GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2017-03-31 21:21:15 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000037 Hitachi_HTS547575A9E384 rev.JE4OA50A 698,64GB Running: zxv46c1j.exe; Driver: C:\Users\KRZYSZ~1\AppData\Local\Temp\kxtyipob.sys ---- User code sections - GMER 2.2 ---- .text C:\WINDOWS\system32\dwm.exe[352] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleInformation 00007fff284d3e10 7 bytes JMP 00007fff27a50260 .text C:\WINDOWS\system32\dwm.exe[352] C:\WINDOWS\system32\KERNEL32.DLL!RegQueryValueExW 00007fff284d3e20 7 bytes JMP 00007fff27a50298 .text C:\WINDOWS\system32\dwm.exe[352] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExW 00007fff285839b0 7 bytes JMP 00007fff27a50340 .text C:\WINDOWS\system32\dwm.exe[352] C:\WINDOWS\system32\KERNEL32.DLL!RegDeleteValueW 00007fff28583ef0 7 bytes JMP 00007fff27a502d0 .text C:\WINDOWS\system32\dwm.exe[352] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExA 00007fff28583fe0 7 bytes JMP 00007fff27a50308 .text C:\WINDOWS\system32\dwm.exe[352] C:\WINDOWS\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007fff285b06c0 7 bytes JMP 00007fff27a501f0 .text C:\WINDOWS\system32\dwm.exe[352] C:\WINDOWS\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007fff285b0730 7 bytes JMP 00007fff27a50228 .text C:\WINDOWS\system32\dwm.exe[352] C:\WINDOWS\system32\KERNELBASE.dll!FreeLibrary 00007fff27a921d0 5 bytes JMP 00007fff27a50180 .text C:\WINDOWS\system32\dwm.exe[352] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleW 00007fff27a929d0 7 bytes JMP 00007fff27a500d8 .text C:\WINDOWS\system32\dwm.exe[352] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleExW 00007fff27a94310 5 bytes JMP 00007fff27a50110 .text C:\WINDOWS\system32\dwm.exe[352] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW 00007fff27a98c40 5 bytes JMP 00007fff27a50148 .text C:\WINDOWS\system32\dwm.exe[352] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleFileNameExW 00007fff27b0eb80 5 bytes JMP 00007fff27a501b8 .text C:\WINDOWS\system32\dwm.exe[352] C:\WINDOWS\system32\USER32.dll!CreateWindowExW 00007fff2a606d80 10 bytes JMP 00007fff27a50458 .text C:\WINDOWS\system32\dwm.exe[352] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesW 00007fff2a6155c0 5 bytes JMP 00007fff27a503e8 .text C:\WINDOWS\system32\dwm.exe[352] C:\WINDOWS\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007fff2a615680 9 bytes JMP 00007fff27a50378 .text C:\WINDOWS\system32\dwm.exe[352] C:\WINDOWS\system32\USER32.dll!ChangeDisplaySettingsExW 00007fff2a615850 5 bytes JMP 00007fff27a50420 .text C:\WINDOWS\system32\dwm.exe[352] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesA 00007fff2a61b080 5 bytes JMP 00007fff27a503b0 .text C:\WINDOWS\system32\dwm.exe[352] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007fff29b41500 1 byte JMP 00007fff27a50490 .text C:\WINDOWS\system32\dwm.exe[352] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007fff29b41502 6 bytes {JMP 0xfffffffffdf0ef90} .text C:\WINDOWS\system32\dwm.exe[352] C:\WINDOWS\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007fff29b41750 8 bytes JMP 00007fff27a504c8 .text C:\WINDOWS\system32\dwm.exe[352] C:\WINDOWS\system32\dxgi.dll!CreateDXGIFactory 00007fff25497750 5 bytes JMP 00007fff254800d8 .text C:\WINDOWS\system32\dwm.exe[352] C:\WINDOWS\system32\dxgi.dll!CreateDXGIFactory1 00007fff25498ee0 5 bytes JMP 00007fff25480110 .text C:\WINDOWS\system32\dwm.exe[352] C:\WINDOWS\system32\dxgi.dll!CreateDXGIFactory2 00007fff2549c650 5 bytes JMP 00007fff25480148 .text C:\WINDOWS\system32\WLANExt.exe[1996] C:\WINDOWS\system32\KERNEL32.DLL!CreateToolhelp32Snapshot 00007fff284edb10 12 bytes [48, B8, 1E, 08, 3B, 7A, F7, ...] .text C:\WINDOWS\system32\WLANExt.exe[1996] C:\WINDOWS\system32\KERNEL32.DLL!Process32NextW 00007fff284ee1f0 12 bytes [48, B8, 02, 15, 3B, 7A, F7, ...] .text C:\WINDOWS\system32\WLANExt.exe[1996] C:\WINDOWS\system32\KERNEL32.DLL!GetStartupInfoA + 1 00007fff285834b1 11 bytes [B8, 8E, 1F, 3B, 7A, F7, 7F, ...] .text C:\WINDOWS\system32\WLANExt.exe[1996] C:\WINDOWS\system32\KERNEL32.DLL!MoveFileExA + 1 00007fff285aaba1 8 bytes [B8, F0, 17, 3B, 7A, F7, 7F, ...] .text C:\WINDOWS\system32\WLANExt.exe[1996] C:\WINDOWS\system32\KERNEL32.DLL!MoveFileExA + 10 00007fff285aabaa 2 bytes [50, C3] .text C:\WINDOWS\system32\WLANExt.exe[1996] C:\WINDOWS\system32\KERNEL32.DLL!MoveFileWithProgressA + 1 00007fff285aaca1 11 bytes [B8, 1C, 19, 3B, 7A, F7, 7F, ...] .text C:\WINDOWS\system32\WLANExt.exe[1996] C:\WINDOWS\system32\KERNELBASE.dll!CloseHandle 00007fff27a914c0 12 bytes [48, B8, CE, 0C, 3B, 7A, F7, ...] .text C:\WINDOWS\system32\WLANExt.exe[1996] C:\WINDOWS\system32\KERNELBASE.dll!FreeLibrary + 1 00007fff27a921d1 11 bytes [B8, D6, 13, 3B, 7A, F7, 7F, ...] .text C:\WINDOWS\system32\WLANExt.exe[1996] C:\WINDOWS\system32\KERNELBASE.dll!GetProcAddress 00007fff27a942a0 12 bytes [48, B8, 6C, 14, 3B, 7A, F7, ...] .text C:\WINDOWS\system32\WLANExt.exe[1996] C:\WINDOWS\system32\KERNELBASE.dll!CreateMutexW 00007fff27a96750 12 bytes [48, B8, 38, 0C, 3B, 7A, F7, ...] .text C:\WINDOWS\system32\WLANExt.exe[1996] C:\WINDOWS\system32\KERNELBASE.dll!OpenThread 00007fff27a96780 12 bytes [48, B8, E0, 09, 3B, 7A, F7, ...] .text C:\WINDOWS\system32\WLANExt.exe[1996] C:\WINDOWS\system32\KERNELBASE.dll!OpenMutexW + 1 00007fff27a98931 11 bytes [B8, A2, 0B, 3B, 7A, F7, 7F, ...] .text C:\WINDOWS\system32\WLANExt.exe[1996] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW + 1 00007fff27a98c41 11 bytes [B8, 40, 13, 3B, 7A, F7, 7F, ...] .text C:\WINDOWS\system32\WLANExt.exe[1996] C:\WINDOWS\system32\KERNELBASE.dll!FindClose + 1 00007fff27a99101 11 bytes [B8, F8, 1E, 3B, 7A, F7, 7F, ...] .text C:\WINDOWS\system32\WLANExt.exe[1996] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExA + 1 00007fff27a996b1 11 bytes [B8, AA, 12, 3B, 7A, F7, 7F, ...] .text C:\WINDOWS\system32\WLANExt.exe[1996] C:\WINDOWS\system32\KERNELBASE.dll!DeleteFileW + 1 00007fff27a9ab21 11 bytes [B8, 74, 1B, 3B, 7A, F7, 7F, ...] .text C:\WINDOWS\system32\WLANExt.exe[1996] C:\WINDOWS\system32\KERNELBASE.dll!FindFirstFileExW 00007fff27a9c390 12 bytes [48, B8, CC, 1D, 3B, 7A, F7, ...] .text C:\WINDOWS\system32\WLANExt.exe[1996] C:\WINDOWS\system32\KERNELBASE.dll!FindNextFileW + 1 00007fff27a9f901 11 bytes [B8, 62, 1E, 3B, 7A, F7, 7F, ...] .text C:\WINDOWS\system32\WLANExt.exe[1996] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileWithProgressW + 1 00007fff27aa2121 11 bytes [B8, B2, 19, 3B, 7A, F7, 7F, ...] .text C:\WINDOWS\system32\WLANExt.exe[1996] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW 00007fff27acfcf0 12 bytes [48, B8, 9A, 04, 3B, 7A, F7, ...] .text C:\WINDOWS\system32\WLANExt.exe[1996] C:\WINDOWS\system32\KERNELBASE.dll!DeleteFileA 00007fff27ad10e0 12 bytes [48, B8, 0A, 1C, 3B, 7A, F7, ...] .text C:\WINDOWS\system32\WLANExt.exe[1996] C:\WINDOWS\system32\KERNELBASE.dll!WriteProcessMemory + 1 00007fff27aea6c1 11 bytes [B8, 0C, 0B, 3B, 7A, F7, 7F, ...] .text C:\WINDOWS\system32\WLANExt.exe[1996] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileExW + 1 00007fff27aedb51 8 bytes [B8, 86, 18, 3B, 7A, F7, 7F, ...] .text C:\WINDOWS\system32\WLANExt.exe[1996] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileExW + 10 00007fff27aedb5a 2 bytes [50, C3] .text C:\WINDOWS\system32\WLANExt.exe[1996] C:\WINDOWS\system32\KERNELBASE.dll!DefineDosDeviceW + 1 00007fff27b0a0e1 11 bytes [B8, 5A, 17, 3B, 7A, F7, 7F, ...] .text C:\WINDOWS\system32\WLANExt.exe[1996] C:\WINDOWS\system32\KERNELBASE.dll!CreateThread 00007fff27b0a4f0 12 bytes [48, B8, 76, 0A, 3B, 7A, F7, ...] .text C:\WINDOWS\system32\WLANExt.exe[1996] C:\WINDOWS\system32\KERNELBASE.dll!ReadConsoleInputA + 1 00007fff27b5fae1 11 bytes [B8, FA, 0D, 3B, 7A, F7, 7F, ...] .text C:\WINDOWS\system32\WLANExt.exe[1996] C:\WINDOWS\system32\KERNELBASE.dll!ReadConsoleInputW + 1 00007fff27b5fb61 11 bytes [B8, 90, 0E, 3B, 7A, F7, 7F, ...] .text C:\WINDOWS\system32\WLANExt.exe[1996] C:\WINDOWS\system32\KERNELBASE.dll!ReadConsoleA 00007fff27b60610 12 bytes [48, B8, 26, 0F, 3B, 7A, F7, ...] .text C:\WINDOWS\system32\WLANExt.exe[1996] C:\WINDOWS\system32\KERNELBASE.dll!ReadConsoleW 00007fff27b60840 12 bytes [48, B8, BC, 0F, 3B, 7A, F7, ...] .text C:\WINDOWS\system32\WLANExt.exe[1996] C:\WINDOWS\system32\KERNELBASE.dll!CreateRemoteThread 00007fff27b70f50 12 bytes [48, B8, AC, 01, 3B, 7A, F7, ...] .text C:\WINDOWS\system32\WLANExt.exe[1996] C:\WINDOWS\SYSTEM32\sechost.dll!CloseServiceHandle + 1 00007fff29e047a1 11 bytes [B8, EE, 28, 3B, 7A, F7, 7F, ...] .text C:\WINDOWS\system32\WLANExt.exe[1996] C:\WINDOWS\SYSTEM32\sechost.dll!OpenServiceW 00007fff29e04d10 12 bytes [48, B8, D4, 24, 3B, 7A, F7, ...] .text C:\WINDOWS\system32\WLANExt.exe[1996] C:\WINDOWS\SYSTEM32\sechost.dll!OpenServiceA 00007fff29e0a830 12 bytes [48, B8, 3E, 24, 3B, 7A, F7, ...] .text C:\WINDOWS\system32\WLANExt.exe[1996] C:\WINDOWS\SYSTEM32\sechost.dll!ControlService + 1 00007fff29e0ae11 11 bytes [B8, 96, 26, 3B, 7A, F7, 7F, ...] .text C:\WINDOWS\system32\WLANExt.exe[1996] C:\WINDOWS\SYSTEM32\sechost.dll!ControlServiceExW + 1 00007fff29e0ed61 11 bytes [B8, 00, 26, 3B, 7A, F7, 7F, ...] .text C:\WINDOWS\system32\WLANExt.exe[1996] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW + 1 00007fff29e24021 11 bytes [B8, 58, 28, 3B, 7A, F7, 7F, ...] .text C:\WINDOWS\system32\WLANExt.exe[1996] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService + 1 00007fff29e2a1a1 11 bytes [B8, 2C, 27, 3B, 7A, F7, 7F, ...] .text C:\WINDOWS\system32\WLANExt.exe[1996] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA + 1 00007fff29e2de41 11 bytes [B8, C2, 27, 3B, 7A, F7, 7F, ...] .text C:\WINDOWS\system32\WLANExt.exe[1996] C:\WINDOWS\SYSTEM32\sechost.dll!ControlServiceExA + 1 00007fff29e3ddf1 11 bytes [B8, 6A, 25, 3B, 7A, F7, 7F, ...] .text C:\WINDOWS\system32\WLANExt.exe[1996] C:\WINDOWS\system32\USER32.dll!ShowWindow 00007fff2a6011b0 12 bytes [48, B8, B8, 32, 3B, 7A, F7, ...] .text C:\WINDOWS\system32\WLANExt.exe[1996] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx 00007fff2a601210 12 bytes [48, B8, F6, 30, 3B, 7A, F7, ...] .text C:\WINDOWS\system32\WLANExt.exe[1996] C:\WINDOWS\system32\USER32.dll!GetMessageW 00007fff2a602660 12 bytes [48, B8, 9E, 2E, 3B, 7A, F7, ...] .text C:\WINDOWS\system32\WLANExt.exe[1996] C:\WINDOWS\system32\USER32.dll!PeekMessageW + 1 00007fff2a602981 11 bytes [B8, CA, 2F, 3B, 7A, F7, 7F, ...] .text C:\WINDOWS\system32\WLANExt.exe[1996] C:\WINDOWS\system32\USER32.dll!GetWindowLongPtrW + 1 00007fff2a602b31 11 bytes [B8, C0, 39, 3B, 7A, F7, 7F, ...] .text C:\WINDOWS\system32\WLANExt.exe[1996] C:\WINDOWS\system32\USER32.dll!CallNextHookEx 00007fff2a602ee0 12 bytes [48, B8, 60, 30, 3B, 7A, F7, ...] .text C:\WINDOWS\system32\WLANExt.exe[1996] C:\WINDOWS\system32\USER32.dll!GetWindowLongPtrA + 1 00007fff2a6043f1 11 bytes [B8, 2A, 39, 3B, 7A, F7, 7F, ...] .text C:\WINDOWS\system32\WLANExt.exe[1996] C:\WINDOWS\system32\USER32.dll!GetMessageA + 1 00007fff2a606181 11 bytes [B8, 08, 2E, 3B, 7A, F7, 7F, ...] .text C:\WINDOWS\system32\WLANExt.exe[1996] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW + 1 00007fff2a606381 7 bytes [B8, DC, 2C, 3B, 7A, F7, 7F] .text C:\WINDOWS\system32\WLANExt.exe[1996] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW + 9 00007fff2a606389 3 bytes [00, 50, C3] .text C:\WINDOWS\system32\WLANExt.exe[1996] C:\WINDOWS\system32\USER32.dll!CreateWindowExW 00007fff2a606d80 8 bytes [48, B8, 8C, 31, 3B, 7A, F7, ...] .text C:\WINDOWS\system32\WLANExt.exe[1996] C:\WINDOWS\system32\USER32.dll!CreateWindowExW + 10 00007fff2a606d8a 2 bytes [50, C3] .text C:\WINDOWS\system32\WLANExt.exe[1996] C:\WINDOWS\system32\USER32.dll!GetWindowLongA 00007fff2a609970 12 bytes [48, B8, 56, 3A, 3B, 7A, F7, ...] .text C:\WINDOWS\system32\WLANExt.exe[1996] C:\WINDOWS\system32\USER32.dll!CreateWindowExA 00007fff2a60ab20 8 bytes [48, B8, 22, 32, 3B, 7A, F7, ...] .text C:\WINDOWS\system32\WLANExt.exe[1996] C:\WINDOWS\system32\USER32.dll!CreateWindowExA + 10 00007fff2a60ab2a 2 bytes [50, C3] .text C:\WINDOWS\system32\WLANExt.exe[1996] C:\WINDOWS\system32\USER32.dll!GetWindowLongW + 1 00007fff2a60b041 11 bytes [B8, EC, 3A, 3B, 7A, F7, 7F, ...] .text C:\WINDOWS\system32\WLANExt.exe[1996] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW + 1 00007fff2a60b7e1 11 bytes [B8, 18, 3E, 3B, 7A, F7, 7F, ...] .text C:\WINDOWS\system32\WLANExt.exe[1996] C:\WINDOWS\system32\USER32.dll!SetWindowTextW + 1 00007fff2a60dc61 11 bytes [B8, 3C, 36, 3B, 7A, F7, 7F, ...] .text C:\WINDOWS\system32\WLANExt.exe[1996] C:\WINDOWS\system32\USER32.dll!PeekMessageA + 1 00007fff2a60e971 11 bytes [B8, 34, 2F, 3B, 7A, F7, 7F, ...] .text C:\WINDOWS\system32\WLANExt.exe[1996] C:\WINDOWS\system32\USER32.dll!UserClientDllInitialize + 1 00007fff2a60ecf1 11 bytes [B8, 84, 29, 3B, 7A, F7, 7F, ...] .text C:\WINDOWS\system32\WLANExt.exe[1996] C:\WINDOWS\system32\USER32.dll!SetWinEventHook 00007fff2a615220 12 bytes [48, B8, 72, 2D, 3B, 7A, F7, ...] .text C:\WINDOWS\system32\WLANExt.exe[1996] C:\WINDOWS\system32\USER32.dll!FindWindowW + 1 00007fff2a619a71 7 bytes [B8, FE, 37, 3B, 7A, F7, 7F] .text C:\WINDOWS\system32\WLANExt.exe[1996] C:\WINDOWS\system32\USER32.dll!FindWindowW + 9 00007fff2a619a79 3 bytes [00, 50, C3] .text C:\WINDOWS\system32\WLANExt.exe[1996] C:\WINDOWS\system32\USER32.dll!FindWindowExW + 1 00007fff2a61b6d1 11 bytes [B8, 94, 38, 3B, 7A, F7, 7F, ...] .text C:\WINDOWS\system32\WLANExt.exe[1996] C:\WINDOWS\system32\USER32.dll!FindWindowExA + 1 00007fff2a61bc01 7 bytes [B8, 68, 37, 3B, 7A, F7, 7F] .text C:\WINDOWS\system32\WLANExt.exe[1996] C:\WINDOWS\system32\USER32.dll!FindWindowExA + 9 00007fff2a61bc09 3 bytes [00, 50, C3] .text C:\WINDOWS\system32\WLANExt.exe[1996] C:\WINDOWS\system32\USER32.dll!CreateDialogIndirectParamAorW + 1 00007fff2a61f8a1 11 bytes [B8, 4E, 33, 3B, 7A, F7, 7F, ...] .text C:\WINDOWS\system32\WLANExt.exe[1996] C:\WINDOWS\system32\USER32.dll!DialogBoxIndirectParamAorW + 1 00007fff2a637751 11 bytes [B8, E4, 33, 3B, 7A, F7, 7F, ...] .text C:\WINDOWS\system32\WLANExt.exe[1996] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageA + 1 00007fff2a63c5d1 11 bytes [B8, 82, 3D, 3B, 7A, F7, 7F, ...] .text C:\WINDOWS\system32\WLANExt.exe[1996] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA + 1 00007fff2a660ec1 8 bytes [B8, 46, 2C, 3B, 7A, F7, 7F, ...] .text C:\WINDOWS\system32\WLANExt.exe[1996] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA + 10 00007fff2a660eca 2 bytes [50, C3] .text C:\WINDOWS\system32\WLANExt.exe[1996] C:\WINDOWS\system32\USER32.dll!MessageBoxExA + 1 00007fff2a687d91 11 bytes [B8, 7A, 34, 3B, 7A, F7, 7F, ...] .text C:\WINDOWS\system32\WLANExt.exe[1996] C:\WINDOWS\system32\USER32.dll!MessageBoxExW + 1 00007fff2a687dc1 11 bytes [B8, 10, 35, 3B, 7A, F7, 7F, ...] .text C:\WINDOWS\system32\WLANExt.exe[1996] C:\WINDOWS\system32\USER32.dll!SetWindowTextA + 1 00007fff2a6910b1 11 bytes [B8, A6, 35, 3B, 7A, F7, 7F, ...] .text C:\WINDOWS\system32\WLANExt.exe[1996] C:\WINDOWS\system32\USER32.dll!FindWindowA + 1 00007fff2a691501 11 bytes [B8, D2, 36, 3B, 7A, F7, 7F, ...] .text C:\WINDOWS\system32\WLANExt.exe[1996] C:\WINDOWS\system32\GDI32.dll!GdiDllInitialize + 465 00007fff29b446a1 11 bytes [B8, 1A, 2A, 3B, 7A, F7, 7F, ...] .text C:\WINDOWS\system32\WLANExt.exe[1996] C:\WINDOWS\system32\GDI32.dll!NamedEscape + 1 00007fff29c13241 11 bytes [B8, B0, 2B, 3B, 7A, F7, 7F, ...] .text C:\WINDOWS\system32\WLANExt.exe[1996] C:\WINDOWS\system32\WS2_32.dll!closesocket 00007fff28212210 12 bytes [48, B8, F4, 43, 3B, 7A, F7, ...] .text C:\WINDOWS\system32\WLANExt.exe[1996] C:\WINDOWS\system32\WS2_32.dll!WSASocketW 00007fff28212600 12 bytes [48, B8, 5E, 43, 3B, 7A, F7, ...] .text C:\WINDOWS\system32\WLANExt.exe[1996] C:\WINDOWS\system32\WS2_32.dll!socket + 1 00007fff28212971 11 bytes [B8, 20, 45, 3B, 7A, F7, 7F, ...] .text C:\WINDOWS\system32\WLANExt.exe[1996] C:\WINDOWS\system32\WS2_32.dll!GetAddrInfoW 00007fff28213400 12 bytes [48, B8, 06, 41, 3B, 7A, F7, ...] .text C:\WINDOWS\system32\WLANExt.exe[1996] C:\WINDOWS\system32\WS2_32.dll!GetAddrInfoExW 00007fff28219e10 12 bytes [48, B8, 9C, 41, 3B, 7A, F7, ...] .text C:\WINDOWS\system32\WLANExt.exe[1996] C:\WINDOWS\system32\WS2_32.dll!recv + 1 00007fff2821f6c1 11 bytes [B8, 4C, 46, 3B, 7A, F7, 7F, ...] .text C:\WINDOWS\system32\WLANExt.exe[1996] C:\WINDOWS\system32\WS2_32.dll!WSASend + 1 00007fff2821fa21 11 bytes [B8, 8A, 44, 3B, 7A, F7, 7F, ...] .text C:\WINDOWS\system32\WLANExt.exe[1996] C:\WINDOWS\system32\WS2_32.dll!WSARecv + 1 00007fff2821fc01 11 bytes [B8, E2, 46, 3B, 7A, F7, 7F, ...] .text C:\WINDOWS\system32\WLANExt.exe[1996] C:\WINDOWS\system32\WS2_32.dll!connect 00007fff282201d0 12 bytes [48, B8, 70, 40, 3B, 7A, F7, ...] .text C:\WINDOWS\system32\WLANExt.exe[1996] C:\WINDOWS\system32\WS2_32.dll!send + 1 00007fff28223d31 11 bytes [B8, C8, 42, 3B, 7A, F7, 7F, ...] .text C:\WINDOWS\system32\WLANExt.exe[1996] C:\WINDOWS\system32\WS2_32.dll!WSAConnect + 1 00007fff282269a1 11 bytes [B8, B6, 45, 3B, 7A, F7, 7F, ...] .text C:\WINDOWS\system32\WLANExt.exe[1996] C:\WINDOWS\system32\WS2_32.dll!gethostbyname + 1 00007fff282355c1 11 bytes [B8, 32, 42, 3B, 7A, F7, 7F, ...] .text C:\WINDOWS\system32\WLANExt.exe[1996] C:\WINDOWS\system32\ADVAPI32.dll!CryptExportKey + 161 00007fff29d52141 11 bytes [B8, 3A, 49, 3B, 7A, F7, 7F, ...] .text C:\WINDOWS\system32\WLANExt.exe[1996] C:\WINDOWS\system32\ADVAPI32.dll!EnableTrace + 65 00007fff29d5b931 11 bytes [B8, A4, 48, 3B, 7A, F7, 7F, ...] .text C:\WINDOWS\system32\WLANExt.exe[1996] C:\WINDOWS\system32\ADVAPI32.dll!RegisterServiceCtrlHandlerExA + 769 00007fff29da2671 11 bytes [B8, 28, 4C, 3B, 7A, F7, 7F, ...] .text C:\WINDOWS\system32\WLANExt.exe[1996] C:\WINDOWS\system32\ADVAPI32.dll!RegisterServiceCtrlHandlerExA + 801 00007fff29da2691 11 bytes [B8, 92, 4B, 3B, 7A, F7, 7F, ...] .text C:\WINDOWS\system32\WLANExt.exe[1996] C:\WINDOWS\system32\ADVAPI32.dll!CreateServiceA 00007fff29dadd30 12 bytes [48, B8, 78, 47, 3B, 7A, F7, ...] .text C:\WINDOWS\system32\WLANExt.exe[1996] C:\WINDOWS\system32\ADVAPI32.dll!CreateServiceW 00007fff29daddc0 3 bytes [48, B8, 0E] .text C:\WINDOWS\system32\WLANExt.exe[1996] C:\WINDOWS\system32\ADVAPI32.dll!CreateServiceW + 4 00007fff29daddc4 8 bytes [3B, 7A, F7, 7F, 00, 00, 50, ...] .text C:\WINDOWS\system32\WLANExt.exe[1996] C:\WINDOWS\system32\SHELL32.dll!Shell_NotifyIconW + 1 00007fff286b6591 11 bytes [B8, EA, 4D, 3B, 7A, F7, 7F, ...] .text C:\WINDOWS\system32\WLANExt.exe[1996] C:\WINDOWS\system32\DNSAPI.dll!DnsQueryEx 00007fff26fd4420 12 bytes [48, B8, D8, 50, 3B, 7A, F7, ...] .text C:\WINDOWS\system32\WLANExt.exe[1996] C:\WINDOWS\system32\DNSAPI.dll!DnsQuery_UTF8 00007fff26ff3c90 12 bytes [48, B8, 42, 50, 3B, 7A, F7, ...] .text C:\WINDOWS\system32\WLANExt.exe[1996] C:\WINDOWS\system32\DNSAPI.dll!DnsQuery_W 00007fff26ff4730 12 bytes [48, B8, AC, 4F, 3B, 7A, F7, ...] .text C:\WINDOWS\system32\WLANExt.exe[1996] C:\WINDOWS\system32\DNSAPI.dll!DnsQuery_A 00007fff2702fd90 12 bytes [48, B8, 16, 4F, 3B, 7A, F7, ...] .text C:\WINDOWS\system32\dashost.exe[1572] C:\WINDOWS\system32\KERNEL32.DLL!CreateToolhelp32Snapshot 00007fff284edb10 12 bytes [48, B8, 1E, 08, 8A, 93, F7, ...] .text C:\WINDOWS\system32\dashost.exe[1572] C:\WINDOWS\system32\KERNEL32.DLL!Process32NextW 00007fff284ee1f0 12 bytes [48, B8, 02, 15, 8A, 93, F7, ...] .text C:\WINDOWS\system32\dashost.exe[1572] C:\WINDOWS\system32\KERNEL32.DLL!GetStartupInfoA + 1 00007fff285834b1 11 bytes [B8, 8E, 1F, 8A, 93, F7, 7F, ...] .text C:\WINDOWS\system32\dashost.exe[1572] C:\WINDOWS\system32\KERNEL32.DLL!MoveFileExA + 1 00007fff285aaba1 8 bytes [B8, F0, 17, 8A, 93, F7, 7F, ...] .text C:\WINDOWS\system32\dashost.exe[1572] C:\WINDOWS\system32\KERNEL32.DLL!MoveFileExA + 10 00007fff285aabaa 2 bytes [50, C3] .text C:\WINDOWS\system32\dashost.exe[1572] C:\WINDOWS\system32\KERNEL32.DLL!MoveFileWithProgressA + 1 00007fff285aaca1 11 bytes [B8, 1C, 19, 8A, 93, F7, 7F, ...] .text C:\WINDOWS\system32\dashost.exe[1572] C:\WINDOWS\system32\KERNELBASE.dll!CloseHandle 00007fff27a914c0 12 bytes [48, B8, CE, 0C, 8A, 93, F7, ...] .text C:\WINDOWS\system32\dashost.exe[1572] C:\WINDOWS\system32\KERNELBASE.dll!FreeLibrary + 1 00007fff27a921d1 11 bytes [B8, D6, 13, 8A, 93, F7, 7F, ...] .text C:\WINDOWS\system32\dashost.exe[1572] C:\WINDOWS\system32\KERNELBASE.dll!GetProcAddress 00007fff27a942a0 12 bytes [48, B8, 6C, 14, 8A, 93, F7, ...] .text C:\WINDOWS\system32\dashost.exe[1572] C:\WINDOWS\system32\KERNELBASE.dll!CreateMutexW 00007fff27a96750 12 bytes [48, B8, 38, 0C, 8A, 93, F7, ...] .text C:\WINDOWS\system32\dashost.exe[1572] C:\WINDOWS\system32\KERNELBASE.dll!OpenThread 00007fff27a96780 12 bytes [48, B8, E0, 09, 8A, 93, F7, ...] .text C:\WINDOWS\system32\dashost.exe[1572] C:\WINDOWS\system32\KERNELBASE.dll!OpenMutexW + 1 00007fff27a98931 11 bytes [B8, A2, 0B, 8A, 93, F7, 7F, ...] .text C:\WINDOWS\system32\dashost.exe[1572] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW + 1 00007fff27a98c41 11 bytes [B8, 40, 13, 8A, 93, F7, 7F, ...] .text C:\WINDOWS\system32\dashost.exe[1572] C:\WINDOWS\system32\KERNELBASE.dll!FindClose + 1 00007fff27a99101 11 bytes [B8, F8, 1E, 8A, 93, F7, 7F, ...] .text C:\WINDOWS\system32\dashost.exe[1572] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExA + 1 00007fff27a996b1 11 bytes [B8, AA, 12, 8A, 93, F7, 7F, ...] .text C:\WINDOWS\system32\dashost.exe[1572] C:\WINDOWS\system32\KERNELBASE.dll!DeleteFileW + 1 00007fff27a9ab21 11 bytes [B8, 74, 1B, 8A, 93, F7, 7F, ...] .text C:\WINDOWS\system32\dashost.exe[1572] C:\WINDOWS\system32\KERNELBASE.dll!FindFirstFileExW 00007fff27a9c390 12 bytes [48, B8, CC, 1D, 8A, 93, F7, ...] .text C:\WINDOWS\system32\dashost.exe[1572] C:\WINDOWS\system32\KERNELBASE.dll!FindNextFileW + 1 00007fff27a9f901 11 bytes [B8, 62, 1E, 8A, 93, F7, 7F, ...] .text C:\WINDOWS\system32\dashost.exe[1572] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileWithProgressW + 1 00007fff27aa2121 11 bytes [B8, B2, 19, 8A, 93, F7, 7F, ...] .text C:\WINDOWS\system32\dashost.exe[1572] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW 00007fff27acfcf0 12 bytes [48, B8, 9A, 04, 8A, 93, F7, ...] .text C:\WINDOWS\system32\dashost.exe[1572] C:\WINDOWS\system32\KERNELBASE.dll!DeleteFileA 00007fff27ad10e0 12 bytes [48, B8, 0A, 1C, 8A, 93, F7, ...] .text C:\WINDOWS\system32\dashost.exe[1572] C:\WINDOWS\system32\KERNELBASE.dll!WriteProcessMemory + 1 00007fff27aea6c1 11 bytes [B8, 0C, 0B, 8A, 93, F7, 7F, ...] .text C:\WINDOWS\system32\dashost.exe[1572] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileExW + 1 00007fff27aedb51 8 bytes [B8, 86, 18, 8A, 93, F7, 7F, ...] .text C:\WINDOWS\system32\dashost.exe[1572] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileExW + 10 00007fff27aedb5a 2 bytes [50, C3] .text C:\WINDOWS\system32\dashost.exe[1572] C:\WINDOWS\system32\KERNELBASE.dll!DefineDosDeviceW + 1 00007fff27b0a0e1 11 bytes [B8, 5A, 17, 8A, 93, F7, 7F, ...] .text C:\WINDOWS\system32\dashost.exe[1572] C:\WINDOWS\system32\KERNELBASE.dll!CreateThread 00007fff27b0a4f0 12 bytes [48, B8, 76, 0A, 8A, 93, F7, ...] .text C:\WINDOWS\system32\dashost.exe[1572] C:\WINDOWS\system32\KERNELBASE.dll!ReadConsoleInputA + 1 00007fff27b5fae1 11 bytes [B8, FA, 0D, 8A, 93, F7, 7F, ...] .text C:\WINDOWS\system32\dashost.exe[1572] C:\WINDOWS\system32\KERNELBASE.dll!ReadConsoleInputW + 1 00007fff27b5fb61 11 bytes [B8, 90, 0E, 8A, 93, F7, 7F, ...] .text C:\WINDOWS\system32\dashost.exe[1572] C:\WINDOWS\system32\KERNELBASE.dll!ReadConsoleA 00007fff27b60610 12 bytes [48, B8, 26, 0F, 8A, 93, F7, ...] .text C:\WINDOWS\system32\dashost.exe[1572] C:\WINDOWS\system32\KERNELBASE.dll!ReadConsoleW 00007fff27b60840 12 bytes [48, B8, BC, 0F, 8A, 93, F7, ...] .text C:\WINDOWS\system32\dashost.exe[1572] C:\WINDOWS\system32\KERNELBASE.dll!CreateRemoteThread 00007fff27b70f50 12 bytes [48, B8, AC, 01, 8A, 93, F7, ...] .text C:\WINDOWS\system32\dashost.exe[1572] C:\WINDOWS\SYSTEM32\sechost.dll!CloseServiceHandle + 1 00007fff29e047a1 11 bytes [B8, EE, 28, 8A, 93, F7, 7F, ...] .text C:\WINDOWS\system32\dashost.exe[1572] C:\WINDOWS\SYSTEM32\sechost.dll!OpenServiceW 00007fff29e04d10 12 bytes [48, B8, D4, 24, 8A, 93, F7, ...] .text C:\WINDOWS\system32\dashost.exe[1572] C:\WINDOWS\SYSTEM32\sechost.dll!OpenServiceA 00007fff29e0a830 12 bytes [48, B8, 3E, 24, 8A, 93, F7, ...] .text C:\WINDOWS\system32\dashost.exe[1572] C:\WINDOWS\SYSTEM32\sechost.dll!ControlService + 1 00007fff29e0ae11 11 bytes [B8, 96, 26, 8A, 93, F7, 7F, ...] .text C:\WINDOWS\system32\dashost.exe[1572] C:\WINDOWS\SYSTEM32\sechost.dll!ControlServiceExW + 1 00007fff29e0ed61 11 bytes [B8, 00, 26, 8A, 93, F7, 7F, ...] .text C:\WINDOWS\system32\dashost.exe[1572] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW + 1 00007fff29e24021 11 bytes [B8, 58, 28, 8A, 93, F7, 7F, ...] .text C:\WINDOWS\system32\dashost.exe[1572] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService + 1 00007fff29e2a1a1 11 bytes [B8, 2C, 27, 8A, 93, F7, 7F, ...] .text C:\WINDOWS\system32\dashost.exe[1572] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA + 1 00007fff29e2de41 11 bytes [B8, C2, 27, 8A, 93, F7, 7F, ...] .text C:\WINDOWS\system32\dashost.exe[1572] C:\WINDOWS\SYSTEM32\sechost.dll!ControlServiceExA + 1 00007fff29e3ddf1 11 bytes [B8, 6A, 25, 8A, 93, F7, 7F, ...] .text C:\WINDOWS\system32\dashost.exe[1572] C:\WINDOWS\system32\WS2_32.dll!closesocket 00007fff28212210 12 bytes [48, B8, 34, 2E, 8A, 93, F7, ...] .text C:\WINDOWS\system32\dashost.exe[1572] C:\WINDOWS\system32\WS2_32.dll!WSASocketW 00007fff28212600 12 bytes [48, B8, 9E, 2D, 8A, 93, F7, ...] .text C:\WINDOWS\system32\dashost.exe[1572] C:\WINDOWS\system32\WS2_32.dll!socket + 1 00007fff28212971 11 bytes [B8, 60, 2F, 8A, 93, F7, 7F, ...] .text C:\WINDOWS\system32\dashost.exe[1572] C:\WINDOWS\system32\WS2_32.dll!GetAddrInfoW 00007fff28213400 12 bytes [48, B8, 46, 2B, 8A, 93, F7, ...] .text C:\WINDOWS\system32\dashost.exe[1572] C:\WINDOWS\system32\WS2_32.dll!GetAddrInfoExW 00007fff28219e10 12 bytes [48, B8, DC, 2B, 8A, 93, F7, ...] .text C:\WINDOWS\system32\dashost.exe[1572] C:\WINDOWS\system32\WS2_32.dll!recv + 1 00007fff2821f6c1 11 bytes [B8, 8C, 30, 8A, 93, F7, 7F, ...] .text C:\WINDOWS\system32\dashost.exe[1572] C:\WINDOWS\system32\WS2_32.dll!WSASend + 1 00007fff2821fa21 11 bytes [B8, CA, 2E, 8A, 93, F7, 7F, ...] .text C:\WINDOWS\system32\dashost.exe[1572] C:\WINDOWS\system32\WS2_32.dll!WSARecv + 1 00007fff2821fc01 11 bytes [B8, 22, 31, 8A, 93, F7, 7F, ...] .text C:\WINDOWS\system32\dashost.exe[1572] C:\WINDOWS\system32\WS2_32.dll!connect 00007fff282201d0 12 bytes [48, B8, B0, 2A, 8A, 93, F7, ...] .text C:\WINDOWS\system32\dashost.exe[1572] C:\WINDOWS\system32\WS2_32.dll!send + 1 00007fff28223d31 11 bytes [B8, 08, 2D, 8A, 93, F7, 7F, ...] .text C:\WINDOWS\system32\dashost.exe[1572] C:\WINDOWS\system32\WS2_32.dll!WSAConnect + 1 00007fff282269a1 11 bytes [B8, F6, 2F, 8A, 93, F7, 7F, ...] .text C:\WINDOWS\system32\dashost.exe[1572] C:\WINDOWS\system32\WS2_32.dll!gethostbyname + 1 00007fff282355c1 11 bytes [B8, 72, 2C, 8A, 93, F7, 7F, ...] .text C:\WINDOWS\system32\dashost.exe[1572] C:\WINDOWS\system32\WINHTTP.dll!WinHttpCloseHandle + 1 00007fff24159781 11 bytes [B8, 4E, 32, 8A, 93, F7, 7F, ...] .text C:\WINDOWS\system32\dashost.exe[1572] C:\WINDOWS\system32\WINHTTP.dll!WinHttpOpenRequest 00007fff2416bce0 12 bytes [48, B8, B8, 31, 8A, 93, F7, ...] .text C:\WINDOWS\system32\dashost.exe[1572] C:\WINDOWS\system32\WINHTTP.dll!WinHttpConnect + 1 00007fff2416ce81 11 bytes [B8, E4, 32, 8A, 93, F7, 7F, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3008] C:\WINDOWS\system32\KERNEL32.DLL!CreateToolhelp32Snapshot 00007fff284edb10 12 bytes [48, B8, 1E, 08, B9, 7C, F7, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3008] C:\WINDOWS\system32\KERNEL32.DLL!Process32NextW 00007fff284ee1f0 12 bytes [48, B8, 02, 15, B9, 7C, F7, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3008] C:\WINDOWS\system32\KERNEL32.DLL!GetStartupInfoA + 1 00007fff285834b1 11 bytes [B8, 8E, 1F, B9, 7C, F7, 7F, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3008] C:\WINDOWS\system32\KERNEL32.DLL!MoveFileExA + 1 00007fff285aaba1 8 bytes [B8, F0, 17, B9, 7C, F7, 7F, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3008] C:\WINDOWS\system32\KERNEL32.DLL!MoveFileExA + 10 00007fff285aabaa 2 bytes [50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3008] C:\WINDOWS\system32\KERNEL32.DLL!MoveFileWithProgressA + 1 00007fff285aaca1 11 bytes [B8, 1C, 19, B9, 7C, F7, 7F, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3008] C:\WINDOWS\system32\KERNELBASE.dll!CloseHandle 00007fff27a914c0 12 bytes [48, B8, CE, 0C, B9, 7C, F7, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3008] C:\WINDOWS\system32\KERNELBASE.dll!FreeLibrary + 1 00007fff27a921d1 11 bytes [B8, D6, 13, B9, 7C, F7, 7F, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3008] C:\WINDOWS\system32\KERNELBASE.dll!GetProcAddress 00007fff27a942a0 12 bytes [48, B8, 6C, 14, B9, 7C, F7, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3008] C:\WINDOWS\system32\KERNELBASE.dll!CreateMutexW 00007fff27a96750 12 bytes [48, B8, 38, 0C, B9, 7C, F7, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3008] C:\WINDOWS\system32\KERNELBASE.dll!OpenThread 00007fff27a96780 12 bytes [48, B8, E0, 09, B9, 7C, F7, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3008] C:\WINDOWS\system32\KERNELBASE.dll!OpenMutexW + 1 00007fff27a98931 11 bytes [B8, A2, 0B, B9, 7C, F7, 7F, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3008] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW + 1 00007fff27a98c41 11 bytes [B8, 40, 13, B9, 7C, F7, 7F, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3008] C:\WINDOWS\system32\KERNELBASE.dll!FindClose + 1 00007fff27a99101 11 bytes [B8, F8, 1E, B9, 7C, F7, 7F, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3008] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExA + 1 00007fff27a996b1 11 bytes [B8, AA, 12, B9, 7C, F7, 7F, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3008] C:\WINDOWS\system32\KERNELBASE.dll!DeleteFileW + 1 00007fff27a9ab21 11 bytes [B8, 74, 1B, B9, 7C, F7, 7F, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3008] C:\WINDOWS\system32\KERNELBASE.dll!FindFirstFileExW 00007fff27a9c390 12 bytes [48, B8, CC, 1D, B9, 7C, F7, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3008] C:\WINDOWS\system32\KERNELBASE.dll!FindNextFileW + 1 00007fff27a9f901 11 bytes [B8, 62, 1E, B9, 7C, F7, 7F, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3008] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileWithProgressW + 1 00007fff27aa2121 11 bytes [B8, B2, 19, B9, 7C, F7, 7F, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3008] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW 00007fff27acfcf0 12 bytes [48, B8, 9A, 04, B9, 7C, F7, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3008] C:\WINDOWS\system32\KERNELBASE.dll!DeleteFileA 00007fff27ad10e0 12 bytes [48, B8, 0A, 1C, B9, 7C, F7, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3008] C:\WINDOWS\system32\KERNELBASE.dll!WriteProcessMemory + 1 00007fff27aea6c1 11 bytes [B8, 0C, 0B, B9, 7C, F7, 7F, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3008] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileExW + 1 00007fff27aedb51 8 bytes [B8, 86, 18, B9, 7C, F7, 7F, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3008] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileExW + 10 00007fff27aedb5a 2 bytes [50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3008] C:\WINDOWS\system32\KERNELBASE.dll!DefineDosDeviceW + 1 00007fff27b0a0e1 11 bytes [B8, 5A, 17, B9, 7C, F7, 7F, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3008] C:\WINDOWS\system32\KERNELBASE.dll!CreateThread 00007fff27b0a4f0 12 bytes [48, B8, 76, 0A, B9, 7C, F7, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3008] C:\WINDOWS\system32\KERNELBASE.dll!ReadConsoleInputA + 1 00007fff27b5fae1 11 bytes [B8, FA, 0D, B9, 7C, F7, 7F, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3008] C:\WINDOWS\system32\KERNELBASE.dll!ReadConsoleInputW + 1 00007fff27b5fb61 11 bytes [B8, 90, 0E, B9, 7C, F7, 7F, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3008] C:\WINDOWS\system32\KERNELBASE.dll!ReadConsoleA 00007fff27b60610 12 bytes [48, B8, 26, 0F, B9, 7C, F7, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3008] C:\WINDOWS\system32\KERNELBASE.dll!ReadConsoleW 00007fff27b60840 12 bytes [48, B8, BC, 0F, B9, 7C, F7, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3008] C:\WINDOWS\system32\KERNELBASE.dll!CreateRemoteThread 00007fff27b70f50 12 bytes [48, B8, AC, 01, B9, 7C, F7, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3008] C:\WINDOWS\system32\ADVAPI32.dll!CryptExportKey + 161 00007fff29d52141 11 bytes [B8, 06, 41, B9, 7C, F7, 7F, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3008] C:\WINDOWS\system32\ADVAPI32.dll!EnableTrace + 65 00007fff29d5b931 11 bytes [B8, 70, 40, B9, 7C, F7, 7F, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3008] C:\WINDOWS\system32\ADVAPI32.dll!RegisterServiceCtrlHandlerExA + 769 00007fff29da2671 11 bytes [B8, F4, 43, B9, 7C, F7, 7F, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3008] C:\WINDOWS\system32\ADVAPI32.dll!RegisterServiceCtrlHandlerExA + 801 00007fff29da2691 11 bytes [B8, 5E, 43, B9, 7C, F7, 7F, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3008] C:\WINDOWS\system32\ADVAPI32.dll!CreateServiceA 00007fff29dadd30 12 bytes [48, B8, 44, 3F, B9, 7C, F7, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3008] C:\WINDOWS\system32\ADVAPI32.dll!CreateServiceW 00007fff29daddc0 12 bytes [48, B8, DA, 3F, B9, 7C, F7, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3008] C:\WINDOWS\system32\USER32.dll!ShowWindow 00007fff2a6011b0 12 bytes [48, B8, 4E, 33, B9, 7C, F7, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3008] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx 00007fff2a601210 12 bytes [48, B8, 8C, 31, B9, 7C, F7, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3008] C:\WINDOWS\system32\USER32.dll!GetMessageW 00007fff2a602660 12 bytes [48, B8, 34, 2F, B9, 7C, F7, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3008] C:\WINDOWS\system32\USER32.dll!PeekMessageW + 1 00007fff2a602981 11 bytes [B8, 60, 30, B9, 7C, F7, 7F, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3008] C:\WINDOWS\system32\USER32.dll!GetWindowLongPtrW + 1 00007fff2a602b31 11 bytes [B8, 56, 3A, B9, 7C, F7, 7F, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3008] C:\WINDOWS\system32\USER32.dll!CallNextHookEx 00007fff2a602ee0 12 bytes [48, B8, F6, 30, B9, 7C, F7, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3008] C:\WINDOWS\system32\USER32.dll!GetWindowLongPtrA + 1 00007fff2a6043f1 11 bytes [B8, C0, 39, B9, 7C, F7, 7F, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3008] C:\WINDOWS\system32\USER32.dll!GetMessageA + 1 00007fff2a606181 11 bytes [B8, 9E, 2E, B9, 7C, F7, 7F, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3008] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW + 1 00007fff2a606381 7 bytes [B8, 72, 2D, B9, 7C, F7, 7F] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3008] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW + 9 00007fff2a606389 3 bytes [00, 50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3008] C:\WINDOWS\system32\USER32.dll!CreateWindowExW 00007fff2a606d80 8 bytes [48, B8, 22, 32, B9, 7C, F7, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3008] C:\WINDOWS\system32\USER32.dll!CreateWindowExW + 10 00007fff2a606d8a 2 bytes [50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3008] C:\WINDOWS\system32\USER32.dll!GetWindowLongA 00007fff2a609970 12 bytes [48, B8, EC, 3A, B9, 7C, F7, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3008] C:\WINDOWS\system32\USER32.dll!CreateWindowExA 00007fff2a60ab20 8 bytes [48, B8, B8, 32, B9, 7C, F7, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3008] C:\WINDOWS\system32\USER32.dll!CreateWindowExA + 10 00007fff2a60ab2a 2 bytes [50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3008] C:\WINDOWS\system32\USER32.dll!GetWindowLongW + 1 00007fff2a60b041 11 bytes [B8, 82, 3B, B9, 7C, F7, 7F, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3008] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW + 1 00007fff2a60b7e1 11 bytes [B8, AE, 3E, B9, 7C, F7, 7F, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3008] C:\WINDOWS\system32\USER32.dll!SetWindowTextW + 1 00007fff2a60dc61 11 bytes [B8, D2, 36, B9, 7C, F7, 7F, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3008] C:\WINDOWS\system32\USER32.dll!PeekMessageA + 1 00007fff2a60e971 11 bytes [B8, CA, 2F, B9, 7C, F7, 7F, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3008] C:\WINDOWS\system32\USER32.dll!UserClientDllInitialize + 1 00007fff2a60ecf1 2 bytes [B8, 3E] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3008] C:\WINDOWS\system32\USER32.dll!UserClientDllInitialize + 4 00007fff2a60ecf4 8 bytes [B9, 7C, F7, 7F, 00, 00, 50, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3008] C:\WINDOWS\system32\USER32.dll!SetWinEventHook 00007fff2a615220 12 bytes [48, B8, 08, 2E, B9, 7C, F7, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3008] C:\WINDOWS\system32\USER32.dll!FindWindowW + 1 00007fff2a619a71 2 bytes [B8, 94] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3008] C:\WINDOWS\system32\USER32.dll!FindWindowW + 4 00007fff2a619a74 4 bytes [B9, 7C, F7, 7F] .text ... * 2 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3008] C:\WINDOWS\system32\USER32.dll!FindWindowExW + 1 00007fff2a61b6d1 11 bytes [B8, 2A, 39, B9, 7C, F7, 7F, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3008] C:\WINDOWS\system32\USER32.dll!FindWindowExA + 1 00007fff2a61bc01 7 bytes [B8, FE, 37, B9, 7C, F7, 7F] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3008] C:\WINDOWS\system32\USER32.dll!FindWindowExA + 9 00007fff2a61bc09 3 bytes [00, 50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3008] C:\WINDOWS\system32\USER32.dll!CreateDialogIndirectParamAorW + 1 00007fff2a61f8a1 11 bytes [B8, E4, 33, B9, 7C, F7, 7F, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3008] C:\WINDOWS\system32\USER32.dll!DialogBoxIndirectParamAorW + 1 00007fff2a637751 11 bytes [B8, 7A, 34, B9, 7C, F7, 7F, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3008] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageA + 1 00007fff2a63c5d1 11 bytes [B8, 18, 3E, B9, 7C, F7, 7F, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3008] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA + 1 00007fff2a660ec1 8 bytes [B8, DC, 2C, B9, 7C, F7, 7F, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3008] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA + 10 00007fff2a660eca 2 bytes [50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3008] C:\WINDOWS\system32\USER32.dll!MessageBoxExA + 1 00007fff2a687d91 11 bytes [B8, 10, 35, B9, 7C, F7, 7F, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3008] C:\WINDOWS\system32\USER32.dll!MessageBoxExW + 1 00007fff2a687dc1 11 bytes [B8, A6, 35, B9, 7C, F7, 7F, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3008] C:\WINDOWS\system32\USER32.dll!SetWindowTextA + 1 00007fff2a6910b1 11 bytes [B8, 3C, 36, B9, 7C, F7, 7F, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3008] C:\WINDOWS\system32\USER32.dll!FindWindowA + 1 00007fff2a691501 11 bytes [B8, 68, 37, B9, 7C, F7, 7F, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3008] C:\WINDOWS\system32\GDI32.dll!GdiDllInitialize + 465 00007fff29b446a1 11 bytes [B8, D4, 24, B9, 7C, F7, 7F, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3008] C:\WINDOWS\system32\GDI32.dll!NamedEscape + 1 00007fff29c13241 11 bytes [B8, 46, 2C, B9, 7C, F7, 7F, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3008] C:\WINDOWS\SYSTEM32\sechost.dll!CloseServiceHandle + 1 00007fff29e047a1 11 bytes [B8, B0, 2A, B9, 7C, F7, 7F, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3008] C:\WINDOWS\SYSTEM32\sechost.dll!OpenServiceW 00007fff29e04d10 12 bytes [48, B8, 96, 26, B9, 7C, F7, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3008] C:\WINDOWS\SYSTEM32\sechost.dll!OpenServiceA 00007fff29e0a830 12 bytes [48, B8, 00, 26, B9, 7C, F7, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3008] C:\WINDOWS\SYSTEM32\sechost.dll!ControlService + 1 00007fff29e0ae11 11 bytes [B8, 58, 28, B9, 7C, F7, 7F, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3008] C:\WINDOWS\SYSTEM32\sechost.dll!ControlServiceExW + 1 00007fff29e0ed61 11 bytes [B8, C2, 27, B9, 7C, F7, 7F, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3008] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW + 1 00007fff29e24021 11 bytes [B8, 1A, 2A, B9, 7C, F7, 7F, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3008] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService + 1 00007fff29e2a1a1 11 bytes [B8, EE, 28, B9, 7C, F7, 7F, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3008] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA + 1 00007fff29e2de41 11 bytes [B8, 84, 29, B9, 7C, F7, 7F, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3008] C:\WINDOWS\SYSTEM32\sechost.dll!ControlServiceExA + 1 00007fff29e3ddf1 11 bytes [B8, 2C, 27, B9, 7C, F7, 7F, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3008] C:\WINDOWS\system32\SHELL32.dll!Shell_NotifyIconW + 1 00007fff286b6591 11 bytes [B8, 4C, 46, B9, 7C, F7, 7F, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3008] C:\Windows\System32\urlmon.dll!URLDownloadToCacheFileW 00007fff25000560 12 bytes [48, B8, 0E, 48, B9, 7C, F7, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3008] C:\Windows\System32\urlmon.dll!URLDownloadToFileW + 1 00007fff25001121 11 bytes [B8, 78, 47, B9, 7C, F7, 7F, ...] .text C:\WINDOWS\system32\wbem\unsecapp.exe[2560] C:\WINDOWS\system32\KERNEL32.DLL!CreateToolhelp32Snapshot 00007fff284edb10 12 bytes [48, B8, 1E, 08, F9, A3, F6, ...] .text C:\WINDOWS\system32\wbem\unsecapp.exe[2560] C:\WINDOWS\system32\KERNEL32.DLL!Process32NextW 00007fff284ee1f0 12 bytes [48, B8, 02, 15, F9, A3, F6, ...] .text C:\WINDOWS\system32\wbem\unsecapp.exe[2560] C:\WINDOWS\system32\KERNEL32.DLL!GetStartupInfoA + 1 00007fff285834b1 11 bytes [B8, 8E, 1F, F9, A3, F6, 7F, ...] .text C:\WINDOWS\system32\wbem\unsecapp.exe[2560] C:\WINDOWS\system32\KERNEL32.DLL!MoveFileExA + 1 00007fff285aaba1 8 bytes [B8, F0, 17, F9, A3, F6, 7F, ...] .text C:\WINDOWS\system32\wbem\unsecapp.exe[2560] C:\WINDOWS\system32\KERNEL32.DLL!MoveFileExA + 10 00007fff285aabaa 2 bytes [50, C3] .text C:\WINDOWS\system32\wbem\unsecapp.exe[2560] C:\WINDOWS\system32\KERNEL32.DLL!MoveFileWithProgressA + 1 00007fff285aaca1 11 bytes [B8, 1C, 19, F9, A3, F6, 7F, ...] .text C:\WINDOWS\system32\wbem\unsecapp.exe[2560] C:\WINDOWS\system32\KERNELBASE.dll!CloseHandle 00007fff27a914c0 12 bytes [48, B8, CE, 0C, F9, A3, F6, ...] .text C:\WINDOWS\system32\wbem\unsecapp.exe[2560] C:\WINDOWS\system32\KERNELBASE.dll!FreeLibrary + 1 00007fff27a921d1 11 bytes [B8, D6, 13, F9, A3, F6, 7F, ...] .text C:\WINDOWS\system32\wbem\unsecapp.exe[2560] C:\WINDOWS\system32\KERNELBASE.dll!GetProcAddress 00007fff27a942a0 12 bytes [48, B8, 6C, 14, F9, A3, F6, ...] .text C:\WINDOWS\system32\wbem\unsecapp.exe[2560] C:\WINDOWS\system32\KERNELBASE.dll!CreateMutexW 00007fff27a96750 12 bytes [48, B8, 38, 0C, F9, A3, F6, ...] .text C:\WINDOWS\system32\wbem\unsecapp.exe[2560] C:\WINDOWS\system32\KERNELBASE.dll!OpenThread 00007fff27a96780 12 bytes [48, B8, E0, 09, F9, A3, F6, ...] .text C:\WINDOWS\system32\wbem\unsecapp.exe[2560] C:\WINDOWS\system32\KERNELBASE.dll!OpenMutexW + 1 00007fff27a98931 11 bytes [B8, A2, 0B, F9, A3, F6, 7F, ...] .text C:\WINDOWS\system32\wbem\unsecapp.exe[2560] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW + 1 00007fff27a98c41 11 bytes [B8, 40, 13, F9, A3, F6, 7F, ...] .text C:\WINDOWS\system32\wbem\unsecapp.exe[2560] C:\WINDOWS\system32\KERNELBASE.dll!FindClose + 1 00007fff27a99101 11 bytes [B8, F8, 1E, F9, A3, F6, 7F, ...] .text C:\WINDOWS\system32\wbem\unsecapp.exe[2560] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExA + 1 00007fff27a996b1 11 bytes [B8, AA, 12, F9, A3, F6, 7F, ...] .text C:\WINDOWS\system32\wbem\unsecapp.exe[2560] C:\WINDOWS\system32\KERNELBASE.dll!DeleteFileW + 1 00007fff27a9ab21 11 bytes [B8, 74, 1B, F9, A3, F6, 7F, ...] .text C:\WINDOWS\system32\wbem\unsecapp.exe[2560] C:\WINDOWS\system32\KERNELBASE.dll!FindFirstFileExW 00007fff27a9c390 12 bytes [48, B8, CC, 1D, F9, A3, F6, ...] .text C:\WINDOWS\system32\wbem\unsecapp.exe[2560] C:\WINDOWS\system32\KERNELBASE.dll!FindNextFileW + 1 00007fff27a9f901 11 bytes [B8, 62, 1E, F9, A3, F6, 7F, ...] .text C:\WINDOWS\system32\wbem\unsecapp.exe[2560] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileWithProgressW + 1 00007fff27aa2121 11 bytes [B8, B2, 19, F9, A3, F6, 7F, ...] .text C:\WINDOWS\system32\wbem\unsecapp.exe[2560] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW 00007fff27acfcf0 12 bytes [48, B8, 9A, 04, F9, A3, F6, ...] .text C:\WINDOWS\system32\wbem\unsecapp.exe[2560] C:\WINDOWS\system32\KERNELBASE.dll!DeleteFileA 00007fff27ad10e0 12 bytes [48, B8, 0A, 1C, F9, A3, F6, ...] .text C:\WINDOWS\system32\wbem\unsecapp.exe[2560] C:\WINDOWS\system32\KERNELBASE.dll!WriteProcessMemory + 1 00007fff27aea6c1 11 bytes [B8, 0C, 0B, F9, A3, F6, 7F, ...] .text C:\WINDOWS\system32\wbem\unsecapp.exe[2560] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileExW + 1 00007fff27aedb51 8 bytes [B8, 86, 18, F9, A3, F6, 7F, ...] .text C:\WINDOWS\system32\wbem\unsecapp.exe[2560] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileExW + 10 00007fff27aedb5a 2 bytes [50, C3] .text C:\WINDOWS\system32\wbem\unsecapp.exe[2560] C:\WINDOWS\system32\KERNELBASE.dll!DefineDosDeviceW + 1 00007fff27b0a0e1 11 bytes [B8, 5A, 17, F9, A3, F6, 7F, ...] .text C:\WINDOWS\system32\wbem\unsecapp.exe[2560] C:\WINDOWS\system32\KERNELBASE.dll!CreateThread 00007fff27b0a4f0 12 bytes [48, B8, 76, 0A, F9, A3, F6, ...] .text C:\WINDOWS\system32\wbem\unsecapp.exe[2560] C:\WINDOWS\system32\KERNELBASE.dll!ReadConsoleInputA + 1 00007fff27b5fae1 11 bytes [B8, FA, 0D, F9, A3, F6, 7F, ...] .text C:\WINDOWS\system32\wbem\unsecapp.exe[2560] C:\WINDOWS\system32\KERNELBASE.dll!ReadConsoleInputW + 1 00007fff27b5fb61 11 bytes [B8, 90, 0E, F9, A3, F6, 7F, ...] .text C:\WINDOWS\system32\wbem\unsecapp.exe[2560] C:\WINDOWS\system32\KERNELBASE.dll!ReadConsoleA 00007fff27b60610 12 bytes [48, B8, 26, 0F, F9, A3, F6, ...] .text C:\WINDOWS\system32\wbem\unsecapp.exe[2560] C:\WINDOWS\system32\KERNELBASE.dll!ReadConsoleW 00007fff27b60840 12 bytes [48, B8, BC, 0F, F9, A3, F6, ...] .text C:\WINDOWS\system32\wbem\unsecapp.exe[2560] C:\WINDOWS\system32\KERNELBASE.dll!CreateRemoteThread 00007fff27b70f50 12 bytes [48, B8, AC, 01, F9, A3, F6, ...] .text C:\WINDOWS\system32\wbem\unsecapp.exe[2560] C:\WINDOWS\SYSTEM32\sechost.dll!CloseServiceHandle + 1 00007fff29e047a1 11 bytes [B8, 84, 29, F9, A3, F6, 7F, ...] .text C:\WINDOWS\system32\wbem\unsecapp.exe[2560] C:\WINDOWS\SYSTEM32\sechost.dll!OpenServiceW 00007fff29e04d10 12 bytes [48, B8, 6A, 25, F9, A3, F6, ...] .text C:\WINDOWS\system32\wbem\unsecapp.exe[2560] C:\WINDOWS\SYSTEM32\sechost.dll!OpenServiceA 00007fff29e0a830 12 bytes [48, B8, D4, 24, F9, A3, F6, ...] .text C:\WINDOWS\system32\wbem\unsecapp.exe[2560] C:\WINDOWS\SYSTEM32\sechost.dll!ControlService + 1 00007fff29e0ae11 11 bytes [B8, 2C, 27, F9, A3, F6, 7F, ...] .text C:\WINDOWS\system32\wbem\unsecapp.exe[2560] C:\WINDOWS\SYSTEM32\sechost.dll!ControlServiceExW + 1 00007fff29e0ed61 11 bytes [B8, 96, 26, F9, A3, F6, 7F, ...] .text C:\WINDOWS\system32\wbem\unsecapp.exe[2560] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW + 1 00007fff29e24021 11 bytes [B8, EE, 28, F9, A3, F6, 7F, ...] .text C:\WINDOWS\system32\wbem\unsecapp.exe[2560] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService + 1 00007fff29e2a1a1 11 bytes [B8, C2, 27, F9, A3, F6, 7F, ...] .text C:\WINDOWS\system32\wbem\unsecapp.exe[2560] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA + 1 00007fff29e2de41 11 bytes [B8, 58, 28, F9, A3, F6, 7F, ...] .text C:\WINDOWS\system32\wbem\unsecapp.exe[2560] C:\WINDOWS\SYSTEM32\sechost.dll!ControlServiceExA + 1 00007fff29e3ddf1 11 bytes [B8, 00, 26, F9, A3, F6, 7F, ...] .text C:\WINDOWS\system32\wbem\unsecapp.exe[2560] C:\WINDOWS\system32\WS2_32.dll!closesocket 00007fff28212210 12 bytes [48, B8, 9E, 2D, F9, A3, F6, ...] .text C:\WINDOWS\system32\wbem\unsecapp.exe[2560] C:\WINDOWS\system32\WS2_32.dll!WSASocketW 00007fff28212600 12 bytes [48, B8, 08, 2D, F9, A3, F6, ...] .text C:\WINDOWS\system32\wbem\unsecapp.exe[2560] C:\WINDOWS\system32\WS2_32.dll!socket + 1 00007fff28212971 11 bytes [B8, CA, 2E, F9, A3, F6, 7F, ...] .text C:\WINDOWS\system32\wbem\unsecapp.exe[2560] C:\WINDOWS\system32\WS2_32.dll!GetAddrInfoW 00007fff28213400 12 bytes [48, B8, B0, 2A, F9, A3, F6, ...] .text C:\WINDOWS\system32\wbem\unsecapp.exe[2560] C:\WINDOWS\system32\WS2_32.dll!GetAddrInfoExW 00007fff28219e10 12 bytes [48, B8, 46, 2B, F9, A3, F6, ...] .text C:\WINDOWS\system32\wbem\unsecapp.exe[2560] C:\WINDOWS\system32\WS2_32.dll!recv + 1 00007fff2821f6c1 11 bytes [B8, F6, 2F, F9, A3, F6, 7F, ...] .text C:\WINDOWS\system32\wbem\unsecapp.exe[2560] C:\WINDOWS\system32\WS2_32.dll!WSASend + 1 00007fff2821fa21 11 bytes [B8, 34, 2E, F9, A3, F6, 7F, ...] .text C:\WINDOWS\system32\wbem\unsecapp.exe[2560] C:\WINDOWS\system32\WS2_32.dll!WSARecv + 1 00007fff2821fc01 11 bytes [B8, 8C, 30, F9, A3, F6, 7F, ...] .text C:\WINDOWS\system32\wbem\unsecapp.exe[2560] C:\WINDOWS\system32\WS2_32.dll!connect 00007fff282201d0 12 bytes [48, B8, 1A, 2A, F9, A3, F6, ...] .text C:\WINDOWS\system32\wbem\unsecapp.exe[2560] C:\WINDOWS\system32\WS2_32.dll!send + 1 00007fff28223d31 11 bytes [B8, 72, 2C, F9, A3, F6, 7F, ...] .text C:\WINDOWS\system32\wbem\unsecapp.exe[2560] C:\WINDOWS\system32\WS2_32.dll!WSAConnect + 1 00007fff282269a1 11 bytes [B8, 60, 2F, F9, A3, F6, 7F, ...] .text C:\WINDOWS\system32\wbem\unsecapp.exe[2560] C:\WINDOWS\system32\WS2_32.dll!gethostbyname + 1 00007fff282355c1 11 bytes [B8, DC, 2B, F9, A3, F6, 7F, ...] .text C:\WINDOWS\system32\wbem\unsecapp.exe[2560] C:\WINDOWS\SYSTEM32\user32.dll!ShowWindow 00007fff2a6011b0 12 bytes [48, B8, 56, 3A, F9, A3, F6, ...] .text C:\WINDOWS\system32\wbem\unsecapp.exe[2560] C:\WINDOWS\SYSTEM32\user32.dll!UnhookWindowsHookEx 00007fff2a601210 12 bytes [48, B8, 94, 38, F9, A3, F6, ...] .text C:\WINDOWS\system32\wbem\unsecapp.exe[2560] C:\WINDOWS\SYSTEM32\user32.dll!GetMessageW 00007fff2a602660 12 bytes [48, B8, 3C, 36, F9, A3, F6, ...] .text C:\WINDOWS\system32\wbem\unsecapp.exe[2560] C:\WINDOWS\SYSTEM32\user32.dll!PeekMessageW + 1 00007fff2a602981 11 bytes [B8, 68, 37, F9, A3, F6, 7F, ...] .text C:\WINDOWS\system32\wbem\unsecapp.exe[2560] C:\WINDOWS\SYSTEM32\user32.dll!GetWindowLongPtrW + 1 00007fff2a602b31 11 bytes [B8, 5E, 41, F9, A3, F6, 7F, ...] .text C:\WINDOWS\system32\wbem\unsecapp.exe[2560] C:\WINDOWS\SYSTEM32\user32.dll!CallNextHookEx 00007fff2a602ee0 12 bytes [48, B8, FE, 37, F9, A3, F6, ...] .text C:\WINDOWS\system32\wbem\unsecapp.exe[2560] C:\WINDOWS\SYSTEM32\user32.dll!GetWindowLongPtrA + 1 00007fff2a6043f1 11 bytes [B8, C8, 40, F9, A3, F6, 7F, ...] .text C:\WINDOWS\system32\wbem\unsecapp.exe[2560] C:\WINDOWS\SYSTEM32\user32.dll!GetMessageA + 1 00007fff2a606181 11 bytes [B8, A6, 35, F9, A3, F6, 7F, ...] .text C:\WINDOWS\system32\wbem\unsecapp.exe[2560] C:\WINDOWS\SYSTEM32\user32.dll!SetWindowsHookExW + 1 00007fff2a606381 7 bytes [B8, 7A, 34, F9, A3, F6, 7F] .text C:\WINDOWS\system32\wbem\unsecapp.exe[2560] C:\WINDOWS\SYSTEM32\user32.dll!SetWindowsHookExW + 9 00007fff2a606389 3 bytes [00, 50, C3] .text C:\WINDOWS\system32\wbem\unsecapp.exe[2560] C:\WINDOWS\SYSTEM32\user32.dll!CreateWindowExW 00007fff2a606d80 8 bytes [48, B8, 2A, 39, F9, A3, F6, ...] .text C:\WINDOWS\system32\wbem\unsecapp.exe[2560] C:\WINDOWS\SYSTEM32\user32.dll!CreateWindowExW + 10 00007fff2a606d8a 2 bytes [50, C3] .text C:\WINDOWS\system32\wbem\unsecapp.exe[2560] C:\WINDOWS\SYSTEM32\user32.dll!GetWindowLongA 00007fff2a609970 12 bytes [48, B8, F4, 41, F9, A3, F6, ...] .text C:\WINDOWS\system32\wbem\unsecapp.exe[2560] C:\WINDOWS\SYSTEM32\user32.dll!CreateWindowExA 00007fff2a60ab20 8 bytes [48, B8, C0, 39, F9, A3, F6, ...] .text C:\WINDOWS\system32\wbem\unsecapp.exe[2560] C:\WINDOWS\SYSTEM32\user32.dll!CreateWindowExA + 10 00007fff2a60ab2a 2 bytes [50, C3] .text C:\WINDOWS\system32\wbem\unsecapp.exe[2560] C:\WINDOWS\SYSTEM32\user32.dll!GetWindowLongW + 1 00007fff2a60b041 11 bytes [B8, 8A, 42, F9, A3, F6, 7F, ...] .text C:\WINDOWS\system32\wbem\unsecapp.exe[2560] C:\WINDOWS\SYSTEM32\user32.dll!SendNotifyMessageW + 1 00007fff2a60b7e1 11 bytes [B8, B6, 45, F9, A3, F6, 7F, ...] .text C:\WINDOWS\system32\wbem\unsecapp.exe[2560] C:\WINDOWS\SYSTEM32\user32.dll!SetWindowTextW + 1 00007fff2a60dc61 11 bytes [B8, DA, 3D, F9, A3, F6, 7F, ...] .text C:\WINDOWS\system32\wbem\unsecapp.exe[2560] C:\WINDOWS\SYSTEM32\user32.dll!PeekMessageA + 1 00007fff2a60e971 11 bytes [B8, D2, 36, F9, A3, F6, 7F, ...] .text C:\WINDOWS\system32\wbem\unsecapp.exe[2560] C:\WINDOWS\SYSTEM32\user32.dll!UserClientDllInitialize + 1 00007fff2a60ecf1 11 bytes [B8, 22, 31, F9, A3, F6, 7F, ...] .text C:\WINDOWS\system32\wbem\unsecapp.exe[2560] C:\WINDOWS\SYSTEM32\user32.dll!SetWinEventHook 00007fff2a615220 12 bytes [48, B8, 10, 35, F9, A3, F6, ...] .text C:\WINDOWS\system32\wbem\unsecapp.exe[2560] C:\WINDOWS\SYSTEM32\user32.dll!FindWindowW + 1 00007fff2a619a71 7 bytes [B8, 9C, 3F, F9, A3, F6, 7F] .text C:\WINDOWS\system32\wbem\unsecapp.exe[2560] C:\WINDOWS\SYSTEM32\user32.dll!FindWindowW + 9 00007fff2a619a79 3 bytes [00, 50, C3] .text C:\WINDOWS\system32\wbem\unsecapp.exe[2560] C:\WINDOWS\SYSTEM32\user32.dll!FindWindowExW + 1 00007fff2a61b6d1 11 bytes [B8, 32, 40, F9, A3, F6, 7F, ...] .text C:\WINDOWS\system32\wbem\unsecapp.exe[2560] C:\WINDOWS\SYSTEM32\user32.dll!FindWindowExA + 1 00007fff2a61bc01 7 bytes [B8, 06, 3F, F9, A3, F6, 7F] .text C:\WINDOWS\system32\wbem\unsecapp.exe[2560] C:\WINDOWS\SYSTEM32\user32.dll!FindWindowExA + 9 00007fff2a61bc09 3 bytes [00, 50, C3] .text C:\WINDOWS\system32\wbem\unsecapp.exe[2560] C:\WINDOWS\SYSTEM32\user32.dll!CreateDialogIndirectParamAorW + 1 00007fff2a61f8a1 11 bytes [B8, EC, 3A, F9, A3, F6, 7F, ...] .text C:\WINDOWS\system32\wbem\unsecapp.exe[2560] C:\WINDOWS\SYSTEM32\user32.dll!DialogBoxIndirectParamAorW + 1 00007fff2a637751 11 bytes [B8, 82, 3B, F9, A3, F6, 7F, ...] .text C:\WINDOWS\system32\wbem\unsecapp.exe[2560] C:\WINDOWS\SYSTEM32\user32.dll!SendNotifyMessageA + 1 00007fff2a63c5d1 11 bytes [B8, 20, 45, F9, A3, F6, 7F, ...] .text C:\WINDOWS\system32\wbem\unsecapp.exe[2560] C:\WINDOWS\SYSTEM32\user32.dll!SetWindowsHookExA + 1 00007fff2a660ec1 8 bytes [B8, E4, 33, F9, A3, F6, 7F, ...] .text C:\WINDOWS\system32\wbem\unsecapp.exe[2560] C:\WINDOWS\SYSTEM32\user32.dll!SetWindowsHookExA + 10 00007fff2a660eca 2 bytes [50, C3] .text C:\WINDOWS\system32\wbem\unsecapp.exe[2560] C:\WINDOWS\SYSTEM32\user32.dll!MessageBoxExA + 1 00007fff2a687d91 11 bytes [B8, 18, 3C, F9, A3, F6, 7F, ...] .text C:\WINDOWS\system32\wbem\unsecapp.exe[2560] C:\WINDOWS\SYSTEM32\user32.dll!MessageBoxExW + 1 00007fff2a687dc1 11 bytes [B8, AE, 3C, F9, A3, F6, 7F, ...] .text C:\WINDOWS\system32\wbem\unsecapp.exe[2560] C:\WINDOWS\SYSTEM32\user32.dll!SetWindowTextA + 1 00007fff2a6910b1 11 bytes [B8, 44, 3D, F9, A3, F6, 7F, ...] .text C:\WINDOWS\system32\wbem\unsecapp.exe[2560] C:\WINDOWS\SYSTEM32\user32.dll!FindWindowA + 1 00007fff2a691501 11 bytes [B8, 70, 3E, F9, A3, F6, 7F, ...] .text C:\WINDOWS\Explorer.EXE[3160] C:\WINDOWS\system32\KERNEL32.DLL!CreateToolhelp32Snapshot 00007fff284edb10 12 bytes [48, B8, 1E, 08, 31, 44, F6, ...] .text C:\WINDOWS\Explorer.EXE[3160] C:\WINDOWS\system32\KERNEL32.DLL!GetStartupInfoA + 1 00007fff285834b1 11 bytes [B8, C4, 16, 31, 44, F6, 7F, ...] .text C:\WINDOWS\Explorer.EXE[3160] C:\WINDOWS\system32\KERNEL32.DLL!MoveFileExA + 1 00007fff285aaba1 8 bytes [B8, 26, 0F, 31, 44, F6, 7F, ...] .text C:\WINDOWS\Explorer.EXE[3160] C:\WINDOWS\system32\KERNEL32.DLL!MoveFileExA + 10 00007fff285aabaa 2 bytes [50, C3] .text C:\WINDOWS\Explorer.EXE[3160] C:\WINDOWS\system32\KERNEL32.DLL!MoveFileWithProgressA + 1 00007fff285aaca1 4 bytes [B8, 52, 10, 31] .text C:\WINDOWS\Explorer.EXE[3160] C:\WINDOWS\system32\KERNEL32.DLL!MoveFileWithProgressA + 6 00007fff285aaca6 6 bytes [F6, 7F, 00, 00, 50, C3] .text C:\WINDOWS\Explorer.EXE[3160] C:\WINDOWS\system32\KERNELBASE.dll!OpenThread 00007fff27a96780 12 bytes [48, B8, E0, 09, 31, 44, F6, ...] .text C:\WINDOWS\Explorer.EXE[3160] C:\WINDOWS\system32\KERNELBASE.dll!FindClose + 1 00007fff27a99101 11 bytes [B8, 2E, 16, 31, 44, F6, 7F, ...] .text C:\WINDOWS\Explorer.EXE[3160] C:\WINDOWS\system32\KERNELBASE.dll!DeleteFileW + 1 00007fff27a9ab21 11 bytes [B8, AA, 12, 31, 44, F6, 7F, ...] .text C:\WINDOWS\Explorer.EXE[3160] C:\WINDOWS\system32\KERNELBASE.dll!FindFirstFileExW 00007fff27a9c390 12 bytes [48, B8, 02, 15, 31, 44, F6, ...] .text C:\WINDOWS\Explorer.EXE[3160] C:\WINDOWS\system32\KERNELBASE.dll!FindNextFileW + 1 00007fff27a9f901 11 bytes [B8, 98, 15, 31, 44, F6, 7F, ...] .text C:\WINDOWS\Explorer.EXE[3160] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileWithProgressW + 1 00007fff27aa2121 4 bytes [B8, E8, 10, 31] .text C:\WINDOWS\Explorer.EXE[3160] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileWithProgressW + 6 00007fff27aa2126 6 bytes [F6, 7F, 00, 00, 50, C3] .text C:\WINDOWS\Explorer.EXE[3160] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW 00007fff27acfcf0 12 bytes [48, B8, 9A, 04, 31, 44, F6, ...] .text C:\WINDOWS\Explorer.EXE[3160] C:\WINDOWS\system32\KERNELBASE.dll!DeleteFileA 00007fff27ad10e0 12 bytes [48, B8, 40, 13, 31, 44, F6, ...] .text C:\WINDOWS\Explorer.EXE[3160] C:\WINDOWS\system32\KERNELBASE.dll!WriteProcessMemory + 1 00007fff27aea6c1 11 bytes [B8, 0C, 0B, 31, 44, F6, 7F, ...] .text C:\WINDOWS\Explorer.EXE[3160] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileExW + 1 00007fff27aedb51 8 bytes [B8, BC, 0F, 31, 44, F6, 7F, ...] .text C:\WINDOWS\Explorer.EXE[3160] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileExW + 10 00007fff27aedb5a 2 bytes [50, C3] .text C:\WINDOWS\Explorer.EXE[3160] C:\WINDOWS\system32\KERNELBASE.dll!DefineDosDeviceW + 1 00007fff27b0a0e1 11 bytes [B8, 90, 0E, 31, 44, F6, 7F, ...] .text C:\WINDOWS\Explorer.EXE[3160] C:\WINDOWS\system32\KERNELBASE.dll!CreateThread 00007fff27b0a4f0 12 bytes [48, B8, 76, 0A, 31, 44, F6, ...] .text C:\WINDOWS\Explorer.EXE[3160] C:\WINDOWS\system32\KERNELBASE.dll!CreateRemoteThread 00007fff27b70f50 12 bytes [48, B8, AC, 01, 31, 44, F6, ...] .text C:\WINDOWS\Explorer.EXE[3160] C:\WINDOWS\SYSTEM32\advapi32.dll!CryptExportKey + 161 00007fff29d52141 11 bytes [B8, 12, 23, 31, 44, F6, 7F, ...] .text C:\WINDOWS\Explorer.EXE[3160] C:\WINDOWS\SYSTEM32\advapi32.dll!EnableTrace + 65 00007fff29d5b931 11 bytes [B8, 7C, 22, 31, 44, F6, 7F, ...] .text C:\WINDOWS\Explorer.EXE[3160] C:\WINDOWS\SYSTEM32\advapi32.dll!RegisterServiceCtrlHandlerExA + 769 00007fff29da2671 11 bytes [B8, 00, 26, 31, 44, F6, 7F, ...] .text C:\WINDOWS\Explorer.EXE[3160] C:\WINDOWS\SYSTEM32\advapi32.dll!RegisterServiceCtrlHandlerExA + 801 00007fff29da2691 11 bytes [B8, 6A, 25, 31, 44, F6, 7F, ...] .text C:\WINDOWS\Explorer.EXE[3160] C:\WINDOWS\SYSTEM32\advapi32.dll!CreateServiceA 00007fff29dadd30 12 bytes [48, B8, 50, 21, 31, 44, F6, ...] .text C:\WINDOWS\Explorer.EXE[3160] C:\WINDOWS\SYSTEM32\advapi32.dll!CreateServiceW 00007fff29daddc0 12 bytes [48, B8, E6, 21, 31, 44, F6, ...] .text C:\WINDOWS\Explorer.EXE[3160] C:\WINDOWS\system32\USER32.dll!GetWindowLongPtrW + 1 00007fff2a602b31 11 bytes [B8, 08, 2E, 31, 44, F6, 7F, ...] .text C:\WINDOWS\Explorer.EXE[3160] C:\WINDOWS\system32\USER32.dll!GetWindowLongPtrA + 1 00007fff2a6043f1 11 bytes [B8, 72, 2D, 31, 44, F6, 7F, ...] .text C:\WINDOWS\Explorer.EXE[3160] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW + 1 00007fff2a606381 7 bytes [B8, EE, 29, 31, 44, F6, 7F] .text C:\WINDOWS\Explorer.EXE[3160] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW + 9 00007fff2a606389 3 bytes [00, 50, C3] .text C:\WINDOWS\Explorer.EXE[3160] C:\WINDOWS\system32\USER32.dll!GetWindowLongA 00007fff2a609970 12 bytes [48, B8, 9E, 2E, 31, 44, F6, ...] .text C:\WINDOWS\Explorer.EXE[3160] C:\WINDOWS\system32\USER32.dll!GetWindowLongW + 1 00007fff2a60b041 11 bytes [B8, 34, 2F, 31, 44, F6, 7F, ...] .text C:\WINDOWS\Explorer.EXE[3160] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW + 1 00007fff2a60b7e1 11 bytes [B8, 60, 32, 31, 44, F6, 7F, ...] .text C:\WINDOWS\Explorer.EXE[3160] C:\WINDOWS\system32\USER32.dll!UserClientDllInitialize + 1 00007fff2a60ecf1 11 bytes [B8, 48, 1A, 31, 44, F6, 7F, ...] .text C:\WINDOWS\Explorer.EXE[3160] C:\WINDOWS\system32\USER32.dll!SetWinEventHook 00007fff2a615220 12 bytes [48, B8, 84, 2A, 31, 44, F6, ...] .text C:\WINDOWS\Explorer.EXE[3160] C:\WINDOWS\system32\USER32.dll!FindWindowW + 1 00007fff2a619a71 7 bytes [B8, 46, 2C, 31, 44, F6, 7F] .text C:\WINDOWS\Explorer.EXE[3160] C:\WINDOWS\system32\USER32.dll!FindWindowW + 9 00007fff2a619a79 3 bytes [00, 50, C3] .text C:\WINDOWS\Explorer.EXE[3160] C:\WINDOWS\system32\USER32.dll!FindWindowExW + 1 00007fff2a61b6d1 11 bytes [B8, DC, 2C, 31, 44, F6, 7F, ...] .text C:\WINDOWS\Explorer.EXE[3160] C:\WINDOWS\system32\USER32.dll!FindWindowExA + 1 00007fff2a61bc01 7 bytes [B8, B0, 2B, 31, 44, F6, 7F] .text C:\WINDOWS\Explorer.EXE[3160] C:\WINDOWS\system32\USER32.dll!FindWindowExA + 9 00007fff2a61bc09 3 bytes [00, 50, C3] .text C:\WINDOWS\Explorer.EXE[3160] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageA + 1 00007fff2a63c5d1 11 bytes [B8, CA, 31, 31, 44, F6, 7F, ...] .text C:\WINDOWS\Explorer.EXE[3160] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA + 1 00007fff2a660ec1 4 bytes [B8, 58, 29, 31] .text C:\WINDOWS\Explorer.EXE[3160] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA + 6 00007fff2a660ec6 3 bytes [F6, 7F, 00] .text ... * 2 .text C:\WINDOWS\Explorer.EXE[3160] C:\WINDOWS\system32\USER32.dll!FindWindowA + 1 00007fff2a691501 11 bytes [B8, 1A, 2B, 31, 44, F6, 7F, ...] .text C:\WINDOWS\Explorer.EXE[3160] C:\WINDOWS\system32\GDI32.dll!GdiDllInitialize + 465 00007fff29b446a1 11 bytes [B8, DE, 1A, 31, 44, F6, 7F, ...] .text C:\WINDOWS\Explorer.EXE[3160] C:\WINDOWS\system32\GDI32.dll!NamedEscape + 1 00007fff29c13241 11 bytes [B8, C2, 28, 31, 44, F6, 7F, ...] .text C:\WINDOWS\Explorer.EXE[3160] C:\WINDOWS\SYSTEM32\sechost.dll!CloseServiceHandle + 1 00007fff29e047a1 11 bytes [B8, BA, 20, 31, 44, F6, 7F, ...] .text C:\WINDOWS\Explorer.EXE[3160] C:\WINDOWS\SYSTEM32\sechost.dll!OpenServiceW 00007fff29e04d10 12 bytes [48, B8, A0, 1C, 31, 44, F6, ...] .text C:\WINDOWS\Explorer.EXE[3160] C:\WINDOWS\SYSTEM32\sechost.dll!OpenServiceA 00007fff29e0a830 12 bytes [48, B8, 0A, 1C, 31, 44, F6, ...] .text C:\WINDOWS\Explorer.EXE[3160] C:\WINDOWS\SYSTEM32\sechost.dll!ControlService + 1 00007fff29e0ae11 11 bytes [B8, 62, 1E, 31, 44, F6, 7F, ...] .text C:\WINDOWS\Explorer.EXE[3160] C:\WINDOWS\SYSTEM32\sechost.dll!ControlServiceExW + 1 00007fff29e0ed61 11 bytes [B8, CC, 1D, 31, 44, F6, 7F, ...] .text C:\WINDOWS\Explorer.EXE[3160] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW + 1 00007fff29e24021 11 bytes [B8, 24, 20, 31, 44, F6, 7F, ...] .text C:\WINDOWS\Explorer.EXE[3160] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService + 1 00007fff29e2a1a1 11 bytes [B8, F8, 1E, 31, 44, F6, 7F, ...] .text C:\WINDOWS\Explorer.EXE[3160] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA + 1 00007fff29e2de41 11 bytes [B8, 8E, 1F, 31, 44, F6, 7F, ...] .text C:\WINDOWS\Explorer.EXE[3160] C:\WINDOWS\SYSTEM32\sechost.dll!ControlServiceExA + 1 00007fff29e3ddf1 11 bytes [B8, 36, 1D, 31, 44, F6, 7F, ...] .text C:\WINDOWS\Explorer.EXE[3160] C:\WINDOWS\system32\WS2_32.dll!connect 00007fff282201d0 12 bytes [48, B8, 8C, 33, 31, 44, F6, ...] .text C:\WINDOWS\system32\taskhostex.exe[3200] C:\WINDOWS\system32\KERNEL32.DLL!CreateToolhelp32Snapshot 00007fff284edb10 12 bytes [48, B8, 1E, 08, F0, 38, F7, ...] .text C:\WINDOWS\system32\taskhostex.exe[3200] C:\WINDOWS\system32\KERNEL32.DLL!Process32NextW 00007fff284ee1f0 12 bytes [48, B8, 02, 15, F0, 38, F7, ...] .text C:\WINDOWS\system32\taskhostex.exe[3200] C:\WINDOWS\system32\KERNEL32.DLL!GetStartupInfoA + 1 00007fff285834b1 11 bytes [B8, 8E, 1F, F0, 38, F7, 7F, ...] .text C:\WINDOWS\system32\taskhostex.exe[3200] C:\WINDOWS\system32\KERNEL32.DLL!MoveFileExA + 1 00007fff285aaba1 8 bytes [B8, F0, 17, F0, 38, F7, 7F, ...] .text C:\WINDOWS\system32\taskhostex.exe[3200] C:\WINDOWS\system32\KERNEL32.DLL!MoveFileExA + 10 00007fff285aabaa 2 bytes [50, C3] .text C:\WINDOWS\system32\taskhostex.exe[3200] C:\WINDOWS\system32\KERNEL32.DLL!MoveFileWithProgressA + 1 00007fff285aaca1 11 bytes [B8, 1C, 19, F0, 38, F7, 7F, ...] .text C:\WINDOWS\system32\taskhostex.exe[3200] C:\WINDOWS\system32\KERNELBASE.dll!CloseHandle 00007fff27a914c0 12 bytes [48, B8, CE, 0C, F0, 38, F7, ...] .text C:\WINDOWS\system32\taskhostex.exe[3200] C:\WINDOWS\system32\KERNELBASE.dll!FreeLibrary + 1 00007fff27a921d1 11 bytes [B8, D6, 13, F0, 38, F7, 7F, ...] .text C:\WINDOWS\system32\taskhostex.exe[3200] C:\WINDOWS\system32\KERNELBASE.dll!GetProcAddress 00007fff27a942a0 12 bytes [48, B8, 6C, 14, F0, 38, F7, ...] .text C:\WINDOWS\system32\taskhostex.exe[3200] C:\WINDOWS\system32\KERNELBASE.dll!CreateMutexW 00007fff27a96750 12 bytes [48, B8, 38, 0C, F0, 38, F7, ...] .text C:\WINDOWS\system32\taskhostex.exe[3200] C:\WINDOWS\system32\KERNELBASE.dll!OpenThread 00007fff27a96780 12 bytes [48, B8, E0, 09, F0, 38, F7, ...] .text C:\WINDOWS\system32\taskhostex.exe[3200] C:\WINDOWS\system32\KERNELBASE.dll!OpenMutexW + 1 00007fff27a98931 11 bytes [B8, A2, 0B, F0, 38, F7, 7F, ...] .text C:\WINDOWS\system32\taskhostex.exe[3200] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW + 1 00007fff27a98c41 11 bytes [B8, 40, 13, F0, 38, F7, 7F, ...] .text C:\WINDOWS\system32\taskhostex.exe[3200] C:\WINDOWS\system32\KERNELBASE.dll!FindClose + 1 00007fff27a99101 11 bytes [B8, F8, 1E, F0, 38, F7, 7F, ...] .text C:\WINDOWS\system32\taskhostex.exe[3200] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExA + 1 00007fff27a996b1 11 bytes [B8, AA, 12, F0, 38, F7, 7F, ...] .text C:\WINDOWS\system32\taskhostex.exe[3200] C:\WINDOWS\system32\KERNELBASE.dll!DeleteFileW + 1 00007fff27a9ab21 11 bytes [B8, 74, 1B, F0, 38, F7, 7F, ...] .text C:\WINDOWS\system32\taskhostex.exe[3200] C:\WINDOWS\system32\KERNELBASE.dll!FindFirstFileExW 00007fff27a9c390 12 bytes [48, B8, CC, 1D, F0, 38, F7, ...] .text C:\WINDOWS\system32\taskhostex.exe[3200] C:\WINDOWS\system32\KERNELBASE.dll!FindNextFileW + 1 00007fff27a9f901 11 bytes [B8, 62, 1E, F0, 38, F7, 7F, ...] .text C:\WINDOWS\system32\taskhostex.exe[3200] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileWithProgressW + 1 00007fff27aa2121 11 bytes [B8, B2, 19, F0, 38, F7, 7F, ...] .text C:\WINDOWS\system32\taskhostex.exe[3200] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW 00007fff27acfcf0 12 bytes [48, B8, 9A, 04, F0, 38, F7, ...] .text C:\WINDOWS\system32\taskhostex.exe[3200] C:\WINDOWS\system32\KERNELBASE.dll!DeleteFileA 00007fff27ad10e0 12 bytes [48, B8, 0A, 1C, F0, 38, F7, ...] .text C:\WINDOWS\system32\taskhostex.exe[3200] C:\WINDOWS\system32\KERNELBASE.dll!WriteProcessMemory + 1 00007fff27aea6c1 11 bytes [B8, 0C, 0B, F0, 38, F7, 7F, ...] .text C:\WINDOWS\system32\taskhostex.exe[3200] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileExW + 1 00007fff27aedb51 8 bytes [B8, 86, 18, F0, 38, F7, 7F, ...] .text C:\WINDOWS\system32\taskhostex.exe[3200] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileExW + 10 00007fff27aedb5a 2 bytes [50, C3] .text C:\WINDOWS\system32\taskhostex.exe[3200] C:\WINDOWS\system32\KERNELBASE.dll!DefineDosDeviceW + 1 00007fff27b0a0e1 11 bytes [B8, 5A, 17, F0, 38, F7, 7F, ...] .text C:\WINDOWS\system32\taskhostex.exe[3200] C:\WINDOWS\system32\KERNELBASE.dll!CreateThread 00007fff27b0a4f0 12 bytes [48, B8, 76, 0A, F0, 38, F7, ...] .text C:\WINDOWS\system32\taskhostex.exe[3200] C:\WINDOWS\system32\KERNELBASE.dll!ReadConsoleInputA + 1 00007fff27b5fae1 11 bytes [B8, FA, 0D, F0, 38, F7, 7F, ...] .text C:\WINDOWS\system32\taskhostex.exe[3200] C:\WINDOWS\system32\KERNELBASE.dll!ReadConsoleInputW + 1 00007fff27b5fb61 11 bytes [B8, 90, 0E, F0, 38, F7, 7F, ...] .text C:\WINDOWS\system32\taskhostex.exe[3200] C:\WINDOWS\system32\KERNELBASE.dll!ReadConsoleA 00007fff27b60610 12 bytes [48, B8, 26, 0F, F0, 38, F7, ...] .text C:\WINDOWS\system32\taskhostex.exe[3200] C:\WINDOWS\system32\KERNELBASE.dll!ReadConsoleW 00007fff27b60840 12 bytes [48, B8, BC, 0F, F0, 38, F7, ...] .text C:\WINDOWS\system32\taskhostex.exe[3200] C:\WINDOWS\system32\KERNELBASE.dll!CreateRemoteThread 00007fff27b70f50 12 bytes [48, B8, AC, 01, F0, 38, F7, ...] .text C:\WINDOWS\system32\taskhostex.exe[3200] C:\WINDOWS\SYSTEM32\sechost.dll!CloseServiceHandle + 1 00007fff29e047a1 11 bytes [B8, EE, 28, F0, 38, F7, 7F, ...] .text C:\WINDOWS\system32\taskhostex.exe[3200] C:\WINDOWS\SYSTEM32\sechost.dll!OpenServiceW 00007fff29e04d10 12 bytes [48, B8, D4, 24, F0, 38, F7, ...] .text C:\WINDOWS\system32\taskhostex.exe[3200] C:\WINDOWS\SYSTEM32\sechost.dll!OpenServiceA 00007fff29e0a830 12 bytes [48, B8, 3E, 24, F0, 38, F7, ...] .text C:\WINDOWS\system32\taskhostex.exe[3200] C:\WINDOWS\SYSTEM32\sechost.dll!ControlService + 1 00007fff29e0ae11 11 bytes [B8, 96, 26, F0, 38, F7, 7F, ...] .text C:\WINDOWS\system32\taskhostex.exe[3200] C:\WINDOWS\SYSTEM32\sechost.dll!ControlServiceExW + 1 00007fff29e0ed61 11 bytes [B8, 00, 26, F0, 38, F7, 7F, ...] .text C:\WINDOWS\system32\taskhostex.exe[3200] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW + 1 00007fff29e24021 11 bytes [B8, 58, 28, F0, 38, F7, 7F, ...] .text C:\WINDOWS\system32\taskhostex.exe[3200] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService + 1 00007fff29e2a1a1 11 bytes [B8, 2C, 27, F0, 38, F7, 7F, ...] .text C:\WINDOWS\system32\taskhostex.exe[3200] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA + 1 00007fff29e2de41 11 bytes [B8, C2, 27, F0, 38, F7, 7F, ...] .text C:\WINDOWS\system32\taskhostex.exe[3200] C:\WINDOWS\SYSTEM32\sechost.dll!ControlServiceExA + 1 00007fff29e3ddf1 11 bytes [B8, 6A, 25, F0, 38, F7, 7F, ...] .text C:\WINDOWS\system32\taskhostex.exe[3200] C:\WINDOWS\SYSTEM32\user32.dll!ShowWindow 00007fff2a6011b0 12 bytes [48, B8, B8, 32, F0, 38, F7, ...] .text C:\WINDOWS\system32\taskhostex.exe[3200] C:\WINDOWS\SYSTEM32\user32.dll!UnhookWindowsHookEx 00007fff2a601210 12 bytes [48, B8, F6, 30, F0, 38, F7, ...] .text C:\WINDOWS\system32\taskhostex.exe[3200] C:\WINDOWS\SYSTEM32\user32.dll!GetMessageW 00007fff2a602660 12 bytes [48, B8, 9E, 2E, F0, 38, F7, ...] .text C:\WINDOWS\system32\taskhostex.exe[3200] C:\WINDOWS\SYSTEM32\user32.dll!PeekMessageW + 1 00007fff2a602981 11 bytes [B8, CA, 2F, F0, 38, F7, 7F, ...] .text C:\WINDOWS\system32\taskhostex.exe[3200] C:\WINDOWS\SYSTEM32\user32.dll!GetWindowLongPtrW + 1 00007fff2a602b31 11 bytes [B8, C0, 39, F0, 38, F7, 7F, ...] .text C:\WINDOWS\system32\taskhostex.exe[3200] C:\WINDOWS\SYSTEM32\user32.dll!CallNextHookEx 00007fff2a602ee0 12 bytes [48, B8, 60, 30, F0, 38, F7, ...] .text C:\WINDOWS\system32\taskhostex.exe[3200] C:\WINDOWS\SYSTEM32\user32.dll!GetWindowLongPtrA + 1 00007fff2a6043f1 11 bytes [B8, 2A, 39, F0, 38, F7, 7F, ...] .text C:\WINDOWS\system32\taskhostex.exe[3200] C:\WINDOWS\SYSTEM32\user32.dll!GetMessageA + 1 00007fff2a606181 11 bytes [B8, 08, 2E, F0, 38, F7, 7F, ...] .text C:\WINDOWS\system32\taskhostex.exe[3200] C:\WINDOWS\SYSTEM32\user32.dll!SetWindowsHookExW + 1 00007fff2a606381 7 bytes [B8, DC, 2C, F0, 38, F7, 7F] .text C:\WINDOWS\system32\taskhostex.exe[3200] C:\WINDOWS\SYSTEM32\user32.dll!SetWindowsHookExW + 9 00007fff2a606389 3 bytes [00, 50, C3] .text C:\WINDOWS\system32\taskhostex.exe[3200] C:\WINDOWS\SYSTEM32\user32.dll!CreateWindowExW 00007fff2a606d80 8 bytes [48, B8, 8C, 31, F0, 38, F7, ...] .text C:\WINDOWS\system32\taskhostex.exe[3200] C:\WINDOWS\SYSTEM32\user32.dll!CreateWindowExW + 10 00007fff2a606d8a 2 bytes [50, C3] .text C:\WINDOWS\system32\taskhostex.exe[3200] C:\WINDOWS\SYSTEM32\user32.dll!GetWindowLongA 00007fff2a609970 12 bytes [48, B8, 56, 3A, F0, 38, F7, ...] .text C:\WINDOWS\system32\taskhostex.exe[3200] C:\WINDOWS\SYSTEM32\user32.dll!CreateWindowExA 00007fff2a60ab20 8 bytes [48, B8, 22, 32, F0, 38, F7, ...] .text C:\WINDOWS\system32\taskhostex.exe[3200] C:\WINDOWS\SYSTEM32\user32.dll!CreateWindowExA + 10 00007fff2a60ab2a 2 bytes [50, C3] .text C:\WINDOWS\system32\taskhostex.exe[3200] C:\WINDOWS\SYSTEM32\user32.dll!GetWindowLongW + 1 00007fff2a60b041 11 bytes [B8, EC, 3A, F0, 38, F7, 7F, ...] .text C:\WINDOWS\system32\taskhostex.exe[3200] C:\WINDOWS\SYSTEM32\user32.dll!SendNotifyMessageW + 1 00007fff2a60b7e1 11 bytes [B8, 18, 3E, F0, 38, F7, 7F, ...] .text C:\WINDOWS\system32\taskhostex.exe[3200] C:\WINDOWS\SYSTEM32\user32.dll!SetWindowTextW + 1 00007fff2a60dc61 11 bytes [B8, 3C, 36, F0, 38, F7, 7F, ...] .text C:\WINDOWS\system32\taskhostex.exe[3200] C:\WINDOWS\SYSTEM32\user32.dll!PeekMessageA + 1 00007fff2a60e971 11 bytes [B8, 34, 2F, F0, 38, F7, 7F, ...] .text C:\WINDOWS\system32\taskhostex.exe[3200] C:\WINDOWS\SYSTEM32\user32.dll!UserClientDllInitialize + 1 00007fff2a60ecf1 11 bytes [B8, 84, 29, F0, 38, F7, 7F, ...] .text C:\WINDOWS\system32\taskhostex.exe[3200] C:\WINDOWS\SYSTEM32\user32.dll!SetWinEventHook 00007fff2a615220 12 bytes [48, B8, 72, 2D, F0, 38, F7, ...] .text C:\WINDOWS\system32\taskhostex.exe[3200] C:\WINDOWS\SYSTEM32\user32.dll!FindWindowW + 1 00007fff2a619a71 7 bytes [B8, FE, 37, F0, 38, F7, 7F] .text C:\WINDOWS\system32\taskhostex.exe[3200] C:\WINDOWS\SYSTEM32\user32.dll!FindWindowW + 9 00007fff2a619a79 3 bytes [00, 50, C3] .text C:\WINDOWS\system32\taskhostex.exe[3200] C:\WINDOWS\SYSTEM32\user32.dll!FindWindowExW + 1 00007fff2a61b6d1 11 bytes [B8, 94, 38, F0, 38, F7, 7F, ...] .text C:\WINDOWS\system32\taskhostex.exe[3200] C:\WINDOWS\SYSTEM32\user32.dll!FindWindowExA + 1 00007fff2a61bc01 7 bytes [B8, 68, 37, F0, 38, F7, 7F] .text C:\WINDOWS\system32\taskhostex.exe[3200] C:\WINDOWS\SYSTEM32\user32.dll!FindWindowExA + 9 00007fff2a61bc09 3 bytes [00, 50, C3] .text C:\WINDOWS\system32\taskhostex.exe[3200] C:\WINDOWS\SYSTEM32\user32.dll!CreateDialogIndirectParamAorW + 1 00007fff2a61f8a1 11 bytes [B8, 4E, 33, F0, 38, F7, 7F, ...] .text C:\WINDOWS\system32\taskhostex.exe[3200] C:\WINDOWS\SYSTEM32\user32.dll!DialogBoxIndirectParamAorW + 1 00007fff2a637751 11 bytes [B8, E4, 33, F0, 38, F7, 7F, ...] .text C:\WINDOWS\system32\taskhostex.exe[3200] C:\WINDOWS\SYSTEM32\user32.dll!SendNotifyMessageA + 1 00007fff2a63c5d1 11 bytes [B8, 82, 3D, F0, 38, F7, 7F, ...] .text C:\WINDOWS\system32\taskhostex.exe[3200] C:\WINDOWS\SYSTEM32\user32.dll!SetWindowsHookExA + 1 00007fff2a660ec1 8 bytes [B8, 46, 2C, F0, 38, F7, 7F, ...] .text C:\WINDOWS\system32\taskhostex.exe[3200] C:\WINDOWS\SYSTEM32\user32.dll!SetWindowsHookExA + 10 00007fff2a660eca 2 bytes [50, C3] .text C:\WINDOWS\system32\taskhostex.exe[3200] C:\WINDOWS\SYSTEM32\user32.dll!MessageBoxExA + 1 00007fff2a687d91 11 bytes [B8, 7A, 34, F0, 38, F7, 7F, ...] .text C:\WINDOWS\system32\taskhostex.exe[3200] C:\WINDOWS\SYSTEM32\user32.dll!MessageBoxExW + 1 00007fff2a687dc1 11 bytes [B8, 10, 35, F0, 38, F7, 7F, ...] .text C:\WINDOWS\system32\taskhostex.exe[3200] C:\WINDOWS\SYSTEM32\user32.dll!SetWindowTextA + 1 00007fff2a6910b1 11 bytes [B8, A6, 35, F0, 38, F7, 7F, ...] .text C:\WINDOWS\system32\taskhostex.exe[3200] C:\WINDOWS\SYSTEM32\user32.dll!FindWindowA + 1 00007fff2a691501 11 bytes [B8, D2, 36, F0, 38, F7, 7F, ...] .text C:\WINDOWS\system32\taskhostex.exe[3200] C:\WINDOWS\system32\SHELL32.dll!Shell_NotifyIconW + 1 00007fff286b6591 11 bytes [B8, 44, 3F, F0, 38, F7, 7F, ...] .text C:\WINDOWS\system32\taskhostex.exe[3200] C:\WINDOWS\system32\ADVAPI32.dll!CryptExportKey + 161 00007fff29d52141 11 bytes [B8, 32, 42, F0, 38, F7, 7F, ...] .text C:\WINDOWS\system32\taskhostex.exe[3200] C:\WINDOWS\system32\ADVAPI32.dll!EnableTrace + 65 00007fff29d5b931 11 bytes [B8, 9C, 41, F0, 38, F7, 7F, ...] .text C:\WINDOWS\system32\taskhostex.exe[3200] C:\WINDOWS\system32\ADVAPI32.dll!RegisterServiceCtrlHandlerExA + 769 00007fff29da2671 11 bytes [B8, 20, 45, F0, 38, F7, 7F, ...] .text C:\WINDOWS\system32\taskhostex.exe[3200] C:\WINDOWS\system32\ADVAPI32.dll!RegisterServiceCtrlHandlerExA + 801 00007fff29da2691 11 bytes [B8, 8A, 44, F0, 38, F7, 7F, ...] .text C:\WINDOWS\system32\taskhostex.exe[3200] C:\WINDOWS\system32\ADVAPI32.dll!CreateServiceA 00007fff29dadd30 12 bytes [48, B8, 70, 40, F0, 38, F7, ...] .text C:\WINDOWS\system32\taskhostex.exe[3200] C:\WINDOWS\system32\ADVAPI32.dll!CreateServiceW 00007fff29daddc0 12 bytes [48, B8, 06, 41, F0, 38, F7, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3936] C:\WINDOWS\system32\KERNEL32.DLL!CreateToolhelp32Snapshot 00007fff284edb10 12 bytes [48, B8, 1E, 08, 18, BA, F7, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3936] C:\WINDOWS\system32\KERNEL32.DLL!Process32NextW 00007fff284ee1f0 12 bytes [48, B8, 02, 15, 18, BA, F7, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3936] C:\WINDOWS\system32\KERNEL32.DLL!GetStartupInfoA + 1 00007fff285834b1 11 bytes [B8, 8E, 1F, 18, BA, F7, 7F, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3936] C:\WINDOWS\system32\KERNEL32.DLL!MoveFileExA + 1 00007fff285aaba1 8 bytes [B8, F0, 17, 18, BA, F7, 7F, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3936] C:\WINDOWS\system32\KERNEL32.DLL!MoveFileExA + 10 00007fff285aabaa 2 bytes [50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3936] C:\WINDOWS\system32\KERNEL32.DLL!MoveFileWithProgressA + 1 00007fff285aaca1 11 bytes [B8, 1C, 19, 18, BA, F7, 7F, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3936] C:\WINDOWS\system32\KERNELBASE.dll!CloseHandle 00007fff27a914c0 12 bytes [48, B8, CE, 0C, 18, BA, F7, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3936] C:\WINDOWS\system32\KERNELBASE.dll!FreeLibrary + 1 00007fff27a921d1 11 bytes [B8, D6, 13, 18, BA, F7, 7F, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3936] C:\WINDOWS\system32\KERNELBASE.dll!GetProcAddress 00007fff27a942a0 12 bytes [48, B8, 6C, 14, 18, BA, F7, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3936] C:\WINDOWS\system32\KERNELBASE.dll!CreateMutexW 00007fff27a96750 12 bytes [48, B8, 38, 0C, 18, BA, F7, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3936] C:\WINDOWS\system32\KERNELBASE.dll!OpenThread 00007fff27a96780 12 bytes [48, B8, E0, 09, 18, BA, F7, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3936] C:\WINDOWS\system32\KERNELBASE.dll!OpenMutexW + 1 00007fff27a98931 11 bytes [B8, A2, 0B, 18, BA, F7, 7F, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3936] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW + 1 00007fff27a98c41 11 bytes [B8, 40, 13, 18, BA, F7, 7F, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3936] C:\WINDOWS\system32\KERNELBASE.dll!FindClose + 1 00007fff27a99101 11 bytes [B8, F8, 1E, 18, BA, F7, 7F, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3936] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExA + 1 00007fff27a996b1 11 bytes [B8, AA, 12, 18, BA, F7, 7F, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3936] C:\WINDOWS\system32\KERNELBASE.dll!DeleteFileW + 1 00007fff27a9ab21 11 bytes [B8, 74, 1B, 18, BA, F7, 7F, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3936] C:\WINDOWS\system32\KERNELBASE.dll!FindFirstFileExW 00007fff27a9c390 12 bytes [48, B8, CC, 1D, 18, BA, F7, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3936] C:\WINDOWS\system32\KERNELBASE.dll!FindNextFileW + 1 00007fff27a9f901 11 bytes [B8, 62, 1E, 18, BA, F7, 7F, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3936] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileWithProgressW + 1 00007fff27aa2121 11 bytes [B8, B2, 19, 18, BA, F7, 7F, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3936] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW 00007fff27acfcf0 12 bytes [48, B8, 9A, 04, 18, BA, F7, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3936] C:\WINDOWS\system32\KERNELBASE.dll!DeleteFileA 00007fff27ad10e0 12 bytes [48, B8, 0A, 1C, 18, BA, F7, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3936] C:\WINDOWS\system32\KERNELBASE.dll!WriteProcessMemory + 1 00007fff27aea6c1 11 bytes [B8, 0C, 0B, 18, BA, F7, 7F, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3936] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileExW + 1 00007fff27aedb51 8 bytes [B8, 86, 18, 18, BA, F7, 7F, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3936] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileExW + 10 00007fff27aedb5a 2 bytes [50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3936] C:\WINDOWS\system32\KERNELBASE.dll!DefineDosDeviceW + 1 00007fff27b0a0e1 11 bytes [B8, 5A, 17, 18, BA, F7, 7F, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3936] C:\WINDOWS\system32\KERNELBASE.dll!CreateThread 00007fff27b0a4f0 12 bytes [48, B8, 76, 0A, 18, BA, F7, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3936] C:\WINDOWS\system32\KERNELBASE.dll!ReadConsoleInputA + 1 00007fff27b5fae1 11 bytes [B8, FA, 0D, 18, BA, F7, 7F, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3936] C:\WINDOWS\system32\KERNELBASE.dll!ReadConsoleInputW + 1 00007fff27b5fb61 11 bytes [B8, 90, 0E, 18, BA, F7, 7F, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3936] C:\WINDOWS\system32\KERNELBASE.dll!ReadConsoleA 00007fff27b60610 12 bytes [48, B8, 26, 0F, 18, BA, F7, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3936] C:\WINDOWS\system32\KERNELBASE.dll!ReadConsoleW 00007fff27b60840 12 bytes [48, B8, BC, 0F, 18, BA, F7, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3936] C:\WINDOWS\system32\KERNELBASE.dll!CreateRemoteThread 00007fff27b70f50 12 bytes [48, B8, AC, 01, 18, BA, F7, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3936] C:\WINDOWS\system32\USER32.dll!ShowWindow 00007fff2a6011b0 12 bytes [48, B8, C0, 38, 18, BA, F7, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3936] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx 00007fff2a601210 12 bytes [48, B8, FE, 36, 18, BA, F7, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3936] C:\WINDOWS\system32\USER32.dll!GetMessageW 00007fff2a602660 12 bytes [48, B8, A6, 34, 18, BA, F7, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3936] C:\WINDOWS\system32\USER32.dll!PeekMessageW + 1 00007fff2a602981 11 bytes [B8, D2, 35, 18, BA, F7, 7F, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3936] C:\WINDOWS\system32\USER32.dll!GetWindowLongPtrW + 1 00007fff2a602b31 11 bytes [B8, C8, 3F, 18, BA, F7, 7F, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3936] C:\WINDOWS\system32\USER32.dll!CallNextHookEx 00007fff2a602ee0 12 bytes [48, B8, 68, 36, 18, BA, F7, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3936] C:\WINDOWS\system32\USER32.dll!GetWindowLongPtrA + 1 00007fff2a6043f1 11 bytes [B8, 32, 3F, 18, BA, F7, 7F, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3936] C:\WINDOWS\system32\USER32.dll!GetMessageA + 1 00007fff2a606181 11 bytes [B8, 10, 34, 18, BA, F7, 7F, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3936] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW + 1 00007fff2a606381 7 bytes [B8, E4, 32, 18, BA, F7, 7F] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3936] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW + 9 00007fff2a606389 3 bytes [00, 50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3936] C:\WINDOWS\system32\USER32.dll!CreateWindowExW 00007fff2a606d80 8 bytes [48, B8, 94, 37, 18, BA, F7, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3936] C:\WINDOWS\system32\USER32.dll!CreateWindowExW + 10 00007fff2a606d8a 2 bytes [50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3936] C:\WINDOWS\system32\USER32.dll!GetWindowLongA 00007fff2a609970 12 bytes [48, B8, 5E, 40, 18, BA, F7, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3936] C:\WINDOWS\system32\USER32.dll!CreateWindowExA 00007fff2a60ab20 8 bytes [48, B8, 2A, 38, 18, BA, F7, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3936] C:\WINDOWS\system32\USER32.dll!CreateWindowExA + 10 00007fff2a60ab2a 2 bytes [50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3936] C:\WINDOWS\system32\USER32.dll!GetWindowLongW + 1 00007fff2a60b041 11 bytes [B8, F4, 40, 18, BA, F7, 7F, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3936] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW + 1 00007fff2a60b7e1 11 bytes [B8, 20, 44, 18, BA, F7, 7F, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3936] C:\WINDOWS\system32\USER32.dll!SetWindowTextW + 1 00007fff2a60dc61 11 bytes [B8, 44, 3C, 18, BA, F7, 