsvc.exe[2580] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtQueryInformationFile] [4f92c8] IAT C:\Windows\system32\HPSIsvc.exe[2580] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtQueryDirectoryFile] [4f9124] IAT C:\Windows\system32\HPSIsvc.exe[2580] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtQueryVolumeInformationFile] [4f93a8] IAT C:\Windows\system32\HPSIsvc.exe[2580] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtOpenFile] [4f8f20] IAT C:\Windows\system32\HPSIsvc.exe[2580] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtSetInformationFile] [4f9534] IAT C:\Windows\system32\HPSIsvc.exe[2580] @ C:\WINDOWS\System32\shcore.dll[ntdll.dll!NtCreateFile] [4f8a4c] IAT C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2776] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtQueryVolumeInformationFile] [12f93a8] IAT C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2776] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtOpenFile] [12f8f20] IAT C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2776] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtClose] [12f89e0] IAT C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2776] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtQueryInformationFile] [12f92c8] IAT C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2776] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtSetInformationFile] [12f9534] IAT C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2776] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtQueryInformationFile] [12f92c8] IAT C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2776] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtOpenFile] [12f8f20] IAT C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2776] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtSetInformationFile] [12f9534] IAT C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2776] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtQueryVolumeInformationFile] [12f93a8] IAT C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2776] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtCreateFile] [12f8a4c] IAT C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2776] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtQueryDirectoryFile] [12f9124] IAT C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2776] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!ZwClose] [12f89e0] IAT C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2776] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtDeviceIoControlFile] [12f8ce4] IAT C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2776] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtClose] [12f89e0] IAT C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2776] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtReadFile] [12f93f0] IAT C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2776] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtWriteFile] [12f98a0] IAT C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2776] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtLockFile] [12f8e2c] IAT C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2776] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtUnlockFile] [12f97f4] IAT C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2776] @ C:\WINDOWS\System32\RPCRT4.dll[ntdll.dll!NtQueryVolumeInformationFile] [12f93a8] IAT C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2776] @ C:\WINDOWS\System32\RPCRT4.dll[ntdll.dll!NtClose] [12f89e0] IAT C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2776] @ C:\WINDOWS\System32\RPCRT4.dll[ntdll.dll!NtWriteFile] [12f98a0] IAT C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2776] @ C:\WINDOWS\System32\RPCRT4.dll[ntdll.dll!NtReadFile] [12f93f0] IAT C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2776] @ C:\WINDOWS\System32\RPCRT4.dll[ntdll.dll!NtSetInformationFile] [12f9534] IAT C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2776] @ C:\WINDOWS\System32\shcore.dll[ntdll.dll!NtCreateFile] [12f8a4c] IAT C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2776] @ C:\WINDOWS\SYSTEM32\WININET.dll[ntdll.dll!NtSetInformationFile] [12f9534] IAT C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2776] @ C:\WINDOWS\SYSTEM32\WININET.dll[ntdll.dll!NtClose] [12f89e0] IAT C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2776] @ C:\WINDOWS\SYSTEM32\WININET.dll[ntdll.dll!NtQueryVolumeInformationFile] [12f93a8] IAT C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2776] @ C:\WINDOWS\SYSTEM32\WININET.dll[ntdll.dll!NtCreateFile] [12f8a4c] IAT C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2776] @ C:\WINDOWS\System32\CRYPT32.dll[ntdll.dll!NtQueryInformationFile] [12f92c8] IAT C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2776] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtClose] [12f89e0] IAT C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2776] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtCreateFile] [12f8a4c] IAT C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2776] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtQueryInformationFile] [12f92c8] IAT C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2776] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtQueryDirectoryFile] [12f9124] IAT C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2776] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtQueryVolumeInformationFile] [12f93a8] IAT C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2776] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtOpenFile] [12f8f20] IAT C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2776] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtSetInformationFile] [12f9534] IAT C:\WINDOWS\TEMP\DPTF\esif_assist_64.exe[3000] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtQueryVolumeInformationFile] [181571f93a8] IAT C:\WINDOWS\TEMP\DPTF\esif_assist_64.exe[3000] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtOpenFile] [181571f8f20] IAT C:\WINDOWS\TEMP\DPTF\esif_assist_64.exe[3000] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtClose] [181571f89e0] IAT C:\WINDOWS\TEMP\DPTF\esif_assist_64.exe[3000] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtQueryInformationFile] [181571f92c8] IAT C:\WINDOWS\TEMP\DPTF\esif_assist_64.exe[3000] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtSetInformationFile] [181571f9534] IAT C:\WINDOWS\TEMP\DPTF\esif_assist_64.exe[3000] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtQueryInformationFile] [181571f92c8] IAT C:\WINDOWS\TEMP\DPTF\esif_assist_64.exe[3000] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtOpenFile] [181571f8f20] IAT C:\WINDOWS\TEMP\DPTF\esif_assist_64.exe[3000] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtSetInformationFile] [181571f9534] IAT C:\WINDOWS\TEMP\DPTF\esif_assist_64.exe[3000] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtQueryVolumeInformationFile] [181571f93a8] IAT C:\WINDOWS\TEMP\DPTF\esif_assist_64.exe[3000] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtCreateFile] [181571f8a4c] IAT C:\WINDOWS\TEMP\DPTF\esif_assist_64.exe[3000] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtQueryDirectoryFile] [181571f9124] IAT C:\WINDOWS\TEMP\DPTF\esif_assist_64.exe[3000] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!ZwClose] [181571f89e0] IAT C:\WINDOWS\TEMP\DPTF\esif_assist_64.exe[3000] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtDeviceIoControlFile] [181571f8ce4] IAT C:\WINDOWS\TEMP\DPTF\esif_assist_64.exe[3000] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtClose] [181571f89e0] IAT C:\WINDOWS\TEMP\DPTF\esif_assist_64.exe[3000] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtReadFile] [181571f93f0] IAT C:\WINDOWS\TEMP\DPTF\esif_assist_64.exe[3000] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtWriteFile] [181571f98a0] IAT C:\WINDOWS\TEMP\DPTF\esif_assist_64.exe[3000] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtLockFile] [181571f8e2c] IAT C:\WINDOWS\TEMP\DPTF\esif_assist_64.exe[3000] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtUnlockFile] [181571f97f4] IAT C:\WINDOWS\TEMP\DPTF\esif_assist_64.exe[3000] @ C:\WINDOWS\System32\USER32.dll[ntdll.dll!NtClose] [181571f89e0] IAT C:\WINDOWS\TEMP\DPTF\esif_assist_64.exe[3000] @ C:\WINDOWS\System32\RPCRT4.dll[ntdll.dll!NtQueryVolumeInformationFile] [181571f93a8] IAT C:\WINDOWS\TEMP\DPTF\esif_assist_64.exe[3000] @ C:\WINDOWS\System32\RPCRT4.dll[ntdll.dll!NtClose] [181571f89e0] IAT C:\WINDOWS\TEMP\DPTF\esif_assist_64.exe[3000] @ C:\WINDOWS\System32\RPCRT4.dll[ntdll.dll!NtWriteFile] [181571f98a0] IAT C:\WINDOWS\TEMP\DPTF\esif_assist_64.exe[3000] @ C:\WINDOWS\System32\RPCRT4.dll[ntdll.dll!NtReadFile] [181571f93f0] IAT C:\WINDOWS\TEMP\DPTF\esif_assist_64.exe[3000] @ C:\WINDOWS\System32\RPCRT4.dll[ntdll.dll!NtSetInformationFile] [181571f9534] IAT C:\WINDOWS\TEMP\DPTF\esif_assist_64.exe[3000] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtClose] [181571f89e0] IAT C:\WINDOWS\TEMP\DPTF\esif_assist_64.exe[3000] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtCreateFile] [181571f8a4c] IAT C:\WINDOWS\TEMP\DPTF\esif_assist_64.exe[3000] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtQueryInformationFile] [181571f92c8] IAT C:\WINDOWS\TEMP\DPTF\esif_assist_64.exe[3000] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtQueryDirectoryFile] [181571f9124] IAT C:\WINDOWS\TEMP\DPTF\esif_assist_64.exe[3000] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtQueryVolumeInformationFile] [181571f93a8] IAT C:\WINDOWS\TEMP\DPTF\esif_assist_64.exe[3000] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtOpenFile] [181571f8f20] IAT C:\WINDOWS\TEMP\DPTF\esif_assist_64.exe[3000] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtSetInformationFile] [181571f9534] IAT C:\WINDOWS\TEMP\DPTF\esif_assist_64.exe[3000] @ C:\WINDOWS\System32\shcore.dll[ntdll.dll!NtCreateFile] [181571f8a4c] IAT C:\WINDOWS\TEMP\DPTF\esif_assist_64.exe[3000] @ C:\WINDOWS\SYSTEM32\WININET.dll[ntdll.dll!NtSetInformationFile] [181571f9534] IAT C:\WINDOWS\TEMP\DPTF\esif_assist_64.exe[3000] @ C:\WINDOWS\SYSTEM32\WININET.dll[ntdll.dll!NtClose] [181571f89e0] IAT C:\WINDOWS\TEMP\DPTF\esif_assist_64.exe[3000] @ C:\WINDOWS\SYSTEM32\WININET.dll[ntdll.dll!NtQueryVolumeInformationFile] [181571f93a8] IAT C:\WINDOWS\TEMP\DPTF\esif_assist_64.exe[3000] @ C:\WINDOWS\SYSTEM32\WININET.dll[ntdll.dll!NtCreateFile] [181571f8a4c] IAT C:\WINDOWS\TEMP\DPTF\esif_assist_64.exe[3000] @ C:\WINDOWS\System32\CRYPT32.dll[ntdll.dll!NtQueryInformationFile] [181571f92c8] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\Explorer.EXE[ntdll.dll!NtClose] [cf89e0] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtQueryVolumeInformationFile] [cf93a8] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtOpenFile] [cf8f20] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtClose] [cf89e0] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtQueryInformationFile] [cf92c8] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtSetInformationFile] [cf9534] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtCreateFile] [cf8a4c] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtLockFile] [cf8e2c] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtUnlockFile] [cf97f4] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtReadFile] [cf93f0] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtWriteFile] [cf98a0] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtQueryDirectoryFile] [cf9124] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtDeviceIoControlFile] [cf8ce4] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!ZwClose] [cf89e0] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!ZwCreateFile] [cf8a4c] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!ZwQueryInformationFile] [cf92c8] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtQueryInformationFile] [cf92c8] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtOpenFile] [cf8f20] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtSetInformationFile] [cf9534] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtQueryVolumeInformationFile] [cf93a8] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtCreateFile] [cf8a4c] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtQueryDirectoryFile] [cf9124] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!ZwClose] [cf89e0] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtDeviceIoControlFile] [cf8ce4] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtClose] [cf89e0] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtReadFile] [cf93f0] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtWriteFile] [cf98a0] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtLockFile] [cf8e2c] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtUnlockFile] [cf97f4] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\System32\RPCRT4.dll[ntdll.dll!NtQueryVolumeInformationFile] [cf93a8] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\System32\RPCRT4.dll[ntdll.dll!NtClose] [cf89e0] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\System32\RPCRT4.dll[ntdll.dll!NtWriteFile] [cf98a0] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\System32\RPCRT4.dll[ntdll.dll!NtReadFile] [cf93f0] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\System32\RPCRT4.dll[ntdll.dll!NtSetInformationFile] [cf9534] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\System32\bcryptPrimitives.dll[ntdll.dll!NtClose] [cf89e0] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\System32\bcryptPrimitives.dll[ntdll.dll!NtOpenFile] [cf8f20] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\System32\USER32.dll[ntdll.dll!NtClose] [cf89e0] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\System32\gdi32full.dll[ntdll.dll!NtQueryInformationFile] [cf92c8] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\System32\gdi32full.dll[ntdll.dll!NtOpenFile] [cf8f20] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\System32\gdi32full.dll[ntdll.dll!NtClose] [cf89e0] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\System32\SHCORE.dll[ntdll.dll!NtCreateFile] [cf8a4c] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\System32\SHLWAPI.dll[ntdll.dll!NtClose] [cf89e0] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\System32\SHELL32.dll[ntdll.dll!NtQueryVolumeInformationFile] [cf93a8] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\System32\SHELL32.dll[ntdll.dll!NtOpenFile] [cf8f20] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\System32\SHELL32.dll[ntdll.dll!NtSetInformationFile] [cf9534] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\System32\SHELL32.dll[ntdll.dll!NtClose] [cf89e0] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\System32\SHELL32.dll[ntdll.dll!NtCreateFile] [cf8a4c] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\System32\SHELL32.dll[ntdll.dll!NtQueryInformationFile] [cf92c8] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\System32\cfgmgr32.dll[ntdll.dll!NtCreateFile] [cf8a4c] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtClose] [cf89e0] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtCreateFile] [cf8a4c] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtQueryInformationFile] [cf92c8] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtQueryDirectoryFile] [cf9124] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtQueryVolumeInformationFile] [cf93a8] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtOpenFile] [cf8f20] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtSetInformationFile] [cf9534] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\System32\powrprof.dll[ntdll.dll!ZwClose] [cf89e0] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\System32\powrprof.dll[ntdll.dll!NtCreateFile] [cf8a4c] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\System32\powrprof.dll[ntdll.dll!NtQueryVolumeInformationFile] [cf93a8] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\System32\powrprof.dll[ntdll.dll!NtClose] [cf89e0] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\System32\advapi32.dll[ntdll.dll!NtClose] [cf89e0] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\System32\advapi32.dll[ntdll.dll!NtOpenFile] [cf8f20] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\System32\advapi32.dll[ntdll.dll!NtDeviceIoControlFile] [cf8ce4] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\System32\advapi32.dll[ntdll.dll!NtQueryVolumeInformationFile] [cf93a8] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\System32\advapi32.dll[ntdll.dll!NtQueryInformationFile] [cf92c8] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\System32\advapi32.dll[ntdll.dll!NtCreateFile] [cf8a4c] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\System32\advapi32.dll[ntdll.dll!NtWriteFile] [cf98a0] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\System32\advapi32.dll[ntdll.dll!NtReadFile] [cf93f0] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\System32\sechost.dll[ntdll.dll!NtClose] [cf89e0] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\System32\sechost.dll[ntdll.dll!NtQueryInformationFile] [cf92c8] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\System32\kernel.appcore.dll[ntdll.dll!NtClose] [cf89e0] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\System32\CRYPT32.dll[ntdll.dll!NtQueryInformationFile] [cf92c8] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\SYSTEM32\UxTheme.dll[ntdll.dll!NtClose] [cf89e0] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\SYSTEM32\twinapi.appcore.dll[ntdll.dll!NtClose] [cf89e0] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\SYSTEM32\bcrypt.dll[ntdll.dll!NtClose] [cf89e0] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\SYSTEM32\bcrypt.dll[ntdll.dll!NtDeviceIoControlFile] [cf8ce4] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\SYSTEM32\bcrypt.dll[ntdll.dll!NtOpenFile] [cf8f20] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\SYSTEM32\cryptsp.dll[ntdll.dll!NtClose] [cf89e0] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\System32\MSCTF.dll[ntdll.dll!NtWriteFile] [cf98a0] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\System32\MSCTF.dll[ntdll.dll!NtCreateFile] [cf8a4c] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\System32\MSCTF.dll[ntdll.dll!NtClose] [cf89e0] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\System32\ole32.dll[ntdll.dll!ZwClose] [cf89e0] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\System32\ole32.dll[ntdll.dll!NtSetInformationFile] [cf9534] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\Windows\System32\CoreMessaging.dll[ntdll.dll!NtClose] [cf89e0] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\Windows\System32\TOKENBINDING.dll[ntdll.dll!NtCreateFile] [cf8a4c] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\Windows\System32\TOKENBINDING.dll[ntdll.dll!NtClose] [cf89e0] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\SYSTEM32\ntmarta.dll[ntdll.dll!NtQueryVolumeInformationFile] [cf93a8] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\SYSTEM32\ntmarta.dll[ntdll.dll!NtQueryDirectoryFile] [cf9124] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\SYSTEM32\ntmarta.dll[ntdll.dll!NtClose] [cf89e0] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\SYSTEM32\ntmarta.dll[ntdll.dll!NtCreateFile] [cf8a4c] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\SYSTEM32\ntmarta.dll[ntdll.dll!NtOpenFile] [cf8f20] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\SYSTEM32\ntmarta.dll[ntdll.dll!NtQueryInformationFile] [cf92c8] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\System32\coml2.dll[ntdll.dll!NtQueryInformationFile] [cf92c8] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\System32\coml2.dll[ntdll.dll!NtClose] [cf89e0] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\System32\coml2.dll[ntdll.dll!NtCreateFile] [cf8a4c] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\System32\coml2.dll[ntdll.dll!NtSetInformationFile] [cf9534] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\System32\coml2.dll[ntdll.dll!NtQueryVolumeInformationFile] [cf93a8] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\Windows\System32\TwinUI.dll[ntdll.dll!NtClose] [cf89e0] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\Windows\System32\TwinUI.dll[ntdll.dll!ZwClose] [cf89e0] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\Windows\System32\thumbcache.dll[ntdll.dll!NtQueryInformationFile] [cf92c8] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\SYSTEM32\apphelp.dll[ntdll.dll!NtCreateFile] [cf8a4c] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\SYSTEM32\apphelp.dll[ntdll.dll!NtReadFile] [cf93f0] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\SYSTEM32\apphelp.dll[ntdll.dll!NtWriteFile] [cf98a0] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\SYSTEM32\apphelp.dll[ntdll.dll!NtQueryInformationFile] [cf92c8] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\SYSTEM32\apphelp.dll[ntdll.dll!NtOpenFile] [cf8f20] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\SYSTEM32\apphelp.dll[ntdll.dll!ZwQueryInformationFile] [cf92c8] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\SYSTEM32\apphelp.dll[ntdll.dll!ZwCreateFile] [cf8a4c] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\SYSTEM32\apphelp.dll[ntdll.dll!ZwClose] [cf89e0] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\SYSTEM32\apphelp.dll[ntdll.dll!NtClose] [cf89e0] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\SYSTEM32\ntshrui.dll[ntdll.dll!NtOpenFile] [cf8f20] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\SYSTEM32\cscapi.dll[ntdll.dll!NtClose] [cf89e0] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\SYSTEM32\cscapi.dll[ntdll.dll!NtCreateFile] [cf8a4c] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\SYSTEM32\cscapi.dll[ntdll.dll!NtQueryDirectoryFile] [cf9124] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\System32\wpncore.dll[ntdll.dll!ZwClose] [cf89e0] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\System32\cdp.dll[ntdll.dll!ZwClose] [cf89e0] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\System32\WS2_32.dll[ntdll.dll!NtCreateFile] [cf8a4c] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\System32\WS2_32.dll[ntdll.dll!NtClose] [cf89e0] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\System32\WS2_32.dll[ntdll.dll!NtDeviceIoControlFile] [cf8ce4] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\System32\WS2_32.dll[ntdll.dll!NtQueryDirectoryFile] [cf9124] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\System32\WS2_32.dll[ntdll.dll!NtOpenFile] [cf8f20] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\System32\CRYPTBASE.dll[ntdll.dll!NtDeviceIoControlFile] [cf8ce4] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\System32\CRYPTBASE.dll[ntdll.dll!NtOpenFile] [cf8f20] