GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-08-12 23:44:39 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\0000005b WDC_WD32 rev.01.0 298,09GB Running: kq8okcvu.exe; Driver: C:\Users\Laure\AppData\Local\Temp\ugtiapob.sys ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff800031af000 45 bytes [3B, C6, 0F, 85, 8A, D5, 02, ...] INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575 fffff800031af02f 1 byte [44] ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Bitdefender\Bitdefender\vsserv.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077ce1570 6 bytes [48, B8, F0, 12, 7E, 01] .text C:\Program Files\Bitdefender\Bitdefender\vsserv.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 0000000077ce1578 4 bytes [00, 00, 50, C3] .text C:\Program Files\Bitdefender\Bitdefender\vsserv.exe[808] C:\Windows\system32\kernel32.dll!UnhandledExceptionFilter + 1 0000000077b0b7e1 11 bytes [B8, F0, 12, 76, 01, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000077cc92d1 5 bytes [B8, 39, 69, 64, 76] .text C:\Windows\system32\svchost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7 0000000077cc92d7 5 bytes [00, 00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 0000000077ce1330 6 bytes [48, B8, 79, EC, 64, 76] .text C:\Windows\system32\svchost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 0000000077ce1338 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077ce13a0 6 bytes [48, B8, B9, D5, 64, 76] .text C:\Windows\system32\svchost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 0000000077ce13a8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077ce1470 6 bytes [48, B8, 79, C2, 64, 76] .text C:\Windows\system32\svchost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 0000000077ce1478 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077ce1510 6 bytes [48, B8, F9, 32, 64, 76] .text C:\Windows\system32\svchost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000077ce1518 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077ce1530 6 bytes [48, B8, 39, 1C, 64, 76] .text C:\Windows\system32\svchost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000077ce1538 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000077ce1550 6 bytes [48, B8, F9, 1D, 64, 76] .text C:\Windows\system32\svchost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000077ce1558 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077ce1570 6 bytes [48, B8, B9, C0, 64, 76] .text C:\Windows\system32\svchost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 0000000077ce1578 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077ce1620 6 bytes [48, B8, F9, E8, 64, 76] .text C:\Windows\system32\svchost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 0000000077ce1628 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077ce1650 6 bytes [48, B8, 79, 2F, 64, 76] .text C:\Windows\system32\svchost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 0000000077ce1658 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077ce1670 6 bytes [48, B8, 79, 36, 64, 76] .text C:\Windows\system32\svchost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 0000000077ce1678 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077ce1700 6 bytes [48, B8, B9, 34, 64, 76] .text C:\Windows\system32\svchost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 0000000077ce1708 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077ce1750 6 bytes [48, B8, 39, EE, 64, 76] .text C:\Windows\system32\svchost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 0000000077ce1758 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000077ce1780 6 bytes [48, B8, 39, 2A, 64, 76] .text C:\Windows\system32\svchost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 0000000077ce1788 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077ce1790 6 bytes [48, B8, B9, 26, 64, 76] .text C:\Windows\system32\svchost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 0000000077ce1798 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077ce1800 6 bytes [48, B8, B9, EA, 64, 76] .text C:\Windows\system32\svchost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000077ce1808 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 0000000077ce18b0 6 bytes [48, B8, B9, F1, 64, 76] .text C:\Windows\system32\svchost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 0000000077ce18b8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077ce1c80 6 bytes [48, B8, 39, E7, 64, 76] .text C:\Windows\system32\svchost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 0000000077ce1c88 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000077ce1cd0 6 bytes [48, B8, 79, 28, 64, 76] .text C:\Windows\system32\svchost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 0000000077ce1cd8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077ce1d30 6 bytes [48, B8, F9, 24, 64, 76] .text C:\Windows\system32\svchost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 0000000077ce1d38 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077ce20a0 6 bytes [48, B8, 79, D7, 64, 76] .text C:\Windows\system32\svchost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 0000000077ce20a8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 0000000077ce25e0 6 bytes [48, B8, 79, 83, 64, 76] .text C:\Windows\system32\svchost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 0000000077ce25e8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077ce27e0 6 bytes [48, B8, 39, 31, 64, 76] .text C:\Windows\system32\svchost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 0000000077ce27e8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077ce29a0 6 bytes [48, B8, 39, D9, 64, 76] .text C:\Windows\system32\svchost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 0000000077ce29a8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077ce2a80 6 bytes [48, B8, 79, 3D, 64, 76] .text C:\Windows\system32\svchost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8 0000000077ce2a88 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077ce2a90 6 bytes [48, B8, B9, 3B, 64, 76] .text C:\Windows\system32\svchost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8 0000000077ce2a98 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077ce2aa0 6 bytes [48, B8, F9, EF, 64, 76] .text C:\Windows\system32\svchost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 0000000077ce2aa8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1412] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 0000000077d53201 11 bytes [B8, 39, 85, 64, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1412] C:\Windows\system32\kernel32.dll!Process32NextW + 1 0000000077a71b21 11 bytes [B8, F9, D3, 64, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1412] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 0000000077a71c10 12 bytes [48, B8, F9, 39, 64, 76, 00, ...] .text C:\Windows\system32\svchost.exe[1412] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000077a8db80 12 bytes [48, B8, B9, 2D, 64, 76, 00, ...] .text C:\Windows\system32\svchost.exe[1412] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 0000000077a90931 11 bytes [B8, 79, E5, 64, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1412] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 0000000077ac52f1 11 bytes [B8, B9, 7A, 64, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1412] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000077ac5311 11 bytes [B8, 39, 77, 64, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1412] C:\Windows\system32\kernel32.dll!ReadConsoleW 0000000077ada5e0 12 bytes [48, B8, B9, 81, 64, 76, 00, ...] .text C:\Windows\system32\svchost.exe[1412] C:\Windows\system32\kernel32.dll!ReadConsoleA 0000000077ada6f0 12 bytes [48, B8, 39, 7E, 64, 76, 00, ...] .text C:\Windows\system32\svchost.exe[1412] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefdc21861 11 bytes [B8, 79, 52, 64, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1412] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefdc22db1 11 bytes [B8, B9, C7, 64, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1412] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefdc23461 11 bytes [B8, 79, C9, 64, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1412] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdc28ef0 12 bytes [48, B8, F9, C5, 64, 76, 00, ...] .text C:\Windows\system32\svchost.exe[1412] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefdc294c0 12 bytes [48, B8, B9, 50, 64, 76, 00, ...] .text C:\Windows\system32\svchost.exe[1412] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefdc2bfd1 11 bytes [B8, 39, C4, 64, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1412] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefdc32af1 11 bytes [B8, F9, 4E, 64, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1412] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefdc54350 12 bytes [48, B8, B9, 42, 64, 76, 00, ...] .text C:\Windows\system32\svchost.exe[1412] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefdc62871 8 bytes [B8, 39, 23, 64, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1412] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefdc6287a 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[1412] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefdc628b1 11 bytes [B8, F9, 40, 64, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1412] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefefe642d 11 bytes [B8, 39, 5B, 64, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1412] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefefe6484 12 bytes [48, B8, F9, 55, 64, 76, 00, ...] .text C:\Windows\system32\svchost.exe[1412] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefefe6519 11 bytes [B8, 39, 62, 64, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1412] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefefe6c34 12 bytes [48, B8, 39, 54, 64, 76, 00, ...] .text C:\Windows\system32\svchost.exe[1412] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefefe7ab5 11 bytes [B8, F9, 5C, 64, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1412] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefefe8b01 11 bytes [B8, B9, 57, 64, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1412] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefefe8c39 11 bytes [B8, 79, 59, 64, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1412] C:\Windows\system32\WS2_32.dll!WSASend + 1 000007feff7013b1 11 bytes [B8, F9, BE, 64, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1412] C:\Windows\system32\WS2_32.dll!closesocket 000007feff7018e0 12 bytes [48, B8, 39, BD, 64, 76, 00, ...] .text C:\Windows\system32\svchost.exe[1412] C:\Windows\system32\WS2_32.dll!WSASocketW + 1 000007feff701bd1 11 bytes [B8, 79, BB, 64, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1412] C:\Windows\system32\WS2_32.dll!WSARecv + 1 000007feff702201 11 bytes [B8, F9, E1, 64, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1412] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 000007feff7023c0 12 bytes [48, B8, 79, A6, 64, 76, 00, ...] .text C:\Windows\system32\svchost.exe[1412] C:\Windows\system32\WS2_32.dll!connect 000007feff7045c0 12 bytes [48, B8, 79, 67, 64, 76, 00, ...] .text C:\Windows\system32\svchost.exe[1412] C:\Windows\system32\WS2_32.dll!send + 1 000007feff708001 11 bytes [B8, B9, B9, 64, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1412] C:\Windows\system32\WS2_32.dll!gethostbyname 000007feff708df0 7 bytes [48, B8, 39, A8, 64, 76, 00] .text C:\Windows\system32\svchost.exe[1412] C:\Windows\system32\WS2_32.dll!gethostbyname + 9 000007feff708df9 3 bytes [00, 50, C3] .text C:\Windows\system32\svchost.exe[1412] C:\Windows\system32\WS2_32.dll!socket + 1 000007feff70de91 11 bytes [B8, F9, DA, 64, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1412] C:\Windows\system32\WS2_32.dll!recv + 1 000007feff70df41 11 bytes [B8, 39, E0, 64, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1412] C:\Windows\system32\WS2_32.dll!WSAConnect + 1 000007feff72e0f1 11 bytes [B8, 79, DE, 64, 76, 00, 00, ...] .text C:\Windows\system32\WLANExt.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000077cc92d1 5 bytes [B8, 39, 69, 64, 76] .text C:\Windows\system32\WLANExt.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7 0000000077cc92d7 5 bytes [00, 00, 00, 50, C3] .text C:\Windows\system32\WLANExt.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 0000000077ce1330 6 bytes [48, B8, B9, F1, 64, 76] .text C:\Windows\system32\WLANExt.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 0000000077ce1338 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\WLANExt.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077ce13a0 6 bytes [48, B8, B9, D5, 64, 76] .text C:\Windows\system32\WLANExt.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 0000000077ce13a8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\WLANExt.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077ce1470 6 bytes [48, B8, 79, C2, 64, 76] .text C:\Windows\system32\WLANExt.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 0000000077ce1478 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\WLANExt.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077ce1510 6 bytes [48, B8, F9, 32, 64, 76] .text C:\Windows\system32\WLANExt.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000077ce1518 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\WLANExt.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077ce1530 6 bytes [48, B8, 39, 1C, 64, 76] .text C:\Windows\system32\WLANExt.