7F, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3936] C:\WINDOWS\system32\USER32.dll!PeekMessageA + 1 00007fff2a60e971 11 bytes [B8, 3C, 35, 18, BA, F7, 7F, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3936] C:\WINDOWS\system32\USER32.dll!UserClientDllInitialize + 1 00007fff2a60ecf1 11 bytes [B8, A8, 23, 18, BA, F7, 7F, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3936] C:\WINDOWS\system32\USER32.dll!SetWinEventHook 00007fff2a615220 12 bytes [48, B8, 7A, 33, 18, BA, F7, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3936] C:\WINDOWS\system32\USER32.dll!FindWindowW + 1 00007fff2a619a71 7 bytes [B8, 06, 3E, 18, BA, F7, 7F] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3936] C:\WINDOWS\system32\USER32.dll!FindWindowW + 9 00007fff2a619a79 3 bytes [00, 50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3936] C:\WINDOWS\system32\USER32.dll!FindWindowExW + 1 00007fff2a61b6d1 11 bytes [B8, 9C, 3E, 18, BA, F7, 7F, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3936] C:\WINDOWS\system32\USER32.dll!FindWindowExA + 1 00007fff2a61bc01 7 bytes [B8, 70, 3D, 18, BA, F7, 7F] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3936] C:\WINDOWS\system32\USER32.dll!FindWindowExA + 9 00007fff2a61bc09 3 bytes [00, 50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3936] C:\WINDOWS\system32\USER32.dll!CreateDialogIndirectParamAorW + 1 00007fff2a61f8a1 11 bytes [B8, 56, 39, 18, BA, F7, 7F, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3936] C:\WINDOWS\system32\USER32.dll!DialogBoxIndirectParamAorW + 1 00007fff2a637751 11 bytes [B8, EC, 39, 18, BA, F7, 7F, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3936] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageA + 1 00007fff2a63c5d1 11 bytes [B8, 8A, 43, 18, BA, F7, 7F, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3936] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA + 1 00007fff2a660ec1 8 bytes [B8, 4E, 32, 18, BA, F7, 7F, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3936] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA + 10 00007fff2a660eca 2 bytes [50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3936] C:\WINDOWS\system32\USER32.dll!MessageBoxExA + 1 00007fff2a687d91 11 bytes [B8, 82, 3A, 18, BA, F7, 7F, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3936] C:\WINDOWS\system32\USER32.dll!MessageBoxExW + 1 00007fff2a687dc1 11 bytes [B8, 18, 3B, 18, BA, F7, 7F, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3936] C:\WINDOWS\system32\USER32.dll!SetWindowTextA + 1 00007fff2a6910b1 11 bytes [B8, AE, 3B, 18, BA, F7, 7F, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3936] C:\WINDOWS\system32\USER32.dll!FindWindowA + 1 00007fff2a691501 11 bytes [B8, DA, 3C, 18, BA, F7, 7F, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3936] C:\WINDOWS\system32\GDI32.dll!GdiDllInitialize + 465 00007fff29b446a1 11 bytes [B8, 3E, 24, 18, BA, F7, 7F, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3936] C:\WINDOWS\system32\GDI32.dll!NamedEscape + 1 00007fff29c13241 11 bytes [B8, B6, 45, 18, BA, F7, 7F, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3936] C:\WINDOWS\system32\ADVAPI32.dll!CryptExportKey + 161 00007fff29d52141 11 bytes [B8, 9E, 2D, 18, BA, F7, 7F, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3936] C:\WINDOWS\system32\ADVAPI32.dll!EnableTrace + 65 00007fff29d5b931 11 bytes [B8, 08, 2D, 18, BA, F7, 7F, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3936] C:\WINDOWS\system32\ADVAPI32.dll!RegisterServiceCtrlHandlerExA + 769 00007fff29da2671 11 bytes [B8, 8C, 30, 18, BA, F7, 7F, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3936] C:\WINDOWS\system32\ADVAPI32.dll!RegisterServiceCtrlHandlerExA + 801 00007fff29da2691 11 bytes [B8, F6, 2F, 18, BA, F7, 7F, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3936] C:\WINDOWS\system32\ADVAPI32.dll!CreateServiceA 00007fff29dadd30 2 bytes [48, B8] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3936] C:\WINDOWS\system32\ADVAPI32.dll!CreateServiceA + 3 00007fff29dadd33 9 bytes [2B, 18, BA, F7, 7F, 00, 00, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3936] C:\WINDOWS\system32\ADVAPI32.dll!CreateServiceW 00007fff29daddc0 12 bytes [48, B8, 72, 2C, 18, BA, F7, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3936] C:\WINDOWS\system32\SHELL32.dll!Shell_NotifyIconW + 1 00007fff286b6591 3 bytes [B8, 4C, 46] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3936] C:\WINDOWS\system32\SHELL32.dll!Shell_NotifyIconW + 5 00007fff286b6595 7 bytes [BA, F7, 7F, 00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3936] C:\WINDOWS\SYSTEM32\sechost.dll!CloseServiceHandle + 1 00007fff29e047a1 11 bytes [B8, 46, 2B, 18, BA, F7, 7F, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3936] C:\WINDOWS\SYSTEM32\sechost.dll!OpenServiceW 00007fff29e04d10 12 bytes [48, B8, 2C, 27, 18, BA, F7, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3936] C:\WINDOWS\SYSTEM32\sechost.dll!OpenServiceA 00007fff29e0a830 12 bytes [48, B8, 96, 26, 18, BA, F7, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3936] C:\WINDOWS\SYSTEM32\sechost.dll!ControlService + 1 00007fff29e0ae11 11 bytes [B8, EE, 28, 18, BA, F7, 7F, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3936] C:\WINDOWS\SYSTEM32\sechost.dll!ControlServiceExW + 1 00007fff29e0ed61 11 bytes [B8, 58, 28, 18, BA, F7, 7F, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3936] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW + 1 00007fff29e24021 11 bytes [B8, B0, 2A, 18, BA, F7, 7F, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3936] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService + 1 00007fff29e2a1a1 11 bytes [B8, 84, 29, 18, BA, F7, 7F, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3936] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA + 1 00007fff29e2de41 11 bytes [B8, 1A, 2A, 18, BA, F7, 7F, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3936] C:\WINDOWS\SYSTEM32\sechost.dll!ControlServiceExA + 1 00007fff29e3ddf1 11 bytes [B8, C2, 27, 18, BA, F7, 7F, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3936] C:\WINDOWS\system32\WS2_32.dll!closesocket 00007fff28212210 12 bytes [48, B8, FC, 4A, 18, BA, F7, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3936] C:\WINDOWS\system32\WS2_32.dll!WSASocketW 00007fff28212600 12 bytes [48, B8, 66, 4A, 18, BA, F7, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3936] C:\WINDOWS\system32\WS2_32.dll!socket + 1 00007fff28212971 11 bytes [B8, 28, 4C, 18, BA, F7, 7F, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3936] C:\WINDOWS\system32\WS2_32.dll!GetAddrInfoW 00007fff28213400 12 bytes [48, B8, 0E, 48, 18, BA, F7, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3936] C:\WINDOWS\system32\WS2_32.dll!GetAddrInfoExW 00007fff28219e10 12 bytes [48, B8, A4, 48, 18, BA, F7, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3936] C:\WINDOWS\system32\WS2_32.dll!recv + 1 00007fff2821f6c1 11 bytes [B8, 54, 4D, 18, BA, F7, 7F, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3936] C:\WINDOWS\system32\WS2_32.dll!WSASend + 1 00007fff2821fa21 3 bytes [B8, 92, 4B] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3936] C:\WINDOWS\system32\WS2_32.dll!WSASend + 5 00007fff2821fa25 7 bytes [BA, F7, 7F, 00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3936] C:\WINDOWS\system32\WS2_32.dll!WSARecv + 1 00007fff2821fc01 3 bytes [B8, EA, 4D] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3936] C:\WINDOWS\system32\WS2_32.dll!WSARecv + 5 00007fff2821fc05 7 bytes [BA, F7, 7F, 00, 00, 50, C3] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3936] C:\WINDOWS\system32\WS2_32.dll!connect 00007fff282201d0 12 bytes [48, B8, 78, 47, 18, BA, F7, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3936] C:\WINDOWS\system32\WS2_32.dll!send + 1 00007fff28223d31 11 bytes [B8, D0, 49, 18, BA, F7, 7F, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3936] C:\WINDOWS\system32\WS2_32.dll!WSAConnect + 1 00007fff282269a1 11 bytes [B8, BE, 4C, 18, BA, F7, 7F, ...] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3936] C:\WINDOWS\system32\WS2_32.dll!gethostbyname + 1 00007fff282355c1 11 bytes [B8, 3A, 49, 18, BA, F7, 7F, ...] .text C:\WINDOWS\system32\igfxHK.exe[4276] C:\WINDOWS\system32\KERNEL32.DLL!CreateToolhelp32Snapshot 00007fff284edb10 12 bytes [48, B8, 1E, 08, 54, 80, F7, ...] .text C:\WINDOWS\system32\igfxHK.exe[4276] C:\WINDOWS\system32\KERNEL32.DLL!Process32NextW 00007fff284ee1f0 12 bytes [48, B8, 02, 15, 54, 80, F7, ...] .text C:\WINDOWS\system32\igfxHK.exe[4276] C:\WINDOWS\system32\KERNEL32.DLL!GetStartupInfoA + 1 00007fff285834b1 11 bytes [B8, 8E, 1F, 54, 80, F7, 7F, ...] .text C:\WINDOWS\system32\igfxHK.exe[4276] C:\WINDOWS\system32\KERNEL32.DLL!MoveFileExA + 1 00007fff285aaba1 8 bytes [B8, F0, 17, 54, 80, F7, 7F, ...] .text C:\WINDOWS\system32\igfxHK.exe[4276] C:\WINDOWS\system32\KERNEL32.DLL!MoveFileExA + 10 00007fff285aabaa 2 bytes [50, C3] .text C:\WINDOWS\system32\igfxHK.exe[4276] C:\WINDOWS\system32\KERNEL32.DLL!MoveFileWithProgressA + 1 00007fff285aaca1 11 bytes [B8, 1C, 19, 54, 80, F7, 7F, ...] .text C:\WINDOWS\system32\igfxHK.exe[4276] C:\WINDOWS\system32\KERNELBASE.dll!CloseHandle 00007fff27a914c0 12 bytes [48, B8, CE, 0C, 54, 80, F7, ...] .text C:\WINDOWS\system32\igfxHK.exe[4276] C:\WINDOWS\system32\KERNELBASE.dll!FreeLibrary + 1 00007fff27a921d1 11 bytes [B8, D6, 13, 54, 80, F7, 7F, ...] .text C:\WINDOWS\system32\igfxHK.exe[4276] C:\WINDOWS\system32\KERNELBASE.dll!GetProcAddress 00007fff27a942a0 12 bytes [48, B8, 6C, 14, 54, 80, F7, ...] .text C:\WINDOWS\system32\igfxHK.exe[4276] C:\WINDOWS\system32\KERNELBASE.dll!CreateMutexW 00007fff27a96750 12 bytes [48, B8, 38, 0C, 54, 80, F7, ...] .text C:\WINDOWS\system32\igfxHK.exe[4276] C:\WINDOWS\system32\KERNELBASE.dll!OpenThread 00007fff27a96780 12 bytes [48, B8, E0, 09, 54, 80, F7, ...] .text C:\WINDOWS\system32\igfxHK.exe[4276] C:\WINDOWS\system32\KERNELBASE.dll!OpenMutexW + 1 00007fff27a98931 11 bytes [B8, A2, 0B, 54, 80, F7, 7F, ...] .text C:\WINDOWS\system32\igfxHK.exe[4276] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW + 1 00007fff27a98c41 11 bytes [B8, 40, 13, 54, 80, F7, 7F, ...] .text C:\WINDOWS\system32\igfxHK.exe[4276] C:\WINDOWS\system32\KERNELBASE.dll!FindClose + 1 00007fff27a99101 11 bytes [B8, F8, 1E, 54, 80, F7, 7F, ...] .text C:\WINDOWS\system32\igfxHK.exe[4276] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExA + 1 00007fff27a996b1 11 bytes [B8, AA, 12, 54, 80, F7, 7F, ...] .text C:\WINDOWS\system32\igfxHK.exe[4276] C:\WINDOWS\system32\KERNELBASE.dll!DeleteFileW + 1 00007fff27a9ab21 11 bytes [B8, 74, 1B, 54, 80, F7, 7F, ...] .text C:\WINDOWS\system32\igfxHK.exe[4276] C:\WINDOWS\system32\KERNELBASE.dll!FindFirstFileExW 00007fff27a9c390 12 bytes [48, B8, CC, 1D, 54, 80, F7, ...] .text C:\WINDOWS\system32\igfxHK.exe[4276] C:\WINDOWS\system32\KERNELBASE.dll!FindNextFileW + 1 00007fff27a9f901 11 bytes [B8, 62, 1E, 54, 80, F7, 7F, ...] .text C:\WINDOWS\system32\igfxHK.exe[4276] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileWithProgressW + 1 00007fff27aa2121 11 bytes [B8, B2, 19, 54, 80, F7, 7F, ...] .text C:\WINDOWS\system32\igfxHK.exe[4276] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW 00007fff27acfcf0 12 bytes [48, B8, 9A, 04, 54, 80, F7, ...] .text C:\WINDOWS\system32\igfxHK.exe[4276] C:\WINDOWS\system32\KERNELBASE.dll!DeleteFileA 00007fff27ad10e0 12 bytes [48, B8, 0A, 1C, 54, 80, F7, ...] .text C:\WINDOWS\system32\igfxHK.exe[4276] C:\WINDOWS\system32\KERNELBASE.dll!WriteProcessMemory + 1 00007fff27aea6c1 11 bytes [B8, 0C, 0B, 54, 80, F7, 7F, ...] .text C:\WINDOWS\system32\igfxHK.exe[4276] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileExW + 1 00007fff27aedb51 8 bytes [B8, 86, 18, 54, 80, F7, 7F, ...] .text C:\WINDOWS\system32\igfxHK.exe[4276] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileExW + 10 00007fff27aedb5a 2 bytes [50, C3] .text C:\WINDOWS\system32\igfxHK.exe[4276] C:\WINDOWS\system32\KERNELBASE.dll!DefineDosDeviceW + 1 00007fff27b0a0e1 11 bytes [B8, 5A, 17, 54, 80, F7, 7F, ...] .text C:\WINDOWS\system32\igfxHK.exe[4276] C:\WINDOWS\system32\KERNELBASE.dll!CreateThread 00007fff27b0a4f0 12 bytes [48, B8, 76, 0A, 54, 80, F7, ...] .text C:\WINDOWS\system32\igfxHK.exe[4276] C:\WINDOWS\system32\KERNELBASE.dll!ReadConsoleInputA + 1 00007fff27b5fae1 11 bytes [B8, FA, 0D, 54, 80, F7, 7F, ...] .text C:\WINDOWS\system32\igfxHK.exe[4276] C:\WINDOWS\system32\KERNELBASE.dll!ReadConsoleInputW + 1 00007fff27b5fb61 11 bytes [B8, 90, 0E, 54, 80, F7, 7F, ...] .text C:\WINDOWS\system32\igfxHK.exe[4276] C:\WINDOWS\system32\KERNELBASE.dll!ReadConsoleA 00007fff27b60610 12 bytes [48, B8, 26, 0F, 54, 80, F7, ...] .text C:\WINDOWS\system32\igfxHK.exe[4276] C:\WINDOWS\system32\KERNELBASE.dll!ReadConsoleW 00007fff27b60840 12 bytes [48, B8, BC, 0F, 54, 80, F7, ...] .text C:\WINDOWS\system32\igfxHK.exe[4276] C:\WINDOWS\system32\KERNELBASE.dll!CreateRemoteThread 00007fff27b70f50 12 bytes [48, B8, AC, 01, 54, 80, F7, ...] .text C:\WINDOWS\system32\igfxHK.exe[4276] C:\WINDOWS\system32\USER32.dll!ShowWindow 00007fff2a6011b0 12 bytes [48, B8, 08, 2E, 54, 80, F7, ...] .text C:\WINDOWS\system32\igfxHK.exe[4276] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx 00007fff2a601210 12 bytes [48, B8, 46, 2C, 54, 80, F7, ...] .text C:\WINDOWS\system32\igfxHK.exe[4276] C:\WINDOWS\system32\USER32.dll!GetMessageW 00007fff2a602660 12 bytes [48, B8, EE, 29, 54, 80, F7, ...] .text C:\WINDOWS\system32\igfxHK.exe[4276] C:\WINDOWS\system32\USER32.dll!PeekMessageW + 1 00007fff2a602981 11 bytes [B8, 1A, 2B, 54, 80, F7, 7F, ...] .text C:\WINDOWS\system32\igfxHK.exe[4276] C:\WINDOWS\system32\USER32.dll!GetWindowLongPtrW + 1 00007fff2a602b31 11 bytes [B8, 10, 35, 54, 80, F7, 7F, ...] .text C:\WINDOWS\system32\igfxHK.exe[4276] C:\WINDOWS\system32\USER32.dll!CallNextHookEx 00007fff2a602ee0 12 bytes [48, B8, B0, 2B, 54, 80, F7, ...] .text C:\WINDOWS\system32\igfxHK.exe[4276] C:\WINDOWS\system32\USER32.dll!GetWindowLongPtrA + 1 00007fff2a6043f1 11 bytes [B8, 7A, 34, 54, 80, F7, 7F, ...] .text C:\WINDOWS\system32\igfxHK.exe[4276] C:\WINDOWS\system32\USER32.dll!GetMessageA + 1 00007fff2a606181 11 bytes [B8, 58, 29, 54, 80, F7, 7F, ...] .text C:\WINDOWS\system32\igfxHK.exe[4276] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW + 1 00007fff2a606381 7 bytes [B8, 2C, 28, 54, 80, F7, 7F] .text C:\WINDOWS\system32\igfxHK.exe[4276] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW + 9 00007fff2a606389 3 bytes [00, 50, C3] .text C:\WINDOWS\system32\igfxHK.exe[4276] C:\WINDOWS\system32\USER32.dll!CreateWindowExW 00007fff2a606d80 2 bytes [48, B8] .text C:\WINDOWS\system32\igfxHK.exe[4276] C:\WINDOWS\system32\USER32.dll!CreateWindowExW + 3 00007fff2a606d83 5 bytes [2C, 54, 80, F7, 7F] .text ... * 2 .text C:\WINDOWS\system32\igfxHK.exe[4276] C:\WINDOWS\system32\USER32.dll!GetWindowLongA 00007fff2a609970 12 bytes [48, B8, A6, 35, 54, 80, F7, ...] .text C:\WINDOWS\system32\igfxHK.exe[4276] C:\WINDOWS\system32\USER32.dll!CreateWindowExA 00007fff2a60ab20 8 bytes [48, B8, 72, 2D, 54, 80, F7, ...] .text C:\WINDOWS\system32\igfxHK.exe[4276] C:\WINDOWS\system32\USER32.dll!CreateWindowExA + 10 00007fff2a60ab2a 2 bytes [50, C3] .text C:\WINDOWS\system32\igfxHK.exe[4276] C:\WINDOWS\system32\USER32.dll!GetWindowLongW + 1 00007fff2a60b041 11 bytes [B8, 3C, 36, 54, 80, F7, 7F, ...] .text C:\WINDOWS\system32\igfxHK.exe[4276] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW + 1 00007fff2a60b7e1 11 bytes [B8, 68, 39, 54, 80, F7, 7F, ...] .text C:\WINDOWS\system32\igfxHK.exe[4276] C:\WINDOWS\system32\USER32.dll!SetWindowTextW + 1 00007fff2a60dc61 11 bytes [B8, 8C, 31, 54, 80, F7, 7F, ...] .text C:\WINDOWS\system32\igfxHK.exe[4276] C:\WINDOWS\system32\USER32.dll!PeekMessageA + 1 00007fff2a60e971 11 bytes [B8, 84, 2A, 54, 80, F7, 7F, ...] .text C:\WINDOWS\system32\igfxHK.exe[4276] C:\WINDOWS\system32\USER32.dll!UserClientDllInitialize + 1 00007fff2a60ecf1 11 bytes [B8, A8, 23, 54, 80, F7, 7F, ...] .text C:\WINDOWS\system32\igfxHK.exe[4276] C:\WINDOWS\system32\USER32.dll!SetWinEventHook 00007fff2a615220 12 bytes [48, B8, C2, 28, 54, 80, F7, ...] .text C:\WINDOWS\system32\igfxHK.exe[4276] C:\WINDOWS\system32\USER32.dll!FindWindowW + 1 00007fff2a619a71 7 bytes [B8, 4E, 33, 54, 80, F7, 7F] .text C:\WINDOWS\system32\igfxHK.exe[4276] C:\WINDOWS\system32\USER32.dll!FindWindowW + 9 00007fff2a619a79 3 bytes [00, 50, C3] .text C:\WINDOWS\system32\igfxHK.exe[4276] C:\WINDOWS\system32\USER32.dll!FindWindowExW + 1 00007fff2a61b6d1 11 bytes [B8, E4, 33, 54, 80, F7, 7F, ...] .text C:\WINDOWS\system32\igfxHK.exe[4276] C:\WINDOWS\system32\USER32.dll!FindWindowExA + 1 00007fff2a61bc01 7 bytes [B8, B8, 32, 54, 80, F7, 7F] .text C:\WINDOWS\system32\igfxHK.exe[4276] C:\WINDOWS\system32\USER32.dll!FindWindowExA + 9 00007fff2a61bc09 3 bytes [00, 50, C3] .text C:\WINDOWS\system32\igfxHK.exe[4276] C:\WINDOWS\system32\USER32.dll!CreateDialogIndirectParamAorW + 1 00007fff2a61f8a1 11 bytes [B8, 9E, 2E, 54, 80, F7, 7F, ...] .text C:\WINDOWS\system32\igfxHK.exe[4276] C:\WINDOWS\system32\USER32.dll!DialogBoxIndirectParamAorW + 1 00007fff2a637751 11 bytes [B8, 34, 2F, 54, 80, F7, 7F, ...] .text C:\WINDOWS\system32\igfxHK.exe[4276] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageA + 1 00007fff2a63c5d1 11 bytes [B8, D2, 38, 54, 80, F7, 7F, ...] .text C:\WINDOWS\system32\igfxHK.exe[4276] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA + 1 00007fff2a660ec1 8 bytes [B8, 96, 27, 54, 80, F7, 7F, ...] .text C:\WINDOWS\system32\igfxHK.exe[4276] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA + 10 00007fff2a660eca 2 bytes [50, C3] .text C:\WINDOWS\system32\igfxHK.exe[4276] C:\WINDOWS\system32\USER32.dll!MessageBoxExA + 1 00007fff2a687d91 11 bytes [B8, CA, 2F, 54, 80, F7, 7F, ...] .text C:\WINDOWS\system32\igfxHK.exe[4276] C:\WINDOWS\system32\USER32.dll!MessageBoxExW + 1 00007fff2a687dc1 11 bytes [B8, 60, 30, 54, 80, F7, 7F, ...] .text C:\WINDOWS\system32\igfxHK.exe[4276] C:\WINDOWS\system32\USER32.dll!SetWindowTextA + 1 00007fff2a6910b1 11 bytes [B8, F6, 30, 54, 80, F7, 7F, ...] .text C:\WINDOWS\system32\igfxHK.exe[4276] C:\WINDOWS\system32\USER32.dll!FindWindowA + 1 00007fff2a691501 11 bytes [B8, 22, 32, 54, 80, F7, 7F, ...] .text C:\WINDOWS\system32\igfxHK.exe[4276] C:\WINDOWS\system32\ADVAPI32.dll!CryptExportKey + 161 00007fff29d52141 11 bytes [B8, 06, 41, 54, 80, F7, 7F, ...] .text C:\WINDOWS\system32\igfxHK.exe[4276] C:\WINDOWS\system32\ADVAPI32.dll!EnableTrace + 65 00007fff29d5b931 11 bytes [B8, 70, 40, 54, 80, F7, 7F, ...] .text C:\WINDOWS\system32\igfxHK.exe[4276] C:\WINDOWS\system32\ADVAPI32.dll!RegisterServiceCtrlHandlerExA + 769 00007fff29da2671 11 bytes [B8, F4, 43, 54, 80, F7, 7F, ...] .text C:\WINDOWS\system32\igfxHK.exe[4276] C:\WINDOWS\system32\ADVAPI32.dll!RegisterServiceCtrlHandlerExA + 801 00007fff29da2691 11 bytes [B8, 5E, 43, 54, 80, F7, 7F, ...] .text C:\WINDOWS\system32\igfxHK.exe[4276] C:\WINDOWS\system32\ADVAPI32.dll!CreateServiceA 00007fff29dadd30 12 bytes [48, B8, 44, 3F, 54, 80, F7, ...] .text C:\WINDOWS\system32\igfxHK.exe[4276] C:\WINDOWS\system32\ADVAPI32.dll!CreateServiceW 00007fff29daddc0 12 bytes [48, B8, DA, 3F, 54, 80, F7, ...] .text C:\WINDOWS\system32\igfxHK.exe[4276] C:\WINDOWS\system32\GDI32.dll!GdiDllInitialize + 465 00007fff29b446a1 11 bytes [B8, D4, 24, 54, 80, F7, 7F, ...] .text C:\WINDOWS\system32\igfxHK.exe[4276] C:\WINDOWS\system32\GDI32.dll!NamedEscape + 1 00007fff29c13241 11 bytes [B8, 00, 27, 54, 80, F7, 7F, ...] .text C:\WINDOWS\system32\igfxHK.exe[4276] C:\WINDOWS\SYSTEM32\sechost.dll!CloseServiceHandle + 1 00007fff29e047a1 11 bytes [B8, AE, 3E, 54, 80, F7, 7F, ...] .text C:\WINDOWS\system32\igfxHK.exe[4276] C:\WINDOWS\SYSTEM32\sechost.dll!OpenServiceW 00007fff29e04d10 12 bytes [48, B8, 94, 3A, 54, 80, F7, ...] .text C:\WINDOWS\system32\igfxHK.exe[4276] C:\WINDOWS\SYSTEM32\sechost.dll!OpenServiceA 00007fff29e0a830 12 bytes [48, B8, FE, 39, 54, 80, F7, ...] .text C:\WINDOWS\system32\igfxHK.exe[4276] C:\WINDOWS\SYSTEM32\sechost.dll!ControlService + 1 00007fff29e0ae11 11 bytes [B8, 56, 3C, 54, 80, F7, 7F, ...] .text C:\WINDOWS\system32\igfxHK.exe[4276] C:\WINDOWS\SYSTEM32\sechost.dll!ControlServiceExW + 1 00007fff29e0ed61 11 bytes [B8, C0, 3B, 54, 80, F7, 7F, ...] .text C:\WINDOWS\system32\igfxHK.exe[4276] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW + 1 00007fff29e24021 11 bytes [B8, 18, 3E, 54, 80, F7, 7F, ...] .text C:\WINDOWS\system32\igfxHK.exe[4276] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService + 1 00007fff29e2a1a1 1 byte [B8] .text C:\WINDOWS\system32\igfxHK.exe[4276] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService + 3 00007fff29e2a1a3 9 bytes [3C, 54, 80, F7, 7F, 00, 00, ...] .text C:\WINDOWS\system32\igfxHK.exe[4276] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA + 1 00007fff29e2de41 11 bytes [B8, 82, 3D, 54, 80, F7, 7F, ...] .text C:\WINDOWS\system32\igfxHK.exe[4276] C:\WINDOWS\SYSTEM32\sechost.dll!ControlServiceExA + 1 00007fff29e3ddf1 11 bytes [B8, 2A, 3B, 54, 80, F7, 7F, ...] .text C:\WINDOWS\system32\igfxTray.exe[4284] C:\WINDOWS\system32\KERNEL32.DLL!CreateToolhelp32Snapshot 00007fff284edb10 12 bytes [48, B8, 1E, 08, FB, 7C, F7, ...] .text C:\WINDOWS\system32\igfxTray.exe[4284] C:\WINDOWS\system32\KERNEL32.DLL!Process32NextW 00007fff284ee1f0 12 bytes [48, B8, 02, 15, FB, 7C, F7, ...] .text C:\WINDOWS\system32\igfxTray.exe[4284] C:\WINDOWS\system32\KERNEL32.DLL!GetStartupInfoA + 1 00007fff285834b1 11 bytes [B8, 8E, 1F, FB, 7C, F7, 7F, ...] .text C:\WINDOWS\system32\igfxTray.exe[4284] C:\WINDOWS\system32\KERNEL32.DLL!MoveFileExA + 1 00007fff285aaba1 8 bytes [B8, F0, 17, FB, 7C, F7, 7F, ...] .text C:\WINDOWS\system32\igfxTray.exe[4284] C:\WINDOWS\system32\KERNEL32.DLL!MoveFileExA + 10 00007fff285aabaa 2 bytes [50, C3] .text C:\WINDOWS\system32\igfxTray.exe[4284] C:\WINDOWS\system32\KERNEL32.DLL!MoveFileWithProgressA + 1 00007fff285aaca1 11 bytes [B8, 1C, 19, FB, 7C, F7, 7F, ...] .text C:\WINDOWS\system32\igfxTray.exe[4284] C:\WINDOWS\system32\KERNELBASE.dll!CloseHandle 00007fff27a914c0 12 bytes [48, B8, CE, 0C, FB, 7C, F7, ...] .text C:\WINDOWS\system32\igfxTray.exe[4284] C:\WINDOWS\system32\KERNELBASE.dll!FreeLibrary + 1 00007fff27a921d1 11 bytes [B8, D6, 13, FB, 7C, F7, 7F, ...] .text C:\WINDOWS\system32\igfxTray.exe[4284] C:\WINDOWS\system32\KERNELBASE.dll!GetProcAddress 00007fff27a942a0 12 bytes [48, B8, 6C, 14, FB, 7C, F7, ...] .text C:\WINDOWS\system32\igfxTray.exe[4284] C:\WINDOWS\system32\KERNELBASE.dll!CreateMutexW 00007fff27a96750 12 bytes [48, B8, 38, 0C, FB, 7C, F7, ...] .text C:\WINDOWS\system32\igfxTray.exe[4284] C:\WINDOWS\system32\KERNELBASE.dll!OpenThread 00007fff27a96780 12 bytes [48, B8, E0, 09, FB, 7C, F7, ...] .text C:\WINDOWS\system32\igfxTray.exe[4284] C:\WINDOWS\system32\KERNELBASE.dll!OpenMutexW + 1 00007fff27a98931 11 bytes [B8, A2, 0B, FB, 7C, F7, 7F, ...] .text C:\WINDOWS\system32\igfxTray.exe[4284] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW + 1 00007fff27a98c41 11 bytes [B8, 40, 13, FB, 7C, F7, 7F, ...] .text C:\WINDOWS\system32\igfxTray.exe[4284] C:\WINDOWS\system32\KERNELBASE.dll!FindClose + 1 00007fff27a99101 11 bytes [B8, F8, 1E, FB, 7C, F7, 7F, ...] .text C:\WINDOWS\system32\igfxTray.exe[4284] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExA + 1 00007fff27a996b1 11 bytes [B8, AA, 12, FB, 7C, F7, 7F, ...] .text C:\WINDOWS\system32\igfxTray.exe[4284] C:\WINDOWS\system32\KERNELBASE.dll!DeleteFileW + 1 00007fff27a9ab21 11 bytes [B8, 74, 1B, FB, 7C, F7, 7F, ...] .text C:\WINDOWS\system32\igfxTray.exe[4284] C:\WINDOWS\system32\KERNELBASE.dll!FindFirstFileExW 00007fff27a9c390 12 bytes [48, B8, CC, 1D, FB, 7C, F7, ...] .text C:\WINDOWS\system32\igfxTray.exe[4284] C:\WINDOWS\system32\KERNELBASE.dll!FindNextFileW + 1 00007fff27a9f901 11 bytes [B8, 62, 1E, FB, 7C, F7, 7F, ...] .text C:\WINDOWS\system32\igfxTray.exe[4284] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileWithProgressW + 1 00007fff27aa2121 11 bytes [B8, B2, 19, FB, 7C, F7, 7F, ...] .text C:\WINDOWS\system32\igfxTray.exe[4284] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW 00007fff27acfcf0 12 bytes [48, B8, 9A, 04, FB, 7C, F7, ...] .text C:\WINDOWS\system32\igfxTray.exe[4284] C:\WINDOWS\system32\KERNELBASE.dll!DeleteFileA 00007fff27ad10e0 12 bytes [48, B8, 0A, 1C, FB, 7C, F7, ...] .text C:\WINDOWS\system32\igfxTray.exe[4284] C:\WINDOWS\system32\KERNELBASE.dll!WriteProcessMemory + 1 00007fff27aea6c1 11 bytes [B8, 0C, 0B, FB, 7C, F7, 7F, ...] .text C:\WINDOWS\system32\igfxTray.exe[4284] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileExW + 1 00007fff27aedb51 8 bytes [B8, 86, 18, FB, 7C, F7, 7F, ...] .text C:\WINDOWS\system32\igfxTray.exe[4284] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileExW + 10 00007fff27aedb5a 2 bytes [50, C3] .text C:\WINDOWS\system32\igfxTray.exe[4284] C:\WINDOWS\system32\KERNELBASE.dll!DefineDosDeviceW + 1 00007fff27b0a0e1 11 bytes [B8, 5A, 17, FB, 7C, F7, 7F, ...] .text C:\WINDOWS\system32\igfxTray.exe[4284] C:\WINDOWS\system32\KERNELBASE.dll!CreateThread 00007fff27b0a4f0 12 bytes [48, B8, 76, 0A, FB, 7C, F7, ...] .text C:\WINDOWS\system32\igfxTray.exe[4284] C:\WINDOWS\system32\KERNELBASE.dll!ReadConsoleInputA + 1 00007fff27b5fae1 11 bytes [B8, FA, 0D, FB, 7C, F7, 7F, ...] .text C:\WINDOWS\system32\igfxTray.exe[4284] C:\WINDOWS\system32\KERNELBASE.dll!ReadConsoleInputW + 1 00007fff27b5fb61 11 bytes [B8, 90, 0E, FB, 7C, F7, 7F, ...] .text C:\WINDOWS\system32\igfxTray.exe[4284] C:\WINDOWS\system32\KERNELBASE.dll!ReadConsoleA 00007fff27b60610 12 bytes [48, B8, 26, 0F, FB, 7C, F7, ...] .text C:\WINDOWS\system32\igfxTray.exe[4284] C:\WINDOWS\system32\KERNELBASE.dll!ReadConsoleW 00007fff27b60840 12 bytes [48, B8, BC, 0F, FB, 7C, F7, ...] .text C:\WINDOWS\system32\igfxTray.exe[4284] C:\WINDOWS\system32\KERNELBASE.dll!CreateRemoteThread 00007fff27b70f50 12 bytes [48, B8, AC, 01, FB, 7C, F7, ...] .text C:\WINDOWS\system32\igfxTray.exe[4284] C:\WINDOWS\system32\USER32.dll!ShowWindow 00007fff2a6011b0 12 bytes [48, B8, 9E, 2E, FB, 7C, F7, ...] .text C:\WINDOWS\system32\igfxTray.exe[4284] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx 00007fff2a601210 12 bytes [48, B8, DC, 2C, FB, 7C, F7, ...] .text C:\WINDOWS\system32\igfxTray.exe[4284] C:\WINDOWS\system32\USER32.dll!GetMessageW 00007fff2a602660 12 bytes [48, B8, 84, 2A, FB, 7C, F7, ...] .text C:\WINDOWS\system32\igfxTray.exe[4284] C:\WINDOWS\system32\USER32.dll!PeekMessageW + 1 00007fff2a602981 11 bytes [B8, B0, 2B, FB, 7C, F7, 7F, ...] .text C:\WINDOWS\system32\igfxTray.exe[4284] C:\WINDOWS\system32\USER32.dll!GetWindowLongPtrW + 1 00007fff2a602b31 11 bytes [B8, A6, 35, FB, 7C, F7, 7F, ...] .text C:\WINDOWS\system32\igfxTray.exe[4284] C:\WINDOWS\system32\USER32.dll!CallNextHookEx 00007fff2a602ee0 12 bytes [48, B8, 46, 2C, FB, 7C, F7, ...] .text C:\WINDOWS\system32\igfxTray.exe[4284] C:\WINDOWS\system32\USER32.dll!GetWindowLongPtrA + 1 00007fff2a6043f1 11 bytes [B8, 10, 35, FB, 7C, F7, 7F, ...] .text C:\WINDOWS\system32\igfxTray.exe[4284] C:\WINDOWS\system32\USER32.dll!GetMessageA + 1 00007fff2a606181 11 bytes [B8, EE, 29, FB, 7C, F7, 7F, ...] .text C:\WINDOWS\system32\igfxTray.exe[4284] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW + 1 00007fff2a606381 7 bytes [B8, C2, 28, FB, 7C, F7, 7F] .text C:\WINDOWS\system32\igfxTray.exe[4284] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW + 9 00007fff2a606389 3 bytes [00, 50, C3] .text C:\WINDOWS\system32\igfxTray.exe[4284] C:\WINDOWS\system32\USER32.dll!CreateWindowExW 00007fff2a606d80 8 bytes [48, B8, 72, 2D, FB, 7C, F7, ...] .text C:\WINDOWS\system32\igfxTray.exe[4284] C:\WINDOWS\system32\USER32.dll!CreateWindowExW + 10 00007fff2a606d8a 2 bytes [50, C3] .text C:\WINDOWS\system32\igfxTray.exe[4284] C:\WINDOWS\system32\USER32.dll!GetWindowLongA 00007fff2a609970 12 bytes [48, B8, 3C, 36, FB, 7C, F7, ...] .text C:\WINDOWS\system32\igfxTray.exe[4284] C:\WINDOWS\system32\USER32.dll!CreateWindowExA 00007fff2a60ab20 8 bytes [48, B8, 08, 2E, FB, 7C, F7, ...] .text C:\WINDOWS\system32\igfxTray.exe[4284] C:\WINDOWS\system32\USER32.dll!CreateWindowExA + 10 00007fff2a60ab2a 2 bytes [50, C3] .text C:\WINDOWS\system32\igfxTray.exe[4284] C:\WINDOWS\system32\USER32.dll!GetWindowLongW + 1 00007fff2a60b041 11 bytes [B8, D2, 36, FB, 7C, F7, 7F, ...] .text C:\WINDOWS\system32\igfxTray.exe[4284] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW + 1 00007fff2a60b7e1 11 bytes [B8, FE, 39, FB, 7C, F7, 7F, ...] .text C:\WINDOWS\system32\igfxTray.exe[4284] C:\WINDOWS\system32\USER32.dll!SetWindowTextW + 1 00007fff2a60dc61 11 bytes [B8, 22, 32, FB, 7C, F7, 7F, ...] .text C:\WINDOWS\system32\igfxTray.exe[4284] C:\WINDOWS\system32\USER32.dll!PeekMessageA + 1 00007fff2a60e971 11 bytes [B8, 1A, 2B, FB, 7C, F7, 7F, ...] .text C:\WINDOWS\system32\igfxTray.exe[4284] C:\WINDOWS\system32\USER32.dll!UserClientDllInitialize + 1 00007fff2a60ecf1 11 bytes [B8, A8, 23, FB, 7C, F7, 7F, ...] .text C:\WINDOWS\system32\igfxTray.exe[4284] C:\WINDOWS\system32\USER32.dll!SetWinEventHook 00007fff2a615220 12 bytes [48, B8, 58, 29, FB, 7C, F7, ...] .text C:\WINDOWS\system32\igfxTray.exe[4284] C:\WINDOWS\system32\USER32.dll!FindWindowW + 1 00007fff2a619a71 7 bytes [B8, E4, 33, FB, 7C, F7, 7F] .text C:\WINDOWS\system32\igfxTray.exe[4284] C:\WINDOWS\system32\USER32.dll!FindWindowW + 9 00007fff2a619a79 3 bytes [00, 50, C3] .text C:\WINDOWS\system32\igfxTray.exe[4284] C:\WINDOWS\system32\USER32.dll!FindWindowExW + 1 00007fff2a61b6d1 11 bytes [B8, 7A, 34, FB, 7C, F7, 7F, ...] .text C:\WINDOWS\system32\igfxTray.exe[4284] C:\WINDOWS\system32\USER32.dll!FindWindowExA + 1 00007fff2a61bc01 7 bytes [B8, 4E, 33, FB, 7C, F7, 7F] .text C:\WINDOWS\system32\igfxTray.exe[4284] C:\WINDOWS\system32\USER32.dll!FindWindowExA + 9 00007fff2a61bc09 3 bytes [00, 50, C3] .text C:\WINDOWS\system32\igfxTray.exe[4284] C:\WINDOWS\system32\USER32.dll!CreateDialogIndirectParamAorW + 1 00007fff2a61f8a1 11 bytes [B8, 34, 2F, FB, 7C, F7, 7F, ...] .text C:\WINDOWS\system32\igfxTray.exe[4284] C:\WINDOWS\system32\USER32.dll!DialogBoxIndirectParamAorW + 1 00007fff2a637751 11 bytes [B8, CA, 2F, FB, 7C, F7, 7F, ...] .text C:\WINDOWS\system32\igfxTray.exe[4284] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageA + 1 00007fff2a63c5d1 11 bytes [B8, 68, 39, FB, 7C, F7, 7F, ...] .text C:\WINDOWS\system32\igfxTray.exe[4284] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA + 1 00007fff2a660ec1 8 bytes [B8, 2C, 28, FB, 7C, F7, 7F, ...] .text C:\WINDOWS\system32\igfxTray.exe[4284] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA + 10 00007fff2a660eca 2 bytes [50, C3] .text C:\WINDOWS\system32\igfxTray.exe[4284] C:\WINDOWS\system32\USER32.dll!MessageBoxExA + 1 00007fff2a687d91 11 bytes [B8, 60, 30, FB, 7C, F7, 7F, ...] .text C:\WINDOWS\system32\igfxTray.exe[4284] C:\WINDOWS\system32\USER32.dll!MessageBoxExW + 1 00007fff2a687dc1 11 bytes [B8, F6, 30, FB, 7C, F7, 7F, ...] .text C:\WINDOWS\system32\igfxTray.exe[4284] C:\WINDOWS\system32\USER32.dll!SetWindowTextA + 1 00007fff2a6910b1 11 bytes [B8, 8C, 31, FB, 7C, F7, 7F, ...] .text C:\WINDOWS\system32\igfxTray.exe[4284] C:\WINDOWS\system32\USER32.dll!FindWindowA + 1 00007fff2a691501 11 bytes [B8, B8, 32, FB, 7C, F7, 7F, ...] .text C:\WINDOWS\system32\igfxTray.exe[4284] C:\WINDOWS\system32\ADVAPI32.dll!CryptExportKey + 161 00007fff29d52141 11 bytes [B8, 9C, 41, FB, 7C, F7, 7F, ...] .text C:\WINDOWS\system32\igfxTray.exe[4284] C:\WINDOWS\system32\ADVAPI32.dll!EnableTrace + 65 00007fff29d5b931 11 bytes [B8, 06, 41, FB, 7C, F7, 7F, ...] .text C:\WINDOWS\system32\igfxTray.exe[4284] C:\WINDOWS\system32\ADVAPI32.dll!RegisterServiceCtrlHandlerExA + 769 00007fff29da2671 11 bytes [B8, 8A, 44, FB, 7C, F7, 7F, ...] .text C:\WINDOWS\system32\igfxTray.exe[4284] C:\WINDOWS\system32\ADVAPI32.dll!RegisterServiceCtrlHandlerExA + 801 00007fff29da2691 11 bytes [B8, F4, 43, FB, 7C, F7, 7F, ...] .text C:\WINDOWS\system32\igfxTray.exe[4284] C:\WINDOWS\system32\ADVAPI32.dll!CreateServiceA 00007fff29dadd30 12 bytes [48, B8, DA, 3F, FB, 7C, F7, ...] .text C:\WINDOWS\system32\igfxTray.exe[4284] C:\WINDOWS\system32\ADVAPI32.dll!CreateServiceW 00007fff29daddc0 12 bytes [48, B8, 70, 40, FB, 7C, F7, ...] .text C:\WINDOWS\system32\igfxTray.exe[4284] C:\WINDOWS\system32\SHELL32.dll!Shell_NotifyIconW + 1 00007fff286b6591 11 bytes [B8, 4C, 46, FB, 7C, F7, 7F, ...] .text C:\WINDOWS\system32\igfxTray.exe[4284] C:\WINDOWS\system32\GDI32.dll!GdiDllInitialize + 465 00007fff29b446a1 11 bytes [B8, 6A, 25, FB, 7C, F7, 7F, ...] .text C:\WINDOWS\system32\igfxTray.exe[4284] C:\WINDOWS\system32\GDI32.dll!NamedEscape + 1 00007fff29c13241 11 bytes [B8, 96, 27, FB, 7C, F7, 7F, ...] .text C:\WINDOWS\system32\igfxTray.exe[4284] C:\WINDOWS\SYSTEM32\sechost.dll!CloseServiceHandle + 1 00007fff29e047a1 11 bytes [B8, 44, 3F, FB, 7C, F7, 7F, ...] .text C:\WINDOWS\system32\igfxTray.exe[4284] C:\WINDOWS\SYSTEM32\sechost.dll!OpenServiceW 00007fff29e04d10 12 bytes [48, B8, 2A, 3B, FB, 7C, F7, ...] .text C:\WINDOWS\system32\igfxTray.exe[4284] C:\WINDOWS\SYSTEM32\sechost.dll!OpenServiceA 00007fff29e0a830 12 bytes [48, B8, 94, 3A, FB, 7C, F7, ...] .text C:\WINDOWS\system32\igfxTray.exe[4284] C:\WINDOWS\SYSTEM32\sechost.dll!ControlService + 1 00007fff29e0ae11 1 byte [B8] .text C:\WINDOWS\system32\igfxTray.exe[4284] C:\WINDOWS\SYSTEM32\sechost.dll!ControlService + 3 00007fff29e0ae13 9 bytes [3C, FB, 7C, F7, 7F, 00, 00, ...] .text C:\WINDOWS\system32\igfxTray.exe[4284] C:\WINDOWS\SYSTEM32\sechost.dll!ControlServiceExW + 1 00007fff29e0ed61 11 bytes [B8, 56, 3C, FB, 7C, F7, 7F, ...] .text C:\WINDOWS\system32\igfxTray.exe[4284] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW + 1 00007fff29e24021 11 bytes [B8, AE, 3E, FB, 7C, F7, 7F, ...] .text C:\WINDOWS\system32\igfxTray.exe[4284] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService + 1 00007fff29e2a1a1 11 bytes [B8, 82, 3D, FB, 7C, F7, 7F, ...] .text C:\WINDOWS\system32\igfxTray.exe[4284] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA + 1 00007fff29e2de41 11 bytes [B8, 18, 3E, FB, 7C, F7, 7F, ...] .text C:\WINDOWS\system32\igfxTray.exe[4284] C:\WINDOWS\SYSTEM32\sechost.dll!ControlServiceExA + 1 00007fff29e3ddf1 11 bytes [B8, C0, 3B, FB, 7C, F7, 7F, ...] .text C:\WINDOWS\system32\igfxEM.exe[4464] C:\WINDOWS\system32\KERNEL32.DLL!CreateToolhelp32Snapshot 00007fff284edb10 12 bytes [48, B8, 1E, 08, D7, E7, F7, ...] .text C:\WINDOWS\system32\igfxEM.exe[4464] C:\WINDOWS\system32\KERNEL32.DLL!Process32NextW 00007fff284ee1f0 12 bytes [48, B8, 02, 15, D7, E7, F7, ...] .text C:\WINDOWS\system32\igfxEM.exe[4464] C:\WINDOWS\system32\KERNEL32.DLL!GetStartupInfoA + 1 00007fff285834b1 11 bytes [B8, 8E, 1F, D7, E7, F7, 7F, ...] .text C:\WINDOWS\system32\igfxEM.exe[4464] C:\WINDOWS\system32\KERNEL32.DLL!MoveFileExA + 1 00007fff285aaba1 8 bytes [B8, F0, 17, D7, E7, F7, 7F, ...] .text C:\WINDOWS\system32\igfxEM.exe[4464] C:\WINDOWS\system32\KERNEL32.DLL!MoveFileExA + 10 00007fff285aabaa 2 bytes [50, C3] .text C:\WINDOWS\system32\igfxEM.exe[4464] C:\WINDOWS\system32\KERNEL32.DLL!MoveFileWithProgressA + 1 00007fff285aaca1 11 bytes [B8, 1C, 19, D7, E7, F7, 7F, ...] .text C:\WINDOWS\system32\igfxEM.exe[4464] C:\WINDOWS\system32\KERNELBASE.dll!CloseHandle 00007fff27a914c0 12 bytes [48, B8, CE, 0C, D7, E7, F7, ...] .text C:\WINDOWS\system32\igfxEM.exe[4464] C:\WINDOWS\system32\KERNELBASE.dll!FreeLibrary + 1 00007fff27a921d1 11 bytes [B8, D6, 13, D7, E7, F7, 7F, ...] .text C:\WINDOWS\system32\igfxEM.exe[4464] C:\WINDOWS\system32\KERNELBASE.dll!GetProcAddress 00007fff27a942a0 12 bytes [48, B8, 6C, 14, D7, E7, F7, ...] .text C:\WINDOWS\system32\igfxEM.exe[4464] C:\WINDOWS\system32\KERNELBASE.dll!CreateMutexW 00007fff27a96750 12 bytes [48, B8, 38, 0C, D7, E7, F7, ...] .text C:\WINDOWS\system32\igfxEM.exe[4464] C:\WINDOWS\system32\KERNELBASE.dll!OpenThread 00007fff27a96780 12 bytes [48, B8, E0, 09, D7, E7, F7, ...] .text C:\WINDOWS\system32\igfxEM.exe[4464] C:\WINDOWS\system32\KERNELBASE.dll!OpenMutexW + 1 00007fff27a98931 11 bytes [B8, A2, 0B, D7, E7, F7, 7F, ...] .text C:\WINDOWS\system32\igfxEM.exe[4464] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW + 1 00007fff27a98c41 11 bytes [B8, 40, 13, D7, E7, F7, 7F, ...] .text C:\WINDOWS\system32\igfxEM.exe[4464] C:\WINDOWS\system32\KERNELBASE.dll!FindClose + 1 00007fff27a99101 11 bytes [B8, F8, 1E, D7, E7, F7, 7F, ...] .text C:\WINDOWS\system32\igfxEM.exe[4464] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExA + 1 00007fff27a996b1 11 bytes [B8, AA, 12, D7, E7, F7, 7F, ...] .text C:\WINDOWS\system32\igfxEM.exe[4464] C:\WINDOWS\system32\KERNELBASE.dll!DeleteFileW + 1 00007fff27a9ab21 11 bytes [B8, 74, 1B, D7, E7, F7, 7F, ...] .text C:\WINDOWS\system32\igfxEM.exe[4464] C:\WINDOWS\system32\KERNELBASE.dll!FindFirstFileExW 00007fff27a9c390 12 bytes [48, B8, CC, 1D, D7, E7, F7, ...] .text C:\WINDOWS\system32\igfxEM.exe[4464] C:\WINDOWS\system32\KERNELBASE.dll!FindNextFileW + 1 00007fff27a9f901 11 bytes [B8, 62, 1E, D7, E7, F7, 7F, ...] .text C:\WINDOWS\system32\igfxEM.exe[4464] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileWithProgressW + 1 00007fff27aa2121 11 bytes [B8, B2, 19, D7, E7, F7, 7F, ...] .text C:\WINDOWS\system32\igfxEM.exe[4464] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW 00007fff27acfcf0 12 bytes [48, B8, 9A, 04, D7, E7, F7, ...] .text C:\WINDOWS\system32\igfxEM.exe[4464] C:\WINDOWS\system32\KERNELBASE.dll!DeleteFileA 00007fff27ad10e0 12 bytes [48, B8, 0A, 1C, D7, E7, F7, ...] .text C:\WINDOWS\system32\igfxEM.exe[4464] C:\WINDOWS\system32\KERNELBASE.dll!WriteProcessMemory + 1 00007fff27aea6c1 11 bytes [B8, 0C, 0B, D7, E7, F7, 7F, ...] .text C:\WINDOWS\system32\igfxEM.exe[4464] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileExW + 1 00007fff27aedb51 8 bytes [B8, 86, 18, D7, E7, F7, 7F, ...] .text C:\WINDOWS\system32\igfxEM.exe[4464] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileExW + 10 00007fff27aedb5a 2 bytes [50, C3] .text C:\WINDOWS\system32\igfxEM.exe[4464] C:\WINDOWS\system32\KERNELBASE.dll!DefineDosDeviceW + 1 00007fff27b0a0e1 11 bytes [B8, 5A, 17, D7, E7, F7, 7F, ...] .text C:\WINDOWS\system32\igfxEM.exe[4464] C:\WINDOWS\system32\KERNELBASE.dll!CreateThread 00007fff27b0a4f0 12 bytes [48, B8, 76, 0A, D7, E7, F7, ...] .text C:\WINDOWS\system32\igfxEM.exe[4464] C:\WINDOWS\system32\KERNELBASE.dll!ReadConsoleInputA + 1 00007fff27b5fae1 11 bytes [B8, FA, 0D, D7, E7, F7, 7F, ...] .text C:\WINDOWS\system32\igfxEM.exe[4464] C:\WINDOWS\system32\KERNELBASE.dll!ReadConsoleInputW + 1 00007fff27b5fb61 11 bytes [B8, 90, 0E, D7, E7, F7, 7F, ...] .text C:\WINDOWS\system32\igfxEM.exe[4464] C:\WINDOWS\system32\KERNELBASE.dll!ReadConsoleA 00007fff27b60610 12 bytes [48, B8, 26, 0F, D7, E7, F7, ...] .text C:\WINDOWS\system32\igfxEM.exe[4464] C:\WINDOWS\system32\KERNELBASE.dll!ReadConsoleW 00007fff27b60840 12 bytes [48, B8, BC, 0F, D7, E7, F7, ...] .text C:\WINDOWS\system32\igfxEM.exe[4464] C:\WINDOWS\system32\KERNELBASE.dll!CreateRemoteThread 00007fff27b70f50 12 bytes [48, B8, AC, 01, D7, E7, F7, ...] .text C:\WINDOWS\system32\igfxEM.exe[4464] C:\WINDOWS\system32\USER32.dll!ShowWindow 00007fff2a6011b0 12 bytes [48, B8, 9E, 2E, D7, E7, F7, ...] .text C:\WINDOWS\system32\igfxEM.exe[4464] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx 00007fff2a601210 12 bytes [48, B8, DC, 2C, D7, E7, F7, ...] .text C:\WINDOWS\system32\igfxEM.exe[4464] C:\WINDOWS\system32\USER32.dll!GetMessageW 00007fff2a602660 12 bytes [48, B8, 84, 2A, D7, E7, F7, ...] .text C:\WINDOWS\system32\igfxEM.exe[4464] C:\WINDOWS\system32\USER32.dll!PeekMessageW + 1 00007fff2a602981 11 bytes [B8, B0, 2B, D7, E7, F7, 7F, ...] .text C:\WINDOWS\system32\igfxEM.exe[4464] C:\WINDOWS\system32\USER32.dll!GetWindowLongPtrW + 1 00007fff2a602b31 11 bytes [B8, A6, 35, D7, E7, F7, 7F, ...] .text C:\WINDOWS\system32\igfxEM.exe[4464] C:\WINDOWS\system32\USER32.dll!CallNextHookEx 00007fff2a602ee0 12 bytes [48, B8, 46, 2C, D7, E7, F7, ...] .text C:\WINDOWS\system32\igfxEM.exe[4464] C:\WINDOWS\system32\USER32.dll!GetWindowLongPtrA + 1 00007fff2a6043f1 11 bytes [B8, 10, 35, D7, E7, F7, 7F, ...] .text C:\WINDOWS\system32\igfxEM.exe[4464] C:\WINDOWS\system32\USER32.dll!GetMessageA + 1 00007fff2a606181 11 bytes [B8, EE, 29, D7, E7, F7, 7F, ...] .text C:\WINDOWS\system32\igfxEM.exe[4464] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW + 1 00007fff2a606381 7 bytes [B8, C2, 28, D7, E7, F7, 7F] .text C:\WINDOWS\system32\igfxEM.exe[4464] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW + 9 00007fff2a606389 3 bytes [00, 50, C3] .text C:\WINDOWS\system32\igfxEM.exe[4464] C:\WINDOWS\system32\USER32.dll!CreateWindowExW 00007fff2a606d80 8 bytes [48, B8, 72, 2D, D7, E7, F7, ...] .text C:\WINDOWS\system32\igfxEM.exe[4464] C:\WINDOWS\system32\USER32.dll!CreateWindowExW + 10 00007fff2a606d8a 2 bytes [50, C3] .text C:\WINDOWS\system32\igfxEM.exe[4464] C:\WINDOWS\system32\USER32.dll!GetWindowLongA 00007fff2a609970 12 bytes [48, B8, 3C, 36, D7, E7, F7, ...] .text C:\WINDOWS\system32\igfxEM.exe[4464] C:\WINDOWS\system32\USER32.dll!CreateWindowExA 00007fff2a60ab20 8 bytes [48, B8, 08, 2E, D7, E7, F7, ...] .text C:\WINDOWS\system32\igfxEM.exe[4464] C:\WINDOWS\system32\USER32.dll!CreateWindowExA + 10 00007fff2a60ab2a 2 bytes [50, C3] .text C:\WINDOWS\system32\igfxEM.exe[4464] C:\WINDOWS\system32\USER32.dll!GetWindowLongW + 1 00007fff2a60b041 11 bytes [B8, D2, 36, D7, E7, F7, 7F, ...] .text C:\WINDOWS\system32\igfxEM.exe[4464] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW + 1 00007fff2a60b7e1 11 bytes [B8, FE, 39, D7, E7, F7, 7F, ...] .text C:\WINDOWS\system32\igfxEM.exe[4464] C:\WINDOWS\system32\USER32.dll!SetWindowTextW + 1 00007fff2a60dc61 11 bytes [B8, 22, 32, D7, E7, F7, 7F, ...] .text C:\WINDOWS\system32\igfxEM.exe[4464] C:\WINDOWS\system32\USER32.dll!PeekMessageA + 1 00007fff2a60e971 11 bytes [B8, 1A, 2B, D7, E7, F7, 7F, ...] .text C:\WINDOWS\system32\igfxEM.exe[4464] C:\WINDOWS\system32\USER32.dll!UserClientDllInitialize + 1 00007fff2a60ecf1 11 bytes [B8, A8, 23, D7, E7, F7, 7F, ...] .text C:\WINDOWS\system32\igfxEM.exe[4464] C:\WINDOWS\system32\USER32.dll!SetWinEventHook 00007fff2a615220 12 bytes [48, B8, 58, 29, D7, E7, F7, ...] .text C:\WINDOWS\system32\igfxEM.exe[4464] C:\WINDOWS\system32\USER32.dll!FindWindowW + 1 00007fff2a619a71 7 bytes [B8, E4, 33, D7, E7, F7, 7F] .text C:\WINDOWS\system32\igfxEM.exe[4464] C:\WINDOWS\system32\USER32.dll!FindWindowW + 9 00007fff2a619a79 3 bytes [00, 50, C3] .text C:\WINDOWS\system32\igfxEM.exe[4464] C:\WINDOWS\system32\USER32.dll!FindWindowExW + 1 00007fff2a61b6d1 11 bytes [B8, 7A, 34, D7, E7, F7, 7F, ...] .text C:\WINDOWS\system32\igfxEM.exe[4464] C:\WINDOWS\system32\USER32.dll!FindWindowExA + 1 00007fff2a61bc01 7 bytes [B8, 4E, 33, D7, E7, F7, 7F] .text C:\WINDOWS\system32\igfxEM.exe[4464] C:\WINDOWS\system32\USER32.dll!FindWindowExA + 9 00007fff2a61bc09 3 bytes [00, 50, C3] .text C:\WINDOWS\system32\igfxEM.exe[4464] C:\WINDOWS\system32\USER32.dll!CreateDialogIndirectParamAorW + 1 00007fff2a61f8a1 11 bytes [B8, 34, 2F, D7, E7, F7, 7F, ...] .text C:\WINDOWS\system32\igfxEM.exe[4464] C:\WINDOWS\system32\USER32.dll!DialogBoxIndirectParamAorW + 1 00007fff2a637751 11 bytes [B8, CA, 2F, D7, E7, F7, 7F, ...] .text C:\WINDOWS\system32\igfxEM.exe[4464] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageA + 1 00007fff2a63c5d1 11 bytes [B8, 68, 39, D7, E7, F7, 7F, ...] .text C:\WINDOWS\system32\igfxEM.exe[4464] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA + 1 00007fff2a660ec1 8 bytes [B8, 2C, 28, D7, E7, F7, 7F, ...] .text C:\WINDOWS\system32\igfxEM.exe[4464] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA + 10 00007fff2a660eca 2 bytes [50, C3] .text C:\WINDOWS\system32\igfxEM.exe[4464] C:\WINDOWS\system32\USER32.dll!MessageBoxExA + 1 00007fff2a687d91 11 bytes [B8, 60, 30, D7, E7, F7, 7F, ...] .text C:\WINDOWS\system32\igfxEM.exe[4464] C:\WINDOWS\system32\USER32.dll!MessageBoxExW + 1 00007fff2a687dc1 11 bytes [B8, F6, 30, D7, E7, F7, 7F, ...] .text C:\WINDOWS\system32\igfxEM.exe[4464] C:\WINDOWS\system32\USER32.dll!SetWindowTextA + 1 00007fff2a6910b1 11 bytes [B8, 8C, 31, D7, E7, F7, 7F, ...] .text C:\WINDOWS\system32\igfxEM.exe[4464] C:\WINDOWS\system32\USER32.dll!FindWindowA + 1 00007fff2a691501 11 bytes [B8, B8, 32, D7, E7, F7, 7F, ...] .text C:\WINDOWS\system32\igfxEM.exe[4464] C:\WINDOWS\system32\ADVAPI32.dll!CryptExportKey + 161 00007fff29d52141 11 bytes [B8, 9C, 41, D7, E7, F7, 7F, ...] .text C:\WINDOWS\system32\igfxEM.exe[4464] C:\WINDOWS\system32\ADVAPI32.dll!EnableTrace + 65 00007fff29d5b931 11 bytes [B8, 06, 41, D7, E7, F7, 7F, ...] .text C:\WINDOWS\system32\igfxEM.exe[4464] C:\WINDOWS\system32\ADVAPI32.dll!RegisterServiceCtrlHandlerExA + 769 00007fff29da2671 11 bytes [B8, 8A, 44, D7, E7, F7, 7F, ...] .text C:\WINDOWS\system32\igfxEM.exe[4464] C:\WINDOWS\system32\ADVAPI32.dll!RegisterServiceCtrlHandlerExA + 801 00007fff29da2691 11 bytes [B8, F4, 43, D7, E7, F7, 7F, ...] .text C:\WINDOWS\system32\igfxEM.exe[4464] C:\WINDOWS\system32\ADVAPI32.dll!CreateServiceA 00007fff29dadd30 12 bytes [48, B8, DA, 3F, D7, E7, F7, ...] .text C:\WINDOWS\system32\igfxEM.exe[4464] C:\WINDOWS\system32\ADVAPI32.dll!CreateServiceW 00007fff29daddc0 12 bytes [48, B8, 70, 40, D7, E7, F7, ...] .text C:\WINDOWS\system32\igfxEM.exe[4464] C:\WINDOWS\system32\SHELL32.dll!Shell_NotifyIconW + 1 00007fff286b6591 11 bytes [B8, 4C, 46, D7, E7, F7, 7F, ...] .text C:\WINDOWS\system32\igfxEM.exe[4464] C:\WINDOWS\system32\GDI32.dll!GdiDllInitialize + 465 00007fff29b446a1 11 bytes [B8, 6A, 25, D7, E7, F7, 7F, ...] .text C:\WINDOWS\system32\igfxEM.exe[4464] C:\WINDOWS\system32\GDI32.dll!NamedEscape + 1 00007fff29c13241 11 bytes [B8, 96, 27, D7, E7, F7, 7F, ...] .text C:\WINDOWS\system32\igfxEM.exe[4464] C:\WINDOWS\SYSTEM32\sechost.dll!CloseServiceHandle + 1 00007fff29e047a1 11 bytes [B8, 44, 3F, D7, E7, F7, 7F, ...] .text C:\WINDOWS\system32\igfxEM.exe[4464] C:\WINDOWS\SYSTEM32\sechost.dll!OpenServiceW 00007fff29e04d10 12 bytes [48, B8, 2A, 3B, D7, E7, F7, ...] .text C:\WINDOWS\system32\igfxEM.exe[4464] C:\WINDOWS\SYSTEM32\sechost.dll!OpenServiceA 00007fff29e0a830 12 bytes [48, B8, 94, 3A, D7, E7, F7, ...] .text C:\WINDOWS\system32\igfxEM.exe[4464] C:\WINDOWS\SYSTEM32\sechost.dll!ControlService + 1 00007fff29e0ae11 1 byte [B8] .text C:\WINDOWS\system32\igfxEM.exe[4464] C:\WINDOWS\SYSTEM32\sechost.dll!ControlService + 3 00007fff29e0ae13 9 bytes [3C, D7, E7, F7, 7F, 00, 00, ...] .text C:\WINDOWS\system32\igfxEM.exe[4464] C:\WINDOWS\SYSTEM32\sechost.dll!ControlServiceExW + 1 00007fff29e0ed61 11 bytes [B8, 56, 3C, D7, E7, F7, 7F, ...] .text C:\WINDOWS\system32\igfxEM.exe[4464] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW + 1 00007fff29e24021 11 bytes [B8, AE, 3E, D7, E7, F7, 7F, ...] .text C:\WINDOWS\system32\igfxEM.exe[4464] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService + 1 00007fff29e2a1a1 11 bytes [B8, 82, 3D, D7, E7, F7, 7F, ...] .text C:\WINDOWS\system32\igfxEM.exe[4464] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA + 1 00007fff29e2de41 11 bytes [B8, 18, 3E, D7, E7, F7, 7F, ...] .text C:\WINDOWS\system32\igfxEM.exe[4464] C:\WINDOWS\SYSTEM32\sechost.dll!ControlServiceExA + 1 00007fff29e3ddf1 11 bytes [B8, C0, 3B, D7, E7, F7, 7F, ...] .text C:\Program Files\IDT\WDM\sttray64.exe[4500] C:\WINDOWS\system32\KERNEL32.DLL!CreateToolhelp32Snapshot 00007fff284edb10 12 bytes [48, B8, 1E, 08, E4, FF, F5, ...] .text C:\Program Files\IDT\WDM\sttray64.exe[4500] C:\WINDOWS\system32\KERNEL32.DLL!Process32NextW 00007fff284ee1f0 12 bytes [48, B8, 02, 15, E4, FF, F5, ...] .text C:\Program Files\IDT\WDM\sttray64.exe[4500] C:\WINDOWS\system32\KERNEL32.DLL!GetStartupInfoA + 1 00007fff285834b1 11 bytes [B8, 8E, 1F, E4, FF, F5, 7F, ...] .text C:\Program Files\IDT\WDM\sttray64.exe[4500] C:\WINDOWS\system32\KERNEL32.DLL!MoveFileExA + 1 00007fff285aaba1 8 bytes [B8, F0, 17, E4, FF, F5, 7F, ...] .text C:\Program Files\IDT\WDM\sttray64.exe[4500] C:\WINDOWS\system32\KERNEL32.DLL!MoveFileExA + 10 00007fff285aabaa 2 bytes [50, C3] .text C:\Program Files\IDT\WDM\sttray64.exe[4500] C:\WINDOWS\system32\KERNEL32.DLL!MoveFileWithProgressA + 1 00007fff285aaca1 11 bytes [B8, 1C, 19, E4, FF, F5, 7F, ...] .text C:\Program Files\IDT\WDM\sttray64.exe[4500] C:\WINDOWS\system32\KERNELBASE.dll!CloseHandle 00007fff27a914c0 12 bytes [48, B8, CE, 0C, E4, FF, F5, ...] .text C:\Program Files\IDT\WDM\sttray64.exe[4500] C:\WINDOWS\system32\KERNELBASE.dll!FreeLibrary + 1 00007fff27a921d1 11 bytes [B8, D6, 13, E4, FF, F5, 7F, ...] .text C:\Program Files\IDT\WDM\sttray64.exe[4500] C:\WINDOWS\system32\KERNELBASE.dll!GetProcAddress 00007fff27a942a0 12 bytes [48, B8, 6C, 14, E4, FF, F5, ...] .text C:\Program Files\IDT\WDM\sttray64.exe[4500] C:\WINDOWS\system32\KERNELBASE.dll!CreateMutexW 00007fff27a96750 12 bytes [48, B8, 38, 0C, E4, FF, F5, ...] .text C:\Program Files\IDT\WDM\sttray64.exe[4500] C:\WINDOWS\system32\KERNELBASE.dll!OpenThread 00007fff27a96780 12 bytes [48, B8, E0, 09, E4, FF, F5, ...] .text C:\Program Files\IDT\WDM\sttray64.exe[4500] C:\WINDOWS\system32\KERNELBASE.dll!OpenMutexW + 1 00007fff27a98931 11 bytes [B8, A2, 0B, E4, FF, F5, 7F, ...] .text C:\Program Files\IDT\WDM\sttray64.exe[4500] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW + 1 00007fff27a98c41 11 bytes [B8, 40, 13, E4, FF, F5, 7F, ...] .text C:\Program Files\IDT\WDM\sttray64.exe[4500] C:\WINDOWS\system32\KERNELBASE.dll!FindClose + 1 00007fff27a99101 11 bytes [B8, F8, 1E, E4, FF, F5, 7F, ...] .text C:\Program Files\IDT\WDM\sttray64.exe[4500] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExA + 1 00007fff27a996b1 11 bytes [B8, AA, 12, E4, FF, F5, 7F, ...] .text C:\Program Files\IDT\WDM\sttray64.exe[4500] C:\WINDOWS\system32\KERNELBASE.dll!DeleteFileW + 1 00007fff27a9ab21 11 bytes [B8, 74, 1B, E4, FF, F5, 7F, ...] .text C:\Program Files\IDT\WDM\sttray64.exe[4500] C:\WINDOWS\system32\KERNELBASE.dll!FindFirstFileExW 00007fff27a9c390 12 bytes [48, B8, CC, 1D, E4, FF, F5, ...] .text C:\Program Files\IDT\WDM\sttray64.exe[4500] C:\WINDOWS\system32\KERNELBASE.dll!FindNextFileW + 1 00007fff27a9f901 11 bytes [B8, 62, 1E, E4, FF, F5, 7F, ...] .text C:\Program Files\IDT\WDM\sttray64.exe[4500] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileWithProgressW + 1 00007fff27aa2121 11 bytes [B8, B2, 19, E4, FF, F5, 7F, ...] .text C:\Program Files\IDT\WDM\sttray64.exe[4500] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW 00007fff27acfcf0 12 bytes [48, B8, 9A, 04, E4, FF, F5, ...] .text C:\Program Files\IDT\WDM\sttray64.exe[4500] C:\WINDOWS\system32\KERNELBASE.dll!DeleteFileA 00007fff27ad10e0 12 bytes [48, B8, 0A, 1C, E4, FF, F5, ...] .text C:\Program Files\IDT\WDM\sttray64.exe[4500] C:\WINDOWS\system32\KERNELBASE.dll!WriteProcessMemory + 1 00007fff27aea6c1 11 bytes [B8, 0C, 0B, E4, FF, F5, 7F, ...] .text C:\Program Files\IDT\WDM\sttray64.exe[4500] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileExW + 1 00007fff27aedb51 8 bytes [B8, 86, 18, E4, FF, F5, 7F, ...] .text C:\Program Files\IDT\WDM\sttray64.exe[4500] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileExW + 10 00007fff27aedb5a 2 bytes [50, C3] .text C:\Program Files\IDT\WDM\sttray64.exe[4500] C:\WINDOWS\system32\KERNELBASE.dll!DefineDosDeviceW + 1 00007fff27b0a0e1 11 bytes [B8, 5A, 17, E4, FF, F5, 7F, ...] .text C:\Program Files\IDT\WDM\sttray64.exe[4500] C:\WINDOWS\system32\KERNELBASE.dll!CreateThread 00007fff27b0a4f0 12 bytes [48, B8, 76, 0A, E4, FF, F5, ...] .text C:\Program Files\IDT\WDM\sttray64.exe[4500] C:\WINDOWS\system32\KERNELBASE.dll!ReadConsoleInputA + 1 00007fff27b5fae1 11 bytes [B8, FA, 0D, E4, FF, F5, 7F, ...] .text C:\Program Files\IDT\WDM\sttray64.exe[4500] C:\WINDOWS\system32\KERNELBASE.dll!ReadConsoleInputW + 1 00007fff27b5fb61 11 bytes [B8, 90, 0E, E4, FF, F5, 7F, ...] .text C:\Program Files\IDT\WDM\sttray64.exe[4500] C:\WINDOWS\system32\KERNELBASE.dll!ReadConsoleA 00007fff27b60610 12 bytes [48, B8, 26, 0F, E4, FF, F5, ...] .text C:\Program Files\IDT\WDM\sttray64.exe[4500] C:\WINDOWS\system32\KERNELBASE.dll!ReadConsoleW 00007fff27b60840 12 bytes [48, B8, BC, 0F, E4, FF, F5, ...] .text C:\Program Files\IDT\WDM\sttray64.exe[4500] C:\WINDOWS\system32\KERNELBASE.dll!CreateRemoteThread 00007fff27b70f50 12 bytes [48, B8, AC, 01, E4, FF, F5, ...] .text C:\Program Files\IDT\WDM\sttray64.exe[4500] C:\WINDOWS\system32\ADVAPI32.dll!CryptExportKey + 161 00007fff29d52141 11 bytes [B8, 9E, 2D, E4, FF, F5, 7F, ...] .text C:\Program Files\IDT\WDM\sttray64.exe[4500] C:\WINDOWS\system32\ADVAPI32.dll!EnableTrace + 65 00007fff29d5b931 11 bytes [B8, 08, 2D, E4, FF, F5, 7F, ...] .text C:\Program Files\IDT\WDM\sttray64.exe[4500] C:\WINDOWS\system32\ADVAPI32.dll!RegisterServiceCtrlHandlerExA + 769 00007fff29da2671 11 bytes [B8, 8C, 30, E4, FF, F5, 7F, ...] .text C:\Program Files\IDT\WDM\sttray64.exe[4500] C:\WINDOWS\system32\ADVAPI32.dll!RegisterServiceCtrlHandlerExA + 801 00007fff29da2691 11 bytes [B8, F6, 2F, E4, FF, F5, 7F, ...] .text C:\Program Files\IDT\WDM\sttray64.exe[4500] C:\WINDOWS\system32\ADVAPI32.dll!CreateServiceA 00007fff29dadd30 2 bytes [48, B8] .text C:\Program Files\IDT\WDM\sttray64.exe[4500] C:\WINDOWS\system32\ADVAPI32.dll!CreateServiceA + 3 00007fff29dadd33 9 bytes [2B, E4, FF, F5, 7F, 00, 00, ...] .text C:\Program Files\IDT\WDM\sttray64.exe[4500] C:\WINDOWS\system32\ADVAPI32.dll!CreateServiceW 00007fff29daddc0 12 bytes [48, B8, 72, 2C, E4, FF, F5, ...] .text C:\Program Files\IDT\WDM\sttray64.exe[4500] C:\WINDOWS\system32\USER32.dll!ShowWindow 00007fff2a6011b0 12 bytes [48, B8, C0, 38, E4, FF, F5, ...] .text C:\Program Files\IDT\WDM\sttray64.exe[4500] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx 00007fff2a601210 12 bytes [48, B8, FE, 36, E4, FF, F5, ...] .text C:\Program Files\IDT\WDM\sttray64.exe[4500] C:\WINDOWS\system32\USER32.dll!GetMessageW 00007fff2a602660 12 bytes [48, B8, A6, 34, E4, FF, F5, ...] .text C:\Program Files\IDT\WDM\sttray64.exe[4500] C:\WINDOWS\system32\USER32.dll!PeekMessageW + 1 00007fff2a602981 11 bytes [B8, D2, 35, E4, FF, F5, 7F, ...] .text C:\Program Files\IDT\WDM\sttray64.exe[4500] C:\WINDOWS\system32\USER32.dll!GetWindowLongPtrW + 1 00007fff2a602b31 11 bytes [B8, C8, 3F, E4, FF, F5, 7F, ...] .text C:\Program Files\IDT\WDM\sttray64.exe[4500] C:\WINDOWS\system32\USER32.dll!CallNextHookEx 00007fff2a602ee0 12 bytes [48, B8, 68, 36, E4, FF, F5, ...] .text C:\Program Files\IDT\WDM\sttray64.exe[4500] C:\WINDOWS\system32\USER32.dll!GetWindowLongPtrA + 1 00007fff2a6043f1 11 bytes [B8, 32, 3F, E4, FF, F5, 7F, ...] .text C:\Program Files\IDT\WDM\sttray64.exe[4500] C:\WINDOWS\system32\USER32.dll!GetMessageA + 1 00007fff2a606181 11 bytes [B8, 10, 34, E4, FF, F5, 7F, ...] .text C:\Program Files\IDT\WDM\sttray64.exe[4500] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW + 1 00007fff2a606381 7 bytes [B8, E4, 32, E4, FF, F5, 7F] .text C:\Program Files\IDT\WDM\sttray64.exe[4500] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW + 9 00007fff2a606389 3 bytes [00, 50, C3] .text C:\Program Files\IDT\WDM\sttray64.exe[4500] C:\WINDOWS\system32\USER32.dll!CreateWindowExW 00007fff2a606d80 8 bytes [48, B8, 94, 37, E4, FF, F5, ...] .text C:\Program Files\IDT\WDM\sttray64.exe[4500] C:\WINDOWS\system32\USER32.dll!CreateWindowExW + 10 00007fff2a606d8a 2 bytes [50, C3] .text C:\Program Files\IDT\WDM\sttray64.exe[4500] C:\WINDOWS\system32\USER32.dll!GetWindowLongA 00007fff2a609970 12 bytes [48, B8, 5E, 40, E4, FF, F5, ...] .text C:\Program Files\IDT\WDM\sttray64.exe[4500] C:\WINDOWS\system32\USER32.dll!CreateWindowExA 00007fff2a60ab20 8 bytes [48, B8, 2A, 38, E4, FF, F5, ...] .text C:\Program Files\IDT\WDM\sttray64.exe[4500] C:\WINDOWS\system32\USER32.dll!CreateWindowExA + 10 00007fff2a60ab2a 2 bytes [50, C3] .text C:\Program Files\IDT\WDM\sttray64.exe[4500] C:\WINDOWS\system32\USER32.dll!GetWindowLongW + 1 00007fff2a60b041 11 bytes [B8, F4, 40, E4, FF, F5, 7F, ...] .text C:\Program Files\IDT\WDM\sttray64.exe[4500] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW + 1 00007fff2a60b7e1 11 bytes [B8, 20, 44, E4, FF, F5, 7F, ...] .text C:\Program Files\IDT\WDM\sttray64.exe[4500] C:\WINDOWS\system32\USER32.dll!SetWindowTextW + 1 00007fff2a60dc61 11 bytes [B8, 44, 3C, E4, FF, F5, 7F, ...] .text C:\Program Files\IDT\WDM\sttray64.exe[4500] C:\WINDOWS\system32\USER32.dll!PeekMessageA + 1 00007fff2a60e971 11 bytes [B8, 3C, 35, E4, FF, F5, 7F, ...] .text C:\Program Files\IDT\WDM\sttray64.exe[4500] C:\WINDOWS\system32\USER32.dll!UserClientDllInitialize + 