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\System32\CRYPTBASE.dll[ntdll.dll!NtClose] [cf89e0] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\System32\wpnprv.dll[ntdll.dll!ZwClose] [cf89e0] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\SYSTEM32\WINMM.dll[ntdll.dll!NtClose] [cf89e0] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\SYSTEM32\Secur32.dll[ntdll.dll!NtClose] [cf89e0] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\System32\NSI.dll[ntdll.dll!NtDeviceIoControlFile] [cf8ce4] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\SYSTEM32\WININET.dll[ntdll.dll!NtSetInformationFile] [cf9534] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\SYSTEM32\WININET.dll[ntdll.dll!NtClose] [cf89e0] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\SYSTEM32\WININET.dll[ntdll.dll!NtQueryVolumeInformationFile] [cf93a8] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\SYSTEM32\WININET.dll[ntdll.dll!NtCreateFile] [cf8a4c] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\System32\provsvc.dll[ntdll.dll!NtClose] [cf89e0] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\System32\webio.dll[ntdll.dll!NtSetInformationFile] [cf9534] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\system32\mswsock.dll[ntdll.dll!NtQueryInformationFile] [cf92c8] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\system32\mswsock.dll[ntdll.dll!NtDeviceIoControlFile] [cf8ce4] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\system32\mswsock.dll[ntdll.dll!NtClose] [cf89e0] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\system32\mswsock.dll[ntdll.dll!NtSetInformationFile] [cf9534] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\system32\mswsock.dll[ntdll.dll!NtCreateFile] [cf8a4c] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\system32\mswsock.dll[ntdll.dll!NtReadFile] [cf93f0] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\system32\schannel.DLL[ntdll.dll!NtClose] [cf89e0] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\system32\ncryptsslp.dll[ntdll.dll!NtClose] [cf89e0] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\System32\SETUPAPI.dll[ntdll.dll!NtQueryInformationFile] [cf92c8] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\System32\SETUPAPI.dll[ntdll.dll!NtSetInformationFile] [cf9534] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\System32\SETUPAPI.dll[ntdll.dll!NtClose] [cf89e0] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\system32\rsaenh.dll[ntdll.dll!NtClose] [cf89e0] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\system32\rsaenh.dll[ntdll.dll!NtCreateFile] [cf8a4c] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\SYSTEM32\MFPlat.DLL[ntdll.dll!NtQueryVolumeInformationFile] [cf93a8] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\SYSTEM32\MFPlat.DLL[ntdll.dll!NtQueryInformationFile] [cf92c8] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\SYSTEM32\resourcepolicyclient.dll[ntdll.dll!NtClose] [cf89e0] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\system32\stobject.dll[ntdll.dll!NtClose] [cf89e0] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\system32\WMICLNT.dll[ntdll.dll!NtCreateFile] [cf8a4c] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\system32\WMICLNT.dll[ntdll.dll!NtDeviceIoControlFile] [cf8ce4] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\system32\WMICLNT.dll[ntdll.dll!NtClose] [cf89e0] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\SYSTEM32\atlthunk.dll[ntdll.dll!NtClose] [cf89e0] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\SYSTEM32\DWrite.dll[ntdll.dll!NtClose] [cf89e0] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\SYSTEM32\pcacli.dll[ntdll.dll!ZwClose] [cf89e0] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\System32\sfc_os.dll[ntdll.dll!NtClose] [cf89e0] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\System32\sfc_os.dll[ntdll.dll!NtQueryInformationFile] [cf92c8] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\System32\sfc_os.dll[ntdll.dll!ZwQueryInformationFile] [cf92c8] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\System32\sfc_os.dll[ntdll.dll!NtReadFile] [cf93f0] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\System32\sfc_os.dll[ntdll.dll!NtOpenFile] [cf8f20] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\System32\sfc_os.dll[ntdll.dll!NtQueryDirectoryFile] [cf9124] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\System32\sfc_os.dll[ntdll.dll!ZwClose] [cf89e0] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\System32\DEVRTL.dll[ntdll.dll!NtClose] [cf89e0] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\System32\DEVRTL.dll[ntdll.dll!NtSetInformationFile] [cf9534] IAT C:\WINDOWS\Explorer.EXE[3312] @ C:\WINDOWS\System32\DEVRTL.dll[ntdll.dll!NtQueryInformationFile] [cf92c8] IAT C:\Windows\System32\RuntimeBroker.exe[3884] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtQueryVolumeInformationFile] [27663c493a8] IAT C:\Windows\System32\RuntimeBroker.exe[3884] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtOpenFile] [27663c48f20] IAT C:\Windows\System32\RuntimeBroker.exe[3884] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtClose] [27663c489e0] IAT C:\Windows\System32\RuntimeBroker.exe[3884] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtQueryInformationFile] [27663c492c8] IAT C:\Windows\System32\RuntimeBroker.exe[3884] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtSetInformationFile] [27663c49534] IAT C:\Windows\System32\RuntimeBroker.exe[3884] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtCreateFile] [27663c48a4c] IAT C:\Windows\System32\RuntimeBroker.exe[3884] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtLockFile] [27663c48e2c] IAT C:\Windows\System32\RuntimeBroker.exe[3884] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtUnlockFile] [27663c497f4] IAT C:\Windows\System32\RuntimeBroker.exe[3884] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtReadFile] [27663c493f0] IAT C:\Windows\System32\RuntimeBroker.exe[3884] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtWriteFile] [27663c498a0] IAT C:\Windows\System32\RuntimeBroker.exe[3884] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtQueryDirectoryFile] [27663c49124] IAT C:\Windows\System32\RuntimeBroker.exe[3884] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtDeviceIoControlFile] [27663c48ce4] IAT C:\Windows\System32\RuntimeBroker.exe[3884] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!ZwClose] [27663c489e0] IAT C:\Windows\System32\RuntimeBroker.exe[3884] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!ZwCreateFile] [27663c48a4c] IAT C:\Windows\System32\RuntimeBroker.exe[3884] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!ZwQueryInformationFile] [27663c492c8] IAT C:\Windows\System32\RuntimeBroker.exe[3884] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtQueryInformationFile] [27663c492c8] IAT C:\Windows\System32\RuntimeBroker.exe[3884] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtOpenFile] [27663c48f20] IAT C:\Windows\System32\RuntimeBroker.exe[3884] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtSetInformationFile] [27663c49534] IAT C:\Windows\System32\RuntimeBroker.exe[3884] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtQueryVolumeInformationFile] [27663c493a8] IAT C:\Windows\System32\RuntimeBroker.exe[3884] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtCreateFile] [27663c48a4c] IAT C:\Windows\System32\RuntimeBroker.exe[3884] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtQueryDirectoryFile] [27663c49124] IAT C:\Windows\System32\RuntimeBroker.exe[3884] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!ZwClose] [27663c489e0] IAT C:\Windows\System32\RuntimeBroker.exe[3884] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtDeviceIoControlFile] [27663c48ce4] IAT C:\Windows\System32\RuntimeBroker.exe[3884] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtClose] [27663c489e0] IAT C:\Windows\System32\RuntimeBroker.exe[3884] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtReadFile] [27663c493f0] IAT C:\Windows\System32\RuntimeBroker.exe[3884] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtWriteFile] [27663c498a0] IAT C:\Windows\System32\RuntimeBroker.exe[3884] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtLockFile] [27663c48e2c] IAT C:\Windows\System32\RuntimeBroker.exe[3884] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtUnlockFile] [27663c497f4] IAT C:\Windows\System32\RuntimeBroker.exe[3884] @ C:\WINDOWS\System32\RPCRT4.dll[ntdll.dll!NtQueryVolumeInformationFile] [27663c493a8] IAT C:\Windows\System32\RuntimeBroker.exe[3884] @ C:\WINDOWS\System32\RPCRT4.dll[ntdll.dll!NtClose] [27663c489e0] IAT C:\Windows\System32\RuntimeBroker.exe[3884] @ C:\WINDOWS\System32\RPCRT4.dll[ntdll.dll!NtWriteFile] [27663c498a0] IAT C:\Windows\System32\RuntimeBroker.exe[3884] @ C:\WINDOWS\System32\RPCRT4.dll[ntdll.dll!NtReadFile] [27663c493f0] IAT C:\Windows\System32\RuntimeBroker.exe[3884] @ C:\WINDOWS\System32\RPCRT4.dll[ntdll.dll!NtSetInformationFile] [27663c49534] IAT C:\Windows\System32\RuntimeBroker.exe[3884] @ C:\WINDOWS\System32\bcryptPrimitives.dll[ntdll.dll!NtClose] [27663c489e0] IAT C:\Windows\System32\RuntimeBroker.exe[3884] @ C:\WINDOWS\System32\bcryptPrimitives.dll[ntdll.dll!NtOpenFile] [27663c48f20] IAT C:\Windows\System32\RuntimeBroker.exe[3884] @ C:\WINDOWS\System32\powrprof.dll[ntdll.dll!ZwClose] [27663c489e0] IAT C:\Windows\System32\RuntimeBroker.exe[3884] @ C:\WINDOWS\System32\powrprof.dll[ntdll.dll!NtCreateFile] [27663c48a4c] IAT C:\Windows\System32\RuntimeBroker.exe[3884] @ C:\WINDOWS\System32\powrprof.dll[ntdll.dll!NtQueryVolumeInformationFile] [27663c493a8] IAT C:\Windows\System32\RuntimeBroker.exe[3884] @ C:\WINDOWS\System32\powrprof.dll[ntdll.dll!NtClose] [27663c489e0] IAT C:\Windows\System32\RuntimeBroker.exe[3884] @ C:\WINDOWS\System32\kernel.appcore.dll[ntdll.dll!NtClose] [27663c489e0] IAT C:\Windows\System32\RuntimeBroker.exe[3884] @ C:\WINDOWS\System32\ole32.dll[ntdll.dll!ZwClose] [27663c489e0] IAT C:\Windows\System32\RuntimeBroker.exe[3884] @ C:\WINDOWS\System32\ole32.dll[ntdll.dll!NtSetInformationFile] [27663c49534] IAT C:\Windows\System32\RuntimeBroker.exe[3884] @ C:\WINDOWS\System32\sechost.dll[ntdll.dll!NtClose] [27663c489e0] IAT C:\Windows\System32\RuntimeBroker.exe[3884] @ C:\WINDOWS\System32\sechost.dll[ntdll.dll!NtQueryInformationFile] [27663c492c8] IAT C:\Windows\System32\RuntimeBroker.exe[3884] @ C:\WINDOWS\System32\gdi32full.dll[ntdll.dll!NtQueryInformationFile] [27663c492c8] IAT C:\Windows\System32\RuntimeBroker.exe[3884] @ C:\WINDOWS\System32\gdi32full.dll[ntdll.dll!NtOpenFile] [27663c48f20] IAT C:\Windows\System32\RuntimeBroker.exe[3884] @ C:\WINDOWS\System32\gdi32full.dll[ntdll.dll!NtClose] [27663c489e0] IAT C:\Windows\System32\RuntimeBroker.exe[3884] @ C:\WINDOWS\System32\USER32.dll[ntdll.dll!NtClose] [27663c489e0] IAT C:\Windows\System32\RuntimeBroker.exe[3884] @ C:\WINDOWS\System32\shcore.dll[ntdll.dll!NtCreateFile] [27663c48a4c] IAT C:\Windows\System32\RuntimeBroker.exe[3884] @ C:\Windows\System32\bcrypt.dll[ntdll.dll!NtClose] [27663c489e0] IAT C:\Windows\System32\RuntimeBroker.exe[3884] @ C:\Windows\System32\bcrypt.dll[ntdll.dll!NtDeviceIoControlFile] [27663c48ce4] IAT C:\Windows\System32\RuntimeBroker.exe[3884] @ C:\Windows\System32\bcrypt.dll[ntdll.dll!NtOpenFile] [27663c48f20] IAT C:\Windows\System32\RuntimeBroker.exe[3884] @ C:\WINDOWS\System32\shlwapi.dll[ntdll.dll!NtClose] [27663c489e0] IAT C:\Windows\System32\RuntimeBroker.exe[3884] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtClose] [27663c489e0] IAT C:\Windows\System32\RuntimeBroker.exe[3884] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtCreateFile] [27663c48a4c] IAT C:\Windows\System32\RuntimeBroker.exe[3884] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtQueryInformationFile] [27663c492c8] IAT C:\Windows\System32\RuntimeBroker.exe[3884] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtQueryDirectoryFile] [27663c49124] IAT C:\Windows\System32\RuntimeBroker.exe[3884] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtQueryVolumeInformationFile] [27663c493a8] IAT C:\Windows\System32\RuntimeBroker.exe[3884] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtOpenFile] [27663c48f20] IAT C:\Windows\System32\RuntimeBroker.exe[3884] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtSetInformationFile] [27663c49534] IAT C:\Windows\System32\RuntimeBroker.exe[3884] @ C:\WINDOWS\system32\uxtheme.dll[ntdll.dll!NtClose] [27663c489e0] IAT C:\Windows\System32\RuntimeBroker.exe[3884] @ C:\WINDOWS\System32\SHELL32.dll[ntdll.dll!NtQueryVolumeInformationFile] [27663c493a8] IAT C:\Windows\System32\RuntimeBroker.exe[3884] @ C:\WINDOWS\System32\SHELL32.dll[ntdll.dll!NtOpenFile] [27663c48f20] IAT C:\Windows\System32\RuntimeBroker.exe[3884] @ C:\WINDOWS\System32\SHELL32.dll[ntdll.dll!NtSetInformationFile] [27663c49534] IAT C:\Windows\System32\RuntimeBroker.exe[3884] @ C:\WINDOWS\System32\SHELL32.dll[ntdll.dll!NtClose] [27663c489e0] IAT C:\Windows\System32\RuntimeBroker.exe[3884] @ C:\WINDOWS\System32\SHELL32.dll[ntdll.dll!NtCreateFile] [27663c48a4c] IAT C:\Windows\System32\RuntimeBroker.exe[3884] @ C:\WINDOWS\System32\SHELL32.dll[ntdll.dll!NtQueryInformationFile] [27663c492c8] IAT C:\Windows\System32\RuntimeBroker.exe[3884] @ C:\WINDOWS\System32\cfgmgr32.dll[ntdll.dll!NtCreateFile] [27663c48a4c] IAT C:\Windows\System32\RuntimeBroker.exe[3884] @ C:\WINDOWS\system32\windows.cortana.onecore.dll[ntdll.dll!ZwClose] [27663c489e0] IAT C:\Windows\System32\RuntimeBroker.exe[3884] @ C:\WINDOWS\System32\coml2.dll[ntdll.dll!NtQueryInformationFile] [27663c492c8] IAT C:\Windows\System32\RuntimeBroker.exe[3884] @ C:\WINDOWS\System32\coml2.dll[ntdll.dll!NtClose] [27663c489e0] IAT C:\Windows\System32\RuntimeBroker.exe[3884] @ C:\WINDOWS\System32\coml2.dll[ntdll.dll!NtCreateFile] [27663c48a4c] IAT C:\Windows\System32\RuntimeBroker.exe[3884] @ C:\WINDOWS\System32\coml2.dll[ntdll.dll!NtSetInformationFile] [27663c49534] IAT C:\Windows\System32\RuntimeBroker.exe[3884] @ C:\WINDOWS\System32\coml2.dll[ntdll.dll!NtQueryVolumeInformationFile] [27663c493a8] IAT C:\Windows\System32\RuntimeBroker.exe[3884] @ C:\WINDOWS\System32\ntshrui.dll[ntdll.dll!NtOpenFile] [27663c48f20] IAT C:\Windows\System32\RuntimeBroker.exe[3884] @ C:\WINDOWS\SYSTEM32\ntmarta.dll[ntdll.dll!NtQueryVolumeInformationFile] [27663c493a8] IAT C:\Windows\System32\RuntimeBroker.exe[3884] @ C:\WINDOWS\SYSTEM32\ntmarta.dll[ntdll.dll!NtQueryDirectoryFile] [27663c49124] IAT C:\Windows\System32\RuntimeBroker.exe[3884] @ C:\WINDOWS\SYSTEM32\ntmarta.dll[ntdll.dll!NtClose] [27663c489e0] IAT C:\Windows\System32\RuntimeBroker.exe[3884] @ C:\WINDOWS\SYSTEM32\ntmarta.dll[ntdll.dll!NtCreateFile] [27663c48a4c] IAT C:\Windows\System32\RuntimeBroker.exe[3884] @ C:\WINDOWS\SYSTEM32\ntmarta.dll[ntdll.dll!NtOpenFile] [27663c48f20] IAT C:\Windows\System32\RuntimeBroker.exe[3884] @ C:\WINDOWS\SYSTEM32\ntmarta.dll[ntdll.dll!NtQueryInformationFile] [27663c492c8] IAT C:\Windows\System32\RuntimeBroker.exe[3884] @ C:\Windows\System32\thumbcache.dll[ntdll.dll!NtQueryInformationFile] [27663c492c8] IAT C:\Windows\System32\RuntimeBroker.exe[3884] @ C:\Windows\System32\WININET.dll[ntdll.dll!NtSetInformationFile] [27663c49534] IAT C:\Windows\System32\RuntimeBroker.exe[3884] @ C:\Windows\System32\WININET.dll[ntdll.dll!NtClose] [27663c489e0] IAT C:\Windows\System32\RuntimeBroker.exe[3884] @ C:\Windows\System32\WININET.dll[ntdll.dll!NtQueryVolumeInformationFile] [27663c493a8] IAT C:\Windows\System32\RuntimeBroker.exe[3884] @ C:\Windows\System32\WININET.dll[ntdll.dll!NtCreateFile] [27663c48a4c] IAT C:\Windows\System32\RuntimeBroker.exe[3884] @ C:\WINDOWS\System32\WS2_32.dll[ntdll.dll!NtCreateFile] [27663c48a4c] IAT C:\Windows\System32\RuntimeBroker.exe[3884] @ C:\WINDOWS\System32\WS2_32.dll[ntdll.dll!NtClose] [27663c489e0] IAT C:\Windows\System32\RuntimeBroker.exe[3884] @ C:\WINDOWS\System32\WS2_32.dll[ntdll.dll!NtDeviceIoControlFile] [27663c48ce4] IAT C:\Windows\System32\RuntimeBroker.exe[3884] @ C:\WINDOWS\System32\WS2_32.dll[ntdll.dll!NtQueryDirectoryFile] [27663c49124] IAT C:\Windows\System32\RuntimeBroker.exe[3884] @ C:\WINDOWS\System32\WS2_32.dll[ntdll.dll!NtOpenFile] [27663c48f20] IAT C:\Windows\System32\RuntimeBroker.exe[3884] @ C:\WINDOWS\System32\CRYPT32.dll[ntdll.dll!NtQueryInformationFile] [27663c492c8] IAT C:\WINDOWS\system32\igfxEM.exe[4016] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtQueryVolumeInformationFile] [2646d7f93a8] IAT C:\WINDOWS\system32\igfxEM.exe[4016] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtOpenFile] [2646d7f8f20] IAT C:\WINDOWS\system32\igfxEM.exe[4016] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtClose] [2646d7f89e0] IAT C:\WINDOWS\system32\igfxEM.exe[4016] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtQueryInformationFile] [2646d7f92c8] IAT C:\WINDOWS\system32\igfxEM.exe[4016] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtSetInformationFile] [2646d7f9534] IAT C:\WINDOWS\system32\igfxEM.exe[4016] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtCreateFile] [2646d7f8a4c] IAT C:\WINDOWS\system32\igfxEM.exe[4016] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtLockFile] [2646d7f8e2c] IAT C:\WINDOWS\system32\igfxEM.exe[4016] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtUnlockFile] [2646d7f97f4] IAT C:\WINDOWS\system32\igfxEM.exe[4016] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtReadFile] [2646d7f93f0] IAT C:\WINDOWS\system32\igfxEM.exe[4016] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtWriteFile] [2646d7f98a0] IAT C:\WINDOWS\system32\igfxEM.exe[4016] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtQueryDirectoryFile] [2646d7f9124] IAT C:\WINDOWS\system32\igfxEM.exe[4016] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtDeviceIoControlFile] [2646d7f8ce4] IAT C:\WINDOWS\system32\igfxEM.exe[4016] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!ZwClose] [2646d7f89e0] IAT C:\WINDOWS\system32\igfxEM.exe[4016] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!ZwCreateFile] [2646d7f8a4c] IAT C:\WINDOWS\system32\igfxEM.exe[4016] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!ZwQueryInformationFile] [2646d7f92c8] IAT C:\WINDOWS\system32\igfxEM.exe[4016] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtQueryInformationFile] [2646d7f92c8] IAT C:\WINDOWS\system32\igfxEM.exe[4016] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtOpenFile] [2646d7f8f20] IAT C:\WINDOWS\system32\igfxEM.exe[4016] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtSetInformationFile] [2646d7f9534] IAT C:\WINDOWS\system32\igfxEM.exe[4016] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtQueryVolumeInformationFile] [2646d7f93a8] IAT C:\WINDOWS\system32\igfxEM.exe[4016] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtCreateFile] [2646d7f8a4c] IAT C:\WINDOWS\system32\igfxEM.exe[4016] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtQueryDirectoryFile] [2646d7f9124] IAT C:\WINDOWS\system32\igfxEM.exe[4016] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!ZwClose] [2646d7f89e0] IAT C:\WINDOWS\system32\igfxEM.exe[4016] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtDeviceIoControlFile] [2646d7f8ce4] IAT C:\WINDOWS\system32\igfxEM.exe[4016] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtClose] [2646d7f89e0] IAT C:\WINDOWS\system32\igfxEM.exe[4016] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtReadFile] [2646d7f93f0] IAT C:\WINDOWS\system32\igfxEM.exe[4016] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtWriteFile] [2646d7f98a0] IAT C:\WINDOWS\system32\igfxEM.exe[4016] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtLockFile] [2646d7f8e2c] IAT C:\WINDOWS\system32\igfxEM.exe[4016] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtUnlockFile] [2646d7f97f4] IAT C:\WINDOWS\system32\igfxEM.exe[4016] @ C:\WINDOWS\System32\USER32.dll[ntdll.dll!NtClose] [2646d7f89e0] IAT C:\WINDOWS\system32\igfxEM.exe[4016] @ C:\WINDOWS\System32\gdi32full.dll[ntdll.dll!NtQueryInformationFile] [2646d7f92c8] IAT C:\WINDOWS\system32\igfxEM.exe[4016] @ C:\WINDOWS\System32\gdi32full.dll[ntdll.dll!NtOpenFile] [2646d7f8f20] IAT C:\WINDOWS\system32\igfxEM.exe[4016] @ C:\WINDOWS\System32\gdi32full.dll[ntdll.dll!NtClose] [2646d7f89e0] IAT C:\WINDOWS\system32\igfxEM.exe[4016] @ C:\WINDOWS\System32\ADVAPI32.dll[ntdll.dll!NtClose] [2646d7f89e0] IAT C:\WINDOWS\system32\igfxEM.exe[4016] @ C:\WINDOWS\System32\ADVAPI32.dll[ntdll.dll!NtOpenFile] [2646d7f8f20] IAT C:\WINDOWS\system32\igfxEM.exe[4016] @ C:\WINDOWS\System32\ADVAPI32.dll[ntdll.dll!NtDeviceIoControlFile] [2646d7f8ce4] IAT C:\WINDOWS\system32\igfxEM.exe[4016] @ C:\WINDOWS\System32\ADVAPI32.dll[ntdll.dll!NtQueryVolumeInformationFile] [2646d7f93a8] IAT C:\WINDOWS\system32\igfxEM.exe[4016] @ C:\WINDOWS\System32\ADVAPI32.dll[ntdll.dll!NtQueryInformationFile] [2646d7f92c8] IAT C:\WINDOWS\system32\igfxEM.exe[4016] @ C:\WINDOWS\System32\RPCRT4.dll[ntdll.dll!NtQueryVolumeInformationFile] [2646d7f93a8] IAT C:\WINDOWS\system32\igfxEM.exe[4016] @ C:\WINDOWS\System32\RPCRT4.dll[ntdll.dll!NtClose] [2646d7f89e0] IAT C:\WINDOWS\system32\igfxEM.exe[4016] @ C:\WINDOWS\System32\RPCRT4.dll[ntdll.dll!NtWriteFile] [2646d7f98a0] IAT C:\WINDOWS\system32\igfxEM.exe[4016] @ C:\WINDOWS\System32\RPCRT4.dll[ntdll.dll!NtReadFile] [2646d7f93f0] IAT C:\WINDOWS\system32\igfxEM.exe[4016] @ C:\WINDOWS\System32\RPCRT4.dll[ntdll.dll!NtSetInformationFile] [2646d7f9534] IAT C:\WINDOWS\system32\igfxEM.exe[4016] @ C:\WINDOWS\System32\ole32.dll[ntdll.dll!ZwClose] [2646d7f89e0] IAT C:\WINDOWS\system32\igfxEM.exe[4016] @ C:\WINDOWS\System32\ole32.dll[ntdll.dll!NtSetInformationFile] [2646d7f9534] IAT C:\WINDOWS\system32\igfxEM.exe[4016] @ C:\WINDOWS\System32\bcryptPrimitives.dll[ntdll.dll!NtClose] [2646d7f89e0] IAT C:\WINDOWS\system32\igfxEM.exe[4016] @ C:\WINDOWS\System32\bcryptPrimitives.dll[ntdll.dll!NtOpenFile] [2646d7f8f20] IAT C:\WINDOWS\system32\igfxEM.exe[4016] @ C:\WINDOWS\System32\cfgmgr32.dll[ntdll.dll!NtCreateFile] [2646d7f8a4c] IAT C:\WINDOWS\system32\igfxEM.exe[4016] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtClose] [2646d7f89e0] IAT C:\WINDOWS\system32\igfxEM.exe[4016] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtCreateFile] [2646d7f8a4c] IAT C:\WINDOWS\system32\igfxEM.exe[4016] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtQueryInformationFile] [2646d7f92c8] IAT C:\WINDOWS\system32\igfxEM.exe[4016] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtQueryDirectoryFile] [2646d7f9124] IAT C:\WINDOWS\system32\igfxEM.exe[4016] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtQueryVolumeInformationFile] [2646d7f93a8] IAT C:\WINDOWS\system32\igfxEM.exe[4016] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtOpenFile] [2646d7f8f20] IAT C:\WINDOWS\system32\igfxEM.exe[4016] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtSetInformationFile] [2646d7f9534] IAT