GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-12-10 23:48:16 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000079 ATA_____ rev.KC45 465,76GB Running: u1k7exq8.exe; Driver: C:\Users\admin\AppData\Local\Temp\agdoqpod.sys ---- User code sections - GMER 2.2 ---- .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll + 154 0000000077066e5a 4 bytes {CALL 0xffffffff890791a7} .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtDeviceIoControlFile 000000007708da20 3 bytes [48, 33, C0] .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtDeviceIoControlFile + 4 000000007708da24 2 bytes [90, B0] .text ... * 2 .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000000007708db30 3 bytes [48, 33, C0] .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory + 4 000000007708db34 2 bytes [10, 8E] .text ... * 2 .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000000007708db90 3 bytes [48, 33, C0] .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory + 4 000000007708db94 2 bytes [A0, 83] .text ... * 2 .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtRequestWaitReplyPort 000000007708dbd0 3 bytes [48, 33, C0] .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtRequestWaitReplyPort + 4 000000007708dbd4 2 bytes [70, B6] .text ... * 2 .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007708dc10 3 bytes [48, 33, C0] .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 4 000000007708dc14 2 bytes [B0, B7] .text ... * 2 .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007708dc20 3 bytes [48, 33, C0] .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 4 000000007708dc24 2 bytes [10, BC] .text ... * 2 .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007708dc30 3 bytes [48, 33, C0] .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 4 000000007708dc34 2 bytes [00, 82] .text ... * 2 .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007708dc50 3 bytes [48, 33, C0] .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 4 000000007708dc54 2 bytes [60, 96] .text ... * 2 .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007708dc70 3 bytes [48, 33, C0] .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 4 000000007708dc74 2 bytes [70, BD] .text ... * 2 .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007708dd20 3 bytes [48, 33, C0] .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 4 000000007708dd24 2 bytes [50, AB] .text ... * 2 .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtFsControlFile 000000007708dd40 3 bytes [48, 33, C0] .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtFsControlFile + 4 000000007708dd44 2 bytes [E0, 87] .text ... * 2 .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007708dd50 3 bytes [48, 33, C0] .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 4 000000007708dd54 2 bytes [B0, BA] .text ... * 2 .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007708dd70 3 bytes [48, 33, C0] .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 4 000000007708dd74 2 bytes [60, B3] .text ... * 2 .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtReadVirtualMemory 000000007708dda0 3 bytes [48, 33, C0] .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtReadVirtualMemory + 4 000000007708dda4 2 bytes [80, 8F] .text ... * 2 .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007708de00 3 bytes [48, 33, C0] .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 4 000000007708de04 2 bytes [20, 92] .text ... * 2 .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007708de50 3 bytes [48, 33, C0] .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 4 000000007708de54 2 bytes [D0, A9] .text ... * 2 .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 000000007708de80 3 bytes [48, 33, C0] .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 4 000000007708de84 2 bytes [80, A0] .text ... * 2 .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007708de90 3 bytes [48, 33, C0] .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 4 000000007708de94 2 bytes [A0, 9A] .text ... * 2 .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000000007708deb0 3 bytes [48, 33, C0] .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 4 000000007708deb4 2 bytes [A0, A4] .text ... * 2 .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007708dee0 3 bytes [48, 33, C0] .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread + 4 000000007708dee4 2 bytes [70, A7] .text ... * 2 .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007708df00 3 bytes [48, 33, C0] .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 4 000000007708df04 2 bytes [00, B9] .text ... * 2 .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007708e0f0 3 bytes [48, 33, C0] .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort + 4 000000007708e0f4 2 bytes [30, 86] .text ... * 2 .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007708e100 3 bytes [48, 33, C0] .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort + 4 000000007708e104 2 bytes [F0, 84] .text ... * 2 .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007708e200 3 bytes [48, 33, C0] .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 4 000000007708e204 2 bytes [00, AF] .text ... * 2 .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007708e230 3 bytes [48, 33, C0] .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject + 4 000000007708e234 2 bytes [30, 95] .text ... * 2 .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007708e2d0 3 bytes [48, 33, C0] .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort + 4 000000007708e2d4 2 bytes [80, 8C] .text ... * 2 .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007708e380 3 bytes [48, 33, C0] .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 4 000000007708e384 2 bytes [70, 7F] .text ... * 2 .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007708e3b0 3 bytes [48, 33, C0] .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort + 4 000000007708e3b4 2 bytes [20, 8B] .text ... * 2 .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 000000007708e3d0 3 bytes [48, 33, C0] .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 4 000000007708e3d4 2 bytes [F0, 9E] .text ... * 2 .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007708e420 3 bytes [48, 33, C0] .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject + 4 000000007708e424 2 bytes [50, A3] .text ... * 2 .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007708e430 3 bytes [48, 33, C0] .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 4 000000007708e434 2 bytes [F0, 98] .text ... * 2 .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007708e480 3 bytes [48, 33, C0] .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess + 4 000000007708e484 2 bytes [80, 93] .text ... * 2 .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile 000000007708e500 3 bytes [48, 33, C0] .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile + 4 000000007708e504 2 bytes [90, AC] .text ... * 2 .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtGetNextProcess 000000007708e6c0 3 bytes [48, 33, C0] .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtGetNextProcess + 4 000000007708e6c4 2 bytes [90, 97] .text ... * 2 .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtGetNextThread 000000007708e6d0 3 bytes [48, 33, C0] .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtGetNextThread + 4 000000007708e6d4 2 bytes [30, 9C] .text ... * 2 .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007708e7a0 3 bytes [48, 33, C0] .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 4 000000007708e7a4 2 bytes [30, B2] .text ... * 2 .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtSecureConnectPort 000000007708eea0 3 bytes [48, 33, C0] .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtSecureConnectPort + 4 000000007708eea4 2 bytes [80, 89] .text ... * 2 .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007708eee0 3 bytes [48, 33, C0] .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 4 000000007708eee4 2 bytes [20, A2] .text ... * 2 .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtSetSecurityObject 000000007708f070 3 bytes [48, 33, C0] .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtSetSecurityObject + 4 000000007708f074 2 bytes [E0, 90] .text ... * 2 .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007708f0a0 3 bytes [48, 33, C0] .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 4 000000007708f0a4 2 bytes [C0, AD] .text ... * 2 .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007708f190 3 bytes [48, 33, C0] .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 4 000000007708f194 2 bytes [A0, A8] .text ... * 2 .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007708f1a0 3 bytes [48, 33, C0] .text C:\Windows\system32\services.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 4 000000007708f1a4 2 bytes [00, A6] .text C:\Windows\system32\lsass.exe[812] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll + 154 0000000077066e5a 4 bytes {CALL 0xffffffff88ff91a7} .text C:\Windows\system32\lsass.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtDeviceIoControlFile 000000007708da20 3 bytes [48, 33, C0] .text C:\Windows\system32\lsass.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtDeviceIoControlFile + 4 000000007708da24 2 bytes [90, B0] .text ... * 2 .text C:\Windows\system32\lsass.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000000007708db30 3 bytes [48, 33, C0] .text C:\Windows\system32\lsass.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory + 4 000000007708db34 2 bytes [10, 8E] .text ... * 2 .text C:\Windows\system32\lsass.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000000007708db90 3 bytes [48, 33, C0] .text C:\Windows\system32\lsass.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory + 4 000000007708db94 2 bytes [A0, 83] .text ... * 2 .text C:\Windows\system32\lsass.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtRequestWaitReplyPort 000000007708dbd0 3 bytes [48, 33, C0] .text C:\Windows\system32\lsass.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtRequestWaitReplyPort + 4 000000007708dbd4 2 bytes [70, B6] .text ... * 2 .text C:\Windows\system32\lsass.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007708dc10 3 bytes [48, 33, C0] .text C:\Windows\system32\lsass.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 4 000000007708dc14 2 bytes [B0, B7] .text ... * 2 .text C:\Windows\system32\lsass.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007708dc20 3 bytes [48, 33, C0] .text C:\Windows\system32\lsass.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 4 000000007708dc24 2 bytes [10, BC] .text ... * 2 .text C:\Windows\system32\lsass.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007708dc30 3 bytes [48, 33, C0] .text C:\Windows\system32\lsass.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 4 000000007708dc34 2 bytes [00, 82] .text ... * 2 .text C:\Windows\system32\lsass.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007708dc50 3 bytes [48, 33, C0] .text C:\Windows\system32\lsass.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 4 000000007708dc54 2 bytes [60, 96] .text ... * 2 .text C:\Windows\system32\lsass.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007708dc70 3 bytes [48, 33, C0] .text C:\Windows\system32\lsass.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 4 000000007708dc74 2 bytes [70, BD] .text ... * 2 .text C:\Windows\system32\lsass.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007708dd20 3 bytes [48, 33, C0] .text C:\Windows\system32\lsass.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 4 000000007708dd24 2 bytes [50, AB] .text ... * 2 .text C:\Windows\system32\lsass.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtFsControlFile 000000007708dd40 3 bytes [48, 33, C0] .text C:\Windows\system32\lsass.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtFsControlFile + 4 000000007708dd44 2 bytes [E0, 87] .text ... * 2 .text C:\Windows\system32\lsass.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007708dd50 3 bytes [48, 33, C0] .text C:\Windows\system32\lsass.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 4 000000007708dd54 2 bytes [B0, BA] .text ... * 2 .text C:\Windows\system32\lsass.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007708dd70 3 bytes [48, 33, C0] .text C:\Windows\system32\lsass.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 4 000000007708dd74 2 bytes [60, B3] .text ... * 2 .text C:\Windows\system32\lsass.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtReadVirtualMemory 000000007708dda0 3 bytes [48, 33, C0] .text C:\Windows\system32\lsass.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtReadVirtualMemory + 4 000000007708dda4 2 bytes [80, 8F] .text ... * 2 .text C:\Windows\system32\lsass.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007708de00 3 bytes [48, 33, C0] .text C:\Windows\system32\lsass.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 4 000000007708de04 2 bytes [20, 92] .text ... * 2 .text C:\Windows\system32\lsass.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007708de50 3 bytes [48, 33, C0] .text C:\Windows\system32\lsass.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 4 000000007708de54 2 bytes [D0, A9] .text ... * 2 .text C:\Windows\system32\lsass.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 000000007708de80 3 bytes [48, 33, C0] .text C:\Windows\system32\lsass.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 4 000000007708de84 2 bytes [80, A0] .text ... * 2 .text C:\Windows\system32\lsass.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007708de90 3 bytes [48, 33, C0] .text C:\Windows\system32\lsass.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 4 000000007708de94 2 bytes [A0, 9A] .text ... * 2 .text C:\Windows\system32\lsass.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000000007708deb0 3 bytes [48, 33, C0] .text C:\Windows\system32\lsass.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 4 000000007708deb4 2 bytes [A0, A4] .text ... * 2 .text C:\Windows\system32\lsass.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007708dee0 3 bytes [48, 33, C0] .text C:\Windows\system32\lsass.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread + 4 000000007708dee4 2 bytes [70, A7] .text ... * 2 .text C:\Windows\system32\lsass.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007708df00 3 bytes [48, 33, C0] .text C:\Windows\system32\lsass.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 4 000000007708df04 2 bytes [00, B9] .text ... * 2 .text C:\Windows\system32\lsass.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007708e0f0 3 bytes [48, 33, C0] .text C:\Windows\system32\lsass.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort + 4 000000007708e0f4 2 bytes [30, 86] .text ... * 2 .text C:\Windows\system32\lsass.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007708e100 3 bytes [48, 33, C0] .text C:\Windows\system32\lsass.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort + 4 000000007708e104 2 bytes [F0, 84] .text ... * 2 .text C:\Windows\system32\lsass.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007708e200 3 bytes [48, 33, C0] .text C:\Windows\system32\lsass.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 4 000000007708e204 2 bytes [00, AF] .text ... * 2 .text C:\Windows\system32\lsass.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007708e230 3 bytes [48, 33, C0] .text C:\Windows\system32\lsass.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject + 4 000000007708e234 2 bytes [30, 95] .text ... * 2 .text C:\Windows\system32\lsass.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007708e2d0 3 bytes [48, 33, C0] .text C:\Windows\system32\lsass.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort + 4 000000007708e2d4 2 bytes [80, 8C] .text ... * 2 .text C:\Windows\system32\lsass.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007708e380 3 bytes [48, 33, C0] .text C:\Windows\system32\lsass.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 4 000000007708e384 2 bytes [70, 7F] .text ... * 2 .text C:\Windows\system32\lsass.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007708e3b0 3 bytes [48, 33, C0] .text C:\Windows\system32\lsass.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort + 4 000000007708e3b4 2 bytes [20, 8B] .text ... * 2 .text C:\Windows\system32\lsass.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 000000007708e3d0 3 bytes [48, 33, C0] .text C:\Windows\system32\lsass.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 4 000000007708e3d4 2 bytes [F0, 9E] .text ... * 2 .text C:\Windows\system32\lsass.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007708e420 3 bytes [48, 33, C0] .text C:\Windows\system32\lsass.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject + 4 000000007708e424 2 bytes [50, A3] .text ... * 2 .text C:\Windows\system32\lsass.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007708e430 3 bytes [48, 33, C0] .text C:\Windows\system32\lsass.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 4 000000007708e434 2 bytes [F0, 98] .text ... * 2 .text C:\Windows\system32\lsass.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007708e480 3 bytes [48, 33, C0] .text C:\Windows\system32\lsass.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess + 4 000000007708e484 2 bytes [80, 93] .text ... * 2 .text C:\Windows\system32\lsass.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile 000000007708e500 3 bytes [48, 33, C0] .text C:\Windows\system32\lsass.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile + 4 000000007708e504 2 bytes [90, AC] .text ... * 2 .text C:\Windows\system32\lsass.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtGetNextProcess 000000007708e6c0 3 bytes [48, 33, C0] .text C:\Windows\system32\lsass.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtGetNextProcess + 4 000000007708e6c4 2 bytes [90, 97] .text ... * 2 .text C:\Windows\system32\lsass.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtGetNextThread 000000007708e6d0 3 bytes [48, 33, C0] .text C:\Windows\system32\lsass.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtGetNextThread + 4 000000007708e6d4 2 bytes [30, 9C] .text ... * 2 .text C:\Windows\system32\lsass.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007708e7a0 3 bytes [48, 33, C0] .text C:\Windows\system32\lsass.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 4 000000007708e7a4 2 bytes [30, B2] .text ... * 2 .text C:\Windows\system32\lsass.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtSecureConnectPort 000000007708eea0 3 bytes [48, 33, C0] .text C:\Windows\system32\lsass.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtSecureConnectPort + 4 000000007708eea4 2 bytes [80, 89] .text ... * 2 .text C:\Windows\system32\lsass.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007708eee0 3 bytes [48, 33, C0] .text C:\Windows\system32\lsass.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 4 000000007708eee4 2 bytes [20, A2] .text ... * 2 .text C:\Windows\system32\lsass.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtSetSecurityObject 000000007708f070 3 bytes [48, 33, C0] .text C:\Windows\system32\lsass.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtSetSecurityObject + 4 000000007708f074 2 bytes [E0, 90] .text ... * 2 .text C:\Windows\system32\lsass.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007708f0a0 3 bytes [48, 33, C0] .text C:\Windows\system32\lsass.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 4 000000007708f0a4 2 bytes [C0, AD] .text ... * 2 .text C:\Windows\system32\lsass.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007708f190 3 bytes [48, 33, C0] .text C:\Windows\system32\lsass.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 4 000000007708f194 2 bytes [A0, A8] .text ... * 2 .text C:\Windows\system32\lsass.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007708f1a0 3 bytes [48, 33, C0] .text C:\Windows\system32\lsass.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 4 000000007708f1a4 2 bytes [00, A6] .text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll + 154 0000000077066e5a 4 bytes {CALL 0xffffffff88ff91a7} .text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtDeviceIoControlFile 000000007708da20 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtDeviceIoControlFile + 4 000000007708da24 2 bytes [90, B0] .text ... * 2 .text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000000007708db30 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory + 4 000000007708db34 2 bytes [10, 8E] .text ... * 2 .text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000000007708db90 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory + 4 000000007708db94 2 bytes [A0, 83] .text ... * 2 .text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtRequestWaitReplyPort 000000007708dbd0 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtRequestWaitReplyPort + 4 000000007708dbd4 2 bytes [70, B6] .text ... * 2 .text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007708dc10 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 4 000000007708dc14 2 bytes [B0, B7] .text ... * 2 .text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007708dc20 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 4 000000007708dc24 2 bytes [10, BC] .text ... * 2 .text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007708dc30 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 4 000000007708dc34 2 bytes [00, 82] .text ... * 2 .text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007708dc50 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 4 000000007708dc54 2 bytes [60, 96] .text ... * 2 .text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007708dc70 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 4 000000007708dc74 2 bytes [70, BD] .text ... * 2 .text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007708dd20 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 4 000000007708dd24 2 bytes [50, AB] .text ... * 2 .text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtFsControlFile 000000007708dd40 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtFsControlFile + 4 000000007708dd44 2 bytes [E0, 87] .text ... * 2 .text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007708dd50 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 4 000000007708dd54 2 bytes [B0, BA] .text ... * 2 .text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007708dd70 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 4 000000007708dd74 2 bytes [60, B3] .text ... * 2 .text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtReadVirtualMemory 000000007708dda0 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtReadVirtualMemory + 4 000000007708dda4 2 bytes [80, 8F] .text ... * 2 .text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007708de00 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 4 000000007708de04 2 bytes [20, 92] .text ... * 2 .text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007708de50 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 4 000000007708de54 2 bytes [D0, A9] .text ... * 2 .text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 000000007708de80 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 4 000000007708de84 2 bytes [80, A0] .text ... * 2 .text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007708de90 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 4 000000007708de94 2 bytes [A0, 9A] .text ... * 2 .text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000000007708deb0 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 4 000000007708deb4 2 bytes [A0, A4] .text ... * 2 .text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007708dee0 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread + 4 000000007708dee4 2 bytes [70, A7] .text ... * 2 .text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007708df00 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 4 000000007708df04 2 bytes [00, B9] .text ... * 2 .text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007708e0f0 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort + 4 000000007708e0f4 2 bytes [30, 86] .text ... * 2 .text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007708e100 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort + 4 000000007708e104 2 bytes [F0, 84] .text ... * 2 .text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007708e200 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 4 000000007708e204 2 bytes [00, AF] .text ... * 2 .text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007708e230 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject + 4 000000007708e234 2 bytes [30, 95] .text ... * 2 .text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007708e2d0 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort + 4 000000007708e2d4 2 bytes [80, 8C] .text ... * 2 .text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007708e380 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 4 000000007708e384 2 bytes [70, 7F] .text ... * 2 .text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007708e3b0 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort + 4 000000007708e3b4 2 bytes [20, 8B] .text ... * 2 .text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 000000007708e3d0 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 4 000000007708e3d4 2 bytes [F0, 9E] .text ... * 2 .text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007708e420 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject + 4 000000007708e424 2 bytes [50, A3] .text ... * 2 .text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007708e430 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 4 000000007708e434 2 bytes [F0, 98] .text ... * 2 .text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007708e480 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess + 4 000000007708e484 2 bytes [80, 93] .text ... * 2 .text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile 000000007708e500 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile + 4 000000007708e504 2 bytes [90, AC] .text ... * 2 .text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtGetNextProcess 000000007708e6c0 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtGetNextProcess + 4 000000007708e6c4 2 bytes [90, 97] .text ... * 2 .text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtGetNextThread 000000007708e6d0 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtGetNextThread + 4 000000007708e6d4 2 bytes [30, 9C] .text ... * 2 .text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007708e7a0 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 4 000000007708e7a4 2 bytes [30, B2] .text ... * 2 .text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtSecureConnectPort 000000007708eea0 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtSecureConnectPort + 4 000000007708eea4 2 bytes [80, 89] .text ... * 2 .text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007708eee0 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 4 000000007708eee4 2 bytes [20, A2] .text ... * 2 .text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtSetSecurityObject 000000007708f070 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtSetSecurityObject + 4 000000007708f074 2 bytes [E0, 90] .text ... * 2 .text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007708f0a0 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 4 000000007708f0a4 2 bytes [C0, AD] .text ... * 2 .text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007708f190 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 4 000000007708f194 2 bytes [A0, A8] .text ... * 2 .text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007708f1a0 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 4 000000007708f1a4 2 bytes [00, A6] .text C:\Windows\System32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll + 154 0000000077066e5a 4 bytes {CALL 0xffffffff88ff91a7} .text C:\Windows\System32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtDeviceIoControlFile 000000007708da20 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtDeviceIoControlFile + 4 000000007708da24 2 bytes [90, B0] .text ... * 2 .text C:\Windows\System32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000000007708db30 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory + 4 000000007708db34 2 bytes [10, 8E] .text ... * 2 .text C:\Windows\System32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000000007708db90 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory + 4 000000007708db94 2 bytes [A0, 83] .text ... * 2 .text C:\Windows\System32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtRequestWaitReplyPort 000000007708dbd0 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtRequestWaitReplyPort + 4 000000007708dbd4 2 bytes [70, B6] .text ... * 2 .text C:\Windows\System32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007708dc10 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 4 000000007708dc14 2 bytes [B0, B7] .text ... * 2 .text C:\Windows\System32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007708dc20 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 4 000000007708dc24 2 bytes [10, BC] .text ... * 2 .text C:\Windows\System32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007708dc30 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 4 000000007708dc34 2 bytes [00, 82] .text ... * 2 .text C:\Windows\System32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007708dc50 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 4 000000007708dc54 2 bytes [60, 96] .text ... * 2 .text C:\Windows\System32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007708dc70 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 4 000000007708dc74 2 bytes [70, BD] .text ... * 2 .text C:\Windows\System32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007708dd20 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 4 000000007708dd24 2 bytes [50, AB] .text ... * 2 .text C:\Windows\System32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtFsControlFile 000000007708dd40 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtFsControlFile + 4 000000007708dd44 2 bytes [E0, 87] .text ... * 2 .text C:\Windows\System32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007708dd50 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 4 000000007708dd54 2 bytes [B0, BA] .text ... * 2 .text C:\Windows\System32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007708dd70 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 4 000000007708dd74 2 bytes [60, B3] .text ... * 2 .text C:\Windows\System32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtReadVirtualMemory 000000007708dda0 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtReadVirtualMemory + 4 000000007708dda4 2 bytes [80, 8F] .text ... * 2 .text C:\Windows\System32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007708de00 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 4 000000007708de04 2 bytes [20, 92] .text ... * 2 .text C:\Windows\System32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007708de50 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 4 000000007708de54 2 bytes [D0, A9] .text ... * 2 .text C:\Windows\System32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 000000007708de80 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 4 000000007708de84 2 bytes [80, A0] .text ... * 2 .text C:\Windows\System32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007708de90 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 4 000000007708de94 2 bytes [A0, 9A] .text ... * 2 .text C:\Windows\System32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000000007708deb0 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 4 000000007708deb4 2 bytes [A0, A4] .text ... * 2 .text C:\Windows\System32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007708dee0 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread + 4 000000007708dee4 2 bytes [70, A7] .text ... * 2 .text C:\Windows\System32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007708df00 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 4 000000007708df04 2 bytes [00, B9] .text ... * 2 .text C:\Windows\System32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007708e0f0 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort + 4 000000007708e0f4 2 bytes [30, 86] .text ... * 2 .text C:\Windows\System32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007708e100 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort + 4 000000007708e104 2 bytes [F0, 84] .text ... * 2 .text C:\Windows\System32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007708e200 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 4 000000007708e204 2 bytes [00, AF] .text ... * 2 .text C:\Windows\System32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007708e230 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject + 4 000000007708e234 2 bytes [30, 95] .text ... * 2 .text C:\Windows\System32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007708e2d0 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort + 4 000000007708e2d4 2 bytes [80, 8C] .text ... * 2 .text C:\Windows\System32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007708e380 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 4 000000007708e384 2 bytes [70, 7F] .text ... * 2 .text C:\Windows\System32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007708e3b0 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort + 4 000000007708e3b4 2 bytes [20, 8B] .text ... * 2 .text C:\Windows\System32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 000000007708e3d0 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 4 000000007708e3d4 2 bytes [F0, 9E] .text ... * 2 .text C:\Windows\System32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007708e420 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject + 4 000000007708e424 2 bytes [50, A3] .text ... * 2 .text C:\Windows\System32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007708e430 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 4 000000007708e434 2 bytes [F0, 98] .text ... * 2 .text C:\Windows\System32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007708e480 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess + 4 000000007708e484 2 bytes [80, 93] .text ... * 2 .text C:\Windows\System32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile 000000007708e500 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile + 4 000000007708e504 2 bytes [90, AC] .text ... * 2 .text C:\Windows\System32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtGetNextProcess 000000007708e6c0 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtGetNextProcess + 4 000000007708e6c4 2 bytes [90, 97] .text ... * 2 .text C:\Windows\System32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtGetNextThread 000000007708e6d0 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtGetNextThread + 4 000000007708e6d4 2 bytes [30, 9C] .text ... * 2 .text C:\Windows\System32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007708e7a0 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 4 000000007708e7a4 2 bytes [30, B2] .text ... * 2 .text C:\Windows\System32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtSecureConnectPort 000000007708eea0 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtSecureConnectPort + 4 000000007708eea4 2 bytes [80, 89] .text ... * 2 .text C:\Windows\System32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007708eee0 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 4 000000007708eee4 2 bytes [20, A2] .text ... * 2 .text C:\Windows\System32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtSetSecurityObject 000000007708f070 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtSetSecurityObject + 4 000000007708f074 2 bytes [E0, 90] .text ... * 2 .text C:\Windows\System32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007708f0a0 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 4 000000007708f0a4 2 bytes [C0, AD] .text ... * 2 .text C:\Windows\System32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007708f190 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 4 000000007708f194 2 bytes [A0, A8] .text ... * 2 .text C:\Windows\System32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007708f1a0 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 4 000000007708f1a4 2 bytes [00, A6] .text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll + 154 0000000077066e5a 4 bytes {CALL 0xffffffff88ff91a7} .text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtDeviceIoControlFile 000000007708da20 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtDeviceIoControlFile + 4 000000007708da24 2 bytes [90, B0] .text ... * 2 .text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000000007708db30 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory + 4 000000007708db34 2 bytes [10, 8E] .text ... * 2 .text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000000007708db90 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory + 4 000000007708db94 2 bytes [A0, 83] .text ... * 2 .text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtRequestWaitReplyPort 000000007708dbd0 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtRequestWaitReplyPort + 4 000000007708dbd4 2 bytes [70, B6] .text ... * 2 .text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007708dc10 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 4 000000007708dc14 2 bytes [B0, B7] .text ... * 2 .text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007708dc20 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 4 000000007708dc24 2 bytes [10, BC] .text ... * 2 .text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007708dc30 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 4 000000007708dc34 2 bytes [00, 82] .text ... * 2 .text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007708dc50 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 4 000000007708dc54 2 bytes [60, 96] .text ... * 2 .text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007708dc70 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 4 000000007708dc74 2 bytes [70, BD] .text ... * 2 .text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007708dd20 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 4 000000007708dd24 2 bytes [50, AB] .text ... * 2 .text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtFsControlFile 000000007708dd40 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtFsControlFile + 4 000000007708dd44 2 bytes [E0, 87] .text ... * 2 .text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007708dd50 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 4 000000007708dd54 2 bytes [B0, BA] .text ... * 2 .text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007708dd70 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 4 000000007708dd74 2 bytes [60, B3] .text ... * 2 .text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtReadVirtualMemory 000000007708dda0 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtReadVirtualMemory + 4 000000007708dda4 2 bytes [80, 8F] .text ... * 2 .text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007708de00 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 4 000000007708de04 2 bytes [20, 92] .text ... * 2 .text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007708de50 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 4 000000007708de54 2 bytes [D0, A9] .text ... * 2 .text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 000000007708de80 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 4 000000007708de84 2 bytes [80, A0] .text ... * 2 .text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007708de90 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 4 000000007708de94 2 bytes [A0, 9A] .text ... * 2 .text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000000007708deb0 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 4 000000007708deb4 2 bytes [A0, A4] .text ... * 2 .text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007708dee0 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread + 4 000000007708dee4 2 bytes [70, A7] .text ... * 2 .text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007708df00 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 4 000000007708df04 2 bytes [00, B9] .text ... * 2 .text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007708e0f0 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort + 4 000000007708e0f4 2 bytes [30, 86] .text ... * 2 .text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007708e100 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort + 4 000000007708e104 2 bytes [F0, 84] .text ... * 2 .text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007708e200 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 4 000000007708e204 2 bytes [00, AF] .text ... * 2 .text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007708e230 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject + 4 000000007708e234 2 bytes [30, 95] .text ... * 2 .text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007708e2d0 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort + 4 000000007708e2d4 2 bytes [80, 8C] .text ... * 2 .text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007708e380 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 4 000000007708e384 2 bytes [70, 7F] .text ... * 2 .text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007708e3b0 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort + 4 000000007708e3b4 2 bytes [20, 8B] .text ... * 2 .text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 000000007708e3d0 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 4 000000007708e3d4 2 bytes [F0, 9E] .text ... * 2 .text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007708e420 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject + 4 000000007708e424 2 bytes [50, A3] .text ... * 2 .text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007708e430 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 4 000000007708e434 2 bytes [F0, 98] .text ... * 2 .text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007708e480 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess + 4 000000007708e484 2 bytes [80, 93] .text ... * 2 .text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile 000000007708e500 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile + 4 000000007708e504 2 bytes [90, AC] .text ... * 2 .text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtGetNextProcess 000000007708e6c0 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtGetNextProcess + 4 000000007708e6c4 2 bytes [90, 97] .text ... * 2 .text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtGetNextThread 000000007708e6d0 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtGetNextThread + 4 000000007708e6d4 2 bytes [30, 9C] .text ... * 2 .text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007708e7a0 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 4 000000007708e7a4 2 bytes [30, B2] .text ... * 2 .text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtSecureConnectPort 000000007708eea0 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtSecureConnectPort + 4 000000007708eea4 2 bytes [80, 89] .text ... * 2 .text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007708eee0 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 4 000000007708eee4 2 bytes [20, A2] .text ... * 2 .text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtSetSecurityObject 000000007708f070 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtSetSecurityObject + 4 000000007708f074 2 bytes [E0, 90] .text ... * 2 .text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007708f0a0 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 4 000000007708f0a4 2 bytes [C0, AD] .text ... * 2 .text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007708f190 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 4 000000007708f194 2 bytes [A0, A8] .text ... * 2 .text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007708f1a0 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[456] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 4 000000007708f1a4 2 bytes [00, A6] .text C:\Windows\system32\svchost.exe[628] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll + 154 0000000077066e5a 4 bytes {CALL 0xffffffff88ff91a7} .text C:\Windows\system32\svchost.