1 00007fff2a60ecf1 2 bytes [B8, D4] .text C:\Program Files\IDT\WDM\sttray64.exe[4500] C:\WINDOWS\system32\USER32.dll!UserClientDllInitialize + 4 00007fff2a60ecf4 8 bytes [E4, FF, F5, 7F, 00, 00, 50, ...] .text C:\Program Files\IDT\WDM\sttray64.exe[4500] C:\WINDOWS\system32\USER32.dll!SetWinEventHook 00007fff2a615220 12 bytes [48, B8, 7A, 33, E4, FF, F5, ...] .text C:\Program Files\IDT\WDM\sttray64.exe[4500] C:\WINDOWS\system32\USER32.dll!FindWindowW + 1 00007fff2a619a71 7 bytes [B8, 06, 3E, E4, FF, F5, 7F] .text C:\Program Files\IDT\WDM\sttray64.exe[4500] C:\WINDOWS\system32\USER32.dll!FindWindowW + 9 00007fff2a619a79 3 bytes [00, 50, C3] .text C:\Program Files\IDT\WDM\sttray64.exe[4500] C:\WINDOWS\system32\USER32.dll!FindWindowExW + 1 00007fff2a61b6d1 11 bytes [B8, 9C, 3E, E4, FF, F5, 7F, ...] .text C:\Program Files\IDT\WDM\sttray64.exe[4500] C:\WINDOWS\system32\USER32.dll!FindWindowExA + 1 00007fff2a61bc01 7 bytes [B8, 70, 3D, E4, FF, F5, 7F] .text C:\Program Files\IDT\WDM\sttray64.exe[4500] C:\WINDOWS\system32\USER32.dll!FindWindowExA + 9 00007fff2a61bc09 3 bytes [00, 50, C3] .text C:\Program Files\IDT\WDM\sttray64.exe[4500] C:\WINDOWS\system32\USER32.dll!CreateDialogIndirectParamAorW + 1 00007fff2a61f8a1 11 bytes [B8, 56, 39, E4, FF, F5, 7F, ...] .text C:\Program Files\IDT\WDM\sttray64.exe[4500] C:\WINDOWS\system32\USER32.dll!DialogBoxIndirectParamAorW + 1 00007fff2a637751 11 bytes [B8, EC, 39, E4, FF, F5, 7F, ...] .text C:\Program Files\IDT\WDM\sttray64.exe[4500] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageA + 1 00007fff2a63c5d1 11 bytes [B8, 8A, 43, E4, FF, F5, 7F, ...] .text C:\Program Files\IDT\WDM\sttray64.exe[4500] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA + 1 00007fff2a660ec1 8 bytes [B8, 4E, 32, E4, FF, F5, 7F, ...] .text C:\Program Files\IDT\WDM\sttray64.exe[4500] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA + 10 00007fff2a660eca 2 bytes [50, C3] .text C:\Program Files\IDT\WDM\sttray64.exe[4500] C:\WINDOWS\system32\USER32.dll!MessageBoxExA + 1 00007fff2a687d91 11 bytes [B8, 82, 3A, E4, FF, F5, 7F, ...] .text C:\Program Files\IDT\WDM\sttray64.exe[4500] C:\WINDOWS\system32\USER32.dll!MessageBoxExW + 1 00007fff2a687dc1 11 bytes [B8, 18, 3B, E4, FF, F5, 7F, ...] .text C:\Program Files\IDT\WDM\sttray64.exe[4500] C:\WINDOWS\system32\USER32.dll!SetWindowTextA + 1 00007fff2a6910b1 11 bytes [B8, AE, 3B, E4, FF, F5, 7F, ...] .text C:\Program Files\IDT\WDM\sttray64.exe[4500] C:\WINDOWS\system32\USER32.dll!FindWindowA + 1 00007fff2a691501 11 bytes [B8, DA, 3C, E4, FF, F5, 7F, ...] .text C:\Program Files\IDT\WDM\sttray64.exe[4500] C:\WINDOWS\system32\SHELL32.dll!Shell_NotifyIconW + 1 00007fff286b6591 11 bytes [B8, 4C, 46, E4, FF, F5, 7F, ...] .text C:\Program Files\IDT\WDM\sttray64.exe[4500] C:\WINDOWS\SYSTEM32\sechost.dll!CloseServiceHandle + 1 00007fff29e047a1 11 bytes [B8, 46, 2B, E4, FF, F5, 7F, ...] .text C:\Program Files\IDT\WDM\sttray64.exe[4500] C:\WINDOWS\SYSTEM32\sechost.dll!OpenServiceW 00007fff29e04d10 12 bytes [48, B8, 2C, 27, E4, FF, F5, ...] .text C:\Program Files\IDT\WDM\sttray64.exe[4500] C:\WINDOWS\SYSTEM32\sechost.dll!OpenServiceA 00007fff29e0a830 12 bytes [48, B8, 96, 26, E4, FF, F5, ...] .text C:\Program Files\IDT\WDM\sttray64.exe[4500] C:\WINDOWS\SYSTEM32\sechost.dll!ControlService + 1 00007fff29e0ae11 11 bytes [B8, EE, 28, E4, FF, F5, 7F, ...] .text C:\Program Files\IDT\WDM\sttray64.exe[4500] C:\WINDOWS\SYSTEM32\sechost.dll!ControlServiceExW + 1 00007fff29e0ed61 11 bytes [B8, 58, 28, E4, FF, F5, 7F, ...] .text C:\Program Files\IDT\WDM\sttray64.exe[4500] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW + 1 00007fff29e24021 11 bytes [B8, B0, 2A, E4, FF, F5, 7F, ...] .text C:\Program Files\IDT\WDM\sttray64.exe[4500] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService + 1 00007fff29e2a1a1 11 bytes [B8, 84, 29, E4, FF, F5, 7F, ...] .text C:\Program Files\IDT\WDM\sttray64.exe[4500] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA + 1 00007fff29e2de41 11 bytes [B8, 1A, 2A, E4, FF, F5, 7F, ...] .text C:\Program Files\IDT\WDM\sttray64.exe[4500] C:\WINDOWS\SYSTEM32\sechost.dll!ControlServiceExA + 1 00007fff29e3ddf1 11 bytes [B8, C2, 27, E4, FF, F5, 7F, ...] .text C:\Windows\System32\rundll32.exe[4576] C:\WINDOWS\system32\KERNEL32.DLL!CreateToolhelp32Snapshot 00007fff284edb10 12 bytes [48, B8, B4, 08, 31, 22, F7, ...] .text C:\Windows\System32\rundll32.exe[4576] C:\WINDOWS\system32\KERNEL32.DLL!Process32NextW 00007fff284ee1f0 12 bytes [48, B8, 02, 15, 31, 22, F7, ...] .text C:\Windows\System32\rundll32.exe[4576] C:\WINDOWS\system32\KERNEL32.DLL!GetStartupInfoA + 1 00007fff285834b1 11 bytes [B8, 8E, 1F, 31, 22, F7, 7F, ...] .text C:\Windows\System32\rundll32.exe[4576] C:\WINDOWS\system32\KERNEL32.DLL!MoveFileExA + 1 00007fff285aaba1 8 bytes [B8, F0, 17, 31, 22, F7, 7F, ...] .text C:\Windows\System32\rundll32.exe[4576] C:\WINDOWS\system32\KERNEL32.DLL!MoveFileExA + 10 00007fff285aabaa 2 bytes [50, C3] .text C:\Windows\System32\rundll32.exe[4576] C:\WINDOWS\system32\KERNEL32.DLL!MoveFileWithProgressA + 1 00007fff285aaca1 11 bytes [B8, 1C, 19, 31, 22, F7, 7F, ...] .text C:\Windows\System32\rundll32.exe[4576] C:\WINDOWS\system32\KERNELBASE.dll!CloseHandle 00007fff27a914c0 12 bytes [48, B8, 64, 0D, 31, 22, F7, ...] .text C:\Windows\System32\rundll32.exe[4576] C:\WINDOWS\system32\KERNELBASE.dll!FreeLibrary + 1 00007fff27a921d1 11 bytes [B8, D6, 13, 31, 22, F7, 7F, ...] .text C:\Windows\System32\rundll32.exe[4576] C:\WINDOWS\system32\KERNELBASE.dll!GetProcAddress 00007fff27a942a0 12 bytes [48, B8, 6C, 14, 31, 22, F7, ...] .text C:\Windows\System32\rundll32.exe[4576] C:\WINDOWS\system32\KERNELBASE.dll!CreateMutexW 00007fff27a96750 12 bytes [48, B8, CE, 0C, 31, 22, F7, ...] .text C:\Windows\System32\rundll32.exe[4576] C:\WINDOWS\system32\KERNELBASE.dll!OpenThread 00007fff27a96780 12 bytes [48, B8, 76, 0A, 31, 22, F7, ...] .text C:\Windows\System32\rundll32.exe[4576] C:\WINDOWS\system32\KERNELBASE.dll!OpenMutexW + 1 00007fff27a98931 11 bytes [B8, 38, 0C, 31, 22, F7, 7F, ...] .text C:\Windows\System32\rundll32.exe[4576] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW + 1 00007fff27a98c41 11 bytes [B8, AC, 01, 31, 22, F7, 7F, ...] .text C:\Windows\System32\rundll32.exe[4576] C:\WINDOWS\system32\KERNELBASE.dll!FindClose + 1 00007fff27a99101 11 bytes [B8, F8, 1E, 31, 22, F7, 7F, ...] .text C:\Windows\System32\rundll32.exe[4576] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExA + 1 00007fff27a996b1 11 bytes [B8, 40, 13, 31, 22, F7, 7F, ...] .text C:\Windows\System32\rundll32.exe[4576] C:\WINDOWS\system32\KERNELBASE.dll!DeleteFileW + 1 00007fff27a9ab21 11 bytes [B8, 74, 1B, 31, 22, F7, 7F, ...] .text C:\Windows\System32\rundll32.exe[4576] C:\WINDOWS\system32\KERNELBASE.dll!FindFirstFileExW 00007fff27a9c390 12 bytes [48, B8, CC, 1D, 31, 22, F7, ...] .text C:\Windows\System32\rundll32.exe[4576] C:\WINDOWS\system32\KERNELBASE.dll!FindNextFileW + 1 00007fff27a9f901 11 bytes [B8, 62, 1E, 31, 22, F7, 7F, ...] .text C:\Windows\System32\rundll32.exe[4576] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileWithProgressW + 1 00007fff27aa2121 11 bytes [B8, B2, 19, 31, 22, F7, 7F, ...] .text C:\Windows\System32\rundll32.exe[4576] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW 00007fff27acfcf0 12 bytes [48, B8, 30, 05, 31, 22, F7, ...] .text C:\Windows\System32\rundll32.exe[4576] C:\WINDOWS\system32\KERNELBASE.dll!DeleteFileA 00007fff27ad10e0 12 bytes [48, B8, 0A, 1C, 31, 22, F7, ...] .text C:\Windows\System32\rundll32.exe[4576] C:\WINDOWS\system32\KERNELBASE.dll!WriteProcessMemory + 1 00007fff27aea6c1 11 bytes [B8, A2, 0B, 31, 22, F7, 7F, ...] .text C:\Windows\System32\rundll32.exe[4576] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileExW + 1 00007fff27aedb51 8 bytes [B8, 86, 18, 31, 22, F7, 7F, ...] .text C:\Windows\System32\rundll32.exe[4576] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileExW + 10 00007fff27aedb5a 2 bytes [50, C3] .text C:\Windows\System32\rundll32.exe[4576] C:\WINDOWS\system32\KERNELBASE.dll!DefineDosDeviceW + 1 00007fff27b0a0e1 11 bytes [B8, 5A, 17, 31, 22, F7, 7F, ...] .text C:\Windows\System32\rundll32.exe[4576] C:\WINDOWS\system32\KERNELBASE.dll!CreateThread 00007fff27b0a4f0 12 bytes [48, B8, 0C, 0B, 31, 22, F7, ...] .text C:\Windows\System32\rundll32.exe[4576] C:\WINDOWS\system32\KERNELBASE.dll!ReadConsoleInputA + 1 00007fff27b5fae1 11 bytes [B8, 90, 0E, 31, 22, F7, 7F, ...] .text C:\Windows\System32\rundll32.exe[4576] C:\WINDOWS\system32\KERNELBASE.dll!ReadConsoleInputW + 1 00007fff27b5fb61 11 bytes [B8, 26, 0F, 31, 22, F7, 7F, ...] .text C:\Windows\System32\rundll32.exe[4576] C:\WINDOWS\system32\KERNELBASE.dll!ReadConsoleA 00007fff27b60610 12 bytes [48, B8, BC, 0F, 31, 22, F7, ...] .text C:\Windows\System32\rundll32.exe[4576] C:\WINDOWS\system32\KERNELBASE.dll!ReadConsoleW 00007fff27b60840 12 bytes [48, B8, 52, 10, 31, 22, F7, ...] .text C:\Windows\System32\rundll32.exe[4576] C:\WINDOWS\system32\KERNELBASE.dll!CreateRemoteThread 00007fff27b70f50 12 bytes [48, B8, 42, 02, 31, 22, F7, ...] .text C:\Windows\System32\rundll32.exe[4576] C:\WINDOWS\system32\USER32.dll!ShowWindow 00007fff2a6011b0 12 bytes [48, B8, 72, 2D, 31, 22, F7, ...] .text C:\Windows\System32\rundll32.exe[4576] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx 00007fff2a601210 12 bytes [48, B8, B0, 2B, 31, 22, F7, ...] .text C:\Windows\System32\rundll32.exe[4576] C:\WINDOWS\system32\USER32.dll!GetMessageW 00007fff2a602660 12 bytes [48, B8, 58, 29, 31, 22, F7, ...] .text C:\Windows\System32\rundll32.exe[4576] C:\WINDOWS\system32\USER32.dll!PeekMessageW + 1 00007fff2a602981 11 bytes [B8, 84, 2A, 31, 22, F7, 7F, ...] .text C:\Windows\System32\rundll32.exe[4576] C:\WINDOWS\system32\USER32.dll!GetWindowLongPtrW + 1 00007fff2a602b31 11 bytes [B8, 7A, 34, 31, 22, F7, 7F, ...] .text C:\Windows\System32\rundll32.exe[4576] C:\WINDOWS\system32\USER32.dll!CallNextHookEx 00007fff2a602ee0 12 bytes [48, B8, 1A, 2B, 31, 22, F7, ...] .text C:\Windows\System32\rundll32.exe[4576] C:\WINDOWS\system32\USER32.dll!GetWindowLongPtrA + 1 00007fff2a6043f1 11 bytes [B8, E4, 33, 31, 22, F7, 7F, ...] .text C:\Windows\System32\rundll32.exe[4576] C:\WINDOWS\system32\USER32.dll!GetMessageA + 1 00007fff2a606181 11 bytes [B8, C2, 28, 31, 22, F7, 7F, ...] .text C:\Windows\System32\rundll32.exe[4576] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW + 1 00007fff2a606381 7 bytes [B8, 96, 27, 31, 22, F7, 7F] .text C:\Windows\System32\rundll32.exe[4576] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW + 9 00007fff2a606389 3 bytes [00, 50, C3] .text C:\Windows\System32\rundll32.exe[4576] C:\WINDOWS\system32\USER32.dll!CreateWindowExW 00007fff2a606d80 8 bytes [48, B8, 46, 2C, 31, 22, F7, ...] .text C:\Windows\System32\rundll32.exe[4576] C:\WINDOWS\system32\USER32.dll!CreateWindowExW + 10 00007fff2a606d8a 2 bytes [50, C3] .text C:\Windows\System32\rundll32.exe[4576] C:\WINDOWS\system32\USER32.dll!GetWindowLongA 00007fff2a609970 12 bytes [48, B8, 10, 35, 31, 22, F7, ...] .text C:\Windows\System32\rundll32.exe[4576] C:\WINDOWS\system32\USER32.dll!CreateWindowExA 00007fff2a60ab20 2 bytes [48, B8] .text C:\Windows\System32\rundll32.exe[4576] C:\WINDOWS\system32\USER32.dll!CreateWindowExA + 3 00007fff2a60ab23 5 bytes [2C, 31, 22, F7, 7F] .text ... * 2 .text C:\Windows\System32\rundll32.exe[4576] C:\WINDOWS\system32\USER32.dll!GetWindowLongW + 1 00007fff2a60b041 11 bytes [B8, A6, 35, 31, 22, F7, 7F, ...] .text C:\Windows\System32\rundll32.exe[4576] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW + 1 00007fff2a60b7e1 11 bytes [B8, D2, 38, 31, 22, F7, 7F, ...] .text C:\Windows\System32\rundll32.exe[4576] C:\WINDOWS\system32\USER32.dll!SetWindowTextW + 1 00007fff2a60dc61 11 bytes [B8, F6, 30, 31, 22, F7, 7F, ...] .text C:\Windows\System32\rundll32.exe[4576] C:\WINDOWS\system32\USER32.dll!PeekMessageA + 1 00007fff2a60e971 11 bytes [B8, EE, 29, 31, 22, F7, 7F, ...] .text C:\Windows\System32\rundll32.exe[4576] C:\WINDOWS\system32\USER32.dll!UserClientDllInitialize + 1 00007fff2a60ecf1 11 bytes [B8, A8, 23, 31, 22, F7, 7F, ...] .text C:\Windows\System32\rundll32.exe[4576] C:\WINDOWS\system32\USER32.dll!SetWinEventHook 00007fff2a615220 12 bytes [48, B8, 2C, 28, 31, 22, F7, ...] .text C:\Windows\System32\rundll32.exe[4576] C:\WINDOWS\system32\USER32.dll!FindWindowW + 1 00007fff2a619a71 7 bytes [B8, B8, 32, 31, 22, F7, 7F] .text C:\Windows\System32\rundll32.exe[4576] C:\WINDOWS\system32\USER32.dll!FindWindowW + 9 00007fff2a619a79 3 bytes [00, 50, C3] .text C:\Windows\System32\rundll32.exe[4576] C:\WINDOWS\system32\USER32.dll!FindWindowExW + 1 00007fff2a61b6d1 11 bytes [B8, 4E, 33, 31, 22, F7, 7F, ...] .text C:\Windows\System32\rundll32.exe[4576] C:\WINDOWS\system32\USER32.dll!FindWindowExA + 1 00007fff2a61bc01 7 bytes [B8, 22, 32, 31, 22, F7, 7F] .text C:\Windows\System32\rundll32.exe[4576] C:\WINDOWS\system32\USER32.dll!FindWindowExA + 9 00007fff2a61bc09 3 bytes [00, 50, C3] .text C:\Windows\System32\rundll32.exe[4576] C:\WINDOWS\system32\USER32.dll!CreateDialogIndirectParamAorW + 1 00007fff2a61f8a1 11 bytes [B8, 08, 2E, 31, 22, F7, 7F, ...] .text C:\Windows\System32\rundll32.exe[4576] C:\WINDOWS\system32\USER32.dll!DialogBoxIndirectParamAorW + 1 00007fff2a637751 11 bytes [B8, 9E, 2E, 31, 22, F7, 7F, ...] .text C:\Windows\System32\rundll32.exe[4576] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageA + 1 00007fff2a63c5d1 11 bytes [B8, 3C, 38, 31, 22, F7, 7F, ...] .text C:\Windows\System32\rundll32.exe[4576] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA + 1 00007fff2a660ec1 8 bytes [B8, 00, 27, 31, 22, F7, 7F, ...] .text C:\Windows\System32\rundll32.exe[4576] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA + 10 00007fff2a660eca 2 bytes [50, C3] .text C:\Windows\System32\rundll32.exe[4576] C:\WINDOWS\system32\USER32.dll!MessageBoxExA + 1 00007fff2a687d91 11 bytes [B8, 34, 2F, 31, 22, F7, 7F, ...] .text C:\Windows\System32\rundll32.exe[4576] C:\WINDOWS\system32\USER32.dll!MessageBoxExW + 1 00007fff2a687dc1 11 bytes [B8, CA, 2F, 31, 22, F7, 7F, ...] .text C:\Windows\System32\rundll32.exe[4576] C:\WINDOWS\system32\USER32.dll!SetWindowTextA + 1 00007fff2a6910b1 11 bytes [B8, 60, 30, 31, 22, F7, 7F, ...] .text C:\Windows\System32\rundll32.exe[4576] C:\WINDOWS\system32\USER32.dll!FindWindowA + 1 00007fff2a691501 11 bytes [B8, 8C, 31, 31, 22, F7, 7F, ...] .text C:\Windows\System32\rundll32.exe[4576] C:\WINDOWS\SYSTEM32\sechost.dll!CloseServiceHandle + 1 00007fff29e047a1 11 bytes [B8, 18, 3E, 31, 22, F7, 7F, ...] .text C:\Windows\System32\rundll32.exe[4576] C:\WINDOWS\SYSTEM32\sechost.dll!OpenServiceW 00007fff29e04d10 12 bytes [48, B8, FE, 39, 31, 22, F7, ...] .text C:\Windows\System32\rundll32.exe[4576] C:\WINDOWS\SYSTEM32\sechost.dll!OpenServiceA 00007fff29e0a830 12 bytes [48, B8, 68, 39, 31, 22, F7, ...] .text C:\Windows\System32\rundll32.exe[4576] C:\WINDOWS\SYSTEM32\sechost.dll!ControlService + 1 00007fff29e0ae11 11 bytes [B8, C0, 3B, 31, 22, F7, 7F, ...] .text C:\Windows\System32\rundll32.exe[4576] C:\WINDOWS\SYSTEM32\sechost.dll!ControlServiceExW + 1 00007fff29e0ed61 11 bytes [B8, 2A, 3B, 31, 22, F7, 7F, ...] .text C:\Windows\System32\rundll32.exe[4576] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW + 1 00007fff29e24021 11 bytes [B8, 82, 3D, 31, 22, F7, 7F, ...] .text C:\Windows\System32\rundll32.exe[4576] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService + 1 00007fff29e2a1a1 11 bytes [B8, 56, 3C, 31, 22, F7, 7F, ...] .text C:\Windows\System32\rundll32.exe[4576] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA + 1 00007fff29e2de41 11 bytes [B8, EC, 3C, 31, 22, F7, 7F, ...] .text C:\Windows\System32\rundll32.exe[4576] C:\WINDOWS\SYSTEM32\sechost.dll!ControlServiceExA + 1 00007fff29e3ddf1 11 bytes [B8, 94, 3A, 31, 22, F7, 7F, ...] .text C:\Windows\System32\rundll32.exe[4576] C:\WINDOWS\system32\ADVAPI32.dll!CryptExportKey + 161 00007fff29d52141 11 bytes [B8, C8, 42, 31, 22, F7, 7F, ...] .text C:\Windows\System32\rundll32.exe[4576] C:\WINDOWS\system32\ADVAPI32.dll!EnableTrace + 65 00007fff29d5b931 11 bytes [B8, 32, 42, 31, 22, F7, 7F, ...] .text C:\Windows\System32\rundll32.exe[4576] C:\WINDOWS\system32\ADVAPI32.dll!RegisterServiceCtrlHandlerExA + 769 00007fff29da2671 11 bytes [B8, B6, 45, 31, 22, F7, 7F, ...] .text C:\Windows\System32\rundll32.exe[4576] C:\WINDOWS\system32\ADVAPI32.dll!RegisterServiceCtrlHandlerExA + 801 00007fff29da2691 11 bytes [B8, 20, 45, 31, 22, F7, 7F, ...] .text C:\Windows\System32\rundll32.exe[4576] C:\WINDOWS\system32\ADVAPI32.dll!CreateServiceA 00007fff29dadd30 12 bytes [48, B8, 06, 41, 31, 22, F7, ...] .text C:\Windows\System32\rundll32.exe[4576] C:\WINDOWS\system32\ADVAPI32.dll!CreateServiceW 00007fff29daddc0 12 bytes [48, B8, 9C, 41, 31, 22, F7, ...] .text C:\Windows\System32\rundll32.exe[4576] C:\WINDOWS\system32\SHELL32.dll!Shell_NotifyIconW + 1 00007fff286b6591 11 bytes [B8, 78, 47, 31, 22, F7, 7F, ...] .text C:\Windows\System32\rundll32.exe[4576] C:\WINDOWS\system32\WS2_32.dll!closesocket 00007fff28212210 12 bytes [48, B8, 92, 4B, 31, 22, F7, ...] .text C:\Windows\System32\rundll32.exe[4576] C:\WINDOWS\system32\WS2_32.dll!WSASocketW 00007fff28212600 12 bytes [48, B8, FC, 4A, 31, 22, F7, ...] .text C:\Windows\System32\rundll32.exe[4576] C:\WINDOWS\system32\WS2_32.dll!socket + 1 00007fff28212971 11 bytes [B8, BE, 4C, 31, 22, F7, 7F, ...] .text C:\Windows\System32\rundll32.exe[4576] C:\WINDOWS\system32\WS2_32.dll!GetAddrInfoW 00007fff28213400 12 bytes [48, B8, A4, 48, 31, 22, F7, ...] .text C:\Windows\System32\rundll32.exe[4576] C:\WINDOWS\system32\WS2_32.dll!GetAddrInfoExW 00007fff28219e10 12 bytes [48, B8, 3A, 49, 31, 22, F7, ...] .text C:\Windows\System32\rundll32.exe[4576] C:\WINDOWS\system32\WS2_32.dll!recv + 1 00007fff2821f6c1 11 bytes [B8, EA, 4D, 31, 22, F7, 7F, ...] .text C:\Windows\System32\rundll32.exe[4576] C:\WINDOWS\system32\WS2_32.dll!WSASend + 1 00007fff2821fa21 11 bytes [B8, 28, 4C, 31, 22, F7, 7F, ...] .text C:\Windows\System32\rundll32.exe[4576] C:\WINDOWS\system32\WS2_32.dll!WSARecv + 1 00007fff2821fc01 11 bytes [B8, 80, 4E, 31, 22, F7, 7F, ...] .text C:\Windows\System32\rundll32.exe[4576] C:\WINDOWS\system32\WS2_32.dll!connect 00007fff282201d0 12 bytes [48, B8, 0E, 48, 31, 22, F7, ...] .text C:\Windows\System32\rundll32.exe[4576] C:\WINDOWS\system32\WS2_32.dll!send + 1 00007fff28223d31 11 bytes [B8, 66, 4A, 31, 22, F7, 7F, ...] .text C:\Windows\System32\rundll32.exe[4576] C:\WINDOWS\system32\WS2_32.dll!WSAConnect + 1 00007fff282269a1 11 bytes [B8, 54, 4D, 31, 22, F7, 7F, ...] .text C:\Windows\System32\rundll32.exe[4576] C:\WINDOWS\system32\WS2_32.dll!gethostbyname + 1 00007fff282355c1 11 bytes [B8, D0, 49, 31, 22, F7, 7F, ...] .text C:\Windows\System32\rundll32.exe[4576] C:\WINDOWS\SYSTEM32\urlmon.dll!URLDownloadToCacheFileW 00007fff25000560 12 bytes [48, B8, AC, 4F, 31, 22, F7, ...] .text C:\Windows\System32\rundll32.exe[4576] C:\WINDOWS\SYSTEM32\urlmon.dll!URLDownloadToFileW + 1 00007fff25001121 11 bytes [B8, 16, 4F, 31, 22, F7, 7F, ...] .text C:\WINDOWS\system32\wbem\unsecapp.exe[4624] C:\WINDOWS\system32\KERNEL32.DLL!CreateToolhelp32Snapshot 00007fff284edb10 12 bytes [48, B8, 1E, 08, 6E, A3, F6, ...] .text C:\WINDOWS\system32\wbem\unsecapp.exe[4624] C:\WINDOWS\system32\KERNEL32.DLL!Process32NextW 00007fff284ee1f0 12 bytes [48, B8, 02, 15, 6E, A3, F6, ...] .text C:\WINDOWS\system32\wbem\unsecapp.exe[4624] C:\WINDOWS\system32\KERNEL32.DLL!GetStartupInfoA + 1 00007fff285834b1 11 bytes [B8, 8E, 1F, 6E, A3, F6, 7F, ...] .text C:\WINDOWS\system32\wbem\unsecapp.exe[4624] C:\WINDOWS\system32\KERNEL32.DLL!MoveFileExA + 1 00007fff285aaba1 8 bytes [B8, F0, 17, 6E, A3, F6, 7F, ...] .text C:\WINDOWS\system32\wbem\unsecapp.exe[4624] C:\WINDOWS\system32\KERNEL32.DLL!MoveFileExA + 10 00007fff285aabaa 2 bytes [50, C3] .text C:\WINDOWS\system32\wbem\unsecapp.exe[4624] C:\WINDOWS\system32\KERNEL32.DLL!MoveFileWithProgressA + 1 00007fff285aaca1 11 bytes [B8, 1C, 19, 6E, A3, F6, 7F, ...] .text C:\WINDOWS\system32\wbem\unsecapp.exe[4624] C:\WINDOWS\system32\KERNELBASE.dll!CloseHandle 00007fff27a914c0 12 bytes [48, B8, CE, 0C, 6E, A3, F6, ...] .text C:\WINDOWS\system32\wbem\unsecapp.exe[4624] C:\WINDOWS\system32\KERNELBASE.dll!FreeLibrary + 1 00007fff27a921d1 11 bytes [B8, D6, 13, 6E, A3, F6, 7F, ...] .text C:\WINDOWS\system32\wbem\unsecapp.exe[4624] C:\WINDOWS\system32\KERNELBASE.dll!GetProcAddress 00007fff27a942a0 12 bytes [48, B8, 6C, 14, 6E, A3, F6, ...] .text C:\WINDOWS\system32\wbem\unsecapp.exe[4624] C:\WINDOWS\system32\KERNELBASE.dll!CreateMutexW 00007fff27a96750 12 bytes [48, B8, 38, 0C, 6E, A3, F6, ...] .text C:\WINDOWS\system32\wbem\unsecapp.exe[4624] C:\WINDOWS\system32\KERNELBASE.dll!OpenThread 00007fff27a96780 12 bytes [48, B8, E0, 09, 6E, A3, F6, ...] .text C:\WINDOWS\system32\wbem\unsecapp.exe[4624] C:\WINDOWS\system32\KERNELBASE.dll!OpenMutexW + 1 00007fff27a98931 11 bytes [B8, A2, 0B, 6E, A3, F6, 7F, ...] .text C:\WINDOWS\system32\wbem\unsecapp.exe[4624] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW + 1 00007fff27a98c41 11 bytes [B8, 40, 13, 6E, A3, F6, 7F, ...] .text C:\WINDOWS\system32\wbem\unsecapp.exe[4624] C:\WINDOWS\system32\KERNELBASE.dll!FindClose + 1 00007fff27a99101 11 bytes [B8, F8, 1E, 6E, A3, F6, 7F, ...] .text C:\WINDOWS\system32\wbem\unsecapp.exe[4624] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExA + 1 00007fff27a996b1 11 bytes [B8, AA, 12, 6E, A3, F6, 7F, ...] .text C:\WINDOWS\system32\wbem\unsecapp.exe[4624] C:\WINDOWS\system32\KERNELBASE.dll!DeleteFileW + 1 00007fff27a9ab21 11 bytes [B8, 74, 1B, 6E, A3, F6, 7F, ...] .text C:\WINDOWS\system32\wbem\unsecapp.exe[4624] C:\WINDOWS\system32\KERNELBASE.dll!FindFirstFileExW 00007fff27a9c390 12 bytes [48, B8, CC, 1D, 6E, A3, F6, ...] .text C:\WINDOWS\system32\wbem\unsecapp.exe[4624] C:\WINDOWS\system32\KERNELBASE.dll!FindNextFileW + 1 00007fff27a9f901 11 bytes [B8, 62, 1E, 6E, A3, F6, 7F, ...] .text C:\WINDOWS\system32\wbem\unsecapp.exe[4624] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileWithProgressW + 1 00007fff27aa2121 11 bytes [B8, B2, 19, 6E, A3, F6, 7F, ...] .text C:\WINDOWS\system32\wbem\unsecapp.exe[4624] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW 00007fff27acfcf0 12 bytes [48, B8, 9A, 04, 6E, A3, F6, ...] .text C:\WINDOWS\system32\wbem\unsecapp.exe[4624] C:\WINDOWS\system32\KERNELBASE.dll!DeleteFileA 00007fff27ad10e0 12 bytes [48, B8, 0A, 1C, 6E, A3, F6, ...] .text C:\WINDOWS\system32\wbem\unsecapp.exe[4624] C:\WINDOWS\system32\KERNELBASE.dll!WriteProcessMemory + 1 00007fff27aea6c1 11 bytes [B8, 0C, 0B, 6E, A3, F6, 7F, ...] .text C:\WINDOWS\system32\wbem\unsecapp.exe[4624] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileExW + 1 00007fff27aedb51 8 bytes [B8, 86, 18, 6E, A3, F6, 7F, ...] .text C:\WINDOWS\system32\wbem\unsecapp.exe[4624] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileExW + 10 00007fff27aedb5a 2 bytes [50, C3] .text C:\WINDOWS\system32\wbem\unsecapp.exe[4624] C:\WINDOWS\system32\KERNELBASE.dll!DefineDosDeviceW + 1 00007fff27b0a0e1 11 bytes [B8, 5A, 17, 6E, A3, F6, 7F, ...] .text C:\WINDOWS\system32\wbem\unsecapp.exe[4624] C:\WINDOWS\system32\KERNELBASE.dll!CreateThread 00007fff27b0a4f0 12 bytes [48, B8, 76, 0A, 6E, A3, F6, ...] .text C:\WINDOWS\system32\wbem\unsecapp.exe[4624] C:\WINDOWS\system32\KERNELBASE.dll!ReadConsoleInputA + 1 00007fff27b5fae1 11 bytes [B8, FA, 0D, 6E, A3, F6, 7F, ...] .text C:\WINDOWS\system32\wbem\unsecapp.exe[4624] C:\WINDOWS\system32\KERNELBASE.dll!ReadConsoleInputW + 1 00007fff27b5fb61 11 bytes [B8, 90, 0E, 6E, A3, F6, 7F, ...] .text C:\WINDOWS\system32\wbem\unsecapp.exe[4624] C:\WINDOWS\system32\KERNELBASE.dll!ReadConsoleA 00007fff27b60610 12 bytes [48, B8, 26, 0F, 6E, A3, F6, ...] .text C:\WINDOWS\system32\wbem\unsecapp.exe[4624] C:\WINDOWS\system32\KERNELBASE.dll!ReadConsoleW 00007fff27b60840 12 bytes [48, B8, BC, 0F, 6E, A3, F6, ...] .text C:\WINDOWS\system32\wbem\unsecapp.exe[4624] C:\WINDOWS\system32\KERNELBASE.dll!CreateRemoteThread 00007fff27b70f50 12 bytes [48, B8, AC, 01, 6E, A3, F6, ...] .text C:\WINDOWS\system32\wbem\unsecapp.exe[4624] C:\WINDOWS\SYSTEM32\sechost.dll!CloseServiceHandle + 1 00007fff29e047a1 11 bytes [B8, 84, 29, 6E, A3, F6, 7F, ...] .text C:\WINDOWS\system32\wbem\unsecapp.exe[4624] C:\WINDOWS\SYSTEM32\sechost.dll!OpenServiceW 00007fff29e04d10 12 bytes [48, B8, 6A, 25, 6E, A3, F6, ...] .text C:\WINDOWS\system32\wbem\unsecapp.exe[4624] C:\WINDOWS\SYSTEM32\sechost.dll!OpenServiceA 00007fff29e0a830 12 bytes [48, B8, D4, 24, 6E, A3, F6, ...] .text C:\WINDOWS\system32\wbem\unsecapp.exe[4624] C:\WINDOWS\SYSTEM32\sechost.dll!ControlService + 1 00007fff29e0ae11 11 bytes [B8, 2C, 27, 6E, A3, F6, 7F, ...] .text C:\WINDOWS\system32\wbem\unsecapp.exe[4624] C:\WINDOWS\SYSTEM32\sechost.dll!ControlServiceExW + 1 00007fff29e0ed61 11 bytes [B8, 96, 26, 6E, A3, F6, 7F, ...] .text C:\WINDOWS\system32\wbem\unsecapp.exe[4624] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW + 1 00007fff29e24021 11 bytes [B8, EE, 28, 6E, A3, F6, 7F, ...] .text C:\WINDOWS\system32\wbem\unsecapp.exe[4624] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService + 1 00007fff29e2a1a1 11 bytes [B8, C2, 27, 6E, A3, F6, 7F, ...] .text C:\WINDOWS\system32\wbem\unsecapp.exe[4624] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA + 1 00007fff29e2de41 11 bytes [B8, 58, 28, 6E, A3, F6, 7F, ...] .text C:\WINDOWS\system32\wbem\unsecapp.exe[4624] C:\WINDOWS\SYSTEM32\sechost.dll!ControlServiceExA + 1 00007fff29e3ddf1 11 bytes [B8, 00, 26, 6E, A3, F6, 7F, ...] .text C:\WINDOWS\system32\wbem\unsecapp.exe[4624] C:\WINDOWS\system32\WS2_32.dll!closesocket 00007fff28212210 12 bytes [48, B8, 9E, 2D, 6E, A3, F6, ...] .text C:\WINDOWS\system32\wbem\unsecapp.exe[4624] C:\WINDOWS\system32\WS2_32.dll!WSASocketW 00007fff28212600 12 bytes [48, B8, 08, 2D, 6E, A3, F6, ...] .text C:\WINDOWS\system32\wbem\unsecapp.exe[4624] C:\WINDOWS\system32\WS2_32.dll!socket + 1 00007fff28212971 11 bytes [B8, CA, 2E, 6E, A3, F6, 7F, ...] .text C:\WINDOWS\system32\wbem\unsecapp.exe[4624] C:\WINDOWS\system32\WS2_32.dll!GetAddrInfoW 00007fff28213400 12 bytes [48, B8, B0, 2A, 6E, A3, F6, ...] .text C:\WINDOWS\system32\wbem\unsecapp.exe[4624] C:\WINDOWS\system32\WS2_32.dll!GetAddrInfoExW 00007fff28219e10 12 bytes [48, B8, 46, 2B, 6E, A3, F6, ...] .text C:\WINDOWS\system32\wbem\unsecapp.exe[4624] C:\WINDOWS\system32\WS2_32.dll!recv + 1 00007fff2821f6c1 11 bytes [B8, F6, 2F, 6E, A3, F6, 7F, ...] .text C:\WINDOWS\system32\wbem\unsecapp.exe[4624] C:\WINDOWS\system32\WS2_32.dll!WSASend + 1 00007fff2821fa21 11 bytes [B8, 34, 2E, 6E, A3, F6, 7F, ...] .text C:\WINDOWS\system32\wbem\unsecapp.exe[4624] C:\WINDOWS\system32\WS2_32.dll!WSARecv + 1 00007fff2821fc01 11 bytes [B8, 8C, 30, 6E, A3, F6, 7F, ...] .text C:\WINDOWS\system32\wbem\unsecapp.exe[4624] C:\WINDOWS\system32\WS2_32.dll!connect 00007fff282201d0 12 bytes [48, B8, 1A, 2A, 6E, A3, F6, ...] .text C:\WINDOWS\system32\wbem\unsecapp.exe[4624] C:\WINDOWS\system32\WS2_32.dll!send + 1 00007fff28223d31 11 bytes [B8, 72, 2C, 6E, A3, F6, 7F, ...] .text C:\WINDOWS\system32\wbem\unsecapp.exe[4624] C:\WINDOWS\system32\WS2_32.dll!WSAConnect + 1 00007fff282269a1 11 bytes [B8, 60, 2F, 6E, A3, F6, 7F, ...] .text C:\WINDOWS\system32\wbem\unsecapp.exe[4624] C:\WINDOWS\system32\WS2_32.dll!gethostbyname + 1 00007fff282355c1 11 bytes [B8, DC, 2B, 6E, A3, F6, 7F, ...] .text C:\WINDOWS\system32\wbem\unsecapp.exe[4624] C:\WINDOWS\SYSTEM32\user32.dll!ShowWindow 00007fff2a6011b0 12 bytes [48, B8, 56, 3A, 6E, A3, F6, ...] .text C:\WINDOWS\system32\wbem\unsecapp.exe[4624] C:\WINDOWS\SYSTEM32\user32.dll!UnhookWindowsHookEx 00007fff2a601210 12 bytes [48, B8, 94, 38, 6E, A3, F6, ...] .text C:\WINDOWS\system32\wbem\unsecapp.exe[4624] C:\WINDOWS\SYSTEM32\user32.dll!GetMessageW 00007fff2a602660 12 bytes [48, B8, 3C, 36, 6E, A3, F6, ...] .text C:\WINDOWS\system32\wbem\unsecapp.exe[4624] C:\WINDOWS\SYSTEM32\user32.dll!PeekMessageW + 1 00007fff2a602981 11 bytes [B8, 68, 37, 6E, A3, F6, 7F, ...] .text C:\WINDOWS\system32\wbem\unsecapp.exe[4624] C:\WINDOWS\SYSTEM32\user32.dll!GetWindowLongPtrW + 1 00007fff2a602b31 11 bytes [B8, 5E, 41, 6E, A3, F6, 7F, ...] .text C:\WINDOWS\system32\wbem\unsecapp.exe[4624] C:\WINDOWS\SYSTEM32\user32.dll!CallNextHookEx 