C:\WINDOWS\system32\igfxEM.exe[4016] @ C:\WINDOWS\System32\shlwapi.dll[ntdll.dll!NtClose] [2646d7f89e0] IAT C:\WINDOWS\system32\igfxEM.exe[4016] @ C:\WINDOWS\System32\shcore.dll[ntdll.dll!NtCreateFile] [2646d7f8a4c] IAT C:\WINDOWS\system32\igfxEM.exe[4016] @ C:\WINDOWS\system32\uxtheme.dll[ntdll.dll!NtClose] [2646d7f89e0] IAT C:\WINDOWS\system32\igfxEM.exe[4016] @ C:\WINDOWS\system32\bcrypt.dll[ntdll.dll!NtClose] [2646d7f89e0] IAT C:\WINDOWS\system32\igfxEM.exe[4016] @ C:\WINDOWS\system32\bcrypt.dll[ntdll.dll!NtDeviceIoControlFile] [2646d7f8ce4] IAT C:\WINDOWS\system32\igfxEM.exe[4016] @ C:\WINDOWS\system32\bcrypt.dll[ntdll.dll!NtOpenFile] [2646d7f8f20] IAT C:\WINDOWS\system32\igfxEM.exe[4016] @ C:\WINDOWS\System32\MSCTF.dll[ntdll.dll!NtWriteFile] [2646d7f98a0] IAT C:\WINDOWS\system32\igfxEM.exe[4016] @ C:\WINDOWS\System32\MSCTF.dll[ntdll.dll!NtCreateFile] [2646d7f8a4c] IAT C:\WINDOWS\system32\igfxEM.exe[4016] @ C:\WINDOWS\System32\MSCTF.dll[ntdll.dll!NtClose] [2646d7f89e0] IAT C:\WINDOWS\system32\igfxEM.exe[4016] @ C:\WINDOWS\System32\SETUPAPI.dll[ntdll.dll!NtQueryInformationFile] [2646d7f92c8] IAT C:\WINDOWS\system32\igfxEM.exe[4016] @ C:\WINDOWS\System32\SETUPAPI.dll[ntdll.dll!NtSetInformationFile] [2646d7f9534] IAT C:\WINDOWS\system32\igfxEM.exe[4016] @ C:\WINDOWS\System32\SETUPAPI.dll[ntdll.dll!NtClose] [2646d7f89e0] IAT C:\WINDOWS\system32\igfxEM.exe[4016] @ C:\WINDOWS\System32\CRYPT32.dll[ntdll.dll!NtQueryInformationFile] [2646d7f92c8] IAT C:\WINDOWS\system32\igfxEM.exe[4016] @ C:\WINDOWS\system32\WININET.dll[ntdll.dll!NtSetInformationFile] [2646d7f9534] IAT C:\WINDOWS\system32\igfxEM.exe[4016] @ C:\WINDOWS\system32\WININET.dll[ntdll.dll!NtClose] [2646d7f89e0] IAT C:\WINDOWS\system32\igfxEM.exe[4016] @ C:\WINDOWS\system32\WININET.dll[ntdll.dll!NtQueryVolumeInformationFile] [2646d7f93a8] IAT C:\WINDOWS\system32\igfxEM.exe[4016] @ C:\WINDOWS\system32\WININET.dll[ntdll.dll!NtCreateFile] [2646d7f8a4c] IAT C:\WINDOWS\system32\igfxHK.exe[4080] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtQueryVolumeInformationFile] [282924193a8] IAT C:\WINDOWS\system32\igfxHK.exe[4080] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtOpenFile] [28292418f20] IAT C:\WINDOWS\system32\igfxHK.exe[4080] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtClose] [282924189e0] IAT C:\WINDOWS\system32\igfxHK.exe[4080] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtQueryInformationFile] [282924192c8] IAT C:\WINDOWS\system32\igfxHK.exe[4080] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtSetInformationFile] [28292419534] IAT C:\WINDOWS\system32\igfxHK.exe[4080] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtQueryInformationFile] [282924192c8] IAT C:\WINDOWS\system32\igfxHK.exe[4080] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtOpenFile] [28292418f20] IAT C:\WINDOWS\system32\igfxHK.exe[4080] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtSetInformationFile] [28292419534] IAT C:\WINDOWS\system32\igfxHK.exe[4080] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtQueryVolumeInformationFile] [282924193a8] IAT C:\WINDOWS\system32\igfxHK.exe[4080] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtCreateFile] [28292418a4c] IAT C:\WINDOWS\system32\igfxHK.exe[4080] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtQueryDirectoryFile] [28292419124] IAT C:\WINDOWS\system32\igfxHK.exe[4080] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!ZwClose] [282924189e0] IAT C:\WINDOWS\system32\igfxHK.exe[4080] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtDeviceIoControlFile] [28292418ce4] IAT C:\WINDOWS\system32\igfxHK.exe[4080] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtClose] [282924189e0] IAT C:\WINDOWS\system32\igfxHK.exe[4080] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtReadFile] [282924193f0] IAT C:\WINDOWS\system32\igfxHK.exe[4080] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtWriteFile] [282924198a0] IAT C:\WINDOWS\system32\igfxHK.exe[4080] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtLockFile] [28292418e2c] IAT C:\WINDOWS\system32\igfxHK.exe[4080] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtUnlockFile] [282924197f4] IAT C:\WINDOWS\system32\igfxHK.exe[4080] @ C:\WINDOWS\System32\USER32.dll[ntdll.dll!NtClose] [282924189e0] IAT C:\WINDOWS\system32\igfxHK.exe[4080] @ C:\WINDOWS\System32\RPCRT4.dll[ntdll.dll!NtQueryVolumeInformationFile] [282924193a8] IAT C:\WINDOWS\system32\igfxHK.exe[4080] @ C:\WINDOWS\System32\RPCRT4.dll[ntdll.dll!NtClose] [282924189e0] IAT C:\WINDOWS\system32\igfxHK.exe[4080] @ C:\WINDOWS\System32\RPCRT4.dll[ntdll.dll!NtWriteFile] [282924198a0] IAT C:\WINDOWS\system32\igfxHK.exe[4080] @ C:\WINDOWS\System32\RPCRT4.dll[ntdll.dll!NtReadFile] [282924193f0] IAT C:\WINDOWS\system32\igfxHK.exe[4080] @ C:\WINDOWS\System32\RPCRT4.dll[ntdll.dll!NtSetInformationFile] [28292419534] IAT C:\WINDOWS\system32\igfxHK.exe[4080] @ C:\WINDOWS\System32\bcryptPrimitives.dll[ntdll.dll!NtClose] [282924189e0] IAT C:\WINDOWS\system32\igfxHK.exe[4080] @ C:\WINDOWS\System32\bcryptPrimitives.dll[ntdll.dll!NtOpenFile] [28292418f20] IAT C:\WINDOWS\system32\igfxHK.exe[4080] @ C:\WINDOWS\System32\shcore.dll[ntdll.dll!NtCreateFile] [28292418a4c] IAT C:\WINDOWS\system32\igfxHK.exe[4080] @ C:\WINDOWS\System32\MSCTF.dll[ntdll.dll!NtWriteFile] [282924198a0] IAT C:\WINDOWS\system32\igfxHK.exe[4080] @ C:\WINDOWS\System32\MSCTF.dll[ntdll.dll!NtCreateFile] [28292418a4c] IAT C:\WINDOWS\system32\igfxHK.exe[4080] @ C:\WINDOWS\System32\MSCTF.dll[ntdll.dll!NtClose] [282924189e0] IAT C:\WINDOWS\system32\igfxHK.exe[4080] @ C:\WINDOWS\system32\WININET.dll[ntdll.dll!NtSetInformationFile] [28292419534] IAT C:\WINDOWS\system32\igfxHK.exe[4080] @ C:\WINDOWS\system32\WININET.dll[ntdll.dll!NtClose] [282924189e0] IAT C:\WINDOWS\system32\igfxHK.exe[4080] @ C:\WINDOWS\system32\WININET.dll[ntdll.dll!NtQueryVolumeInformationFile] [282924193a8] IAT C:\WINDOWS\system32\igfxHK.exe[4080] @ C:\WINDOWS\system32\WININET.dll[ntdll.dll!NtCreateFile] [28292418a4c] IAT C:\WINDOWS\system32\igfxHK.exe[4080] @ C:\WINDOWS\System32\CRYPT32.dll[ntdll.dll!NtQueryInformationFile] [282924192c8] IAT C:\WINDOWS\system32\igfxHK.exe[4080] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtClose] [282924189e0] IAT C:\WINDOWS\system32\igfxHK.exe[4080] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtCreateFile] [28292418a4c] IAT C:\WINDOWS\system32\igfxHK.exe[4080] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtQueryInformationFile] [282924192c8] IAT C:\WINDOWS\system32\igfxHK.exe[4080] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtQueryDirectoryFile] [28292419124] IAT C:\WINDOWS\system32\igfxHK.exe[4080] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtQueryVolumeInformationFile] [282924193a8] IAT C:\WINDOWS\system32\igfxHK.exe[4080] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtOpenFile] [28292418f20] IAT C:\WINDOWS\system32\igfxHK.exe[4080] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtSetInformationFile] [28292419534] IAT C:\WINDOWS\system32\igfxTray.exe[2964] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtQueryVolumeInformationFile] [16dfb4593a8] IAT C:\WINDOWS\system32\igfxTray.exe[2964] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtOpenFile] [16dfb458f20] IAT C:\WINDOWS\system32\igfxTray.exe[2964] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtClose] [16dfb4589e0] IAT C:\WINDOWS\system32\igfxTray.exe[2964] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtQueryInformationFile] [16dfb4592c8] IAT C:\WINDOWS\system32\igfxTray.exe[2964] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtSetInformationFile] [16dfb459534] IAT C:\WINDOWS\system32\igfxTray.exe[2964] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtCreateFile] [16dfb458a4c] IAT C:\WINDOWS\system32\igfxTray.exe[2964] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtLockFile] [16dfb458e2c] IAT C:\WINDOWS\system32\igfxTray.exe[2964] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtUnlockFile] [16dfb4597f4] IAT C:\WINDOWS\system32\igfxTray.exe[2964] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtReadFile] [16dfb4593f0] IAT C:\WINDOWS\system32\igfxTray.exe[2964] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtWriteFile] [16dfb4598a0] IAT C:\WINDOWS\system32\igfxTray.exe[2964] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtQueryDirectoryFile] [16dfb459124] IAT C:\WINDOWS\system32\igfxTray.exe[2964] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtDeviceIoControlFile] [16dfb458ce4] IAT C:\WINDOWS\system32\igfxTray.exe[2964] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!ZwClose] [16dfb4589e0] IAT C:\WINDOWS\system32\igfxTray.exe[2964] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!ZwCreateFile] [16dfb458a4c] IAT C:\WINDOWS\system32\igfxTray.exe[2964] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!ZwQueryInformationFile] [16dfb4592c8] IAT C:\WINDOWS\system32\igfxTray.exe[2964] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtQueryInformationFile] [16dfb4592c8] IAT C:\WINDOWS\system32\igfxTray.exe[2964] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtOpenFile] [16dfb458f20] IAT C:\WINDOWS\system32\igfxTray.exe[2964] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtSetInformationFile] [16dfb459534] IAT C:\WINDOWS\system32\igfxTray.exe[2964] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtQueryVolumeInformationFile] [16dfb4593a8] IAT C:\WINDOWS\system32\igfxTray.exe[2964] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtCreateFile] [16dfb458a4c] IAT C:\WINDOWS\system32\igfxTray.exe[2964] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtQueryDirectoryFile] [16dfb459124] IAT C:\WINDOWS\system32\igfxTray.exe[2964] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!ZwClose] [16dfb4589e0] IAT C:\WINDOWS\system32\igfxTray.exe[2964] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtDeviceIoControlFile] [16dfb458ce4] IAT C:\WINDOWS\system32\igfxTray.exe[2964] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtClose] [16dfb4589e0] IAT C:\WINDOWS\system32\igfxTray.exe[2964] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtReadFile] [16dfb4593f0] IAT C:\WINDOWS\system32\igfxTray.exe[2964] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtWriteFile] [16dfb4598a0] IAT C:\WINDOWS\system32\igfxTray.exe[2964] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtLockFile] [16dfb458e2c] IAT C:\WINDOWS\system32\igfxTray.exe[2964] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtUnlockFile] [16dfb4597f4] IAT C:\WINDOWS\system32\igfxTray.exe[2964] @ C:\WINDOWS\System32\USER32.dll[ntdll.dll!NtClose] [16dfb4589e0] IAT C:\WINDOWS\system32\igfxTray.exe[2964] @ C:\WINDOWS\System32\gdi32full.dll[ntdll.dll!NtQueryInformationFile] [16dfb4592c8] IAT C:\WINDOWS\system32\igfxTray.exe[2964] @ C:\WINDOWS\System32\gdi32full.dll[ntdll.dll!NtOpenFile] [16dfb458f20] IAT C:\WINDOWS\system32\igfxTray.exe[2964] @ C:\WINDOWS\System32\gdi32full.dll[ntdll.dll!NtClose] [16dfb4589e0] IAT C:\WINDOWS\system32\igfxTray.exe[2964] @ C:\WINDOWS\System32\ADVAPI32.dll[ntdll.dll!NtClose] [16dfb4589e0] IAT C:\WINDOWS\system32\igfxTray.exe[2964] @ C:\WINDOWS\System32\ADVAPI32.dll[ntdll.dll!NtOpenFile] [16dfb458f20] IAT C:\WINDOWS\system32\igfxTray.exe[2964] @ C:\WINDOWS\System32\ADVAPI32.dll[ntdll.dll!NtDeviceIoControlFile] [16dfb458ce4] IAT C:\WINDOWS\system32\igfxTray.exe[2964] @ C:\WINDOWS\System32\ADVAPI32.dll[ntdll.dll!NtQueryVolumeInformationFile] [16dfb4593a8] IAT C:\WINDOWS\system32\igfxTray.exe[2964] @ C:\WINDOWS\System32\ADVAPI32.dll[ntdll.dll!NtQueryInformationFile] [16dfb4592c8] IAT C:\WINDOWS\system32\igfxTray.exe[2964] @ C:\WINDOWS\System32\RPCRT4.dll[ntdll.dll!NtQueryVolumeInformationFile] [16dfb4593a8] IAT C:\WINDOWS\system32\igfxTray.exe[2964] @ C:\WINDOWS\System32\RPCRT4.dll[ntdll.dll!NtClose] [16dfb4589e0] IAT C:\WINDOWS\system32\igfxTray.exe[2964] @ C:\WINDOWS\System32\RPCRT4.dll[ntdll.dll!NtWriteFile] [16dfb4598a0] IAT C:\WINDOWS\system32\igfxTray.exe[2964] @ C:\WINDOWS\System32\RPCRT4.dll[ntdll.dll!NtReadFile] [16dfb4593f0] IAT C:\WINDOWS\system32\igfxTray.exe[2964] @ C:\WINDOWS\System32\RPCRT4.dll[ntdll.dll!NtSetInformationFile] [16dfb459534] IAT C:\WINDOWS\system32\igfxTray.exe[2964] @ C:\WINDOWS\System32\ole32.dll[ntdll.dll!ZwClose] [16dfb4589e0] IAT C:\WINDOWS\system32\igfxTray.exe[2964] @ C:\WINDOWS\System32\ole32.dll[ntdll.dll!NtSetInformationFile] [16dfb459534] IAT C:\WINDOWS\system32\igfxTray.exe[2964] @ C:\WINDOWS\System32\cfgmgr32.dll[ntdll.dll!NtCreateFile] [16dfb458a4c] IAT C:\WINDOWS\system32\igfxTray.exe[2964] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtClose] [16dfb4589e0] IAT C:\WINDOWS\system32\igfxTray.exe[2964] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtCreateFile] [16dfb458a4c] IAT C:\WINDOWS\system32\igfxTray.exe[2964] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtQueryInformationFile] [16dfb4592c8] IAT C:\WINDOWS\system32\igfxTray.exe[2964] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtQueryDirectoryFile] [16dfb459124] IAT C:\WINDOWS\system32\igfxTray.exe[2964] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtQueryVolumeInformationFile] [16dfb4593a8] IAT C:\WINDOWS\system32\igfxTray.exe[2964] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtOpenFile] [16dfb458f20] IAT C:\WINDOWS\system32\igfxTray.exe[2964] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtSetInformationFile] [16dfb459534] IAT C:\WINDOWS\system32\igfxTray.exe[2964] @ C:\WINDOWS\System32\shlwapi.dll[ntdll.dll!NtClose] [16dfb4589e0] IAT C:\WINDOWS\system32\igfxTray.exe[2964] @ C:\WINDOWS\System32\shcore.dll[ntdll.dll!NtCreateFile] [16dfb458a4c] IAT C:\WINDOWS\system32\igfxTray.exe[2964] @ C:\WINDOWS\System32\MSCTF.dll[ntdll.dll!NtWriteFile] [16dfb4598a0] IAT C:\WINDOWS\system32\igfxTray.exe[2964] @ C:\WINDOWS\System32\MSCTF.dll[ntdll.dll!NtCreateFile] [16dfb458a4c] IAT C:\WINDOWS\system32\igfxTray.exe[2964] @ C:\WINDOWS\System32\MSCTF.dll[ntdll.dll!NtClose] [16dfb4589e0] IAT C:\WINDOWS\system32\igfxTray.exe[2964] @ C:\WINDOWS\System32\SETUPAPI.dll[ntdll.dll!NtQueryInformationFile] [16dfb4592c8] IAT C:\WINDOWS\system32\igfxTray.exe[2964] @ C:\WINDOWS\System32\SETUPAPI.dll[ntdll.dll!NtSetInformationFile] [16dfb459534] IAT C:\WINDOWS\system32\igfxTray.exe[2964] @ C:\WINDOWS\System32\SETUPAPI.dll[ntdll.dll!NtClose] [16dfb4589e0] IAT C:\WINDOWS\system32\igfxTray.exe[2964] @ C:\WINDOWS\System32\CRYPT32.dll[ntdll.dll!NtQueryInformationFile] [16dfb4592c8] IAT C:\WINDOWS\system32\igfxTray.exe[2964] @ C:\WINDOWS\system32\WININET.dll[ntdll.dll!NtSetInformationFile] [16dfb459534] IAT C:\WINDOWS\system32\igfxTray.exe[2964] @ C:\WINDOWS\system32\WININET.dll[ntdll.dll!NtClose] [16dfb4589e0] IAT C:\WINDOWS\system32\igfxTray.exe[2964] @ C:\WINDOWS\system32\WININET.dll[ntdll.dll!NtQueryVolumeInformationFile] [16dfb4593a8] IAT C:\WINDOWS\system32\igfxTray.exe[2964] @ C:\WINDOWS\system32\WININET.dll[ntdll.dll!NtCreateFile] [16dfb458a4c] IAT C:\WINDOWS\system32\taskhostw.exe[4460] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtQueryVolumeInformationFile] [19a0cad93a8] IAT C:\WINDOWS\system32\taskhostw.exe[4460] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtOpenFile] [19a0cad8f20] IAT C:\WINDOWS\system32\taskhostw.exe[4460] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtClose] [19a0cad89e0] IAT C:\WINDOWS\system32\taskhostw.exe[4460] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtQueryInformationFile] [19a0cad92c8] IAT C:\WINDOWS\system32\taskhostw.exe[4460] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtSetInformationFile] [19a0cad9534] IAT C:\WINDOWS\system32\taskhostw.exe[4460] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtCreateFile] [19a0cad8a4c] IAT C:\WINDOWS\system32\taskhostw.exe[4460] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtLockFile] [19a0cad8e2c] IAT C:\WINDOWS\system32\taskhostw.exe[4460] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtUnlockFile] [19a0cad97f4] IAT C:\WINDOWS\system32\taskhostw.exe[4460] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtReadFile] [19a0cad93f0] IAT C:\WINDOWS\system32\taskhostw.exe[4460] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtWriteFile] [19a0cad98a0] IAT C:\WINDOWS\system32\taskhostw.exe[4460] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtQueryDirectoryFile] [19a0cad9124] IAT C:\WINDOWS\system32\taskhostw.exe[4460] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtDeviceIoControlFile] [19a0cad8ce4] IAT C:\WINDOWS\system32\taskhostw.exe[4460] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!ZwClose] [19a0cad89e0] IAT C:\WINDOWS\system32\taskhostw.exe[4460] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!ZwCreateFile] [19a0cad8a4c] IAT C:\WINDOWS\system32\taskhostw.exe[4460] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!ZwQueryInformationFile] [19a0cad92c8] IAT C:\WINDOWS\system32\taskhostw.exe[4460] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtQueryInformationFile] [19a0cad92c8] IAT C:\WINDOWS\system32\taskhostw.exe[4460] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtOpenFile] [19a0cad8f20] IAT C:\WINDOWS\system32\taskhostw.exe[4460] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtSetInformationFile] [19a0cad9534] IAT C:\WINDOWS\system32\taskhostw.exe[4460] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtQueryVolumeInformationFile] [19a0cad93a8] IAT C:\WINDOWS\system32\taskhostw.exe[4460] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtCreateFile] [19a0cad8a4c] IAT C:\WINDOWS\system32\taskhostw.exe[4460] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtQueryDirectoryFile] [19a0cad9124] IAT C:\WINDOWS\system32\taskhostw.exe[4460] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!ZwClose] [19a0cad89e0] IAT C:\WINDOWS\system32\taskhostw.exe[4460] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtDeviceIoControlFile] [19a0cad8ce4] IAT C:\WINDOWS\system32\taskhostw.exe[4460] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtClose] [19a0cad89e0] IAT C:\WINDOWS\system32\taskhostw.exe[4460] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtReadFile] [19a0cad93f0] IAT C:\WINDOWS\system32\taskhostw.exe[4460] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtWriteFile] [19a0cad98a0] IAT C:\WINDOWS\system32\taskhostw.exe[4460] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtLockFile] [19a0cad8e2c] IAT C:\WINDOWS\system32\taskhostw.exe[4460] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtUnlockFile] [19a0cad97f4] IAT C:\WINDOWS\system32\taskhostw.exe[4460] @ C:\WINDOWS\System32\RPCRT4.dll[ntdll.dll!NtQueryVolumeInformationFile] [19a0cad93a8] IAT C:\WINDOWS\system32\taskhostw.exe[4460] @ C:\WINDOWS\System32\RPCRT4.dll[ntdll.dll!NtClose] [19a0cad89e0] IAT C:\WINDOWS\system32\taskhostw.exe[4460] @ C:\WINDOWS\System32\RPCRT4.dll[ntdll.dll!NtWriteFile] [19a0cad98a0] IAT C:\WINDOWS\system32\taskhostw.exe[4460] @ C:\WINDOWS\System32\RPCRT4.dll[ntdll.dll!NtReadFile] [19a0cad93f0] IAT C:\WINDOWS\system32\taskhostw.exe[4460] @ C:\WINDOWS\System32\RPCRT4.dll[ntdll.dll!NtSetInformationFile] [19a0cad9534] IAT C:\WINDOWS\system32\taskhostw.exe[4460] @ C:\WINDOWS\System32\bcryptPrimitives.dll[ntdll.dll!NtClose] [19a0cad89e0] IAT C:\WINDOWS\system32\taskhostw.exe[4460] @ C:\WINDOWS\System32\bcryptPrimitives.dll[ntdll.dll!NtOpenFile] [19a0cad8f20] IAT C:\WINDOWS\system32\taskhostw.exe[4460] @ C:\WINDOWS\System32\USER32.dll[ntdll.dll!NtClose] [19a0cad89e0] IAT C:\WINDOWS\system32\taskhostw.exe[4460] @ C:\WINDOWS\System32\sechost.dll[ntdll.dll!NtClose] [19a0cad89e0] IAT C:\WINDOWS\system32\taskhostw.exe[4460] @ C:\WINDOWS\System32\sechost.dll[ntdll.dll!NtQueryInformationFile] [19a0cad92c8] IAT C:\WINDOWS\system32\taskhostw.exe[4460] @ C:\WINDOWS\system32\uxtheme.dll[ntdll.dll!NtClose] [19a0cad89e0] IAT C:\WINDOWS\system32\taskhostw.exe[4460] @ C:\WINDOWS\System32\PlaySndSrv.dll[ntdll.dll!NtCreateFile] [19a0cad8a4c] IAT C:\WINDOWS\system32\taskhostw.exe[4460] @ C:\WINDOWS\System32\MSCTF.dll[ntdll.dll!NtWriteFile] [19a0cad98a0] IAT C:\WINDOWS\system32\taskhostw.exe[4460] @ C:\WINDOWS\System32\MSCTF.dll[ntdll.dll!NtCreateFile] [19a0cad8a4c] IAT C:\WINDOWS\system32\taskhostw.exe[4460] @ C:\WINDOWS\System32\MSCTF.dll[ntdll.dll!NtClose] [19a0cad89e0] IAT C:\WINDOWS\system32\taskhostw.exe[4460] @ C:\WINDOWS\system32\wininet.dll[ntdll.dll!NtSetInformationFile] [19a0cad9534] IAT C:\WINDOWS\system32\taskhostw.exe[4460] @ C:\WINDOWS\system32\wininet.dll[ntdll.dll!NtClose] [19a0cad89e0] IAT C:\WINDOWS\system32\taskhostw.exe[4460] @ C:\WINDOWS\system32\wininet.dll[ntdll.dll!NtQueryVolumeInformationFile] [19a0cad93a8] IAT C:\WINDOWS\system32\taskhostw.exe[4460] @ C:\WINDOWS\system32\wininet.dll[ntdll.dll!NtCreateFile] [19a0cad8a4c] IAT C:\WINDOWS\system32\taskhostw.exe[4460] @ C:\WINDOWS\System32\shcore.dll[ntdll.dll!NtCreateFile] [19a0cad8a4c] IAT C:\WINDOWS\system32\taskhostw.exe[4460] @ C:\WINDOWS\system32\CoreMessaging.dll[ntdll.dll!NtClose] [19a0cad89e0] IAT C:\WINDOWS\system32\taskhostw.exe[4460] @ C:\WINDOWS\System32\WINMM.dll[ntdll.dll!NtClose] [19a0cad89e0] IAT C:\WINDOWS\system32\taskhostw.exe[4460] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtClose] [19a0cad89e0] IAT C:\WINDOWS\system32\taskhostw.exe[4460] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtCreateFile] [19a0cad8a4c] IAT C:\WINDOWS\system32\taskhostw.exe[4460] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtQueryInformationFile] [19a0cad92c8] IAT C:\WINDOWS\system32\taskhostw.exe[4460] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtQueryDirectoryFile] [19a0cad9124] IAT C:\WINDOWS\system32\taskhostw.exe[4460] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtQueryVolumeInformationFile] [19a0cad93a8] IAT C:\WINDOWS\system32\taskhostw.exe[4460] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtOpenFile] [19a0cad8f20] IAT C:\WINDOWS\system32\taskhostw.exe[4460] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtSetInformationFile] [19a0cad9534] IAT C:\WINDOWS\system32\taskhostw.exe[4460] @ C:\WINDOWS\system32\CRYPTBASE.DLL[ntdll.dll!NtDeviceIoControlFile] [19a0cad8ce4] IAT C:\WINDOWS\system32\taskhostw.exe[4460] @ C:\WINDOWS\system32\CRYPTBASE.DLL[ntdll.dll!NtOpenFile] [19a0cad8f20] IAT C:\WINDOWS\system32\taskhostw.exe[4460] @ C:\WINDOWS\system32\CRYPTBASE.DLL[ntdll.dll!NtClose] [19a0cad89e0] IAT C:\WINDOWS\system32\taskhostw.exe[4460] @ C:\WINDOWS\System32\CRYPT32.dll[ntdll.dll!NtQueryInformationFile] [19a0cad92c8] IAT C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5976] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtQueryVolumeInformationFile] [6593a8] IAT C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5976] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtOpenFile] [658f20] IAT