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtDeviceIoControlFile 000000007708da20 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtDeviceIoControlFile + 4 000000007708da24 2 bytes [90, B0] .text ... * 2 .text C:\Windows\system32\svchost.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000000007708db30 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory + 4 000000007708db34 2 bytes [10, 8E] .text ... * 2 .text C:\Windows\system32\svchost.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000000007708db90 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory + 4 000000007708db94 2 bytes [A0, 83] .text ... * 2 .text C:\Windows\system32\svchost.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtRequestWaitReplyPort 000000007708dbd0 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtRequestWaitReplyPort + 4 000000007708dbd4 2 bytes [70, B6] .text ... * 2 .text C:\Windows\system32\svchost.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007708dc10 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 4 000000007708dc14 2 bytes [B0, B7] .text ... * 2 .text C:\Windows\system32\svchost.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007708dc20 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 4 000000007708dc24 2 bytes [10, BC] .text ... * 2 .text C:\Windows\system32\svchost.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007708dc30 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 4 000000007708dc34 2 bytes [00, 82] .text ... * 2 .text C:\Windows\system32\svchost.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007708dc50 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 4 000000007708dc54 2 bytes [60, 96] .text ... * 2 .text C:\Windows\system32\svchost.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007708dc70 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 4 000000007708dc74 2 bytes [70, BD] .text ... * 2 .text C:\Windows\system32\svchost.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007708dd20 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 4 000000007708dd24 2 bytes [50, AB] .text ... * 2 .text C:\Windows\system32\svchost.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtFsControlFile 000000007708dd40 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtFsControlFile + 4 000000007708dd44 2 bytes [E0, 87] .text ... * 2 .text C:\Windows\system32\svchost.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007708dd50 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 4 000000007708dd54 2 bytes [B0, BA] .text ... * 2 .text C:\Windows\system32\svchost.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007708dd70 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 4 000000007708dd74 2 bytes [60, B3] .text ... * 2 .text C:\Windows\system32\svchost.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtReadVirtualMemory 000000007708dda0 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtReadVirtualMemory + 4 000000007708dda4 2 bytes [80, 8F] .text ... * 2 .text C:\Windows\system32\svchost.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007708de00 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 4 000000007708de04 2 bytes [20, 92] .text ... * 2 .text C:\Windows\system32\svchost.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007708de50 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 4 000000007708de54 2 bytes [D0, A9] .text ... * 2 .text C:\Windows\system32\svchost.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 000000007708de80 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 4 000000007708de84 2 bytes [80, A0] .text ... * 2 .text C:\Windows\system32\svchost.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007708de90 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 4 000000007708de94 2 bytes [A0, 9A] .text ... * 2 .text C:\Windows\system32\svchost.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000000007708deb0 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 4 000000007708deb4 2 bytes [A0, A4] .text ... * 2 .text C:\Windows\system32\svchost.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007708dee0 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread + 4 000000007708dee4 2 bytes [70, A7] .text ... * 2 .text C:\Windows\system32\svchost.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007708df00 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 4 000000007708df04 2 bytes [00, B9] .text ... * 2 .text C:\Windows\system32\svchost.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007708e0f0 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort + 4 000000007708e0f4 2 bytes [30, 86] .text ... * 2 .text C:\Windows\system32\svchost.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007708e100 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort + 4 000000007708e104 2 bytes [F0, 84] .text ... * 2 .text C:\Windows\system32\svchost.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007708e200 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 4 000000007708e204 2 bytes [00, AF] .text ... * 2 .text C:\Windows\system32\svchost.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007708e230 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject + 4 000000007708e234 2 bytes [30, 95] .text ... * 2 .text C:\Windows\system32\svchost.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007708e2d0 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort + 4 000000007708e2d4 2 bytes [80, 8C] .text ... * 2 .text C:\Windows\system32\svchost.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007708e380 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 4 000000007708e384 2 bytes [70, 7F] .text ... * 2 .text C:\Windows\system32\svchost.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007708e3b0 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort + 4 000000007708e3b4 2 bytes [20, 8B] .text ... * 2 .text C:\Windows\system32\svchost.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 000000007708e3d0 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 4 000000007708e3d4 2 bytes [F0, 9E] .text ... * 2 .text C:\Windows\system32\svchost.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007708e420 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject + 4 000000007708e424 2 bytes [50, A3] .text ... * 2 .text C:\Windows\system32\svchost.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007708e430 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 4 000000007708e434 2 bytes [F0, 98] .text ... * 2 .text C:\Windows\system32\svchost.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007708e480 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess + 4 000000007708e484 2 bytes [80, 93] .text ... * 2 .text C:\Windows\system32\svchost.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile 000000007708e500 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile + 4 000000007708e504 2 bytes [90, AC] .text ... * 2 .text C:\Windows\system32\svchost.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtGetNextProcess 000000007708e6c0 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtGetNextProcess + 4 000000007708e6c4 2 bytes [90, 97] .text ... * 2 .text C:\Windows\system32\svchost.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtGetNextThread 000000007708e6d0 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtGetNextThread + 4 000000007708e6d4 2 bytes [30, 9C] .text ... * 2 .text C:\Windows\system32\svchost.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007708e7a0 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 4 000000007708e7a4 2 bytes [30, B2] .text ... * 2 .text C:\Windows\system32\svchost.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtSecureConnectPort 000000007708eea0 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtSecureConnectPort + 4 000000007708eea4 2 bytes [80, 89] .text ... * 2 .text C:\Windows\system32\svchost.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007708eee0 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 4 000000007708eee4 2 bytes [20, A2] .text ... * 2 .text C:\Windows\system32\svchost.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtSetSecurityObject 000000007708f070 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtSetSecurityObject + 4 000000007708f074 2 bytes [E0, 90] .text ... * 2 .text C:\Windows\system32\svchost.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007708f0a0 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 4 000000007708f0a4 2 bytes [C0, AD] .text ... * 2 .text C:\Windows\system32\svchost.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007708f190 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 4 000000007708f194 2 bytes [A0, A8] .text ... * 2 .text C:\Windows\system32\svchost.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007708f1a0 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 4 000000007708f1a4 2 bytes [00, A6] .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll + 154 0000000077066e5a 4 bytes {CALL 0xffffffff88ff91a7} .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtDeviceIoControlFile 000000007708da20 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtDeviceIoControlFile + 4 000000007708da24 2 bytes [90, B0] .text ... * 2 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000000007708db30 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory + 4 000000007708db34 2 bytes [10, 8E] .text ... * 2 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000000007708db90 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory + 4 000000007708db94 2 bytes [A0, 83] .text ... * 2 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtRequestWaitReplyPort 000000007708dbd0 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtRequestWaitReplyPort + 4 000000007708dbd4 2 bytes [70, B6] .text ... * 2 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007708dc10 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 4 000000007708dc14 2 bytes [B0, B7] .text ... * 2 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007708dc20 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 4 000000007708dc24 2 bytes [10, BC] .text ... * 2 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007708dc30 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 4 000000007708dc34 2 bytes [00, 82] .text ... * 2 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007708dc50 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 4 000000007708dc54 2 bytes [60, 96] .text ... * 2 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007708dc70 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 4 000000007708dc74 2 bytes [70, BD] .text ... * 2 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007708dd20 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 4 000000007708dd24 2 bytes [50, AB] .text ... * 2 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtFsControlFile 000000007708dd40 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtFsControlFile + 4 000000007708dd44 2 bytes [E0, 87] .text ... * 2 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007708dd50 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 4 000000007708dd54 2 bytes [B0, BA] .text ... * 2 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007708dd70 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 4 000000007708dd74 2 bytes [60, B3] .text ... * 2 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtReadVirtualMemory 000000007708dda0 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtReadVirtualMemory + 4 000000007708dda4 2 bytes [80, 8F] .text ... * 2 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007708de00 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 4 000000007708de04 2 bytes [20, 92] .text ... * 2 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007708de50 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 4 000000007708de54 2 bytes [D0, A9] .text ... * 2 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 000000007708de80 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 4 000000007708de84 2 bytes [80, A0] .text ... * 2 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007708de90 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 4 000000007708de94 2 bytes [A0, 9A] .text ... * 2 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000000007708deb0 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 4 000000007708deb4 2 bytes [A0, A4] .text ... * 2 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007708dee0 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread + 4 000000007708dee4 2 bytes [70, A7] .text ... * 2 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007708df00 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 4 000000007708df04 2 bytes [00, B9] .text ... * 2 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007708e0f0 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort + 4 000000007708e0f4 2 bytes [30, 86] .text ... * 2 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007708e100 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort + 4 000000007708e104 2 bytes [F0, 84] .text ... * 2 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007708e200 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 4 000000007708e204 2 bytes [00, AF] .text ... * 2 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007708e230 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject + 4 000000007708e234 2 bytes [30, 95] .text ... * 2 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007708e2d0 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort + 4 000000007708e2d4 2 bytes [80, 8C] .text ... * 2 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007708e380 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 4 000000007708e384 2 bytes [70, 7F] .text ... * 2 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007708e3b0 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort + 4 000000007708e3b4 2 bytes [20, 8B] .text ... * 2 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 000000007708e3d0 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 4 000000007708e3d4 2 bytes [F0, 9E] .text ... * 2 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007708e420 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject + 4 000000007708e424 2 bytes [50, A3] .text ... * 2 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007708e430 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 4 000000007708e434 2 bytes [F0, 98] .text ... * 2 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007708e480 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess + 4 000000007708e484 2 bytes [80, 93] .text ... * 2 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile 000000007708e500 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile + 4 000000007708e504 2 bytes [90, AC] .text ... * 2 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtGetNextProcess 000000007708e6c0 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtGetNextProcess + 4 000000007708e6c4 2 bytes [90, 97] .text ... * 2 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtGetNextThread 000000007708e6d0 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtGetNextThread + 4 000000007708e6d4 2 bytes [30, 9C] .text ... * 2 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007708e7a0 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 4 000000007708e7a4 2 bytes [30, B2] .text ... * 2 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtSecureConnectPort 000000007708eea0 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtSecureConnectPort + 4 000000007708eea4 2 bytes [80, 89] .text ... * 2 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007708eee0 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 4 000000007708eee4 2 bytes [20, A2] .text ... * 2 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtSetSecurityObject 000000007708f070 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtSetSecurityObject + 4 000000007708f074 2 bytes [E0, 90] .text ... * 2 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007708f0a0 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 4 000000007708f0a4 2 bytes [C0, AD] .text ... * 2 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007708f190 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 4 000000007708f194 2 bytes [A0, A8] .text ... * 2 .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007708f1a0 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[1064] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 4 000000007708f1a4 2 bytes [00, A6] .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll + 154 0000000077066e5a 4 bytes {CALL 0xffffffff88ff91a7} .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtDeviceIoControlFile 000000007708da20 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtDeviceIoControlFile + 4 000000007708da24 2 bytes [90, B0] .text ... * 2 .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000000007708db30 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory + 4 000000007708db34 2 bytes [10, 8E] .text ... * 2 .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000000007708db90 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory + 4 000000007708db94 2 bytes [A0, 83] .text ... * 2 .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtRequestWaitReplyPort 000000007708dbd0 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtRequestWaitReplyPort + 4 000000007708dbd4 2 bytes [70, B6] .text ... * 2 .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007708dc10 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 4 000000007708dc14 2 bytes [B0, B7] .text ... * 2 .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007708dc20 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 4 000000007708dc24 2 bytes [10, BC] .text ... * 2 .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007708dc30 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 4 000000007708dc34 2 bytes [00, 82] .text ... * 2 .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007708dc50 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 4 000000007708dc54 2 bytes [60, 96] .text ... * 2 .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007708dc70 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 4 000000007708dc74 2 bytes [70, BD] .text ... * 2 .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007708dd20 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 4 000000007708dd24 2 bytes [50, AB] .text ... * 2 .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtFsControlFile 000000007708dd40 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtFsControlFile + 4 000000007708dd44 2 bytes [E0, 87] .text ... * 2 .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007708dd50 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 4 000000007708dd54 2 bytes [B0, BA] .text ... * 2 .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007708dd70 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 4 000000007708dd74 2 bytes [60, B3] .text ... * 2 .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtReadVirtualMemory 000000007708dda0 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtReadVirtualMemory + 4 000000007708dda4 2 bytes [80, 8F] .text ... * 2 .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007708de00 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 4 000000007708de04 2 bytes [20, 92] .text ... * 2 .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007708de50 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 4 000000007708de54 2 bytes [D0, A9] .text ... * 2 .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 000000007708de80 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 4 000000007708de84 2 bytes [80, A0] .text ... * 2 .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007708de90 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 4 000000007708de94 2 bytes [A0, 9A] .text ... * 2 .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000000007708deb0 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 4 000000007708deb4 2 bytes [A0, A4] .text ... * 2 .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007708dee0 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread + 4 000000007708dee4 2 bytes [70, A7] .text ... * 2 .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007708df00 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 4 000000007708df04 2 bytes [00, B9] .text ... * 2 .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007708e0f0 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort + 4 000000007708e0f4 2 bytes [30, 86] .text ... * 2 .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007708e100 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort + 4 000000007708e104 2 bytes [F0, 84] .text ... * 2 .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007708e200 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 4 000000007708e204 2 bytes [00, AF] .text ... * 2 .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007708e230 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject + 4 000000007708e234 2 bytes [30, 95] .text ... * 2 .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007708e2d0 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort + 4 000000007708e2d4 2 bytes [80, 8C] .text ... * 2 .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007708e380 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 4 000000007708e384 2 bytes [70, 7F] .text ... * 2 .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007708e3b0 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort + 4 000000007708e3b4 2 bytes [20, 8B] .text ... * 2 .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 000000007708e3d0 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 4 000000007708e3d4 2 bytes [F0, 9E] .text ... * 2 .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007708e420 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject + 4 000000007708e424 2 bytes [50, A3] .text ... * 2 .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007708e430 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 4 000000007708e434 2 bytes [F0, 98] .text ... * 2 .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007708e480 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess + 4 000000007708e484 2 bytes [80, 93] .text ... * 2 .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile 000000007708e500 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile + 4 000000007708e504 2 bytes [90, AC] .text ... * 2 .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtGetNextProcess 000000007708e6c0 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtGetNextProcess + 4 000000007708e6c4 2 bytes [90, 97] .text ... * 2 .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtGetNextThread 000000007708e6d0 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtGetNextThread + 4 000000007708e6d4 2 bytes [30, 9C] .text ... * 2 .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007708e7a0 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 4 000000007708e7a4 2 bytes [30, B2] .text ... * 2 .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtSecureConnectPort 000000007708eea0 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtSecureConnectPort + 4 000000007708eea4 2 bytes [80, 89] .text ... * 2 .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007708eee0 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 4 000000007708eee4 2 bytes [20, A2] .text ... * 2 .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtSetSecurityObject 000000007708f070 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtSetSecurityObject + 4 000000007708f074 2 bytes [E0, 90] .text ... * 2 .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007708f0a0 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 4 000000007708f0a4 2 bytes [C0, AD] .text ... * 2 .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007708f190 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 4 000000007708f194 2 bytes [A0, A8] .text ... * 2 .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007708f1a0 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[1304] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 4 000000007708f1a4 2 bytes [00, A6] .text C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll + 154 0000000077066e5a 4 bytes {CALL 0xffffffff88ff91a7} .text C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtDeviceIoControlFile 000000007708da20 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtDeviceIoControlFile + 4 000000007708da24 2 bytes [90, B0] .text ... * 2 .text C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000000007708db30 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory + 4 000000007708db34 2 bytes [10, 8E] .text ... * 2 .text C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000000007708db90 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory + 4 000000007708db94 2 bytes [A0, 83] .text ... * 2 .text C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtRequestWaitReplyPort 000000007708dbd0 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtRequestWaitReplyPort + 4 000000007708dbd4 2 bytes [70, B6] .text ... * 2 .text C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007708dc10 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 4 000000007708dc14 2 bytes [B0, B7] .text ... * 2 .text C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007708dc20 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 4 000000007708dc24 2 bytes [10, BC] .text ... * 2 .text C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007708dc30 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 4 000000007708dc34 2 bytes [00, 82] .text ... * 2 .text C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007708dc50 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 4 000000007708dc54 2 bytes [60, 96] .text ... * 2 .text C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007708dc70 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 4 000000007708dc74 2 bytes [70, BD] .text ... * 2 .text C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007708dd20 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 4 000000007708dd24 2 bytes [50, AB] .text ... * 2 .text C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtFsControlFile 000000007708dd40 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtFsControlFile + 4 000000007708dd44 2 bytes [E0, 87] .text ... * 2 .text C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007708dd50 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 4 000000007708dd54 2 bytes [B0, BA] .text ... * 2 .text C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007708dd70 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 4 000000007708dd74 2 bytes [60, B3] .text ... * 2 .text C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtReadVirtualMemory 000000007708dda0 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtReadVirtualMemory + 4 000000007708dda4 2 bytes [80, 8F] .text ... * 2 .text C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007708de00 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 4 000000007708de04 2 bytes [20, 92] .text ... * 2 .text C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007708de50 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 4 000000007708de54 2 bytes [D0, A9] .text ... * 2 .text C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 000000007708de80 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 4 000000007708de84 2 bytes [80, A0] .text ... * 2 .text C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007708de90 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 4 000000007708de94 2 bytes [A0, 9A] .text ... * 2 .text C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000000007708deb0 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 4 000000007708deb4 2 bytes [A0, A4] .text ... * 2 .text C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007708dee0 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread + 4 000000007708dee4 2 bytes [70, A7] .text ... * 2 .text C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007708df00 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 4 000000007708df04 2 bytes [00, B9] .text ... * 2 .text C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007708e0f0 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort + 4 000000007708e0f4 2 bytes [30, 86] .text ... * 2 .text C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007708e100 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort + 4 000000007708e104 2 bytes [F0, 84] .text ... * 2 .text C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007708e200 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 4 000000007708e204 2 bytes [00, AF] .text ... * 2 .text C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007708e230 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject + 4 000000007708e234 2 bytes [30, 95] .text ... * 2 .text C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007708e2d0 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort + 4 000000007708e2d4 2 bytes [80, 8C] .text ... * 2 .text C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007708e380 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 4 000000007708e384 2 bytes [70, 7F] .text ... * 2 .text C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007708e3b0 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort + 4 000000007708e3b4 2 bytes [20, 8B] .text ... * 2 .text C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 000000007708e3d0 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 4 000000007708e3d4 2 bytes [F0, 9E] .text ... * 2 .text C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007708e420 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject + 4 000000007708e424 2 bytes [50, A3] .text ... * 2 .text C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007708e430 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 4 000000007708e434 2 bytes [F0, 98] .text ... * 2 .text C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007708e480 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess + 4 000000007708e484 2 bytes [80, 93] .text ... * 2 .text C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile 000000007708e500 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile + 4 000000007708e504 2 bytes [90, AC] .text ... * 2 .text C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtGetNextProcess 000000007708e6c0 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtGetNextProcess + 4 000000007708e6c4 2 bytes [90, 97] .text ... * 2 .text C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtGetNextThread 000000007708e6d0 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtGetNextThread + 4 000000007708e6d4 2 bytes [30, 9C] .text ... * 2 .text C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007708e7a0 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 4 000000007708e7a4 2 bytes [30, B2] .text ... * 2 .text C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtSecureConnectPort 000000007708eea0 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtSecureConnectPort + 4 000000007708eea4 2 bytes [80, 89] .text ... * 2 .text C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007708eee0 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 4 000000007708eee4 2 bytes [20, A2] .text ... * 2 .text C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtSetSecurityObject 000000007708f070 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtSetSecurityObject + 4 000000007708f074 2 bytes [E0, 90] .text ... * 2 .text C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007708f0a0 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 4 000000007708f0a4 2 bytes [C0, AD] .text ... * 2 .text C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007708f190 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 4 000000007708f194 2 bytes [A0, A8] .text ... * 2 .text C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007708f1a0 3 bytes [48, 33, C0] .text C:\Windows\system32\svchost.exe[1484] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 4 000000007708f1a4 2 bytes [00, A6] .text C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.148966.0\BavSvc.exe[1628] C:\Windows\SysWOW64\ntdll.dll!RtlInitializeExceptionChain + 27 000000007725983a 6 bytes JMP 71a8000a .text C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.148966.0\BavSvc.exe[1628] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007725f33b 6 bytes JMP 71af000a .text C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.148966.0\BavSvc.exe[1628] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000075488781 8 bytes [33, C0, 90, 90, C2, 04, 00, ...] .text C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.148966.0\BHipsSvc.exe[1844] C:\Windows\SysWOW64\ntdll.dll!RtlInitializeExceptionChain + 27 000000007725983a 6 bytes JMP 71af000a .text C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.148966.0\BHipsSvc.exe[1844] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007725f33b 6 bytes JMP 71a8000a .text C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.148966.0\BHipsSvc.exe[1844] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000075488781 8 bytes [33, C0, 90, 90, C2, 04, 00, ...] .text C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.148966.0\BHipsSvc.exe[1844] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 499 0000000075222ca4 4 bytes CALL 71ac0000 .text C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.148966.0\BHipsSvc.exe[1844] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074cf1401 2 bytes JMP 754ab21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.148966.0\BHipsSvc.exe[1844] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074cf1419 2 bytes JMP 754ab346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.148966.0\BHipsSvc.exe[1844] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074cf1431 2 bytes JMP 75528fd1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.148966.0\BHipsSvc.exe[1844] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074cf144a 2 bytes CALL 7548489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.148966.0\BHipsSvc.exe[1844] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074cf14dd 2 bytes JMP 755288c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.148966.0\BHipsSvc.exe[1844] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074cf14f5 2 bytes JMP 75528aa0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.148966.0\BHipsSvc.exe[1844] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074cf150d 2 bytes JMP 755287ba C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.148966.0\BHipsSvc.exe[1844] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074cf1525 2 bytes JMP 75528b8a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.148966.0\BHipsSvc.exe[1844] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074cf153d 2 bytes JMP 7549fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.148966.0\BHipsSvc.exe[1844] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074cf1555 2 bytes JMP 754a68ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.148966.0\BHipsSvc.exe[1844] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074cf156d 2 bytes JMP 75529089 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.148966.0\BHipsSvc.exe[1844] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074cf1585 2 bytes JMP 75528bea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.148966.0\BHipsSvc.exe[1844] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074cf159d 2 bytes JMP 7552877e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.148966.0\BHipsSvc.exe[1844] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074cf15b5 2 bytes JMP 7549fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.148966.0\BHipsSvc.exe[1844] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074cf15cd 2 bytes JMP 754ab2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.148966.0\BHipsSvc.exe[1844] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074cf16b2 2 bytes JMP 75528f4c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.148966.0\BHipsSvc.exe[1844] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074cf16bd 2 bytes JMP 75528713 C:\Windows\syswow64\kernel32.dll .text C:\Windows\System32\svchost.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll + 154 0000000077066e5a 4 bytes {CALL 0xffffffff88ff91a7} .text C:\Windows\System32\svchost.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtDeviceIoControlFile 000000007708da20 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtDeviceIoControlFile + 4 000000007708da24 2 bytes [90, B0] .text ... * 2 .text C:\Windows\System32\svchost.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000000007708db30 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory + 4 000000007708db34 2 bytes [10, 8E] .text ... * 2 .text C:\Windows\System32\svchost.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000000007708db90 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory + 4 000000007708db94 2 bytes [A0, 83] .text ... * 2 .text C:\Windows\System32\svchost.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtRequestWaitReplyPort 000000007708dbd0 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtRequestWaitReplyPort + 4 000000007708dbd4 2 bytes [70, B6] .text ... * 2 .text C:\Windows\System32\svchost.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007708dc10 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 4 000000007708dc14 2 bytes [B0, B7] .text ... * 2 .text C:\Windows\System32\svchost.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007708dc20 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 4 000000007708dc24 2 bytes [10, BC] .text ... * 2 .text C:\Windows\System32\svchost.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007708dc30 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 4 000000007708dc34 2 bytes [00, 82] .text ... * 2 .text C:\Windows\System32\svchost.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007708dc50 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 4 000000007708dc54 2 bytes [60, 96] .text ... * 2 .text C:\Windows\System32\svchost.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007708dc70 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 4 000000007708dc74 2 bytes [70, BD] .text ... * 2 .text C:\Windows\System32\svchost.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007708dd20 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 4 000000007708dd24 2 bytes [50, AB] .text ... * 2 .text C:\Windows\System32\svchost.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtFsControlFile 000000007708dd40 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtFsControlFile + 4 000000007708dd44 2 bytes [E0, 87] .text ... * 2 .text C:\Windows\System32\svchost.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007708dd50 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 4 000000007708dd54 2 bytes [B0, BA] .text ... * 2 .text C:\Windows\System32\svchost.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007708dd70 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 4 000000007708dd74 2 bytes [60, B3] .text ... * 2 .text C:\Windows\System32\svchost.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtReadVirtualMemory 000000007708dda0 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtReadVirtualMemory + 4 000000007708dda4 2 bytes [80, 8F] .text ... * 2 .text C:\Windows\System32\svchost.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007708de00 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 4 000000007708de04 2 bytes [20, 92] .text ... * 2 .text C:\Windows\System32\svchost.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007708de50 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 4 000000007708de54 2 bytes [D0, A9] .text ... * 2 .text C:\Windows\System32\svchost.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 000000007708de80 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 4 000000007708de84 2 bytes [80, A0] .text ... * 2 .text C:\Windows\System32\svchost.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007708de90 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 4 000000007708de94 2 bytes [A0, 9A] .text ... * 2 .text C:\Windows\System32\svchost.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000000007708deb0 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 4 000000007708deb4 2 bytes [A0, A4] .text ... * 2 .text C:\Windows\System32\svchost.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007708dee0 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread + 4 000000007708dee4 2 bytes [70, A7] .text ... * 2 .text C:\Windows\System32\svchost.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007708df00 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 4 000000007708df04 2 bytes [00, B9] .text ... * 2 .text C:\Windows\System32\svchost.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007708e0f0 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort + 4 000000007708e0f4 2 bytes [30, 86] .text ... * 2 .text C:\Windows\System32\svchost.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007708e100 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort + 4 000000007708e104 2 bytes [F0, 84] .text ... * 2 .text C:\Windows\System32\svchost.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007708e200 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 4 000000007708e204 2 bytes [00, AF] .text ... * 2 .text C:\Windows\System32\svchost.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007708e230 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject + 4 000000007708e234 2 bytes [30, 95] .text ... * 2 .text C:\Windows\System32\svchost.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007708e2d0 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort + 4 000000007708e2d4 2 bytes [80, 8C] .text ... * 2 .text C:\Windows\System32\svchost.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007708e380 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 4 000000007708e384 2 bytes [70, 7F] .text ... * 2 .text C:\Windows\System32\svchost.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007708e3b0 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort + 4 000000007708e3b4 2 bytes [20, 8B] .text ... * 2 .text C:\Windows\System32\svchost.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 000000007708e3d0 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 4 000000007708e3d4 2 bytes [F0, 9E] .text ... * 2 .text C:\Windows\System32\svchost.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007708e420 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject + 4 000000007708e424 2 bytes [50, A3] .text ... * 2 .text C:\Windows\System32\svchost.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007708e430 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 4 000000007708e434 2 bytes [F0, 98] .text ... * 2 .text C:\Windows\System32\svchost.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007708e480 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess + 4 000000007708e484 2 bytes [80, 93] .text ... * 2 .text C:\Windows\System32\svchost.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile 000000007708e500 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile + 4 000000007708e504 2 bytes [90, AC] .text ... * 2 .text C:\Windows\System32\svchost.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtGetNextProcess 000000007708e6c0 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtGetNextProcess + 4 000000007708e6c4 2 bytes [90, 97] .text ... * 2 .text C:\Windows\System32\svchost.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtGetNextThread 000000007708e6d0 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtGetNextThread + 4 000000007708e6d4 2 bytes [30, 9C] .text ... * 2 .text C:\Windows\System32\svchost.