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000077ce1538 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\WLANExt.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000077ce1550 6 bytes [48, B8, F9, 1D, 64, 76] .text C:\Windows\system32\WLANExt.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000077ce1558 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\WLANExt.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077ce1570 6 bytes [48, B8, B9, C0, 64, 76] .text C:\Windows\system32\WLANExt.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 0000000077ce1578 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\WLANExt.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077ce1620 6 bytes [48, B8, 39, EE, 64, 76] .text C:\Windows\system32\WLANExt.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 0000000077ce1628 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\WLANExt.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077ce1650 6 bytes [48, B8, 79, 2F, 64, 76] .text C:\Windows\system32\WLANExt.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 0000000077ce1658 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\WLANExt.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077ce1670 6 bytes [48, B8, 79, 36, 64, 76] .text C:\Windows\system32\WLANExt.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 0000000077ce1678 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\WLANExt.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077ce1700 6 bytes [48, B8, B9, 34, 64, 76] .text C:\Windows\system32\WLANExt.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 0000000077ce1708 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\WLANExt.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077ce1750 6 bytes [48, B8, 79, F3, 64, 76] .text C:\Windows\system32\WLANExt.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 0000000077ce1758 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\WLANExt.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000077ce1780 6 bytes [48, B8, 39, 2A, 64, 76] .text C:\Windows\system32\WLANExt.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 0000000077ce1788 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\WLANExt.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077ce1790 6 bytes [48, B8, B9, 26, 64, 76] .text C:\Windows\system32\WLANExt.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 0000000077ce1798 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\WLANExt.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077ce1800 6 bytes [48, B8, F9, EF, 64, 76] .text C:\Windows\system32\WLANExt.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000077ce1808 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\WLANExt.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 0000000077ce18b0 6 bytes [48, B8, F9, F6, 64, 76] .text C:\Windows\system32\WLANExt.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 0000000077ce18b8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\WLANExt.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077ce1c80 6 bytes [48, B8, 79, EC, 64, 76] .text C:\Windows\system32\WLANExt.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 0000000077ce1c88 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\WLANExt.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000077ce1cd0 6 bytes [48, B8, 79, 28, 64, 76] .text C:\Windows\system32\WLANExt.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 0000000077ce1cd8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\WLANExt.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077ce1d30 6 bytes [48, B8, F9, 24, 64, 76] .text C:\Windows\system32\WLANExt.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 0000000077ce1d38 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\WLANExt.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077ce20a0 6 bytes [48, B8, 79, D7, 64, 76] .text C:\Windows\system32\WLANExt.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 0000000077ce20a8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\WLANExt.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 0000000077ce25e0 6 bytes [48, B8, 79, 83, 64, 76] .text C:\Windows\system32\WLANExt.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 0000000077ce25e8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\WLANExt.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077ce27e0 6 bytes [48, B8, 39, 31, 64, 76] .text C:\Windows\system32\WLANExt.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 0000000077ce27e8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\WLANExt.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077ce29a0 6 bytes [48, B8, 39, D9, 64, 76] .text C:\Windows\system32\WLANExt.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 0000000077ce29a8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\WLANExt.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077ce2a80 6 bytes [48, B8, 79, 3D, 64, 76] .text C:\Windows\system32\WLANExt.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8 0000000077ce2a88 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\WLANExt.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077ce2a90 6 bytes [48, B8, B9, 3B, 64, 76] .text C:\Windows\system32\WLANExt.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8 0000000077ce2a98 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\WLANExt.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077ce2aa0 6 bytes [48, B8, 39, F5, 64, 76] .text C:\Windows\system32\WLANExt.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 0000000077ce2aa8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\WLANExt.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077ce2b80 6 bytes [48, B8, 39, E7, 64, 76] .text C:\Windows\system32\WLANExt.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 0000000077ce2b88 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\WLANExt.exe[1584] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 0000000077d53201 11 bytes [B8, 39, 85, 64, 76, 00, 00, ...] .text C:\Windows\system32\WLANExt.exe[1584] C:\Windows\system32\kernel32.dll!Process32NextW + 1 0000000077a71b21 11 bytes [B8, F9, D3, 64, 76, 00, 00, ...] .text C:\Windows\system32\WLANExt.exe[1584] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 0000000077a71c10 12 bytes [48, B8, F9, 39, 64, 76, 00, ...] .text C:\Windows\system32\WLANExt.exe[1584] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000077a8db80 12 bytes [48, B8, B9, 2D, 64, 76, 00, ...] .text C:\Windows\system32\WLANExt.exe[1584] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 0000000077a90931 11 bytes [B8, 79, E5, 64, 76, 00, 00, ...] .text C:\Windows\system32\WLANExt.exe[1584] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 0000000077ac52f1 11 bytes [B8, B9, 7A, 64, 76, 00, 00, ...] .text C:\Windows\system32\WLANExt.exe[1584] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000077ac5311 11 bytes [B8, 39, 77, 64, 76, 00, 00, ...] .text C:\Windows\system32\WLANExt.exe[1584] C:\Windows\system32\kernel32.dll!ReadConsoleW 0000000077ada5e0 12 bytes [48, B8, B9, 81, 64, 76, 00, ...] .text C:\Windows\system32\WLANExt.exe[1584] C:\Windows\system32\kernel32.dll!ReadConsoleA 0000000077ada6f0 12 bytes [48, B8, 39, 7E, 64, 76, 00, ...] .text C:\Windows\system32\WLANExt.exe[1584] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefdc21861 11 bytes [B8, 79, 52, 64, 76, 00, 00, ...] .text C:\Windows\system32\WLANExt.exe[1584] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefdc22db1 11 bytes [B8, B9, C7, 64, 76, 00, 00, ...] .text C:\Windows\system32\WLANExt.exe[1584] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefdc23461 11 bytes [B8, 79, C9, 64, 76, 00, 00, ...] .text C:\Windows\system32\WLANExt.exe[1584] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdc28ef0 12 bytes [48, B8, F9, C5, 64, 76, 00, ...] .text C:\Windows\system32\WLANExt.exe[1584] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefdc294c0 12 bytes [48, B8, B9, 50, 64, 76, 00, ...] .text C:\Windows\system32\WLANExt.exe[1584] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefdc2bfd1 11 bytes [B8, 39, C4, 64, 76, 00, 00, ...] .text C:\Windows\system32\WLANExt.exe[1584] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefdc32af1 11 bytes [B8, F9, 4E, 64, 76, 00, 00, ...] .text C:\Windows\system32\WLANExt.exe[1584] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefdc54350 12 bytes [48, B8, B9, 42, 64, 76, 00, ...] .text C:\Windows\system32\WLANExt.exe[1584] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefdc62871 8 bytes [B8, 39, 23, 64, 76, 00, 00, ...] .text C:\Windows\system32\WLANExt.exe[1584] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefdc6287a 2 bytes [50, C3] .text C:\Windows\system32\WLANExt.exe[1584] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefdc628b1 11 bytes [B8, F9, 40, 64, 76, 00, 00, ...] .text C:\Windows\system32\WLANExt.exe[1584] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefefe642d 11 bytes [B8, 39, 5B, 64, 76, 00, 00, ...] .text C:\Windows\system32\WLANExt.exe[1584] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefefe6484 12 bytes [48, B8, F9, 55, 64, 76, 00, ...] .text C:\Windows\system32\WLANExt.exe[1584] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefefe6519 11 bytes [B8, 39, 62, 64, 76, 00, 00, ...] .text C:\Windows\system32\WLANExt.exe[1584] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefefe6c34 12 bytes [48, B8, 39, 54, 64, 76, 00, ...] .text C:\Windows\system32\WLANExt.exe[1584] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefefe7ab5 11 bytes [B8, F9, 5C, 64, 76, 00, 00, ...] .text C:\Windows\system32\WLANExt.exe[1584] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefefe8b01 11 bytes [B8, B9, 57, 64, 76, 00, 00, ...] .text C:\Windows\system32\WLANExt.exe[1584] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefefe8c39 11 bytes [B8, 79, 59, 64, 76, 00, 00, ...] .text C:\Windows\system32\WLANExt.exe[1584] C:\Windows\system32\WS2_32.dll!WSASend + 1 000007feff7013b1 11 bytes [B8, F9, BE, 64, 76, 00, 00, ...] .text C:\Windows\system32\WLANExt.exe[1584] C:\Windows\system32\WS2_32.dll!closesocket 000007feff7018e0 12 bytes [48, B8, 39, BD, 64, 76, 00, ...] .text C:\Windows\system32\WLANExt.exe[1584] C:\Windows\system32\WS2_32.dll!WSASocketW + 1 000007feff701bd1 11 bytes [B8, 79, BB, 64, 76, 00, 00, ...] .text C:\Windows\system32\WLANExt.exe[1584] C:\Windows\system32\WS2_32.dll!WSARecv + 1 000007feff702201 11 bytes [B8, F9, E1, 64, 76, 00, 00, ...] .text C:\Windows\system32\WLANExt.exe[1584] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 000007feff7023c0 12 bytes [48, B8, 79, A6, 64, 76, 00, ...] .text C:\Windows\system32\WLANExt.exe[1584] C:\Windows\system32\WS2_32.dll!connect 000007feff7045c0 12 bytes [48, B8, 79, 67, 64, 76, 00, ...] .text C:\Windows\system32\WLANExt.exe[1584] C:\Windows\system32\WS2_32.dll!send + 1 000007feff708001 11 bytes [B8, B9, B9, 64, 76, 00, 00, ...] .text C:\Windows\system32\WLANExt.exe[1584] C:\Windows\system32\WS2_32.dll!gethostbyname 000007feff708df0 7 bytes [48, B8, 39, A8, 64, 76, 00] .text C:\Windows\system32\WLANExt.exe[1584] C:\Windows\system32\WS2_32.dll!gethostbyname + 9 000007feff708df9 3 bytes [00, 50, C3] .text C:\Windows\system32\WLANExt.exe[1584] C:\Windows\system32\WS2_32.dll!socket + 1 000007feff70de91 11 bytes [B8, F9, DA, 64, 76, 00, 00, ...] .text C:\Windows\system32\WLANExt.exe[1584] C:\Windows\system32\WS2_32.dll!recv + 1 000007feff70df41 11 bytes [B8, 39, E0, 64, 76, 00, 00, ...] .text C:\Windows\system32\WLANExt.exe[1584] C:\Windows\system32\WS2_32.dll!WSAConnect + 1 000007feff72e0f1 11 bytes [B8, 79, DE, 64, 76, 00, 00, ...] .text C:\Windows\system32\atieclxx.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000077cc92d1 5 bytes [B8, 39, 69, 64, 76] .text C:\Windows\system32\atieclxx.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7 0000000077cc92d7 5 bytes [00, 00, 00, 50, C3] .text C:\Windows\system32\atieclxx.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 0000000077ce1330 6 bytes [48, B8, B9, F1, 64, 76] .text C:\Windows\system32\atieclxx.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 0000000077ce1338 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\atieclxx.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077ce13a0 6 bytes [48, B8, B9, D5, 64, 76] .text C:\Windows\system32\atieclxx.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 0000000077ce13a8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\atieclxx.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077ce1470 6 bytes [48, B8, 79, C2, 64, 76] .text C:\Windows\system32\atieclxx.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 0000000077ce1478 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\atieclxx.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077ce1510 6 bytes [48, B8, F9, 32, 64, 76] .text C:\Windows\system32\atieclxx.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000077ce1518 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\atieclxx.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077ce1530 6 bytes [48, B8, 39, 1C, 64, 76] .text C:\Windows\system32\atieclxx.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000077ce1538 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\atieclxx.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000077ce1550 6 bytes [48, B8, F9, 1D, 64, 76] .text C:\Windows\system32\atieclxx.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000077ce1558 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\atieclxx.