C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5976] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtClose] [6589e0] IAT C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5976] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtQueryInformationFile] [6592c8] IAT C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5976] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtSetInformationFile] [659534] IAT C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5976] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtCreateFile] [658a4c] IAT C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5976] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtLockFile] [658e2c] IAT C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5976] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtUnlockFile] [6597f4] IAT C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5976] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtReadFile] [6593f0] IAT C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5976] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtWriteFile] [6598a0] IAT C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5976] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtQueryDirectoryFile] [659124] IAT C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5976] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtDeviceIoControlFile] [658ce4] IAT C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5976] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!ZwClose] [6589e0] IAT C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5976] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!ZwCreateFile] [658a4c] IAT C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5976] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!ZwQueryInformationFile] [6592c8] IAT C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5976] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtQueryInformationFile] [6592c8] IAT C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5976] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtOpenFile] [658f20] IAT C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5976] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtSetInformationFile] [659534] IAT C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5976] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtQueryVolumeInformationFile] [6593a8] IAT C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5976] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtCreateFile] [658a4c] IAT C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5976] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtQueryDirectoryFile] [659124] IAT C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5976] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!ZwClose] [6589e0] IAT C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5976] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtDeviceIoControlFile] [658ce4] IAT C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5976] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtClose] [6589e0] IAT C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5976] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtReadFile] [6593f0] IAT C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5976] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtWriteFile] [6598a0] IAT C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5976] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtLockFile] [658e2c] IAT C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5976] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtUnlockFile] [6597f4] IAT C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5976] @ C:\WINDOWS\System32\RPCRT4.dll[ntdll.dll!NtClose] [6589e0] IAT C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5976] @ C:\WINDOWS\System32\RPCRT4.dll[ntdll.dll!NtWriteFile] [6598a0] IAT C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5976] @ C:\WINDOWS\System32\RPCRT4.dll[ntdll.dll!NtReadFile] [6593f0] IAT C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5976] @ C:\WINDOWS\System32\RPCRT4.dll[ntdll.dll!NtSetInformationFile] [659534] IAT C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5976] @ C:\WINDOWS\System32\USER32.dll[ntdll.dll!NtClose] [6589e0] IAT C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5976] @ C:\WINDOWS\System32\MSCTF.dll[ntdll.dll!NtWriteFile] [6598a0] IAT C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5976] @ C:\WINDOWS\System32\MSCTF.dll[ntdll.dll!NtCreateFile] [658a4c] IAT C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[5976] @ C:\WINDOWS\System32\MSCTF.dll[ntdll.dll!NtClose] [6589e0] IAT C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[804] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtQueryVolumeInformationFile] [7893a8] IAT C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[804] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtOpenFile] [788f20] IAT C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[804] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtClose] [7889e0] IAT C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[804] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtQueryInformationFile] [7892c8] IAT C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[804] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtSetInformationFile] [789534] IAT C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[804] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtCreateFile] [788a4c] IAT C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[804] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtLockFile] [788e2c] IAT C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[804] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtUnlockFile] [7897f4] IAT C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[804] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtReadFile] [7893f0] IAT C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[804] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtWriteFile] [7898a0] IAT C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[804] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtQueryDirectoryFile] [789124] IAT C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[804] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtDeviceIoControlFile] [788ce4] IAT C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[804] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!ZwClose] [7889e0] IAT C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[804] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!ZwCreateFile] [788a4c] IAT C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[804] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!ZwQueryInformationFile] [7892c8] IAT C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[804] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtQueryInformationFile] [7892c8] IAT C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[804] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtOpenFile] [788f20] IAT C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[804] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtSetInformationFile] [789534] IAT C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[804] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtQueryVolumeInformationFile] [7893a8] IAT C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[804] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtCreateFile] [788a4c] IAT C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[804] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtQueryDirectoryFile] [789124] IAT C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[804] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!ZwClose] [7889e0] IAT C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[804] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtDeviceIoControlFile] [788ce4] IAT C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[804] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtClose] [7889e0] IAT C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[804] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtReadFile] [7893f0] IAT C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[804] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtWriteFile] [7898a0] IAT C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[804] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtLockFile] [788e2c] IAT C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[804] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtUnlockFile] [7897f4] IAT C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[804] @ C:\WINDOWS\System32\SETUPAPI.dll[ntdll.dll!NtQueryInformationFile] [7892c8] IAT C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[804] @ C:\WINDOWS\System32\SETUPAPI.dll[ntdll.dll!NtSetInformationFile] [789534] IAT C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[804] @ C:\WINDOWS\System32\SETUPAPI.dll[ntdll.dll!NtClose] [7889e0] IAT C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[804] @ C:\WINDOWS\System32\RPCRT4.dll[ntdll.dll!NtQueryVolumeInformationFile] [7893a8] IAT C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[804] @ C:\WINDOWS\System32\RPCRT4.dll[ntdll.dll!NtClose] [7889e0] IAT C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[804] @ C:\WINDOWS\System32\RPCRT4.dll[ntdll.dll!NtWriteFile] [7898a0] IAT C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[804] @ C:\WINDOWS\System32\RPCRT4.dll[ntdll.dll!NtReadFile] [7893f0] IAT C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[804] @ C:\WINDOWS\System32\RPCRT4.dll[ntdll.dll!NtSetInformationFile] [789534] IAT C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[804] @ C:\WINDOWS\System32\USER32.dll[ntdll.dll!NtClose] [7889e0] IAT C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[804] @ C:\WINDOWS\System32\shcore.dll[ntdll.dll!NtCreateFile] [788a4c] IAT C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[804] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtClose] [7889e0] IAT C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[804] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtCreateFile] [788a4c] IAT C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[804] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtQueryInformationFile] [7892c8] IAT C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[804] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtQueryDirectoryFile] [789124] IAT C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[804] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtQueryVolumeInformationFile] [7893a8] IAT C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[804] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtOpenFile] [788f20] IAT C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[804] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtSetInformationFile] [789534] IAT C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[804] @ C:\WINDOWS\System32\advapi32.dll[ntdll.dll!NtClose] [7889e0] IAT C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[804] @ C:\WINDOWS\System32\advapi32.dll[ntdll.dll!NtOpenFile] [788f20] IAT C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[804] @ C:\WINDOWS\System32\advapi32.dll[ntdll.dll!NtDeviceIoControlFile] [788ce4] IAT C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[804] @ C:\WINDOWS\System32\advapi32.dll[ntdll.dll!NtQueryVolumeInformationFile] [7893a8] IAT C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[804] @ C:\WINDOWS\System32\advapi32.dll[ntdll.dll!NtQueryInformationFile] [7892c8] IAT C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[804] @ C:\WINDOWS\System32\MSCTF.dll[ntdll.dll!NtWriteFile] [7898a0] IAT C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[804] @ C:\WINDOWS\System32\MSCTF.dll[ntdll.dll!NtCreateFile] [788a4c] IAT C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[804] @ C:\WINDOWS\System32\MSCTF.dll[ntdll.dll!NtClose] [7889e0] IAT C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[804] @ C:\WINDOWS\System32\CRYPT32.dll[ntdll.dll!NtQueryInformationFile] [7892c8] IAT C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[804] @ C:\WINDOWS\system32\audioeng.dll[ntdll.dll!NtClose] [7889e0] IAT C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[804] @ C:\WINDOWS\SYSTEM32\WININET.dll[ntdll.dll!NtSetInformationFile] [789534] IAT C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[804] @ C:\WINDOWS\SYSTEM32\WININET.dll[ntdll.dll!NtClose] [7889e0] IAT C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[804] @ C:\WINDOWS\SYSTEM32\WININET.dll[ntdll.dll!NtQueryVolumeInformationFile] [7893a8] IAT C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[804] @ C:\WINDOWS\SYSTEM32\WININET.dll[ntdll.dll!NtCreateFile] [788a4c] IAT C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[452] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtQueryVolumeInformationFile] [7d93a8] IAT C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[452] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtOpenFile] [7d8f20] IAT C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[452] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtClose] [7d89e0] IAT C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[452] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtQueryInformationFile] [7d92c8] IAT C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[452] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtSetInformationFile] [7d9534] IAT C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[452] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtCreateFile] [7d8a4c] IAT C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[452] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtLockFile] [7d8e2c] IAT C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[452] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtUnlockFile] [7d97f4] IAT C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[452] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtReadFile] [7d93f0] IAT C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[452] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtWriteFile] [7d98a0] IAT C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[452] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtQueryDirectoryFile] [7d9124] IAT C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[452] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtDeviceIoControlFile] [7d8ce4] IAT C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[452] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!ZwClose] [7d89e0] IAT C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[452] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!ZwCreateFile] [7d8a4c] IAT C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[452] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!ZwQueryInformationFile] [7d92c8] IAT C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[452] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtQueryInformationFile] [7d92c8] IAT C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[452] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtOpenFile] [7d8f20] IAT C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[452] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtSetInformationFile] [7d9534] IAT C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[452] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtQueryVolumeInformationFile] [7d93a8] IAT C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[452] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtCreateFile] [7d8a4c] IAT C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[452] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtQueryDirectoryFile] [7d9124] IAT C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[452] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!ZwClose] [7d89e0] IAT C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[452] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtDeviceIoControlFile] [7d8ce4] IAT C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[452] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtClose] [7d89e0] IAT C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[452] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtReadFile] [7d93f0] IAT C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[452] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtWriteFile] [7d98a0] IAT C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[452] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtLockFile] [7d8e2c] IAT C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[452] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtUnlockFile] [7d97f4] IAT C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[452] @ C:\WINDOWS\System32\SETUPAPI.dll[ntdll.dll!NtQueryInformationFile] [7d92c8] IAT C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[452] @ C:\WINDOWS\System32\SETUPAPI.dll[ntdll.dll!NtSetInformationFile] [7d9534] IAT C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[452] @ C:\WINDOWS\System32\SETUPAPI.dll[ntdll.dll!NtClose] [7d89e0] IAT C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[452] @ C:\WINDOWS\System32\cfgmgr32.dll[ntdll.dll!NtCreateFile] [7d8a4c] IAT C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[452] @ C:\WINDOWS\System32\RPCRT4.dll[ntdll.dll!NtQueryVolumeInformationFile] [7d93a8] IAT C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[452] @ C:\WINDOWS\System32\RPCRT4.dll[ntdll.dll!NtClose] [7d89e0] IAT C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[452] @ C:\WINDOWS\System32\RPCRT4.dll[ntdll.dll!NtWriteFile] [7d98a0] IAT C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[452] @ C:\WINDOWS\System32\RPCRT4.dll[ntdll.dll!NtReadFile] [7d93f0] IAT C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[452] @ C:\WINDOWS\System32\RPCRT4.dll[ntdll.dll!NtSetInformationFile] [7d9534] IAT C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[452] @ C:\WINDOWS\System32\USER32.dll[ntdll.dll!NtClose] [7d89e0] IAT C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[452] @ C:\WINDOWS\System32\gdi32full.dll[ntdll.dll!NtQueryInformationFile] [7d92c8] IAT C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[452] @ C:\WINDOWS\System32\gdi32full.dll[ntdll.dll!NtOpenFile] [7d8f20] IAT C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[452] @ C:\WINDOWS\System32\gdi32full.dll[ntdll.dll!NtClose] [7d89e0] IAT C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[452] @ C:\WINDOWS\System32\shcore.dll[ntdll.dll!NtCreateFile] [7d8a4c] IAT C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[452] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtClose] [7d89e0] IAT C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[452] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtCreateFile] [7d8a4c] IAT C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[452] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtQueryInformationFile] [7d92c8] IAT C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[452] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtQueryDirectoryFile] [7d9124] IAT C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[452] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtQueryVolumeInformationFile] [7d93a8] IAT C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[452] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtOpenFile] [7d8f20] IAT C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[452] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtSetInformationFile] [7d9534] IAT C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[452] @ C:\WINDOWS\System32\MSCTF.dll[ntdll.dll!NtWriteFile] [7d98a0] IAT C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[452] @ C:\WINDOWS\System32\MSCTF.dll[ntdll.dll!NtCreateFile] [7d8a4c] IAT C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[452] @ C:\WINDOWS\System32\MSCTF.dll[ntdll.dll!NtClose] [7d89e0] IAT C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[452] @ C:\WINDOWS\System32\CRYPT32.dll[ntdll.dll!NtQueryInformationFile] [7d92c8] IAT C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[452] @ C:\WINDOWS\system32\audioeng.dll[ntdll.dll!NtClose] [7d89e0] IAT C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[452] @ C:\WINDOWS\SYSTEM32\WININET.dll[ntdll.dll!NtSetInformationFile] [7d9534] IAT C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[452] @ C:\WINDOWS\SYSTEM32\WININET.dll[ntdll.dll!NtClose] [7d89e0] IAT C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[452] @ C:\WINDOWS\SYSTEM32\WININET.dll[ntdll.dll!NtQueryVolumeInformationFile] [7d93a8] IAT C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[452] @ C:\WINDOWS\SYSTEM32\WININET.dll[ntdll.dll!NtCreateFile] [7d8a4c] IAT C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe[6196] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtQueryVolumeInformationFile] [1bfeec993a8] IAT C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe[6196] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtOpenFile] [1bfeec98f20] IAT C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe[6196] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtClose] [1bfeec989e0] IAT C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe[6196] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtQueryInformationFile] [1bfeec992c8] IAT C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe[6196] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtSetInformationFile] [1bfeec99534] IAT C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe[6196] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtCreateFile] [1bfeec98a4c] IAT C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe[6196] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtLockFile] [1bfeec98e2c] IAT C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe[6196] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtUnlockFile] [1bfeec997f4] IAT C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe[6196] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtReadFile] [1bfeec993f0] IAT C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe[6196] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtWriteFile] [1bfeec998a0] IAT C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe[6196] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtQueryDirectoryFile] [1bfeec99124] IAT C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe[6196] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtDeviceIoControlFile] [1bfeec98ce4] IAT C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe[6196] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!ZwClose] [1bfeec989e0] IAT C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe[6196] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!ZwCreateFile] [1bfeec98a4c] IAT