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007708e7a0 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 4 000000007708e7a4 2 bytes [30, B2] .text ... * 2 .text C:\Windows\System32\svchost.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtSecureConnectPort 000000007708eea0 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtSecureConnectPort + 4 000000007708eea4 2 bytes [80, 89] .text ... * 2 .text C:\Windows\System32\svchost.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007708eee0 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 4 000000007708eee4 2 bytes [20, A2] .text ... * 2 .text C:\Windows\System32\svchost.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtSetSecurityObject 000000007708f070 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtSetSecurityObject + 4 000000007708f074 2 bytes [E0, 90] .text ... * 2 .text C:\Windows\System32\svchost.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007708f0a0 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 4 000000007708f0a4 2 bytes [C0, AD] .text ... * 2 .text C:\Windows\System32\svchost.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007708f190 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 4 000000007708f194 2 bytes [A0, A8] .text ... * 2 .text C:\Windows\System32\svchost.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007708f1a0 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 4 000000007708f1a4 2 bytes [00, A6] .text C:\Windows\system32\taskhost.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll + 154 0000000077066e5a 4 bytes {CALL 0xffffffff88fe91a7} .text C:\Windows\system32\taskhost.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtDeviceIoControlFile 000000007708da20 3 bytes [48, 33, C0] .text C:\Windows\system32\taskhost.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtDeviceIoControlFile + 4 000000007708da24 2 bytes [90, B0] .text ... * 2 .text C:\Windows\system32\taskhost.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000000007708db30 3 bytes [48, 33, C0] .text C:\Windows\system32\taskhost.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory + 4 000000007708db34 2 bytes [10, 8E] .text ... * 2 .text C:\Windows\system32\taskhost.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000000007708db90 3 bytes [48, 33, C0] .text C:\Windows\system32\taskhost.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory + 4 000000007708db94 2 bytes [A0, 83] .text ... * 2 .text C:\Windows\system32\taskhost.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtRequestWaitReplyPort 000000007708dbd0 3 bytes [48, 33, C0] .text C:\Windows\system32\taskhost.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtRequestWaitReplyPort + 4 000000007708dbd4 2 bytes [70, B6] .text ... * 2 .text C:\Windows\system32\taskhost.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007708dc10 3 bytes [48, 33, C0] .text C:\Windows\system32\taskhost.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 4 000000007708dc14 2 bytes [B0, B7] .text ... * 2 .text C:\Windows\system32\taskhost.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007708dc20 3 bytes [48, 33, C0] .text C:\Windows\system32\taskhost.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 4 000000007708dc24 2 bytes [10, BC] .text ... * 2 .text C:\Windows\system32\taskhost.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007708dc30 3 bytes [48, 33, C0] .text C:\Windows\system32\taskhost.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 4 000000007708dc34 2 bytes [00, 82] .text ... * 2 .text C:\Windows\system32\taskhost.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007708dc50 3 bytes [48, 33, C0] .text C:\Windows\system32\taskhost.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 4 000000007708dc54 2 bytes [60, 96] .text ... * 2 .text C:\Windows\system32\taskhost.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007708dc70 3 bytes [48, 33, C0] .text C:\Windows\system32\taskhost.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 4 000000007708dc74 2 bytes [70, BD] .text ... * 2 .text C:\Windows\system32\taskhost.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007708dd20 3 bytes [48, 33, C0] .text C:\Windows\system32\taskhost.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 4 000000007708dd24 2 bytes [50, AB] .text ... * 2 .text C:\Windows\system32\taskhost.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtFsControlFile 000000007708dd40 3 bytes [48, 33, C0] .text C:\Windows\system32\taskhost.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtFsControlFile + 4 000000007708dd44 2 bytes [E0, 87] .text ... * 2 .text C:\Windows\system32\taskhost.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007708dd50 3 bytes [48, 33, C0] .text C:\Windows\system32\taskhost.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 4 000000007708dd54 2 bytes [B0, BA] .text ... * 2 .text C:\Windows\system32\taskhost.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007708dd70 3 bytes [48, 33, C0] .text C:\Windows\system32\taskhost.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 4 000000007708dd74 2 bytes [60, B3] .text ... * 2 .text C:\Windows\system32\taskhost.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtReadVirtualMemory 000000007708dda0 3 bytes [48, 33, C0] .text C:\Windows\system32\taskhost.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtReadVirtualMemory + 4 000000007708dda4 2 bytes [80, 8F] .text ... * 2 .text C:\Windows\system32\taskhost.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007708de00 3 bytes [48, 33, C0] .text C:\Windows\system32\taskhost.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 4 000000007708de04 2 bytes [20, 92] .text ... * 2 .text C:\Windows\system32\taskhost.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007708de50 3 bytes [48, 33, C0] .text C:\Windows\system32\taskhost.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 4 000000007708de54 2 bytes [D0, A9] .text ... * 2 .text C:\Windows\system32\taskhost.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 000000007708de80 3 bytes [48, 33, C0] .text C:\Windows\system32\taskhost.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 4 000000007708de84 2 bytes [80, A0] .text ... * 2 .text C:\Windows\system32\taskhost.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007708de90 3 bytes [48, 33, C0] .text C:\Windows\system32\taskhost.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 4 000000007708de94 2 bytes [A0, 9A] .text ... * 2 .text C:\Windows\system32\taskhost.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000000007708deb0 3 bytes [48, 33, C0] .text C:\Windows\system32\taskhost.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 4 000000007708deb4 2 bytes [A0, A4] .text ... * 2 .text C:\Windows\system32\taskhost.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007708dee0 3 bytes [48, 33, C0] .text C:\Windows\system32\taskhost.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread + 4 000000007708dee4 2 bytes [70, A7] .text ... * 2 .text C:\Windows\system32\taskhost.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007708df00 3 bytes [48, 33, C0] .text C:\Windows\system32\taskhost.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 4 000000007708df04 2 bytes [00, B9] .text ... * 2 .text C:\Windows\system32\taskhost.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007708e0f0 3 bytes [48, 33, C0] .text C:\Windows\system32\taskhost.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort + 4 000000007708e0f4 2 bytes [30, 86] .text ... * 2 .text C:\Windows\system32\taskhost.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007708e100 3 bytes [48, 33, C0] .text C:\Windows\system32\taskhost.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort + 4 000000007708e104 2 bytes [F0, 84] .text ... * 2 .text C:\Windows\system32\taskhost.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007708e200 3 bytes [48, 33, C0] .text C:\Windows\system32\taskhost.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 4 000000007708e204 2 bytes [00, AF] .text ... * 2 .text C:\Windows\system32\taskhost.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007708e230 3 bytes [48, 33, C0] .text C:\Windows\system32\taskhost.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject + 4 000000007708e234 2 bytes [30, 95] .text ... * 2 .text C:\Windows\system32\taskhost.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007708e2d0 3 bytes [48, 33, C0] .text C:\Windows\system32\taskhost.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort + 4 000000007708e2d4 2 bytes [80, 8C] .text ... * 2 .text C:\Windows\system32\taskhost.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007708e380 3 bytes [48, 33, C0] .text C:\Windows\system32\taskhost.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 4 000000007708e384 2 bytes [70, 7F] .text ... * 2 .text C:\Windows\system32\taskhost.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007708e3b0 3 bytes [48, 33, C0] .text C:\Windows\system32\taskhost.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort + 4 000000007708e3b4 2 bytes [20, 8B] .text ... * 2 .text C:\Windows\system32\taskhost.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 000000007708e3d0 3 bytes [48, 33, C0] .text C:\Windows\system32\taskhost.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 4 000000007708e3d4 2 bytes [F0, 9E] .text ... * 2 .text C:\Windows\system32\taskhost.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007708e420 3 bytes [48, 33, C0] .text C:\Windows\system32\taskhost.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject + 4 000000007708e424 2 bytes [50, A3] .text ... * 2 .text C:\Windows\system32\taskhost.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007708e430 3 bytes [48, 33, C0] .text C:\Windows\system32\taskhost.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 4 000000007708e434 2 bytes [F0, 98] .text ... * 2 .text C:\Windows\system32\taskhost.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007708e480 3 bytes [48, 33, C0] .text C:\Windows\system32\taskhost.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess + 4 000000007708e484 2 bytes [80, 93] .text ... * 2 .text C:\Windows\system32\taskhost.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile 000000007708e500 3 bytes [48, 33, C0] .text C:\Windows\system32\taskhost.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile + 4 000000007708e504 2 bytes [90, AC] .text ... * 2 .text C:\Windows\system32\taskhost.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtGetNextProcess 000000007708e6c0 3 bytes [48, 33, C0] .text C:\Windows\system32\taskhost.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtGetNextProcess + 4 000000007708e6c4 2 bytes [90, 97] .text ... * 2 .text C:\Windows\system32\taskhost.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtGetNextThread 000000007708e6d0 3 bytes [48, 33, C0] .text C:\Windows\system32\taskhost.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtGetNextThread + 4 000000007708e6d4 2 bytes [30, 9C] .text ... * 2 .text C:\Windows\system32\taskhost.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007708e7a0 3 bytes [48, 33, C0] .text C:\Windows\system32\taskhost.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 4 000000007708e7a4 2 bytes [30, B2] .text ... * 2 .text C:\Windows\system32\taskhost.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtSecureConnectPort 000000007708eea0 3 bytes [48, 33, C0] .text C:\Windows\system32\taskhost.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtSecureConnectPort + 4 000000007708eea4 2 bytes [80, 89] .text ... * 2 .text C:\Windows\system32\taskhost.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007708eee0 3 bytes [48, 33, C0] .text C:\Windows\system32\taskhost.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 4 000000007708eee4 2 bytes [20, A2] .text ... * 2 .text C:\Windows\system32\taskhost.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtSetSecurityObject 000000007708f070 3 bytes [48, 33, C0] .text C:\Windows\system32\taskhost.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtSetSecurityObject + 4 000000007708f074 2 bytes [E0, 90] .text ... * 2 .text C:\Windows\system32\taskhost.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007708f0a0 3 bytes [48, 33, C0] .text C:\Windows\system32\taskhost.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 4 000000007708f0a4 2 bytes [C0, AD] .text ... * 2 .text C:\Windows\system32\taskhost.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007708f190 3 bytes [48, 33, C0] .text C:\Windows\system32\taskhost.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 4 000000007708f194 2 bytes [A0, A8] .text ... * 2 .text C:\Windows\system32\taskhost.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007708f1a0 3 bytes [48, 33, C0] .text C:\Windows\system32\taskhost.exe[2236] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 4 000000007708f1a4 2 bytes [00, A6] .text C:\Windows\system32\taskhost.exe[2236] C:\Windows\system32\GDI32.dll!BitBlt + 240 000007feff2e25b0 3 bytes [48, 33, C0] .text C:\Windows\system32\taskhost.exe[2236] C:\Windows\system32\GDI32.dll!BitBlt + 244 000007feff2e25b4 2 bytes [10, 50] .text ... * 2 .text C:\Windows\system32\taskhost.exe[2236] C:\Windows\system32\GDI32.dll!GdiAlphaBlend + 256 000007feff2e3f10 3 bytes [48, 33, C0] .text C:\Windows\system32\taskhost.exe[2236] C:\Windows\system32\GDI32.dll!GdiAlphaBlend + 260 000007feff2e3f14 2 bytes [10, 42] .text ... * 2 .text C:\Windows\system32\taskhost.exe[2236] C:\Windows\system32\GDI32.dll!StretchBlt + 248 000007feff2ebae0 3 bytes [48, 33, C0] .text C:\Windows\system32\taskhost.exe[2236] C:\Windows\system32\GDI32.dll!StretchBlt + 252 000007feff2ebae4 2 bytes [70, 48] .text ... * 2 .text C:\Windows\system32\taskhost.exe[2236] C:\Windows\system32\GDI32.dll!PlgBlt + 256 000007feff2ec9f0 3 bytes [48, 33, C0] .text C:\Windows\system32\taskhost.exe[2236] C:\Windows\system32\GDI32.dll!PlgBlt + 260 000007feff2ec9f4 2 bytes [80, 45] .text ... * 2 .text C:\Windows\system32\taskhost.exe[2236] C:\Windows\system32\GDI32.dll!GdiTransparentBlt + 288 000007feff2f55a0 3 bytes [48, 33, C0] .text C:\Windows\system32\taskhost.exe[2236] C:\Windows\system32\GDI32.dll!GdiTransparentBlt + 292 000007feff2f55a4 2 bytes [D0, 43] .text C:\Windows\Explorer.EXE[3208] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll + 154 0000000077066e5a 4 bytes {CALL 0xffffffff890791a7} .text C:\Windows\Explorer.EXE[3208] C:\Windows\SYSTEM32\ntdll.dll!NtDeviceIoControlFile 000000007708da20 3 bytes [48, 33, C0] .text C:\Windows\Explorer.EXE[3208] C:\Windows\SYSTEM32\ntdll.dll!NtDeviceIoControlFile + 4 000000007708da24 2 bytes [90, B0] .text ... * 2 .text C:\Windows\Explorer.EXE[3208] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000000007708db30 3 bytes [48, 33, C0] .text C:\Windows\Explorer.EXE[3208] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory + 4 000000007708db34 2 bytes [10, 8E] .text ... * 2 .text C:\Windows\Explorer.EXE[3208] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000000007708db90 3 bytes [48, 33, C0] .text C:\Windows\Explorer.EXE[3208] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory + 4 000000007708db94 2 bytes [A0, 83] .text ... * 2 .text C:\Windows\Explorer.EXE[3208] C:\Windows\SYSTEM32\ntdll.dll!NtRequestWaitReplyPort 000000007708dbd0 3 bytes [48, 33, C0] .text C:\Windows\Explorer.EXE[3208] C:\Windows\SYSTEM32\ntdll.dll!NtRequestWaitReplyPort + 4 000000007708dbd4 2 bytes [70, B6] .text ... * 2 .text C:\Windows\Explorer.EXE[3208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007708dc10 3 bytes [48, 33, C0] .text C:\Windows\Explorer.EXE[3208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 4 000000007708dc14 2 bytes [B0, B7] .text ... * 2 .text C:\Windows\Explorer.EXE[3208] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007708dc20 3 bytes [48, 33, C0] .text C:\Windows\Explorer.EXE[3208] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 4 000000007708dc24 2 bytes [10, BC] .text ... * 2 .text C:\Windows\Explorer.EXE[3208] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007708dc30 3 bytes [48, 33, C0] .text C:\Windows\Explorer.EXE[3208] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 4 000000007708dc34 2 bytes [00, 82] .text ... * 2 .text C:\Windows\Explorer.EXE[3208] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007708dc50 3 bytes [48, 33, C0] .text C:\Windows\Explorer.EXE[3208] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 4 000000007708dc54 2 bytes [60, 96] .text ... * 2 .text C:\Windows\Explorer.EXE[3208] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007708dc70 3 bytes [48, 33, C0] .text C:\Windows\Explorer.EXE[3208] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 4 000000007708dc74 2 bytes [70, BD] .text ... * 2 .text C:\Windows\Explorer.EXE[3208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007708dd20 3 bytes [48, 33, C0] .text C:\Windows\Explorer.EXE[3208] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 4 000000007708dd24 2 bytes [50, AB] .text ... * 2 .text C:\Windows\Explorer.EXE[3208] C:\Windows\SYSTEM32\ntdll.dll!NtFsControlFile 000000007708dd40 3 bytes [48, 33, C0] .text C:\Windows\Explorer.EXE[3208] C:\Windows\SYSTEM32\ntdll.dll!NtFsControlFile + 4 000000007708dd44 2 bytes [E0, 87] .text ... * 2 .text C:\Windows\Explorer.EXE[3208] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007708dd50 3 bytes [48, 33, C0] .text C:\Windows\Explorer.EXE[3208] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 4 000000007708dd54 2 bytes [B0, BA] .text ... * 2 .text C:\Windows\Explorer.EXE[3208] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007708dd70 3 bytes [48, 33, C0] .text C:\Windows\Explorer.EXE[3208] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 4 000000007708dd74 2 bytes [60, B3] .text ... * 2 .text C:\Windows\Explorer.EXE[3208] C:\Windows\SYSTEM32\ntdll.dll!NtReadVirtualMemory 000000007708dda0 3 bytes [48, 33, C0] .text C:\Windows\Explorer.EXE[3208] C:\Windows\SYSTEM32\ntdll.dll!NtReadVirtualMemory + 4 000000007708dda4 2 bytes [80, 8F] .text ... * 2 .text C:\Windows\Explorer.EXE[3208] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007708de00 3 bytes [48, 33, C0] .text C:\Windows\Explorer.EXE[3208] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 4 000000007708de04 2 bytes [20, 92] .text ... * 2 .text C:\Windows\Explorer.EXE[3208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007708de50 3 bytes [48, 33, C0] .text C:\Windows\Explorer.EXE[3208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 4 000000007708de54 2 bytes [D0, A9] .text ... * 2 .text C:\Windows\Explorer.EXE[3208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 000000007708de80 3 bytes [48, 33, C0] .text C:\Windows\Explorer.EXE[3208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 4 000000007708de84 2 bytes [80, A0] .text ... * 2 .text C:\Windows\Explorer.EXE[3208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007708de90 3 bytes [48, 33, C0] .text C:\Windows\Explorer.EXE[3208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 4 000000007708de94 2 bytes [A0, 9A] .text ... * 2 .text C:\Windows\Explorer.EXE[3208] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000000007708deb0 3 bytes [48, 33, C0] .text C:\Windows\Explorer.EXE[3208] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 4 000000007708deb4 2 bytes [A0, A4] .text ... * 2 .text C:\Windows\Explorer.EXE[3208] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007708dee0 3 bytes [48, 33, C0] .text C:\Windows\Explorer.EXE[3208] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread + 4 000000007708dee4 2 bytes [70, A7] .text ... * 2 .text C:\Windows\Explorer.EXE[3208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007708df00 3 bytes [48, 33, C0] .text C:\Windows\Explorer.EXE[3208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 4 000000007708df04 2 bytes [00, B9] .text ... * 2 .text C:\Windows\Explorer.EXE[3208] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007708e0f0 3 bytes [48, 33, C0] .text C:\Windows\Explorer.EXE[3208] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort + 4 000000007708e0f4 2 bytes [30, 86] .text ... * 2 .text C:\Windows\Explorer.EXE[3208] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007708e100 3 bytes [48, 33, C0] .text C:\Windows\Explorer.EXE[3208] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort + 4 000000007708e104 2 bytes [F0, 84] .text ... * 2 .text C:\Windows\Explorer.EXE[3208] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007708e200 3 bytes [48, 33, C0] .text C:\Windows\Explorer.EXE[3208] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 4 000000007708e204 2 bytes [00, AF] .text ... * 2 .text C:\Windows\Explorer.EXE[3208] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007708e230 3 bytes [48, 33, C0] .text C:\Windows\Explorer.EXE[3208] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject + 4 000000007708e234 2 bytes [30, 95] .text ... * 2 .text C:\Windows\Explorer.EXE[3208] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007708e2d0 3 bytes [48, 33, C0] .text C:\Windows\Explorer.EXE[3208] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort + 4 000000007708e2d4 2 bytes [80, 8C] .text ... * 2 .text C:\Windows\Explorer.EXE[3208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007708e380 3 bytes [48, 33, C0] .text C:\Windows\Explorer.EXE[3208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 4 000000007708e384 2 bytes [70, 7F] .text ... * 2 .text C:\Windows\Explorer.EXE[3208] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007708e3b0 3 bytes [48, 33, C0] .text C:\Windows\Explorer.EXE[3208] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort + 4 000000007708e3b4 2 bytes [20, 8B] .text ... * 2 .text C:\Windows\Explorer.EXE[3208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 000000007708e3d0 3 bytes [48, 33, C0] .text C:\Windows\Explorer.EXE[3208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 4 000000007708e3d4 2 bytes [F0, 9E] .text ... * 2 .text C:\Windows\Explorer.EXE[3208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007708e420 3 bytes [48, 33, C0] .text C:\Windows\Explorer.EXE[3208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject + 4 000000007708e424 2 bytes [50, A3] .text ... * 2 .text C:\Windows\Explorer.EXE[3208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007708e430 3 bytes [48, 33, C0] .text C:\Windows\Explorer.EXE[3208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 4 000000007708e434 2 bytes [F0, 98] .text ... * 2 .text C:\Windows\Explorer.EXE[3208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007708e480 3 bytes [48, 33, C0] .text C:\Windows\Explorer.EXE[3208] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess + 4 000000007708e484 2 bytes [80, 93] .text ... * 2 .text C:\Windows\Explorer.EXE[3208] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile 000000007708e500 3 bytes [48, 33, C0] .text C:\Windows\Explorer.EXE[3208] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile + 4 000000007708e504 2 bytes [90, AC] .text ... * 2 .text C:\Windows\Explorer.EXE[3208] C:\Windows\SYSTEM32\ntdll.dll!NtGetNextProcess 000000007708e6c0 3 bytes [48, 33, C0] .text C:\Windows\Explorer.EXE[3208] C:\Windows\SYSTEM32\ntdll.dll!NtGetNextProcess + 4 000000007708e6c4 2 bytes [90, 97] .text ... * 2 .text C:\Windows\Explorer.EXE[3208] C:\Windows\SYSTEM32\ntdll.dll!NtGetNextThread 000000007708e6d0 3 bytes [48, 33, C0] .text C:\Windows\Explorer.EXE[3208] C:\Windows\SYSTEM32\ntdll.dll!NtGetNextThread + 4 000000007708e6d4 2 bytes [30, 9C] .text ... * 2 .text C:\Windows\Explorer.EXE[3208] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007708e7a0 3 bytes [48, 33, C0] .text C:\Windows\Explorer.EXE[3208] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 4 000000007708e7a4 2 bytes [30, B2] .text ... * 2 .text C:\Windows\Explorer.EXE[3208] C:\Windows\SYSTEM32\ntdll.dll!NtSecureConnectPort 000000007708eea0 3 bytes [48, 33, C0] .text C:\Windows\Explorer.EXE[3208] C:\Windows\SYSTEM32\ntdll.dll!NtSecureConnectPort + 4 000000007708eea4 2 bytes [80, 89] .text ... * 2 .text C:\Windows\Explorer.EXE[3208] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007708eee0 3 bytes [48, 33, C0] .text C:\Windows\Explorer.EXE[3208] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 4 000000007708eee4 2 bytes [20, A2] .text ... * 2 .text C:\Windows\Explorer.EXE[3208] C:\Windows\SYSTEM32\ntdll.dll!NtSetSecurityObject 000000007708f070 3 bytes [48, 33, C0] .text C:\Windows\Explorer.EXE[3208] C:\Windows\SYSTEM32\ntdll.dll!NtSetSecurityObject + 4 000000007708f074 2 bytes [E0, 90] .text ... * 2 .text C:\Windows\Explorer.EXE[3208] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007708f0a0 3 bytes [48, 33, C0] .text C:\Windows\Explorer.EXE[3208] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 4 000000007708f0a4 2 bytes [C0, AD] .text ... * 2 .text C:\Windows\Explorer.EXE[3208] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007708f190 3 bytes [48, 33, C0] .text C:\Windows\Explorer.EXE[3208] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 4 000000007708f194 2 bytes [A0, A8] .text ... * 2 .text C:\Windows\Explorer.EXE[3208] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007708f1a0 3 bytes [48, 33, C0] .text C:\Windows\Explorer.EXE[3208] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 4 000000007708f1a4 2 bytes [00, A6] .text C:\Windows\Explorer.EXE[3208] C:\Windows\system32\kernel32.dll!CreateProcessW 0000000076f40670 6 bytes {JMP QWORD [RIP+0x90df9c0]} .text C:\Windows\Explorer.EXE[3208] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 354 000007fefd06b022 3 bytes [E8, 4F, 0E] .text C:\Windows\Explorer.EXE[3208] C:\Windows\system32\GDI32.dll!BitBlt + 240 000007feff2e25b0 3 bytes [48, 33, C0] .text C:\Windows\Explorer.EXE[3208] C:\Windows\system32\GDI32.dll!BitBlt + 244 000007feff2e25b4 2 bytes [10, 50] .text ... * 2 .text C:\Windows\Explorer.EXE[3208] C:\Windows\system32\GDI32.dll!GdiAlphaBlend + 256 000007feff2e3f10 3 bytes [48, 33, C0] .text C:\Windows\Explorer.EXE[3208] C:\Windows\system32\GDI32.dll!GdiAlphaBlend + 260 000007feff2e3f14 2 bytes [10, 42] .text ... * 2 .text C:\Windows\Explorer.EXE[3208] C:\Windows\system32\GDI32.dll!StretchBlt + 248 000007feff2ebae0 3 bytes [48, 33, C0] .text C:\Windows\Explorer.EXE[3208] C:\Windows\system32\GDI32.dll!StretchBlt + 252 000007feff2ebae4 2 bytes [70, 48] .text ... * 2 .text C:\Windows\Explorer.EXE[3208] C:\Windows\system32\GDI32.dll!PlgBlt + 256 000007feff2ec9f0 3 bytes [48, 33, C0] .text C:\Windows\Explorer.EXE[3208] C:\Windows\system32\GDI32.dll!PlgBlt + 260 000007feff2ec9f4 2 bytes [80, 45] .text ... * 2 .text C:\Windows\Explorer.EXE[3208] C:\Windows\system32\GDI32.dll!GdiTransparentBlt + 288 000007feff2f55a0 3 bytes [48, 33, C0] .text C:\Windows\Explorer.EXE[3208] C:\Windows\system32\GDI32.dll!GdiTransparentBlt + 292 000007feff2f55a4 2 bytes [D0, 43] .text C:\Windows\system32\Dwm.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll + 154 0000000077066e5a 4 bytes {CALL 0xffffffff88ff91a7} .text C:\Windows\system32\Dwm.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtDeviceIoControlFile 000000007708da20 3 bytes [48, 33, C0] .text C:\Windows\system32\Dwm.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtDeviceIoControlFile + 4 000000007708da24 2 bytes [90, B0] .text ... * 2 .text C:\Windows\system32\Dwm.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000000007708db30 3 bytes [48, 33, C0] .text C:\Windows\system32\Dwm.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory + 4 000000007708db34 2 bytes [10, 8E] .text ... * 2 .text C:\Windows\system32\Dwm.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000000007708db90 3 bytes [48, 33, C0] .text C:\Windows\system32\Dwm.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory + 4 000000007708db94 2 bytes [A0, 83] .text ... * 2 .text C:\Windows\system32\Dwm.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtRequestWaitReplyPort 000000007708dbd0 3 bytes [48, 33, C0] .text C:\Windows\system32\Dwm.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtRequestWaitReplyPort + 4 000000007708dbd4 2 bytes [70, B6] .text ... * 2 .text C:\Windows\system32\Dwm.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007708dc10 3 bytes [48, 33, C0] .text C:\Windows\system32\Dwm.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 4 000000007708dc14 2 bytes [B0, B7] .text ... * 2 .text C:\Windows\system32\Dwm.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007708dc20 3 bytes [48, 33, C0] .text C:\Windows\system32\Dwm.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 4 000000007708dc24 2 bytes [10, BC] .text ... * 2 .text C:\Windows\system32\Dwm.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007708dc30 3 bytes [48, 33, C0] .text C:\Windows\system32\Dwm.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 4 000000007708dc34 2 bytes [00, 82] .text ... * 2 .text C:\Windows\system32\Dwm.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007708dc50 3 bytes [48, 33, C0] .text C:\Windows\system32\Dwm.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 4 000000007708dc54 2 bytes [60, 96] .text ... * 2 .text C:\Windows\system32\Dwm.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007708dc70 3 bytes [48, 33, C0] .text C:\Windows\system32\Dwm.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 4 000000007708dc74 2 bytes [70, BD] .text ... * 2 .text C:\Windows\system32\Dwm.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007708dd20 3 bytes [48, 33, C0] .text C:\Windows\system32\Dwm.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 4 000000007708dd24 2 bytes [50, AB] .text ... * 2 .text C:\Windows\system32\Dwm.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtFsControlFile 000000007708dd40 3 bytes [48, 33, C0] .text C:\Windows\system32\Dwm.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtFsControlFile + 4 000000007708dd44 2 bytes [E0, 87] .text ... * 2 .text C:\Windows\system32\Dwm.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007708dd50 3 bytes [48, 33, C0] .text C:\Windows\system32\Dwm.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 4 000000007708dd54 2 bytes [B0, BA] .text ... * 2 .text C:\Windows\system32\Dwm.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007708dd70 3 bytes [48, 33, C0] .text C:\Windows\system32\Dwm.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 4 000000007708dd74 2 bytes [60, B3] .text ... * 2 .text C:\Windows\system32\Dwm.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtReadVirtualMemory 000000007708dda0 3 bytes [48, 33, C0] .text C:\Windows\system32\Dwm.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtReadVirtualMemory + 4 000000007708dda4 2 bytes [80, 8F] .text ... * 2 .text C:\Windows\system32\Dwm.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007708de00 3 bytes [48, 33, C0] .text C:\Windows\system32\Dwm.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 4 000000007708de04 2 bytes [20, 92] .text ... * 2 .text C:\Windows\system32\Dwm.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007708de50 3 bytes [48, 33, C0] .text C:\Windows\system32\Dwm.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 4 000000007708de54 2 bytes [D0, A9] .text ... * 2 .text C:\Windows\system32\Dwm.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 000000007708de80 3 bytes [48, 33, C0] .text C:\Windows\system32\Dwm.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 4 000000007708de84 2 bytes [80, A0] .text ... * 2 .text C:\Windows\system32\Dwm.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007708de90 3 bytes [48, 33, C0] .text C:\Windows\system32\Dwm.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 4 000000007708de94 2 bytes [A0, 9A] .text ... * 2 .text C:\Windows\system32\Dwm.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000000007708deb0 3 bytes [48, 33, C0] .text C:\Windows\system32\Dwm.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 4 000000007708deb4 2 bytes [A0, A4] .text ... * 2 .text C:\Windows\system32\Dwm.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007708dee0 3 bytes [48, 33, C0] .text C:\Windows\system32\Dwm.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread + 4 000000007708dee4 2 bytes [70, A7] .text ... * 2 .text C:\Windows\system32\Dwm.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007708df00 3 bytes [48, 33, C0] .text C:\Windows\system32\Dwm.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 4 000000007708df04 2 bytes [00, B9] .text ... * 2 .text C:\Windows\system32\Dwm.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007708e0f0 3 bytes [48, 33, C0] .text C:\Windows\system32\Dwm.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort + 4 000000007708e0f4 2 bytes [30, 86] .text ... * 2 .text C:\Windows\system32\Dwm.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007708e100 3 bytes [48, 33, C0] .text C:\Windows\system32\Dwm.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort + 4 000000007708e104 2 bytes [F0, 84] .text ... * 2 .text C:\Windows\system32\Dwm.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007708e200 3 bytes [48, 33, C0] .text C:\Windows\system32\Dwm.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 4 000000007708e204 2 bytes [00, AF] .text ... * 2 .text C:\Windows\system32\Dwm.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007708e230 3 bytes [48, 33, C0] .text C:\Windows\system32\Dwm.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject + 4 000000007708e234 2 bytes [30, 95] .text ... * 2 .text C:\Windows\system32\Dwm.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007708e2d0 3 bytes [48, 33, C0] .text C:\Windows\system32\Dwm.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort + 4 000000007708e2d4 2 bytes [80, 8C] .text ... * 2 .text C:\Windows\system32\Dwm.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007708e380 3 bytes [48, 33, C0] .text C:\Windows\system32\Dwm.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 4 000000007708e384 2 bytes [70, 7F] .text ... * 2 .text C:\Windows\system32\Dwm.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007708e3b0 3 bytes [48, 33, C0] .text C:\Windows\system32\Dwm.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort + 4 000000007708e3b4 2 bytes [20, 8B] .text ... * 2 .text C:\Windows\system32\Dwm.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 000000007708e3d0 3 bytes [48, 33, C0] .text C:\Windows\system32\Dwm.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 4 000000007708e3d4 2 bytes [F0, 9E] .text ... * 2 .text C:\Windows\system32\Dwm.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007708e420 3 bytes [48, 33, C0] .text C:\Windows\system32\Dwm.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject + 4 000000007708e424 2 bytes [50, A3] .text ... * 2 .text C:\Windows\system32\Dwm.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007708e430 3 bytes [48, 33, C0] .text C:\Windows\system32\Dwm.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 4 000000007708e434 2 bytes [F0, 98] .text ... * 2 .text C:\Windows\system32\Dwm.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007708e480 3 bytes [48, 33, C0] .text C:\Windows\system32\Dwm.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess + 4 000000007708e484 2 bytes [80, 93] .text ... * 2 .text C:\Windows\system32\Dwm.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile 000000007708e500 3 bytes [48, 33, C0] .text C:\Windows\system32\Dwm.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile + 4 000000007708e504 2 bytes [90, AC] .text ... * 2 .text C:\Windows\system32\Dwm.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtGetNextProcess 000000007708e6c0 3 bytes [48, 33, C0] .text C:\Windows\system32\Dwm.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtGetNextProcess + 4 000000007708e6c4 2 bytes [90, 97] .text ... * 2 .text C:\Windows\system32\Dwm.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtGetNextThread 000000007708e6d0 3 bytes [48, 33, C0] .text C:\Windows\system32\Dwm.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtGetNextThread + 4 000000007708e6d4 2 bytes [30, 9C] .text ... * 2 .text C:\Windows\system32\Dwm.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007708e7a0 3 bytes [48, 33, C0] .text C:\Windows\system32\Dwm.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 4 000000007708e7a4 2 bytes [30, B2] .text ... * 2 .text C:\Windows\system32\Dwm.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtSecureConnectPort 000000007708eea0 3 bytes [48, 33, C0] .text C:\Windows\system32\Dwm.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtSecureConnectPort + 4 000000007708eea4 2 bytes [80, 89] .text ... * 2 .text C:\Windows\system32\Dwm.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007708eee0 3 bytes [48, 33, C0] .text C:\Windows\system32\Dwm.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 4 000000007708eee4 2 bytes [20, A2] .text ... * 2 .text C:\Windows\system32\Dwm.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtSetSecurityObject 000000007708f070 3 bytes [48, 33, C0] .text C:\Windows\system32\Dwm.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtSetSecurityObject + 4 000000007708f074 2 bytes [E0, 90] .text ... * 2 .text C:\Windows\system32\Dwm.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007708f0a0 3 bytes [48, 33, C0] .text C:\Windows\system32\Dwm.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 4 000000007708f0a4 2 bytes [C0, AD] .text ... * 2 .text C:\Windows\system32\Dwm.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007708f190 3 bytes [48, 33, C0] .text C:\Windows\system32\Dwm.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 4 000000007708f194 2 bytes [A0, A8] .text ... * 2 .text C:\Windows\system32\Dwm.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007708f1a0 3 bytes [48, 33, C0] .text C:\Windows\system32\Dwm.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 4 000000007708f1a4 2 bytes [00, A6] .text C:\Windows\system32\Dwm.exe[3508] C:\Windows\system32\GDI32.dll!BitBlt + 240 000007feff2e25b0 3 bytes [48, 33, C0] .text C:\Windows\system32\Dwm.exe[3508] C:\Windows\system32\GDI32.dll!BitBlt + 244 000007feff2e25b4 2 bytes [10, 50] .text ... * 2 .text C:\Windows\system32\Dwm.exe[3508] C:\Windows\system32\GDI32.dll!GdiAlphaBlend + 256 000007feff2e3f10 3 bytes [48, 33, C0] .text C:\Windows\system32\Dwm.exe[3508] C:\Windows\system32\GDI32.dll!GdiAlphaBlend + 260 000007feff2e3f14 2 bytes [10, 42] .text ... * 2 .text C:\Windows\system32\Dwm.exe[3508] C:\Windows\system32\GDI32.dll!StretchBlt + 248 000007feff2ebae0 3 bytes [48, 33, C0] .text C:\Windows\system32\Dwm.exe[3508] C:\Windows\system32\GDI32.dll!StretchBlt + 252 000007feff2ebae4 2 bytes [70, 48] .text ... * 2 .text C:\Windows\system32\Dwm.exe[3508] C:\Windows\system32\GDI32.dll!PlgBlt + 256 000007feff2ec9f0 3 bytes [48, 33, C0] .text C:\Windows\system32\Dwm.exe[3508] C:\Windows\system32\GDI32.dll!PlgBlt + 260 000007feff2ec9f4 2 bytes [80, 45] .text ... * 2 .text C:\Windows\system32\Dwm.exe[3508] C:\Windows\system32\GDI32.dll!GdiTransparentBlt + 288 000007feff2f55a0 3 bytes [48, 33, C0] .text C:\Windows\system32\Dwm.exe[3508] C:\Windows\system32\GDI32.dll!GdiTransparentBlt + 292 000007feff2f55a4 2 bytes [D0, 43] .text C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.148966.0\BavTray.exe[3780] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007725f33b 6 bytes JMP 71af000a .text C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.148966.0\BavTray.exe[3780] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000075488781 8 bytes [33, C0, 90, 90, C2, 04, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll + 154 0000000077066e5a 4 bytes {CALL 0xffffffff88ff91a7} .text C:\Windows\system32\SearchIndexer.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtDeviceIoControlFile 000000007708da20 3 bytes [48, 33, C0] .text C:\Windows\system32\SearchIndexer.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtDeviceIoControlFile + 4 000000007708da24 2 bytes [90, B0] .text ... * 2 .text C:\Windows\system32\SearchIndexer.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000000007708db30 3 bytes [48, 33, C0] .text C:\Windows\system32\SearchIndexer.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory + 4 000000007708db34 2 bytes [10, 8E] .text ... * 2 .text C:\Windows\system32\SearchIndexer.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000000007708db90 3 bytes [48, 33, C0] .text C:\Windows\system32\SearchIndexer.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory + 4 000000007708db94 2 bytes [A0, 83] .text ... * 2 .text C:\Windows\system32\SearchIndexer.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtRequestWaitReplyPort 000000007708dbd0 3 bytes [48, 33, C0] .text C:\Windows\system32\SearchIndexer.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtRequestWaitReplyPort + 4 000000007708dbd4 2 bytes [70, B6] .text ... * 2 .text C:\Windows\system32\SearchIndexer.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007708dc10 3 bytes [48, 33, C0] .text C:\Windows\system32\SearchIndexer.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 4 000000007708dc14 2 bytes [B0, B7] .text ... * 2 .text C:\Windows\system32\SearchIndexer.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007708dc20 3 bytes [48, 33, C0] .text C:\Windows\system32\SearchIndexer.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 4 000000007708dc24 2 bytes [10, BC] .text ... * 2 .text C:\Windows\system32\SearchIndexer.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007708dc30 3 bytes [48, 33, C0] .text C:\Windows\system32\SearchIndexer.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 4 000000007708dc34 2 bytes [00, 82] .text ... * 2 .text C:\Windows\system32\SearchIndexer.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007708dc50 3 bytes [48, 33, C0] .text C:\Windows\system32\SearchIndexer.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 4 000000007708dc54 2 bytes [60, 96] .text ... * 2 .text C:\Windows\system32\SearchIndexer.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007708dc70 3 bytes [48, 33, C0] .text C:\Windows\system32\SearchIndexer.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 4 000000007708dc74 2 bytes [70, BD] .text ... * 2 .text C:\Windows\system32\SearchIndexer.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007708dd20 3 bytes [48, 33, C0] .text C:\Windows\system32\SearchIndexer.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 4 000000007708dd24 2 bytes [50, AB] .text ... * 2 .text C:\Windows\system32\SearchIndexer.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtFsControlFile 000000007708dd40 3 bytes [48, 33, C0] .text C:\Windows\system32\SearchIndexer.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtFsControlFile + 4 000000007708dd44 2 bytes [E0, 87] .text ... * 2 .text C:\Windows\system32\SearchIndexer.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007708dd50 3 bytes [48, 33, C0] .text C:\Windows\system32\SearchIndexer.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 4 000000007708dd54 2 bytes [B0, BA] .text ... * 2 .text C:\Windows\system32\SearchIndexer.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007708dd70 3 bytes [48, 33, C0] .text C:\Windows\system32\SearchIndexer.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 4 000000007708dd74 2 bytes [60, B3] .text ... * 2 .text C:\Windows\system32\SearchIndexer.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtReadVirtualMemory 000000007708dda0 3 bytes [48, 33, C0] .text C:\Windows\system32\SearchIndexer.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtReadVirtualMemory + 4 000000007708dda4 2 bytes [80, 8F] .text ... * 2 .text C:\Windows\system32\SearchIndexer.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007708de00 3 bytes [48, 33, C0] .text C:\Windows\system32\SearchIndexer.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 4 000000007708de04 2 bytes [20, 92] .text ... * 2 .text C:\Windows\system32\SearchIndexer.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007708de50 3 bytes [48, 33, C0] .text C:\Windows\system32\SearchIndexer.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 4 000000007708de54 2 bytes [D0, A9] .text ... * 2 .text C:\Windows\system32\SearchIndexer.