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077ce1570 6 bytes [48, B8, B9, C0, 64, 76] .text C:\Windows\system32\atieclxx.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 0000000077ce1578 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\atieclxx.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077ce1620 6 bytes [48, B8, 39, EE, 64, 76] .text C:\Windows\system32\atieclxx.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 0000000077ce1628 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\atieclxx.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077ce1650 6 bytes [48, B8, 79, 2F, 64, 76] .text C:\Windows\system32\atieclxx.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 0000000077ce1658 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\atieclxx.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077ce1670 6 bytes [48, B8, 79, 36, 64, 76] .text C:\Windows\system32\atieclxx.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 0000000077ce1678 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\atieclxx.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077ce1700 6 bytes [48, B8, B9, 34, 64, 76] .text C:\Windows\system32\atieclxx.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 0000000077ce1708 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\atieclxx.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077ce1750 6 bytes [48, B8, 79, F3, 64, 76] .text C:\Windows\system32\atieclxx.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 0000000077ce1758 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\atieclxx.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000077ce1780 6 bytes [48, B8, 39, 2A, 64, 76] .text C:\Windows\system32\atieclxx.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 0000000077ce1788 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\atieclxx.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077ce1790 6 bytes [48, B8, B9, 26, 64, 76] .text C:\Windows\system32\atieclxx.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 0000000077ce1798 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\atieclxx.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077ce1800 6 bytes [48, B8, F9, EF, 64, 76] .text C:\Windows\system32\atieclxx.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000077ce1808 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\atieclxx.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 0000000077ce18b0 6 bytes [48, B8, F9, F6, 64, 76] .text C:\Windows\system32\atieclxx.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 0000000077ce18b8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\atieclxx.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077ce1c80 6 bytes [48, B8, 79, EC, 64, 76] .text C:\Windows\system32\atieclxx.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 0000000077ce1c88 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\atieclxx.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000077ce1cd0 6 bytes [48, B8, 79, 28, 64, 76] .text C:\Windows\system32\atieclxx.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 0000000077ce1cd8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\atieclxx.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077ce1d30 6 bytes [48, B8, F9, 24, 64, 76] .text C:\Windows\system32\atieclxx.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 0000000077ce1d38 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\atieclxx.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077ce20a0 6 bytes [48, B8, 79, D7, 64, 76] .text C:\Windows\system32\atieclxx.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 0000000077ce20a8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\atieclxx.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 0000000077ce25e0 6 bytes [48, B8, 79, 83, 64, 76] .text C:\Windows\system32\atieclxx.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 0000000077ce25e8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\atieclxx.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077ce27e0 6 bytes [48, B8, 39, 31, 64, 76] .text C:\Windows\system32\atieclxx.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 0000000077ce27e8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\atieclxx.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077ce29a0 6 bytes [48, B8, 39, D9, 64, 76] .text C:\Windows\system32\atieclxx.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 0000000077ce29a8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\atieclxx.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077ce2a80 6 bytes [48, B8, 79, 3D, 64, 76] .text C:\Windows\system32\atieclxx.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8 0000000077ce2a88 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\atieclxx.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077ce2a90 6 bytes [48, B8, B9, 3B, 64, 76] .text C:\Windows\system32\atieclxx.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8 0000000077ce2a98 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\atieclxx.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077ce2aa0 6 bytes [48, B8, 39, F5, 64, 76] .text C:\Windows\system32\atieclxx.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 0000000077ce2aa8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\atieclxx.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077ce2b80 6 bytes [48, B8, 39, E7, 64, 76] .text C:\Windows\system32\atieclxx.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 0000000077ce2b88 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\atieclxx.exe[1632] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 0000000077d53201 11 bytes [B8, 39, 85, 64, 76, 00, 00, ...] .text C:\Windows\system32\atieclxx.exe[1632] C:\Windows\system32\kernel32.dll!Process32NextW + 1 0000000077a71b21 11 bytes [B8, F9, D3, 64, 76, 00, 00, ...] .text C:\Windows\system32\atieclxx.exe[1632] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 0000000077a71c10 12 bytes [48, B8, F9, 39, 64, 76, 00, ...] .text C:\Windows\system32\atieclxx.exe[1632] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000077a8db80 12 bytes [48, B8, B9, 2D, 64, 76, 00, ...] .text C:\Windows\system32\atieclxx.exe[1632] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 0000000077a90931 11 bytes [B8, 79, E5, 64, 76, 00, 00, ...] .text C:\Windows\system32\atieclxx.exe[1632] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 0000000077ac52f1 11 bytes [B8, B9, 7A, 64, 76, 00, 00, ...] .text C:\Windows\system32\atieclxx.exe[1632] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000077ac5311 11 bytes [B8, 39, 77, 64, 76, 00, 00, ...] .text C:\Windows\system32\atieclxx.exe[1632] C:\Windows\system32\kernel32.dll!ReadConsoleW 0000000077ada5e0 12 bytes [48, B8, B9, 81, 64, 76, 00, ...] .text C:\Windows\system32\atieclxx.exe[1632] C:\Windows\system32\kernel32.dll!ReadConsoleA 0000000077ada6f0 12 bytes [48, B8, 39, 7E, 64, 76, 00, ...] .text C:\Windows\system32\atieclxx.exe[1632] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefdc21861 11 bytes [B8, 79, 52, 64, 76, 00, 00, ...] .text C:\Windows\system32\atieclxx.exe[1632] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefdc22db1 11 bytes [B8, B9, C7, 64, 76, 00, 00, ...] .text C:\Windows\system32\atieclxx.exe[1632] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefdc23461 11 bytes [B8, 79, C9, 64, 76, 00, 00, ...] .text C:\Windows\system32\atieclxx.exe[1632] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdc28ef0 12 bytes [48, B8, F9, C5, 64, 76, 00, ...] .text C:\Windows\system32\atieclxx.exe[1632] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefdc294c0 12 bytes [48, B8, B9, 50, 64, 76, 00, ...] .text C:\Windows\system32\atieclxx.exe[1632] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefdc2bfd1 11 bytes [B8, 39, C4, 64, 76, 00, 00, ...] .text C:\Windows\system32\atieclxx.exe[1632] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefdc32af1 11 bytes [B8, F9, 4E, 64, 76, 00, 00, ...] .text C:\Windows\system32\atieclxx.exe[1632] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefdc54350 12 bytes [48, B8, B9, 42, 64, 76, 00, ...] .text C:\Windows\system32\atieclxx.exe[1632] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefdc62871 8 bytes [B8, 39, 23, 64, 76, 00, 00, ...] .text C:\Windows\system32\atieclxx.exe[1632] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefdc6287a 2 bytes [50, C3] .text C:\Windows\system32\atieclxx.exe[1632] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefdc628b1 11 bytes [B8, F9, 40, 64, 76, 00, 00, ...] .text C:\Windows\system32\atieclxx.exe[1632] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefefe642d 11 bytes [B8, 39, 5B, 64, 76, 00, 00, ...] .text C:\Windows\system32\atieclxx.exe[1632] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefefe6484 12 bytes [48, B8, F9, 55, 64, 76, 00, ...] .text C:\Windows\system32\atieclxx.exe[1632] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefefe6519 11 bytes [B8, 39, 62, 64, 76, 00, 00, ...] .text C:\Windows\system32\atieclxx.exe[1632] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefefe6c34 12 bytes [48, B8, 39, 54, 64, 76, 00, ...] .text C:\Windows\system32\atieclxx.exe[1632] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefefe7ab5 11 bytes [B8, F9, 5C, 64, 76, 00, 00, ...] .text C:\Windows\system32\atieclxx.exe[1632] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefefe8b01 11 bytes [B8, B9, 57, 64, 76, 00, 00, ...] .text C:\Windows\system32\atieclxx.exe[1632] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefefe8c39 11 bytes [B8, 79, 59, 64, 76, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000077cc92d1 5 bytes [B8, 39, 69, 64, 76] .text C:\Windows\System32\spoolsv.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7 0000000077cc92d7 5 bytes [00, 00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 0000000077ce1330 6 bytes [48, B8, B9, F1, 64, 76] .text C:\Windows\System32\spoolsv.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 0000000077ce1338 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077ce13a0 6 bytes [48, B8, B9, D5, 64, 76] .text C:\Windows\System32\spoolsv.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 0000000077ce13a8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077ce1470 6 bytes [48, B8, 79, C2, 64, 76] .text C:\Windows\System32\spoolsv.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 0000000077ce1478 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077ce1510 6 bytes [48, B8, F9, 32, 64, 76] .text C:\Windows\System32\spoolsv.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000077ce1518 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077ce1530 6 bytes [48, B8, 39, 1C, 64, 76] .text C:\Windows\System32\spoolsv.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000077ce1538 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000077ce1550 6 bytes [48, B8, F9, 1D, 64, 76] .text C:\Windows\System32\spoolsv.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000077ce1558 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077ce1570 6 bytes [48, B8, B9, C0, 64, 76] .text C:\Windows\System32\spoolsv.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 0000000077ce1578 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077ce1620 6 bytes [48, B8, 39, EE, 64, 76] .text C:\Windows\System32\spoolsv.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 0000000077ce1628 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077ce1650 6 bytes [48, B8, 79, 2F, 64, 76] .text C:\Windows\System32\spoolsv.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 0000000077ce1658 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077ce1670 6 bytes [48, B8, 79, 36, 64, 76] .text C:\Windows\System32\spoolsv.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 0000000077ce1678 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077ce1700 6 bytes [48, B8, B9, 34, 64, 76] .text C:\Windows\System32\spoolsv.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 0000000077ce1708 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077ce1750 6 bytes [48, B8, 79, F3, 64, 76] .text C:\Windows\System32\spoolsv.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 0000000077ce1758 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000077ce1780 6 bytes [48, B8, 39, 2A, 64, 76] .text C:\Windows\System32\spoolsv.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 0000000077ce1788 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077ce1790 6 bytes [48, B8, B9, 26, 64, 76] .text C:\Windows\System32\spoolsv.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 0000000077ce1798 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077ce1800 6 bytes [48, B8, F9, EF, 64, 76] .text C:\Windows\System32\spoolsv.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000077ce1808 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 0000000077ce18b0 6 bytes [48, B8, F9, F6, 64, 76] .text C:\Windows\System32\spoolsv.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 0000000077ce18b8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077ce1c80 6 bytes [48, B8, 79, EC, 64, 76] .text C:\Windows\System32\spoolsv.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 0000000077ce1c88 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000077ce1cd0 6 bytes [48, B8, 79, 28, 64, 76] .text C:\Windows\System32\spoolsv.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 0000000077ce1cd8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077ce1d30 6 bytes [48, B8, F9, 24, 64, 76] .text C:\Windows\System32\spoolsv.