C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe[6196] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!ZwQueryInformationFile] [1bfeec992c8] IAT C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe[6196] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtQueryInformationFile] [1bfeec992c8] IAT C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe[6196] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtOpenFile] [1bfeec98f20] IAT C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe[6196] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtSetInformationFile] [1bfeec99534] IAT C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe[6196] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtQueryVolumeInformationFile] [1bfeec993a8] IAT C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe[6196] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtCreateFile] [1bfeec98a4c] IAT C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe[6196] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtQueryDirectoryFile] [1bfeec99124] IAT C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe[6196] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!ZwClose] [1bfeec989e0] IAT C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe[6196] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtDeviceIoControlFile] [1bfeec98ce4] IAT C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe[6196] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtClose] [1bfeec989e0] IAT C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe[6196] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtReadFile] [1bfeec993f0] IAT C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe[6196] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtWriteFile] [1bfeec998a0] IAT C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe[6196] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtLockFile] [1bfeec98e2c] IAT C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe[6196] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtUnlockFile] [1bfeec997f4] IAT C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe[6196] @ C:\WINDOWS\System32\USER32.dll[ntdll.dll!NtClose] [1bfeec989e0] IAT C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe[6196] @ C:\WINDOWS\System32\ADVAPI32.dll[ntdll.dll!NtClose] [1bfeec989e0] IAT C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe[6196] @ C:\WINDOWS\System32\ADVAPI32.dll[ntdll.dll!NtOpenFile] [1bfeec98f20] IAT C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe[6196] @ C:\WINDOWS\System32\ADVAPI32.dll[ntdll.dll!NtDeviceIoControlFile] [1bfeec98ce4] IAT C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe[6196] @ C:\WINDOWS\System32\ADVAPI32.dll[ntdll.dll!NtQueryVolumeInformationFile] [1bfeec993a8] IAT C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe[6196] @ C:\WINDOWS\System32\ADVAPI32.dll[ntdll.dll!NtQueryInformationFile] [1bfeec992c8] IAT C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe[6196] @ C:\WINDOWS\System32\sechost.dll[ntdll.dll!NtClose] [1bfeec989e0] IAT C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe[6196] @ C:\WINDOWS\System32\sechost.dll[ntdll.dll!NtQueryInformationFile] [1bfeec992c8] IAT C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe[6196] @ C:\WINDOWS\System32\RPCRT4.dll[ntdll.dll!NtQueryVolumeInformationFile] [1bfeec993a8] IAT C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe[6196] @ C:\WINDOWS\System32\RPCRT4.dll[ntdll.dll!NtClose] [1bfeec989e0] IAT C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe[6196] @ C:\WINDOWS\System32\RPCRT4.dll[ntdll.dll!NtWriteFile] [1bfeec998a0] IAT C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe[6196] @ C:\WINDOWS\System32\RPCRT4.dll[ntdll.dll!NtReadFile] [1bfeec993f0] IAT C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe[6196] @ C:\WINDOWS\System32\RPCRT4.dll[ntdll.dll!NtSetInformationFile] [1bfeec99534] IAT C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe[6196] @ C:\WINDOWS\System32\cfgmgr32.dll[ntdll.dll!NtCreateFile] [1bfeec98a4c] IAT C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe[6196] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtClose] [1bfeec989e0] IAT C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe[6196] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtCreateFile] [1bfeec98a4c] IAT C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe[6196] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtQueryInformationFile] [1bfeec992c8] IAT C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe[6196] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtQueryDirectoryFile] [1bfeec99124] IAT C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe[6196] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtQueryVolumeInformationFile] [1bfeec993a8] IAT C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe[6196] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtOpenFile] [1bfeec98f20] IAT C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe[6196] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtSetInformationFile] [1bfeec99534] IAT C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe[6196] @ C:\WINDOWS\System32\shcore.dll[ntdll.dll!NtCreateFile] [1bfeec98a4c] IAT C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe[6196] @ C:\WINDOWS\System32\SETUPAPI.dll[ntdll.dll!NtQueryInformationFile] [1bfeec992c8] IAT C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe[6196] @ C:\WINDOWS\System32\SETUPAPI.dll[ntdll.dll!NtSetInformationFile] [1bfeec99534] IAT C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe[6196] @ C:\WINDOWS\System32\SETUPAPI.dll[ntdll.dll!NtClose] [1bfeec989e0] IAT C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe[6196] @ C:\WINDOWS\System32\MSCTF.dll[ntdll.dll!NtWriteFile] [1bfeec998a0] IAT C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe[6196] @ C:\WINDOWS\System32\MSCTF.dll[ntdll.dll!NtCreateFile] [1bfeec98a4c] IAT C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe[6196] @ C:\WINDOWS\System32\MSCTF.dll[ntdll.dll!NtClose] [1bfeec989e0] IAT C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe[6196] @ C:\WINDOWS\System32\CRYPT32.dll[ntdll.dll!NtQueryInformationFile] [1bfeec992c8] IAT C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe[6196] @ C:\WINDOWS\system32\mswsock.dll[ntdll.dll!NtQueryInformationFile] [1bfeec992c8] IAT C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe[6196] @ C:\WINDOWS\system32\mswsock.dll[ntdll.dll!NtDeviceIoControlFile] [1bfeec98ce4] IAT C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe[6196] @ C:\WINDOWS\system32\mswsock.dll[ntdll.dll!NtClose] [1bfeec989e0] IAT C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe[6196] @ C:\WINDOWS\system32\mswsock.dll[ntdll.dll!NtSetInformationFile] [1bfeec99534] IAT C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe[6196] @ C:\WINDOWS\system32\mswsock.dll[ntdll.dll!NtCreateFile] [1bfeec98a4c] IAT C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe[6196] @ C:\WINDOWS\system32\mswsock.dll[ntdll.dll!NtReadFile] [1bfeec993f0] IAT C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe[6196] @ C:\WINDOWS\SYSTEM32\WININET.dll[ntdll.dll!NtSetInformationFile] [1bfeec99534] IAT C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe[6196] @ C:\WINDOWS\SYSTEM32\WININET.dll[ntdll.dll!NtClose] [1bfeec989e0] IAT C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe[6196] @ C:\WINDOWS\SYSTEM32\WININET.dll[ntdll.dll!NtQueryVolumeInformationFile] [1bfeec993a8] IAT C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe[6196] @ C:\WINDOWS\SYSTEM32\WININET.dll[ntdll.dll!NtCreateFile] [1bfeec98a4c] IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1424] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtQueryVolumeInformationFile] [4f93a8] IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1424] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtOpenFile] [4f8f20] IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1424] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtClose] [4f89e0] IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1424] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtQueryInformationFile] [4f92c8] IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1424] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtSetInformationFile] [4f9534] IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1424] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtCreateFile] [4f8a4c] IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1424] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtLockFile] [4f8e2c] IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1424] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtUnlockFile] [4f97f4] IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1424] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtReadFile] [4f93f0] IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1424] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtWriteFile] [4f98a0] IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1424] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtQueryDirectoryFile] [4f9124] IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1424] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtDeviceIoControlFile] [4f8ce4] IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1424] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!ZwClose] [4f89e0] IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1424] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!ZwCreateFile] [4f8a4c] IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1424] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!ZwQueryInformationFile] [4f92c8] IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1424] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtQueryInformationFile] [4f92c8] IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1424] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtOpenFile] [4f8f20] IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1424] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtSetInformationFile] [4f9534] IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1424] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtQueryVolumeInformationFile] [4f93a8] IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1424] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtCreateFile] [4f8a4c] IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1424] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtQueryDirectoryFile] [4f9124] IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1424] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!ZwClose] [4f89e0] IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1424] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtDeviceIoControlFile] [4f8ce4] IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1424] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtClose] [4f89e0] IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1424] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtReadFile] [4f93f0] IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1424] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtWriteFile] [4f98a0] IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1424] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtLockFile] [4f8e2c] IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1424] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtUnlockFile] [4f97f4] IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1424] @ C:\WINDOWS\System32\USER32.dll[ntdll.dll!NtClose] [4f89e0] IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1424] @ C:\WINDOWS\System32\gdi32full.dll[ntdll.dll!NtQueryInformationFile] [4f92c8] IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1424] @ C:\WINDOWS\System32\gdi32full.dll[ntdll.dll!NtOpenFile] [4f8f20] IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1424] @ C:\WINDOWS\System32\gdi32full.dll[ntdll.dll!NtClose] [4f89e0] IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1424] @ C:\WINDOWS\System32\advapi32.dll[ntdll.dll!NtClose] [4f89e0] IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1424] @ C:\WINDOWS\System32\advapi32.dll[ntdll.dll!NtOpenFile] [4f8f20] IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1424] @ C:\WINDOWS\System32\advapi32.dll[ntdll.dll!NtDeviceIoControlFile] [4f8ce4] IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1424] @ C:\WINDOWS\System32\advapi32.dll[ntdll.dll!NtQueryVolumeInformationFile] [4f93a8] IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1424] @ C:\WINDOWS\System32\advapi32.dll[ntdll.dll!NtQueryInformationFile] [4f92c8] IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1424] @ C:\WINDOWS\system32\uxtheme.dll[ntdll.dll!NtClose] [4f89e0] IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1424] @ C:\WINDOWS\System32\MSCTF.dll[ntdll.dll!NtWriteFile] [4f98a0] IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1424] @ C:\WINDOWS\System32\MSCTF.dll[ntdll.dll!NtCreateFile] [4f8a4c] IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1424] @ C:\WINDOWS\System32\MSCTF.dll[ntdll.dll!NtClose] [4f89e0] IAT C:\Program Files (x86)\Realtek\Realtek Bluetooth\SkypePlugin.exe[7180] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtQueryVolumeInformationFile] [7f93a8] IAT C:\Program Files (x86)\Realtek\Realtek Bluetooth\SkypePlugin.exe[7180] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtOpenFile] [7f8f20] IAT C:\Program Files (x86)\Realtek\Realtek Bluetooth\SkypePlugin.exe[7180] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtClose] [7f89e0] IAT C:\Program Files (x86)\Realtek\Realtek Bluetooth\SkypePlugin.exe[7180] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtQueryInformationFile] [7f92c8] IAT C:\Program Files (x86)\Realtek\Realtek Bluetooth\SkypePlugin.exe[7180] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtSetInformationFile] [7f9534] IAT C:\Program Files (x86)\Realtek\Realtek Bluetooth\SkypePlugin.exe[7180] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtQueryInformationFile] [7f92c8] IAT C:\Program Files (x86)\Realtek\Realtek Bluetooth\SkypePlugin.exe[7180] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtOpenFile] [7f8f20] IAT C:\Program Files (x86)\Realtek\Realtek Bluetooth\SkypePlugin.exe[7180] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtSetInformationFile] [7f9534] IAT C:\Program Files (x86)\Realtek\Realtek Bluetooth\SkypePlugin.exe[7180] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtQueryVolumeInformationFile] [7f93a8] IAT C:\Program Files (x86)\Realtek\Realtek Bluetooth\SkypePlugin.exe[7180] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtCreateFile] [7f8a4c] IAT C:\Program Files (x86)\Realtek\Realtek Bluetooth\SkypePlugin.exe[7180] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtQueryDirectoryFile] [7f9124] IAT C:\Program Files (x86)\Realtek\Realtek Bluetooth\SkypePlugin.exe[7180] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!ZwClose] [7f89e0] IAT C:\Program Files (x86)\Realtek\Realtek Bluetooth\SkypePlugin.exe[7180] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtDeviceIoControlFile] [7f8ce4] IAT C:\Program Files (x86)\Realtek\Realtek Bluetooth\SkypePlugin.exe[7180] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtClose] [7f89e0] IAT C:\Program Files (x86)\Realtek\Realtek Bluetooth\SkypePlugin.exe[7180] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtReadFile] [7f93f0] IAT C:\Program Files (x86)\Realtek\Realtek Bluetooth\SkypePlugin.exe[7180] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtWriteFile] [7f98a0] IAT C:\Program Files (x86)\Realtek\Realtek Bluetooth\SkypePlugin.exe[7180] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtLockFile] [7f8e2c] IAT C:\Program Files (x86)\Realtek\Realtek Bluetooth\SkypePlugin.exe[7180] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtUnlockFile] [7f97f4] IAT C:\Program Files (x86)\Realtek\Realtek Bluetooth\SkypePlugin.exe[7180] @ C:\WINDOWS\System32\USER32.dll[ntdll.dll!NtClose] [7f89e0] IAT C:\Program Files (x86)\Realtek\Realtek Bluetooth\SkypePlugin.exe[7180] @ C:\WINDOWS\System32\RPCRT4.dll[ntdll.dll!NtQueryVolumeInformationFile] [7f93a8] IAT C:\Program Files (x86)\Realtek\Realtek Bluetooth\SkypePlugin.exe[7180] @ C:\WINDOWS\System32\RPCRT4.dll[ntdll.dll!NtClose] [7f89e0] IAT C:\Program Files (x86)\Realtek\Realtek Bluetooth\SkypePlugin.exe[7180] @ C:\WINDOWS\System32\RPCRT4.dll[ntdll.dll!NtWriteFile] [7f98a0] IAT C:\Program Files (x86)\Realtek\Realtek Bluetooth\SkypePlugin.exe[7180] @ C:\WINDOWS\System32\RPCRT4.dll[ntdll.dll!NtReadFile] [7f93f0] IAT C:\Program Files (x86)\Realtek\Realtek Bluetooth\SkypePlugin.exe[7180] @ C:\WINDOWS\System32\RPCRT4.dll[ntdll.dll!NtSetInformationFile] [7f9534] IAT C:\Program Files (x86)\Realtek\Realtek Bluetooth\SkypePlugin.exe[7180] @ C:\WINDOWS\System32\MSCTF.dll[ntdll.dll!NtWriteFile] [7f98a0] IAT C:\Program Files (x86)\Realtek\Realtek Bluetooth\SkypePlugin.exe[7180] @ C:\WINDOWS\System32\MSCTF.dll[ntdll.dll!NtCreateFile] [7f8a4c] IAT C:\Program Files (x86)\Realtek\Realtek Bluetooth\SkypePlugin.exe[7180] @ C:\WINDOWS\System32\MSCTF.dll[ntdll.dll!NtClose] [7f89e0] IAT C:\Program Files (x86)\Realtek\Realtek Bluetooth\SkypePlugin.exe[7180] @ C:\WINDOWS\SYSTEM32\WININET.dll[ntdll.dll!NtSetInformationFile] [7f9534] IAT C:\Program Files (x86)\Realtek\Realtek Bluetooth\SkypePlugin.exe[7180] @ C:\WINDOWS\SYSTEM32\WININET.dll[ntdll.dll!NtClose] [7f89e0] IAT C:\Program Files (x86)\Realtek\Realtek Bluetooth\SkypePlugin.exe[7180] @ C:\WINDOWS\SYSTEM32\WININET.dll[ntdll.dll!NtQueryVolumeInformationFile] [7f93a8] IAT C:\Program Files (x86)\Realtek\Realtek Bluetooth\SkypePlugin.exe[7180] @ C:\WINDOWS\SYSTEM32\WININET.dll[ntdll.dll!NtCreateFile] [7f8a4c] IAT C:\Program Files (x86)\Realtek\Realtek Bluetooth\SkypePlugin.exe[7180] @ C:\WINDOWS\System32\CRYPT32.dll[ntdll.dll!NtQueryInformationFile] [7f92c8] IAT C:\Program Files (x86)\Realtek\Realtek Bluetooth\SkypePlugin.exe[7180] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtClose] [7f89e0] IAT C:\Program Files (x86)\Realtek\Realtek Bluetooth\SkypePlugin.exe[7180] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtCreateFile] [7f8a4c] IAT C:\Program Files (x86)\Realtek\Realtek Bluetooth\SkypePlugin.exe[7180] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtQueryInformationFile] [7f92c8] IAT C:\Program Files (x86)\Realtek\Realtek Bluetooth\SkypePlugin.exe[7180] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtQueryDirectoryFile] [7f9124] IAT C:\Program Files (x86)\Realtek\Realtek Bluetooth\SkypePlugin.exe[7180] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtQueryVolumeInformationFile] [7f93a8] IAT C:\Program Files (x86)\Realtek\Realtek Bluetooth\SkypePlugin.exe[7180] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtOpenFile] [7f8f20] IAT C:\Program Files (x86)\Realtek\Realtek Bluetooth\SkypePlugin.exe[7180] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtSetInformationFile] [7f9534] IAT C:\Program Files (x86)\Realtek\Realtek Bluetooth\SkypePlugin.exe[7180] @ C:\WINDOWS\System32\shcore.dll[ntdll.dll!NtCreateFile] [7f8a4c] IAT C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[7388] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtQueryVolumeInformationFile] [190ea5d93a8] IAT C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[7388] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtOpenFile] [190ea5d8f20] IAT C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[7388] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtClose] [190ea5d89e0] IAT C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[7388] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtQueryInformationFile] [190ea5d92c8] IAT C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[7388] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtSetInformationFile] [190ea5d9534] IAT C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[7388] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtQueryInformationFile] [190ea5d92c8] IAT C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[7388] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtOpenFile] [190ea5d8f20] IAT C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[7388] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtSetInformationFile] [190ea5d9534] IAT C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[7388] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtQueryVolumeInformationFile] [190ea5d93a8] IAT C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[7388] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtCreateFile] [190ea5d8a4c] IAT C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[7388] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtQueryDirectoryFile] [190ea5d9124] IAT C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[7388] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!ZwClose] [190ea5d89e0] IAT C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[7388] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtDeviceIoControlFile] [190ea5d8ce4] IAT C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[7388] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtClose] [190ea5d89e0] IAT C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[7388] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtReadFile] [190ea5d93f0] IAT C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[7388] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtWriteFile] [190ea5d98a0] IAT C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[7388] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtLockFile] [190ea5d8e2c] IAT C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[7388] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtUnlockFile] [190ea5d97f4] IAT C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[7388] @ C:\WINDOWS\System32\USER32.dll[ntdll.dll!NtClose] [190ea5d89e0] IAT C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[7388] @ C:\WINDOWS\System32\RPCRT4.dll[ntdll.dll!NtQueryVolumeInformationFile] [190ea5d93a8] IAT C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[7388] @ C:\WINDOWS\System32\RPCRT4.dll[ntdll.dll!NtClose] [190ea5d89e0] IAT C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[7388] @ C:\WINDOWS\System32\RPCRT4.dll[ntdll.dll!NtWriteFile] [190ea5d98a0] IAT C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[7388] @ C:\WINDOWS\System32\RPCRT4.dll[ntdll.dll!NtReadFile] [190ea5d93f0] IAT C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[7388] @ C:\WINDOWS\System32\RPCRT4.dll[ntdll.dll!NtSetInformationFile] [190ea5d9534] IAT C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[7388] @ C:\WINDOWS\System32\MSCTF.dll[ntdll.dll!NtWriteFile] [190ea5d98a0] IAT