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 000000007708de80 3 bytes [48, 33, C0] .text C:\Windows\system32\SearchIndexer.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 4 000000007708de84 2 bytes [80, A0] .text ... * 2 .text C:\Windows\system32\SearchIndexer.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007708de90 3 bytes [48, 33, C0] .text C:\Windows\system32\SearchIndexer.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 4 000000007708de94 2 bytes [A0, 9A] .text ... * 2 .text C:\Windows\system32\SearchIndexer.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000000007708deb0 3 bytes [48, 33, C0] .text C:\Windows\system32\SearchIndexer.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 4 000000007708deb4 2 bytes [A0, A4] .text ... * 2 .text C:\Windows\system32\SearchIndexer.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007708dee0 3 bytes [48, 33, C0] .text C:\Windows\system32\SearchIndexer.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread + 4 000000007708dee4 2 bytes [70, A7] .text ... * 2 .text C:\Windows\system32\SearchIndexer.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007708df00 3 bytes [48, 33, C0] .text C:\Windows\system32\SearchIndexer.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 4 000000007708df04 2 bytes [00, B9] .text ... * 2 .text C:\Windows\system32\SearchIndexer.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007708e0f0 3 bytes [48, 33, C0] .text C:\Windows\system32\SearchIndexer.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort + 4 000000007708e0f4 2 bytes [30, 86] .text ... * 2 .text C:\Windows\system32\SearchIndexer.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007708e100 3 bytes [48, 33, C0] .text C:\Windows\system32\SearchIndexer.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort + 4 000000007708e104 2 bytes [F0, 84] .text ... * 2 .text C:\Windows\system32\SearchIndexer.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007708e200 3 bytes [48, 33, C0] .text C:\Windows\system32\SearchIndexer.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 4 000000007708e204 2 bytes [00, AF] .text ... * 2 .text C:\Windows\system32\SearchIndexer.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007708e230 3 bytes [48, 33, C0] .text C:\Windows\system32\SearchIndexer.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject + 4 000000007708e234 2 bytes [30, 95] .text ... * 2 .text C:\Windows\system32\SearchIndexer.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007708e2d0 3 bytes [48, 33, C0] .text C:\Windows\system32\SearchIndexer.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort + 4 000000007708e2d4 2 bytes [80, 8C] .text ... * 2 .text C:\Windows\system32\SearchIndexer.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007708e380 3 bytes [48, 33, C0] .text C:\Windows\system32\SearchIndexer.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 4 000000007708e384 2 bytes [70, 7F] .text ... * 2 .text C:\Windows\system32\SearchIndexer.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007708e3b0 3 bytes [48, 33, C0] .text C:\Windows\system32\SearchIndexer.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort + 4 000000007708e3b4 2 bytes [20, 8B] .text ... * 2 .text C:\Windows\system32\SearchIndexer.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 000000007708e3d0 3 bytes [48, 33, C0] .text C:\Windows\system32\SearchIndexer.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 4 000000007708e3d4 2 bytes [F0, 9E] .text ... * 2 .text C:\Windows\system32\SearchIndexer.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007708e420 3 bytes [48, 33, C0] .text C:\Windows\system32\SearchIndexer.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject + 4 000000007708e424 2 bytes [50, A3] .text ... * 2 .text C:\Windows\system32\SearchIndexer.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007708e430 3 bytes [48, 33, C0] .text C:\Windows\system32\SearchIndexer.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 4 000000007708e434 2 bytes [F0, 98] .text ... * 2 .text C:\Windows\system32\SearchIndexer.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007708e480 3 bytes [48, 33, C0] .text C:\Windows\system32\SearchIndexer.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess + 4 000000007708e484 2 bytes [80, 93] .text ... * 2 .text C:\Windows\system32\SearchIndexer.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile 000000007708e500 3 bytes [48, 33, C0] .text C:\Windows\system32\SearchIndexer.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile + 4 000000007708e504 2 bytes [90, AC] .text ... * 2 .text C:\Windows\system32\SearchIndexer.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtGetNextProcess 000000007708e6c0 3 bytes [48, 33, C0] .text C:\Windows\system32\SearchIndexer.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtGetNextProcess + 4 000000007708e6c4 2 bytes [90, 97] .text ... * 2 .text C:\Windows\system32\SearchIndexer.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtGetNextThread 000000007708e6d0 3 bytes [48, 33, C0] .text C:\Windows\system32\SearchIndexer.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtGetNextThread + 4 000000007708e6d4 2 bytes [30, 9C] .text ... * 2 .text C:\Windows\system32\SearchIndexer.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007708e7a0 3 bytes [48, 33, C0] .text C:\Windows\system32\SearchIndexer.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 4 000000007708e7a4 2 bytes [30, B2] .text ... * 2 .text C:\Windows\system32\SearchIndexer.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtSecureConnectPort 000000007708eea0 3 bytes [48, 33, C0] .text C:\Windows\system32\SearchIndexer.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtSecureConnectPort + 4 000000007708eea4 2 bytes [80, 89] .text ... * 2 .text C:\Windows\system32\SearchIndexer.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007708eee0 3 bytes [48, 33, C0] .text C:\Windows\system32\SearchIndexer.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 4 000000007708eee4 2 bytes [20, A2] .text ... * 2 .text C:\Windows\system32\SearchIndexer.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtSetSecurityObject 000000007708f070 3 bytes [48, 33, C0] .text C:\Windows\system32\SearchIndexer.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtSetSecurityObject + 4 000000007708f074 2 bytes [E0, 90] .text ... * 2 .text C:\Windows\system32\SearchIndexer.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007708f0a0 3 bytes [48, 33, C0] .text C:\Windows\system32\SearchIndexer.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 4 000000007708f0a4 2 bytes [C0, AD] .text ... * 2 .text C:\Windows\system32\SearchIndexer.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007708f190 3 bytes [48, 33, C0] .text C:\Windows\system32\SearchIndexer.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 4 000000007708f194 2 bytes [A0, A8] .text ... * 2 .text C:\Windows\system32\SearchIndexer.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007708f1a0 3 bytes [48, 33, C0] .text C:\Windows\system32\SearchIndexer.exe[2304] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 4 000000007708f1a4 2 bytes [00, A6] .text C:\Windows\system32\SearchIndexer.exe[2304] C:\Windows\system32\USER32.dll!SwitchDesktopWithFade + 16 0000000076e25b80 3 bytes [48, 33, C0] .text C:\Windows\system32\SearchIndexer.exe[2304] C:\Windows\system32\USER32.dll!SwitchDesktopWithFade + 20 0000000076e25b84 2 bytes [E0, 5C] .text ... * 2 .text C:\Windows\system32\SearchIndexer.exe[2304] C:\Windows\system32\USER32.dll!SetWindowPlacement 0000000076e28130 3 bytes [48, 33, C0] .text C:\Windows\system32\SearchIndexer.exe[2304] C:\Windows\system32\USER32.dll!SetWindowPlacement + 4 0000000076e28134 2 bytes [70, 72] .text ... * 2 .text C:\Windows\system32\SearchIndexer.exe[2304] C:\Windows\system32\USER32.dll!SetParent 0000000076e28500 3 bytes [48, 33, C0] .text C:\Windows\system32\SearchIndexer.exe[2304] C:\Windows\system32\USER32.dll!SetParent + 4 0000000076e28504 2 bytes [E0, 77] .text ... * 2 .text C:\Windows\system32\SearchIndexer.exe[2304] C:\Windows\system32\USER32.dll!MoveWindow 0000000076e2aab0 3 bytes [48, 33, C0] .text C:\Windows\system32\SearchIndexer.exe[2304] C:\Windows\system32\USER32.dll!MoveWindow + 4 0000000076e2aab4 2 bytes [20, 75] .text ... * 2 .text C:\Windows\system32\SearchIndexer.exe[2304] C:\Windows\system32\USER32.dll!GetAsyncKeyState + 132 0000000076e2c760 3 bytes [48, 33, C0] .text C:\Windows\system32\SearchIndexer.exe[2304] C:\Windows\system32\USER32.dll!GetAsyncKeyState + 136 0000000076e2c764 2 bytes [70, 60] .text ... * 2 .text C:\Windows\system32\SearchIndexer.exe[2304] C:\Windows\system32\USER32.dll!DestroyWindow 0000000076e2cbc0 3 bytes [48, 33, C0] .text C:\Windows\system32\SearchIndexer.exe[2304] C:\Windows\system32\USER32.dll!DestroyWindow + 4 0000000076e2cbc4 2 bytes [60, 65] .text ... * 2 .text C:\Windows\system32\SearchIndexer.exe[2304] C:\Windows\system32\USER32.dll!SetThreadDesktop + 16 0000000076e2d6e0 3 bytes [48, 33, C0] .text C:\Windows\system32\SearchIndexer.exe[2304] C:\Windows\system32\USER32.dll!SetThreadDesktop + 20 0000000076e2d6e4 2 bytes [10, 7E] .text ... * 2 .text C:\Windows\system32\SearchIndexer.exe[2304] C:\Windows\system32\USER32.dll!PtInRect + 52 0000000076e2dd80 3 bytes [48, 33, C0] .text C:\Windows\system32\SearchIndexer.exe[2304] C:\Windows\system32\USER32.dll!PtInRect + 56 0000000076e2dd84 2 bytes [A0, 61] .text ... * 2 .text C:\Windows\system32\SearchIndexer.exe[2304] C:\Windows\system32\USER32.dll!LookupIconIdFromDirectoryEx + 288 0000000076e2f850 3 bytes [48, 33, C0] .text C:\Windows\system32\SearchIndexer.exe[2304] C:\Windows\system32\USER32.dll!LookupIconIdFromDirectoryEx + 292 0000000076e2f854 2 bytes [A0, 6A] .text ... * 2 .text C:\Windows\system32\SearchIndexer.exe[2304] C:\Windows\system32\USER32.dll!ShowWindow 0000000076e31910 3 bytes [48, 33, C0] .text C:\Windows\system32\SearchIndexer.exe[2304] C:\Windows\system32\USER32.dll!ShowWindow + 4 0000000076e31914 2 bytes [40, 71] .text ... * 2 .text C:\Windows\system32\SearchIndexer.exe[2304] C:\Windows\system32\USER32.dll!ClientToScreen + 100 0000000076e332f0 3 bytes [48, 33, C0] .text C:\Windows\system32\SearchIndexer.exe[2304] C:\Windows\system32\USER32.dll!ClientToScreen + 104 0000000076e332f4 2 bytes [90, 76] .text ... * 2 .text C:\Windows\system32\SearchIndexer.exe[2304] C:\Windows\system32\USER32.dll!SetWindowPos 0000000076e33c30 3 bytes [48, 33, C0] .text C:\Windows\system32\SearchIndexer.exe[2304] C:\Windows\system32\USER32.dll!SetWindowPos + 4 0000000076e33c34 2 bytes [A0, 73] .text ... * 2 .text C:\Windows\system32\SearchIndexer.exe[2304] C:\Windows\system32\USER32.dll!SetWinEventHook + 212 0000000076e34e10 3 bytes [48, 33, C0] .text C:\Windows\system32\SearchIndexer.exe[2304] C:\Windows\system32\USER32.dll!SetWinEventHook + 216 0000000076e34e14 2 bytes [10, 6C] .text ... * 2 .text C:\Windows\system32\SearchIndexer.exe[2304] C:\Windows\system32\USER32.dll!GetForegroundWindow 0000000076e35ab0 3 bytes [48, 33, C0] .text C:\Windows\system32\SearchIndexer.exe[2304] C:\Windows\system32\USER32.dll!GetForegroundWindow + 4 0000000076e35ab4 2 bytes [40, 7A] .text ... * 2 .text C:\Windows\system32\SearchIndexer.exe[2304] C:\Windows\system32\USER32.dll!IsDialogMessageW + 400 0000000076e36860 3 bytes [48, 33, C0] .text C:\Windows\system32\SearchIndexer.exe[2304] C:\Windows\system32\USER32.dll!IsDialogMessageW + 404 0000000076e36864 2 bytes [90, 66] .text ... * 2 .text C:\Windows\system32\SearchIndexer.exe[2304] C:\Windows\system32\USER32.dll!SetWindowLongPtrW + 20 0000000076e37710 3 bytes [48, 33, C0] .text C:\Windows\system32\SearchIndexer.exe[2304] C:\Windows\system32\USER32.dll!SetWindowLongPtrW + 24 0000000076e37714 2 bytes [10, 68] .text ... * 2 .text C:\Windows\system32\SearchIndexer.exe[2304] C:\Windows\system32\USER32.dll!SetScrollInfo + 368 0000000076e37ef0 3 bytes [48, 33, C0] .text C:\Windows\system32\SearchIndexer.exe[2304] C:\Windows\system32\USER32.dll!SetScrollInfo + 372 0000000076e37ef4 2 bytes [60, 7B] .text ... * 2 .text C:\Windows\system32\SearchIndexer.exe[2304] C:\Windows\system32\USER32.dll!PeekMessageW + 176 0000000076e390c0 3 bytes [48, 33, C0] .text C:\Windows\system32\SearchIndexer.exe[2304] C:\Windows\system32\USER32.dll!PeekMessageW + 180 0000000076e390c4 2 bytes [C0, 51] .text ... * 2 .text C:\Windows\system32\SearchIndexer.exe[2304] C:\Windows\system32\USER32.dll!SfmDxSetSwapChainStats + 16 0000000076e39e90 3 bytes [48, 33, C0] .text C:\Windows\system32\SearchIndexer.exe[2304] C:\Windows\system32\USER32.dll!SfmDxSetSwapChainStats + 20 0000000076e39e94 2 bytes [20, 53] .text ... * 2 .text C:\Windows\system32\SearchIndexer.exe[2304] C:\Windows\system32\USER32.dll!GetKeyboardState 0000000076e48a10 3 bytes [48, 33, C0] .text C:\Windows\system32\SearchIndexer.exe[2304] C:\Windows\system32\USER32.dll!GetKeyboardState + 4 0000000076e48a14 2 bytes [40, 5F] .text ... * 2 .text C:\Windows\system32\SearchIndexer.exe[2304] C:\Windows\system32\USER32.dll!WindowFromPoint 0000000076e48bc0 3 bytes [48, 33, C0] .text C:\Windows\system32\SearchIndexer.exe[2304] C:\Windows\system32\USER32.dll!WindowFromPoint + 4 0000000076e48bc4 2 bytes [10, 79] .text ... * 2 .text C:\Windows\system32\SearchIndexer.exe[2304] C:\Windows\system32\USER32.dll!SendInput 0000000076e48cd0 3 bytes [48, 33, C0] .text C:\Windows\system32\SearchIndexer.exe[2304] C:\Windows\system32\USER32.dll!SendInput + 4 0000000076e48cd4 2 bytes [D0, 6E] .text ... * 2 .text C:\Windows\system32\SearchIndexer.exe[2304] C:\Windows\system32\USER32.dll!IsHungAppWindow + 52 0000000076e48f20 3 bytes [48, 33, C0] .text C:\Windows\system32\SearchIndexer.exe[2304] C:\Windows\system32\USER32.dll!IsHungAppWindow + 56 0000000076e48f24 2 bytes [10, 50] .text ... * 11 .text C:\Windows\system32\SearchIndexer.exe[2304] C:\Windows\system32\USER32.dll!ExcludeUpdateRgn + 336 0000000076e49210 3 bytes [48, 33, C0] .text C:\Windows\system32\SearchIndexer.exe[2304] C:\Windows\system32\USER32.dll!ExcludeUpdateRgn + 340 0000000076e49214 2 bytes [10, 42] .text ... * 5 .text C:\Windows\system32\SearchIndexer.exe[2304] C:\Windows\system32\USER32.dll!ShowWindowAsync 0000000076e496e0 3 bytes [48, 33, C0] .text C:\Windows\system32\SearchIndexer.exe[2304] C:\Windows\system32\USER32.dll!ShowWindowAsync + 4 0000000076e496e4 2 bytes [10, 70] .text ... * 2 .text C:\Windows\system32\SearchIndexer.exe[2304] C:\Windows\system32\USER32.dll!BlockInput 0000000076e4ad50 3 bytes [48, 33, C0] .text C:\Windows\system32\SearchIndexer.exe[2304] C:\Windows\system32\USER32.dll!BlockInput + 4 0000000076e4ad54 2 bytes [70, 5A] .text ... * 2 .text C:\Windows\system32\SearchIndexer.exe[2304] C:\Windows\system32\USER32.dll!ClipCursor 0000000076e4ada0 3 bytes [48, 33, C0] .text C:\Windows\system32\SearchIndexer.exe[2304] C:\Windows\system32\USER32.dll!ClipCursor + 4 0000000076e4ada4 2 bytes [A0, 6D] .text ... * 2 .text C:\Windows\system32\SearchIndexer.exe[2304] C:\Windows\system32\USER32.dll!GetGuiResources + 32 0000000076e4af40 3 bytes [48, 33, C0] .text C:\Windows\system32\SearchIndexer.exe[2304] C:\Windows\system32\USER32.dll!GetGuiResources + 36 0000000076e4af44 2 bytes [30, 64] .text ... * 2 .text C:\Windows\system32\SearchIndexer.exe[2304] C:\Windows\system32\USER32.dll!GetRawInputData 0000000076e4aff0 3 bytes [48, 33, C0] .text C:\Windows\system32\SearchIndexer.exe[2304] C:\Windows\system32\USER32.dll!GetRawInputData + 4 0000000076e4aff4 2 bytes [D0, 62] .text ... * 2 .text C:\Windows\system32\SearchIndexer.exe[2304] C:\Windows\system32\USER32.dll!PrintWindow 0000000076e4b170 3 bytes [48, 33, C0] .text C:\Windows\system32\SearchIndexer.exe[2304] C:\Windows\system32\USER32.dll!PrintWindow + 4 0000000076e4b174 2 bytes [60, 69] .text C:\Windows\system32\SearchIndexer.exe[2304] C:\Windows\system32\GDI32.dll!BitBlt + 240 000007feff2e25b0 3 bytes [48, 33, C0] .text C:\Windows\system32\SearchIndexer.exe[2304] C:\Windows\system32\GDI32.dll!BitBlt + 244 000007feff2e25b4 2 bytes [10, 50] .text ... * 2 .text C:\Windows\system32\SearchIndexer.exe[2304] C:\Windows\system32\GDI32.dll!GdiAlphaBlend + 256 000007feff2e3f10 3 bytes [48, 33, C0] .text C:\Windows\system32\SearchIndexer.exe[2304] C:\Windows\system32\GDI32.dll!GdiAlphaBlend + 260 000007feff2e3f14 2 bytes [10, 42] .text ... * 2 .text C:\Windows\system32\SearchIndexer.exe[2304] C:\Windows\system32\GDI32.dll!StretchBlt + 248 000007feff2ebae0 3 bytes [48, 33, C0] .text C:\Windows\system32\SearchIndexer.exe[2304] C:\Windows\system32\GDI32.dll!StretchBlt + 252 000007feff2ebae4 2 bytes [70, 48] .text ... * 2 .text C:\Windows\system32\SearchIndexer.exe[2304] C:\Windows\system32\GDI32.dll!PlgBlt + 256 000007feff2ec9f0 3 bytes [48, 33, C0] .text C:\Windows\system32\SearchIndexer.exe[2304] C:\Windows\system32\GDI32.dll!PlgBlt + 260 000007feff2ec9f4 2 bytes [80, 45] .text ... * 2 .text C:\Windows\system32\SearchIndexer.exe[2304] C:\Windows\system32\GDI32.dll!GdiTransparentBlt + 288 000007feff2f55a0 3 bytes [48, 33, C0] .text C:\Windows\system32\SearchIndexer.exe[2304] C:\Windows\system32\GDI32.dll!GdiTransparentBlt + 292 000007feff2f55a4 2 bytes [D0, 43] .text C:\Windows\System32\svchost.exe[4856] C:\Windows\system32\USER32.dll!SwitchDesktopWithFade + 16 0000000076e25b80 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[4856] C:\Windows\system32\USER32.dll!SwitchDesktopWithFade + 20 0000000076e25b84 2 bytes [E0, 5C] .text ... * 2 .text C:\Windows\System32\svchost.exe[4856] C:\Windows\system32\USER32.dll!SetWindowPlacement 0000000076e28130 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[4856] C:\Windows\system32\USER32.dll!SetWindowPlacement + 4 0000000076e28134 2 bytes [70, 72] .text ... * 2 .text C:\Windows\System32\svchost.exe[4856] C:\Windows\system32\USER32.dll!SetParent 0000000076e28500 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[4856] C:\Windows\system32\USER32.dll!SetParent + 4 0000000076e28504 2 bytes [E0, 77] .text ... * 2 .text C:\Windows\System32\svchost.exe[4856] C:\Windows\system32\USER32.dll!MoveWindow 0000000076e2aab0 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[4856] C:\Windows\system32\USER32.dll!MoveWindow + 4 0000000076e2aab4 2 bytes [20, 75] .text ... * 2 .text C:\Windows\System32\svchost.exe[4856] C:\Windows\system32\USER32.dll!GetAsyncKeyState + 132 0000000076e2c760 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[4856] C:\Windows\system32\USER32.dll!GetAsyncKeyState + 136 0000000076e2c764 2 bytes [70, 60] .text ... * 2 .text C:\Windows\System32\svchost.exe[4856] C:\Windows\system32\USER32.dll!DestroyWindow 0000000076e2cbc0 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[4856] C:\Windows\system32\USER32.dll!DestroyWindow + 4 0000000076e2cbc4 2 bytes [60, 65] .text ... * 2 .text C:\Windows\System32\svchost.exe[4856] C:\Windows\system32\USER32.dll!SetThreadDesktop + 16 0000000076e2d6e0 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[4856] C:\Windows\system32\USER32.dll!SetThreadDesktop + 20 0000000076e2d6e4 2 bytes [10, 7E] .text ... * 2 .text C:\Windows\System32\svchost.exe[4856] C:\Windows\system32\USER32.dll!PtInRect + 52 0000000076e2dd80 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[4856] C:\Windows\system32\USER32.dll!PtInRect + 56 0000000076e2dd84 2 bytes [A0, 61] .text ... * 2 .text C:\Windows\System32\svchost.exe[4856] C:\Windows\system32\USER32.dll!LookupIconIdFromDirectoryEx + 288 0000000076e2f850 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[4856] C:\Windows\system32\USER32.dll!LookupIconIdFromDirectoryEx + 292 0000000076e2f854 2 bytes [A0, 6A] .text ... * 2 .text C:\Windows\System32\svchost.exe[4856] C:\Windows\system32\USER32.dll!ShowWindow 0000000076e31910 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[4856] C:\Windows\system32\USER32.dll!ShowWindow + 4 0000000076e31914 2 bytes [40, 71] .text ... * 2 .text C:\Windows\System32\svchost.exe[4856] C:\Windows\system32\USER32.dll!ClientToScreen + 100 0000000076e332f0 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[4856] C:\Windows\system32\USER32.dll!ClientToScreen + 104 0000000076e332f4 2 bytes [90, 76] .text ... * 2 .text C:\Windows\System32\svchost.exe[4856] C:\Windows\system32\USER32.dll!SetWindowPos 0000000076e33c30 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[4856] C:\Windows\system32\USER32.dll!SetWindowPos + 4 0000000076e33c34 2 bytes [A0, 73] .text ... * 2 .text C:\Windows\System32\svchost.exe[4856] C:\Windows\system32\USER32.dll!SetWinEventHook + 212 0000000076e34e10 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[4856] C:\Windows\system32\USER32.dll!SetWinEventHook + 216 0000000076e34e14 2 bytes [10, 6C] .text ... * 2 .text C:\Windows\System32\svchost.exe[4856] C:\Windows\system32\USER32.dll!GetForegroundWindow 0000000076e35ab0 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[4856] C:\Windows\system32\USER32.dll!GetForegroundWindow + 4 0000000076e35ab4 2 bytes [40, 7A] .text ... * 2 .text C:\Windows\System32\svchost.exe[4856] C:\Windows\system32\USER32.dll!IsDialogMessageW + 400 0000000076e36860 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[4856] C:\Windows\system32\USER32.dll!IsDialogMessageW + 404 0000000076e36864 2 bytes [90, 66] .text ... * 2 .text C:\Windows\System32\svchost.exe[4856] C:\Windows\system32\USER32.dll!SetWindowLongPtrW + 20 0000000076e37710 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[4856] C:\Windows\system32\USER32.dll!SetWindowLongPtrW + 24 0000000076e37714 2 bytes [10, 68] .text ... * 2 .text C:\Windows\System32\svchost.exe[4856] C:\Windows\system32\USER32.dll!SetScrollInfo + 368 0000000076e37ef0 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[4856] C:\Windows\system32\USER32.dll!SetScrollInfo + 372 0000000076e37ef4 2 bytes [60, 7B] .text ... * 2 .text C:\Windows\System32\svchost.exe[4856] C:\Windows\system32\USER32.dll!PeekMessageW + 176 0000000076e390c0 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[4856] C:\Windows\system32\USER32.dll!PeekMessageW + 180 0000000076e390c4 2 bytes [C0, 51] .text ... * 2 .text C:\Windows\System32\svchost.exe[4856] C:\Windows\system32\USER32.dll!SfmDxSetSwapChainStats + 16 0000000076e39e90 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[4856] C:\Windows\system32\USER32.dll!SfmDxSetSwapChainStats + 20 0000000076e39e94 2 bytes [20, 53] .text ... * 2 .text C:\Windows\System32\svchost.exe[4856] C:\Windows\system32\USER32.dll!GetKeyboardState 0000000076e48a10 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[4856] C:\Windows\system32\USER32.dll!GetKeyboardState + 4 0000000076e48a14 2 bytes [40, 5F] .text ... * 2 .text C:\Windows\System32\svchost.exe[4856] C:\Windows\system32\USER32.dll!WindowFromPoint 0000000076e48bc0 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[4856] C:\Windows\system32\USER32.dll!WindowFromPoint + 4 0000000076e48bc4 2 bytes [10, 79] .text ... * 2 .text C:\Windows\System32\svchost.exe[4856] C:\Windows\system32\USER32.dll!SendInput 0000000076e48cd0 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[4856] C:\Windows\system32\USER32.dll!SendInput + 4 0000000076e48cd4 2 bytes [D0, 6E] .text ... * 2 .text C:\Windows\System32\svchost.exe[4856] C:\Windows\system32\USER32.dll!IsHungAppWindow + 52 0000000076e48f20 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[4856] C:\Windows\system32\USER32.dll!IsHungAppWindow + 56 0000000076e48f24 2 bytes [10, 50] .text ... * 11 .text C:\Windows\System32\svchost.exe[4856] C:\Windows\system32\USER32.dll!ExcludeUpdateRgn + 336 0000000076e49210 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[4856] C:\Windows\system32\USER32.dll!ExcludeUpdateRgn + 340 0000000076e49214 2 bytes [10, 42] .text ... * 5 .text C:\Windows\System32\svchost.exe[4856] C:\Windows\system32\USER32.dll!ShowWindowAsync 0000000076e496e0 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[4856] C:\Windows\system32\USER32.dll!ShowWindowAsync + 4 0000000076e496e4 2 bytes [10, 70] .text ... * 2 .text C:\Windows\System32\svchost.exe[4856] C:\Windows\system32\USER32.dll!BlockInput 0000000076e4ad50 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[4856] C:\Windows\system32\USER32.dll!BlockInput + 4 0000000076e4ad54 2 bytes [70, 5A] .text ... * 2 .text C:\Windows\System32\svchost.exe[4856] C:\Windows\system32\USER32.dll!ClipCursor 0000000076e4ada0 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[4856] C:\Windows\system32\USER32.dll!ClipCursor + 4 0000000076e4ada4 2 bytes [A0, 6D] .text ... * 2 .text C:\Windows\System32\svchost.exe[4856] C:\Windows\system32\USER32.dll!GetGuiResources + 32 0000000076e4af40 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[4856] C:\Windows\system32\USER32.dll!GetGuiResources + 36 0000000076e4af44 2 bytes [30, 64] .text ... * 2 .text C:\Windows\System32\svchost.exe[4856] C:\Windows\system32\USER32.dll!GetRawInputData 0000000076e4aff0 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[4856] C:\Windows\system32\USER32.dll!GetRawInputData + 4 0000000076e4aff4 2 bytes [D0, 62] .text ... * 2 .text C:\Windows\System32\svchost.exe[4856] C:\Windows\system32\USER32.dll!PrintWindow 0000000076e4b170 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[4856] C:\Windows\system32\USER32.dll!PrintWindow + 4 0000000076e4b174 2 bytes [60, 69] .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll + 154 0000000077066e5a 4 bytes {CALL 0xffffffff88ff91a7} .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\SYSTEM32\ntdll.dll!NtDeviceIoControlFile 000000007708da20 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\SYSTEM32\ntdll.dll!NtDeviceIoControlFile + 4 000000007708da24 2 bytes [90, B0] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000000007708db30 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory + 4 000000007708db34 2 bytes [10, 8E] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000000007708db90 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory + 4 000000007708db94 2 bytes [A0, 83] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\SYSTEM32\ntdll.dll!NtRequestWaitReplyPort 000000007708dbd0 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\SYSTEM32\ntdll.dll!NtRequestWaitReplyPort + 4 000000007708dbd4 2 bytes [70, B6] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007708dc10 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 4 000000007708dc14 2 bytes [B0, B7] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007708dc20 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 4 000000007708dc24 2 bytes [10, BC] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007708dc30 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 4 000000007708dc34 2 bytes [00, 82] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007708dc50 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 4 000000007708dc54 2 bytes [60, 96] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007708dc70 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 4 000000007708dc74 2 bytes [70, BD] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007708dd20 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 4 000000007708dd24 2 bytes [50, AB] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\SYSTEM32\ntdll.dll!NtFsControlFile 000000007708dd40 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\SYSTEM32\ntdll.dll!NtFsControlFile + 4 000000007708dd44 2 bytes [E0, 87] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007708dd50 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 4 000000007708dd54 2 bytes [B0, BA] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007708dd70 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 4 000000007708dd74 2 bytes [60, B3] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\SYSTEM32\ntdll.dll!NtReadVirtualMemory 000000007708dda0 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\SYSTEM32\ntdll.dll!NtReadVirtualMemory + 4 000000007708dda4 2 bytes [80, 8F] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007708de00 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 4 000000007708de04 2 bytes [20, 92] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007708de50 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 4 000000007708de54 2 bytes [D0, A9] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 000000007708de80 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 4 000000007708de84 2 bytes [80, A0] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007708de90 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 4 000000007708de94 2 bytes [A0, 9A] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000000007708deb0 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 4 000000007708deb4 2 bytes [A0, A4] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007708dee0 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread + 4 000000007708dee4 2 bytes [70, A7] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007708df00 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 4 000000007708df04 2 bytes [00, B9] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000000007708dfb0 6 bytes {JMP QWORD [RIP+0x8f92080]} .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007708e0f0 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort + 4 000000007708e0f4 2 bytes [30, 86] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007708e100 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort + 4 000000007708e104 2 bytes [F0, 84] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007708e200 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 4 000000007708e204 2 bytes [00, AF] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007708e230 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject + 4 000000007708e234 2 bytes [30, 95] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007708e2d0 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort + 4 000000007708e2d4 2 bytes [80, 8C] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007708e380 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 4 000000007708e384 2 bytes [70, 7F] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007708e3b0 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort + 4 000000007708e3b4 2 bytes [20, 8B] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 000000007708e3d0 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 4 000000007708e3d4 2 bytes [F0, 9E] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007708e420 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject + 4 000000007708e424 2 bytes [50, A3] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007708e430 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 4 000000007708e434 2 bytes [F0, 98] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007708e480 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess + 4 000000007708e484 2 bytes [80, 93] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile 000000007708e500 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile + 4 000000007708e504 2 bytes [90, AC] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\SYSTEM32\ntdll.dll!NtGetNextProcess 000000007708e6c0 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\SYSTEM32\ntdll.dll!NtGetNextProcess + 4 000000007708e6c4 2 bytes [90, 97] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\SYSTEM32\ntdll.dll!NtGetNextThread 000000007708e6d0 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\SYSTEM32\ntdll.dll!NtGetNextThread + 4 000000007708e6d4 2 bytes [30, 9C] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007708e7a0 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 4 000000007708e7a4 2 bytes [30, B2] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\SYSTEM32\ntdll.dll!NtSecureConnectPort 000000007708eea0 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\SYSTEM32\ntdll.dll!NtSecureConnectPort + 4 000000007708eea4 2 bytes [80, 89] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007708eee0 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 4 000000007708eee4 2 bytes [20, A2] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\SYSTEM32\ntdll.dll!NtSetSecurityObject 000000007708f070 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\SYSTEM32\ntdll.dll!NtSetSecurityObject + 4 000000007708f074 2 bytes [E0, 90] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007708f0a0 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 4 000000007708f0a4 2 bytes [C0, AD] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007708f190 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 4 000000007708f194 2 bytes [A0, A8] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007708f1a0 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 4 000000007708f1a4 2 bytes [00, A6] .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\system32\kernel32.dll!MoveFileExW 0000000076f22b60 6 bytes {JMP QWORD [RIP+0x913d4d0]} .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 354 000007fefd06b022 3 bytes [E8, 4F, 06] .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\system32\USER32.dll!SwitchDesktopWithFade + 16 0000000076e25b80 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\system32\USER32.dll!SwitchDesktopWithFade + 20 0000000076e25b84 2 bytes [E0, 5C] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\system32\USER32.dll!SetWindowPlacement 0000000076e28130 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\system32\USER32.dll!SetWindowPlacement + 4 0000000076e28134 2 bytes [70, 72] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\system32\USER32.dll!SetParent 0000000076e28500 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\system32\USER32.dll!SetParent + 4 0000000076e28504 2 bytes [E0, 77] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\system32\USER32.dll!MoveWindow 0000000076e2aab0 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\system32\USER32.dll!MoveWindow + 4 0000000076e2aab4 2 bytes [20, 75] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\system32\USER32.dll!GetAsyncKeyState + 132 0000000076e2c760 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\system32\USER32.dll!GetAsyncKeyState + 136 0000000076e2c764 2 bytes [70, 60] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\system32\USER32.dll!DestroyWindow 0000000076e2cbc0 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\system32\USER32.dll!DestroyWindow + 4 0000000076e2cbc4 2 bytes [60, 65] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\system32\USER32.dll!SetThreadDesktop + 16 0000000076e2d6e0 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\system32\USER32.dll!SetThreadDesktop + 20 0000000076e2d6e4 2 bytes [10, 7E] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\system32\USER32.dll!PtInRect + 52 0000000076e2dd80 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\system32\USER32.dll!PtInRect + 56 0000000076e2dd84 2 bytes [A0, 61] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\system32\USER32.dll!LookupIconIdFromDirectoryEx + 288 0000000076e2f850 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\system32\USER32.dll!LookupIconIdFromDirectoryEx + 292 0000000076e2f854 2 bytes [A0, 6A] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\system32\USER32.dll!CreateWindowExW 0000000076e30800 6 bytes {JMP QWORD [RIP+0x920f830]} .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\system32\USER32.dll!RegisterClassExW 0000000076e30e8c 6 bytes {JMP QWORD [RIP+0x924f1a4]} .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\system32\USER32.dll!ShowWindow 0000000076e31910 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\system32\USER32.dll!ShowWindow + 4 0000000076e31914 2 bytes [40, 71] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\system32\USER32.dll!ClientToScreen + 100 0000000076e332f0 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\system32\USER32.dll!ClientToScreen + 104 0000000076e332f4 2 bytes [90, 76] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\system32\USER32.dll!SetWindowPos 0000000076e33c30 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\system32\USER32.dll!SetWindowPos + 4 0000000076e33c34 2 bytes [A0, 73] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\system32\USER32.dll!SetWinEventHook + 212 0000000076e34e10 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\system32\USER32.dll!SetWinEventHook + 216 0000000076e34e14 2 bytes [10, 6C] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\system32\USER32.dll!GetForegroundWindow 0000000076e35ab0 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\system32\USER32.dll!GetForegroundWindow + 4 0000000076e35ab4 2 bytes [40, 7A] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\system32\USER32.dll!IsDialogMessageW + 400 0000000076e36860 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\system32\USER32.dll!IsDialogMessageW + 404 0000000076e36864 2 bytes [90, 66] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\system32\USER32.dll!SetWindowLongPtrW + 20 0000000076e37710 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\system32\USER32.dll!SetWindowLongPtrW + 24 0000000076e37714 2 bytes [10, 68] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\system32\USER32.dll!SetScrollInfo + 368 0000000076e37ef0 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\system32\USER32.dll!SetScrollInfo + 372 0000000076e37ef4 2 bytes [60, 7B] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\system32\USER32.dll!PeekMessageW + 176 0000000076e390c0 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\system32\USER32.dll!PeekMessageW + 180 0000000076e390c4 2 bytes [C0, 51] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\system32\USER32.dll!SfmDxSetSwapChainStats + 16 0000000076e39e90 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\system32\USER32.dll!SfmDxSetSwapChainStats + 20 0000000076e39e94 2 bytes [20, 53] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\system32\USER32.dll!GetKeyboardState 0000000076e48a10 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\system32\USER32.dll!GetKeyboardState + 4 0000000076e48a14 2 bytes [40, 5F] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\system32\USER32.dll!WindowFromPoint 0000000076e48bc0 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\system32\USER32.dll!WindowFromPoint + 4 0000000076e48bc4 2 bytes [10, 79] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\system32\USER32.dll!SendInput 0000000076e48cd0 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\system32\USER32.dll!SendInput + 4 0000000076e48cd4 2 bytes [D0, 6E] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\system32\USER32.dll!IsHungAppWindow + 52 0000000076e48f20 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\system32\USER32.dll!IsHungAppWindow + 56 0000000076e48f24 2 bytes [10, 50] .text ... * 11 .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\system32\USER32.dll!ExcludeUpdateRgn + 336 0000000076e49210 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\system32\USER32.dll!ExcludeUpdateRgn + 340 0000000076e49214 2 bytes [10, 42] .text ... * 5 .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\system32\USER32.dll!ShowWindowAsync 0000000076e496e0 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\system32\USER32.dll!ShowWindowAsync + 4 0000000076e496e4 2 bytes [10, 70] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\system32\USER32.dll!BlockInput 0000000076e4ad50 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\system32\USER32.dll!BlockInput + 4 0000000076e4ad54 2 bytes [70, 5A] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\system32\USER32.dll!ClipCursor 0000000076e4ada0 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\system32\USER32.dll!ClipCursor + 4 0000000076e4ada4 2 bytes [A0, 6D] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\system32\USER32.dll!GetGuiResources + 32 0000000076e4af40 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\system32\USER32.dll!GetGuiResources + 36 0000000076e4af44 2 bytes [30, 64] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\system32\USER32.dll!GetRawInputData 0000000076e4aff0 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\system32\USER32.dll!GetRawInputData + 4 0000000076e4aff4 2 bytes [D0, 62] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\system32\USER32.dll!PrintWindow 0000000076e4b170 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\system32\USER32.dll!PrintWindow + 4 0000000076e4b174 2 bytes [60, 69] .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\system32\GDI32.dll!BitBlt + 240 000007feff2e25b0 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\system32\GDI32.dll!BitBlt + 244 000007feff2e25b4 2 bytes [10, 50] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\system32\GDI32.dll!GdiAlphaBlend + 256 000007feff2e3f10 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\system32\GDI32.dll!GdiAlphaBlend + 260 000007feff2e3f14 2 bytes [10, 42] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\system32\GDI32.dll!StretchBlt + 248 000007feff2ebae0 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\system32\GDI32.dll!StretchBlt + 252 000007feff2ebae4 2 bytes [70, 48] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\system32\GDI32.dll!PlgBlt + 256 000007feff2ec9f0 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\system32\GDI32.dll!PlgBlt + 260 000007feff2ec9f4 2 bytes [80, 45] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\system32\GDI32.dll!GdiTransparentBlt + 288 000007feff2f55a0 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\system32\GDI32.dll!GdiTransparentBlt + 292 000007feff2f55a4 2 bytes [D0, 43] .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\system32\advapi32.DLL!RegQueryValueExW 000007fefeaff050 6 bytes JMP 0 .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\system32\shell32.DLL!SHFileOperationW 000007fefd648fe4 6 bytes {JMP QWORD [RIP+0x103704c]} .text C:\Program Files\Internet Explorer\iexplore.exe[4948] C:\Windows\system32\mswsock.dll!WSPStartup 000007fefc588fe0 6 bytes {JMP QWORD [RIP+0x97050]} .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll + 154 0000000077066e5a 4 bytes {CALL 0xffffffff890f91a7} .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!NtDeviceIoControlFile 000000007708da20 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!NtDeviceIoControlFile + 4 000000007708da24 2 bytes [90, B0] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000000007708db30 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory + 4 000000007708db34 2 bytes [10, 8E] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000000007708db90 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory + 4 000000007708db94 2 bytes [A0, 83] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!NtRequestWaitReplyPort 000000007708dbd0 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!NtRequestWaitReplyPort + 4 000000007708dbd4 2 bytes [70, B6] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007708dc10 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 4 000000007708dc14 2 bytes [B0, B7] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007708dc20 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 4 000000007708dc24 2 bytes [10, BC] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007708dc30 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 4 000000007708dc34 2 bytes [00, 82] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007708dc50 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 4 000000007708dc54 2 bytes [60, 96] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007708dc70 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 4 000000007708dc74 2 bytes [70, BD] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007708dd20 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 4 000000007708dd24 2 bytes [50, AB] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!NtFsControlFile 000000007708dd40 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!NtFsControlFile + 4 000000007708dd44 2 bytes [E0, 87] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007708dd50 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 4 000000007708dd54 2 bytes [B0, BA] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007708dd70 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 4 000000007708dd74 2 bytes [60, B3] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!NtReadVirtualMemory 000000007708dda0 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!NtReadVirtualMemory + 4 000000007708dda4 2 bytes [80, 8F] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007708de00 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 4 000000007708de04 2 bytes [20, 92] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007708de50 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 4 000000007708de54 2 bytes [D0, A9] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 000000007708de80 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 4 000000007708de84 2 bytes [80, A0] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007708de90 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 4 000000007708de94 2 bytes [A0, 9A] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000000007708deb0 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 4 000000007708deb4 2 bytes [A0, A4] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007708dee0 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread + 4 000000007708dee4 2 bytes [70, A7] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007708df00 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 4 000000007708df04 2 bytes [00, B9] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000000007708dfb0 6 bytes {JMP QWORD [RIP+0x8f92080]} .