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 0000000077ce1d38 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077ce20a0 6 bytes [48, B8, 79, D7, 64, 76] .text C:\Windows\System32\spoolsv.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 0000000077ce20a8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 0000000077ce25e0 6 bytes [48, B8, 79, 83, 64, 76] .text C:\Windows\System32\spoolsv.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 0000000077ce25e8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077ce27e0 6 bytes [48, B8, 39, 31, 64, 76] .text C:\Windows\System32\spoolsv.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 0000000077ce27e8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077ce29a0 6 bytes [48, B8, 39, D9, 64, 76] .text C:\Windows\System32\spoolsv.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 0000000077ce29a8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077ce2a80 6 bytes [48, B8, 79, 3D, 64, 76] .text C:\Windows\System32\spoolsv.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8 0000000077ce2a88 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077ce2a90 6 bytes [48, B8, B9, 3B, 64, 76] .text C:\Windows\System32\spoolsv.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8 0000000077ce2a98 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077ce2aa0 6 bytes [48, B8, 39, F5, 64, 76] .text C:\Windows\System32\spoolsv.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 0000000077ce2aa8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077ce2b80 6 bytes [48, B8, 39, E7, 64, 76] .text C:\Windows\System32\spoolsv.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 0000000077ce2b88 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1816] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 0000000077d53201 11 bytes [B8, 39, 85, 64, 76, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1816] C:\Windows\system32\kernel32.dll!Process32NextW + 1 0000000077a71b21 11 bytes [B8, F9, D3, 64, 76, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1816] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 0000000077a71c10 12 bytes [48, B8, F9, 39, 64, 76, 00, ...] .text C:\Windows\System32\spoolsv.exe[1816] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000077a8db80 12 bytes [48, B8, B9, 2D, 64, 76, 00, ...] .text C:\Windows\System32\spoolsv.exe[1816] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 0000000077a90931 11 bytes [B8, 79, E5, 64, 76, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1816] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 0000000077ac52f1 11 bytes [B8, B9, 7A, 64, 76, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1816] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000077ac5311 11 bytes [B8, 39, 77, 64, 76, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1816] C:\Windows\system32\kernel32.dll!ReadConsoleW 0000000077ada5e0 12 bytes [48, B8, B9, 81, 64, 76, 00, ...] .text C:\Windows\System32\spoolsv.exe[1816] C:\Windows\system32\kernel32.dll!ReadConsoleA 0000000077ada6f0 12 bytes [48, B8, 39, 7E, 64, 76, 00, ...] .text C:\Windows\System32\spoolsv.exe[1816] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefdc21861 11 bytes [B8, 79, 52, 64, 76, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1816] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefdc22db1 11 bytes [B8, B9, C7, 64, 76, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1816] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefdc23461 11 bytes [B8, 79, C9, 64, 76, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1816] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdc28ef0 12 bytes [48, B8, F9, C5, 64, 76, 00, ...] .text C:\Windows\System32\spoolsv.exe[1816] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefdc294c0 12 bytes [48, B8, B9, 50, 64, 76, 00, ...] .text C:\Windows\System32\spoolsv.exe[1816] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefdc2bfd1 11 bytes [B8, 39, C4, 64, 76, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1816] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefdc32af1 11 bytes [B8, F9, 4E, 64, 76, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1816] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefdc54350 12 bytes [48, B8, B9, 42, 64, 76, 00, ...] .text C:\Windows\System32\spoolsv.exe[1816] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefdc62871 8 bytes [B8, 39, 23, 64, 76, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1816] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefdc6287a 2 bytes [50, C3] .text C:\Windows\System32\spoolsv.exe[1816] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefdc628b1 11 bytes [B8, F9, 40, 64, 76, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1816] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefefe642d 11 bytes [B8, 39, 5B, 64, 76, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1816] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefefe6484 12 bytes [48, B8, F9, 55, 64, 76, 00, ...] .text C:\Windows\System32\spoolsv.exe[1816] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefefe6519 11 bytes [B8, 39, 62, 64, 76, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1816] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefefe6c34 12 bytes [48, B8, 39, 54, 64, 76, 00, ...] .text C:\Windows\System32\spoolsv.exe[1816] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefefe7ab5 11 bytes [B8, F9, 5C, 64, 76, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1816] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefefe8b01 11 bytes [B8, B9, 57, 64, 76, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1816] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefefe8c39 11 bytes [B8, 79, 59, 64, 76, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1816] C:\Windows\system32\WS2_32.dll!WSASend + 1 000007feff7013b1 11 bytes [B8, F9, BE, 64, 76, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1816] C:\Windows\system32\WS2_32.dll!closesocket 000007feff7018e0 12 bytes [48, B8, 39, BD, 64, 76, 00, ...] .text C:\Windows\System32\spoolsv.exe[1816] C:\Windows\system32\WS2_32.dll!WSASocketW + 1 000007feff701bd1 11 bytes [B8, 79, BB, 64, 76, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1816] C:\Windows\system32\WS2_32.dll!WSARecv + 1 000007feff702201 11 bytes [B8, F9, E1, 64, 76, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1816] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 000007feff7023c0 12 bytes [48, B8, 79, A6, 64, 76, 00, ...] .text C:\Windows\System32\spoolsv.exe[1816] C:\Windows\system32\WS2_32.dll!connect 000007feff7045c0 12 bytes [48, B8, 79, 67, 64, 76, 00, ...] .text C:\Windows\System32\spoolsv.exe[1816] C:\Windows\system32\WS2_32.dll!send + 1 000007feff708001 11 bytes [B8, B9, B9, 64, 76, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1816] C:\Windows\system32\WS2_32.dll!gethostbyname 000007feff708df0 7 bytes [48, B8, 39, A8, 64, 76, 00] .text C:\Windows\System32\spoolsv.exe[1816] C:\Windows\system32\WS2_32.dll!gethostbyname + 9 000007feff708df9 3 bytes [00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1816] C:\Windows\system32\WS2_32.dll!socket + 1 000007feff70de91 11 bytes [B8, F9, DA, 64, 76, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1816] C:\Windows\system32\WS2_32.dll!recv + 1 000007feff70df41 11 bytes [B8, 39, E0, 64, 76, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1816] C:\Windows\system32\WS2_32.dll!WSAConnect + 1 000007feff72e0f1 11 bytes [B8, 79, DE, 64, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000077cc92d1 5 bytes [B8, 39, 69, 64, 76] .text C:\Windows\system32\svchost.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7 0000000077cc92d7 5 bytes [00, 00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 0000000077ce1330 6 bytes [48, B8, 79, EC, 64, 76] .text C:\Windows\system32\svchost.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 0000000077ce1338 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077ce13a0 6 bytes [48, B8, B9, D5, 64, 76] .text C:\Windows\system32\svchost.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 0000000077ce13a8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077ce1470 6 bytes [48, B8, 79, C2, 64, 76] .text C:\Windows\system32\svchost.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 0000000077ce1478 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077ce1510 6 bytes [48, B8, F9, 32, 64, 76] .text C:\Windows\system32\svchost.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000077ce1518 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077ce1530 6 bytes [48, B8, 39, 1C, 64, 76] .text C:\Windows\system32\svchost.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000077ce1538 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000077ce1550 6 bytes [48, B8, F9, 1D, 64, 76] .text C:\Windows\system32\svchost.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000077ce1558 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077ce1570 6 bytes [48, B8, B9, C0, 64, 76] .text C:\Windows\system32\svchost.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 0000000077ce1578 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077ce1620 6 bytes [48, B8, F9, E8, 64, 76] .text C:\Windows\system32\svchost.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 0000000077ce1628 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077ce1650 6 bytes [48, B8, 79, 2F, 64, 76] .text C:\Windows\system32\svchost.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 0000000077ce1658 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077ce1670 6 bytes [48, B8, 79, 36, 64, 76] .text C:\Windows\system32\svchost.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 0000000077ce1678 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077ce1700 6 bytes [48, B8, B9, 34, 64, 76] .text C:\Windows\system32\svchost.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 0000000077ce1708 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077ce1750 6 bytes [48, B8, 39, EE, 64, 76] .text C:\Windows\system32\svchost.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 0000000077ce1758 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000077ce1780 6 bytes [48, B8, 39, 2A, 64, 76] .text C:\Windows\system32\svchost.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 0000000077ce1788 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077ce1790 6 bytes [48, B8, B9, 26, 64, 76] .text C:\Windows\system32\svchost.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 0000000077ce1798 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077ce1800 6 bytes [48, B8, B9, EA, 64, 76] .text C:\Windows\system32\svchost.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000077ce1808 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 0000000077ce18b0 6 bytes [48, B8, B9, F1, 64, 76] .text C:\Windows\system32\svchost.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 0000000077ce18b8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077ce1c80 6 bytes [48, B8, 39, E7, 64, 76] .text C:\Windows\system32\svchost.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 0000000077ce1c88 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000077ce1cd0 6 bytes [48, B8, 79, 28, 64, 76] .text C:\Windows\system32\svchost.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 0000000077ce1cd8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077ce1d30 6 bytes [48, B8, F9, 24, 64, 76] .text C:\Windows\system32\svchost.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 0000000077ce1d38 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077ce20a0 6 bytes [48, B8, 79, D7, 64, 76] .text C:\Windows\system32\svchost.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 0000000077ce20a8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 0000000077ce25e0 6 bytes [48, B8, 79, 83, 64, 76] .text C:\Windows\system32\svchost.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 0000000077ce25e8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077ce27e0 6 bytes [48, B8, 39, 31, 64, 76] .text C:\Windows\system32\svchost.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 0000000077ce27e8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077ce29a0 6 bytes [48, B8, 39, D9, 64, 76] .text C:\Windows\system32\svchost.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 0000000077ce29a8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077ce2a80 6 bytes [48, B8, 79, 3D, 64, 76] .text C:\Windows\system32\svchost.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8 0000000077ce2a88 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077ce2a90 6 bytes [48, B8, B9, 3B, 64, 76] .text C:\Windows\system32\svchost.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8 0000000077ce2a98 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077ce2aa0 6 bytes [48, B8, F9, EF, 64, 76] .text C:\Windows\system32\svchost.