C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[7388] @ C:\WINDOWS\System32\MSCTF.dll[ntdll.dll!NtCreateFile] [190ea5d8a4c] IAT C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[7388] @ C:\WINDOWS\System32\MSCTF.dll[ntdll.dll!NtClose] [190ea5d89e0] IAT C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[7388] @ C:\WINDOWS\SYSTEM32\WININET.dll[ntdll.dll!NtSetInformationFile] [190ea5d9534] IAT C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[7388] @ C:\WINDOWS\SYSTEM32\WININET.dll[ntdll.dll!NtClose] [190ea5d89e0] IAT C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[7388] @ C:\WINDOWS\SYSTEM32\WININET.dll[ntdll.dll!NtQueryVolumeInformationFile] [190ea5d93a8] IAT C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[7388] @ C:\WINDOWS\SYSTEM32\WININET.dll[ntdll.dll!NtCreateFile] [190ea5d8a4c] IAT C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[7388] @ C:\WINDOWS\System32\CRYPT32.dll[ntdll.dll!NtQueryInformationFile] [190ea5d92c8] IAT C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[7388] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtClose] [190ea5d89e0] IAT C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[7388] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtCreateFile] [190ea5d8a4c] IAT C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[7388] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtQueryInformationFile] [190ea5d92c8] IAT C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[7388] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtQueryDirectoryFile] [190ea5d9124] IAT C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[7388] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtQueryVolumeInformationFile] [190ea5d93a8] IAT C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[7388] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtOpenFile] [190ea5d8f20] IAT C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[7388] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtSetInformationFile] [190ea5d9534] IAT C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[7388] @ C:\WINDOWS\System32\shcore.dll[ntdll.dll!NtCreateFile] [190ea5d8a4c] IAT C:\WINDOWS\system32\conhost.exe[5140] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtQueryVolumeInformationFile] [237e7f393a8] IAT C:\WINDOWS\system32\conhost.exe[5140] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtOpenFile] [237e7f38f20] IAT C:\WINDOWS\system32\conhost.exe[5140] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtClose] [237e7f389e0] IAT C:\WINDOWS\system32\conhost.exe[5140] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtQueryInformationFile] [237e7f392c8] IAT C:\WINDOWS\system32\conhost.exe[5140] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtSetInformationFile] [237e7f39534] IAT C:\WINDOWS\system32\conhost.exe[5140] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtQueryInformationFile] [237e7f392c8] IAT C:\WINDOWS\system32\conhost.exe[5140] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtOpenFile] [237e7f38f20] IAT C:\WINDOWS\system32\conhost.exe[5140] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtSetInformationFile] [237e7f39534] IAT C:\WINDOWS\system32\conhost.exe[5140] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtQueryVolumeInformationFile] [237e7f393a8] IAT C:\WINDOWS\system32\conhost.exe[5140] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtCreateFile] [237e7f38a4c] IAT C:\WINDOWS\system32\conhost.exe[5140] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtQueryDirectoryFile] [237e7f39124] IAT C:\WINDOWS\system32\conhost.exe[5140] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!ZwClose] [237e7f389e0] IAT C:\WINDOWS\system32\conhost.exe[5140] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtDeviceIoControlFile] [237e7f38ce4] IAT C:\WINDOWS\system32\conhost.exe[5140] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtClose] [237e7f389e0] IAT C:\WINDOWS\system32\conhost.exe[5140] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtReadFile] [237e7f393f0] IAT C:\WINDOWS\system32\conhost.exe[5140] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtWriteFile] [237e7f398a0] IAT C:\WINDOWS\system32\conhost.exe[5140] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtLockFile] [237e7f38e2c] IAT C:\WINDOWS\system32\conhost.exe[5140] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtUnlockFile] [237e7f397f4] IAT C:\WINDOWS\system32\conhost.exe[5140] @ C:\WINDOWS\SYSTEM32\ConhostV2.dll[ntdll.dll!NtClose] [237e7f389e0] IAT C:\WINDOWS\system32\conhost.exe[5140] @ C:\WINDOWS\SYSTEM32\ConhostV2.dll[ntdll.dll!NtDeviceIoControlFile] [237e7f38ce4] IAT C:\WINDOWS\system32\conhost.exe[5140] @ C:\WINDOWS\System32\RPCRT4.dll[ntdll.dll!NtQueryVolumeInformationFile] [237e7f393a8] IAT C:\WINDOWS\system32\conhost.exe[5140] @ C:\WINDOWS\System32\RPCRT4.dll[ntdll.dll!NtClose] [237e7f389e0] IAT C:\WINDOWS\system32\conhost.exe[5140] @ C:\WINDOWS\System32\RPCRT4.dll[ntdll.dll!NtWriteFile] [237e7f398a0] IAT C:\WINDOWS\system32\conhost.exe[5140] @ C:\WINDOWS\System32\RPCRT4.dll[ntdll.dll!NtReadFile] [237e7f393f0] IAT C:\WINDOWS\system32\conhost.exe[5140] @ C:\WINDOWS\System32\RPCRT4.dll[ntdll.dll!NtSetInformationFile] [237e7f39534] IAT C:\WINDOWS\system32\conhost.exe[5140] @ C:\WINDOWS\System32\gdi32full.dll[ntdll.dll!NtQueryInformationFile] [237e7f392c8] IAT C:\WINDOWS\system32\conhost.exe[5140] @ C:\WINDOWS\System32\gdi32full.dll[ntdll.dll!NtOpenFile] [237e7f38f20] IAT C:\WINDOWS\system32\conhost.exe[5140] @ C:\WINDOWS\System32\gdi32full.dll[ntdll.dll!NtClose] [237e7f389e0] IAT C:\WINDOWS\system32\conhost.exe[5140] @ C:\WINDOWS\System32\USER32.dll[ntdll.dll!NtClose] [237e7f389e0] IAT C:\WINDOWS\system32\conhost.exe[5140] @ C:\WINDOWS\System32\shcore.dll[ntdll.dll!NtCreateFile] [237e7f38a4c] IAT C:\WINDOWS\system32\conhost.exe[5140] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtClose] [237e7f389e0] IAT C:\WINDOWS\system32\conhost.exe[5140] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtCreateFile] [237e7f38a4c] IAT C:\WINDOWS\system32\conhost.exe[5140] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtQueryInformationFile] [237e7f392c8] IAT C:\WINDOWS\system32\conhost.exe[5140] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtQueryDirectoryFile] [237e7f39124] IAT C:\WINDOWS\system32\conhost.exe[5140] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtQueryVolumeInformationFile] [237e7f393a8] IAT C:\WINDOWS\system32\conhost.exe[5140] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtOpenFile] [237e7f38f20] IAT C:\WINDOWS\system32\conhost.exe[5140] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtSetInformationFile] [237e7f39534] IAT C:\WINDOWS\system32\conhost.exe[5140] @ C:\WINDOWS\system32\WININET.dll[ntdll.dll!NtSetInformationFile] [237e7f39534] IAT C:\WINDOWS\system32\conhost.exe[5140] @ C:\WINDOWS\system32\WININET.dll[ntdll.dll!NtClose] [237e7f389e0] IAT C:\WINDOWS\system32\conhost.exe[5140] @ C:\WINDOWS\system32\WININET.dll[ntdll.dll!NtQueryVolumeInformationFile] [237e7f393a8] IAT C:\WINDOWS\system32\conhost.exe[5140] @ C:\WINDOWS\system32\WININET.dll[ntdll.dll!NtCreateFile] [237e7f38a4c] IAT C:\WINDOWS\system32\conhost.exe[5140] @ C:\WINDOWS\System32\CRYPT32.dll[ntdll.dll!NtQueryInformationFile] [237e7f392c8] IAT C:\Windows\System32\InstallAgent.exe[8508] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtQueryVolumeInformationFile] [26713d593a8] IAT C:\Windows\System32\InstallAgent.exe[8508] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtOpenFile] [26713d58f20] IAT C:\Windows\System32\InstallAgent.exe[8508] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtClose] [26713d589e0] IAT C:\Windows\System32\InstallAgent.exe[8508] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtQueryInformationFile] [26713d592c8] IAT C:\Windows\System32\InstallAgent.exe[8508] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtSetInformationFile] [26713d59534] IAT C:\Windows\System32\InstallAgent.exe[8508] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtCreateFile] [26713d58a4c] IAT C:\Windows\System32\InstallAgent.exe[8508] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtLockFile] [26713d58e2c] IAT C:\Windows\System32\InstallAgent.exe[8508] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtUnlockFile] [26713d597f4] IAT C:\Windows\System32\InstallAgent.exe[8508] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtReadFile] [26713d593f0] IAT C:\Windows\System32\InstallAgent.exe[8508] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtWriteFile] [26713d598a0] IAT C:\Windows\System32\InstallAgent.exe[8508] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtQueryDirectoryFile] [26713d59124] IAT C:\Windows\System32\InstallAgent.exe[8508] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtDeviceIoControlFile] [26713d58ce4] IAT C:\Windows\System32\InstallAgent.exe[8508] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!ZwClose] [26713d589e0] IAT C:\Windows\System32\InstallAgent.exe[8508] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!ZwCreateFile] [26713d58a4c] IAT C:\Windows\System32\InstallAgent.exe[8508] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!ZwQueryInformationFile] [26713d592c8] IAT C:\Windows\System32\InstallAgent.exe[8508] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtQueryInformationFile] [26713d592c8] IAT C:\Windows\System32\InstallAgent.exe[8508] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtOpenFile] [26713d58f20] IAT C:\Windows\System32\InstallAgent.exe[8508] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtSetInformationFile] [26713d59534] IAT C:\Windows\System32\InstallAgent.exe[8508] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtQueryVolumeInformationFile] [26713d593a8] IAT C:\Windows\System32\InstallAgent.exe[8508] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtCreateFile] [26713d58a4c] IAT C:\Windows\System32\InstallAgent.exe[8508] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtQueryDirectoryFile] [26713d59124] IAT C:\Windows\System32\InstallAgent.exe[8508] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!ZwClose] [26713d589e0] IAT C:\Windows\System32\InstallAgent.exe[8508] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtDeviceIoControlFile] [26713d58ce4] IAT C:\Windows\System32\InstallAgent.exe[8508] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtClose] [26713d589e0] IAT C:\Windows\System32\InstallAgent.exe[8508] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtReadFile] [26713d593f0] IAT C:\Windows\System32\InstallAgent.exe[8508] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtWriteFile] [26713d598a0] IAT C:\Windows\System32\InstallAgent.exe[8508] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtLockFile] [26713d58e2c] IAT C:\Windows\System32\InstallAgent.exe[8508] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtUnlockFile] [26713d597f4] IAT C:\Windows\System32\InstallAgent.exe[8508] @ C:\WINDOWS\System32\RPCRT4.dll[ntdll.dll!NtQueryVolumeInformationFile] [26713d593a8] IAT C:\Windows\System32\InstallAgent.exe[8508] @ C:\WINDOWS\System32\RPCRT4.dll[ntdll.dll!NtClose] [26713d589e0] IAT C:\Windows\System32\InstallAgent.exe[8508] @ C:\WINDOWS\System32\RPCRT4.dll[ntdll.dll!NtWriteFile] [26713d598a0] IAT C:\Windows\System32\InstallAgent.exe[8508] @ C:\WINDOWS\System32\RPCRT4.dll[ntdll.dll!NtReadFile] [26713d593f0] IAT C:\Windows\System32\InstallAgent.exe[8508] @ C:\WINDOWS\System32\RPCRT4.dll[ntdll.dll!NtSetInformationFile] [26713d59534] IAT C:\Windows\System32\InstallAgent.exe[8508] @ C:\WINDOWS\System32\bcryptPrimitives.dll[ntdll.dll!NtClose] [26713d589e0] IAT C:\Windows\System32\InstallAgent.exe[8508] @ C:\WINDOWS\System32\bcryptPrimitives.dll[ntdll.dll!NtOpenFile] [26713d58f20] IAT C:\Windows\System32\InstallAgent.exe[8508] @ C:\WINDOWS\System32\shcore.dll[ntdll.dll!NtCreateFile] [26713d58a4c] IAT C:\Windows\System32\InstallAgent.exe[8508] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtClose] [26713d589e0] IAT C:\Windows\System32\InstallAgent.exe[8508] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtCreateFile] [26713d58a4c] IAT C:\Windows\System32\InstallAgent.exe[8508] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtQueryInformationFile] [26713d592c8] IAT C:\Windows\System32\InstallAgent.exe[8508] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtQueryDirectoryFile] [26713d59124] IAT C:\Windows\System32\InstallAgent.exe[8508] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtQueryVolumeInformationFile] [26713d593a8] IAT C:\Windows\System32\InstallAgent.exe[8508] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtOpenFile] [26713d58f20] IAT C:\Windows\System32\InstallAgent.exe[8508] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtSetInformationFile] [26713d59534] IAT C:\Windows\System32\InstallAgent.exe[8508] @ C:\Windows\System32\WININET.dll[ntdll.dll!NtSetInformationFile] [26713d59534] IAT C:\Windows\System32\InstallAgent.exe[8508] @ C:\Windows\System32\WININET.dll[ntdll.dll!NtClose] [26713d589e0] IAT C:\Windows\System32\InstallAgent.exe[8508] @ C:\Windows\System32\WININET.dll[ntdll.dll!NtQueryVolumeInformationFile] [26713d593a8] IAT C:\Windows\System32\InstallAgent.exe[8508] @ C:\Windows\System32\WININET.dll[ntdll.dll!NtCreateFile] [26713d58a4c] IAT C:\Windows\System32\InstallAgent.exe[8508] @ C:\WINDOWS\System32\CRYPT32.dll[ntdll.dll!NtQueryInformationFile] [26713d592c8] IAT C:\Windows\System32\InstallAgentUserBroker.exe[8560] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtQueryVolumeInformationFile] [1ace3d593a8] IAT C:\Windows\System32\InstallAgentUserBroker.exe[8560] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtOpenFile] [1ace3d58f20] IAT C:\Windows\System32\InstallAgentUserBroker.exe[8560] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtClose] [1ace3d589e0] IAT C:\Windows\System32\InstallAgentUserBroker.exe[8560] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtQueryInformationFile] [1ace3d592c8] IAT C:\Windows\System32\InstallAgentUserBroker.exe[8560] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtSetInformationFile] [1ace3d59534] IAT C:\Windows\System32\InstallAgentUserBroker.exe[8560] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtQueryInformationFile] [1ace3d592c8] IAT C:\Windows\System32\InstallAgentUserBroker.exe[8560] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtOpenFile] [1ace3d58f20] IAT C:\Windows\System32\InstallAgentUserBroker.exe[8560] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtSetInformationFile] [1ace3d59534] IAT C:\Windows\System32\InstallAgentUserBroker.exe[8560] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtQueryVolumeInformationFile] [1ace3d593a8] IAT C:\Windows\System32\InstallAgentUserBroker.exe[8560] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtCreateFile] [1ace3d58a4c] IAT C:\Windows\System32\InstallAgentUserBroker.exe[8560] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtQueryDirectoryFile] [1ace3d59124] IAT C:\Windows\System32\InstallAgentUserBroker.exe[8560] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!ZwClose] [1ace3d589e0] IAT C:\Windows\System32\InstallAgentUserBroker.exe[8560] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtDeviceIoControlFile] [1ace3d58ce4] IAT C:\Windows\System32\InstallAgentUserBroker.exe[8560] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtClose] [1ace3d589e0] IAT C:\Windows\System32\InstallAgentUserBroker.exe[8560] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtReadFile] [1ace3d593f0] IAT C:\Windows\System32\InstallAgentUserBroker.exe[8560] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtWriteFile] [1ace3d598a0] IAT C:\Windows\System32\InstallAgentUserBroker.exe[8560] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtLockFile] [1ace3d58e2c] IAT C:\Windows\System32\InstallAgentUserBroker.exe[8560] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtUnlockFile] [1ace3d597f4] IAT C:\Windows\System32\InstallAgentUserBroker.exe[8560] @ C:\WINDOWS\System32\RPCRT4.dll[ntdll.dll!NtQueryVolumeInformationFile] [1ace3d593a8] IAT C:\Windows\System32\InstallAgentUserBroker.exe[8560] @ C:\WINDOWS\System32\RPCRT4.dll[ntdll.dll!NtClose] [1ace3d589e0] IAT C:\Windows\System32\InstallAgentUserBroker.exe[8560] @ C:\WINDOWS\System32\RPCRT4.dll[ntdll.dll!NtWriteFile] [1ace3d598a0] IAT C:\Windows\System32\InstallAgentUserBroker.exe[8560] @ C:\WINDOWS\System32\RPCRT4.dll[ntdll.dll!NtReadFile] [1ace3d593f0] IAT C:\Windows\System32\InstallAgentUserBroker.exe[8560] @ C:\WINDOWS\System32\RPCRT4.dll[ntdll.dll!NtSetInformationFile] [1ace3d59534] IAT C:\Windows\System32\InstallAgentUserBroker.exe[8560] @ C:\WINDOWS\System32\shcore.dll[ntdll.dll!NtCreateFile] [1ace3d58a4c] IAT C:\Windows\System32\InstallAgentUserBroker.exe[8560] @ C:\Windows\System32\WININET.dll[ntdll.dll!NtSetInformationFile] [1ace3d59534] IAT C:\Windows\System32\InstallAgentUserBroker.exe[8560] @ C:\Windows\System32\WININET.dll[ntdll.dll!NtClose] [1ace3d589e0] IAT C:\Windows\System32\InstallAgentUserBroker.exe[8560] @ C:\Windows\System32\WININET.dll[ntdll.dll!NtQueryVolumeInformationFile] [1ace3d593a8] IAT C:\Windows\System32\InstallAgentUserBroker.exe[8560] @ C:\Windows\System32\WININET.dll[ntdll.dll!NtCreateFile] [1ace3d58a4c] IAT C:\Windows\System32\InstallAgentUserBroker.exe[8560] @ C:\WINDOWS\System32\CRYPT32.dll[ntdll.dll!NtQueryInformationFile] [1ace3d592c8] IAT C:\Windows\System32\InstallAgentUserBroker.exe[8560] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtClose] [1ace3d589e0] IAT C:\Windows\System32\InstallAgentUserBroker.exe[8560] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtCreateFile] [1ace3d58a4c] IAT C:\Windows\System32\InstallAgentUserBroker.exe[8560] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtQueryInformationFile] [1ace3d592c8] IAT C:\Windows\System32\InstallAgentUserBroker.exe[8560] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtQueryDirectoryFile] [1ace3d59124] IAT C:\Windows\System32\InstallAgentUserBroker.exe[8560] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtQueryVolumeInformationFile] [1ace3d593a8] IAT C:\Windows\System32\InstallAgentUserBroker.exe[8560] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtOpenFile] [1ace3d58f20] IAT C:\Windows\System32\InstallAgentUserBroker.exe[8560] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtSetInformationFile] [1ace3d59534] IAT C:\WINDOWS\system32\DllHost.exe[7144] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtQueryVolumeInformationFile] [2b457fd93a8] IAT C:\WINDOWS\system32\DllHost.exe[7144] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtOpenFile] [2b457fd8f20] IAT C:\WINDOWS\system32\DllHost.exe[7144] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtClose] [2b457fd89e0] IAT C:\WINDOWS\system32\DllHost.exe[7144] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtQueryInformationFile] [2b457fd92c8] IAT C:\WINDOWS\system32\DllHost.exe[7144] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtSetInformationFile] [2b457fd9534] IAT C:\WINDOWS\system32\DllHost.exe[7144] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtCreateFile] [2b457fd8a4c] IAT C:\WINDOWS\system32\DllHost.exe[7144] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtLockFile] [2b457fd8e2c] IAT C:\WINDOWS\system32\DllHost.exe[7144] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtUnlockFile] [2b457fd97f4] IAT C:\WINDOWS\system32\DllHost.exe[7144] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtReadFile] [2b457fd93f0] IAT C:\WINDOWS\system32\DllHost.exe[7144] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtWriteFile] [2b457fd98a0] IAT C:\WINDOWS\system32\DllHost.exe[7144] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtQueryDirectoryFile] [2b457fd9124] IAT C:\WINDOWS\system32\DllHost.exe[7144] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtDeviceIoControlFile] [2b457fd8ce4] IAT C:\WINDOWS\system32\DllHost.exe[7144] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!ZwClose] [2b457fd89e0] IAT C:\WINDOWS\system32\DllHost.exe[7144] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!ZwCreateFile] [2b457fd8a4c] IAT C:\WINDOWS\system32\DllHost.exe[7144] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!ZwQueryInformationFile] [2b457fd92c8] IAT C:\WINDOWS\system32\DllHost.exe[7144] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtQueryInformationFile] [2b457fd92c8] IAT C:\WINDOWS\system32\DllHost.exe[7144] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtOpenFile] [2b457fd8f20] IAT C:\WINDOWS\system32\DllHost.exe[7144] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtSetInformationFile] [2b457fd9534] IAT C:\WINDOWS\system32\DllHost.exe[7144] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtQueryVolumeInformationFile] [2b457fd93a8] IAT C:\WINDOWS\system32\DllHost.exe[7144] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtCreateFile] [2b457fd8a4c] IAT C:\WINDOWS\system32\DllHost.exe[7144] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtQueryDirectoryFile] [2b457fd9124] IAT C:\WINDOWS\system32\DllHost.exe[7144] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!ZwClose] [2b457fd89e0] IAT C:\WINDOWS\system32\DllHost.exe[7144] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtDeviceIoControlFile] [2b457fd8ce4] IAT C:\WINDOWS\system32\DllHost.exe[7144] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtClose] [2b457fd89e0] IAT C:\WINDOWS\system32\DllHost.exe[7144] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtReadFile] [2b457fd93f0] IAT C:\WINDOWS\system32\DllHost.exe[7144] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtWriteFile] [2b457fd98a0] IAT C:\WINDOWS\system32\DllHost.exe[7144] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtLockFile] [2b457fd8e2c] IAT C:\WINDOWS\system32\DllHost.exe[7144] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtUnlockFile] [2b457fd97f4] IAT C:\WINDOWS\system32\DllHost.exe[7144] @ C:\WINDOWS\System32\RPCRT4.dll[ntdll.dll!NtQueryVolumeInformationFile] [2b457fd93a8] IAT C:\WINDOWS\system32\DllHost.exe[7144] @ C:\WINDOWS\System32\RPCRT4.dll[ntdll.dll!NtClose] [2b457fd89e0] IAT C:\WINDOWS\system32\DllHost.exe[7144] @ C:\WINDOWS\System32\RPCRT4.dll[ntdll.dll!NtWriteFile] [2b457fd98a0] IAT C:\WINDOWS\system32\DllHost.exe[7144] @ C:\WINDOWS\System32\RPCRT4.dll[ntdll.dll!NtReadFile] [2b457fd93f0] IAT C:\WINDOWS\system32\DllHost.exe[7144] @ C:\WINDOWS\System32\RPCRT4.dll[ntdll.dll!NtSetInformationFile] [2b457fd9534] IAT C:\WINDOWS\system32\DllHost.exe[7144] @ C:\WINDOWS\System32\bcryptPrimitives.dll[ntdll.dll!NtClose] [2b457fd89e0] IAT C:\WINDOWS\system32\DllHost.exe[7144] @ C:\WINDOWS\System32\bcryptPrimitives.dll[ntdll.dll!NtOpenFile] [2b457fd8f20] IAT C:\WINDOWS\system32\DllHost.exe[7144] @ C:\WINDOWS\System32\kernel.appcore.dll[ntdll.dll!NtClose] [2b457fd89e0] IAT