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007708e0f0 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort + 4 000000007708e0f4 2 bytes [30, 86] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007708e100 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort + 4 000000007708e104 2 bytes [F0, 84] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007708e200 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 4 000000007708e204 2 bytes [00, AF] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007708e230 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject + 4 000000007708e234 2 bytes [30, 95] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007708e2d0 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort + 4 000000007708e2d4 2 bytes [80, 8C] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007708e380 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 4 000000007708e384 2 bytes [70, 7F] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007708e3b0 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort + 4 000000007708e3b4 2 bytes [20, 8B] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 000000007708e3d0 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 4 000000007708e3d4 2 bytes [F0, 9E] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007708e420 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject + 4 000000007708e424 2 bytes [50, A3] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007708e430 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 4 000000007708e434 2 bytes [F0, 98] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007708e480 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess + 4 000000007708e484 2 bytes [80, 93] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile 000000007708e500 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile + 4 000000007708e504 2 bytes [90, AC] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!NtGetNextProcess 000000007708e6c0 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!NtGetNextProcess + 4 000000007708e6c4 2 bytes [90, 97] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!NtGetNextThread 000000007708e6d0 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!NtGetNextThread + 4 000000007708e6d4 2 bytes [30, 9C] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007708e7a0 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 4 000000007708e7a4 2 bytes [30, B2] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!NtSecureConnectPort 000000007708eea0 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!NtSecureConnectPort + 4 000000007708eea4 2 bytes [80, 89] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007708eee0 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 4 000000007708eee4 2 bytes [20, A2] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!NtSetSecurityObject 000000007708f070 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!NtSetSecurityObject + 4 000000007708f074 2 bytes [E0, 90] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007708f0a0 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 4 000000007708f0a4 2 bytes [C0, AD] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007708f190 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 4 000000007708f194 2 bytes [A0, A8] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007708f1a0 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 4 000000007708f1a4 2 bytes [00, A6] .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\system32\kernel32.dll!MoveFileExW 0000000076f22b60 6 bytes {JMP QWORD [RIP+0x913d4d0]} .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 354 000007fefd06b022 3 bytes [E8, 4F, 06] .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\system32\USER32.dll!SwitchDesktopWithFade + 16 0000000076e25b80 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\system32\USER32.dll!SwitchDesktopWithFade + 20 0000000076e25b84 2 bytes [E0, 5C] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\system32\USER32.dll!SetWindowPlacement 0000000076e28130 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\system32\USER32.dll!SetWindowPlacement + 4 0000000076e28134 2 bytes [70, 72] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\system32\USER32.dll!SetParent 0000000076e28500 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\system32\USER32.dll!SetParent + 4 0000000076e28504 2 bytes [E0, 77] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\system32\USER32.dll!MoveWindow 0000000076e2aab0 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\system32\USER32.dll!MoveWindow + 4 0000000076e2aab4 2 bytes [20, 75] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\system32\USER32.dll!GetAsyncKeyState + 132 0000000076e2c760 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\system32\USER32.dll!GetAsyncKeyState + 136 0000000076e2c764 2 bytes [70, 60] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\system32\USER32.dll!DestroyWindow 0000000076e2cbc0 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\system32\USER32.dll!DestroyWindow + 4 0000000076e2cbc4 2 bytes [60, 65] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\system32\USER32.dll!SetThreadDesktop + 16 0000000076e2d6e0 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\system32\USER32.dll!SetThreadDesktop + 20 0000000076e2d6e4 2 bytes [10, 7E] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\system32\USER32.dll!PtInRect + 52 0000000076e2dd80 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\system32\USER32.dll!PtInRect + 56 0000000076e2dd84 2 bytes [A0, 61] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\system32\USER32.dll!LookupIconIdFromDirectoryEx + 288 0000000076e2f850 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\system32\USER32.dll!LookupIconIdFromDirectoryEx + 292 0000000076e2f854 2 bytes [A0, 6A] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\system32\USER32.dll!CreateWindowExW 0000000076e30800 6 bytes {JMP QWORD [RIP+0x920f830]} .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\system32\USER32.dll!RegisterClassExW 0000000076e30e8c 6 bytes {JMP QWORD [RIP+0x924f1a4]} .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\system32\USER32.dll!ShowWindow 0000000076e31910 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\system32\USER32.dll!ShowWindow + 4 0000000076e31914 2 bytes [40, 71] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\system32\USER32.dll!ClientToScreen + 100 0000000076e332f0 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\system32\USER32.dll!ClientToScreen + 104 0000000076e332f4 2 bytes [90, 76] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\system32\USER32.dll!SetWindowPos 0000000076e33c30 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\system32\USER32.dll!SetWindowPos + 4 0000000076e33c34 2 bytes [A0, 73] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\system32\USER32.dll!SetWinEventHook + 212 0000000076e34e10 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\system32\USER32.dll!SetWinEventHook + 216 0000000076e34e14 2 bytes [10, 6C] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\system32\USER32.dll!GetForegroundWindow 0000000076e35ab0 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\system32\USER32.dll!GetForegroundWindow + 4 0000000076e35ab4 2 bytes [40, 7A] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\system32\USER32.dll!IsDialogMessageW + 400 0000000076e36860 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\system32\USER32.dll!IsDialogMessageW + 404 0000000076e36864 2 bytes [90, 66] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\system32\USER32.dll!SetWindowLongPtrW + 20 0000000076e37710 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\system32\USER32.dll!SetWindowLongPtrW + 24 0000000076e37714 2 bytes [10, 68] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\system32\USER32.dll!SetScrollInfo + 368 0000000076e37ef0 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\system32\USER32.dll!SetScrollInfo + 372 0000000076e37ef4 2 bytes [60, 7B] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\system32\USER32.dll!PeekMessageW + 176 0000000076e390c0 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\system32\USER32.dll!PeekMessageW + 180 0000000076e390c4 2 bytes [C0, 51] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\system32\USER32.dll!SfmDxSetSwapChainStats + 16 0000000076e39e90 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\system32\USER32.dll!SfmDxSetSwapChainStats + 20 0000000076e39e94 2 bytes [20, 53] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\system32\USER32.dll!GetKeyboardState 0000000076e48a10 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\system32\USER32.dll!GetKeyboardState + 4 0000000076e48a14 2 bytes [40, 5F] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\system32\USER32.dll!WindowFromPoint 0000000076e48bc0 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\system32\USER32.dll!WindowFromPoint + 4 0000000076e48bc4 2 bytes [10, 79] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\system32\USER32.dll!SendInput 0000000076e48cd0 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\system32\USER32.dll!SendInput + 4 0000000076e48cd4 2 bytes [D0, 6E] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\system32\USER32.dll!IsHungAppWindow + 52 0000000076e48f20 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\system32\USER32.dll!IsHungAppWindow + 56 0000000076e48f24 2 bytes [10, 50] .text ... * 11 .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\system32\USER32.dll!ExcludeUpdateRgn + 336 0000000076e49210 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\system32\USER32.dll!ExcludeUpdateRgn + 340 0000000076e49214 2 bytes [10, 42] .text ... * 5 .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\system32\USER32.dll!ShowWindowAsync 0000000076e496e0 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\system32\USER32.dll!ShowWindowAsync + 4 0000000076e496e4 2 bytes [10, 70] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\system32\USER32.dll!BlockInput 0000000076e4ad50 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\system32\USER32.dll!BlockInput + 4 0000000076e4ad54 2 bytes [70, 5A] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\system32\USER32.dll!ClipCursor 0000000076e4ada0 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\system32\USER32.dll!ClipCursor + 4 0000000076e4ada4 2 bytes [A0, 6D] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\system32\USER32.dll!GetGuiResources + 32 0000000076e4af40 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\system32\USER32.dll!GetGuiResources + 36 0000000076e4af44 2 bytes [30, 64] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\system32\USER32.dll!GetRawInputData 0000000076e4aff0 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\system32\USER32.dll!GetRawInputData + 4 0000000076e4aff4 2 bytes [D0, 62] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\system32\USER32.dll!PrintWindow 0000000076e4b170 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\system32\USER32.dll!PrintWindow + 4 0000000076e4b174 2 bytes [60, 69] .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\system32\GDI32.dll!BitBlt + 240 000007feff2e25b0 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\system32\GDI32.dll!BitBlt + 244 000007feff2e25b4 2 bytes [10, 50] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\system32\GDI32.dll!GdiAlphaBlend + 256 000007feff2e3f10 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\system32\GDI32.dll!GdiAlphaBlend + 260 000007feff2e3f14 2 bytes [10, 42] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\system32\GDI32.dll!StretchBlt + 248 000007feff2ebae0 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\system32\GDI32.dll!StretchBlt + 252 000007feff2ebae4 2 bytes [70, 48] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\system32\GDI32.dll!PlgBlt + 256 000007feff2ec9f0 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\system32\GDI32.dll!PlgBlt + 260 000007feff2ec9f4 2 bytes [80, 45] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\system32\GDI32.dll!GdiTransparentBlt + 288 000007feff2f55a0 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\system32\GDI32.dll!GdiTransparentBlt + 292 000007feff2f55a4 2 bytes [D0, 43] .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\system32\advapi32.DLL!RegQueryValueExW 000007fefeaff050 6 bytes JMP 1093 .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\system32\shell32.DLL!SHFileOperationW 000007fefd648fe4 6 bytes {JMP QWORD [RIP+0x103704c]} .text C:\Program Files\Internet Explorer\iexplore.exe[3880] C:\Windows\system32\mswsock.dll!WSPStartup 000007fefc588fe0 6 bytes {JMP QWORD [RIP+0x97050]} .text C:\Program Files (x86)\Steam\Steam.exe[2536] C:\Windows\SysWOW64\ntdll.dll!NtWriteFile + 1 000000007723f969 2 bytes [F0, 29] .text C:\Program Files (x86)\Steam\Steam.exe[2536] C:\Windows\SysWOW64\ntdll.dll!NtWriteFile + 4 000000007723f96c 3 bytes {ADD [RCX], BL; JMP RAX} .text C:\Program Files (x86)\Steam\Steam.exe[2536] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll + 119 000000007725f3b2 4 bytes {CALL 0xffffffffa0da3a2f} .text C:\Program Files (x86)\Steam\Steam.exe[2536] C:\Windows\syswow64\USER32.dll!PrintWindow + 1 0000000074c688f4 2 bytes [50, 26] .text C:\Program Files (x86)\Steam\Steam.exe[2536] C:\Windows\syswow64\USER32.dll!PrintWindow + 4 0000000074c688f7 3 bytes {ADD [RCX], BL; JMP RAX} .text C:\Program Files (x86)\Steam\Steam.exe[2536] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074cf1401 2 bytes JMP 754ab21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\Steam.exe[2536] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074cf1419 2 bytes JMP 754ab346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\Steam.exe[2536] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074cf1431 2 bytes JMP 75528fd1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\Steam.exe[2536] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074cf144a 2 bytes CALL 7548489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Steam\Steam.exe[2536] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074cf14dd 2 bytes JMP 755288c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\Steam.exe[2536] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074cf14f5 2 bytes JMP 75528aa0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\Steam.exe[2536] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074cf150d 2 bytes JMP 755287ba C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\Steam.exe[2536] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074cf1525 2 bytes JMP 75528b8a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\Steam.exe[2536] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074cf153d 2 bytes JMP 7549fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\Steam.exe[2536] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074cf1555 2 bytes JMP 754a68ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\Steam.exe[2536] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074cf156d 2 bytes JMP 75529089 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\Steam.exe[2536] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074cf1585 2 bytes JMP 75528bea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\Steam.exe[2536] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074cf159d 2 bytes JMP 7552877e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\Steam.exe[2536] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074cf15b5 2 bytes JMP 7549fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\Steam.exe[2536] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074cf15cd 2 bytes JMP 754ab2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\Steam.exe[2536] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074cf16b2 2 bytes JMP 75528f4c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\Steam.exe[2536] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074cf16bd 2 bytes JMP 75528713 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe[5464] C:\Windows\SysWOW64\ntdll.dll!NtWriteFile + 1 000000007723f969 2 bytes [F0, 29] .text C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe[5464] C:\Windows\SysWOW64\ntdll.dll!NtWriteFile + 4 000000007723f96c 3 bytes {ADD [RCX], BL; JMP RAX} .text C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe[5464] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll + 119 000000007725f3b2 4 bytes {CALL 0xffffffffa0da3a2f} .text C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe[5464] C:\Windows\syswow64\USER32.dll!PrintWindow + 1 0000000074c688f4 2 bytes [50, 26] .text C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe[5464] C:\Windows\syswow64\USER32.dll!PrintWindow + 4 0000000074c688f7 3 bytes {ADD [RCX], BL; JMP RAX} .text C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe[5464] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074cf1401 2 bytes JMP 754ab21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe[5464] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074cf1419 2 bytes JMP 754ab346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe[5464] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074cf1431 2 bytes JMP 75528fd1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe[5464] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074cf144a 2 bytes CALL 7548489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe[5464] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074cf14dd 2 bytes JMP 755288c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe[5464] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074cf14f5 2 bytes JMP 75528aa0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe[5464] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074cf150d 2 bytes JMP 755287ba C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe[5464] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074cf1525 2 bytes JMP 75528b8a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe[5464] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074cf153d 2 bytes JMP 7549fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe[5464] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074cf1555 2 bytes JMP 754a68ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe[5464] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074cf156d 2 bytes JMP 75529089 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe[5464] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074cf1585 2 bytes JMP 75528bea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe[5464] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074cf159d 2 bytes JMP 7552877e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe[5464] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074cf15b5 2 bytes JMP 7549fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe[5464] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074cf15cd 2 bytes JMP 754ab2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe[5464] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074cf16b2 2 bytes JMP 75528f4c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe[5464] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074cf16bd 2 bytes JMP 75528713 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[2312] C:\Windows\SysWOW64\ntdll.dll!NtWriteFile + 1 000000007723f969 2 bytes [F0, 29] .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[2312] C:\Windows\SysWOW64\ntdll.dll!NtWriteFile + 4 000000007723f96c 3 bytes {ADD [RCX], BL; JMP RAX} .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[2312] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll + 119 000000007725f3b2 4 bytes {CALL 0xffffffffa0da3a2f} .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[2312] C:\Windows\syswow64\USER32.dll!PrintWindow + 1 0000000074c688f4 2 bytes [50, 26] .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[2312] C:\Windows\syswow64\USER32.dll!PrintWindow + 4 0000000074c688f7 3 bytes {ADD [RCX], BL; JMP RAX} .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[2312] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074cf1401 2 bytes JMP 754ab21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[2312] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074cf1419 2 bytes JMP 754ab346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[2312] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074cf1431 2 bytes JMP 75528fd1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[2312] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074cf144a 2 bytes CALL 7548489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[2312] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074cf14dd 2 bytes JMP 755288c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[2312] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074cf14f5 2 bytes JMP 75528aa0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[2312] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074cf150d 2 bytes JMP 755287ba C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[2312] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074cf1525 2 bytes JMP 75528b8a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[2312] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074cf153d 2 bytes JMP 7549fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[2312] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074cf1555 2 bytes JMP 754a68ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[2312] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074cf156d 2 bytes JMP 75529089 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[2312] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074cf1585 2 bytes JMP 75528bea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[2312] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074cf159d 2 bytes JMP 7552877e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[2312] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074cf15b5 2 bytes JMP 7549fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[2312] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074cf15cd 2 bytes JMP 754ab2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[2312] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074cf16b2 2 bytes JMP 75528f4c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[2312] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074cf16bd 2 bytes JMP 75528713 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe[1280] C:\Windows\SysWOW64\ntdll.dll!NtWriteFile + 1 000000007723f969 2 bytes [F0, 29] .text C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe[1280] C:\Windows\SysWOW64\ntdll.dll!NtWriteFile + 4 000000007723f96c 3 bytes {ADD [RCX], BL; JMP RAX} .text C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe[1280] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007723f9f1 7 bytes {MOV EDX, 0x2f32e8; JMP RDX} .text C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe[1280] C:\Windows\SysWOW64\ntdll.dll!NtOpenKey + 5 000000007723fa6d 7 bytes {MOV EDX, 0x2f31a8; JMP RDX} .text C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe[1280] C:\Windows\SysWOW64\ntdll.dll!NtCreateKey + 5 000000007723fb85 7 bytes {MOV EDX, 0x2f3168; JMP RDX} .text C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe[1280] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007723fc35 7 bytes {MOV EDX, 0x2f3328; JMP RDX} .text C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe[1280] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007723fc65 7 bytes {MOV EDX, 0x2f3268; JMP RDX} .text C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe[1280] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007723fc7d 7 bytes {MOV EDX, 0x2f3128; JMP RDX} .text C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe[1280] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007723fc95 7 bytes {MOV EDX, 0x2f33e8; JMP RDX} .text C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe[1280] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007723fcc5 7 bytes {MOV EDX, 0x2f3428; JMP RDX} .text C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe[1280] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007723fd45 7 bytes {MOV EDX, 0x2f33a8; JMP RDX} .text C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe[1280] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007723fd5d 7 bytes {MOV EDX, 0x2f3368; JMP RDX} .text C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe[1280] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007723fda9 7 bytes {MOV EDX, 0x2f3068; JMP RDX} .text C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe[1280] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007723fea1 7 bytes {MOV EDX, 0x2f30a8; JMP RDX} .text C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe[1280] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 00000000772400f9 7 bytes {MOV EDX, 0x2f3028; JMP RDX} .text C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe[1280] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyEx + 5 000000007724105d 7 bytes {MOV EDX, 0x2f31e8; JMP RDX} .text C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe[1280] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077241105 7 bytes {MOV EDX, 0x2f32a8; JMP RDX} .text C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe[1280] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 000000007724117d 7 bytes {MOV EDX, 0x2f3228; JMP RDX} .text C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe[1280] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077241381 7 bytes {MOV EDX, 0x2f30e8; JMP RDX} .text C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe[1280] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll + 119 000000007725f3b2 4 bytes {CALL 0xffffffffa0da3a2f} .text C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe[1280] C:\Windows\syswow64\USER32.dll!PrintWindow + 1 0000000074c688f4 2 bytes [50, 26] .text C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe[1280] C:\Windows\syswow64\USER32.dll!PrintWindow + 4 0000000074c688f7 3 bytes {ADD [RCX], BL; JMP RAX} .text C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe[1280] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074cf1401 2 bytes JMP 754ab21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe[1280] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074cf1419 2 bytes JMP 754ab346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe[1280] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074cf1431 2 bytes JMP 75528fd1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe[1280] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074cf144a 2 bytes CALL 7548489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe[1280] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074cf14dd 2 bytes JMP 755288c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe[1280] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074cf14f5 2 bytes JMP 75528aa0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe[1280] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074cf150d 2 bytes JMP 755287ba C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe[1280] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074cf1525 2 bytes JMP 75528b8a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe[1280] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074cf153d 2 bytes JMP 7549fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe[1280] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074cf1555 2 bytes JMP 754a68ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe[1280] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074cf156d 2 bytes JMP 75529089 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe[1280] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074cf1585 2 bytes JMP 75528bea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe[1280] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074cf159d 2 bytes JMP 7552877e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe[1280] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074cf15b5 2 bytes JMP 7549fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe[1280] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074cf15cd 2 bytes JMP 754ab2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe[1280] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074cf16b2 2 bytes JMP 75528f4c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe[1280] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074cf16bd 2 bytes JMP 75528713 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll + 154 0000000077066e5a 4 bytes {CALL 0xffffffff88ff91a7} .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!NtDeviceIoControlFile 000000007708da20 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!NtDeviceIoControlFile + 4 000000007708da24 2 bytes [90, B0] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000000007708db30 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory + 4 000000007708db34 2 bytes [10, 8E] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000000007708db90 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory + 4 000000007708db94 2 bytes [A0, 83] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!NtRequestWaitReplyPort 000000007708dbd0 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!NtRequestWaitReplyPort + 4 000000007708dbd4 2 bytes [70, B6] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007708dc10 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 4 000000007708dc14 2 bytes [B0, B7] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007708dc20 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 4 000000007708dc24 2 bytes [10, BC] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007708dc30 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 4 000000007708dc34 2 bytes [00, 82] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007708dc50 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 4 000000007708dc54 2 bytes [60, 96] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007708dc70 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 4 000000007708dc74 2 bytes [70, BD] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007708dd20 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 4 000000007708dd24 2 bytes [50, AB] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!NtFsControlFile 000000007708dd40 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!NtFsControlFile + 4 000000007708dd44 2 bytes [E0, 87] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007708dd50 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 4 000000007708dd54 2 bytes [B0, BA] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007708dd70 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 4 000000007708dd74 2 bytes [60, B3] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!NtReadVirtualMemory 000000007708dda0 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!NtReadVirtualMemory + 4 000000007708dda4 2 bytes [80, 8F] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007708de00 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 4 000000007708de04 2 bytes [20, 92] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007708de50 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 4 000000007708de54 2 bytes [D0, A9] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 000000007708de80 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 4 000000007708de84 2 bytes [80, A0] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007708de90 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 4 000000007708de94 2 bytes [A0, 9A] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000000007708deb0 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 4 000000007708deb4 2 bytes [A0, A4] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007708dee0 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread + 4 000000007708dee4 2 bytes [70, A7] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007708df00 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 4 000000007708df04 2 bytes [00, B9] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000000007708dfb0 6 bytes {JMP QWORD [RIP+0x8f92080]} .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007708e0f0 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort + 4 000000007708e0f4 2 bytes [30, 86] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007708e100 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort + 4 000000007708e104 2 bytes [F0, 84] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007708e200 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 4 000000007708e204 2 bytes [00, AF] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007708e230 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject + 4 000000007708e234 2 bytes [30, 95] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007708e2d0 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort + 4 000000007708e2d4 2 bytes [80, 8C] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007708e380 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 4 000000007708e384 2 bytes [70, 7F] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007708e3b0 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort + 4 000000007708e3b4 2 bytes [20, 8B] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 000000007708e3d0 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 4 000000007708e3d4 2 bytes [F0, 9E] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007708e420 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject + 4 000000007708e424 2 bytes [50, A3] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007708e430 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 4 000000007708e434 2 bytes [F0, 98] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007708e480 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess + 4 000000007708e484 2 bytes [80, 93] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile 000000007708e500 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile + 4 000000007708e504 2 bytes [90, AC] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!NtGetNextProcess 000000007708e6c0 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!NtGetNextProcess + 4 000000007708e6c4 2 bytes [90, 97] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!NtGetNextThread 000000007708e6d0 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!NtGetNextThread + 4 000000007708e6d4 2 bytes [30, 9C] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007708e7a0 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 4 000000007708e7a4 2 bytes [30, B2] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!NtSecureConnectPort 000000007708eea0 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!NtSecureConnectPort + 4 000000007708eea4 2 bytes [80, 89] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007708eee0 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 4 000000007708eee4 2 bytes [20, A2] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!NtSetSecurityObject 000000007708f070 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!NtSetSecurityObject + 4 000000007708f074 2 bytes [E0, 90] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007708f0a0 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 4 000000007708f0a4 2 bytes [C0, AD] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007708f190 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 4 000000007708f194 2 bytes [A0, A8] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007708f1a0 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 4 000000007708f1a4 2 bytes [00, A6] .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\system32\kernel32.dll!MoveFileExW 0000000076f22b60 6 bytes {JMP QWORD [RIP+0x913d4d0]} .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 354 000007fefd06b022 3 bytes [E8, 4F, 06] .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\system32\USER32.dll!SwitchDesktopWithFade + 16 0000000076e25b80 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\system32\USER32.dll!SwitchDesktopWithFade + 20 0000000076e25b84 2 bytes [E0, 5C] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\system32\USER32.dll!SetWindowPlacement 0000000076e28130 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\system32\USER32.dll!SetWindowPlacement + 4 0000000076e28134 2 bytes [70, 72] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\system32\USER32.dll!SetParent 0000000076e28500 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\system32\USER32.dll!SetParent + 4 0000000076e28504 2 bytes [E0, 77] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\system32\USER32.dll!MoveWindow 0000000076e2aab0 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\system32\USER32.dll!MoveWindow + 4 0000000076e2aab4 2 bytes [20, 75] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\system32\USER32.dll!GetAsyncKeyState + 132 0000000076e2c760 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\system32\USER32.dll!GetAsyncKeyState + 136 0000000076e2c764 2 bytes [70, 60] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\system32\USER32.dll!DestroyWindow 0000000076e2cbc0 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\system32\USER32.dll!DestroyWindow + 4 0000000076e2cbc4 2 bytes [60, 65] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\system32\USER32.dll!SetThreadDesktop + 16 0000000076e2d6e0 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\system32\USER32.dll!SetThreadDesktop + 20 0000000076e2d6e4 2 bytes [10, 7E] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\system32\USER32.dll!PtInRect + 52 0000000076e2dd80 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\system32\USER32.dll!PtInRect + 56 0000000076e2dd84 2 bytes [A0, 61] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\system32\USER32.dll!LookupIconIdFromDirectoryEx + 288 0000000076e2f850 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\system32\USER32.dll!LookupIconIdFromDirectoryEx + 292 0000000076e2f854 2 bytes [A0, 6A] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\system32\USER32.dll!CreateWindowExW 0000000076e30800 6 bytes {JMP QWORD [RIP+0x920f830]} .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\system32\USER32.dll!RegisterClassExW 0000000076e30e8c 6 bytes {JMP QWORD [RIP+0x924f1a4]} .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\system32\USER32.dll!ShowWindow 0000000076e31910 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\system32\USER32.dll!ShowWindow + 4 0000000076e31914 2 bytes [40, 71] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\system32\USER32.dll!ClientToScreen + 100 0000000076e332f0 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\system32\USER32.dll!ClientToScreen + 104 0000000076e332f4 2 bytes [90, 76] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\system32\USER32.dll!SetWindowPos 0000000076e33c30 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\system32\USER32.dll!SetWindowPos + 4 0000000076e33c34 2 bytes [A0, 73] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\system32\USER32.dll!SetWinEventHook + 212 0000000076e34e10 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\system32\USER32.dll!SetWinEventHook + 216 0000000076e34e14 2 bytes [10, 6C] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\system32\USER32.dll!GetForegroundWindow 0000000076e35ab0 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\system32\USER32.dll!GetForegroundWindow + 4 0000000076e35ab4 2 bytes [40, 7A] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\system32\USER32.dll!IsDialogMessageW + 400 0000000076e36860 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\system32\USER32.dll!IsDialogMessageW + 404 0000000076e36864 2 bytes [90, 66] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\system32\USER32.dll!SetWindowLongPtrW + 20 0000000076e37710 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\system32\USER32.dll!SetWindowLongPtrW + 24 0000000076e37714 2 bytes [10, 68] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\system32\USER32.dll!SetScrollInfo + 368 0000000076e37ef0 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\system32\USER32.dll!SetScrollInfo + 372 0000000076e37ef4 2 bytes [60, 7B] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\system32\USER32.dll!PeekMessageW + 176 0000000076e390c0 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\system32\USER32.dll!PeekMessageW + 180 0000000076e390c4 2 bytes [C0, 51] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\system32\USER32.dll!SfmDxSetSwapChainStats + 16 0000000076e39e90 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\system32\USER32.dll!SfmDxSetSwapChainStats + 20 0000000076e39e94 2 bytes [20, 53] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\system32\USER32.dll!GetKeyboardState 0000000076e48a10 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\system32\USER32.dll!GetKeyboardState + 4 0000000076e48a14 2 bytes [40, 5F] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\system32\USER32.dll!WindowFromPoint 0000000076e48bc0 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\system32\USER32.dll!WindowFromPoint + 4 0000000076e48bc4 2 bytes [10, 79] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\system32\USER32.dll!SendInput 0000000076e48cd0 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\system32\USER32.dll!SendInput + 4 0000000076e48cd4 2 bytes [D0, 6E] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\system32\USER32.dll!IsHungAppWindow + 52 0000000076e48f20 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\system32\USER32.dll!IsHungAppWindow + 56 0000000076e48f24 2 bytes [10, 50] .text ... * 11 .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\system32\USER32.dll!ExcludeUpdateRgn + 336 0000000076e49210 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\system32\USER32.dll!ExcludeUpdateRgn + 340 0000000076e49214 2 bytes [10, 42] .text ... * 5 .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\system32\USER32.dll!ShowWindowAsync 0000000076e496e0 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\system32\USER32.dll!ShowWindowAsync + 4 0000000076e496e4 2 bytes [10, 70] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\system32\USER32.dll!BlockInput 0000000076e4ad50 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\system32\USER32.dll!BlockInput + 4 0000000076e4ad54 2 bytes [70, 5A] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\system32\USER32.dll!ClipCursor 0000000076e4ada0 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\system32\USER32.dll!ClipCursor + 4 0000000076e4ada4 2 bytes [A0, 6D] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\system32\USER32.dll!GetGuiResources + 32 0000000076e4af40 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\system32\USER32.dll!GetGuiResources + 36 0000000076e4af44 2 bytes [30, 64] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\system32\USER32.dll!GetRawInputData 0000000076e4aff0 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\system32\USER32.dll!GetRawInputData + 4 0000000076e4aff4 2 bytes [D0, 62] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\system32\USER32.dll!PrintWindow 0000000076e4b170 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\system32\USER32.dll!PrintWindow + 4 0000000076e4b174 2 bytes [60, 69] .