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 0000000077ce2aa8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1856] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 0000000077d53201 11 bytes [B8, 39, 85, 64, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1856] C:\Windows\system32\kernel32.dll!Process32NextW + 1 0000000077a71b21 11 bytes [B8, F9, D3, 64, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1856] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 0000000077a71c10 12 bytes [48, B8, F9, 39, 64, 76, 00, ...] .text C:\Windows\system32\svchost.exe[1856] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000077a8db80 12 bytes [48, B8, B9, 2D, 64, 76, 00, ...] .text C:\Windows\system32\svchost.exe[1856] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 0000000077a90931 11 bytes [B8, 79, E5, 64, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1856] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 0000000077ac52f1 11 bytes [B8, B9, 7A, 64, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1856] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000077ac5311 11 bytes [B8, 39, 77, 64, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1856] C:\Windows\system32\kernel32.dll!ReadConsoleW 0000000077ada5e0 12 bytes [48, B8, B9, 81, 64, 76, 00, ...] .text C:\Windows\system32\svchost.exe[1856] C:\Windows\system32\kernel32.dll!ReadConsoleA 0000000077ada6f0 12 bytes [48, B8, 39, 7E, 64, 76, 00, ...] .text C:\Windows\system32\svchost.exe[1856] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefdc21861 11 bytes [B8, 79, 52, 64, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1856] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefdc22db1 11 bytes [B8, B9, C7, 64, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1856] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefdc23461 11 bytes [B8, 79, C9, 64, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1856] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdc28ef0 12 bytes [48, B8, F9, C5, 64, 76, 00, ...] .text C:\Windows\system32\svchost.exe[1856] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefdc294c0 12 bytes [48, B8, B9, 50, 64, 76, 00, ...] .text C:\Windows\system32\svchost.exe[1856] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefdc2bfd1 11 bytes [B8, 39, C4, 64, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1856] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefdc32af1 11 bytes [B8, F9, 4E, 64, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1856] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefdc54350 12 bytes [48, B8, B9, 42, 64, 76, 00, ...] .text C:\Windows\system32\svchost.exe[1856] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefdc62871 8 bytes [B8, 39, 23, 64, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1856] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefdc6287a 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[1856] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefdc628b1 11 bytes [B8, F9, 40, 64, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1856] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefefe642d 11 bytes [B8, 39, 5B, 64, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1856] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefefe6484 12 bytes [48, B8, F9, 55, 64, 76, 00, ...] .text C:\Windows\system32\svchost.exe[1856] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefefe6519 11 bytes [B8, 39, 62, 64, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1856] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefefe6c34 12 bytes [48, B8, 39, 54, 64, 76, 00, ...] .text C:\Windows\system32\svchost.exe[1856] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefefe7ab5 11 bytes [B8, F9, 5C, 64, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1856] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefefe8b01 11 bytes [B8, B9, 57, 64, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1856] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefefe8c39 11 bytes [B8, 79, 59, 64, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1856] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49 000007fefedf4ea1 11 bytes [B8, 39, F5, 64, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1856] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fefedf55c8 12 bytes [48, B8, B9, 6C, 64, 76, 00, ...] .text C:\Windows\system32\svchost.exe[1856] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fefee0b85c 12 bytes [48, B8, F9, 6A, 64, 76, 00, ...] .text C:\Windows\system32\svchost.exe[1856] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW 000007fefee0b9d0 12 bytes [48, B8, 79, 60, 64, 76, 00, ...] .text C:\Windows\system32\svchost.exe[1856] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007fefee0ba3c 12 bytes [48, B8, B9, 5E, 64, 76, 00, ...] .text C:\Windows\system32\svchost.exe[1856] C:\Windows\system32\WS2_32.dll!WSASend + 1 000007feff7013b1 11 bytes [B8, F9, BE, 64, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1856] C:\Windows\system32\WS2_32.dll!closesocket 000007feff7018e0 12 bytes [48, B8, 39, BD, 64, 76, 00, ...] .text C:\Windows\system32\svchost.exe[1856] C:\Windows\system32\WS2_32.dll!WSASocketW + 1 000007feff701bd1 11 bytes [B8, 79, BB, 64, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1856] C:\Windows\system32\WS2_32.dll!WSARecv + 1 000007feff702201 11 bytes [B8, F9, E1, 64, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1856] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 000007feff7023c0 12 bytes [48, B8, 79, A6, 64, 76, 00, ...] .text C:\Windows\system32\svchost.exe[1856] C:\Windows\system32\WS2_32.dll!connect 000007feff7045c0 12 bytes [48, B8, 79, 67, 64, 76, 00, ...] .text C:\Windows\system32\svchost.exe[1856] C:\Windows\system32\WS2_32.dll!send + 1 000007feff708001 11 bytes [B8, B9, B9, 64, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1856] C:\Windows\system32\WS2_32.dll!gethostbyname 000007feff708df0 7 bytes [48, B8, 39, A8, 64, 76, 00] .text C:\Windows\system32\svchost.exe[1856] C:\Windows\system32\WS2_32.dll!gethostbyname + 9 000007feff708df9 3 bytes [00, 50, C3] .text C:\Windows\system32\svchost.exe[1856] C:\Windows\system32\WS2_32.dll!socket + 1 000007feff70de91 11 bytes [B8, F9, DA, 64, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1856] C:\Windows\system32\WS2_32.dll!recv + 1 000007feff70df41 11 bytes [B8, 39, E0, 64, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1856] C:\Windows\system32\WS2_32.dll!WSAConnect + 1 000007feff72e0f1 11 bytes [B8, 79, DE, 64, 76, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe[2044] C:\Windows\system32\kernel32.dll!Process32NextW + 1 0000000077a71b21 11 bytes [B8, F9, D3, 64, 76, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe[2044] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 0000000077a71c10 12 bytes [48, B8, F9, 39, 64, 76, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe[2044] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000077a8db80 12 bytes [48, B8, B9, 2D, 64, 76, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe[2044] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 0000000077a90931 11 bytes [B8, 79, E5, 64, 76, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe[2044] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 0000000077ac52f1 11 bytes [B8, B9, 7A, 64, 76, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe[2044] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000077ac5311 11 bytes [B8, 39, 77, 64, 76, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe[2044] C:\Windows\system32\kernel32.dll!ReadConsoleW 0000000077ada5e0 12 bytes [48, B8, B9, 81, 64, 76, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe[2044] C:\Windows\system32\kernel32.dll!ReadConsoleA 0000000077ada6f0 12 bytes [48, B8, 39, 7E, 64, 76, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe[2044] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefdc21861 11 bytes [B8, 79, 52, 64, 76, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe[2044] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefdc22db1 11 bytes [B8, B9, C7, 64, 76, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe[2044] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefdc23461 11 bytes [B8, 79, C9, 64, 76, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe[2044] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdc28ef0 12 bytes [48, B8, F9, C5, 64, 76, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe[2044] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefdc294c0 12 bytes [48, B8, B9, 50, 64, 76, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe[2044] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefdc2bfd1 11 bytes [B8, 39, C4, 64, 76, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe[2044] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefdc32af1 11 bytes [B8, F9, 4E, 64, 76, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe[2044] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefdc54350 12 bytes [48, B8, B9, 42, 64, 76, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe[2044] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefdc62871 8 bytes [B8, 39, 23, 64, 76, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe[2044] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefdc6287a 2 bytes [50, C3] .text C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe[2044] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefdc628b1 11 bytes [B8, F9, 40, 64, 76, 00, 00, ...] .text C:\Windows\SysWOW64\ezSharedSvcHost.exe[1780] C:\Windows\SysWOW64\ntdll.dll!NtWriteFile 0000000077e8f928 5 bytes JMP 0000000174886ca1 .text C:\Windows\SysWOW64\ezSharedSvcHost.exe[1780] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000077e8f9e0 5 bytes JMP 00000001748864e9 .text C:\Windows\SysWOW64\ezSharedSvcHost.exe[1780] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000077e8fb28 5 bytes JMP 0000000174885ef9 .text C:\Windows\SysWOW64\ezSharedSvcHost.exe[1780] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 0000000077e8fc20 5 bytes JMP 00000001748831d9 .text C:\Windows\SysWOW64\ezSharedSvcHost.exe[1780] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 0000000077e8fc50 5 bytes JMP 00000001748815f1 .text C:\Windows\SysWOW64\ezSharedSvcHost.exe[1780] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 0000000077e8fc80 5 bytes JMP 0000000174881689 .text C:\Windows\SysWOW64\ezSharedSvcHost.exe[1780] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077e8fcb0 5 bytes JMP 0000000174885e61 .text C:\Windows\SysWOW64\ezSharedSvcHost.exe[1780] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 0000000077e8fdc8 5 bytes JMP 0000000174886c09 .text C:\Windows\SysWOW64\ezSharedSvcHost.exe[1780] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077e8fe14 5 bytes JMP 00000001748830a9 .text C:\Windows\SysWOW64\ezSharedSvcHost.exe[1780] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 0000000077e8fe44 5 bytes JMP 0000000174883309 .text C:\Windows\SysWOW64\ezSharedSvcHost.exe[1780] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 0000000077e8ff24 5 bytes JMP 0000000174883271 .text C:\Windows\SysWOW64\ezSharedSvcHost.exe[1780] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 0000000077e8ffa4 5 bytes JMP 0000000174886d39 .text C:\Windows\SysWOW64\ezSharedSvcHost.exe[1780] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 0000000077e8ffec 5 bytes JMP 0000000174882ee1 .text C:\Windows\SysWOW64\ezSharedSvcHost.exe[1780] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077e90004 5 bytes JMP 0000000174882db1 .text C:\Windows\SysWOW64\ezSharedSvcHost.exe[1780] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077e900b4 5 bytes JMP 0000000174881ed9 .text C:\Windows\SysWOW64\ezSharedSvcHost.exe[1780] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 0000000077e901c4 5 bytes JMP 0000000174882301 .text C:\Windows\SysWOW64\ezSharedSvcHost.exe[1780] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077e9079c 5 bytes JMP 0000000174886b71 .text C:\Windows\SysWOW64\ezSharedSvcHost.exe[1780] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 0000000077e90814 5 bytes JMP 0000000174882e49 .text C:\Windows\SysWOW64\ezSharedSvcHost.exe[1780] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077e908a4 5 bytes JMP 0000000174882d19 .text C:\Windows\SysWOW64\ezSharedSvcHost.exe[1780] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077e90df4 5 bytes JMP 0000000174886581 .text C:\Windows\SysWOW64\ezSharedSvcHost.exe[1780] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError 0000000077e91604 5 bytes JMP 0000000174884ac9 .text C:\Windows\SysWOW64\ezSharedSvcHost.exe[1780] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077e91920 5 bytes JMP 0000000174883141 .text C:\Windows\SysWOW64\ezSharedSvcHost.exe[1780] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077e91be4 5 bytes JMP 0000000174886619 .text C:\Windows\SysWOW64\ezSharedSvcHost.exe[1780] C:\Windows\SysWOW64\ntdll.dll!NtSuspendProcess 0000000077e91d54 5 bytes JMP 0000000174883439 .text C:\Windows\SysWOW64\ezSharedSvcHost.exe[1780] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077e91d70 5 bytes JMP 00000001748833a1 .text C:\Windows\SysWOW64\ezSharedSvcHost.exe[1780] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077e91d8c 5 bytes JMP 0000000174886dd1 .text C:\Windows\SysWOW64\ezSharedSvcHost.exe[1780] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl 0000000077e91ee8 5 bytes JMP 00000001748869a9 .text C:\Windows\SysWOW64\ezSharedSvcHost.exe[1780] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter 0000000077ea88c4 5 bytes JMP 0000000174881ab1 .text C:\Windows\SysWOW64\ezSharedSvcHost.exe[1780] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx 0000000077ed0d3b 5 bytes JMP 0000000174882009 .text C:\Windows\SysWOW64\ezSharedSvcHost.exe[1780] C:\Windows\SysWOW64\ntdll.dll!RtlReportException 0000000077f1860f 5 bytes JMP 0000000174884b61 .text C:\Windows\SysWOW64\ezSharedSvcHost.exe[1780] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters 0000000077f1e8ab 5 bytes JMP 0000000174881f71 .text C:\Windows\SysWOW64\ezSharedSvcHost.exe[1780] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA 0000000077520e00 5 bytes JMP 0000000174881da9 .text