C:\WINDOWS\system32\DllHost.exe[7144] @ C:\WINDOWS\System32\sechost.dll[ntdll.dll!NtClose] [2b457fd89e0] IAT C:\WINDOWS\system32\DllHost.exe[7144] @ C:\WINDOWS\System32\sechost.dll[ntdll.dll!NtQueryInformationFile] [2b457fd92c8] IAT C:\WINDOWS\system32\DllHost.exe[7144] @ C:\WINDOWS\System32\user32.dll[ntdll.dll!NtClose] [2b457fd89e0] IAT C:\WINDOWS\system32\DllHost.exe[7144] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtClose] [2b457fd89e0] IAT C:\WINDOWS\system32\DllHost.exe[7144] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtCreateFile] [2b457fd8a4c] IAT C:\WINDOWS\system32\DllHost.exe[7144] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtQueryInformationFile] [2b457fd92c8] IAT C:\WINDOWS\system32\DllHost.exe[7144] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtQueryDirectoryFile] [2b457fd9124] IAT C:\WINDOWS\system32\DllHost.exe[7144] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtQueryVolumeInformationFile] [2b457fd93a8] IAT C:\WINDOWS\system32\DllHost.exe[7144] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtOpenFile] [2b457fd8f20] IAT C:\WINDOWS\system32\DllHost.exe[7144] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtSetInformationFile] [2b457fd9534] IAT C:\WINDOWS\system32\DllHost.exe[7144] @ C:\WINDOWS\System32\shcore.dll[ntdll.dll!NtCreateFile] [2b457fd8a4c] IAT C:\WINDOWS\system32\DllHost.exe[7144] @ C:\WINDOWS\system32\CRYPTBASE.DLL[ntdll.dll!NtDeviceIoControlFile] [2b457fd8ce4] IAT C:\WINDOWS\system32\DllHost.exe[7144] @ C:\WINDOWS\system32\CRYPTBASE.DLL[ntdll.dll!NtOpenFile] [2b457fd8f20] IAT C:\WINDOWS\system32\DllHost.exe[7144] @ C:\WINDOWS\system32\CRYPTBASE.DLL[ntdll.dll!NtClose] [2b457fd89e0] IAT C:\WINDOWS\system32\DllHost.exe[7144] @ C:\WINDOWS\system32\WININET.dll[ntdll.dll!NtSetInformationFile] [2b457fd9534] IAT C:\WINDOWS\system32\DllHost.exe[7144] @ C:\WINDOWS\system32\WININET.dll[ntdll.dll!NtClose] [2b457fd89e0] IAT C:\WINDOWS\system32\DllHost.exe[7144] @ C:\WINDOWS\system32\WININET.dll[ntdll.dll!NtQueryVolumeInformationFile] [2b457fd93a8] IAT C:\WINDOWS\system32\DllHost.exe[7144] @ C:\WINDOWS\system32\WININET.dll[ntdll.dll!NtCreateFile] [2b457fd8a4c] IAT C:\WINDOWS\system32\DllHost.exe[7144] @ C:\WINDOWS\System32\CRYPT32.dll[ntdll.dll!NtQueryInformationFile] [2b457fd92c8] IAT C:\WINDOWS\system32\ApplicationFrameHost.exe[5748] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtQueryVolumeInformationFile] [23e47f193a8] IAT C:\WINDOWS\system32\ApplicationFrameHost.exe[5748] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtOpenFile] [23e47f18f20] IAT C:\WINDOWS\system32\ApplicationFrameHost.exe[5748] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtClose] [23e47f189e0] IAT C:\WINDOWS\system32\ApplicationFrameHost.exe[5748] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtQueryInformationFile] [23e47f192c8] IAT C:\WINDOWS\system32\ApplicationFrameHost.exe[5748] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtSetInformationFile] [23e47f19534] IAT C:\WINDOWS\system32\ApplicationFrameHost.exe[5748] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtCreateFile] [23e47f18a4c] IAT C:\WINDOWS\system32\ApplicationFrameHost.exe[5748] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtLockFile] [23e47f18e2c] IAT C:\WINDOWS\system32\ApplicationFrameHost.exe[5748] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtUnlockFile] [23e47f197f4] IAT C:\WINDOWS\system32\ApplicationFrameHost.exe[5748] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtReadFile] [23e47f193f0] IAT C:\WINDOWS\system32\ApplicationFrameHost.exe[5748] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtWriteFile] [23e47f198a0] IAT C:\WINDOWS\system32\ApplicationFrameHost.exe[5748] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtQueryDirectoryFile] [23e47f19124] IAT C:\WINDOWS\system32\ApplicationFrameHost.exe[5748] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!NtDeviceIoControlFile] [23e47f18ce4] IAT C:\WINDOWS\system32\ApplicationFrameHost.exe[5748] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!ZwClose] [23e47f189e0] IAT C:\WINDOWS\system32\ApplicationFrameHost.exe[5748] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!ZwCreateFile] [23e47f18a4c] IAT C:\WINDOWS\system32\ApplicationFrameHost.exe[5748] @ C:\WINDOWS\System32\KERNEL32.DLL[ntdll.dll!ZwQueryInformationFile] [23e47f192c8] IAT C:\WINDOWS\system32\ApplicationFrameHost.exe[5748] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtQueryInformationFile] [23e47f192c8] IAT C:\WINDOWS\system32\ApplicationFrameHost.exe[5748] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtOpenFile] [23e47f18f20] IAT C:\WINDOWS\system32\ApplicationFrameHost.exe[5748] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtSetInformationFile] [23e47f19534] IAT C:\WINDOWS\system32\ApplicationFrameHost.exe[5748] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtQueryVolumeInformationFile] [23e47f193a8] IAT C:\WINDOWS\system32\ApplicationFrameHost.exe[5748] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtCreateFile] [23e47f18a4c] IAT C:\WINDOWS\system32\ApplicationFrameHost.exe[5748] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtQueryDirectoryFile] [23e47f19124] IAT C:\WINDOWS\system32\ApplicationFrameHost.exe[5748] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!ZwClose] [23e47f189e0] IAT C:\WINDOWS\system32\ApplicationFrameHost.exe[5748] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtDeviceIoControlFile] [23e47f18ce4] IAT C:\WINDOWS\system32\ApplicationFrameHost.exe[5748] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtClose] [23e47f189e0] IAT C:\WINDOWS\system32\ApplicationFrameHost.exe[5748] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtReadFile] [23e47f193f0] IAT C:\WINDOWS\system32\ApplicationFrameHost.exe[5748] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtWriteFile] [23e47f198a0] IAT C:\WINDOWS\system32\ApplicationFrameHost.exe[5748] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtLockFile] [23e47f18e2c] IAT C:\WINDOWS\system32\ApplicationFrameHost.exe[5748] @ C:\WINDOWS\System32\KERNELBASE.dll[ntdll.dll!NtUnlockFile] [23e47f197f4] IAT C:\WINDOWS\system32\ApplicationFrameHost.exe[5748] @ C:\WINDOWS\System32\RPCRT4.dll[ntdll.dll!NtQueryVolumeInformationFile] [23e47f193a8] IAT C:\WINDOWS\system32\ApplicationFrameHost.exe[5748] @ C:\WINDOWS\System32\RPCRT4.dll[ntdll.dll!NtClose] [23e47f189e0] IAT C:\WINDOWS\system32\ApplicationFrameHost.exe[5748] @ C:\WINDOWS\System32\RPCRT4.dll[ntdll.dll!NtWriteFile] [23e47f198a0] IAT C:\WINDOWS\system32\ApplicationFrameHost.exe[5748] @ C:\WINDOWS\System32\RPCRT4.dll[ntdll.dll!NtReadFile] [23e47f193f0] IAT C:\WINDOWS\system32\ApplicationFrameHost.exe[5748] @ C:\WINDOWS\System32\RPCRT4.dll[ntdll.dll!NtSetInformationFile] [23e47f19534] IAT C:\WINDOWS\system32\ApplicationFrameHost.exe[5748] @ C:\WINDOWS\System32\bcryptPrimitives.dll[ntdll.dll!NtClose] [23e47f189e0] IAT C:\WINDOWS\system32\ApplicationFrameHost.exe[5748] @ C:\WINDOWS\System32\bcryptPrimitives.dll[ntdll.dll!NtOpenFile] [23e47f18f20] IAT C:\WINDOWS\system32\ApplicationFrameHost.exe[5748] @ C:\WINDOWS\System32\kernel.appcore.dll[ntdll.dll!NtClose] [23e47f189e0] IAT C:\WINDOWS\system32\ApplicationFrameHost.exe[5748] @ C:\WINDOWS\System32\SHCORE.dll[ntdll.dll!NtCreateFile] [23e47f18a4c] IAT C:\WINDOWS\system32\ApplicationFrameHost.exe[5748] @ C:\WINDOWS\System32\gdi32full.dll[ntdll.dll!NtQueryInformationFile] [23e47f192c8] IAT C:\WINDOWS\system32\ApplicationFrameHost.exe[5748] @ C:\WINDOWS\System32\gdi32full.dll[ntdll.dll!NtOpenFile] [23e47f18f20] IAT C:\WINDOWS\system32\ApplicationFrameHost.exe[5748] @ C:\WINDOWS\System32\gdi32full.dll[ntdll.dll!NtClose] [23e47f189e0] IAT C:\WINDOWS\system32\ApplicationFrameHost.exe[5748] @ C:\WINDOWS\System32\USER32.dll[ntdll.dll!NtClose] [23e47f189e0] IAT C:\WINDOWS\system32\ApplicationFrameHost.exe[5748] @ C:\WINDOWS\System32\sechost.dll[ntdll.dll!NtClose] [23e47f189e0] IAT C:\WINDOWS\system32\ApplicationFrameHost.exe[5748] @ C:\WINDOWS\System32\sechost.dll[ntdll.dll!NtQueryInformationFile] [23e47f192c8] IAT C:\WINDOWS\system32\ApplicationFrameHost.exe[5748] @ C:\WINDOWS\System32\twinapi.appcore.dll[ntdll.dll!NtClose] [23e47f189e0] IAT C:\WINDOWS\system32\ApplicationFrameHost.exe[5748] @ C:\WINDOWS\System32\UxTheme.dll[ntdll.dll!NtClose] [23e47f189e0] IAT C:\WINDOWS\system32\ApplicationFrameHost.exe[5748] @ C:\WINDOWS\System32\CRYPT32.dll[ntdll.dll!NtQueryInformationFile] [23e47f192c8] IAT C:\WINDOWS\system32\ApplicationFrameHost.exe[5748] @ C:\WINDOWS\System32\bcrypt.dll[ntdll.dll!NtClose] [23e47f189e0] IAT C:\WINDOWS\system32\ApplicationFrameHost.exe[5748] @ C:\WINDOWS\System32\bcrypt.dll[ntdll.dll!NtDeviceIoControlFile] [23e47f18ce4] IAT C:\WINDOWS\system32\ApplicationFrameHost.exe[5748] @ C:\WINDOWS\System32\bcrypt.dll[ntdll.dll!NtOpenFile] [23e47f18f20] IAT C:\WINDOWS\system32\ApplicationFrameHost.exe[5748] @ C:\WINDOWS\System32\MSCTF.dll[ntdll.dll!NtWriteFile] [23e47f198a0] IAT C:\WINDOWS\system32\ApplicationFrameHost.exe[5748] @ C:\WINDOWS\System32\MSCTF.dll[ntdll.dll!NtCreateFile] [23e47f18a4c] IAT C:\WINDOWS\system32\ApplicationFrameHost.exe[5748] @ C:\WINDOWS\System32\MSCTF.dll[ntdll.dll!NtClose] [23e47f189e0] IAT C:\WINDOWS\system32\ApplicationFrameHost.exe[5748] @ C:\WINDOWS\System32\SHELL32.dll[ntdll.dll!NtQueryVolumeInformationFile] [23e47f193a8] IAT C:\WINDOWS\system32\ApplicationFrameHost.exe[5748] @ C:\WINDOWS\System32\SHELL32.dll[ntdll.dll!NtOpenFile] [23e47f18f20] IAT C:\WINDOWS\system32\ApplicationFrameHost.exe[5748] @ C:\WINDOWS\System32\SHELL32.dll[ntdll.dll!NtSetInformationFile] [23e47f19534] IAT C:\WINDOWS\system32\ApplicationFrameHost.exe[5748] @ C:\WINDOWS\System32\SHELL32.dll[ntdll.dll!NtClose] [23e47f189e0] IAT C:\WINDOWS\system32\ApplicationFrameHost.exe[5748] @ C:\WINDOWS\System32\SHELL32.dll[ntdll.dll!NtCreateFile] [23e47f18a4c] IAT C:\WINDOWS\system32\ApplicationFrameHost.exe[5748] @ C:\WINDOWS\System32\SHELL32.dll[ntdll.dll!NtQueryInformationFile] [23e47f192c8] IAT C:\WINDOWS\system32\ApplicationFrameHost.exe[5748] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtClose] [23e47f189e0] IAT C:\WINDOWS\system32\ApplicationFrameHost.exe[5748] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtCreateFile] [23e47f18a4c] IAT C:\WINDOWS\system32\ApplicationFrameHost.exe[5748] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtQueryInformationFile] [23e47f192c8] IAT C:\WINDOWS\system32\ApplicationFrameHost.exe[5748] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtQueryDirectoryFile] [23e47f19124] IAT C:\WINDOWS\system32\ApplicationFrameHost.exe[5748] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtQueryVolumeInformationFile] [23e47f193a8] IAT C:\WINDOWS\system32\ApplicationFrameHost.exe[5748] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtOpenFile] [23e47f18f20] IAT C:\WINDOWS\system32\ApplicationFrameHost.exe[5748] @ C:\WINDOWS\System32\windows.storage.dll[ntdll.dll!NtSetInformationFile] [23e47f19534] IAT C:\WINDOWS\system32\ApplicationFrameHost.exe[5748] @ C:\WINDOWS\system32\WININET.dll[ntdll.dll!NtSetInformationFile] [23e47f19534] IAT C:\WINDOWS\system32\ApplicationFrameHost.exe[5748] @ C:\WINDOWS\system32\WININET.dll[ntdll.dll!NtClose] [23e47f189e0] IAT C:\WINDOWS\system32\ApplicationFrameHost.exe[5748] @ C:\WINDOWS\system32\WININET.dll[ntdll.dll!NtQueryVolumeInformationFile] [23e47f193a8] IAT C:\WINDOWS\system32\ApplicationFrameHost.exe[5748] @ C:\WINDOWS\system32\WININET.dll[ntdll.dll!NtCreateFile] [23e47f18a4c] ---- Threads - GMER 2.2 ---- Thread C:\WINDOWS\system32\csrss.exe [672:696] ffffc5d25e136c20 Thread C:\WINDOWS\system32\svchost.exe [860:4268] 000001f9c61091bc Thread C:\WINDOWS\system32\svchost.exe [860:2612] 000001f9c6106624 Thread C:\WINDOWS\system32\svchost.exe [860:3288] 000001f9c6118514 Thread C:\WINDOWS\system32\svchost.exe [860:3292] 000001f9c61181cc Thread C:\WINDOWS\system32\svchost.exe [860:5376] 000001f9c6117f18 Thread C:\WINDOWS\system32\svchost.exe [860:5280] 000001f9c6117f18 Thread C:\WINDOWS\system32\svchost.exe [860:5792] 000001f9c6117f18 Thread C:\WINDOWS\system32\svchost.exe [860:7356] 000001f9c6117f18 Thread C:\WINDOWS\system32\svchost.exe [860:8004] 000001f9c6117f18 Thread C:\WINDOWS\system32\svchost.exe [860:6404] 000001f9c6117f18 Thread C:\WINDOWS\system32\svchost.exe [860:332] 000001f9c6117f18 Thread C:\WINDOWS\system32\svchost.exe [860:1236] 000001f9c6117f18 Thread C:\WINDOWS\system32\svchost.exe [860:5100] 000001f9c6117f18 Thread C:\WINDOWS\system32\svchost.exe [860:7444] 000001f9c6117f18 Thread C:\WINDOWS\system32\svchost.exe [860:7404] 000001f9c6117f18 Thread C:\WINDOWS\system32\svchost.exe [860:7408] 000001f9c6117f18 Thread C:\WINDOWS\system32\svchost.exe [860:3408] 000001f9c6117f18 Thread C:\WINDOWS\system32\svchost.exe [860:7836] 000001f9c6117f18 Thread C:\WINDOWS\system32\svchost.exe [860:7188] 000001f9c6117f18 Thread C:\WINDOWS\system32\svchost.exe [860:1576] 000001f9c6117f18 Thread C:\WINDOWS\system32\svchost.exe [860:2336] 000001f9c6117f18 Thread C:\WINDOWS\system32\svchost.exe [860:220] 000001f9c6117f18 Thread C:\WINDOWS\system32\svchost.exe [860:7788] 000001f9c6117f18 Thread C:\WINDOWS\system32\svchost.exe [860:7220] 000001f9c6117f18 Thread C:\WINDOWS\system32\svchost.exe [860:1744] 000001f9c6117f18 Thread C:\WINDOWS\system32\svchost.exe [860:7464] 000001f9c6117f18 Thread C:\WINDOWS\system32\svchost.exe [860:3772] 000001f9c6117f18 Thread C:\WINDOWS\system32\svchost.exe [860:4148] 000001f9c6117f18 Thread C:\WINDOWS\system32\svchost.exe [860:7948] 000001f9c6117f18 Thread C:\WINDOWS\system32\svchost.exe [860:7328] 000001f9c6117f18 Thread C:\WINDOWS\system32\svchost.exe [860:8196] 000001f9c6117f18 Thread C:\WINDOWS\system32\svchost.exe [860:8268] 000001f9c6117f18 Thread C:\WINDOWS\system32\svchost.exe [860:8328] 000001f9c6117f18 Thread C:\WINDOWS\system32\svchost.exe [860:8364] 000001f9c6117f18 Thread C:\WINDOWS\system32\svchost.exe [860:8952] 000001f9c6117f18 Thread C:\WINDOWS\system32\svchost.exe [860:9036] 000001f9c6117f18 Thread C:\WINDOWS\system32\svchost.exe [860:9052] 000001f9c6117f18 Thread C:\WINDOWS\system32\svchost.exe [860:9056] 000001f9c610c6a8 Thread C:\WINDOWS\system32\svchost.exe [860:9060] 000001f9c612ea8c Thread C:\WINDOWS\system32\svchost.exe [860:9064] 000001f9c612e5a0 Thread C:\WINDOWS\system32\svchost.exe [860:9068] 000001f9c6107574 Thread C:\WINDOWS\system32\svchost.exe [860:9072] 000001f9c613aeac Thread C:\WINDOWS\system32\svchost.exe [860:9108] 000001f9c611f334 Thread C:\WINDOWS\system32\svchost.exe [860:9156] 000001f9c611f654 Thread C:\WINDOWS\system32\svchost.exe [860:8228] 000001f9c6117f18 Thread C:\WINDOWS\system32\svchost.exe [860:5868] 000001f9c6117f18 Thread C:\WINDOWS\system32\svchost.exe [860:2196] 000001f9c6117f18 Thread C:\WINDOWS\system32\svchost.exe [860:972] 000001f9c6117f18 Thread C:\WINDOWS\system32\svchost.exe [860:7932] 000001f9c6117f18 Thread C:\WINDOWS\system32\svchost.exe [860:8124] 000001f9c6117f18 Thread C:\WINDOWS\system32\svchost.exe [860:444] 000001f9c6117f18 Thread C:\WINDOWS\system32\svchost.exe [860:1572] 000001f9c6117f18 Thread C:\WINDOWS\system32\svchost.exe [860:7300] 000001f9c6117f18 Thread C:\WINDOWS\system32\svchost.exe [860:6024] 000001f9c6117f18 Thread C:\WINDOWS\system32\svchost.exe [860:8804] 000001f9c6117f18 Thread C:\WINDOWS\system32\svchost.exe [860:7824] 000001f9c6117f18 Thread C:\WINDOWS\system32\svchost.exe [860:8780] 000001f9c6117f18 Thread C:\WINDOWS\system32\svchost.exe [860:7376] 000001f9c6117f18 Thread C:\WINDOWS\system32\svchost.exe [860:5460] 000001f9c6117f18 Thread C:\WINDOWS\system32\svchost.exe [860:6908] 000001f9c6117f18 Thread C:\WINDOWS\system32\svchost.exe [860:6400] 000001f9c6117f18 Thread C:\WINDOWS\system32\svchost.exe [860:7108] 000001f9c6117f18 Thread C:\WINDOWS\system32\svchost.exe [860:8600] 000001f9c6117f18 Thread C:\WINDOWS\system32\dwm.exe [68:2500] 000001d914e9f56c Thread C:\WINDOWS\system32\dwm.exe [68:6256] 000001d914e92d9c Thread C:\WINDOWS\system32\dwm.exe [68:7448] 000001d914ea0cc4 Thread C:\WINDOWS\system32\dwm.exe [68:5328] 000001d914e9ed18 Thread C:\WINDOWS\system32\svchost.exe [576:7964] 0000022ca21099cc Thread C:\WINDOWS\system32\svchost.exe [576:5848] 0000022ca21091bc Thread C:\WINDOWS\system32\svchost.exe [464:8292] 000002004c5d91bc Thread C:\Windows\System32\WUDFHost.exe [1140:6220] 000001b31f29f56c Thread C:\Windows\System32\WUDFHost.exe [1140:6212] 000001b31f292d9c Thread C:\Windows\System32\WUDFHost.exe [1140:6248] 000001b31f2a0cc4 Thread C:\Windows\System32\WUDFHost.exe [1140:7504] 000001b31f29ed18 Thread C:\WINDOWS\system32\svchost.exe [1680:8400] 0000029e06b091bc Thread C:\WINDOWS\System32\spoolsv.exe [1800:7840] 0000000001eaf56c Thread C:\WINDOWS\System32\spoolsv.exe [1800:5720] 0000000001ea2d9c Thread C:\WINDOWS\System32\spoolsv.exe [1800:7784] 0000000001eb0cc4 Thread C:\WINDOWS\System32\spoolsv.exe [1800:7796] 0000000001eaed18 Thread C:\WINDOWS\system32\dashost.exe [1964:760] 00000244a730f56c Thread C:\WINDOWS\system32\dashost.exe [1964:904] 00000244a7302d9c Thread C:\WINDOWS\system32\dashost.exe [1964:8056] 00000244a7310cc4 Thread C:\WINDOWS\system32\dashost.exe [1964:8156] 00000244a730ed18 Thread C:\Windows\System32\WUDFHost.exe [1972:6424] 00000255a673f56c Thread C:\Windows\System32\WUDFHost.exe [1972:3992] 00000255a6732d9c Thread C:\Windows\System32\WUDFHost.exe [1972:7352] 00000255a6740cc4 Thread C:\Windows\System32\WUDFHost.exe [1972:8052] 00000255a673ed18 Thread C:\WINDOWS\system32\sihost.exe [2236:7216] 0000021792fbf56c Thread C:\WINDOWS\system32\sihost.exe [2236:1812] 0000021792fb2d9c Thread C:\WINDOWS\system32\sihost.exe [2236:4856] 0000021792fc0cc4 Thread C:\WINDOWS\system32\sihost.exe [2236:2672] 0000021792fbed18 Thread C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2304:7488] 000000000091f56c Thread C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2304:7576] 0000000000912d9c Thread C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2304:5160] 0000000000920cc4 Thread C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2304:3576] 000000000091ed18 Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2664:5784] 0000000000169bcf Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2664:7528] 00000000001607a2 Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2664:6068] 000000000016acea Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2664:5832] 000000000016943d Thread C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2764:788] 0000000000d69bcf Thread C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2764:736] 0000000000d607a2 Thread C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2764:792] 0000000000d6acea Thread C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2764:420] 0000000000d6943d Thread C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2776:1000] 00000000012ef56c Thread C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2776:7608] 00000000012e2d9c Thread C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2776:1344] 00000000012f0cc4 Thread C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2776:8092] 00000000012eed18 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL12.BIZNESMENPRO\MSSQL\Binn\sqlservr.exe [2824:8372] 000000000f619bcf Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL12.BIZNESMENPRO\MSSQL\Binn\sqlservr.exe [2824:8376] 000000000f6107a2 Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL12.BIZNESMENPRO\MSSQL\Binn\sqlservr.exe [2824:8380] 000000000f61acea Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL12.BIZNESMENPRO\MSSQL\Binn\sqlservr.exe [2824:8396] 000000000f61943d Thread C:\WINDOWS\Explorer.EXE [3312:5148] 0000000000cef56c Thread C:\WINDOWS\Explorer.EXE [3312:3296] 0000000000ce2d9c Thread C:\WINDOWS\Explorer.EXE [3312:4400] 0000000000cf0cc4 Thread C:\WINDOWS\Explorer.EXE [3312:3904] 0000000000ceed18 Thread C:\Windows\System32\RuntimeBroker.exe [3884:8212] 0000027663c3f56c Thread C:\Windows\System32\RuntimeBroker.exe [3884:8216] 0000027663c32d9c Thread C:\Windows\System32\RuntimeBroker.exe [3884:8220] 0000027663c40cc4 Thread C:\Windows\System32\RuntimeBroker.exe [3884:8224] 0000027663c3ed18 Thread C:\WINDOWS\system32\taskhostw.exe [4460:7752] 0000019a0cacf56c Thread C:\WINDOWS\system32\taskhostw.exe [4460:3496] 0000019a0cac2d9c Thread C:\WINDOWS\system32\taskhostw.exe [4460:7524] 0000019a0cad0cc4 Thread C:\WINDOWS\system32\taskhostw.exe [4460:8120] 0000019a0caced18 Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [4584:8336] 0000021b7b64f56c Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [4584:8340] 0000021b7b642d9c Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [4584:8344] 0000021b7b650cc4 Thread C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [4584:8356] 0000021b7b64ed18 Thread C:\WINDOWS\system32\SearchIndexer.exe [4624:8276] 0000024925f6f56c Thread C:\WINDOWS\system32\SearchIndexer.exe [4624:8280] 0000024925f62d9c Thread C:\WINDOWS\system32\SearchIndexer.exe [4624:8284] 0000024925f70cc4 Thread C:\WINDOWS\system32\SearchIndexer.exe [4624:8288] 0000024925f6ed18 Thread C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [1280:6548] 000001fbae81f56c Thread C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [1280:6540] 000001fbae812d9c Thread C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [1280:6564] 000001fbae820cc4 Thread C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [1280:6568] 000001fbae81ed18 Thread C:\Windows\System32\smartscreen.exe [7044:9080] 00000193865af56c Thread C:\Windows\System32\smartscreen.exe [7044:9084] 00000193865a2d9c Thread C:\Windows\System32\smartscreen.exe [7044:9088] 00000193865b0cc4 Thread C:\Windows\System32\smartscreen.exe [7044:9092] 00000193865aed18 Thread C:\WINDOWS\system32\wbem\wmiprvse.exe [7452:7944] 000001d0a2e5f56c Thread C:\WINDOWS\system32\wbem\wmiprvse.exe [7452:7308] 000001d0a2e52d9c Thread C:\WINDOWS\system32\wbem\wmiprvse.exe [7452:7732] 000001d0a2e60cc4 Thread C:\WINDOWS\system32\wbem\wmiprvse.exe [7452:6464] 000001d0a2e5ed18 Thread C:\WINDOWS\system32\conhost.exe [5140:7264] 00000237e7f2f56c Thread C:\WINDOWS\system32\conhost.exe [5140:7240] 00000237e7f22d9c Thread C:\WINDOWS\system32\conhost.exe [5140:7232] 00000237e7f30cc4 Thread C:\WINDOWS\system32\conhost.exe [5140:7380] 00000237e7f2ed18 Thread C:\Windows\System32\InstallAgent.exe [8508:8172] 0000026713d4f56c Thread C:\Windows\System32\InstallAgent.exe [8508:7256] 0000026713d42d9c Thread C:\Windows\System32\InstallAgent.exe [8508:6344] 0000026713d50cc4 Thread C:\Windows\System32\InstallAgent.exe [8508:8788] 0000026713d4ed18 Thread C:\Windows\System32\InstallAgentUserBroker.exe [8560:8772] 000001ace3d4f56c Thread C:\Windows\System32\InstallAgentUserBroker.exe [8560:8848] 000001ace3d42d9c Thread C:\Windows\System32\InstallAgentUserBroker.exe [8560:8836] 000001ace3d50cc4 Thread C:\Windows\System32\InstallAgentUserBroker.exe [8560:9020] 