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\system32\GDI32.dll!BitBlt + 240 000007feff2e25b0 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\system32\GDI32.dll!BitBlt + 244 000007feff2e25b4 2 bytes [10, 50] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\system32\GDI32.dll!GdiAlphaBlend + 256 000007feff2e3f10 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\system32\GDI32.dll!GdiAlphaBlend + 260 000007feff2e3f14 2 bytes [10, 42] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\system32\GDI32.dll!StretchBlt + 248 000007feff2ebae0 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\system32\GDI32.dll!StretchBlt + 252 000007feff2ebae4 2 bytes [70, 48] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\system32\GDI32.dll!PlgBlt + 256 000007feff2ec9f0 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\system32\GDI32.dll!PlgBlt + 260 000007feff2ec9f4 2 bytes [80, 45] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\system32\GDI32.dll!GdiTransparentBlt + 288 000007feff2f55a0 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\system32\GDI32.dll!GdiTransparentBlt + 292 000007feff2f55a4 2 bytes [D0, 43] .text C:\Program Files\Internet Explorer\iexplore.exe[5512] C:\Windows\system32\mswsock.dll!WSPStartup 000007fefc588fe0 6 bytes {JMP QWORD [RIP+0x97050]} .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll + 154 0000000077066e5a 4 bytes {CALL 0xffffffff88ff91a7} .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\SYSTEM32\ntdll.dll!NtDeviceIoControlFile 000000007708da20 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\SYSTEM32\ntdll.dll!NtDeviceIoControlFile + 4 000000007708da24 2 bytes [90, B0] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000000007708db30 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory + 4 000000007708db34 2 bytes [10, 8E] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000000007708db90 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory + 4 000000007708db94 2 bytes [A0, 83] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\SYSTEM32\ntdll.dll!NtRequestWaitReplyPort 000000007708dbd0 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\SYSTEM32\ntdll.dll!NtRequestWaitReplyPort + 4 000000007708dbd4 2 bytes [70, B6] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007708dc10 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 4 000000007708dc14 2 bytes [B0, B7] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007708dc20 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 4 000000007708dc24 2 bytes [10, BC] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007708dc30 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 4 000000007708dc34 2 bytes [00, 82] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007708dc50 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 4 000000007708dc54 2 bytes [60, 96] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007708dc70 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 4 000000007708dc74 2 bytes [70, BD] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007708dd20 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 4 000000007708dd24 2 bytes [50, AB] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\SYSTEM32\ntdll.dll!NtFsControlFile 000000007708dd40 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\SYSTEM32\ntdll.dll!NtFsControlFile + 4 000000007708dd44 2 bytes [E0, 87] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007708dd50 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 4 000000007708dd54 2 bytes [B0, BA] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007708dd70 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 4 000000007708dd74 2 bytes [60, B3] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\SYSTEM32\ntdll.dll!NtReadVirtualMemory 000000007708dda0 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\SYSTEM32\ntdll.dll!NtReadVirtualMemory + 4 000000007708dda4 2 bytes [80, 8F] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007708de00 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 4 000000007708de04 2 bytes [20, 92] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007708de50 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 4 000000007708de54 2 bytes [D0, A9] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 000000007708de80 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 4 000000007708de84 2 bytes [80, A0] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007708de90 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 4 000000007708de94 2 bytes [A0, 9A] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000000007708deb0 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 4 000000007708deb4 2 bytes [A0, A4] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007708dee0 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread + 4 000000007708dee4 2 bytes [70, A7] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007708df00 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 4 000000007708df04 2 bytes [00, B9] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000000007708dfb0 6 bytes {JMP QWORD [RIP+0x8f92080]} .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007708e0f0 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort + 4 000000007708e0f4 2 bytes [30, 86] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007708e100 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort + 4 000000007708e104 2 bytes [F0, 84] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007708e200 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 4 000000007708e204 2 bytes [00, AF] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007708e230 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject + 4 000000007708e234 2 bytes [30, 95] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007708e2d0 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort + 4 000000007708e2d4 2 bytes [80, 8C] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007708e380 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 4 000000007708e384 2 bytes [70, 7F] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007708e3b0 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort + 4 000000007708e3b4 2 bytes [20, 8B] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 000000007708e3d0 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 4 000000007708e3d4 2 bytes [F0, 9E] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007708e420 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject + 4 000000007708e424 2 bytes [50, A3] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007708e430 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 4 000000007708e434 2 bytes [F0, 98] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007708e480 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess + 4 000000007708e484 2 bytes [80, 93] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile 000000007708e500 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile + 4 000000007708e504 2 bytes [90, AC] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\SYSTEM32\ntdll.dll!NtGetNextProcess 000000007708e6c0 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\SYSTEM32\ntdll.dll!NtGetNextProcess + 4 000000007708e6c4 2 bytes [90, 97] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\SYSTEM32\ntdll.dll!NtGetNextThread 000000007708e6d0 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\SYSTEM32\ntdll.dll!NtGetNextThread + 4 000000007708e6d4 2 bytes [30, 9C] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007708e7a0 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 4 000000007708e7a4 2 bytes [30, B2] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\SYSTEM32\ntdll.dll!NtSecureConnectPort 000000007708eea0 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\SYSTEM32\ntdll.dll!NtSecureConnectPort + 4 000000007708eea4 2 bytes [80, 89] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007708eee0 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 4 000000007708eee4 2 bytes [20, A2] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\SYSTEM32\ntdll.dll!NtSetSecurityObject 000000007708f070 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\SYSTEM32\ntdll.dll!NtSetSecurityObject + 4 000000007708f074 2 bytes [E0, 90] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007708f0a0 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 4 000000007708f0a4 2 bytes [C0, AD] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007708f190 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 4 000000007708f194 2 bytes [A0, A8] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007708f1a0 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 4 000000007708f1a4 2 bytes [00, A6] .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\system32\kernel32.dll!MoveFileExW 0000000076f22b60 6 bytes {JMP QWORD [RIP+0x913d4d0]} .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 354 000007fefd06b022 3 bytes [E8, 4F, 06] .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\system32\USER32.dll!SwitchDesktopWithFade + 16 0000000076e25b80 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\system32\USER32.dll!SwitchDesktopWithFade + 20 0000000076e25b84 2 bytes [E0, 5C] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\system32\USER32.dll!SetWindowPlacement 0000000076e28130 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\system32\USER32.dll!SetWindowPlacement + 4 0000000076e28134 2 bytes [70, 72] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\system32\USER32.dll!SetParent 0000000076e28500 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\system32\USER32.dll!SetParent + 4 0000000076e28504 2 bytes [E0, 77] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\system32\USER32.dll!MoveWindow 0000000076e2aab0 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\system32\USER32.dll!MoveWindow + 4 0000000076e2aab4 2 bytes [20, 75] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\system32\USER32.dll!GetAsyncKeyState + 132 0000000076e2c760 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\system32\USER32.dll!GetAsyncKeyState + 136 0000000076e2c764 2 bytes [70, 60] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\system32\USER32.dll!DestroyWindow 0000000076e2cbc0 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\system32\USER32.dll!DestroyWindow + 4 0000000076e2cbc4 2 bytes [60, 65] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\system32\USER32.dll!SetThreadDesktop + 16 0000000076e2d6e0 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\system32\USER32.dll!SetThreadDesktop + 20 0000000076e2d6e4 2 bytes [10, 7E] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\system32\USER32.dll!PtInRect + 52 0000000076e2dd80 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\system32\USER32.dll!PtInRect + 56 0000000076e2dd84 2 bytes [A0, 61] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\system32\USER32.dll!LookupIconIdFromDirectoryEx + 288 0000000076e2f850 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\system32\USER32.dll!LookupIconIdFromDirectoryEx + 292 0000000076e2f854 2 bytes [A0, 6A] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\system32\USER32.dll!CreateWindowExW 0000000076e30800 6 bytes JMP 93a9640 .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\system32\USER32.dll!RegisterClassExW 0000000076e30e8c 6 bytes JMP 0 .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\system32\USER32.dll!ShowWindow 0000000076e31910 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\system32\USER32.dll!ShowWindow + 4 0000000076e31914 2 bytes [40, 71] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\system32\USER32.dll!ClientToScreen + 100 0000000076e332f0 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\system32\USER32.dll!ClientToScreen + 104 0000000076e332f4 2 bytes [90, 76] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\system32\USER32.dll!SetWindowPos 0000000076e33c30 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\system32\USER32.dll!SetWindowPos + 4 0000000076e33c34 2 bytes [A0, 73] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\system32\USER32.dll!SetWinEventHook + 212 0000000076e34e10 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\system32\USER32.dll!SetWinEventHook + 216 0000000076e34e14 2 bytes [10, 6C] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\system32\USER32.dll!GetForegroundWindow 0000000076e35ab0 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\system32\USER32.dll!GetForegroundWindow + 4 0000000076e35ab4 2 bytes [40, 7A] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\system32\USER32.dll!IsDialogMessageW + 400 0000000076e36860 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\system32\USER32.dll!IsDialogMessageW + 404 0000000076e36864 2 bytes [90, 66] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\system32\USER32.dll!SetWindowLongPtrW + 20 0000000076e37710 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\system32\USER32.dll!SetWindowLongPtrW + 24 0000000076e37714 2 bytes [10, 68] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\system32\USER32.dll!SetScrollInfo + 368 0000000076e37ef0 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\system32\USER32.dll!SetScrollInfo + 372 0000000076e37ef4 2 bytes [60, 7B] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\system32\USER32.dll!PeekMessageW + 176 0000000076e390c0 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\system32\USER32.dll!PeekMessageW + 180 0000000076e390c4 2 bytes [C0, 51] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\system32\USER32.dll!SfmDxSetSwapChainStats + 16 0000000076e39e90 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\system32\USER32.dll!SfmDxSetSwapChainStats + 20 0000000076e39e94 2 bytes [20, 53] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\system32\USER32.dll!GetKeyboardState 0000000076e48a10 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\system32\USER32.dll!GetKeyboardState + 4 0000000076e48a14 2 bytes [40, 5F] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\system32\USER32.dll!WindowFromPoint 0000000076e48bc0 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\system32\USER32.dll!WindowFromPoint + 4 0000000076e48bc4 2 bytes [10, 79] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\system32\USER32.dll!SendInput 0000000076e48cd0 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\system32\USER32.dll!SendInput + 4 0000000076e48cd4 2 bytes [D0, 6E] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\system32\USER32.dll!IsHungAppWindow + 52 0000000076e48f20 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\system32\USER32.dll!IsHungAppWindow + 56 0000000076e48f24 2 bytes [10, 50] .text ... * 11 .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\system32\USER32.dll!ExcludeUpdateRgn + 336 0000000076e49210 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\system32\USER32.dll!ExcludeUpdateRgn + 340 0000000076e49214 2 bytes [10, 42] .text ... * 5 .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\system32\USER32.dll!ShowWindowAsync 0000000076e496e0 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\system32\USER32.dll!ShowWindowAsync + 4 0000000076e496e4 2 bytes [10, 70] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\system32\USER32.dll!BlockInput 0000000076e4ad50 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\system32\USER32.dll!BlockInput + 4 0000000076e4ad54 2 bytes [70, 5A] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\system32\USER32.dll!ClipCursor 0000000076e4ada0 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\system32\USER32.dll!ClipCursor + 4 0000000076e4ada4 2 bytes [A0, 6D] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\system32\USER32.dll!GetGuiResources + 32 0000000076e4af40 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\system32\USER32.dll!GetGuiResources + 36 0000000076e4af44 2 bytes [30, 64] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\system32\USER32.dll!GetRawInputData 0000000076e4aff0 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\system32\USER32.dll!GetRawInputData + 4 0000000076e4aff4 2 bytes [D0, 62] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\system32\USER32.dll!PrintWindow 0000000076e4b170 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\system32\USER32.dll!PrintWindow + 4 0000000076e4b174 2 bytes [60, 69] .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\system32\GDI32.dll!BitBlt + 240 000007feff2e25b0 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\system32\GDI32.dll!BitBlt + 244 000007feff2e25b4 2 bytes [10, 50] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\system32\GDI32.dll!GdiAlphaBlend + 256 000007feff2e3f10 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\system32\GDI32.dll!GdiAlphaBlend + 260 000007feff2e3f14 2 bytes [10, 42] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\system32\GDI32.dll!StretchBlt + 248 000007feff2ebae0 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\system32\GDI32.dll!StretchBlt + 252 000007feff2ebae4 2 bytes [70, 48] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\system32\GDI32.dll!PlgBlt + 256 000007feff2ec9f0 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\system32\GDI32.dll!PlgBlt + 260 000007feff2ec9f4 2 bytes [80, 45] .text ... * 2 .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\system32\GDI32.dll!GdiTransparentBlt + 288 000007feff2f55a0 3 bytes [48, 33, C0] .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\system32\GDI32.dll!GdiTransparentBlt + 292 000007feff2f55a4 2 bytes [D0, 43] .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\system32\shell32.DLL!SHFileOperationW 000007fefd648fe4 6 bytes {JMP QWORD [RIP+0x103704c]} .text C:\Program Files\Internet Explorer\iexplore.exe[6700] C:\Windows\system32\mswsock.dll!WSPStartup 000007fefc588fe0 6 bytes {JMP QWORD [RIP+0x97050]} .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4772] C:\Windows\SysWOW64\ntdll.dll!NtWriteFile + 1 000000007723f969 2 bytes [F0, 29] .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4772] C:\Windows\SysWOW64\ntdll.dll!NtWriteFile + 4 000000007723f96c 3 bytes {ADD [RCX], BL; JMP RAX} .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4772] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 0000000077240204 3 bytes JMP 71a8000a .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4772] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey + 4 0000000077240208 2 bytes JMP 71a8000a .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4772] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll + 119 000000007725f3b2 4 bytes {CALL 0xffffffffa0da3a2f} .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4772] C:\Windows\syswow64\kernel32.dll!MoveFileExW 0000000075499b05 6 bytes JMP 719f000a .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4772] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 499 0000000075222ca4 4 bytes CALL 71af0000 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4772] C:\Windows\syswow64\advapi32.DLL!RegQueryValueExW 0000000076b44615 6 bytes JMP 71ab000a .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4772] C:\Windows\syswow64\user32.DLL!CreateWindowExW 0000000074c08a39 6 bytes JMP 71a5000a .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4772] C:\Windows\syswow64\user32.DLL!RegisterClassExW 0000000074c0b18d 6 bytes JMP 719c000a .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4772] C:\Windows\syswow64\user32.DLL!PrintWindow + 1 0000000074c688f4 2 bytes [50, 26] .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4772] C:\Windows\syswow64\user32.DLL!PrintWindow + 4 0000000074c688f7 3 bytes {ADD [RCX], BL; JMP RAX} .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4772] C:\Windows\syswow64\SHELL32.dll!SHFileOperationW 00000000759e9698 6 bytes JMP 71a2000a .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4772] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074cf1401 2 bytes JMP 754ab21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4772] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074cf1419 2 bytes JMP 754ab346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4772] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074cf1431 2 bytes JMP 75528fd1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4772] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074cf144a 2 bytes CALL 7548489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4772] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074cf14dd 2 bytes JMP 755288c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4772] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074cf14f5 2 bytes JMP 75528aa0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4772] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074cf150d 2 bytes JMP 755287ba C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4772] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074cf1525 2 bytes JMP 75528b8a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4772] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074cf153d 2 bytes JMP 7549fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4772] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074cf1555 2 bytes JMP 754a68ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4772] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074cf156d 2 bytes JMP 75529089 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4772] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074cf1585 2 bytes JMP 75528bea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4772] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074cf159d 2 bytes JMP 7552877e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4772] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074cf15b5 2 bytes JMP 7549fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4772] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074cf15cd 2 bytes JMP 754ab2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4772] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074cf16b2 2 bytes JMP 75528f4c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[4772] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074cf16bd 2 bytes JMP 75528713 C:\Windows\syswow64\kernel32.dll .text C:\Windows\system32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe[6120] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll + 154 0000000077066e5a 4 bytes {CALL 0xffffffff890f91a7} .text C:\Windows\system32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe[6120] C:\Windows\SYSTEM32\ntdll.dll!NtDeviceIoControlFile 000000007708da20 3 bytes [48, 33, C0] .text C:\Windows\system32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe[6120] C:\Windows\SYSTEM32\ntdll.dll!NtDeviceIoControlFile + 4 000000007708da24 2 bytes [90, B0] .text ... * 2 .text C:\Windows\system32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe[6120] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000000007708db30 3 bytes [48, 33, C0] .text C:\Windows\system32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe[6120] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory + 4 000000007708db34 2 bytes [10, 8E] .text ... * 2 .text C:\Windows\system32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe[6120] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000000007708db90 3 bytes [48, 33, C0] .text C:\Windows\system32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe[6120] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory + 4 000000007708db94 2 bytes [A0, 83] .text ... * 2 .text C:\Windows\system32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe[6120] C:\Windows\SYSTEM32\ntdll.dll!NtRequestWaitReplyPort 000000007708dbd0 3 bytes [48, 33, C0] .text C:\Windows\system32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe[6120] C:\Windows\SYSTEM32\ntdll.dll!NtRequestWaitReplyPort + 4 000000007708dbd4 2 bytes [70, B6] .text ... * 2 .text C:\Windows\system32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe[6120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007708dc10 3 bytes [48, 33, C0] .text C:\Windows\system32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe[6120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 4 000000007708dc14 2 bytes [B0, B7] .text ... * 2 .text C:\Windows\system32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe[6120] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007708dc20 3 bytes [48, 33, C0] .text C:\Windows\system32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe[6120] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 4 000000007708dc24 2 bytes [10, BC] .text ... * 2 .text C:\Windows\system32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe[6120] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007708dc30 3 bytes [48, 33, C0] .text C:\Windows\system32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe[6120] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 4 000000007708dc34 2 bytes [00, 82] .text ... * 2 .text C:\Windows\system32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe[6120] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007708dc50 3 bytes [48, 33, C0] .text C:\Windows\system32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe[6120] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 4 000000007708dc54 2 bytes [60, 96] .text ... * 2 .text C:\Windows\system32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe[6120] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007708dc70 3 bytes [48, 33, C0] .text C:\Windows\system32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe[6120] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 4 000000007708dc74 2 bytes [70, BD] .text ... * 2 .text C:\Windows\system32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe[6120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007708dd20 3 bytes [48, 33, C0] .text C:\Windows\system32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe[6120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 4 000000007708dd24 2 bytes [50, AB] .text ... * 2 .text C:\Windows\system32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe[6120] C:\Windows\SYSTEM32\ntdll.dll!NtFsControlFile 000000007708dd40 3 bytes [48, 33, C0] .text C:\Windows\system32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe[6120] C:\Windows\SYSTEM32\ntdll.dll!NtFsControlFile + 4 000000007708dd44 2 bytes [E0, 87] .text ... * 2 .text C:\Windows\system32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe[6120] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007708dd50 3 bytes [48, 33, C0] .text C:\Windows\system32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe[6120] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 4 000000007708dd54 2 bytes [B0, BA] .text ... * 2 .text C:\Windows\system32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe[6120] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007708dd70 3 bytes [48, 33, C0] .text C:\Windows\system32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe[6120] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 4 000000007708dd74 2 bytes [60, B3] .text ... * 2 .text C:\Windows\system32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe[6120] C:\Windows\SYSTEM32\ntdll.dll!NtReadVirtualMemory 000000007708dda0 3 bytes [48, 33, C0] .text C:\Windows\system32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe[6120] C:\Windows\SYSTEM32\ntdll.dll!NtReadVirtualMemory + 4 000000007708dda4 2 bytes [80, 8F] .text ... * 2 .text C:\Windows\system32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe[6120] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007708de00 3 bytes [48, 33, C0] .text C:\Windows\system32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe[6120] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 4 000000007708de04 2 bytes [20, 92] .text ... * 2 .text C:\Windows\system32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe[6120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007708de50 3 bytes [48, 33, C0] .text C:\Windows\system32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe[6120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 4 000000007708de54 2 bytes [D0, A9] .text ... * 2 .text C:\Windows\system32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe[6120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 000000007708de80 3 bytes [48, 33, C0] .text C:\Windows\system32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe[6120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 4 000000007708de84 2 bytes [80, A0] .text ... * 2 .text C:\Windows\system32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe[6120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007708de90 3 bytes [48, 33, C0] .text C:\Windows\system32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe[6120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 4 000000007708de94 2 bytes [A0, 9A] .text ... * 2 .text C:\Windows\system32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe[6120] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000000007708deb0 3 bytes [48, 33, C0] .text C:\Windows\system32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe[6120] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 4 000000007708deb4 2 bytes [A0, A4] .text ... * 2 .text C:\Windows\system32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe[6120] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007708dee0 3 bytes [48, 33, C0] .text C:\Windows\system32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe[6120] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread + 4 000000007708dee4 2 bytes [70, A7] .text ... * 2 .text C:\Windows\system32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe[6120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007708df00 3 bytes [48, 33, C0] .text C:\Windows\system32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe[6120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 4 000000007708df04 2 bytes [00, B9] .text ... * 2 .text C:\Windows\system32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe[6120] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007708e0f0 3 bytes [48, 33, C0] .text C:\Windows\system32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe[6120] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort + 4 000000007708e0f4 2 bytes [30, 86] .text ... * 2 .text C:\Windows\system32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe[6120] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007708e100 3 bytes [48, 33, C0] .text C:\Windows\system32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe[6120] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort + 4 000000007708e104 2 bytes [F0, 84] .text ... * 2 .text C:\Windows\system32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe[6120] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007708e200 3 bytes [48, 33, C0] .text C:\Windows\system32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe[6120] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 4 000000007708e204 2 bytes [00, AF] .text ... * 2 .text C:\Windows\system32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe[6120] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007708e230 3 bytes [48, 33, C0] .text C:\Windows\system32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe[6120] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject + 4 000000007708e234 2 bytes [30, 95] .text ... * 2 .text C:\Windows\system32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe[6120] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007708e2d0 3 bytes [48, 33, C0] .text C:\Windows\system32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe[6120] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort + 4 000000007708e2d4 2 bytes [80, 8C] .text ... * 2 .text C:\Windows\system32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe[6120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007708e380 3 bytes [48, 33, C0] .text C:\Windows\system32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe[6120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 4 000000007708e384 2 bytes [70, 7F] .text ... * 2 .text C:\Windows\system32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe[6120] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007708e3b0 3 bytes [48, 33, C0] .text C:\Windows\system32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe[6120] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort + 4 000000007708e3b4 2 bytes [20, 8B] .text ... * 2 .text C:\Windows\system32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe[6120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 000000007708e3d0 3 bytes [48, 33, C0] .text C:\Windows\system32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe[6120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 4 000000007708e3d4 2 bytes [F0, 9E] .text ... * 2 .text C:\Windows\system32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe[6120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007708e420 3 bytes [48, 33, C0] .text C:\Windows\system32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe[6120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject + 4 000000007708e424 2 bytes [50, A3] .text ... * 2 .text C:\Windows\system32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe[6120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007708e430 3 bytes [48, 33, C0] .text C:\Windows\system32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe[6120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 4 000000007708e434 2 bytes [F0, 98] .text ... * 2 .text C:\Windows\system32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe[6120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007708e480 3 bytes [48, 33, C0] .text C:\Windows\system32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe[6120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess + 4 000000007708e484 2 bytes [80, 93] .text ... * 2 .text C:\Windows\system32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe[6120] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile 000000007708e500 3 bytes [48, 33, C0] .text C:\Windows\system32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe[6120] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile + 4 000000007708e504 2 bytes [90, AC] .text ... * 2 .text C:\Windows\system32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe[6120] C:\Windows\SYSTEM32\ntdll.dll!NtGetNextProcess 000000007708e6c0 3 bytes [48, 33, C0] .text C:\Windows\system32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe[6120] C:\Windows\SYSTEM32\ntdll.dll!NtGetNextProcess + 4 000000007708e6c4 2 bytes [90, 97] .text ... * 2 .text C:\Windows\system32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe[6120] C:\Windows\SYSTEM32\ntdll.dll!NtGetNextThread 000000007708e6d0 3 bytes [48, 33, C0] .text C:\Windows\system32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe[6120] C:\Windows\SYSTEM32\ntdll.dll!NtGetNextThread + 4 000000007708e6d4 2 bytes [30, 9C] .text ... * 2 .text C:\Windows\system32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe[6120] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007708e7a0 3 bytes [48, 33, C0] .text C:\Windows\system32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe[6120] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 4 000000007708e7a4 2 bytes [30, B2] .text ... * 2 .text C:\Windows\system32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe[6120] C:\Windows\SYSTEM32\ntdll.dll!NtSecureConnectPort 000000007708eea0 3 bytes [48, 33, C0] .text C:\Windows\system32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe[6120] C:\Windows\SYSTEM32\ntdll.dll!NtSecureConnectPort + 4 000000007708eea4 2 bytes [80, 89] .text ... * 2 .text C:\Windows\system32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe[6120] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007708eee0 3 bytes [48, 33, C0] .text C:\Windows\system32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe[6120] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 4 000000007708eee4 2 bytes [20, A2] .text ... * 2 .text C:\Windows\system32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe[6120] C:\Windows\SYSTEM32\ntdll.dll!NtSetSecurityObject 000000007708f070 3 bytes [48, 33, C0] .text C:\Windows\system32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe[6120] C:\Windows\SYSTEM32\ntdll.dll!NtSetSecurityObject + 4 000000007708f074 2 bytes [E0, 90] .text ... * 2 .text C:\Windows\system32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe[6120] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007708f0a0 3 bytes [48, 33, C0] .text C:\Windows\system32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe[6120] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 4 000000007708f0a4 2 bytes [C0, AD] .text ... * 2 .text C:\Windows\system32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe[6120] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007708f190 3 bytes [48, 33, C0] .text C:\Windows\system32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe[6120] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 4 000000007708f194 2 bytes [A0, A8] .text ... * 2 .text C:\Windows\system32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe[6120] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007708f1a0 3 bytes [48, 33, C0] .text C:\Windows\system32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe[6120] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 4 000000007708f1a4 2 bytes [00, A6] .text C:\Windows\system32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe[6120] C:\Windows\system32\USER32.dll!SwitchDesktopWithFade + 16 0000000076e25b80 3 bytes [48, 33, C0] .text C:\Windows\system32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe[6120] C:\Windows\system32\USER32.dll!SwitchDesktopWithFade + 20 0000000076e25b84 2 bytes [E0, 5C] .text ... * 2 .text C:\Windows\system32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe[6120] C:\Windows\system32\USER32.dll!SetWindowPlacement 0000000076e28130 3 bytes [48, 33, C0] .text C:\Windows\system32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe[6120] C:\Windows\system32\USER32.dll!SetWindowPlacement + 4 0000000076e28134 2 bytes [70, 72] .text ... * 2 .text C:\Windows\system32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe[6120] C:\Windows\system32\USER32.dll!SetParent 0000000076e28500 3 bytes [48, 33, C0] .text C:\Windows\system32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe[6120] C:\Windows\system32\USER32.dll!SetParent + 4 0000000076e28504 2 bytes [E0, 77] .text ... * 2 .text C:\Windows\system32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe[6120] C:\Windows\system32\USER32.dll!MoveWindow 0000000076e2aab0 3 bytes [48, 33, C0] .text C:\Windows\system32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe[6120] C:\Windows\system32\USER32.dll!MoveWindow + 4 0000000076e2aab4 2 bytes [20, 75] .text ... * 2 .text C:\Windows\system32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe[6120] C:\Windows\system32\USER32.dll!GetAsyncKeyState + 132 0000000076e2c760 3 bytes [48, 33, C0] .text C:\Windows\system32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe[6120] C:\Windows\system32\USER32.dll!GetAsyncKeyState + 136 0000000076e2c764 2 bytes [70, 60] .text ... * 2 .text C:\Windows\system32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe[6120] C:\Windows\system32\USER32.dll!DestroyWindow 0000000076e2cbc0 3 bytes [48, 33, C0] .text C:\Windows\system32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe[6120] C:\Windows\system32\USER32.dll!DestroyWindow + 4 0000000076e2cbc4 2 bytes [60, 65] .text ... * 2 .text C:\Windows\system32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe[6120] C:\Windows\system32\USER32.dll!SetThreadDesktop + 16 0000000076e2d6e0 3 bytes [48, 33, C0] .text C:\Windows\system32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe[6120] C:\Windows\system32\USER32.dll!SetThreadDesktop + 20 0000000076e2d6e4 2 bytes [10, 7E] .text ... * 2 .text C:\Windows\system32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe[6120] C:\Windows\system32\USER32.dll!PtInRect + 52 0000000076e2dd80 3 bytes [48, 33, C0] .text C:\Windows\system32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe[6120] C:\Windows\system32\USER32.dll!PtInRect + 56 0000000076e2dd84 2 bytes [A0, 61] .text ... * 2 .text C:\Windows\system32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe[6120] C:\Windows\system32\USER32.dll!LookupIconIdFromDirectoryEx + 288 0000000076e2f850 3 bytes [48, 33, C0] .text C:\Windows\system32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe[6120] C:\Windows\system32\USER32.dll!LookupIconIdFromDirectoryEx + 292 0000000076e2f854 2 bytes [A0, 6A] .text ... * 2 .text C:\Windows\system32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe[6120] C:\Windows\system32\USER32.dll!ShowWindow 0000000076e31910 3 bytes [48, 33, C0] .text C:\Windows\system32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe[6120] C:\Windows\system32\USER32.dll!ShowWindow + 4 0000000076e31914 2 bytes [40, 71] .text ... * 2 .text C:\Windows\system32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe[6120] C:\Windows\system32\USER32.dll!ClientToScreen + 100 0000000076e332f0 3 bytes [48, 33, C0] .text C:\Windows\system32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe[6120] C:\Windows\system32\USER32.dll!ClientToScreen + 104 0000000076e332f4 2 bytes [90, 76] .text ... * 2 .text C:\Windows\system32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe[6120] C:\Windows\system32\USER32.dll!SetWindowPos 0000000076e33c30 3 bytes [48, 33, C0] .text C:\Windows\system32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe[6120] C:\Windows\system32\USER32.dll!SetWindowPos + 4 0000000076e33c34 2 bytes [A0, 73] .text ... * 2 .text C:\Windows\system32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe[6120] C:\Windows\system32\USER32.dll!SetWinEventHook + 212 0000000076e34e10 3 bytes [48, 33, C0] .text C:\Windows\system32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe[6120] C:\Windows\system32\USER32.dll!SetWinEventHook + 216 0000000076e34e14 2 bytes [10, 6C] .text ... * 2 .text C:\Windows\system32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe[6120] C:\Windows\system32\USER32.dll!GetForegroundWindow 0000000076e35ab0 3 bytes [48, 33, C0] .text C:\Windows\system32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe[6120] C:\Windows\system32\USER32.dll!GetForegroundWindow + 4 0000000076e35ab4 2 bytes [40, 7A] .text ... * 2 .text C:\Windows\system32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe[6120] C:\Windows\system32\USER32.dll!IsDialogMessageW + 400 0000000076e36860 3 bytes [48, 33, C0] .text C:\Windows\system32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe[6120] C:\Windows\system32\USER32.dll!IsDialogMessageW + 404 0000000076e36864 2 bytes [90, 66] .text ... * 2 .text C:\Windows\system32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe[6120] C:\Windows\system32\USER32.dll!SetWindowLongPtrW + 20 0000000076e37710 3 bytes [48, 33, C0] .text C:\Windows\system32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe[6120] C:\Windows\system32\USER32.dll!SetWindowLongPtrW + 24 0000000076e37714 2 bytes [10, 68] .text ... * 2 .text C:\Windows\system32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe[6120] C:\Windows\system32\USER32.dll!SetScrollInfo + 368 0000000076e37ef0 3 bytes [48, 33, C0] .text C:\Windows\system32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe[6120] C:\Windows\system32\USER32.dll!SetScrollInfo + 372 0000000076e37ef4 2 bytes [60, 7B] .text ... * 2 .text C:\Windows\system32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe[6120] C:\Windows\system32\USER32.dll!PeekMessageW + 176 0000000076e390c0 3 bytes [48, 33, C0] .text C:\Windows\system32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe[6120] C:\Windows\system32\USER32.dll!PeekMessageW + 180 0000000076e390c4 