C:\Windows\SysWOW64\ezSharedSvcHost.exe[1780] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000077521072 5 bytes JMP 0000000174882a21 .text C:\Windows\SysWOW64\ezSharedSvcHost.exe[1780] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 000000007752499f 5 bytes JMP 00000001748825f9 .text C:\Windows\SysWOW64\ezSharedSvcHost.exe[1780] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000077533bbb 5 bytes JMP 0000000174883011 .text C:\Windows\SysWOW64\ezSharedSvcHost.exe[1780] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot 0000000077547327 5 bytes JMP 0000000174882729 .text C:\Windows\SysWOW64\ezSharedSvcHost.exe[1780] C:\Windows\syswow64\kernel32.dll!Process32NextW 00000000775488da 5 bytes JMP 0000000174886451 .text C:\Windows\SysWOW64\ezSharedSvcHost.exe[1780] C:\Windows\syswow64\kernel32.dll!WinExec 00000000775a2ff1 5 bytes JMP 00000001748828f1 .text C:\Windows\SysWOW64\ezSharedSvcHost.exe[1780] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA 00000000775c748b 5 bytes JMP 00000001748846a1 .text C:\Windows\SysWOW64\ezSharedSvcHost.exe[1780] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW 00000000775c74ae 5 bytes JMP 00000001748847d1 .text C:\Windows\SysWOW64\ezSharedSvcHost.exe[1780] C:\Windows\syswow64\kernel32.dll!ReadConsoleA 00000000775c7859 5 bytes JMP 0000000174884901 .text C:\Windows\SysWOW64\ezSharedSvcHost.exe[1780] C:\Windows\syswow64\kernel32.dll!ReadConsoleW 00000000775c78d2 5 bytes JMP 0000000174884a31 .text C:\Windows\SysWOW64\ezSharedSvcHost.exe[1780] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime 0000000075a58f8d 5 bytes JMP 0000000174881a19 .text C:\Windows\SysWOW64\ezSharedSvcHost.exe[1780] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle 0000000075a5c436 5 bytes JMP 0000000174883b59 .text C:\Windows\SysWOW64\ezSharedSvcHost.exe[1780] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 0000000075a5eca6 5 bytes JMP 0000000174883601 .text C:\Windows\SysWOW64\ezSharedSvcHost.exe[1780] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess 0000000075a5f206 5 bytes JMP 0000000174882399 .text C:\Windows\SysWOW64\ezSharedSvcHost.exe[1780] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW 0000000075a5fa89 5 bytes JMP 0000000174881e41 .text C:\Windows\SysWOW64\ezSharedSvcHost.exe[1780] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW 0000000075a61358 5 bytes JMP 0000000174883ac1 .text C:\Windows\SysWOW64\ezSharedSvcHost.exe[1780] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 0000000075a6137f 5 bytes JMP 0000000174883a29 .text C:\Windows\SysWOW64\ezSharedSvcHost.exe[1780] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075a61d29 5 bytes JMP 0000000174881981 .text C:\Windows\SysWOW64\ezSharedSvcHost.exe[1780] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress 0000000075a61e15 5 bytes JMP 00000001748824c9 .text C:\Windows\SysWOW64\ezSharedSvcHost.exe[1780] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075a62ab1 5 bytes JMP 0000000174886029 .text C:\Windows\SysWOW64\ezSharedSvcHost.exe[1780] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA 0000000075a62cd9 5 bytes JMP 0000000174885f91 .text C:\Windows\SysWOW64\ezSharedSvcHost.exe[1780] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075a62d17 5 bytes JMP 00000001748860c1 .text C:\Windows\SysWOW64\ezSharedSvcHost.exe[1780] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA 0000000075a62e7a 5 bytes JMP 00000001748818e9 .text C:\Windows\SysWOW64\ezSharedSvcHost.exe[1780] C:\Windows\syswow64\KERNELBASE.dll!SleepEx 0000000075a63b70 5 bytes JMP 0000000174882269 .text C:\Windows\SysWOW64\ezSharedSvcHost.exe[1780] C:\Windows\syswow64\KERNELBASE.dll!Sleep 0000000075a64496 5 bytes JMP 0000000174882431 .text C:\Windows\SysWOW64\ezSharedSvcHost.exe[1780] C:\Windows\syswow64\KERNELBASE.dll!CreateThread 0000000075a64608 5 bytes JMP 0000000174883569 .text C:\Windows\SysWOW64\ezSharedSvcHost.exe[1780] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread 0000000075a64631 5 bytes JMP 0000000174882c81 .text C:\Windows\SysWOW64\ezSharedSvcHost.exe[1780] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA 0000000075a6c734 5 bytes JMP 00000001748827c1 .text C:\Windows\SysWOW64\ezSharedSvcHost.exe[1780] C:\Windows\syswow64\user32.dll!GetMessageW 00000000774278e2 5 bytes JMP 0000000174884441 .text C:\Windows\SysWOW64\ezSharedSvcHost.exe[1780] C:\Windows\syswow64\user32.dll!GetMessageA 0000000077427bd3 5 bytes JMP 00000001748843a9 .text C:\Windows\SysWOW64\ezSharedSvcHost.exe[1780] C:\Windows\syswow64\user32.dll!CreateWindowExW 0000000077428a29 5 bytes JMP 00000001748857d9 .text C:\Windows\SysWOW64\ezSharedSvcHost.exe[1780] C:\Windows\syswow64\user32.dll!FindWindowW 00000000774298fd 5 bytes JMP 0000000174886289 .text C:\Windows\SysWOW64\ezSharedSvcHost.exe[1780] C:\Windows\syswow64\user32.dll!UserClientDllInitialize 000000007742b6ed 5 bytes JMP 0000000174886e69 .text C:\Windows\SysWOW64\ezSharedSvcHost.exe[1780] C:\Windows\syswow64\user32.dll!CreateWindowExA 000000007742d22e 5 bytes JMP 0000000174885871 .text C:\Windows\SysWOW64\ezSharedSvcHost.exe[1780] C:\Windows\syswow64\user32.dll!SetWinEventHook 000000007742ee09 5 bytes JMP 00000001748834d1 .text C:\Windows\SysWOW64\ezSharedSvcHost.exe[1780] C:\Windows\syswow64\user32.dll!FindWindowA 000000007742ffe6 5 bytes JMP 0000000174886159 .text C:\Windows\SysWOW64\ezSharedSvcHost.exe[1780] C:\Windows\syswow64\user32.dll!FindWindowExA 00000000774300d9 5 bytes JMP 00000001748861f1 .text C:\Windows\SysWOW64\ezSharedSvcHost.exe[1780] C:\Windows\syswow64\user32.dll!PeekMessageW 00000000774305ba 5 bytes JMP 0000000174884571 .text C:\Windows\SysWOW64\ezSharedSvcHost.exe[1780] C:\Windows\syswow64\user32.dll!ShowWindow 0000000077430dfb 5 bytes JMP 0000000174885909 .text C:\Windows\SysWOW64\ezSharedSvcHost.exe[1780] C:\Windows\syswow64\user32.dll!PostMessageW 00000000774312a5 5 bytes JMP 0000000174886ad9 .text C:\Windows\SysWOW64\ezSharedSvcHost.exe[1780] C:\Windows\syswow64\user32.dll!SetWindowTextW 00000000774320ec 5 bytes JMP 0000000174885c99 .text C:\Windows\SysWOW64\ezSharedSvcHost.exe[1780] C:\Windows\syswow64\user32.dll!PostMessageA 0000000077433baa 5 bytes JMP 0000000174886a41 .text C:\Windows\SysWOW64\ezSharedSvcHost.exe[1780] C:\Windows\syswow64\user32.dll!PeekMessageA 0000000077435f74 5 bytes JMP 00000001748844d9 .text C:\Windows\SysWOW64\ezSharedSvcHost.exe[1780] C:\Windows\syswow64\user32.dll!CallNextHookEx 0000000077436285 5 bytes JMP 0000000174884bf9 .text C:\Windows\SysWOW64\ezSharedSvcHost.exe[1780] C:\Windows\syswow64\user32.dll!SetWindowsHookExW 0000000077437603 5 bytes JMP 0000000174882be9 .text C:\Windows\SysWOW64\ezSharedSvcHost.exe[1780] C:\Windows\syswow64\user32.dll!SetWindowTextA 0000000077437aee 5 bytes JMP 0000000174885c01 .text C:\Windows\SysWOW64\ezSharedSvcHost.exe[1780] C:\Windows\syswow64\user32.dll!SetWindowsHookExA 000000007743835c 5 bytes JMP 0000000174882b51 .text C:\Windows\SysWOW64\ezSharedSvcHost.exe[1780] C:\Windows\syswow64\user32.dll!DialogBoxIndirectParamAorW 000000007744ce54 5 bytes JMP 0000000174885a39 .text C:\Windows\SysWOW64\ezSharedSvcHost.exe[1780] C:\Windows\syswow64\user32.dll!UnhookWindowsHookEx 000000007744f52b 5 bytes JMP 0000000174884c91 .text C:\Windows\SysWOW64\ezSharedSvcHost.exe[1780] C:\Windows\syswow64\user32.dll!FindWindowExW 000000007744f588 5 bytes JMP 0000000174886321 .text C:\Windows\SysWOW64\ezSharedSvcHost.exe[1780] C:\Windows\syswow64\user32.dll!CreateDialogIndirectParamAorW 00000000774510a0 5 bytes JMP 00000001748859a1 .text C:\Windows\SysWOW64\ezSharedSvcHost.exe[1780] C:\Windows\syswow64\user32.dll!MessageBoxExA 000000007747fcd6 5 bytes JMP 0000000174885ad1 .text C:\Windows\SysWOW64\ezSharedSvcHost.exe[1780] C:\Windows\syswow64\user32.dll!MessageBoxExW 000000007747fcfa 5 bytes JMP 0000000174885b69 .text C:\Windows\SysWOW64\ezSharedSvcHost.exe[1780] C:\Windows\syswow64\msvcrt.dll!_lock + 41 000000007605a472 5 bytes JMP 0000000174886f01 .text C:\Windows\SysWOW64\ezSharedSvcHost.exe[1780] C:\Windows\syswow64\msvcrt.dll!__p__fmode 00000000760627ce 5 bytes JMP 0000000174881be1 .text C:\Windows\SysWOW64\ezSharedSvcHost.exe[1780] C:\Windows\syswow64\msvcrt.dll!__p__environ 000000007606e6cf 5 bytes JMP 0000000174881b49 .text C:\Windows\SysWOW64\ezSharedSvcHost.exe[1780] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceW 000000007737c9ec 5 bytes JMP 0000000174883c89 .text C:\Windows\SysWOW64\ezSharedSvcHost.exe[1780] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceA 0000000077382b70 5 bytes JMP 0000000174883bf1 .text C:\Windows\SysWOW64\ezSharedSvcHost.exe[1780] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle 000000007738361c 5 bytes JMP 00000001748840b1 .text C:\Windows\SysWOW64\ezSharedSvcHost.exe[1780] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA + 222 0000000077384965 5 bytes JMP 0000000174886f99 .text C:\Windows\SysWOW64\ezSharedSvcHost.exe[1780] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 00000000773970c4 5 bytes JMP 0000000174884311 .text C:\Windows\SysWOW64\ezSharedSvcHost.exe[1780] C:\Windows\syswow64\ADVAPI32.dll!ControlService 00000000773970dc 5 bytes JMP 0000000174883e51 .text C:\Windows\SysWOW64\ezSharedSvcHost.exe[1780] C:\Windows\syswow64\ADVAPI32.dll!DeleteService 00000000773970f4 5 bytes JMP 0000000174883ee9 .text C:\Windows\SysWOW64\ezSharedSvcHost.exe[1780] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA 00000000773b31f4 5 bytes JMP 0000000174883f81 .text C:\Windows\SysWOW64\ezSharedSvcHost.exe[1780] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW 00000000773b3204 5 bytes JMP 0000000174884019 .text C:\Windows\SysWOW64\ezSharedSvcHost.exe[1780] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA 00000000773b3214 5 bytes JMP 0000000174883d21 .text C:\Windows\SysWOW64\ezSharedSvcHost.exe[1780] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExW 00000000773b3224 5 bytes JMP 0000000174883db9 .text C:\Windows\SysWOW64\ezSharedSvcHost.exe[1780] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 00000000773b3264 5 bytes JMP 0000000174884279 .text C:\Windows\system32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000077cc92d1 5 bytes [B8, 39, 69, 64, 76] .text C:\Windows\system32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7 0000000077cc92d7 5 bytes [00, 00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 0000000077ce1330 6 bytes [48, B8, 79, EC, 64, 76] .text C:\Windows\system32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 0000000077ce1338 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077ce13a0 6 bytes [48, B8, B9, D5, 64, 76] .text C:\Windows\system32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 0000000077ce13a8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077ce1470 6 bytes [48, B8, 79, C2, 64, 76] .text C:\Windows\system32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 0000000077ce1478 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077ce1510 6 bytes [48, B8, F9, 32, 64, 76] .text C:\Windows\system32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000077ce1518 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077ce1530 6 bytes [48, B8, 39, 1C, 64, 76] .text C:\Windows\system32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000077ce1538 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000077ce1550 6 bytes [48, B8, F9, 1D, 64, 76] .text C:\Windows\system32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000077ce1558 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077ce1570 6 bytes [48, B8, B9, C0, 64, 76] .text C:\Windows\system32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 0000000077ce1578 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077ce1620 6 bytes [48, B8, F9, E8, 64, 76] .text C:\Windows\system32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 0000000077ce1628 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077ce1650 6 bytes [48, B8, 79, 2F, 64, 76] .text C:\Windows\system32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 0000000077ce1658 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077ce1670 6 bytes [48, B8, 79, 36, 64, 76] .text C:\Windows\system32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 0000000077ce1678 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077ce1700 6 bytes [48, B8, B9, 34, 64, 76] .text C:\Windows\system32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 0000000077ce1708 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077ce1750 6 bytes [48, B8, 39, EE, 64, 76] .text C:\Windows\system32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 0000000077ce1758 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000077ce1780 6 bytes [48, B8, 39, 2A, 64, 76] .text C:\Windows\system32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 0000000077ce1788 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077ce1790 6 bytes [48, B8, B9, 26, 64, 76] .text C:\Windows\system32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 0000000077ce1798 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077ce1800 6 bytes [48, B8, B9, EA, 64, 76] .text C:\Windows\system32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000077ce1808 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 0000000077ce18b0 6 bytes [48, B8, B9, F1, 64, 76] .text C:\Windows\system32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 0000000077ce18b8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077ce1c80 6 bytes [48, B8, 39, E7, 64, 76] .text C:\Windows\system32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 0000000077ce1c88 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000077ce1cd0 