00007fff2a602ee0 12 bytes [48, B8, FE, 37, 6E, A3, F6, ...] .text C:\WINDOWS\system32\wbem\unsecapp.exe[4624] C:\WINDOWS\SYSTEM32\user32.dll!GetWindowLongPtrA + 1 00007fff2a6043f1 11 bytes [B8, C8, 40, 6E, A3, F6, 7F, ...] .text C:\WINDOWS\system32\wbem\unsecapp.exe[4624] C:\WINDOWS\SYSTEM32\user32.dll!GetMessageA + 1 00007fff2a606181 11 bytes [B8, A6, 35, 6E, A3, F6, 7F, ...] .text C:\WINDOWS\system32\wbem\unsecapp.exe[4624] C:\WINDOWS\SYSTEM32\user32.dll!SetWindowsHookExW + 1 00007fff2a606381 7 bytes [B8, 7A, 34, 6E, A3, F6, 7F] .text C:\WINDOWS\system32\wbem\unsecapp.exe[4624] C:\WINDOWS\SYSTEM32\user32.dll!SetWindowsHookExW + 9 00007fff2a606389 3 bytes [00, 50, C3] .text C:\WINDOWS\system32\wbem\unsecapp.exe[4624] C:\WINDOWS\SYSTEM32\user32.dll!CreateWindowExW 00007fff2a606d80 8 bytes [48, B8, 2A, 39, 6E, A3, F6, ...] .text C:\WINDOWS\system32\wbem\unsecapp.exe[4624] C:\WINDOWS\SYSTEM32\user32.dll!CreateWindowExW + 10 00007fff2a606d8a 2 bytes [50, C3] .text C:\WINDOWS\system32\wbem\unsecapp.exe[4624] C:\WINDOWS\SYSTEM32\user32.dll!GetWindowLongA 00007fff2a609970 12 bytes [48, B8, F4, 41, 6E, A3, F6, ...] .text C:\WINDOWS\system32\wbem\unsecapp.exe[4624] C:\WINDOWS\SYSTEM32\user32.dll!CreateWindowExA 00007fff2a60ab20 8 bytes [48, B8, C0, 39, 6E, A3, F6, ...] .text C:\WINDOWS\system32\wbem\unsecapp.exe[4624] C:\WINDOWS\SYSTEM32\user32.dll!CreateWindowExA + 10 00007fff2a60ab2a 2 bytes [50, C3] .text C:\WINDOWS\system32\wbem\unsecapp.exe[4624] C:\WINDOWS\SYSTEM32\user32.dll!GetWindowLongW + 1 00007fff2a60b041 11 bytes [B8, 8A, 42, 6E, A3, F6, 7F, ...] .text C:\WINDOWS\system32\wbem\unsecapp.exe[4624] C:\WINDOWS\SYSTEM32\user32.dll!SendNotifyMessageW + 1 00007fff2a60b7e1 11 bytes [B8, B6, 45, 6E, A3, F6, 7F, ...] .text C:\WINDOWS\system32\wbem\unsecapp.exe[4624] C:\WINDOWS\SYSTEM32\user32.dll!SetWindowTextW + 1 00007fff2a60dc61 11 bytes [B8, DA, 3D, 6E, A3, F6, 7F, ...] .text C:\WINDOWS\system32\wbem\unsecapp.exe[4624] C:\WINDOWS\SYSTEM32\user32.dll!PeekMessageA + 1 00007fff2a60e971 11 bytes [B8, D2, 36, 6E, A3, F6, 7F, ...] .text C:\WINDOWS\system32\wbem\unsecapp.exe[4624] C:\WINDOWS\SYSTEM32\user32.dll!UserClientDllInitialize + 1 00007fff2a60ecf1 11 bytes [B8, 22, 31, 6E, A3, F6, 7F, ...] .text C:\WINDOWS\system32\wbem\unsecapp.exe[4624] C:\WINDOWS\SYSTEM32\user32.dll!SetWinEventHook 00007fff2a615220 12 bytes [48, B8, 10, 35, 6E, A3, F6, ...] .text C:\WINDOWS\system32\wbem\unsecapp.exe[4624] C:\WINDOWS\SYSTEM32\user32.dll!FindWindowW + 1 00007fff2a619a71 7 bytes [B8, 9C, 3F, 6E, A3, F6, 7F] .text C:\WINDOWS\system32\wbem\unsecapp.exe[4624] C:\WINDOWS\SYSTEM32\user32.dll!FindWindowW + 9 00007fff2a619a79 3 bytes [00, 50, C3] .text C:\WINDOWS\system32\wbem\unsecapp.exe[4624] C:\WINDOWS\SYSTEM32\user32.dll!FindWindowExW + 1 00007fff2a61b6d1 11 bytes [B8, 32, 40, 6E, A3, F6, 7F, ...] .text C:\WINDOWS\system32\wbem\unsecapp.exe[4624] C:\WINDOWS\SYSTEM32\user32.dll!FindWindowExA + 1 00007fff2a61bc01 7 bytes [B8, 06, 3F, 6E, A3, F6, 7F] .text C:\WINDOWS\system32\wbem\unsecapp.exe[4624] C:\WINDOWS\SYSTEM32\user32.dll!FindWindowExA + 9 00007fff2a61bc09 3 bytes [00, 50, C3] .text C:\WINDOWS\system32\wbem\unsecapp.exe[4624] C:\WINDOWS\SYSTEM32\user32.dll!CreateDialogIndirectParamAorW + 1 00007fff2a61f8a1 11 bytes [B8, EC, 3A, 6E, A3, F6, 7F, ...] .text C:\WINDOWS\system32\wbem\unsecapp.exe[4624] C:\WINDOWS\SYSTEM32\user32.dll!DialogBoxIndirectParamAorW + 1 00007fff2a637751 11 bytes [B8, 82, 3B, 6E, A3, F6, 7F, ...] .text C:\WINDOWS\system32\wbem\unsecapp.exe[4624] C:\WINDOWS\SYSTEM32\user32.dll!SendNotifyMessageA + 1 00007fff2a63c5d1 11 bytes [B8, 20, 45, 6E, A3, F6, 7F, ...] .text C:\WINDOWS\system32\wbem\unsecapp.exe[4624] C:\WINDOWS\SYSTEM32\user32.dll!SetWindowsHookExA + 1 00007fff2a660ec1 8 bytes [B8, E4, 33, 6E, A3, F6, 7F, ...] .text C:\WINDOWS\system32\wbem\unsecapp.exe[4624] C:\WINDOWS\SYSTEM32\user32.dll!SetWindowsHookExA + 10 00007fff2a660eca 2 bytes [50, C3] .text C:\WINDOWS\system32\wbem\unsecapp.exe[4624] C:\WINDOWS\SYSTEM32\user32.dll!MessageBoxExA + 1 00007fff2a687d91 11 bytes [B8, 18, 3C, 6E, A3, F6, 7F, ...] .text C:\WINDOWS\system32\wbem\unsecapp.exe[4624] C:\WINDOWS\SYSTEM32\user32.dll!MessageBoxExW + 1 00007fff2a687dc1 11 bytes [B8, AE, 3C, 6E, A3, F6, 7F, ...] .text C:\WINDOWS\system32\wbem\unsecapp.exe[4624] C:\WINDOWS\SYSTEM32\user32.dll!SetWindowTextA + 1 00007fff2a6910b1 11 bytes [B8, 44, 3D, 6E, A3, F6, 7F, ...] .text C:\WINDOWS\system32\wbem\unsecapp.exe[4624] C:\WINDOWS\SYSTEM32\user32.dll!FindWindowA + 1 00007fff2a691501 11 bytes [B8, 70, 3E, 6E, A3, F6, 7F, ...] .text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4272] C:\WINDOWS\system32\KERNEL32.DLL!CreateToolhelp32Snapshot 00007fff284edb10 12 bytes [48, B8, 1E, 08, 6D, 07, F7, ...] .text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4272] C:\WINDOWS\system32\KERNEL32.DLL!Process32NextW 00007fff284ee1f0 12 bytes [48, B8, 02, 15, 6D, 07, F7, ...] .text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4272] C:\WINDOWS\system32\KERNEL32.DLL!GetStartupInfoA + 1 00007fff285834b1 11 bytes [B8, 8E, 1F, 6D, 07, F7, 7F, ...] .text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4272] C:\WINDOWS\system32\KERNEL32.DLL!MoveFileExA + 1 00007fff285aaba1 8 bytes [B8, F0, 17, 6D, 07, F7, 7F, ...] .text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4272] C:\WINDOWS\system32\KERNEL32.DLL!MoveFileExA + 10 00007fff285aabaa 2 bytes [50, C3] .text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4272] C:\WINDOWS\system32\KERNEL32.DLL!MoveFileWithProgressA + 1 00007fff285aaca1 11 bytes [B8, 1C, 19, 6D, 07, F7, 7F, ...] .text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4272] C:\WINDOWS\system32\KERNELBASE.dll!CloseHandle 00007fff27a914c0 12 bytes [48, B8, CE, 0C, 6D, 07, F7, ...] .text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4272] C:\WINDOWS\system32\KERNELBASE.dll!FreeLibrary + 1 00007fff27a921d1 11 bytes [B8, D6, 13, 6D, 07, F7, 7F, ...] .text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4272] C:\WINDOWS\system32\KERNELBASE.dll!GetProcAddress 00007fff27a942a0 12 bytes [48, B8, 6C, 14, 6D, 07, F7, ...] .text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4272] C:\WINDOWS\system32\KERNELBASE.dll!CreateMutexW 00007fff27a96750 12 bytes [48, B8, 38, 0C, 6D, 07, F7, ...] .text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4272] C:\WINDOWS\system32\KERNELBASE.dll!OpenThread 00007fff27a96780 12 bytes [48, B8, E0, 09, 6D, 07, F7, ...] .text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4272] C:\WINDOWS\system32\KERNELBASE.dll!OpenMutexW + 1 00007fff27a98931 11 bytes [B8, A2, 0B, 6D, 07, F7, 7F, ...] .text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4272] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW + 1 00007fff27a98c41 11 bytes [B8, 40, 13, 6D, 07, F7, 7F, ...] .text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4272] C:\WINDOWS\system32\KERNELBASE.dll!FindClose + 1 00007fff27a99101 11 bytes [B8, F8, 1E, 6D, 07, F7, 7F, ...] .text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4272] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExA + 1 00007fff27a996b1 11 bytes [B8, AA, 12, 6D, 07, F7, 7F, ...] .text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4272] C:\WINDOWS\system32\KERNELBASE.dll!DeleteFileW + 1 00007fff27a9ab21 11 bytes [B8, 74, 1B, 6D, 07, F7, 7F, ...] .text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4272] C:\WINDOWS\system32\KERNELBASE.dll!FindFirstFileExW 00007fff27a9c390 12 bytes [48, B8, CC, 1D, 6D, 07, F7, ...] .text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4272] C:\WINDOWS\system32\KERNELBASE.dll!FindNextFileW + 1 00007fff27a9f901 11 bytes [B8, 62, 1E, 6D, 07, F7, 7F, ...] .text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4272] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileWithProgressW + 1 00007fff27aa2121 11 bytes [B8, B2, 19, 6D, 07, F7, 7F, ...] .text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4272] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW 00007fff27acfcf0 12 bytes [48, B8, 9A, 04, 6D, 07, F7, ...] .text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4272] C:\WINDOWS\system32\KERNELBASE.dll!DeleteFileA 00007fff27ad10e0 12 bytes [48, B8, 0A, 1C, 6D, 07, F7, ...] .text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4272] C:\WINDOWS\system32\KERNELBASE.dll!WriteProcessMemory + 1 00007fff27aea6c1 11 bytes [B8, 0C, 0B, 6D, 07, F7, 7F, ...] .text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4272] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileExW + 1 00007fff27aedb51 8 bytes [B8, 86, 18, 6D, 07, F7, 7F, ...] .text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4272] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileExW + 10 00007fff27aedb5a 2 bytes [50, C3] .text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4272] C:\WINDOWS\system32\KERNELBASE.dll!DefineDosDeviceW + 1 00007fff27b0a0e1 11 bytes [B8, 5A, 17, 6D, 07, F7, 7F, ...] .text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4272] C:\WINDOWS\system32\KERNELBASE.dll!CreateThread 00007fff27b0a4f0 12 bytes [48, B8, 76, 0A, 6D, 07, F7, ...] .text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4272] C:\WINDOWS\system32\KERNELBASE.dll!ReadConsoleInputA + 1 00007fff27b5fae1 11 bytes [B8, FA, 0D, 6D, 07, F7, 7F, ...] .text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4272] C:\WINDOWS\system32\KERNELBASE.dll!ReadConsoleInputW + 1 00007fff27b5fb61 11 bytes [B8, 90, 0E, 6D, 07, F7, 7F, ...] .text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4272] C:\WINDOWS\system32\KERNELBASE.dll!ReadConsoleA 00007fff27b60610 12 bytes [48, B8, 26, 0F, 6D, 07, F7, ...] .text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4272] C:\WINDOWS\system32\KERNELBASE.dll!ReadConsoleW 00007fff27b60840 12 bytes [48, B8, BC, 0F, 6D, 07, F7, ...] .text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4272] C:\WINDOWS\system32\KERNELBASE.dll!CreateRemoteThread 00007fff27b70f50 12 bytes [48, B8, AC, 01, 6D, 07, F7, ...] .text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4272] C:\WINDOWS\system32\USER32.dll!ShowWindow 00007fff2a6011b0 12 bytes [48, B8, 9E, 2E, 6D, 07, F7, ...] .text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4272] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx 00007fff2a601210 12 bytes [48, B8, DC, 2C, 6D, 07, F7, ...] .text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4272] C:\WINDOWS\system32\USER32.dll!GetMessageW 00007fff2a602660 12 bytes [48, B8, 84, 2A, 6D, 07, F7, ...] .text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4272] C:\WINDOWS\system32\USER32.dll!PeekMessageW + 1 00007fff2a602981 11 bytes [B8, B0, 2B, 6D, 07, F7, 7F, ...] .text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4272] C:\WINDOWS\system32\USER32.dll!GetWindowLongPtrW + 1 00007fff2a602b31 11 bytes [B8, A6, 35, 6D, 07, F7, 7F, ...] .text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4272] C:\WINDOWS\system32\USER32.dll!CallNextHookEx 00007fff2a602ee0 12 bytes [48, B8, 46, 2C, 6D, 07, F7, ...] .text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4272] C:\WINDOWS\system32\USER32.dll!GetWindowLongPtrA + 1 00007fff2a6043f1 11 bytes [B8, 10, 35, 6D, 07, F7, 7F, ...] .text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4272] C:\WINDOWS\system32\USER32.dll!GetMessageA + 1 00007fff2a606181 11 bytes [B8, EE, 29, 6D, 07, F7, 7F, ...] .text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4272] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW + 1 00007fff2a606381 7 bytes [B8, C2, 28, 6D, 07, F7, 7F] .text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4272] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW + 9 00007fff2a606389 3 bytes [00, 50, C3] .text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4272] C:\WINDOWS\system32\USER32.dll!CreateWindowExW 00007fff2a606d80 8 bytes [48, B8, 72, 2D, 6D, 07, F7, ...] .text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4272] C:\WINDOWS\system32\USER32.dll!CreateWindowExW + 10 00007fff2a606d8a 2 bytes [50, C3] .text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4272] C:\WINDOWS\system32\USER32.dll!GetWindowLongA 00007fff2a609970 12 bytes [48, B8, 3C, 36, 6D, 07, F7, ...] .text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4272] C:\WINDOWS\system32\USER32.dll!CreateWindowExA 00007fff2a60ab20 8 bytes [48, B8, 08, 2E, 6D, 07, F7, ...] .text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4272] C:\WINDOWS\system32\USER32.dll!CreateWindowExA + 10 00007fff2a60ab2a 2 bytes [50, C3] .text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4272] C:\WINDOWS\system32\USER32.dll!GetWindowLongW + 1 00007fff2a60b041 11 bytes [B8, D2, 36, 6D, 07, F7, 7F, ...] .text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4272] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW + 1 00007fff2a60b7e1 11 bytes [B8, FE, 39, 6D, 07, F7, 7F, ...] .text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4272] C:\WINDOWS\system32\USER32.dll!SetWindowTextW + 1 00007fff2a60dc61 11 bytes [B8, 22, 32, 6D, 07, F7, 7F, ...] .text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4272] C:\WINDOWS\system32\USER32.dll!PeekMessageA + 1 00007fff2a60e971 11 bytes [B8, 1A, 2B, 6D, 07, F7, 7F, ...] .text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4272] C:\WINDOWS\system32\USER32.dll!UserClientDllInitialize + 1 00007fff2a60ecf1 11 bytes [B8, A8, 23, 6D, 07, F7, 7F, ...] .text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4272] C:\WINDOWS\system32\USER32.dll!SetWinEventHook 00007fff2a615220 12 bytes [48, B8, 58, 29, 6D, 07, F7, ...] .text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4272] C:\WINDOWS\system32\USER32.dll!FindWindowW + 1 00007fff2a619a71 7 bytes [B8, E4, 33, 6D, 07, F7, 7F] .text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4272] C:\WINDOWS\system32\USER32.dll!FindWindowW + 9 00007fff2a619a79 3 bytes [00, 50, C3] .text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4272] C:\WINDOWS\system32\USER32.dll!FindWindowExW + 1 00007fff2a61b6d1 11 bytes [B8, 7A, 34, 6D, 07, F7, 7F, ...] .text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4272] C:\WINDOWS\system32\USER32.dll!FindWindowExA + 1 00007fff2a61bc01 7 bytes [B8, 4E, 33, 6D, 07, F7, 7F] .text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4272] C:\WINDOWS\system32\USER32.dll!FindWindowExA + 9 00007fff2a61bc09 3 bytes [00, 50, C3] .text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4272] C:\WINDOWS\system32\USER32.dll!CreateDialogIndirectParamAorW + 1 00007fff2a61f8a1 11 bytes [B8, 34, 2F, 6D, 07, F7, 7F, ...] .text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4272] C:\WINDOWS\system32\USER32.dll!DialogBoxIndirectParamAorW + 1 00007fff2a637751 11 bytes [B8, CA, 2F, 6D, 07, F7, 7F, ...] .text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4272] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageA + 1 00007fff2a63c5d1 11 bytes [B8, 68, 39, 6D, 07, F7, 7F, ...] .text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4272] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA + 1 00007fff2a660ec1 8 bytes [B8, 2C, 28, 6D, 07, F7, 7F, ...] .text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4272] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA + 10 00007fff2a660eca 2 bytes [50, C3] .text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4272] C:\WINDOWS\system32\USER32.dll!MessageBoxExA + 1 00007fff2a687d91 11 bytes [B8, 60, 30, 6D, 07, F7, 7F, ...] .text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4272] C:\WINDOWS\system32\USER32.dll!MessageBoxExW + 1 00007fff2a687dc1 11 bytes [B8, F6, 30, 6D, 07, F7, 7F, ...] .text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4272] C:\WINDOWS\system32\USER32.dll!SetWindowTextA + 1 00007fff2a6910b1 11 bytes [B8, 8C, 31, 6D, 07, F7, 7F, ...] .text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4272] C:\WINDOWS\system32\USER32.dll!FindWindowA + 1 00007fff2a691501 11 bytes [B8, B8, 32, 6D, 07, F7, 7F, ...] .text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4272] C:\WINDOWS\system32\ADVAPI32.dll!CryptExportKey + 161 00007fff29d52141 11 bytes [B8, 9C, 41, 6D, 07, F7, 7F, ...] .text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4272] C:\WINDOWS\system32\ADVAPI32.dll!EnableTrace + 65 00007fff29d5b931 11 bytes [B8, 06, 41, 6D, 07, F7, 7F, ...] .text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4272] C:\WINDOWS\system32\ADVAPI32.dll!RegisterServiceCtrlHandlerExA + 769 00007fff29da2671 11 bytes [B8, 8A, 44, 6D, 07, F7, 7F, ...] .text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4272] C:\WINDOWS\system32\ADVAPI32.dll!RegisterServiceCtrlHandlerExA + 801 00007fff29da2691 11 bytes [B8, F4, 43, 6D, 07, F7, 7F, ...] .text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4272] C:\WINDOWS\system32\ADVAPI32.dll!CreateServiceA 00007fff29dadd30 12 bytes [48, B8, DA, 3F, 6D, 07, F7, ...] .text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4272] C:\WINDOWS\system32\ADVAPI32.dll!CreateServiceW 00007fff29daddc0 12 bytes [48, B8, 70, 40, 6D, 07, F7, ...] .text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4272] C:\WINDOWS\system32\SHELL32.dll!Shell_NotifyIconW + 1 00007fff286b6591 11 bytes [B8, 4C, 46, 6D, 07, F7, 7F, ...] .text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4272] C:\WINDOWS\SYSTEM32\sechost.dll!CloseServiceHandle + 1 00007fff29e047a1 11 bytes [B8, 44, 3F, 6D, 07, F7, 7F, ...] .text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4272] C:\WINDOWS\SYSTEM32\sechost.dll!OpenServiceW 00007fff29e04d10 12 bytes [48, B8, 2A, 3B, 6D, 07, F7, ...] .text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4272] C:\WINDOWS\SYSTEM32\sechost.dll!OpenServiceA 00007fff29e0a830 12 bytes [48, B8, 94, 3A, 6D, 07, F7, ...] .text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4272] C:\WINDOWS\SYSTEM32\sechost.dll!ControlService + 1 00007fff29e0ae11 1 byte [B8] .text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4272] C:\WINDOWS\SYSTEM32\sechost.dll!ControlService + 3 00007fff29e0ae13 9 bytes [3C, 6D, 07, F7, 7F, 00, 00, ...] .text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4272] C:\WINDOWS\SYSTEM32\sechost.dll!ControlServiceExW + 1 00007fff29e0ed61 11 bytes [B8, 56, 3C, 6D, 07, F7, 7F, ...] .text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4272] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW + 1 00007fff29e24021 11 bytes [B8, AE, 3E, 6D, 07, F7, 7F, ...] .text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4272] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService + 1 00007fff29e2a1a1 11 bytes [B8, 82, 3D, 6D, 07, F7, 7F, ...] .text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4272] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA + 1 00007fff29e2de41 11 bytes [B8, 18, 3E, 6D, 07, F7, 7F, ...] .text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4272] C:\WINDOWS\SYSTEM32\sechost.dll!ControlServiceExA + 1 00007fff29e3ddf1 11 bytes [B8, C0, 3B, 6D, 07, F7, 7F, ...] .text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4272] C:\WINDOWS\SYSTEM32\WINHTTP.dll!WinHttpCloseHandle + 1 00007fff24159781 11 bytes [B8, 0E, 48, 6D, 07, F7, 7F, ...] .text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4272] C:\WINDOWS\SYSTEM32\WINHTTP.dll!WinHttpOpenRequest 00007fff2416bce0 12 bytes [48, B8, 78, 47, 6D, 07, F7, ...] .text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4272] C:\WINDOWS\SYSTEM32\WINHTTP.dll!WinHttpConnect + 1 00007fff2416ce81 11 bytes [B8, A4, 48, 6D, 07, F7, 7F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2116] C:\WINDOWS\system32\KERNEL32.DLL!CreateToolhelp32Snapshot 00007fff284edb10 12 bytes [48, B8, 1E, 08, 06, DE, F7, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2116] C:\WINDOWS\system32\KERNEL32.DLL!GetStartupInfoA + 1 00007fff285834b1 11 bytes [B8, 02, 15, 06, DE, F7, 7F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2116] C:\WINDOWS\system32\KERNEL32.DLL!MoveFileExA + 1 00007fff285aaba1 8 bytes [B8, 26, 0F, 06, DE, F7, 7F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2116] C:\WINDOWS\system32\KERNEL32.DLL!MoveFileExA + 10 00007fff285aabaa 2 bytes [50, C3] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2116] C:\WINDOWS\system32\KERNEL32.DLL!MoveFileWithProgressA + 1 00007fff285aaca1 11 bytes [B8, 52, 10, 06, DE, F7, 7F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2116] C:\WINDOWS\system32\KERNELBASE.dll!OpenThread 00007fff27a96780 12 bytes [48, B8, E0, 09, 06, DE, F7, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2116] C:\WINDOWS\system32\KERNELBASE.dll!FindClose + 1 00007fff27a99101 11 bytes [B8, 6C, 14, 06, DE, F7, 7F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2116] C:\WINDOWS\system32\KERNELBASE.dll!DeleteFileW + 1 00007fff27a9ab21 11 bytes [B8, 14, 12, 06, DE, F7, 7F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2116] C:\WINDOWS\system32\KERNELBASE.dll!FindFirstFileExW 00007fff27a9c390 12 bytes [48, B8, 40, 13, 06, DE, F7, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2116] C:\WINDOWS\system32\KERNELBASE.dll!FindNextFileW + 1 00007fff27a9f901 11 bytes [B8, D6, 13, 06, DE, F7, 7F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2116] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileWithProgressW + 1 00007fff27aa2121 11 bytes [B8, E8, 10, 06, DE, F7, 7F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2116] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW 00007fff27acfcf0 12 bytes [48, B8, 9A, 04, 06, DE, F7, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2116] C:\WINDOWS\system32\KERNELBASE.dll!DeleteFileA 00007fff27ad10e0 12 bytes [48, B8, AA, 12, 06, DE, F7, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2116] C:\WINDOWS\system32\KERNELBASE.dll!WriteProcessMemory + 1 00007fff27aea6c1 11 bytes [B8, 0C, 0B, 06, DE, F7, 7F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2116] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileExW + 1 00007fff27aedb51 8 bytes [B8, BC, 0F, 06, DE, F7, 7F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2116] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileExW + 10 00007fff27aedb5a 2 bytes [50, C3] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2116] C:\WINDOWS\system32\KERNELBASE.dll!DefineDosDeviceW + 1 00007fff27b0a0e1 11 bytes [B8, 90, 0E, 06, DE, F7, 7F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2116] C:\WINDOWS\system32\KERNELBASE.dll!CreateThread 00007fff27b0a4f0 12 bytes [48, B8, 76, 0A, 06, DE, F7, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2116] C:\WINDOWS\system32\KERNELBASE.dll!CreateRemoteThread 00007fff27b70f50 12 bytes [48, B8, AC, 01, 06, DE, F7, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2116] C:\WINDOWS\system32\ADVAPI32.dll!CryptExportKey + 161 00007fff29d52141 11 bytes [B8, E6, 21, 06, DE, F7, 7F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2116] C:\WINDOWS\system32\ADVAPI32.dll!EnableTrace + 65 00007fff29d5b931 11 bytes [B8, 50, 21, 06, DE, F7, 7F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2116] C:\WINDOWS\system32\ADVAPI32.dll!RegisterServiceCtrlHandlerExA + 769 00007fff29da2671 11 bytes [B8, D4, 24, 06, DE, F7, 7F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2116] C:\WINDOWS\system32\ADVAPI32.dll!RegisterServiceCtrlHandlerExA + 801 00007fff29da2691 11 bytes [B8, 3E, 24, 06, DE, F7, 7F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2116] C:\WINDOWS\system32\ADVAPI32.dll!CreateServiceA 00007fff29dadd30 12 bytes [48, B8, 24, 20, 06, DE, F7, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2116] C:\WINDOWS\system32\ADVAPI32.dll!CreateServiceW 00007fff29daddc0 12 bytes [48, B8, BA, 20, 06, DE, F7, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2116] C:\WINDOWS\system32\USER32.dll!GetWindowLongPtrW + 1 00007fff2a602b31 11 bytes [B8, DC, 2C, 06, DE, F7, 7F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2116] C:\WINDOWS\system32\USER32.dll!GetWindowLongPtrA + 1 00007fff2a6043f1 11 bytes [B8, 46, 2C, 06, DE, F7, 7F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2116] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW + 1 00007fff2a606381 7 bytes [B8, C2, 28, 06, DE, F7, 7F] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2116] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW + 9 00007fff2a606389 3 bytes [00, 50, C3] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2116] C:\WINDOWS\system32\USER32.dll!GetWindowLongA 00007fff2a609970 12 bytes [48, B8, 72, 2D, 06, DE, F7, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2116] C:\WINDOWS\system32\USER32.dll!GetWindowLongW + 1 00007fff2a60b041 11 bytes [B8, 08, 2E, 06, DE, F7, 7F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2116] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW + 1 00007fff2a60b7e1 11 bytes [B8, 34, 31, 06, DE, F7, 7F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2116] C:\WINDOWS\system32\USER32.dll!UserClientDllInitialize + 1 00007fff2a60ecf1 11 bytes [B8, 1C, 19, 06, DE, F7, 7F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2116] C:\WINDOWS\system32\USER32.dll!SetWinEventHook 00007fff2a615220 12 bytes [48, B8, 58, 29, 06, DE, F7, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2116] C:\WINDOWS\system32\USER32.dll!FindWindowW + 1 00007fff2a619a71 7 bytes [B8, 1A, 2B, 06, DE, F7, 7F] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2116] C:\WINDOWS\system32\USER32.dll!FindWindowW + 9 00007fff2a619a79 3 bytes [00, 50, C3] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2116] C:\WINDOWS\system32\USER32.dll!FindWindowExW + 1 00007fff2a61b6d1 11 bytes [B8, B0, 2B, 06, DE, F7, 7F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2116] C:\WINDOWS\system32\USER32.dll!FindWindowExA + 1 00007fff2a61bc01 7 bytes [B8, 84, 2A, 06, DE, F7, 7F] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2116] C:\WINDOWS\system32\USER32.dll!FindWindowExA + 9 00007fff2a61bc09 3 bytes [00, 50, C3] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2116] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageA + 1 00007fff2a63c5d1 11 bytes [B8, 9E, 30, 06, DE, F7, 7F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2116] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA + 1 00007fff2a660ec1 8 bytes [B8, 2C, 28, 06, DE, F7, 7F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2116] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA + 10 00007fff2a660eca 2 bytes [50, C3] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2116] C:\WINDOWS\system32\USER32.dll!FindWindowA + 1 00007fff2a691501 11 bytes [B8, EE, 29, 06, DE, F7, 7F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2116] C:\WINDOWS\SYSTEM32\sechost.dll!CloseServiceHandle + 1 00007fff29e047a1 11 bytes [B8, 8E, 1F, 06, DE, F7, 7F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2116] C:\WINDOWS\SYSTEM32\sechost.dll!OpenServiceW 00007fff29e04d10 12 bytes [48, B8, 74, 1B, 06, DE, F7, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2116] C:\WINDOWS\SYSTEM32\sechost.dll!OpenServiceA 00007fff29e0a830 12 bytes [48, B8, DE, 1A, 06, DE, F7, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2116] C:\WINDOWS\SYSTEM32\sechost.dll!ControlService + 1 00007fff29e0ae11 11 bytes [B8, 36, 1D, 06, DE, F7, 7F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2116] C:\WINDOWS\SYSTEM32\sechost.dll!ControlServiceExW + 1 00007fff29e0ed61 11 bytes [B8, A0, 1C, 06, DE, F7, 7F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2116] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW + 1 00007fff29e24021 11 bytes [B8, F8, 1E, 06, DE, F7, 7F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2116] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService + 1 00007fff29e2a1a1 11 bytes [B8, CC, 1D, 06, DE, F7, 7F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2116] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA + 1 00007fff29e2de41 11 bytes [B8, 62, 1E, 06, DE, F7, 7F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2116] C:\WINDOWS\SYSTEM32\sechost.dll!ControlServiceExA + 1 00007fff29e3ddf1 11 bytes [B8, 0A, 1C, 06, DE, F7, 7F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2116] C:\WINDOWS\system32\GDI32.dll!GdiDllInitialize + 465 00007fff29b446a1 11 bytes [B8, 48, 1A, 06, DE, F7, 7F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2116] C:\WINDOWS\system32\GDI32.dll!NamedEscape + 1 00007fff29c13241 11 bytes [B8, 96, 27, 06, DE, F7, 7F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2424] C:\WINDOWS\system32\KERNEL32.DLL!CreateToolhelp32Snapshot 00007fff284edb10 12 bytes [48, B8, 1E, 08, 66, DE, F7, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2424] C:\WINDOWS\system32\KERNEL32.DLL!GetStartupInfoA + 1 00007fff285834b1 11 bytes [B8, 02, 15, 66, DE, F7, 7F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2424] C:\WINDOWS\system32\KERNEL32.DLL!MoveFileExA + 1 00007fff285aaba1 8 bytes [B8, 26, 0F, 66, DE, F7, 7F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2424] C:\WINDOWS\system32\KERNEL32.DLL!MoveFileExA + 10 00007fff285aabaa 2 bytes [50, C3] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2424] C:\WINDOWS\system32\KERNEL32.DLL!MoveFileWithProgressA + 1 00007fff285aaca1 11 bytes [B8, 52, 10, 66, DE, F7, 7F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2424] C:\WINDOWS\system32\KERNELBASE.dll!OpenThread 00007fff27a96780 12 bytes [48, B8, E0, 09, 66, DE, F7, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2424] C:\WINDOWS\system32\KERNELBASE.dll!FindClose + 1 00007fff27a99101 11 bytes [B8, 6C, 14, 66, DE, F7, 7F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2424] C:\WINDOWS\system32\KERNELBASE.dll!DeleteFileW + 1 00007fff27a9ab21 11 bytes [B8, 14, 12, 66, DE, F7, 7F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2424] C:\WINDOWS\system32\KERNELBASE.dll!FindFirstFileExW 00007fff27a9c390 12 bytes [48, B8, 40, 13, 66, DE, F7, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2424] C:\WINDOWS\system32\KERNELBASE.dll!FindNextFileW + 1 00007fff27a9f901 11 bytes [B8, D6, 13, 66, DE, F7, 7F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2424] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileWithProgressW + 1 00007fff27aa2121 11 bytes [B8, E8, 10, 66, DE, F7, 7F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2424] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW 00007fff27acfcf0 12 bytes [48, B8, 9A, 04, 66, DE, F7, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2424] C:\WINDOWS\system32\KERNELBASE.dll!DeleteFileA 00007fff27ad10e0 12 bytes [48, B8, AA, 12, 66, DE, F7, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2424] C:\WINDOWS\system32\KERNELBASE.dll!WriteProcessMemory + 1 00007fff27aea6c1 11 bytes [B8, 0C, 0B, 66, DE, F7, 7F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2424] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileExW + 1 00007fff27aedb51 8 bytes [B8, BC, 0F, 66, DE, F7, 7F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2424] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileExW + 10 00007fff27aedb5a 2 bytes [50, C3] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2424] C:\WINDOWS\system32\KERNELBASE.dll!DefineDosDeviceW + 1 00007fff27b0a0e1 11 bytes [B8, 90, 0E, 66, DE, F7, 7F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2424] C:\WINDOWS\system32\KERNELBASE.dll!CreateThread 00007fff27b0a4f0 12 bytes [48, B8, 76, 0A, 66, DE, F7, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2424] C:\WINDOWS\system32\KERNELBASE.dll!CreateRemoteThread 00007fff27b70f50 12 bytes [48, B8, AC, 01, 66, DE, F7, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2424] C:\WINDOWS\system32\ADVAPI32.dll!CryptExportKey + 161 00007fff29d52141 11 bytes [B8, E6, 21, 66, DE, F7, 7F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2424] C:\WINDOWS\system32\ADVAPI32.dll!EnableTrace + 65 00007fff29d5b931 11 bytes [B8, 50, 21, 66, DE, F7, 7F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2424] C:\WINDOWS\system32\ADVAPI32.dll!RegisterServiceCtrlHandlerExA + 769 00007fff29da2671 11 bytes [B8, D4, 24, 66, DE, F7, 7F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2424] C:\WINDOWS\system32\ADVAPI32.dll!RegisterServiceCtrlHandlerExA + 801 00007fff29da2691 11 bytes [B8, 3E, 24, 66, DE, F7, 7F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2424] C:\WINDOWS\system32\ADVAPI32.dll!CreateServiceA 00007fff29dadd30 12 bytes [48, B8, 24, 20, 66, DE, F7, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2424] C:\WINDOWS\system32\ADVAPI32.dll!CreateServiceW 00007fff29daddc0 12 bytes [48, B8, BA, 20, 66, DE, F7, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2424] C:\WINDOWS\system32\USER32.dll!GetWindowLongPtrW + 1 00007fff2a602b31 11 bytes [B8, DC, 2C, 66, DE, F7, 7F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2424] C:\WINDOWS\system32\USER32.dll!GetWindowLongPtrA + 1 00007fff2a6043f1 11 bytes [B8, 46, 2C, 66, DE, F7, 7F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2424] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW + 1 00007fff2a606381 7 bytes [B8, C2, 28, 66, DE, F7, 7F] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2424] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW + 9 00007fff2a606389 3 bytes [00, 50, C3] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2424] C:\WINDOWS\system32\USER32.dll!GetWindowLongA 00007fff2a609970 12 bytes [48, B8, 72, 2D, 66, DE, F7, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2424] C:\WINDOWS\system32\USER32.dll!GetWindowLongW + 1 00007fff2a60b041 11 bytes [B8, 08, 2E, 66, DE, F7, 7F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2424] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW + 1 00007fff2a60b7e1 11 bytes [B8, 34, 31, 66, DE, F7, 7F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2424] C:\WINDOWS\system32\USER32.dll!UserClientDllInitialize + 1 00007fff2a60ecf1 11 bytes [B8, 1C, 19, 66, DE, F7, 7F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2424] C:\WINDOWS\system32\USER32.dll!SetWinEventHook 00007fff2a615220 12 bytes [48, B8, 58, 29, 66, DE, F7, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2424] C:\WINDOWS\system32\USER32.dll!FindWindowW + 1 00007fff2a619a71 7 bytes [B8, 1A, 2B, 66, DE, F7, 7F] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2424] C:\WINDOWS\system32\USER32.dll!FindWindowW + 9 00007fff2a619a79 3 bytes [00, 50, C3] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2424] C:\WINDOWS\system32\USER32.dll!FindWindowExW + 1 00007fff2a61b6d1 11 bytes [B8, B0, 2B, 66, DE, F7, 7F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2424] C:\WINDOWS\system32\USER32.dll!FindWindowExA + 1 00007fff2a61bc01 7 bytes [B8, 84, 2A, 66, DE, F7, 7F] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2424] C:\WINDOWS\system32\USER32.dll!FindWindowExA + 9 00007fff2a61bc09 3 bytes [00, 50, C3] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2424] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageA + 1 00007fff2a63c5d1 11 bytes [B8, 9E, 30, 66, DE, F7, 7F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2424] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA + 1 00007fff2a660ec1 8 bytes [B8, 2C, 28, 66, DE, F7, 7F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2424] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA + 10 00007fff2a660eca 2 bytes [50, C3] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2424] C:\WINDOWS\system32\USER32.dll!FindWindowA + 1 00007fff2a691501 11 bytes [B8, EE, 29, 66, DE, F7, 7F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2424] C:\WINDOWS\SYSTEM32\sechost.dll!CloseServiceHandle + 1 00007fff29e047a1 11 bytes [B8, 8E, 1F, 66, DE, F7, 7F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2424] C:\WINDOWS\SYSTEM32\sechost.dll!OpenServiceW 00007fff29e04d10 12 bytes [48, B8, 74, 1B, 66, DE, F7, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2424] C:\WINDOWS\SYSTEM32\sechost.dll!OpenServiceA 00007fff29e0a830 12 bytes [48, B8, DE, 1A, 66, DE, F7, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2424] C:\WINDOWS\SYSTEM32\sechost.dll!ControlService + 1 00007fff29e0ae11 11 bytes [B8, 36, 1D, 66, DE, F7, 7F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2424] C:\WINDOWS\SYSTEM32\sechost.dll!ControlServiceExW + 1 00007fff29e0ed61 11 bytes [B8, A0, 1C, 66, DE, F7, 7F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2424] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW + 1 00007fff29e24021 11 bytes [B8, F8, 1E, 66, DE, F7, 7F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2424] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService + 1 00007fff29e2a1a1 11 bytes [B8, CC, 1D, 66, DE, F7, 7F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2424] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA + 1 00007fff29e2de41 11 bytes [B8, 62, 1E, 66, DE, F7, 7F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2424] C:\WINDOWS\SYSTEM32\sechost.dll!ControlServiceExA + 1 00007fff29e3ddf1 11 bytes [B8, 0A, 1C, 66, DE, F7, 7F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5412] C:\WINDOWS\system32\KERNEL32.DLL!CreateToolhelp32Snapshot 00007fff284edb10 12 bytes [48, B8, 1E, 08, 2E, DE, F7, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5412] C:\WINDOWS\system32\KERNEL32.DLL!GetStartupInfoA + 1 00007fff285834b1 11 bytes [B8, 02, 15, 2E, DE, F7, 7F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5412] C:\WINDOWS\system32\KERNEL32.DLL!MoveFileExA + 1 00007fff285aaba1 8 bytes [B8, 26, 0F, 2E, DE, F7, 7F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5412] C:\WINDOWS\system32\KERNEL32.DLL!MoveFileExA + 10 00007fff285aabaa 2 bytes [50, C3] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5412] C:\WINDOWS\system32\KERNEL32.DLL!MoveFileWithProgressA + 1 00007fff285aaca1 11 bytes [B8, 52, 10, 2E, DE, F7, 7F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5412] C:\WINDOWS\system32\KERNELBASE.dll!OpenThread 00007fff27a96780 12 bytes [48, B8, E0, 09, 2E, DE, F7, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5412] C:\WINDOWS\system32\KERNELBASE.dll!FindClose + 1 00007fff27a99101 11 bytes [B8, 6C, 14, 2E, DE, F7, 7F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5412] C:\WINDOWS\system32\KERNELBASE.dll!DeleteFileW + 1 00007fff27a9ab21 11 bytes [B8, 14, 12, 2E, DE, F7, 7F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5412] C:\WINDOWS\system32\KERNELBASE.dll!FindFirstFileExW 00007fff27a9c390 12 bytes [48, B8, 40, 13, 2E, DE, F7, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5412] C:\WINDOWS\system32\KERNELBASE.dll!FindNextFileW + 1 00007fff27a9f901 11 bytes [B8, D6, 13, 2E, DE, F7, 7F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5412] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileWithProgressW + 1 00007fff27aa2121 11 bytes [B8, E8, 10, 2E, DE, F7, 7F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5412] C:\WINDOWS\system32\KERNELBASE.dll!CreateProcessInternalW 00007fff27acfcf0 12 bytes [48, B8, 9A, 04, 2E, DE, F7, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5412] C:\WINDOWS\system32\KERNELBASE.dll!DeleteFileA 00007fff27ad10e0 12 bytes [48, B8, AA, 12, 2E, DE, F7, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5412] C:\WINDOWS\system32\KERNELBASE.dll!WriteProcessMemory + 1 00007fff27aea6c1 11 bytes [B8, 0C, 0B, 2E, DE, F7, 7F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5412] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileExW + 1 00007fff27aedb51 8 bytes [B8, BC, 0F, 2E, DE, F7, 7F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5412] C:\WINDOWS\system32\KERNELBASE.dll!MoveFileExW + 10 00007fff27aedb5a 2 bytes [50, C3] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5412] C:\WINDOWS\system32\KERNELBASE.dll!DefineDosDeviceW + 1 00007fff27b0a0e1 11 bytes [B8, 90, 0E, 2E, DE, F7, 7F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5412] C:\WINDOWS\system32\KERNELBASE.dll!CreateThread 00007fff27b0a4f0 12 bytes [48, B8, 76, 0A, 2E, DE, F7, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5412] C:\WINDOWS\system32\KERNELBASE.dll!CreateRemoteThread 00007fff27b70f50 12 bytes [48, B8, AC, 01, 2E, DE, F7, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5412] C:\WINDOWS\system32\ADVAPI32.dll!CryptExportKey + 161 00007fff29d52141 11 bytes [B8, E6, 21, 2E, DE, F7, 7F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5412] C:\WINDOWS\system32\ADVAPI32.dll!EnableTrace + 65 00007fff29d5b931 11 bytes [B8, 50, 21, 2E, DE, F7, 7F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5412] C:\WINDOWS\system32\ADVAPI32.dll!RegisterServiceCtrlHandlerExA + 769 00007fff29da2671 11 bytes [B8, D4, 24, 2E, DE, F7, 7F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5412] C:\WINDOWS\system32\ADVAPI32.dll!RegisterServiceCtrlHandlerExA + 801 00007fff29da2691 11 bytes [B8, 3E, 24, 2E, DE, F7, 7F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5412] C:\WINDOWS\system32\ADVAPI32.dll!CreateServiceA 00007fff29dadd30 12 bytes [48, B8, 24, 20, 2E, DE, F7, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5412] C:\WINDOWS\system32\ADVAPI32.dll!CreateServiceW 00007fff29daddc0 12 bytes [48, B8, BA, 20, 2E, DE, F7, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5412] C:\WINDOWS\system32\USER32.dll!GetWindowLongPtrW + 1 00007fff2a602b31 11 bytes [B8, DC, 2C, 2E, DE, F7, 7F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5412] C:\WINDOWS\system32\USER32.dll!GetWindowLongPtrA + 1 00007fff2a6043f1 11 bytes [B8, 46, 2C, 2E, DE, F7, 7F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5412] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW + 1 00007fff2a606381 7 bytes [B8, C2, 28, 2E, DE, F7, 7F] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5412] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW + 9 00007fff2a606389 3 bytes [00, 50, C3] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5412] C:\WINDOWS\system32\USER32.dll!GetWindowLongA 00007fff2a609970 12 bytes [48, B8, 72, 2D, 2E, DE, F7, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5412] C:\WINDOWS\system32\USER32.dll!GetWindowLongW + 1 00007fff2a60b041 11 bytes [B8, 08, 2E, 2E, DE, F7, 7F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5412] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageW + 1 00007fff2a60b7e1 11 bytes [B8, 34, 31, 2E, DE, F7, 7F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5412] C:\WINDOWS\system32\USER32.dll!UserClientDllInitialize + 1 00007fff2a60ecf1 11 bytes [B8, 1C, 19, 2E, DE, F7, 7F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5412] C:\WINDOWS\system32\USER32.dll!SetWinEventHook 00007fff2a615220 12 bytes [48, B8, 58, 29, 2E, DE, F7, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5412] C:\WINDOWS\system32\USER32.dll!FindWindowW + 1 00007fff2a619a71 7 bytes [B8, 1A, 2B, 2E, DE, F7, 7F] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5412] C:\WINDOWS\system32\USER32.dll!FindWindowW + 9 00007fff2a619a79 3 bytes [00, 50, C3] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5412] C:\WINDOWS\system32\USER32.dll!FindWindowExW + 1 00007fff2a61b6d1 11 bytes [B8, B0, 2B, 2E, DE, F7, 7F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5412] C:\WINDOWS\system32\USER32.dll!FindWindowExA + 1 00007fff2a61bc01 7 bytes [B8, 84, 2A, 2E, DE, F7, 7F] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5412] C:\WINDOWS\system32\USER32.dll!FindWindowExA + 9 00007fff2a61bc09 3 bytes [00, 50, C3] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5412] C:\WINDOWS\system32\USER32.dll!SendNotifyMessageA + 1 00007fff2a63c5d1 11 bytes [B8, 9E, 30, 2E, DE, F7, 7F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5412] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA + 1 00007fff2a660ec1 8 bytes [B8, 2C, 28, 2E, DE, F7, 7F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5412] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA + 10 00007fff2a660eca 2 bytes [50, C3] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5412] C:\WINDOWS\system32\USER32.dll!FindWindowA + 1 00007fff2a691501 11 bytes [B8, EE, 29, 2E, DE, F7, 7F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5412] C:\WINDOWS\SYSTEM32\sechost.dll!CloseServiceHandle + 1 00007fff29e047a1 11 bytes [B8, 8E, 1F, 2E, DE, F7, 7F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5412] C:\WINDOWS\SYSTEM32\sechost.dll!OpenServiceW 00007fff29e04d10 12 bytes [48, B8, 74, 1B, 2E, DE, F7, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5412] C:\WINDOWS\SYSTEM32\sechost.dll!OpenServiceA 00007fff29e0a830 12 bytes [48, B8, DE, 1A, 2E, DE, F7, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5412] C:\WINDOWS\SYSTEM32\sechost.dll!ControlService + 1 00007fff29e0ae11 11 bytes [B8, 36, 1D, 2E, DE, F7, 7F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5412] C:\WINDOWS\SYSTEM32\sechost.dll!ControlServiceExW + 1 00007fff29e0ed61 11 bytes [B8, A0, 1C, 2E, DE, F7, 7F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5412] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW + 1 00007fff29e24021 11 bytes [B8, F8, 1E, 2E, DE, F7, 7F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5412] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService + 1 00007fff29e2a1a1 11 bytes [B8, CC, 1D, 2E, DE, F7, 7F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5412] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA + 1 00007fff29e2de41 11 bytes [B8, 62, 1E, 2E, DE, F7, 7F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5412] C:\WINDOWS\SYSTEM32\sechost.dll!ControlServiceExA + 1 00007fff29e3ddf1 11 bytes [B8, 0A, 1C, 2E, DE, F7, 7F, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2096] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleInformation 00007fff284d3e10 7 bytes JMP 00007fff27a30260 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2096] C:\WINDOWS\system32\KERNEL32.DLL!RegQueryValueExW 00007fff284d3e20 7 bytes JMP 00007fff27a30298 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2096] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExW 00007fff285839b0 7 bytes JMP 00007fff27a30340 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2096] C:\WINDOWS\system32\KERNEL32.DLL!RegDeleteValueW 00007fff28583ef0 7 bytes JMP 00007fff27a302d0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2096] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExA 00007fff28583fe0 7 bytes JMP 00007fff27a30308 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2096] C:\WINDOWS\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007fff285b06c0 7 bytes JMP 00007fff27a301f0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2096] C:\WINDOWS\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007fff285b0730 7 bytes JMP 00007fff27a30228 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2096] C:\WINDOWS\system32\KERNELBASE.dll!FreeLibrary 00007fff27a921d0 5 bytes JMP 00007fff27a30180 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2096] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleW 00007fff27a929d0 7 bytes JMP 00007fff27a300d8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2096] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleExW 00007fff27a94310 5 bytes JMP 00007fff27a30110 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2096] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW 00007fff27a98c40 5 bytes JMP 00007fff27a30148 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2096] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleFileNameExW 00007fff27b0eb80 5 bytes JMP 00007fff27a301b8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2096] C:\WINDOWS\system32\USER32.dll!CreateWindowExW 00007fff2a606d80 10 bytes JMP 00007fff27a30458 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2096] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesW 00007fff2a6155c0 5 bytes JMP 00007fff27a303e8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2096] C:\WINDOWS\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007fff2a615680 9 bytes JMP 00007fff27a30378 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2096] C:\WINDOWS\system32\USER32.dll!ChangeDisplaySettingsExW 00007fff2a615850 5 bytes JMP 00007fff27a30420 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2096] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesA 00007fff2a61b080 5 bytes JMP 00007fff27a303b0 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2096] C:\WINDOWS\SYSTEM32\combase.dll!CoCreateInstance 00007fff29f7d050 7 bytes JMP 00007fff27a30500 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2096] C:\WINDOWS\SYSTEM32\combase.dll!CoSetProxyBlanket 00007fff29fab160 5 bytes JMP 00007fff27a30538 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2096] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007fff29b41500 1 byte JMP 00007fff27a30490 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2096] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007fff29b41502 6 bytes {JMP 0xfffffffffdeeef90} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2096] C:\WINDOWS\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007fff29b41750 8 bytes JMP 00007fff27a304c8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2096] C:\WINDOWS\SYSTEM32\d3d9.dll!Direct3DCreate9Ex 00007fff03d7ead0 5 bytes JMP 00007fff27a305a8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2096] C:\WINDOWS\SYSTEM32\d3d9.dll!Direct3DCreate9 00007fff03daeb90 6 bytes JMP 00007fff27a30570 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2096] C:\WINDOWS\SYSTEM32\dxgi.dll!CreateDXGIFactory 00007fff25497750 5 bytes JMP 00007fff252000d8 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2096] C:\WINDOWS\SYSTEM32\dxgi.dll!CreateDXGIFactory1 00007fff25498ee0 5 bytes JMP 00007fff25200110 .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2096] C:\WINDOWS\SYSTEM32\dxgi.dll!CreateDXGIFactory2 00007fff2549c650 5 bytes JMP 00007fff25200148 ---- User IAT/EAT - GMER 2.2 ---- IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3640] @ C:\WINDOWS\system32\SHELL32.dll[USER32.dll!RegisterClassW] [7fff2a78002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3640] @ C:\WINDOWS\system32\SHELL32.dll[GDI32.dll!GetStockObject] [7fff29e6006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3640] @ C:\WINDOWS\system32\USER32.dll[GDI32.dll!GdiDllInitialize] [7fff29e6002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3640] @ C:\WINDOWS\system32\USER32.dll[GDI32.dll!GetStockObject] [7fff29e6006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3640] @ C:\WINDOWS\system32\SHLWAPI.dll[USER32.dll!RegisterClassW] [7fff2a78002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3640] @ C:\WINDOWS\system32\SHLWAPI.dll[GDI32.dll!GetStockObject] [7fff29e6006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3640] @ C:\WINDOWS\system32\MSCTF.dll[GDI32.dll!GetStockObject] [7fff29e6006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3640] @ C:\WINDOWS\system32\ole32.dll[GDI32.dll!GetStockObject] [7fff29e6006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3640] @ C:\WINDOWS\system32\ole32.dll[USER32.dll!RegisterClassW] [7fff2a78002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3640] @ C:\WINDOWS\system32\COMDLG32.dll[USER32.dll!RegisterClassW] [7fff2a78002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3640] @ C:\WINDOWS\system32\COMDLG32.dll[GDI32.dll!GetStockObject] [7fff29e6006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3640] @ C:\WINDOWS\SYSTEM32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7fff05932348] C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3640] @ C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8\COMCTL32.dll[GDI32.dll!GetStockObject] [7fff29e6006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3640] @ C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8\COMCTL32.dll[USER32.dll!RegisterClassW] [7fff2a78002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2608] @ C:\WINDOWS\system32\SHELL32.dll[USER32.dll!RegisterClassW] [7fff2a78002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2608] @ C:\WINDOWS\system32\SHELL32.dll[GDI32.dll!GetStockObject] [7fff29e6006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2608] @ C:\WINDOWS\system32\USER32.dll[GDI32.dll!GdiDllInitialize] [7fff29e6002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2608] @ C:\WINDOWS\system32\USER32.dll[GDI32.dll!GetStockObject] [7fff29e6006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2608] @ C:\WINDOWS\system32\SHLWAPI.dll[USER32.dll!RegisterClassW] [7fff2a78002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2608] @ C:\WINDOWS\system32\SHLWAPI.dll[GDI32.dll!GetStockObject] [7fff29e6006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2608] @ C:\WINDOWS\system32\MSCTF.dll[GDI32.dll!GetStockObject] [7fff29e6006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2608] @ C:\WINDOWS\system32\ole32.dll[GDI32.dll!GetStockObject] [7fff29e6006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2608] @ C:\WINDOWS\system32\ole32.dll[USER32.dll!RegisterClassW] [7fff2a78002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2608] @ C:\WINDOWS\system32\COMDLG32.dll[USER32.dll!RegisterClassW] [7fff2a78002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2608] @ C:\WINDOWS\system32\COMDLG32.dll[GDI32.dll!GetStockObject] [7fff29e6006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2608] @ C:\WINDOWS\SYSTEM32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7fff05932348] C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2608] @ C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8\COMCTL32.dll[GDI32.dll!GetStockObject] [7fff29e6006c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2608] @ C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8\COMCTL32.dll[USER32.dll!RegisterClassW] [7fff2a78002c] IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3036] @ C:\WINDOWS\SYSTEM32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [7fff05932348] C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\chrome_child.dll IAT C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3036] @ C:\Users\KrzysztofN\AppData\Local\Google\Chrome\User Data\PepperFlash\25.0.0.127\pepflashplayer.dll[KERNEL32.dll!CreateNamedPipeW] [7fff2861002c] ---- Modules - GMER 2.2 ---- Module \??\C:\Users\KRZYSZ~1\AppData\Local\Temp\kxtyipob.sys (GMER) fffff801e362d000-fffff801e363d000 (65536 bytes) ---- Threads - GMER 2.2 ---- Thread C:\WINDOWS\system32\csrss.exe [680:704] fffff960009462d0 Thread C:\WINDOWS\Explorer.EXE [3160:296] 00007fff1db6e630 Thread C:\WINDOWS\Explorer.EXE [3160:4100] 00007fff1dfce630 Thread C:\WINDOWS\Explorer.EXE [3160:3280] 00007fff1dfce630 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed -1493571011 Reg HKLM\SYSTEM\CurrentControlSet\Services\BITS@Start 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\BITS Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\84a6c883ffda Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\84a6c883ffda@6c2779390c6a 0xDD 0x6F 0x8E 0xE6 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch 1255 Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@RwMask 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\1@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\1@RwMask 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\2@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\2@RwMask 0x64 0x62 0x03 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Taskband@FavoritesChanges 22 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}\iexplore@Count 22 ---- Disk sectors - GMER 2.2 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- Files - GMER 2.2 ---- File C:\Windows\WindowsUpdate.log 14720 bytes File C:\Windows\WinSxS\amd64_microsoft-windows-wow64_31bf3856ad364e35_6.3.9600.18474_none_58eecc56ab3e4cb5\ntvdm64.dll (size mismatch) 16896/12 bytes executable File C:\Windows\WinSxS\amd64_microsoft-windows-wow64_31bf3856ad364e35_6.3.9600.18474_none_58eecc56ab3e4cb5\wow64.dll (size mismatch) 285184/7189 bytes executable File C:\Windows\WinSxS\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.3.9600.18505_none_5d46179187d8803b\ntoskrnl.exe (size mismatch) 7444312/556591 bytes executable File C:\Windows\WinSxS\amd64_microsoft-windows-smbserver-common_31bf3856ad364e35_6.3.9600.18432_none_f4c8719ce3f78f31\srvnet.sys (size mismatch) 243712/12 bytes executable File C:\Windows\WinSxS\amd64_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.3.9600.18432_none_cae9acc3ca44104f\srv.sys (size mismatch) 416768/29171 bytes executable ---- EOF - GMER 2.2 ----