000001ace3d4ed18 Thread C:\WINDOWS\system32\DllHost.exe [7144:9048] 000002b457fcf56c Thread C:\WINDOWS\system32\DllHost.exe [7144:6916] 000002b457fc2d9c Thread C:\WINDOWS\system32\DllHost.exe [7144:2600] 000002b457fd0cc4 Thread C:\WINDOWS\system32\DllHost.exe [7144:6920] 000002b457fced18 Thread C:\WINDOWS\system32\ApplicationFrameHost.exe [5748:7492] 0000023e47f0f56c Thread C:\WINDOWS\system32\ApplicationFrameHost.exe [5748:7172] 0000023e47f02d9c Thread C:\WINDOWS\system32\ApplicationFrameHost.exe [5748:6176] 0000023e47f10cc4 Thread C:\WINDOWS\system32\ApplicationFrameHost.exe [5748:6684] 0000023e47f0ed18 Thread C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe [7852:7940] 000001e7f144f56c Thread C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe [7852:8352] 000001e7f1442d9c Thread C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe [7852:7224] 000001e7f1450cc4 Thread C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe [7852:3584] 000001e7f144ed18 Thread C:\WINDOWS\system32\DllHost.exe [1940:7500] 0000025bc1f425bc Thread C:\WINDOWS\system32\DllHost.exe [2884:5324] 000001756d5e25bc ---- Processes - GMER 2.2 ---- Library C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe (*** suspicious ***) @ C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2384] 00007ff6cada0000 Library C:\Program Files\Common Files\Microsoft Shared\ClickToRun\VCRUNTIME140.dll (*** suspicious ***) @ C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2384] 00007ffc3a3f0000 Library C:\Program Files\Common Files\Microsoft Shared\ClickToRun\MSVCP140.dll (*** suspicious ***) @ C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2384] 00007ffc3a350000 Library C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll (*** suspicious ***) @ C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2384] 00007ffc3a270000 Library C:\Program Files\Common Files\Microsoft Shared\ClickToRun\mso20win32client.dll (*** suspicious ***) @ C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2384] 00007ffc39e80000 Library C:\Program Files\Common Files\Microsoft Shared\ClickToRun\mso30win32client.dll (*** suspicious ***) @ C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2384] 00007ffc39880000 Library C:\Program Files\Common Files\Microsoft Shared\ClickToRun\mso40uiwin32client.dll (*** suspicious ***) @ C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2384] 00007ffc38fa0000 Library C:\Program Files\Common Files\Microsoft Shared\ClickToRun\StreamServer.dll (*** suspicious ***) @ C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2384] 00007ffc34900000 Library C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIsvApi.dll (*** suspicious ***) @ C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2384] 00007ffc34800000 Library C:\Program Files\Common Files\Microsoft Shared\ClickToRun\APPVPOLICY.dll (*** suspicious ***) @ C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2384] 00007ffc346c0000 Library C:\Program Files\Common Files\Microsoft Shared\ClickToRun\MSVCP120.dll (*** suspicious ***) @ C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2384] 00007ffc34610000 Library C:\Program Files\Common Files\Microsoft Shared\ClickToRun\MSVCR120.dll (*** suspicious ***) @ C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2384] 00007ffc34520000 Library C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVOrchestration.dll (*** suspicious ***) @ C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2384] 00007ffc34430000 Library C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIsvStreamingManager.dll (*** suspicious ***) @ C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2384] 00007ffc343f0000 Library C:\Program Files\Common Files\Microsoft Shared\ClickToRun\APPVMANIFEST.dll (*** suspicious ***) @ C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2384] 00007ffc342c0000 Library C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVCatalog.dll (*** suspicious ***) @ C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2384] 00007ffc34210000 Library C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIsvVirtualization.dll (*** suspicious ***) @ C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2384] 00007ffc34180000 Library C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIntegration.dll (*** suspicious ***) @ C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2384] 00007ffc33f70000 Library C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVIsvSubsystemController.dll (*** suspicious ***) @ C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2384] 00007ffc33d10000 Library C:\Program Files\Common Files\Microsoft Shared\ClickToRun\APPVFILESYSTEMMETADATA.dll (*** suspicious ***) @ C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2384] 00007ffc33be0000 Library C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL (*** suspicious ***) @ C:\WINDOWS\Explorer.EXE [3312] 00007ffc446f0000 Library C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\MSVCP140.dll (*** suspicious ***) @ C:\WINDOWS\Explorer.EXE [3312] 00007ffc45190000 Library C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\VCRUNTIME140.dll (*** suspicious ***) @ C:\WINDOWS\Explorer.EXE [3312] 00007ffc45230000 Library C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1045\GrooveIntlResource.dll (*** suspicious ***) @ C:\WINDOWS\Explorer.EXE [3312] 0000000008b60000 Library C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\msoshext.dll (*** suspicious ***) @ C:\WINDOWS\Explorer.EXE [3312] 00007ffc28210000 Library C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe (*** suspicious ***) @ C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8724] 00007ff6cada0000 Library C:\Program Files\Common Files\Microsoft Shared\ClickToRun\VCRUNTIME140.dll (*** suspicious ***) @ C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8724] 00007ffc3a3f0000 Library C:\Program Files\Common Files\Microsoft Shared\ClickToRun\MSVCP140.dll (*** suspicious ***) @ C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8724] 00007ffc3a350000 Library C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll (*** suspicious ***) @ C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8724] 00007ffc3a270000 Library C:\Program Files\Common Files\Microsoft Shared\ClickToRun\mso20win32client.dll (*** suspicious ***) @ C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8724] 00007ffc39e80000 Library C:\Program Files\Common Files\Microsoft Shared\ClickToRun\mso30win32client.dll (*** suspicious ***) @ C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8724] 00007ffc39880000 Library C:\Program Files\Common Files\Microsoft Shared\ClickToRun\mso40uiwin32client.dll (*** suspicious ***) @ C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8724] 00007ffc38fa0000 Library C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2RUI.pl-pl.dll (*** suspicious ***) @ C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8724] 00007ffc294f0000 Library C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVShNotify.exe (*** suspicious ***) @ C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVShNotify.exe [2976] 00007ff67c920000 Library C:\Program Files\Common Files\Microsoft Shared\ClickToRun\MSVCP120.dll (*** suspicious ***) @ C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVShNotify.exe [2976] 00007ffc34610000 Library C:\Program Files\Common Files\Microsoft Shared\ClickToRun\MSVCR120.dll (*** suspicious ***) @ C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVShNotify.exe [2976] 00007ffc34520000 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\BackupRestore\FilesNotToSnapshot@OfficeODC $UserProfile$\AppData\Local\Microsoft\Office\16.0\OfficeFileCache\*.fsf?$UserProfile$\AppData\Local\Microsoft\Office\16.0\OfficeFileCache\*.fsd?$UserProfile$\Local Settings\Application Data\Office\16.0\OfficeFileCache\*.fsd?$UserProfile$\Local Settings\Application Data\Office\16.0\OfficeFileCache\*.fsf?$UserProfile$\AppData\Local\Microsoft\Office\16.0\OfficeFileCache\LocalCacheFileEditManager\*.fsf?$UserProfile$\AppData\Local\Microsoft\Office\16.0\OfficeFileCache\LocalCacheFileEditManager\*.fsd?$UserProfile$\Local Settings\Application Data\Office\16.0\OfficeFileCache\LocalCacheFileEditManager\*.fsd?$UserProfile$\Local Settings\Application Data\Office\16.0\OfficeFileCache\LocalCacheFileEditManager\*.fsf?$UserProfile$\AppData\Local\Microsoft\Office\16.0\OfficeFileCache\*.*?$UserProfile$\Local Settings\Application Data\Office\16.0\OfficeFileCache\*.*?$UserProfile$\AppData\Local\Microsoft\Office\16.0\OfficeFileCache\*.fsf?$UserProfile$\AppData\Local\Microsoft\Office\16.0\OfficeFileCache\*.fsd?$UserProfile$\Local Reg HKLM\SYSTEM\CurrentControlSet\Control\BackupRestore\FilesNotToSnapshot@OutlookOST $UserProfile$\AppData\Local\Microsoft\Outlook\*.ost? Reg HKLM\SYSTEM\CurrentControlSet\Control\BackupRestore\FilesNotToSnapshot@OutlookOAB $UserProfile$\AppData\Local\Microsoft\Outlook\*.oab? Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@SystemStartTime 0xB0 0xC6 0xC3 0x39 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@SystemLastStartTime 0x21 0x73 0x9A 0x49 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@CMFStartTime 0x5F 0x29 0xC6 0x39 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@CMFLastStartTime 0x21 0x73 0x9A 0x49 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData\BootLanguages@pl-PL 26 Reg HKLM\SYSTEM\CurrentControlSet\Control\GraphicsDrivers\Configuration\LGD04680_00_07DE_B3^FEB763481A6B0B17D74C28BDD1579FD6@Timestamp 0xBA 0xEF 0x0B 0x3A ... Reg HKLM\SYSTEM\CurrentControlSet\Control\Lsa@LsaPid 768 Reg HKLM\SYSTEM\CurrentControlSet\Control\MUI\StringCacheSettings@StringCacheGeneration 124 Reg HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-4\Send to Microsoft OneNote 16 Driver Reg HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-4\Send to Microsoft OneNote 16 Driver@Dependent Files SendToOneNote-manifest.ini?SendToOneNote-pipelineconfig.xml?SendToOneNoteNames.gpd?SendToOneNoteFilter.dll?ntprint|UNIRES.DLL?ntprint|STDNAMES.GPD?ntprint|MSXPSINC.GPD? Reg HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-4\Send to Microsoft OneNote 16 Driver@Configuration File Reg HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-4\Send to Microsoft OneNote 16 Driver@Data File SendToOneNote.gpd Reg HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-4\Send to Microsoft OneNote 16 Driver@Driver Reg HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-4\Send to Microsoft OneNote 16 Driver@Help File Reg HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-4\Send to Microsoft OneNote 16 Driver@Monitor Reg HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-4\Send to Microsoft OneNote 16 Driver@Datatype Reg HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-4\Send to Microsoft OneNote 16 Driver@Previous Names ? Reg HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-4\Send to Microsoft OneNote 16 Driver@Version 4 Reg HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-4\Send to Microsoft OneNote 16 Driver@TempDir 0 Reg HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-4\Send to Microsoft OneNote 16 Driver@Attributes 2 Reg HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-4\Send to Microsoft OneNote 16 Driver@Manufacturer Microsoft Reg HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-4\Send to Microsoft OneNote 16 Driver@OEM URL Reg HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-4\Send to Microsoft OneNote 16 Driver@HardwareID {3ee39114-30b4-45a4-a109-19d4a40fcc22} Reg HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-4\Send to Microsoft OneNote 16 Driver@Provider Microsoft Reg HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-4\Send to Microsoft OneNote 16 Driver@Print Processor Reg HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-4\Send to Microsoft OneNote 16 Driver@VendorSetup Reg HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-4\Send to Microsoft OneNote 16 Driver@ColorProfiles ? Reg HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-4\Send to Microsoft OneNote 16 Driver@Base Driver Reg HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-4\Send to Microsoft OneNote 16 Driver@PrinterDriverID {3EE39114-30B4-45A4-A109-19D4A40FCC22} Reg HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-4\Send to Microsoft OneNote 16 Driver@App Registration ? Reg HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-4\Send to Microsoft OneNote 16 Driver@InfPath C:\WINDOWS\System32\DriverStore\FileRepository\prnms006.inf_amd64_2f92130612032712\prnms006.inf Reg HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-4\Send to Microsoft OneNote 16 Driver@PrinterDriverAttributes 259 Reg HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-4\Send to Microsoft OneNote 16 Driver@LastServicedBuild 14393 Reg HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-4\Send to Microsoft OneNote 16 Driver@CoreDependencies ? Reg HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-4\Send to Microsoft OneNote 16 Driver@DriverDate 04/29/2013 Reg HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-4\Send to Microsoft OneNote 16 Driver@DriverVersion 16.0.1626.4000 Reg HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-4\Send to Microsoft OneNote 16 Driver@MinInboxDriverVerDate 01/01/1601 Reg HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-4\Send to Microsoft OneNote 16 Driver@MinInboxDriverVerVersion 0.0.0.0 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@PendingFileRenameOperations \??\C:\WINDOWS\TEMP\OfficeTempE248B544-EF53-45E7-9FDF-4A7BC141360A\msvcp140.dll.ec35bae.bak??\??\C:\WINDOWS\TEMP\OfficeTempE248B544-EF53-45E7-9FDF-4A7BC141360A\msoshext.dll.d48f3d9.bak??\??\C:\WINDOWS\TEMP\OfficeTempE248B544-EF53-45E7-9FDF-4A7BC141360A\vcruntime140.dll.4af8b77.bak??\??\C:\WINDOWS\TEMP\OfficeTempE248B544-EF53-45E7-9FDF-4A7BC141360A\office.odf.b6e782d.bak??\??\C:\WINDOWS\TEMP\OfficeTempE248B544-EF53-45E7-9FDF-4A7BC141360A\grooveex.dll.bak??\??\C:\WINDOWS\TEMP\OfficeTempE248B544-EF53-45E7-9FDF-4A7BC141360A\grooveintlresource.dll.bak??\??\C:\WINDOWS\system32\spool\V4Dirs\D2433986-3F2A-4E99-B053-5568E825C305\94766af2.BUD??\??\C:\WINDOWS\system32\spool\V4Dirs\D2433986-3F2A-4E99-B053-5568E825C305\94766af2.gpd??\??\C:\WINDOWS\system32\spool\V4Dirs\D2433986-3F2A-4E99-B053-5568E825C305??\??\C:\WINDOWS\TEMP\ose00000.exe??\??\C:\WINDOWS\TEMP\mso40uiwin32client.dll.bak??\??\C:\WINDOWS\TEMP\ApiClient.dll.bak??\??\C:\WINDOWS\TEMP\vcruntime140.dll.bak??\??\C:\WINDOWS\TEMP\C2RUI.pl-pl.dll.bak??\??\C:\WINDOWS Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@AllowProtectedRenames 1 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Executive@UuidSequenceNumber 2710535 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\RNG@RNGAuxiliarySeed 257039580 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@BootId 32 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@BaseTime 489783718 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@POSTTime 3566 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@FwPOSTTime 3568 Reg HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server@InstanceID 51f54128-b25d-40f0-a621-3919d77 Reg HKLM\SYSTEM\CurrentControlSet\Control\WDI\Config@ServerName \BaseNamedObjects\WDI_{7be9cc7e-0309-4e5a-8eb8-0e7bb6693043} Reg HKLM\SYSTEM\CurrentControlSet\Control\WMI\Autologger\WdiContextLog@FileCounter 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\BITS\Performance@PerfMMFileName Global\MMF_BITS2ffd7114-0728-4870-8145-62dc078c5b7d Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\4cbb58ccf216 Reg HKLM\SYSTEM\CurrentControlSet\Services\bthserv\Parameters\BluetoothControlPanelTasks@State 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\ClickToRunSvc Reg HKLM\SYSTEM\CurrentControlSet\Services\ClickToRunSvc@Type 16 Reg HKLM\SYSTEM\CurrentControlSet\Services\ClickToRunSvc@Start 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\ClickToRunSvc@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\ClickToRunSvc@ImagePath "C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service Reg HKLM\SYSTEM\CurrentControlSet\Services\ClickToRunSvc@DisplayName Us?uga Szybka instalacja pakietu Microsoft Office Reg HKLM\SYSTEM\CurrentControlSet\Services\ClickToRunSvc@ObjectName LocalSystem Reg HKLM\SYSTEM\CurrentControlSet\Services\ClickToRunSvc@Description ?Zarz?dza koordynacj? zasob?w, pobieraniem w tle i integracj? systemu produkt?w Microsoft Office i ich pokrewnych aktualizacji. Uruchomienie tej us?ugi jest wymagane w czasie korzystania z program?w pakietu Microsoft Office, podczas pocz?tkowej instalacji strumieniowej i w czasie wszystkich kolejnych aktualizacji.? Reg HKLM\SYSTEM\CurrentControlSet\Services\ClickToRunSvc@FailureActions 0x80 0x51 0x01 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\ClickToRunSvc\Security Reg HKLM\SYSTEM\CurrentControlSet\Services\ClickToRunSvc\Security@Security 0x01 0x00 0x14 0x80 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\ClickToRunSvc Reg HKLM\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\Probe\{e0d9615f-90c2-4545-bf70-3d2b4864d7f7}@LastProbeTime 1479849367 Reg HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Microsoft Office 16 Reg HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Microsoft Office 16@EventMessageFile C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\MSORES.DLL;C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\DW\DW20.EXE Reg HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Microsoft Office 16@TypesSupported 7 Reg HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\MSSOAP Reg HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\MSSOAP@TypesSupported 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\MSSOAP@CategoryCount 4 Reg HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\MSSOAP@EventMessageFile C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\MSSOAP30.DLL Reg HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\MSSOAP@CategoryMessageFile C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\MSSOAP30.DLL Reg HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Outlook Reg HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Outlook@EventMessageFile C:\Program Files (x86)\Microsoft Office\root\Office16\1045\MAPIR.DLL Reg HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Outlook@Version 13 Reg HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Outlook@TypesSupported 7 Reg HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\VSTO 4.0 Reg HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\VSTO 4.0@EventMessageFile C:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\10.0\VSTOMessageProvider.dll Reg HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\VSTO 4.0@TypesSupported 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\EventLog\OAlerts Reg HKLM\SYSTEM\CurrentControlSet\Services\EventLog\OAlerts@DisplayNameFile C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\OFFREL.DLL Reg HKLM\SYSTEM\CurrentControlSet\Services\EventLog\OAlerts@DisplayNameID 102 Reg HKLM\SYSTEM\CurrentControlSet\Services\EventLog\OAlerts@MaxSize 131072 Reg HKLM\SYSTEM\CurrentControlSet\Services\EventLog\OAlerts@PrimaryModule OAlerts Reg HKLM\SYSTEM\CurrentControlSet\Services\EventLog\OAlerts@Retention 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\EventLog\OAlerts\Microsoft Office 16 Alerts Reg HKLM\SYSTEM\CurrentControlSet\Services\EventLog\OAlerts\Microsoft Office 16 Alerts@EventMessageFile C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\OFFREL.DLL Reg HKLM\SYSTEM\CurrentControlSet\Services\EventLog\OAlerts\Microsoft Office 16 Alerts@TypesSupported 7 Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\Isatap\{DDC626F7-3A25-4245-AFF8-9661FA32C227}@InterfaceName Reusable ISATAP Interface {DDC626F7-3A25-4245-AFF8-9661FA32C227} Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\Isatap\{DDC626F7-3A25-4245-AFF8-9661FA32C227}@ReusableType 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Teredo\PreviousState\02-1a-11-f7-af-5c@AddressCreationTimestamp 0x91 0x38 0x45 0x0E ... Reg HKLM\SYSTEM\CurrentControlSet\Services\ose Reg HKLM\SYSTEM\CurrentControlSet\Services\ose@Type 16 Reg HKLM\SYSTEM\CurrentControlSet\Services\ose@Start 3 Reg HKLM\SYSTEM\CurrentControlSet\Services\ose@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\ose@ImagePath "C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE" Reg HKLM\SYSTEM\CurrentControlSet\Services\ose@DisplayName Office Source Engine Reg HKLM\SYSTEM\CurrentControlSet\Services\ose@ObjectName LocalSystem Reg HKLM\SYSTEM\CurrentControlSet\Services\ose@Description Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports. Reg HKLM\SYSTEM\CurrentControlSet\Services\ose\Security Reg HKLM\SYSTEM\CurrentControlSet\Services\ose\Security@Security 0x01 0x00 0x14 0x80 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\ose Reg HKLM\SYSTEM\CurrentControlSet\Services\rdyboost\Diagnostics@ReadyBootTrainingCountSinceLastServicing 7 Reg HKLM\SYSTEM\CurrentControlSet\Services\rdyboost\Parameters@LastBootPlanUserTime ?wt.?, ?lis ?22 ?16, 09:53:25 PM??????????????????????????????? Reg HKLM\SYSTEM\CurrentControlSet\Services\rdyboost\Parameters@EffectivePends 165 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 3096 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch 360 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules@{8C5BB38A-5E2F-44D0-A362-CAAFF0894EAA} v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|LPort=6004|App=C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe|Name=Microsoft Office Outlook| Reg HKLM\SYSTEM\CurrentControlSet\Services\srvnet\Parameters@MajorSequence 25 Reg HKLM\SYSTEM\CurrentControlSet\Services\SynTP\Parameters@DetectTimeMS 2780 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9c6bbede-3e70-472a-b600-9efbb056c223}@LeaseObtainedTime 1479849147 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9c6bbede-3e70-472a-b600-9efbb056c223}@T1 1479850760 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9c6bbede-3e70-472a-b600-9efbb056c223}@T2 1479852110 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9c6bbede-3e70-472a-b600-9efbb056c223}@LeaseTerminatesTime 1479852747 Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeEstimated 0xEE 0x96 0xB1 0x58 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeHigh 0xEE 0xFE 0x75 0xBA ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeLow 0xEE 0x2E 0xED 0xF6 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\Winmgmt\Parameters@ServiceDllUnloadOnStop 0 Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@RwMask 0x64 0x62 0x03 0x00 ... Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\JumplistData@E7CF176E110C211B 0xCB 0xE5 0xF4 0xE9 ... ---- Disk sectors - GMER 2.2 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.2 ----