2 bytes [C0, 51] .text ... * 2 .text C:\Windows\system32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe[6120] C:\Windows\system32\USER32.dll!SfmDxSetSwapChainStats + 16 0000000076e39e90 3 bytes [48, 33, C0] .text C:\Windows\system32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe[6120] C:\Windows\system32\USER32.dll!SfmDxSetSwapChainStats + 20 0000000076e39e94 2 bytes [20, 53] .text ... * 2 .text C:\Windows\system32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe[6120] C:\Windows\system32\USER32.dll!GetKeyboardState 0000000076e48a10 3 bytes [48, 33, C0] .text C:\Windows\system32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe[6120] C:\Windows\system32\USER32.dll!GetKeyboardState + 4 0000000076e48a14 2 bytes [40, 5F] .text ... * 2 .text C:\Windows\system32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe[6120] C:\Windows\system32\USER32.dll!WindowFromPoint 0000000076e48bc0 3 bytes [48, 33, C0] .text C:\Windows\system32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe[6120] C:\Windows\system32\USER32.dll!WindowFromPoint + 4 0000000076e48bc4 2 bytes [10, 79] .text ... * 2 .text C:\Windows\system32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe[6120] C:\Windows\system32\USER32.dll!SendInput 0000000076e48cd0 3 bytes [48, 33, C0] .text C:\Windows\system32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe[6120] C:\Windows\system32\USER32.dll!SendInput + 4 0000000076e48cd4 2 bytes [D0, 6E] .text ... * 2 .text C:\Windows\system32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe[6120] C:\Windows\system32\USER32.dll!IsHungAppWindow + 52 0000000076e48f20 3 bytes [48, 33, C0] .text C:\Windows\system32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe[6120] C:\Windows\system32\USER32.dll!IsHungAppWindow + 56 0000000076e48f24 2 bytes [10, 50] .text ... * 11 .text C:\Windows\system32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe[6120] C:\Windows\system32\USER32.dll!ExcludeUpdateRgn + 336 0000000076e49210 3 bytes [48, 33, C0] .text C:\Windows\system32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe[6120] C:\Windows\system32\USER32.dll!ExcludeUpdateRgn + 340 0000000076e49214 2 bytes [10, 42] .text ... * 5 .text C:\Windows\system32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe[6120] C:\Windows\system32\USER32.dll!ShowWindowAsync 0000000076e496e0 3 bytes [48, 33, C0] .text C:\Windows\system32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe[6120] C:\Windows\system32\USER32.dll!ShowWindowAsync + 4 0000000076e496e4 2 bytes [10, 70] .text ... * 2 .text C:\Windows\system32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe[6120] C:\Windows\system32\USER32.dll!BlockInput 0000000076e4ad50 3 bytes [48, 33, C0] .text C:\Windows\system32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe[6120] C:\Windows\system32\USER32.dll!BlockInput + 4 0000000076e4ad54 2 bytes [70, 5A] .text ... * 2 .text C:\Windows\system32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe[6120] C:\Windows\system32\USER32.dll!ClipCursor 0000000076e4ada0 3 bytes [48, 33, C0] .text C:\Windows\system32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe[6120] C:\Windows\system32\USER32.dll!ClipCursor + 4 0000000076e4ada4 2 bytes [A0, 6D] .text ... * 2 .text C:\Windows\system32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe[6120] C:\Windows\system32\USER32.dll!GetGuiResources + 32 0000000076e4af40 3 bytes [48, 33, C0] .text C:\Windows\system32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe[6120] C:\Windows\system32\USER32.dll!GetGuiResources + 36 0000000076e4af44 2 bytes [30, 64] .text ... * 2 .text C:\Windows\system32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe[6120] C:\Windows\system32\USER32.dll!GetRawInputData 0000000076e4aff0 3 bytes [48, 33, C0] .text C:\Windows\system32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe[6120] C:\Windows\system32\USER32.dll!GetRawInputData + 4 0000000076e4aff4 2 bytes [D0, 62] .text ... * 2 .text C:\Windows\system32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe[6120] C:\Windows\system32\USER32.dll!PrintWindow 0000000076e4b170 3 bytes [48, 33, C0] .text C:\Windows\system32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe[6120] C:\Windows\system32\USER32.dll!PrintWindow + 4 0000000076e4b174 2 bytes [60, 69] .text C:\Windows\system32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe[6120] C:\Windows\system32\GDI32.dll!BitBlt + 240 000007feff2e25b0 3 bytes [48, 33, C0] .text C:\Windows\system32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe[6120] C:\Windows\system32\GDI32.dll!BitBlt + 244 000007feff2e25b4 2 bytes [10, 50] .text ... * 2 .text C:\Windows\system32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe[6120] C:\Windows\system32\GDI32.dll!GdiAlphaBlend + 256 000007feff2e3f10 3 bytes [48, 33, C0] .text C:\Windows\system32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe[6120] C:\Windows\system32\GDI32.dll!GdiAlphaBlend + 260 000007feff2e3f14 2 bytes [10, 42] .text ... * 2 .text C:\Windows\system32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe[6120] C:\Windows\system32\GDI32.dll!StretchBlt + 248 000007feff2ebae0 3 bytes [48, 33, C0] .text C:\Windows\system32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe[6120] C:\Windows\system32\GDI32.dll!StretchBlt + 252 000007feff2ebae4 2 bytes [70, 48] .text ... * 2 .text C:\Windows\system32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe[6120] C:\Windows\system32\GDI32.dll!PlgBlt + 256 000007feff2ec9f0 3 bytes [48, 33, C0] .text C:\Windows\system32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe[6120] C:\Windows\system32\GDI32.dll!PlgBlt + 260 000007feff2ec9f4 2 bytes [80, 45] .text ... * 2 .text C:\Windows\system32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe[6120] C:\Windows\system32\GDI32.dll!GdiTransparentBlt + 288 000007feff2f55a0 3 bytes [48, 33, C0] .text C:\Windows\system32\Macromed\Flash\FlashUtil64_23_0_0_162_ActiveX.exe[6120] C:\Windows\system32\GDI32.dll!GdiTransparentBlt + 292 000007feff2f55a4 2 bytes [D0, 43] .text C:\Windows\system32\taskhost.exe[5672] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll + 154 0000000077066e5a 4 bytes {CALL 0xffffffff88fe91a7} .text C:\Windows\system32\taskhost.exe[5672] C:\Windows\SYSTEM32\ntdll.dll!NtDeviceIoControlFile 000000007708da20 3 bytes [48, 33, C0] .text C:\Windows\system32\taskhost.exe[5672] C:\Windows\SYSTEM32\ntdll.dll!NtDeviceIoControlFile + 4 000000007708da24 2 bytes [90, B0] .text ... * 2 .text C:\Windows\system32\taskhost.exe[5672] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000000007708db30 3 bytes [48, 33, C0] .text C:\Windows\system32\taskhost.exe[5672] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory + 4 000000007708db34 2 bytes [10, 8E] .text ... * 2 .text C:\Windows\system32\taskhost.exe[5672] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000000007708db90 3 bytes [48, 33, C0] .text C:\Windows\system32\taskhost.exe[5672] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory + 4 000000007708db94 2 bytes [A0, 83] .text ... * 2 .text C:\Windows\system32\taskhost.exe[5672] C:\Windows\SYSTEM32\ntdll.dll!NtRequestWaitReplyPort 000000007708dbd0 3 bytes [48, 33, C0] .text C:\Windows\system32\taskhost.exe[5672] C:\Windows\SYSTEM32\ntdll.dll!NtRequestWaitReplyPort + 4 000000007708dbd4 2 bytes [70, B6] .text ... * 2 .text C:\Windows\system32\taskhost.exe[5672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007708dc10 3 bytes [48, 33, C0] .text C:\Windows\system32\taskhost.exe[5672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 4 000000007708dc14 2 bytes [B0, B7] .text ... * 2 .text C:\Windows\system32\taskhost.exe[5672] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 000000007708dc20 3 bytes [48, 33, C0] .text C:\Windows\system32\taskhost.exe[5672] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 4 000000007708dc24 2 bytes [10, BC] .text ... * 2 .text C:\Windows\system32\taskhost.exe[5672] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007708dc30 3 bytes [48, 33, C0] .text C:\Windows\system32\taskhost.exe[5672] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 4 000000007708dc34 2 bytes [00, 82] .text ... * 2 .text C:\Windows\system32\taskhost.exe[5672] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007708dc50 3 bytes [48, 33, C0] .text C:\Windows\system32\taskhost.exe[5672] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 4 000000007708dc54 2 bytes [60, 96] .text ... * 2 .text C:\Windows\system32\taskhost.exe[5672] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007708dc70 3 bytes [48, 33, C0] .text C:\Windows\system32\taskhost.exe[5672] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 4 000000007708dc74 2 bytes [70, BD] .text ... * 2 .text C:\Windows\system32\taskhost.exe[5672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007708dd20 3 bytes [48, 33, C0] .text C:\Windows\system32\taskhost.exe[5672] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 4 000000007708dd24 2 bytes [50, AB] .text ... * 2 .text C:\Windows\system32\taskhost.exe[5672] C:\Windows\SYSTEM32\ntdll.dll!NtFsControlFile 000000007708dd40 3 bytes [48, 33, C0] .text C:\Windows\system32\taskhost.exe[5672] C:\Windows\SYSTEM32\ntdll.dll!NtFsControlFile + 4 000000007708dd44 2 bytes [E0, 87] .text ... * 2 .text C:\Windows\system32\taskhost.exe[5672] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007708dd50 3 bytes [48, 33, C0] .text C:\Windows\system32\taskhost.exe[5672] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 4 000000007708dd54 2 bytes [B0, BA] .text ... * 2 .text C:\Windows\system32\taskhost.exe[5672] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007708dd70 3 bytes [48, 33, C0] .text C:\Windows\system32\taskhost.exe[5672] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 4 000000007708dd74 2 bytes [60, B3] .text ... * 2 .text C:\Windows\system32\taskhost.exe[5672] C:\Windows\SYSTEM32\ntdll.dll!NtReadVirtualMemory 000000007708dda0 3 bytes [48, 33, C0] .text C:\Windows\system32\taskhost.exe[5672] C:\Windows\SYSTEM32\ntdll.dll!NtReadVirtualMemory + 4 000000007708dda4 2 bytes [80, 8F] .text ... * 2 .text C:\Windows\system32\taskhost.exe[5672] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007708de00 3 bytes [48, 33, C0] .text C:\Windows\system32\taskhost.exe[5672] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 4 000000007708de04 2 bytes [20, 92] .text ... * 2 .text C:\Windows\system32\taskhost.exe[5672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007708de50 3 bytes [48, 33, C0] .text C:\Windows\system32\taskhost.exe[5672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 4 000000007708de54 2 bytes [D0, A9] .text ... * 2 .text C:\Windows\system32\taskhost.exe[5672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 000000007708de80 3 bytes [48, 33, C0] .text C:\Windows\system32\taskhost.exe[5672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 4 000000007708de84 2 bytes [80, A0] .text ... * 2 .text C:\Windows\system32\taskhost.exe[5672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007708de90 3 bytes [48, 33, C0] .text C:\Windows\system32\taskhost.exe[5672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 4 000000007708de94 2 bytes [A0, 9A] .text ... * 2 .text C:\Windows\system32\taskhost.exe[5672] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000000007708deb0 3 bytes [48, 33, C0] .text C:\Windows\system32\taskhost.exe[5672] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory + 4 000000007708deb4 2 bytes [A0, A4] .text ... * 2 .text C:\Windows\system32\taskhost.exe[5672] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000000007708dee0 3 bytes [48, 33, C0] .text C:\Windows\system32\taskhost.exe[5672] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread + 4 000000007708dee4 2 bytes [70, A7] .text ... * 2 .text C:\Windows\system32\taskhost.exe[5672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007708df00 3 bytes [48, 33, C0] .text C:\Windows\system32\taskhost.exe[5672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 4 000000007708df04 2 bytes [00, B9] .text ... * 2 .text C:\Windows\system32\taskhost.exe[5672] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 000000007708e0f0 3 bytes [48, 33, C0] .text C:\Windows\system32\taskhost.exe[5672] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort + 4 000000007708e0f4 2 bytes [30, 86] .text ... * 2 .text C:\Windows\system32\taskhost.exe[5672] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 000000007708e100 3 bytes [48, 33, C0] .text C:\Windows\system32\taskhost.exe[5672] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort + 4 000000007708e104 2 bytes [F0, 84] .text ... * 2 .text C:\Windows\system32\taskhost.exe[5672] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000000007708e200 3 bytes [48, 33, C0] .text C:\Windows\system32\taskhost.exe[5672] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort + 4 000000007708e204 2 bytes [00, AF] .text ... * 2 .text C:\Windows\system32\taskhost.exe[5672] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000000007708e230 3 bytes [48, 33, C0] .text C:\Windows\system32\taskhost.exe[5672] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject + 4 000000007708e234 2 bytes [30, 95] .text ... * 2 .text C:\Windows\system32\taskhost.exe[5672] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 000000007708e2d0 3 bytes [48, 33, C0] .text C:\Windows\system32\taskhost.exe[5672] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort + 4 000000007708e2d4 2 bytes [80, 8C] .text ... * 2 .text C:\Windows\system32\taskhost.exe[5672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007708e380 3 bytes [48, 33, C0] .text C:\Windows\system32\taskhost.exe[5672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 4 000000007708e384 2 bytes [70, 7F] .text ... * 2 .text C:\Windows\system32\taskhost.exe[5672] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 000000007708e3b0 3 bytes [48, 33, C0] .text C:\Windows\system32\taskhost.exe[5672] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort + 4 000000007708e3b4 2 bytes [20, 8B] .text ... * 2 .text C:\Windows\system32\taskhost.exe[5672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 000000007708e3d0 3 bytes [48, 33, C0] .text C:\Windows\system32\taskhost.exe[5672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 4 000000007708e3d4 2 bytes [F0, 9E] .text ... * 2 .text C:\Windows\system32\taskhost.exe[5672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 000000007708e420 3 bytes [48, 33, C0] .text C:\Windows\system32\taskhost.exe[5672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject + 4 000000007708e424 2 bytes [50, A3] .text ... * 2 .text C:\Windows\system32\taskhost.exe[5672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007708e430 3 bytes [48, 33, C0] .text C:\Windows\system32\taskhost.exe[5672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 4 000000007708e434 2 bytes [F0, 98] .text ... * 2 .text C:\Windows\system32\taskhost.exe[5672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess 000000007708e480 3 bytes [48, 33, C0] .text C:\Windows\system32\taskhost.exe[5672] C:\Windows\SYSTEM32\ntdll.dll!NtCreateUserProcess + 4 000000007708e484 2 bytes [80, 93] .text ... * 2 .text C:\Windows\system32\taskhost.exe[5672] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile 000000007708e500 3 bytes [48, 33, C0] .text C:\Windows\system32\taskhost.exe[5672] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteFile + 4 000000007708e504 2 bytes [90, AC] .text ... * 2 .text C:\Windows\system32\taskhost.exe[5672] C:\Windows\SYSTEM32\ntdll.dll!NtGetNextProcess 000000007708e6c0 3 bytes [48, 33, C0] .text C:\Windows\system32\taskhost.exe[5672] C:\Windows\SYSTEM32\ntdll.dll!NtGetNextProcess + 4 000000007708e6c4 2 bytes [90, 97] .text ... * 2 .text C:\Windows\system32\taskhost.exe[5672] C:\Windows\SYSTEM32\ntdll.dll!NtGetNextThread 000000007708e6d0 3 bytes [48, 33, C0] .text C:\Windows\system32\taskhost.exe[5672] C:\Windows\SYSTEM32\ntdll.dll!NtGetNextThread + 4 000000007708e6d4 2 bytes [30, 9C] .text ... * 2 .text C:\Windows\system32\taskhost.exe[5672] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007708e7a0 3 bytes [48, 33, C0] .text C:\Windows\system32\taskhost.exe[5672] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 4 000000007708e7a4 2 bytes [30, B2] .text ... * 2 .text C:\Windows\system32\taskhost.exe[5672] C:\Windows\SYSTEM32\ntdll.dll!NtSecureConnectPort 000000007708eea0 3 bytes [48, 33, C0] .text C:\Windows\system32\taskhost.exe[5672] C:\Windows\SYSTEM32\ntdll.dll!NtSecureConnectPort + 4 000000007708eea4 2 bytes [80, 89] .text ... * 2 .text C:\Windows\system32\taskhost.exe[5672] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007708eee0 3 bytes [48, 33, C0] .text C:\Windows\system32\taskhost.exe[5672] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 4 000000007708eee4 2 bytes [20, A2] .text ... * 2 .text C:\Windows\system32\taskhost.exe[5672] C:\Windows\SYSTEM32\ntdll.dll!NtSetSecurityObject 000000007708f070 3 bytes [48, 33, C0] .text C:\Windows\system32\taskhost.exe[5672] C:\Windows\SYSTEM32\ntdll.dll!NtSetSecurityObject + 4 000000007708f074 2 bytes [E0, 90] .text ... * 2 .text C:\Windows\system32\taskhost.exe[5672] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007708f0a0 3 bytes [48, 33, C0] .text C:\Windows\system32\taskhost.exe[5672] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 4 000000007708f0a4 2 bytes [C0, AD] .text ... * 2 .text C:\Windows\system32\taskhost.exe[5672] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007708f190 3 bytes [48, 33, C0] .text C:\Windows\system32\taskhost.exe[5672] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 4 000000007708f194 2 bytes [A0, A8] .text ... * 2 .text C:\Windows\system32\taskhost.exe[5672] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007708f1a0 3 bytes [48, 33, C0] .text C:\Windows\system32\taskhost.exe[5672] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 4 000000007708f1a4 2 bytes [00, A6] .text C:\Windows\system32\taskhost.exe[5672] C:\Windows\system32\GDI32.dll!BitBlt + 240 000007feff2e25b0 3 bytes [48, 33, C0] .text C:\Windows\system32\taskhost.exe[5672] C:\Windows\system32\GDI32.dll!BitBlt + 244 000007feff2e25b4 2 bytes [10, 50] .text ... * 2 .text C:\Windows\system32\taskhost.exe[5672] C:\Windows\system32\GDI32.dll!GdiAlphaBlend + 256 000007feff2e3f10 3 bytes [48, 33, C0] .text C:\Windows\system32\taskhost.exe[5672] C:\Windows\system32\GDI32.dll!GdiAlphaBlend + 260 000007feff2e3f14 2 bytes [10, 42] .text ... * 2 .text C:\Windows\system32\taskhost.exe[5672] C:\Windows\system32\GDI32.dll!StretchBlt + 248 000007feff2ebae0 3 bytes [48, 33, C0] .text C:\Windows\system32\taskhost.exe[5672] C:\Windows\system32\GDI32.dll!StretchBlt + 252 000007feff2ebae4 2 bytes [70, 48] .text ... * 2 .text C:\Windows\system32\taskhost.exe[5672] C:\Windows\system32\GDI32.dll!PlgBlt + 256 000007feff2ec9f0 3 bytes [48, 33, C0] .text C:\Windows\system32\taskhost.exe[5672] C:\Windows\system32\GDI32.dll!PlgBlt + 260 000007feff2ec9f4 2 bytes [80, 45] .text ... * 2 .text C:\Windows\system32\taskhost.exe[5672] C:\Windows\system32\GDI32.dll!GdiTransparentBlt + 288 000007feff2f55a0 3 bytes [48, 33, C0] .text C:\Windows\system32\taskhost.exe[5672] C:\Windows\system32\GDI32.dll!GdiTransparentBlt + 292 000007feff2f55a4 2 bytes [D0, 43] .text C:\Windows\system32\taskhost.exe[5672] C:\Windows\system32\USER32.dll!SwitchDesktopWithFade + 16 0000000076e25b80 3 bytes [48, 33, C0] .text C:\Windows\system32\taskhost.exe[5672] C:\Windows\system32\USER32.dll!SwitchDesktopWithFade + 20 0000000076e25b84 2 bytes [E0, 5C] .text ... * 2 .text C:\Windows\system32\taskhost.exe[5672] C:\Windows\system32\USER32.dll!SetWindowPlacement 0000000076e28130 3 bytes [48, 33, C0] .text C:\Windows\system32\taskhost.exe[5672] C:\Windows\system32\USER32.dll!SetWindowPlacement + 4 0000000076e28134 2 bytes [70, 72] .text ... * 2 .text C:\Windows\system32\taskhost.exe[5672] C:\Windows\system32\USER32.dll!SetParent 0000000076e28500 3 bytes [48, 33, C0] .text C:\Windows\system32\taskhost.exe[5672] C:\Windows\system32\USER32.dll!SetParent + 4 0000000076e28504 2 bytes [E0, 77] .text ... * 2 .text C:\Windows\system32\taskhost.exe[5672] C:\Windows\system32\USER32.dll!MoveWindow 0000000076e2aab0 3 bytes [48, 33, C0] .text C:\Windows\system32\taskhost.exe[5672] C:\Windows\system32\USER32.dll!MoveWindow + 4 0000000076e2aab4 2 bytes [20, 75] .text ... * 2 .text C:\Windows\system32\taskhost.exe[5672] C:\Windows\system32\USER32.dll!GetAsyncKeyState + 132 0000000076e2c760 3 bytes [48, 33, C0] .text C:\Windows\system32\taskhost.exe[5672] C:\Windows\system32\USER32.dll!GetAsyncKeyState + 136 0000000076e2c764 2 bytes [70, 60] .text ... * 2 .text C:\Windows\system32\taskhost.exe[5672] C:\Windows\system32\USER32.dll!DestroyWindow 0000000076e2cbc0 3 bytes [48, 33, C0] .text C:\Windows\system32\taskhost.exe[5672] C:\Windows\system32\USER32.dll!DestroyWindow + 4 0000000076e2cbc4 2 bytes [60, 65] .text ... * 2 .text C:\Windows\system32\taskhost.exe[5672] C:\Windows\system32\USER32.dll!SetThreadDesktop + 16 0000000076e2d6e0 3 bytes [48, 33, C0] .text C:\Windows\system32\taskhost.exe[5672] C:\Windows\system32\USER32.dll!SetThreadDesktop + 20 0000000076e2d6e4 2 bytes [10, 7E] .text ... * 2 .text C:\Windows\system32\taskhost.exe[5672] C:\Windows\system32\USER32.dll!PtInRect + 52 0000000076e2dd80 3 bytes [48, 33, C0] .text C:\Windows\system32\taskhost.exe[5672] C:\Windows\system32\USER32.dll!PtInRect + 56 0000000076e2dd84 2 bytes [A0, 61] .text ... * 2 .text C:\Windows\system32\taskhost.exe[5672] C:\Windows\system32\USER32.dll!LookupIconIdFromDirectoryEx + 288 0000000076e2f850 3 bytes [48, 33, C0] .text C:\Windows\system32\taskhost.exe[5672] C:\Windows\system32\USER32.dll!LookupIconIdFromDirectoryEx + 292 0000000076e2f854 2 bytes [A0, 6A] .text ... * 2 .text C:\Windows\system32\taskhost.exe[5672] C:\Windows\system32\USER32.dll!ShowWindow 0000000076e31910 3 bytes [48, 33, C0] .text C:\Windows\system32\taskhost.exe[5672] C:\Windows\system32\USER32.dll!ShowWindow + 4 0000000076e31914 2 bytes [40, 71] .text ... * 2 .text C:\Windows\system32\taskhost.exe[5672] C:\Windows\system32\USER32.dll!ClientToScreen + 100 0000000076e332f0 3 bytes [48, 33, C0] .text C:\Windows\system32\taskhost.exe[5672] C:\Windows\system32\USER32.dll!ClientToScreen + 104 0000000076e332f4 2 bytes [90, 76] .text ... * 2 .text C:\Windows\system32\taskhost.exe[5672] C:\Windows\system32\USER32.dll!SetWindowPos 0000000076e33c30 3 bytes [48, 33, C0] .text C:\Windows\system32\taskhost.exe[5672] C:\Windows\system32\USER32.dll!SetWindowPos + 4 0000000076e33c34 2 bytes [A0, 73] .text ... * 2 .text C:\Windows\system32\taskhost.exe[5672] C:\Windows\system32\USER32.dll!SetWinEventHook + 212 0000000076e34e10 3 bytes [48, 33, C0] .text C:\Windows\system32\taskhost.exe[5672] C:\Windows\system32\USER32.dll!SetWinEventHook + 216 0000000076e34e14 2 bytes [10, 6C] .text ... * 2 .text C:\Windows\system32\taskhost.exe[5672] C:\Windows\system32\USER32.dll!GetForegroundWindow 0000000076e35ab0 3 bytes [48, 33, C0] .text C:\Windows\system32\taskhost.exe[5672] C:\Windows\system32\USER32.dll!GetForegroundWindow + 4 0000000076e35ab4 2 bytes [40, 7A] .text ... * 2 .text C:\Windows\system32\taskhost.exe[5672] C:\Windows\system32\USER32.dll!IsDialogMessageW + 400 0000000076e36860 3 bytes [48, 33, C0] .text C:\Windows\system32\taskhost.exe[5672] C:\Windows\system32\USER32.dll!IsDialogMessageW + 404 0000000076e36864 2 bytes [90, 66] .text ... * 2 .text C:\Windows\system32\taskhost.exe[5672] C:\Windows\system32\USER32.dll!SetWindowLongPtrW + 20 0000000076e37710 3 bytes [48, 33, C0] .text C:\Windows\system32\taskhost.exe[5672] C:\Windows\system32\USER32.dll!SetWindowLongPtrW + 24 0000000076e37714 2 bytes [10, 68] .text ... * 2 .text C:\Windows\system32\taskhost.exe[5672] C:\Windows\system32\USER32.dll!SetScrollInfo + 368 0000000076e37ef0 3 bytes [48, 33, C0] .text C:\Windows\system32\taskhost.exe[5672] C:\Windows\system32\USER32.dll!SetScrollInfo + 372 0000000076e37ef4 2 bytes [60, 7B] .text ... * 2 .text C:\Windows\system32\taskhost.exe[5672] C:\Windows\system32\USER32.dll!PeekMessageW + 176 0000000076e390c0 3 bytes [48, 33, C0] .text C:\Windows\system32\taskhost.exe[5672] C:\Windows\system32\USER32.dll!PeekMessageW + 180 0000000076e390c4 2 bytes [C0, 51] .text ... * 2 .text C:\Windows\system32\taskhost.exe[5672] C:\Windows\system32\USER32.dll!SfmDxSetSwapChainStats + 16 0000000076e39e90 3 bytes [48, 33, C0] .text C:\Windows\system32\taskhost.exe[5672] C:\Windows\system32\USER32.dll!SfmDxSetSwapChainStats + 20 0000000076e39e94 2 bytes [20, 53] .text ... * 2 .text C:\Windows\system32\taskhost.exe[5672] C:\Windows\system32\USER32.dll!GetKeyboardState 0000000076e48a10 3 bytes [48, 33, C0] .text C:\Windows\system32\taskhost.exe[5672] C:\Windows\system32\USER32.dll!GetKeyboardState + 4 0000000076e48a14 2 bytes [40, 5F] .text ... * 2 .text C:\Windows\system32\taskhost.exe[5672] C:\Windows\system32\USER32.dll!WindowFromPoint 0000000076e48bc0 3 bytes [48, 33, C0] .text C:\Windows\system32\taskhost.exe[5672] C:\Windows\system32\USER32.dll!WindowFromPoint + 4 0000000076e48bc4 2 bytes [10, 79] .text ... * 2 .text C:\Windows\system32\taskhost.exe[5672] C:\Windows\system32\USER32.dll!SendInput 0000000076e48cd0 3 bytes [48, 33, C0] .text C:\Windows\system32\taskhost.exe[5672] C:\Windows\system32\USER32.dll!SendInput + 4 0000000076e48cd4 2 bytes [D0, 6E] .text ... * 2 .text C:\Windows\system32\taskhost.exe[5672] C:\Windows\system32\USER32.dll!IsHungAppWindow + 52 0000000076e48f20 3 bytes [48, 33, C0] .text C:\Windows\system32\taskhost.exe[5672] C:\Windows\system32\USER32.dll!IsHungAppWindow + 56 0000000076e48f24 2 bytes [10, 50] .text ... * 11 .text C:\Windows\system32\taskhost.exe[5672] C:\Windows\system32\USER32.dll!ExcludeUpdateRgn + 336 0000000076e49210 3 bytes [48, 33, C0] .text C:\Windows\system32\taskhost.exe[5672] C:\Windows\system32\USER32.dll!ExcludeUpdateRgn + 340 0000000076e49214 2 bytes [10, 42] .text ... * 5 .text C:\Windows\system32\taskhost.exe[5672] C:\Windows\system32\USER32.dll!ShowWindowAsync 0000000076e496e0 3 bytes [48, 33, C0] .text C:\Windows\system32\taskhost.exe[5672] C:\Windows\system32\USER32.dll!ShowWindowAsync + 4 0000000076e496e4 2 bytes [10, 70] .text ... * 2 .text C:\Windows\system32\taskhost.exe[5672] C:\Windows\system32\USER32.dll!BlockInput 0000000076e4ad50 3 bytes [48, 33, C0] .text C:\Windows\system32\taskhost.exe[5672] C:\Windows\system32\USER32.dll!BlockInput + 4 0000000076e4ad54 2 bytes [70, 5A] .text ... * 2 .text C:\Windows\system32\taskhost.exe[5672] C:\Windows\system32\USER32.dll!ClipCursor 0000000076e4ada0 3 bytes [48, 33, C0] .text C:\Windows\system32\taskhost.exe[5672] C:\Windows\system32\USER32.dll!ClipCursor + 4 0000000076e4ada4 2 bytes [A0, 6D] .text ... * 2 .text C:\Windows\system32\taskhost.exe[5672] C:\Windows\system32\USER32.dll!GetGuiResources + 32 0000000076e4af40 3 bytes [48, 33, C0] .text C:\Windows\system32\taskhost.exe[5672] C:\Windows\system32\USER32.dll!GetGuiResources + 36 0000000076e4af44 2 bytes [30, 64] .text ... * 2 .text C:\Windows\system32\taskhost.exe[5672] C:\Windows\system32\USER32.dll!GetRawInputData 0000000076e4aff0 3 bytes [48, 33, C0] .text C:\Windows\system32\taskhost.exe[5672] C:\Windows\system32\USER32.dll!GetRawInputData + 4 0000000076e4aff4 2 bytes [D0, 62] .text ... * 2 .text C:\Windows\system32\taskhost.exe[5672] C:\Windows\system32\USER32.dll!PrintWindow 0000000076e4b170 3 bytes [48, 33, C0] .text C:\Windows\system32\taskhost.exe[5672] C:\Windows\system32\USER32.dll!PrintWindow + 4 0000000076e4b174 2 bytes [60, 69] .text C:\Windows\System32\MsSpellCheckingFacility.exe[5892] C:\Windows\system32\USER32.dll!SwitchDesktopWithFade + 16 0000000076e25b80 3 bytes [48, 33, C0] .text C:\Windows\System32\MsSpellCheckingFacility.exe[5892] C:\Windows\system32\USER32.dll!SwitchDesktopWithFade + 20 0000000076e25b84 2 bytes [E0, 5C] .text ... * 2 .text C:\Windows\System32\MsSpellCheckingFacility.exe[5892] C:\Windows\system32\USER32.dll!SetWindowPlacement 0000000076e28130 3 bytes [48, 33, C0] .text C:\Windows\System32\MsSpellCheckingFacility.exe[5892] C:\Windows\system32\USER32.dll!SetWindowPlacement + 4 0000000076e28134 2 bytes [70, 72] .text ... * 2 .text C:\Windows\System32\MsSpellCheckingFacility.exe[5892] C:\Windows\system32\USER32.dll!SetParent 0000000076e28500 3 bytes [48, 33, C0] .text C:\Windows\System32\MsSpellCheckingFacility.exe[5892] C:\Windows\system32\USER32.dll!SetParent + 4 0000000076e28504 2 bytes [E0, 77] .text ... * 2 .text C:\Windows\System32\MsSpellCheckingFacility.exe[5892] C:\Windows\system32\USER32.dll!MoveWindow 0000000076e2aab0 3 bytes [48, 33, C0] .text C:\Windows\System32\MsSpellCheckingFacility.exe[5892] C:\Windows\system32\USER32.dll!MoveWindow + 4 0000000076e2aab4 2 bytes [20, 75] .text ... * 2 .text C:\Windows\System32\MsSpellCheckingFacility.exe[5892] C:\Windows\system32\USER32.dll!GetAsyncKeyState + 132 0000000076e2c760 3 bytes [48, 33, C0] .text C:\Windows\System32\MsSpellCheckingFacility.exe[5892] C:\Windows\system32\USER32.dll!GetAsyncKeyState + 136 0000000076e2c764 2 bytes [70, 60] .text ... * 2 .text C:\Windows\System32\MsSpellCheckingFacility.exe[5892] C:\Windows\system32\USER32.dll!DestroyWindow 0000000076e2cbc0 3 bytes [48, 33, C0] .text C:\Windows\System32\MsSpellCheckingFacility.exe[5892] C:\Windows\system32\USER32.dll!DestroyWindow + 4 0000000076e2cbc4 2 bytes [60, 65] .text ... * 2 .text C:\Windows\System32\MsSpellCheckingFacility.exe[5892] C:\Windows\system32\USER32.dll!SetThreadDesktop + 16 0000000076e2d6e0 3 bytes [48, 33, C0] .text C:\Windows\System32\MsSpellCheckingFacility.exe[5892] C:\Windows\system32\USER32.dll!SetThreadDesktop + 20 0000000076e2d6e4 2 bytes [10, 7E] .text ... * 2 .text C:\Windows\System32\MsSpellCheckingFacility.exe[5892] C:\Windows\system32\USER32.dll!PtInRect + 52 0000000076e2dd80 3 bytes [48, 33, C0] .text C:\Windows\System32\MsSpellCheckingFacility.exe[5892] C:\Windows\system32\USER32.dll!PtInRect + 56 0000000076e2dd84 2 bytes [A0, 61] .text ... * 2 .text C:\Windows\System32\MsSpellCheckingFacility.exe[5892] C:\Windows\system32\USER32.dll!LookupIconIdFromDirectoryEx + 288 0000000076e2f850 3 bytes [48, 33, C0] .text C:\Windows\System32\MsSpellCheckingFacility.exe[5892] C:\Windows\system32\USER32.dll!LookupIconIdFromDirectoryEx + 292 0000000076e2f854 2 bytes [A0, 6A] .text ... * 2 .text C:\Windows\System32\MsSpellCheckingFacility.exe[5892] C:\Windows\system32\USER32.dll!ShowWindow 0000000076e31910 3 bytes [48, 33, C0] .text C:\Windows\System32\MsSpellCheckingFacility.exe[5892] C:\Windows\system32\USER32.dll!ShowWindow + 4 0000000076e31914 2 bytes [40, 71] .text ... * 2 .text C:\Windows\System32\MsSpellCheckingFacility.exe[5892] C:\Windows\system32\USER32.dll!ClientToScreen + 100 0000000076e332f0 3 bytes [48, 33, C0] .text C:\Windows\System32\MsSpellCheckingFacility.exe[5892] C:\Windows\system32\USER32.dll!ClientToScreen + 104 0000000076e332f4 2 bytes [90, 76] .text ... * 2 .text C:\Windows\System32\MsSpellCheckingFacility.exe[5892] C:\Windows\system32\USER32.dll!SetWindowPos 0000000076e33c30 3 bytes [48, 33, C0] .text C:\Windows\System32\MsSpellCheckingFacility.exe[5892] C:\Windows\system32\USER32.dll!SetWindowPos + 4 0000000076e33c34 2 bytes [A0, 73] .text ... * 2 .text C:\Windows\System32\MsSpellCheckingFacility.exe[5892] C:\Windows\system32\USER32.dll!SetWinEventHook + 212 0000000076e34e10 3 bytes [48, 33, C0] .text C:\Windows\System32\MsSpellCheckingFacility.exe[5892] C:\Windows\system32\USER32.dll!SetWinEventHook + 216 0000000076e34e14 2 bytes [10, 6C] .text ... * 2 .text C:\Windows\System32\MsSpellCheckingFacility.exe[5892] C:\Windows\system32\USER32.dll!GetForegroundWindow 0000000076e35ab0 3 bytes [48, 33, C0] .text C:\Windows\System32\MsSpellCheckingFacility.exe[5892] C:\Windows\system32\USER32.dll!GetForegroundWindow + 4 0000000076e35ab4 2 bytes [40, 7A] .text ... * 2 .text C:\Windows\System32\MsSpellCheckingFacility.exe[5892] C:\Windows\system32\USER32.dll!IsDialogMessageW + 400 0000000076e36860 3 bytes [48, 33, C0] .text C:\Windows\System32\MsSpellCheckingFacility.exe[5892] C:\Windows\system32\USER32.dll!IsDialogMessageW + 404 0000000076e36864 2 bytes [90, 66] .text ... * 2 .text C:\Windows\System32\MsSpellCheckingFacility.exe[5892] C:\Windows\system32\USER32.dll!SetWindowLongPtrW + 20 0000000076e37710 3 bytes [48, 33, C0] .text C:\Windows\System32\MsSpellCheckingFacility.exe[5892] C:\Windows\system32\USER32.dll!SetWindowLongPtrW + 24 0000000076e37714 2 bytes [10, 68] .text ... * 2 .text C:\Windows\System32\MsSpellCheckingFacility.exe[5892] C:\Windows\system32\USER32.dll!SetScrollInfo + 368 0000000076e37ef0 3 bytes [48, 33, C0] .text C:\Windows\System32\MsSpellCheckingFacility.exe[5892] C:\Windows\system32\USER32.dll!SetScrollInfo + 372 0000000076e37ef4 2 bytes [60, 7B] .text ... * 2 .text C:\Windows\System32\MsSpellCheckingFacility.exe[5892] C:\Windows\system32\USER32.dll!PeekMessageW + 176 0000000076e390c0 3 bytes [48, 33, C0] .text C:\Windows\System32\MsSpellCheckingFacility.exe[5892] C:\Windows\system32\USER32.dll!PeekMessageW + 180 0000000076e390c4 2 bytes [C0, 51] .text ... * 2 .text C:\Windows\System32\MsSpellCheckingFacility.exe[5892] C:\Windows\system32\USER32.dll!SfmDxSetSwapChainStats + 16 0000000076e39e90 3 bytes [48, 33, C0] .text C:\Windows\System32\MsSpellCheckingFacility.exe[5892] C:\Windows\system32\USER32.dll!SfmDxSetSwapChainStats + 20 0000000076e39e94 2 bytes [20, 53] .text ... * 2 .text C:\Windows\System32\MsSpellCheckingFacility.exe[5892] C:\Windows\system32\USER32.dll!GetKeyboardState 0000000076e48a10 3 bytes [48, 33, C0] .text C:\Windows\System32\MsSpellCheckingFacility.exe[5892] C:\Windows\system32\USER32.dll!GetKeyboardState + 4 0000000076e48a14 2 bytes [40, 5F] .text ... * 2 .text C:\Windows\System32\MsSpellCheckingFacility.exe[5892] C:\Windows\system32\USER32.dll!WindowFromPoint 0000000076e48bc0 3 bytes [48, 33, C0] .text C:\Windows\System32\MsSpellCheckingFacility.exe[5892] C:\Windows\system32\USER32.dll!WindowFromPoint + 4 0000000076e48bc4 2 bytes [10, 79] .text ... * 2 .text C:\Windows\System32\MsSpellCheckingFacility.exe[5892] C:\Windows\system32\USER32.dll!SendInput 0000000076e48cd0 3 bytes [48, 33, C0] .text C:\Windows\System32\MsSpellCheckingFacility.exe[5892] C:\Windows\system32\USER32.dll!SendInput + 4 0000000076e48cd4 2 bytes [D0, 6E] .text ... * 2 .text C:\Windows\System32\MsSpellCheckingFacility.exe[5892] C:\Windows\system32\USER32.dll!IsHungAppWindow + 52 0000000076e48f20 3 bytes [48, 33, C0] .text C:\Windows\System32\MsSpellCheckingFacility.exe[5892] C:\Windows\system32\USER32.dll!IsHungAppWindow + 56 0000000076e48f24 2 bytes [10, 50] .text ... * 11 .text C:\Windows\System32\MsSpellCheckingFacility.exe[5892] C:\Windows\system32\USER32.dll!ExcludeUpdateRgn + 336 0000000076e49210 3 bytes [48, 33, C0] .text C:\Windows\System32\MsSpellCheckingFacility.exe[5892] C:\Windows\system32\USER32.dll!ExcludeUpdateRgn + 340 0000000076e49214 2 bytes [10, 42] .text ... * 5 .text C:\Windows\System32\MsSpellCheckingFacility.exe[5892] C:\Windows\system32\USER32.dll!ShowWindowAsync 0000000076e496e0 3 bytes [48, 33, C0] .text C:\Windows\System32\MsSpellCheckingFacility.exe[5892] C:\Windows\system32\USER32.dll!ShowWindowAsync + 4 0000000076e496e4 2 bytes [10, 70] .text ... * 2 .text C:\Windows\System32\MsSpellCheckingFacility.exe[5892] C:\Windows\system32\USER32.dll!BlockInput 0000000076e4ad50 3 bytes [48, 33, C0] .text C:\Windows\System32\MsSpellCheckingFacility.exe[5892] C:\Windows\system32\USER32.dll!BlockInput + 4 0000000076e4ad54 2 bytes [70, 5A] .text ... * 2 .text C:\Windows\System32\MsSpellCheckingFacility.exe[5892] C:\Windows\system32\USER32.dll!ClipCursor 0000000076e4ada0 3 bytes [48, 33, C0] .text C:\Windows\System32\MsSpellCheckingFacility.exe[5892] C:\Windows\system32\USER32.dll!ClipCursor + 4 0000000076e4ada4 2 bytes [A0, 6D] .text ... * 2 .text C:\Windows\System32\MsSpellCheckingFacility.exe[5892] C:\Windows\system32\USER32.dll!GetGuiResources + 32 0000000076e4af40 3 bytes [48, 33, C0] .text C:\Windows\System32\MsSpellCheckingFacility.exe[5892] C:\Windows\system32\USER32.dll!GetGuiResources + 36 0000000076e4af44 2 bytes [30, 64] .text ... * 2 .text C:\Windows\System32\MsSpellCheckingFacility.exe[5892] C:\Windows\system32\USER32.dll!GetRawInputData 0000000076e4aff0 3 bytes [48, 33, C0] .text C:\Windows\System32\MsSpellCheckingFacility.exe[5892] C:\Windows\system32\USER32.dll!GetRawInputData + 4 0000000076e4aff4 2 bytes [D0, 62] .text ... * 2 .text C:\Windows\System32\MsSpellCheckingFacility.exe[5892] C:\Windows\system32\USER32.dll!PrintWindow 0000000076e4b170 3 bytes [48, 33, C0] .text C:\Windows\System32\MsSpellCheckingFacility.exe[5892] C:\Windows\system32\USER32.dll!PrintWindow + 4 0000000076e4b174 2 bytes [60, 69] .text C:\Windows\System32\MsSpellCheckingFacility.exe[5892] C:\Windows\system32\GDI32.dll!BitBlt + 240 000007feff2e25b0 3 bytes [48, 33, C0] .text C:\Windows\System32\MsSpellCheckingFacility.exe[5892] C:\Windows\system32\GDI32.dll!BitBlt + 244 000007feff2e25b4 2 bytes [10, 50] .text ... * 2 .text C:\Windows\System32\MsSpellCheckingFacility.exe[5892] C:\Windows\system32\GDI32.dll!GdiAlphaBlend + 256 000007feff2e3f10 3 bytes [48, 33, C0] .text C:\Windows\System32\MsSpellCheckingFacility.exe[5892] C:\Windows\system32\GDI32.dll!GdiAlphaBlend + 260 000007feff2e3f14 2 bytes [10, 42] .text ... * 2 .text C:\Windows\System32\MsSpellCheckingFacility.exe[5892] C:\Windows\system32\GDI32.dll!StretchBlt + 248 000007feff2ebae0 3 bytes [48, 33, C0] .text C:\Windows\System32\MsSpellCheckingFacility.exe[5892] C:\Windows\system32\GDI32.dll!StretchBlt + 252 000007feff2ebae4 2 bytes [70, 48] .text ... * 2 .text C:\Windows\System32\MsSpellCheckingFacility.exe[5892] C:\Windows\system32\GDI32.dll!PlgBlt + 256 000007feff2ec9f0 3 bytes [48, 33, C0] .text C:\Windows\System32\MsSpellCheckingFacility.exe[5892] C:\Windows\system32\GDI32.dll!PlgBlt + 260 000007feff2ec9f4 2 bytes [80, 45] .text ... * 2 .text C:\Windows\System32\MsSpellCheckingFacility.exe[5892] C:\Windows\system32\GDI32.dll!GdiTransparentBlt + 288 000007feff2f55a0 3 bytes [48, 33, C0] .text C:\Windows\System32\MsSpellCheckingFacility.exe[5892] C:\Windows\system32\GDI32.dll!GdiTransparentBlt + 292 000007feff2f55a4 2 bytes [D0, 43] .text C:\Windows\System32\svchost.exe[1432] C:\Windows\system32\USER32.dll!SwitchDesktopWithFade + 16 0000000076e25b80 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[1432] C:\Windows\system32\USER32.dll!SwitchDesktopWithFade + 20 0000000076e25b84 2 bytes [E0, 5C] .text ... * 2 .text C:\Windows\System32\svchost.exe[1432] C:\Windows\system32\USER32.dll!SetWindowPlacement 0000000076e28130 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[1432] C:\Windows\system32\USER32.dll!SetWindowPlacement + 4 0000000076e28134 2 bytes [70, 72] .text ... * 2 .text C:\Windows\System32\svchost.exe[1432] C:\Windows\system32\USER32.dll!SetParent 0000000076e28500 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[1432] C:\Windows\system32\USER32.dll!SetParent + 4 0000000076e28504 2 bytes [E0, 77] .text ... * 2 .text C:\Windows\System32\svchost.exe[1432] C:\Windows\system32\USER32.dll!MoveWindow 0000000076e2aab0 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[1432] C:\Windows\system32\USER32.dll!MoveWindow + 4 0000000076e2aab4 2 bytes [20, 75] .text ... * 2 .text C:\Windows\System32\svchost.exe[1432] C:\Windows\system32\USER32.dll!GetAsyncKeyState + 132 0000000076e2c760 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[1432] C:\Windows\system32\USER32.dll!GetAsyncKeyState + 136 0000000076e2c764 2 bytes [70, 60] .text ... * 2 .text C:\Windows\System32\svchost.exe[1432] C:\Windows\system32\USER32.dll!DestroyWindow 0000000076e2cbc0 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[1432] C:\Windows\system32\USER32.dll!DestroyWindow + 4 0000000076e2cbc4 2 bytes [60, 65] .text ... * 2 .text C:\Windows\System32\svchost.exe[1432] C:\Windows\system32\USER32.dll!SetThreadDesktop + 16 0000000076e2d6e0 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[1432] C:\Windows\system32\USER32.dll!SetThreadDesktop + 20 0000000076e2d6e4 2 bytes [10, 7E] .text ... * 2 .text C:\Windows\System32\svchost.exe[1432] C:\Windows\system32\USER32.dll!PtInRect + 52 0000000076e2dd80 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[1432] C:\Windows\system32\USER32.dll!PtInRect + 56 0000000076e2dd84 2 bytes [A0, 61] .text ... * 2 .text C:\Windows\System32\svchost.exe[1432] C:\Windows\system32\USER32.dll!LookupIconIdFromDirectoryEx + 288 0000000076e2f850 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[1432] C:\Windows\system32\USER32.dll!LookupIconIdFromDirectoryEx + 292 0000000076e2f854 2 bytes [A0, 6A] .text ... * 2 .text C:\Windows\System32\svchost.exe[1432] C:\Windows\system32\USER32.dll!ShowWindow 0000000076e31910 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[1432] C:\Windows\system32\USER32.dll!ShowWindow + 4 0000000076e31914 2 bytes [40, 71] .text ... * 2 .text C:\Windows\System32\svchost.exe[1432] C:\Windows\system32\USER32.dll!ClientToScreen + 100 0000000076e332f0 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[1432] C:\Windows\system32\USER32.dll!ClientToScreen + 104 0000000076e332f4 2 bytes [90, 76] .text ... * 2 .text C:\Windows\System32\svchost.exe[1432] C:\Windows\system32\USER32.dll!SetWindowPos 0000000076e33c30 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[1432] C:\Windows\system32\USER32.dll!SetWindowPos + 4 0000000076e33c34 2 bytes [A0, 73] .text ... * 2 .text C:\Windows\System32\svchost.exe[1432] C:\Windows\system32\USER32.dll!SetWinEventHook + 212 0000000076e34e10 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[1432] C:\Windows\system32\USER32.dll!SetWinEventHook + 216 0000000076e34e14 2 bytes [10, 6C] .text ... * 2 .text C:\Windows\System32\svchost.exe[1432] C:\Windows\system32\USER32.dll!GetForegroundWindow 0000000076e35ab0 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[1432] C:\Windows\system32\USER32.dll!GetForegroundWindow + 4 0000000076e35ab4 2 bytes [40, 7A] .text ... * 2 .text C:\Windows\System32\svchost.exe[1432] C:\Windows\system32\USER32.dll!IsDialogMessageW + 400 0000000076e36860 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[1432] C:\Windows\system32\USER32.dll!IsDialogMessageW + 404 0000000076e36864 2 bytes [90, 66] .text ... * 2 .text C:\Windows\System32\svchost.exe[1432] C:\Windows\system32\USER32.dll!SetWindowLongPtrW + 20 0000000076e37710 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[1432] C:\Windows\system32\USER32.dll!SetWindowLongPtrW + 24 0000000076e37714 2 bytes [10, 68] .text ... * 2 .text C:\Windows\System32\svchost.exe[1432] C:\Windows\system32\USER32.dll!SetScrollInfo + 368 0000000076e37ef0 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[1432] C:\Windows\system32\USER32.dll!SetScrollInfo + 372 0000000076e37ef4 2 bytes [60, 7B] .text ... * 2 .text C:\Windows\System32\svchost.exe[1432] C:\Windows\system32\USER32.dll!PeekMessageW + 176 0000000076e390c0 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[1432] C:\Windows\system32\USER32.dll!PeekMessageW + 180 0000000076e390c4 2 bytes [C0, 51] .text ... * 2 .text C:\Windows\System32\svchost.exe[1432] C:\Windows\system32\USER32.dll!SfmDxSetSwapChainStats + 16 0000000076e39e90 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[1432] C:\Windows\system32\USER32.dll!SfmDxSetSwapChainStats + 20 0000000076e39e94 2 bytes [20, 53] .text ... * 2 .text C:\Windows\System32\svchost.exe[1432] C:\Windows\system32\USER32.dll!GetKeyboardState 0000000076e48a10 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[1432] C:\Windows\system32\USER32.dll!GetKeyboardState + 4 0000000076e48a14 2 bytes [40, 5F] .text ... * 2 .text C:\Windows\System32\svchost.exe[1432] C:\Windows\system32\USER32.dll!WindowFromPoint 0000000076e48bc0 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[1432] C:\Windows\system32\USER32.dll!WindowFromPoint + 4 0000000076e48bc4 2 bytes [10, 79] .text ... * 2 .text C:\Windows\System32\svchost.exe[1432] C:\Windows\system32\USER32.dll!SendInput 0000000076e48cd0 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[1432] C:\Windows\system32\USER32.dll!SendInput + 4 0000000076e48cd4 2 bytes [D0, 6E] .text ... * 2 .text C:\Windows\System32\svchost.exe[1432] C:\Windows\system32\USER32.dll!IsHungAppWindow + 52 0000000076e48f20 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[1432] C:\Windows\system32\USER32.dll!IsHungAppWindow + 56 0000000076e48f24 2 bytes [10, 50] .text ... * 11 .text C:\Windows\System32\svchost.exe[1432] C:\Windows\system32\USER32.dll!ExcludeUpdateRgn + 336 0000000076e49210 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[1432] C:\Windows\system32\USER32.dll!ExcludeUpdateRgn + 340 0000000076e49214 2 bytes [10, 42] .text ... * 5 .text C:\Windows\System32\svchost.exe[1432] C:\Windows\system32\USER32.dll!ShowWindowAsync 0000000076e496e0 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[1432] C:\Windows\system32\USER32.dll!ShowWindowAsync + 4 0000000076e496e4 2 bytes [10, 70] .text ... * 2 .text C:\Windows\System32\svchost.exe[1432] C:\Windows\system32\USER32.dll!BlockInput 0000000076e4ad50 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[1432] C:\Windows\system32\USER32.dll!BlockInput + 4 0000000076e4ad54 2 bytes [70, 5A] .text ... * 2 .text C:\Windows\System32\svchost.exe[1432] C:\Windows\system32\USER32.dll!ClipCursor 0000000076e4ada0 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[1432] C:\Windows\system32\USER32.dll!ClipCursor + 4 0000000076e4ada4 2 bytes [A0, 6D] .text ... * 2 .text C:\Windows\System32\svchost.exe[1432] C:\Windows\system32\USER32.dll!GetGuiResources + 32 0000000076e4af40 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[1432] C:\Windows\system32\USER32.dll!GetGuiResources + 36 0000000076e4af44 2 bytes [30, 64] .text ... * 2 .text C:\Windows\System32\svchost.exe[1432] C:\Windows\system32\USER32.dll!GetRawInputData 0000000076e4aff0 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[1432] C:\Windows\system32\USER32.dll!GetRawInputData + 4 0000000076e4aff4 2 bytes [D0, 62] .text ... * 2 .text C:\Windows\System32\svchost.exe[1432] C:\Windows\system32\USER32.dll!PrintWindow 0000000076e4b170 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[1432] C:\Windows\system32\USER32.dll!PrintWindow + 4 0000000076e4b174 2 bytes [60, 69] .text C:\Windows\System32\svchost.exe[1432] C:\Windows\system32\GDI32.dll!BitBlt + 240 000007feff2e25b0 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[1432] C:\Windows\system32\GDI32.dll!BitBlt + 244 000007feff2e25b4 2 bytes [10, 50] .text ... * 2 .text C:\Windows\System32\svchost.exe[1432] C:\Windows\system32\GDI32.dll!GdiAlphaBlend + 256 000007feff2e3f10 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[1432] C:\Windows\system32\GDI32.dll!GdiAlphaBlend + 260 000007feff2e3f14 2 bytes [10, 42] .text ... * 2 .text C:\Windows\System32\svchost.exe[1432] C:\Windows\system32\GDI32.dll!StretchBlt + 248 000007feff2ebae0 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[1432] C:\Windows\system32\GDI32.dll!StretchBlt + 252 000007feff2ebae4 2 bytes [70, 48] .text ... * 2 .text C:\Windows\System32\svchost.exe[1432] C:\Windows\system32\GDI32.dll!PlgBlt + 256 000007feff2ec9f0 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[1432] C:\Windows\system32\GDI32.dll!PlgBlt + 260 000007feff2ec9f4 2 bytes [80, 45] .text ... * 2 .text C:\Windows\System32\svchost.exe[1432] C:\Windows\system32\GDI32.dll!GdiTransparentBlt + 288 000007feff2f55a0 3 bytes [48, 33, C0] .text C:\Windows\System32\svchost.exe[1432] C:\Windows\system32\GDI32.dll!GdiTransparentBlt + 292 000007feff2f55a4 2 bytes [D0, 43] .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6552] C:\Windows\SysWOW64\ntdll.dll!NtWriteFile + 1 000000007723f969 2 bytes [F0, 29] .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6552] C:\Windows\SysWOW64\ntdll.dll!NtWriteFile + 4 000000007723f96c 3 bytes {ADD [RCX], BL; JMP RAX} .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6552] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 0000000077240204 3 bytes JMP 71a8000a .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6552] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey + 4 0000000077240208 2 bytes JMP 71a8000a .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6552] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll + 119 000000007725f3b2 4 bytes {CALL 0xffffffffa0da3a2f} .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6552] C:\Windows\syswow64\kernel32.dll!MoveFileExW 0000000075499b05 6 bytes JMP 719f000a .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6552] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 499 0000000075222ca4 4 bytes CALL 71af0000 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6552] C:\Windows\syswow64\advapi32.DLL!RegQueryValueExW 0000000076b44615 6 bytes JMP 71ab000a .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6552] C:\Windows\syswow64\user32.DLL!CreateWindowExW 0000000074c08a39 6 bytes JMP 71a5000a .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6552] C:\Windows\syswow64\user32.DLL!RegisterClassExW 0000000074c0b18d 6 bytes JMP 719c000a .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6552] C:\Windows\syswow64\user32.DLL!PrintWindow + 1 0000000074c688f4 2 bytes [50, 26] .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6552] C:\Windows\syswow64\user32.DLL!PrintWindow + 4 0000000074c688f7 3 bytes {ADD [RCX], BL; JMP RAX} .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6552] C:\Windows\syswow64\SHELL32.dll!SHFileOperationW 00000000759e9698 6 bytes JMP 71a2000a .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6552] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074cf1401 2 bytes JMP 754ab21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6552] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074cf1419 2 bytes JMP 754ab346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6552] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074cf1431 2 bytes JMP 75528fd1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6552] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074cf144a 2 bytes CALL 7548489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6552] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074cf14dd 2 bytes JMP 755288c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6552] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074cf14f5 2 bytes JMP 75528aa0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6552] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074cf150d 2 bytes JMP 755287ba C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6552] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074cf1525 2 bytes JMP 75528b8a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6552] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074cf153d 2 bytes JMP 7549fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6552] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074cf1555 2 bytes JMP 754a68ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6552] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074cf156d 2 bytes JMP 75529089 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6552] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074cf1585 2 bytes JMP 75528bea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6552] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074cf159d 2 bytes JMP 7552877e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6552] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074cf15b5 2 bytes JMP 7549fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6552] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074cf15cd 2 bytes JMP 754ab2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6552] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074cf16b2 2 bytes JMP 75528f4c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[6552] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074cf16bd 2 bytes JMP 75528713 C:\Windows\syswow64\kernel32.dll .text C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BNYFNR0V\u1k7exq8.exe[4124] C:\Windows\SysWOW64\ntdll.dll!NtWriteFile + 1 000000007723f969 2 bytes [F0, 29] .text C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BNYFNR0V\u1k7exq8.exe[4124] C:\Windows\SysWOW64\ntdll.dll!NtWriteFile + 4 000000007723f96c 3 bytes {ADD [RCX], BL; JMP RAX} .text C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BNYFNR0V\u1k7exq8.exe[4124] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll + 119 000000007725f3b2 4 bytes {CALL 0xffffffffa0da3a2f} .text C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BNYFNR0V\u1k7exq8.exe[4124] C:\Windows\syswow64\USER32.dll!PrintWindow + 1 0000000074c688f4 2 bytes [50, 26] .text C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BNYFNR0V\u1k7exq8.exe[4124] C:\Windows\syswow64\USER32.dll!PrintWindow + 4 0000000074c688f7 3 bytes {ADD [RCX], BL; JMP RAX} ---- User IAT/EAT - GMER 2.2 ---- IAT C:\Program Files\Internet Explorer\iexplore.exe[4948] @ C:\Windows\system32\USER32.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4948] @ C:\Windows\system32\GDI32.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4948] @ C:\Windows\system32\advapi32.DLL[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4948] @ C:\Windows\system32\shell32.DLL[USER32.dll!MessageBoxW] [7fef6736840] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4948] @ C:\Windows\system32\shell32.DLL[USER32.dll!DialogBoxParamW] [7fef67362b0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4948] @ C:\Windows\system32\shell32.DLL[USER32.dll!MessageBoxIndirectW] [7fef6710750] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4948] @ C:\Windows\system32\shell32.DLL[USER32.dll!EnableWindow] [7fef66fef00] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4948] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4948] @ C:\Windows\system32\SHLWAPI.dll[USER32.dll!DialogBoxParamW] [7fef67362b0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4948] @ C:\Windows\system32\SHLWAPI.dll[USER32.dll!DialogBoxParamA] [7fef67361b0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4948] @ C:\Windows\system32\SHLWAPI.dll[USER32.dll!MessageBoxW] [7fef6736840] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4948] @ C:\Windows\system32\iertutil.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4948] @ C:\Windows\system32\version.DLL[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4948] @ C:\Windows\system32\IMM32.DLL[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4948] @ C:\Windows\system32\MSCTF.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4948] @ C:\Windows\system32\ole32.dll[USER32.dll!EnableWindow] [7fef66fef00] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4948] @ C:\Windows\system32\ole32.dll[USER32.dll!DialogBoxParamW] [7fef67362b0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4948] @ C:\Windows\system32\ole32.dll[USER32.dll!MessageBoxW] [7fef6736840] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4948] @ C:\Windows\system32\OLEAUT32.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4948] @ C:\Windows\system32\OLEAUT32.dll[USER32.dll!EnableWindow] [7fef66fef00] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4948] @ C:\Windows\system32\WININET.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4948] @ C:\Windows\system32\OLEACC.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4948] @ C:\Windows\system32\IEFRAME.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4948] @ C:\Windows\system32\IEFRAME.dll[USER32.dll!EnableWindow] [7fef66fef00] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4948] @ C:\Windows\system32\IEFRAME.dll[USER32.dll!DialogBoxParamW] [7fef67362b0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4948] @ C:\Windows\system32\IEFRAME.dll[USER32.dll!MessageBoxW] [7fef6736840] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4948] @ C:\Windows\system32\IEFRAME.dll[USER32.dll!MessageBoxIndirectW] [7fef6710750] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4948] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757\comctl32.dll[USER32.dll!EnableWindow] [7fef66fef00] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4948] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757\comctl32.dll[USER32.dll!DialogBoxIndirectParamW] [7fef67360d0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4948] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757\comctl32.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4948] @ C:\Windows\system32\urlmon.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4948] @ C:\Windows\system32\urlmon.dll[USER32.dll!EnableWindow] [7fef66fef00] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4948] @ C:\Windows\system32\urlmon.dll[USER32.dll!DialogBoxParamW] [7fef67362b0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4948] @ C:\Windows\system32\CLBCatQ.DLL[USER32.dll!DialogBoxParamW] [7fef67362b0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4948] @ C:\Windows\system32\CLBCatQ.DLL[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4948] @ C:\Windows\System32\netprofm.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4948] @ C:\Windows\system32\rsaenh.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4948] @ C:\Program Files\Internet Explorer\ieproxy.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4948] @ C:\Windows\System32\fwpuclnt.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4948] @ C:\Windows\system32\apphelp.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4948] @ C:\Windows\system32\CRYPT32.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4948] @ C:\Windows\system32\IEUI.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4948] @ C:\Windows\system32\UxTheme.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4948] @ C:\Windows\system32\windowscodecs.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4948] @ C:\Windows\system32\dwmapi.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4948] @ C:\Windows\system32\propsys.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4948] @ C:\Windows\system32\ntmarta.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4948] @ C:\Windows\system32\WLDAP32.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4948] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4948] @ C:\Windows\system32\SETUPAPI.dll[USER32.dll!DialogBoxParamW] [7fef67362b0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4948] @ C:\Windows\system32\SETUPAPI.dll[USER32.dll!EnableWindow] [7fef66fef00] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4948] @ C:\Windows\system32\SETUPAPI.dll[USER32.dll!MessageBoxW] [7fef6736840] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4948] @ C:\Windows\system32\msfeeds.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4948] @ C:\Windows\system32\elscore.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4948] @ C:\Windows\System32\NaturalLanguage6.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4948] @ C:\Windows\system32\tquery.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4948] @ C:\Windows\System32\StructuredQuery.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4948] @ C:\Windows\system32\credssp.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4948] @ C:\Windows\system32\schannel.DLL[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4948] @ C:\Windows\system32\bcrypt.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4948] @ C:\Windows\system32\WINTRUST.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4948] @ C:\Windows\system32\cryptnet.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4948] @ C:\Windows\system32\LINKINFO.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4948] @ C:\Windows\system32\ntshrui.dll[USER32.dll!DialogBoxParamW] [7fef67362b0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4948] @ C:\Windows\system32\ntshrui.dll[USER32.dll!EnableWindow] [7fef66fef00] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4948] @ C:\Windows\system32\ntshrui.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4948] @ C:\Windows\System32\NLSData0000.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4948] @ C:\Windows\system32\actxprxy.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4948] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\Comctl32.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4948] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\Comctl32.dll[USER32.dll!EnableWindow] [7fef66fef00] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[4948] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\Comctl32.dll[USER32.dll!DialogBoxIndirectParamW] [7fef67360d0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3880] @ C:\Program Files\Internet Explorer\iexplore.exe[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3880] @ C:\Windows\system32\USER32.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3880] @ C:\Windows\system32\GDI32.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3880] @ C:\Windows\system32\advapi32.DLL[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3880] @ C:\Windows\system32\shell32.DLL[USER32.dll!MessageBoxW] [7fef6736840] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3880] @ C:\Windows\system32\shell32.DLL[USER32.dll!DialogBoxParamW] [7fef67362b0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3880] @ C:\Windows\system32\shell32.DLL[USER32.dll!MessageBoxIndirectW] [7fef6710750] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3880] @ C:\Windows\system32\shell32.DLL[USER32.dll!EnableWindow] [7fef66fef00] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3880] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3880] @ C:\Windows\system32\SHLWAPI.dll[USER32.dll!DialogBoxParamW] [7fef67362b0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3880] @ C:\Windows\system32\SHLWAPI.dll[USER32.dll!DialogBoxParamA] [7fef67361b0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3880] @ C:\Windows\system32\SHLWAPI.dll[USER32.dll!MessageBoxW] [7fef6736840] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3880] @ C:\Windows\system32\iertutil.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3880] @ C:\Windows\system32\version.DLL[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3880] @ C:\Windows\system32\IMM32.DLL[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3880] @ C:\Windows\system32\MSCTF.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3880] @ C:\Windows\system32\ole32.dll[USER32.dll!EnableWindow] [7fef66fef00] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3880] @ C:\Windows\system32\ole32.dll[USER32.dll!DialogBoxParamW] [7fef67362b0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3880] @ C:\Windows\system32\ole32.dll[USER32.dll!MessageBoxW] [7fef6736840] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3880] @ C:\Windows\system32\OLEAUT32.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3880] @ C:\Windows\system32\OLEAUT32.dll[USER32.dll!EnableWindow] [7fef66fef00] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3880] @ C:\Windows\system32\WININET.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3880] @ C:\Windows\system32\OLEACC.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3880] @ C:\Windows\system32\WTSAPI32.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3880] @ C:\Windows\system32\IEFRAME.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3880] @ C:\Windows\system32\IEFRAME.dll[USER32.dll!EnableWindow] [7fef66fef00] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3880] @ C:\Windows\system32\IEFRAME.dll[USER32.dll!DialogBoxParamW] [7fef67362b0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3880] @ C:\Windows\system32\IEFRAME.dll[USER32.dll!MessageBoxW] [7fef6736840] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3880] @ C:\Windows\system32\IEFRAME.dll[USER32.dll!MessageBoxIndirectW] [7fef6710750] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3880] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757\comctl32.dll[USER32.dll!EnableWindow] [7fef66fef00] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3880] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757\comctl32.dll[USER32.dll!DialogBoxIndirectParamW] [7fef67360d0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3880] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757\comctl32.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3880] @ C:\Windows\system32\comdlg32.dll[USER32.dll!EnableWindow] [7fef66fef00] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3880] @ C:\Windows\system32\comdlg32.dll[USER32.dll!DialogBoxIndirectParamW] [7fef67360d0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3880] @ C:\Windows\system32\comdlg32.dll[USER32.dll!MessageBoxW] [7fef6736840] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3880] @ C:\Windows\system32\comdlg32.dll[COMCTL32.dll!PropertySheetW] [7fef6736f30] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3880] @ C:\Windows\system32\comdlg32.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3880] @ C:\Windows\system32\urlmon.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3880] @ C:\Windows\system32\urlmon.dll[USER32.dll!EnableWindow] [7fef66fef00] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3880] @ C:\Windows\system32\urlmon.dll[USER32.dll!DialogBoxParamW] [7fef67362b0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3880] @ C:\Windows\system32\Secur32.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3880] @ C:\Windows\system32\CLBCatQ.DLL[USER32.dll!DialogBoxParamW] [7fef67362b0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3880] @ C:\Windows\system32\CLBCatQ.DLL[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3880] @ C:\Windows\System32\netprofm.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3880] @ C:\Windows\System32\nlaapi.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3880] @ C:\Windows\system32\rsaenh.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3880] @ C:\Program Files\Internet Explorer\ieproxy.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3880] @ C:\Windows\System32\fwpuclnt.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3880] @ C:\Windows\system32\apphelp.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3880] @ C:\Windows\system32\CRYPT32.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3880] @ C:\Windows\system32\IEUI.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3880] @ C:\Windows\system32\UxTheme.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3880] @ C:\Windows\system32\windowscodecs.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3880] @ C:\Windows\system32\dwmapi.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3880] @ C:\Windows\system32\propsys.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3880] @ C:\Windows\system32\explorerframe.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3880] @ C:\Windows\system32\explorerframe.dll[USER32.dll!EnableWindow] [7fef66fef00] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3880] @ C:\Windows\system32\DUser.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3880] @ C:\Windows\system32\DUI70.dll[USER32.dll!EnableWindow] [7fef66fef00] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3880] @ C:\Windows\system32\DUI70.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3880] @ C:\Windows\system32\ntmarta.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3880] @ C:\Windows\system32\WLDAP32.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3880] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3880] @ C:\Windows\system32\SETUPAPI.dll[USER32.dll!DialogBoxParamW] [7fef67362b0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3880] @ C:\Windows\system32\SETUPAPI.dll[USER32.dll!EnableWindow] [7fef66fef00] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3880] @ C:\Windows\system32\SETUPAPI.dll[USER32.dll!MessageBoxW] [7fef6736840] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3880] @ C:\Windows\system32\CFGMGR32.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3880] @ C:\Windows\system32\msfeeds.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3880] @ C:\Windows\system32\elscore.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3880] @ C:\Windows\system32\MLANG.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3880] @ C:\Windows\system32\srvcli.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3880] @ C:\Windows\system32\wkscli.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3880] @ C:\Windows\system32\actxprxy.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3880] @ C:\Windows\System32\NaturalLanguage6.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3880] @ C:\Windows\system32\tquery.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3880] @ C:\Windows\System32\StructuredQuery.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3880] @ C:\Windows\system32\credssp.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3880] @ C:\Windows\system32\schannel.DLL[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3880] @ C:\Windows\system32\bcrypt.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3880] @ C:\Windows\system32\WINTRUST.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3880] @ C:\Windows\system32\cryptnet.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3880] @ C:\Windows\system32\LINKINFO.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3880] @ C:\Windows\system32\ntshrui.dll[USER32.dll!DialogBoxParamW] [7fef67362b0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3880] @ C:\Windows\system32\ntshrui.dll[USER32.dll!EnableWindow] [7fef66fef00] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3880] @ C:\Windows\system32\ntshrui.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3880] @ C:\Windows\System32\ieapfltr.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3880] @ C:\Program Files\Windows Defender\MpOav.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3880] @ C:\Windows\system32\MPR.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3880] @ C:\Windows\System32\shdocvw.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3880] @ C:\Windows\System32\shdocvw.dll[USER32.dll!EnableWindow] [7fef66fef00] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3880] @ C:\Windows\System32\shdocvw.dll[USER32.dll!DialogBoxParamW] [7fef67362b0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3880] @ C:\Windows\system32\EhStorShell.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3880] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\COMCTL32.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3880] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\COMCTL32.dll[USER32.dll!EnableWindow] [7fef66fef00] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3880] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\COMCTL32.dll[USER32.dll!DialogBoxIndirectParamW] [7fef67360d0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3880] @ C:\Windows\System32\cscui.dll[USER32.dll!EnableWindow] [7fef66fef00] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3880] @ C:\Windows\System32\cscui.dll[USER32.dll!DialogBoxParamW] [7fef67362b0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3880] @ C:\Windows\System32\cscui.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[3880] @ C:\Windows\System32\CSCDLL.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5512] @ C:\Program Files\Internet Explorer\iexplore.exe[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5512] @ C:\Windows\system32\USER32.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5512] @ C:\Windows\system32\GDI32.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5512] @ C:\Windows\system32\advapi32.DLL[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5512] @ C:\Windows\system32\shell32.DLL[USER32.dll!MessageBoxW] [7fef6736840] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5512] @ C:\Windows\system32\shell32.DLL[USER32.dll!DialogBoxParamW] [7fef67362b0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5512] @ C:\Windows\system32\shell32.DLL[USER32.dll!MessageBoxIndirectW] [7fef6710750] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5512] @ C:\Windows\system32\shell32.DLL[USER32.dll!EnableWindow] [7fef66fef00] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5512] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5512] @ C:\Windows\system32\SHLWAPI.dll[USER32.dll!DialogBoxParamW] [7fef67362b0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5512] @ C:\Windows\system32\SHLWAPI.dll[USER32.dll!DialogBoxParamA] [7fef67361b0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5512] @ C:\Windows\system32\SHLWAPI.dll[USER32.dll!MessageBoxW] [7fef6736840] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5512] @ C:\Windows\system32\iertutil.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5512] @ C:\Windows\system32\version.DLL[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5512] @ C:\Windows\system32\IMM32.DLL[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5512] @ C:\Windows\system32\MSCTF.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5512] @ C:\Windows\system32\ole32.dll[USER32.dll!EnableWindow] [7fef66fef00] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5512] @ C:\Windows\system32\ole32.dll[USER32.dll!DialogBoxParamW] [7fef67362b0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5512] @ C:\Windows\system32\ole32.dll[USER32.dll!MessageBoxW] [7fef6736840] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5512] @ C:\Windows\system32\OLEAUT32.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5512] @ C:\Windows\system32\OLEAUT32.dll[USER32.dll!EnableWindow] [7fef66fef00] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5512] @ C:\Windows\system32\WININET.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5512] @ C:\Windows\system32\OLEACC.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5512] @ C:\Windows\system32\WTSAPI32.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5512] @ C:\Windows\system32\IEFRAME.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5512] @ C:\Windows\system32\IEFRAME.dll[USER32.dll!EnableWindow] [7fef66fef00] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5512] @ C:\Windows\system32\IEFRAME.dll[USER32.dll!DialogBoxParamW] [7fef67362b0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5512] @ C:\Windows\system32\IEFRAME.dll[USER32.dll!MessageBoxW] [7fef6736840] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5512] @ C:\Windows\system32\IEFRAME.dll[USER32.dll!MessageBoxIndirectW] [7fef6710750] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5512] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757\comctl32.dll[USER32.dll!EnableWindow] [7fef66fef00] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5512] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757\comctl32.dll[USER32.dll!DialogBoxIndirectParamW] [7fef67360d0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5512] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757\comctl32.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5512] @ C:\Windows\system32\comdlg32.dll[USER32.dll!EnableWindow] [7fef66fef00] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5512] @ C:\Windows\system32\comdlg32.dll[USER32.dll!DialogBoxIndirectParamW] [7fef67360d0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5512] @ C:\Windows\system32\comdlg32.dll[USER32.dll!MessageBoxW] [7fef6736840] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5512] @ C:\Windows\system32\comdlg32.dll[COMCTL32.dll!PropertySheetW] [7fef6736f30] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5512] @ C:\Windows\system32\comdlg32.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5512] @ C:\Windows\system32\urlmon.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5512] @ C:\Windows\system32\urlmon.dll[USER32.dll!EnableWindow] [7fef66fef00] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5512] @ C:\Windows\system32\urlmon.dll[USER32.dll!DialogBoxParamW] [7fef67362b0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5512] @ C:\Windows\system32\Secur32.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5512] @ C:\Windows\system32\CLBCatQ.DLL[USER32.dll!DialogBoxParamW] [7fef67362b0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5512] @ C:\Windows\system32\CLBCatQ.DLL[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5512] @ C:\Windows\System32\netprofm.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5512] @ C:\Windows\System32\nlaapi.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5512] @ C:\Windows\system32\rsaenh.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5512] @ C:\Program Files\Internet Explorer\ieproxy.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5512] @ C:\Windows\System32\fwpuclnt.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5512] @ C:\Windows\system32\apphelp.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5512] @ C:\Windows\system32\CRYPT32.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5512] @ C:\Windows\system32\IEUI.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5512] @ C:\Windows\system32\UxTheme.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5512] @ C:\Windows\system32\windowscodecs.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5512] @ C:\Windows\system32\dwmapi.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5512] @ C:\Windows\system32\propsys.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5512] @ C:\Windows\system32\ntmarta.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5512] @ C:\Windows\system32\WLDAP32.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5512] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5512] @ C:\Windows\system32\SETUPAPI.dll[USER32.dll!DialogBoxParamW] [7fef67362b0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5512] @ C:\Windows\system32\SETUPAPI.dll[USER32.dll!EnableWindow] [7fef66fef00] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5512] @ C:\Windows\system32\SETUPAPI.dll[USER32.dll!MessageBoxW] [7fef6736840] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5512] @ C:\Windows\system32\CFGMGR32.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5512] @ C:\Windows\system32\msfeeds.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5512] @ C:\Windows\system32\elscore.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5512] @ C:\Windows\system32\MLANG.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5512] @ C:\Windows\system32\srvcli.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5512] @ C:\Windows\system32\wkscli.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5512] @ C:\Windows\System32\NaturalLanguage6.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5512] @ C:\Windows\System32\StructuredQuery.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5512] @ C:\Windows\system32\credssp.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5512] @ C:\Windows\system32\schannel.DLL[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5512] @ C:\Windows\system32\bcrypt.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5512] @ C:\Windows\system32\WINTRUST.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5512] @ C:\Windows\system32\cryptnet.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5512] @ C:\Windows\System32\Wpc.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5512] @ C:\Windows\System32\wevtapi.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5512] @ C:\Windows\system32\LINKINFO.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5512] @ C:\Windows\system32\tquery.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5512] @ C:\Windows\system32\ntshrui.dll[USER32.dll!DialogBoxParamW] [7fef67362b0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5512] @ C:\Windows\system32\ntshrui.dll[USER32.dll!EnableWindow] [7fef66fef00] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[5512] @ C:\Windows\system32\ntshrui.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Program Files\Internet Explorer\iexplore.exe[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\system32\USER32.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\system32\GDI32.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\system32\advapi32.DLL[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\system32\shell32.DLL[USER32.dll!MessageBoxW] [7fef6736840] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\system32\shell32.DLL[USER32.dll!DialogBoxParamW] [7fef67362b0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\system32\shell32.DLL[USER32.dll!MessageBoxIndirectW] [7fef6710750] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\system32\shell32.DLL[USER32.dll!EnableWindow] [7fef66fef00] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\system32\SHLWAPI.dll[USER32.dll!DialogBoxParamW] [7fef67362b0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\system32\SHLWAPI.dll[USER32.dll!DialogBoxParamA] [7fef67361b0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\system32\SHLWAPI.dll[USER32.dll!MessageBoxW] [7fef6736840] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\system32\iertutil.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\system32\version.DLL[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\system32\IMM32.DLL[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\system32\MSCTF.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\system32\ole32.dll[USER32.dll!EnableWindow] [7fef66fef00] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\system32\ole32.dll[USER32.dll!DialogBoxParamW] [7fef67362b0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\system32\ole32.dll[USER32.dll!MessageBoxW] [7fef6736840] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\system32\OLEAUT32.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\system32\OLEAUT32.dll[USER32.dll!EnableWindow] [7fef66fef00] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\system32\WININET.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\system32\OLEACC.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\system32\WTSAPI32.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\system32\IEFRAME.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\system32\IEFRAME.dll[USER32.dll!EnableWindow] [7fef66fef00] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\system32\IEFRAME.dll[USER32.dll!DialogBoxParamW] [7fef67362b0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\system32\IEFRAME.dll[USER32.dll!MessageBoxW] [7fef6736840] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\system32\IEFRAME.dll[USER32.dll!MessageBoxIndirectW] [7fef6710750] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757\comctl32.dll[USER32.dll!EnableWindow] [7fef66fef00] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757\comctl32.dll[USER32.dll!DialogBoxIndirectParamW] [7fef67360d0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757\comctl32.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\system32\comdlg32.dll[USER32.dll!EnableWindow] [7fef66fef00] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\system32\comdlg32.dll[USER32.dll!DialogBoxIndirectParamW] [7fef67360d0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\system32\comdlg32.dll[USER32.dll!MessageBoxW] [7fef6736840] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\system32\comdlg32.dll[COMCTL32.dll!PropertySheetW] [7fef6736f30] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\system32\comdlg32.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\system32\urlmon.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\system32\urlmon.dll[USER32.dll!EnableWindow] [7fef66fef00] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\system32\urlmon.dll[USER32.dll!DialogBoxParamW] [7fef67362b0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\system32\Secur32.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\system32\CLBCatQ.DLL[USER32.dll!DialogBoxParamW] [7fef67362b0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\system32\CLBCatQ.DLL[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\System32\netprofm.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\System32\nlaapi.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\system32\rsaenh.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Program Files\Internet Explorer\ieproxy.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\System32\fwpuclnt.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\system32\apphelp.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\system32\CRYPT32.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\system32\IEUI.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\system32\UxTheme.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\system32\windowscodecs.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\system32\dwmapi.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\system32\explorerframe.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\system32\explorerframe.dll[USER32.dll!EnableWindow] [7fef66fef00] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\system32\DUser.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\system32\DUI70.dll[USER32.dll!EnableWindow] [7fef66fef00] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\system32\DUI70.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\system32\propsys.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\system32\ntmarta.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\system32\WLDAP32.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\system32\SETUPAPI.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\system32\SETUPAPI.dll[USER32.dll!DialogBoxParamW] [7fef67362b0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\system32\SETUPAPI.dll[USER32.dll!EnableWindow] [7fef66fef00] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\system32\SETUPAPI.dll[USER32.dll!MessageBoxW] [7fef6736840] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\system32\CFGMGR32.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\system32\msfeeds.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\system32\elscore.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\system32\MLANG.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\system32\srvcli.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\system32\wkscli.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\system32\credssp.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\system32\schannel.DLL[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\system32\bcrypt.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\system32\WINTRUST.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\system32\cryptnet.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\System32\NaturalLanguage6.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\System32\NLSData0000.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\system32\tquery.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\System32\StructuredQuery.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\system32\LINKINFO.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\System32\Wpc.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\System32\wevtapi.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\system32\ntshrui.dll[USER32.dll!DialogBoxParamW] [7fef67362b0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\system32\ntshrui.dll[USER32.dll!EnableWindow] [7fef66fef00] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\system32\ntshrui.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\System32\ieapfltr.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\System32\shdocvw.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\System32\shdocvw.dll[USER32.dll!EnableWindow] [7fef66fef00] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\System32\shdocvw.dll[USER32.dll!DialogBoxParamW] [7fef67362b0] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Program Files\Windows Defender\MpOav.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[6700] @ C:\Windows\system32\MPR.dll[KERNEL32.dll!GetProcAddress] [7fef66f1c40] C:\Program Files\Internet Explorer\IEShims.dll ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{05F20582-C40E-411E-8A20-A21FC9BFD2A8}@LeaseObtainedTime 1481408885 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{05F20582-C40E-411E-8A20-A21FC9BFD2A8}@T1 1481409012 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{05F20582-C40E-411E-8A20-A21FC9BFD2A8}@T2 1481409108 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{05F20582-C40E-411E-8A20-A21FC9BFD2A8}@LeaseTerminatesTime 1481409140 ---- EOF - GMER 2.2 ----