6 bytes [48, B8, 79, 28, 64, 76] .text C:\Windows\system32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 0000000077ce1cd8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077ce1d30 6 bytes [48, B8, F9, 24, 64, 76] .text C:\Windows\system32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 0000000077ce1d38 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077ce20a0 6 bytes [48, B8, 79, D7, 64, 76] .text C:\Windows\system32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 0000000077ce20a8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 0000000077ce25e0 6 bytes [48, B8, 79, 83, 64, 76] .text C:\Windows\system32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 0000000077ce25e8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077ce27e0 6 bytes [48, B8, 39, 31, 64, 76] .text C:\Windows\system32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 0000000077ce27e8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077ce29a0 6 bytes [48, B8, 39, D9, 64, 76] .text C:\Windows\system32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 0000000077ce29a8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077ce2a80 6 bytes [48, B8, 79, 3D, 64, 76] .text C:\Windows\system32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8 0000000077ce2a88 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077ce2a90 6 bytes [48, B8, B9, 3B, 64, 76] .text C:\Windows\system32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8 0000000077ce2a98 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077ce2aa0 6 bytes [48, B8, F9, EF, 64, 76] .text C:\Windows\system32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 0000000077ce2aa8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1232] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 0000000077d53201 11 bytes [B8, 39, 85, 64, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1232] C:\Windows\system32\kernel32.dll!Process32NextW + 1 0000000077a71b21 11 bytes [B8, F9, D3, 64, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1232] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 0000000077a71c10 12 bytes [48, B8, F9, 39, 64, 76, 00, ...] .text C:\Windows\system32\svchost.exe[1232] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000077a8db80 12 bytes [48, B8, B9, 2D, 64, 76, 00, ...] .text C:\Windows\system32\svchost.exe[1232] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 0000000077a90931 11 bytes [B8, 79, E5, 64, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1232] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 0000000077ac52f1 11 bytes [B8, B9, 7A, 64, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1232] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000077ac5311 11 bytes [B8, 39, 77, 64, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1232] C:\Windows\system32\kernel32.dll!ReadConsoleW 0000000077ada5e0 12 bytes [48, B8, B9, 81, 64, 76, 00, ...] .text C:\Windows\system32\svchost.exe[1232] C:\Windows\system32\kernel32.dll!ReadConsoleA 0000000077ada6f0 12 bytes [48, B8, 39, 7E, 64, 76, 00, ...] .text C:\Windows\system32\svchost.exe[1232] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefdc21861 11 bytes [B8, 79, 52, 64, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1232] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefdc22db1 11 bytes [B8, B9, C7, 64, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1232] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefdc23461 11 bytes [B8, 79, C9, 64, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1232] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdc28ef0 12 bytes [48, B8, F9, C5, 64, 76, 00, ...] .text C:\Windows\system32\svchost.exe[1232] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefdc294c0 12 bytes [48, B8, B9, 50, 64, 76, 00, ...] .text C:\Windows\system32\svchost.exe[1232] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefdc2bfd1 11 bytes [B8, 39, C4, 64, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1232] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefdc32af1 11 bytes [B8, F9, 4E, 64, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1232] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefdc54350 12 bytes [48, B8, B9, 42, 64, 76, 00, ...] .text C:\Windows\system32\svchost.exe[1232] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefdc62871 8 bytes [B8, 39, 23, 64, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1232] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefdc6287a 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[1232] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefdc628b1 11 bytes [B8, F9, 40, 64, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1232] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefefe642d 11 bytes [B8, 39, 5B, 64, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1232] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefefe6484 12 bytes [48, B8, F9, 55, 64, 76, 00, ...] .text C:\Windows\system32\svchost.exe[1232] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefefe6519 11 bytes [B8, 39, 62, 64, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1232] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefefe6c34 12 bytes [48, B8, 39, 54, 64, 76, 00, ...] .text C:\Windows\system32\svchost.exe[1232] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefefe7ab5 11 bytes [B8, F9, 5C, 64, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1232] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefefe8b01 11 bytes [B8, B9, 57, 64, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1232] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefefe8c39 11 bytes [B8, 79, 59, 64, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1232] C:\Windows\system32\WS2_32.dll!WSASend + 1 000007feff7013b1 11 bytes [B8, F9, BE, 64, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1232] C:\Windows\system32\WS2_32.dll!closesocket 000007feff7018e0 12 bytes [48, B8, 39, BD, 64, 76, 00, ...] .text C:\Windows\system32\svchost.exe[1232] C:\Windows\system32\WS2_32.dll!WSASocketW + 1 000007feff701bd1 11 bytes [B8, 79, BB, 64, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1232] C:\Windows\system32\WS2_32.dll!WSARecv + 1 000007feff702201 11 bytes [B8, F9, E1, 64, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1232] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 000007feff7023c0 12 bytes [48, B8, 79, A6, 64, 76, 00, ...] .text C:\Windows\system32\svchost.exe[1232] C:\Windows\system32\WS2_32.dll!connect 000007feff7045c0 12 bytes [48, B8, 79, 67, 64, 76, 00, ...] .text C:\Windows\system32\svchost.exe[1232] C:\Windows\system32\WS2_32.dll!send + 1 000007feff708001 11 bytes [B8, B9, B9, 64, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1232] C:\Windows\system32\WS2_32.dll!gethostbyname 000007feff708df0 7 bytes [48, B8, 39, A8, 64, 76, 00] .text C:\Windows\system32\svchost.exe[1232] C:\Windows\system32\WS2_32.dll!gethostbyname + 9 000007feff708df9 3 bytes [00, 50, C3] .text C:\Windows\system32\svchost.exe[1232] C:\Windows\system32\WS2_32.dll!socket + 1 000007feff70de91 11 bytes [B8, F9, DA, 64, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1232] C:\Windows\system32\WS2_32.dll!recv + 1 000007feff70df41 11 bytes [B8, 39, E0, 64, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1232] C:\Windows\system32\WS2_32.dll!WSAConnect + 1 000007feff72e0f1 11 bytes [B8, 79, DE, 64, 76, 00, 00, ...] .text C:\Windows\SysWOW64\svchost.exe[1988] C:\Windows\SysWOW64\ntdll.dll!NtWriteFile 0000000077e8f928 5 bytes JMP 0000000174886ad9 .text C:\Windows\SysWOW64\svchost.exe[1988] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000077e8f9e0 5 bytes JMP 00000001748864e9 .text C:\Windows\SysWOW64\svchost.exe[1988] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000077e8fb28 5 bytes JMP 0000000174885ef9 .text C:\Windows\SysWOW64\svchost.exe[1988] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 0000000077e8fc20 5 bytes JMP 00000001748831d9 .text C:\Windows\SysWOW64\svchost.exe[1988] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 0000000077e8fc50 5 bytes JMP 00000001748815f1 .text C:\Windows\SysWOW64\svchost.exe[1988] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 0000000077e8fc80 5 bytes JMP 0000000174881689 .text C:\Windows\SysWOW64\svchost.exe[1988] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077e8fcb0 5 bytes JMP 0000000174885e61 .text C:\Windows\SysWOW64\svchost.exe[1988] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 0000000077e8fdc8 5 bytes JMP 0000000174886a41 .text C:\Windows\SysWOW64\svchost.exe[1988] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077e8fe14 5 bytes JMP 00000001748830a9 .text C:\Windows\SysWOW64\svchost.exe[1988] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 0000000077e8fe44 5 bytes JMP 0000000174883309 .text C:\Windows\SysWOW64\svchost.exe[1988] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 0000000077e8ff24 5 bytes JMP 0000000174883271 .text C:\Windows\SysWOW64\svchost.exe[1988] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 0000000077e8ffa4 5 bytes JMP 0000000174886b71 .text C:\Windows\SysWOW64\svchost.exe[1988] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 0000000077e8ffec 5 bytes JMP 0000000174882ee1 .text C:\Windows\SysWOW64\svchost.exe[1988] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077e90004 5 bytes JMP 0000000174882db1 .text C:\Windows\SysWOW64\svchost.exe[1988] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077e900b4 5 bytes JMP 0000000174881ed9 .text C:\Windows\SysWOW64\svchost.exe[1988] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 0000000077e901c4 5 bytes JMP 0000000174882301 .text C:\Windows\SysWOW64\svchost.exe[1988] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077e9079c 5 bytes JMP 00000001748869a9 .text C:\Windows\SysWOW64\svchost.exe[1988] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 0000000077e90814 5 bytes JMP 0000000174882e49 .text C:\Windows\SysWOW64\svchost.exe[1988] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077e908a4 5 bytes JMP 0000000174882d19 .text C:\Windows\SysWOW64\svchost.exe[1988] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077e90df4 5 bytes JMP 0000000174886581 .text C:\Windows\SysWOW64\svchost.exe[1988] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError 0000000077e91604 5 bytes JMP 0000000174884ac9 .text C:\Windows\SysWOW64\svchost.exe[1988] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077e91920 5 bytes JMP 0000000174883141 .text C:\Windows\SysWOW64\svchost.exe[1988] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077e91be4 5 bytes JMP 0000000174886619 .text C:\Windows\SysWOW64\svchost.exe[1988] C:\Windows\SysWOW64\ntdll.dll!NtSuspendProcess 0000000077e91d54 5 bytes JMP 0000000174883439 .text C:\Windows\SysWOW64\svchost.exe[1988] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077e91d70 5 bytes JMP 00000001748833a1 .text C:\Windows\SysWOW64\svchost.exe[1988] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077e91d8c 5 bytes JMP 0000000174886c09 .text C:\Windows\SysWOW64\svchost.exe[1988] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter 0000000077ea88c4 5 bytes JMP 0000000174881ab1 .text C:\Windows\SysWOW64\svchost.exe[1988] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx 0000000077ed0d3b 5 bytes JMP 0000000174882009 .text C:\Windows\SysWOW64\svchost.exe[1988] C:\Windows\SysWOW64\ntdll.dll!RtlReportException 0000000077f1860f 5 bytes JMP 0000000174884b61 .text C:\Windows\SysWOW64\svchost.exe[1988] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters 0000000077f1e8ab 5 bytes JMP 0000000174881f71 .text C:\Windows\SysWOW64\svchost.exe[1988] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA 0000000077520e00 5 bytes JMP 0000000174881da9 .text C:\Windows\SysWOW64\svchost.exe[1988] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000077521072 5 bytes JMP 0000000174882a21 .text C:\Windows\SysWOW64\svchost.exe[1988] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 000000007752499f 5 bytes JMP 00000001748825f9 .text C:\Windows\SysWOW64\svchost.exe[1988] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000077533bbb 5 bytes JMP 0000000174883011 .text C:\Windows\SysWOW64\svchost.exe[1988] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot 0000000077547327 5 bytes JMP 0000000174882729 .text C:\Windows\SysWOW64\svchost.exe[1988] C:\Windows\syswow64\kernel32.dll!Process32NextW 00000000775488da 5 bytes JMP 0000000174886451 .text C:\Windows\SysWOW64\svchost.exe[1988] C:\Windows\syswow64\kernel32.dll!WinExec 00000000775a2ff1 5 bytes JMP 00000001748828f1 .text C:\Windows\SysWOW64\svchost.exe[1988] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA 00000000775c748b 5 bytes JMP 00000001748846a1 .text C:\Windows\SysWOW64\svchost.exe[1988] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW 00000000775c74ae 5 bytes JMP 00000001748847d1 .text C:\Windows\SysWOW64\svchost.exe[1988] C:\Windows\syswow64\kernel32.dll!ReadConsoleA 00000000775c7859 5 bytes JMP 0000000174884901 .text C:\Windows\SysWOW64\svchost.exe[1988] C:\Windows\syswow64\kernel32.dll!ReadConsoleW 00000000775c78d2 5 bytes JMP 0000000174884a31 .text C:\Windows\SysWOW64\svchost.exe[1988] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime 0000000075a58f8d 5 bytes JMP 0000000174881a19 .text C:\Windows\SysWOW64\svchost.exe[1988] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle 0000000075a5c436 5 bytes JMP 0000000174883b59 .text C:\Windows\SysWOW64\svchost.exe[1988] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 0000000075a5eca6 5 bytes JMP 0000000174883601 .text C:\Windows\SysWOW64\svchost.exe[1988] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess 0000000075a5f206 5 bytes JMP 0000000174882399 .text C:\Windows\SysWOW64\svchost.exe[1988] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW 0000000075a5fa89 5 bytes JMP 0000000174881e41 .text C:\Windows\SysWOW64\svchost.exe[1988] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW 0000000075a61358 5 bytes JMP 0000000174883ac1 .text C:\Windows\SysWOW64\svchost.exe[1988] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 0000000075a6137f 5 bytes JMP 0000000174883a29 .text C:\Windows\SysWOW64\svchost.exe[1988] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075a61d29 5 bytes JMP 0000000174881981 .text C:\Windows\SysWOW64\svchost.exe[1988] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress 0000000075a61e15 5 bytes JMP 00000001748824c9 .text C:\Windows\SysWOW64\svchost.exe[1988] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075a62ab1 5 bytes JMP 0000000174886029 .text C:\Windows\SysWOW64\svchost.exe[1988] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA 0000000075a62cd9 5 bytes JMP 0000000174885f91 .text C:\Windows\SysWOW64\svchost.exe[1988] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075a62d17 5 bytes JMP 00000001748860c1 .text C:\Windows\SysWOW64\svchost.exe[1988] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA 0000000075a62e7a 5 bytes JMP 00000001748818e9 .text C:\Windows\SysWOW64\svchost.exe[1988] C:\Windows\syswow64\KERNELBASE.dll!SleepEx 0000000075a63b70 5 bytes JMP 0000000174882269 .text C:\Windows\SysWOW64\svchost.exe[1988] C:\Windows\syswow64\KERNELBASE.dll!Sleep 0000000075a64496 5 bytes JMP 0000000174882431 .text C:\Windows\SysWOW64\svchost.exe[1988] C:\Windows\syswow64\KERNELBASE.dll!CreateThread 0000000075a64608 5 bytes JMP 0000000174883569 .text C:\Windows\SysWOW64\svchost.exe[1988] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread 0000000075a64631 5 bytes JMP 0000000174882c81 .text C:\Windows\SysWOW64\svchost.exe[1988] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA 0000000075a6c734 5 bytes JMP 00000001748827c1 .text C:\Windows\SysWOW64\svchost.exe[1988] C:\Windows\syswow64\msvcrt.dll!_lock + 41 000000007605a472 5 bytes JMP 0000000174886ca1 .text C:\Windows\SysWOW64\svchost.exe[1988] C:\Windows\syswow64\msvcrt.dll!__p__fmode 00000000760627ce 5 bytes JMP 0000000174881be1 .text C:\Windows\SysWOW64\svchost.exe[1988] C:\Windows\syswow64\msvcrt.dll!__p__environ 000000007606e6cf 5 bytes JMP 0000000174881b49 .text C:\Windows\SysWOW64\svchost.exe[1988] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceW 000000007737c9ec 5 bytes JMP 0000000174883c89 .text C:\Windows\SysWOW64\svchost.exe[1988] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceA 0000000077382b70 5 bytes JMP 0000000174883bf1 .text C:\Windows\SysWOW64\svchost.exe[1988] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle 000000007738361c 5 bytes JMP 00000001748840b1 .text C:\Windows\SysWOW64\svchost.exe[1988] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA + 222 0000000077384965 5 bytes JMP 0000000174886d39 .text C:\Windows\SysWOW64\svchost.exe[1988] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 00000000773970c4 5 bytes JMP 0000000174884311 .text C:\Windows\SysWOW64\svchost.exe[1988] C:\Windows\syswow64\ADVAPI32.dll!ControlService 00000000773970dc 5 bytes JMP 0000000174883e51 .text C:\Windows\SysWOW64\svchost.exe[1988] C:\Windows\syswow64\ADVAPI32.dll!DeleteService 00000000773970f4 5 bytes JMP 0000000174883ee9 .text C:\Windows\SysWOW64\svchost.exe[1988] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA 00000000773b31f4 5 bytes JMP 0000000174883f81 .text C:\Windows\SysWOW64\svchost.exe[1988] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW 00000000773b3204 5 bytes JMP 0000000174884019 .text C:\Windows\SysWOW64\svchost.exe[1988] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA 00000000773b3214 5 bytes JMP 0000000174883d21 .text C:\Windows\SysWOW64\svchost.exe[1988] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExW 00000000773b3224 5 bytes JMP 0000000174883db9 .text C:\Windows\SysWOW64\svchost.exe[1988] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 00000000773b3264 5 bytes JMP 0000000174884279 .text C:\Windows\SysWOW64\svchost.exe[1988] C:\Windows\syswow64\USER32.dll!GetMessageW 00000000774278e2 5 bytes JMP 0000000174884441 .text C:\Windows\SysWOW64\svchost.exe[1988] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000077427bd3 5 bytes JMP 00000001748843a9 .text C:\Windows\SysWOW64\svchost.exe[1988] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000077428a29 5 bytes JMP 00000001748857d9 .text C:\Windows\SysWOW64\svchost.exe[1988] C:\Windows\syswow64\USER32.dll!FindWindowW 00000000774298fd 5 bytes JMP 0000000174886289 .text C:\Windows\SysWOW64\svchost.exe[1988] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize 000000007742b6ed 5 bytes JMP 0000000174886dd1 .text C:\Windows\SysWOW64\svchost.exe[1988] C:\Windows\syswow64\USER32.dll!CreateWindowExA 000000007742d22e 5 bytes JMP 0000000174885871 .text C:\Windows\SysWOW64\svchost.exe[1988] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007742ee09 5 bytes JMP 00000001748834d1 .text C:\Windows\SysWOW64\svchost.exe[1988] C:\Windows\syswow64\USER32.dll!FindWindowA 000000007742ffe6 5 bytes JMP 0000000174886159 .text C:\Windows\SysWOW64\svchost.exe[1988] C:\Windows\syswow64\USER32.dll!FindWindowExA 00000000774300d9 5 bytes JMP 00000001748861f1 .text C:\Windows\SysWOW64\svchost.exe[1988] C:\Windows\syswow64\USER32.dll!PeekMessageW 00000000774305ba 5 bytes JMP 0000000174884571 .text C:\Windows\SysWOW64\svchost.exe[1988] C:\Windows\syswow64\USER32.dll!ShowWindow 0000000077430dfb 5 bytes JMP 0000000174885909 .text C:\Windows\SysWOW64\svchost.exe[1988] C:\Windows\syswow64\USER32.dll!SetWindowTextW 00000000774320ec 5 bytes JMP 0000000174885c99 .text C:\Windows\SysWOW64\svchost.exe[1988] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000077435f74 5 bytes JMP 00000001748844d9 .text C:\Windows\SysWOW64\svchost.exe[1988] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000077436285 5 bytes JMP 0000000174884bf9 .text C:\Windows\SysWOW64\svchost.exe[1988] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000077437603 5 bytes JMP 0000000174882be9 .text C:\Windows\SysWOW64\svchost.exe[1988] C:\Windows\syswow64\USER32.dll!SetWindowTextA 0000000077437aee 5 bytes JMP 0000000174885c01 .text C:\Windows\SysWOW64\svchost.exe[1988] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007743835c 5 bytes JMP 0000000174882b51 .text C:\Windows\SysWOW64\svchost.exe[1988] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamAorW 000000007744ce54 5 bytes JMP 0000000174885a39 .text C:\Windows\SysWOW64\svchost.exe[1988] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007744f52b 5 bytes JMP 0000000174884c91 .text C:\Windows\SysWOW64\svchost.exe[1988] C:\Windows\syswow64\USER32.dll!FindWindowExW 000000007744f588 5 bytes JMP 0000000174886321 .text C:\Windows\SysWOW64\svchost.exe[1988] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamAorW 00000000774510a0 5 bytes JMP 00000001748859a1 .text C:\Windows\SysWOW64\svchost.exe[1988] C:\Windows\syswow64\USER32.dll!MessageBoxExA 000000007747fcd6 5 bytes JMP 0000000174885ad1 .text C:\Windows\SysWOW64\svchost.exe[1988] C:\Windows\syswow64\USER32.dll!MessageBoxExW 000000007747fcfa 5 bytes JMP 0000000174885b69 .text C:\Windows\SysWOW64\svchost.exe[1988] C:\Windows\syswow64\SHELL32.dll!Shell_NotifyIconW 0000000076740179 5 bytes JMP 0000000174884d29 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtWriteFile 0000000077e8f928 5 bytes JMP 0000000174886ca1 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000077e8f9e0 5 bytes JMP 00000001748864e9 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000077e8fb28 5 bytes JMP 0000000174885ef9 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 0000000077e8fc20 5 bytes JMP 00000001748831d9 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 0000000077e8fc50 5 bytes JMP 00000001748815f1 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 0000000077e8fc80 5 bytes JMP 0000000174881689 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077e8fcb0 5 bytes JMP 0000000174885e61 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 0000000077e8fdc8 5 bytes JMP 0000000174886c09 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077e8fe14 5 bytes JMP 00000001748830a9 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 0000000077e8fe44 5 bytes JMP 0000000174883309 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 0000000077e8ff24 5 bytes JMP 0000000174883271 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 0000000077e8ffa4 5 bytes JMP 0000000174886d39 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 0000000077e8ffec 5 bytes JMP 0000000174882ee1 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077e90004 5 bytes JMP 0000000174882db1 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077e900b4 5 bytes JMP 0000000174881ed9 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 0000000077e901c4 5 bytes JMP 0000000174882301 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077e9079c 5 bytes JMP 0000000174886b71 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 0000000077e90814 5 bytes JMP 0000000174882e49 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077e908a4 5 bytes JMP 0000000174882d19 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077e90df4 5 bytes JMP 0000000174886581 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError 0000000077e91604 5 bytes JMP 0000000174884ac9 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077e91920 5 bytes JMP 0000000174883141 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077e91be4 5 bytes JMP 0000000174886619 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtSuspendProcess 0000000077e91d54 5 bytes JMP 0000000174883439 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077e91d70 5 bytes JMP 00000001748833a1 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077e91d8c 5 bytes JMP 0000000174886dd1 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1764] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl 0000000077e91ee8 5 bytes JMP 00000001748869a9 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1764] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter 0000000077ea88c4 5 bytes JMP 0000000174881ab1 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1764] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx 0000000077ed0d3b 5 bytes JMP 0000000174882009 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1764] C:\Windows\SysWOW64\ntdll.dll!RtlReportException 0000000077f1860f 5 bytes JMP 0000000174884b61 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1764] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters 0000000077f1e8ab 5 bytes JMP 0000000174881f71 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1764] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA 0000000077520e00 5 bytes JMP 0000000174881da9 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1764] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000077521072 5 bytes JMP 0000000174882a21 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1764] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 000000007752499f 5 bytes JMP 00000001748825f9 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1764] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000077533bbb 5 bytes JMP 0000000174883011 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1764] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot 0000000077547327 5 bytes JMP 0000000174882729 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1764] C:\Windows\syswow64\kernel32.dll!Process32NextW 00000000775488da 5 bytes JMP 0000000174886451 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1764] C:\Windows\syswow64\kernel32.dll!WinExec 00000000775a2ff1 5 bytes JMP 00000001748828f1 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1764] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA 00000000775c748b 5 bytes JMP 00000001748846a1 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1764] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW 00000000775c74ae 5 bytes JMP 00000001748847d1 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1764] C:\Windows\syswow64\kernel32.dll!ReadConsoleA 00000000775c7859 5 bytes JMP 0000000174884901 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1764] C:\Windows\syswow64\kernel32.dll!ReadConsoleW 00000000775c78d2 5 bytes JMP 0000000174884a31 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1764] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime 0000000075a58f8d 5 bytes JMP 0000000174881a19 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1764] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle 0000000075a5c436 5 bytes JMP 0000000174883b59 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1764] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 0000000075a5eca6 5 bytes JMP 0000000174883601 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1764] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess 0000000075a5f206 5 bytes JMP 0000000174882399 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1764] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW 0000000075a5fa89 5 bytes JMP 0000000174881e41 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1764] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW 0000000075a61358 5 bytes JMP 0000000174883ac1 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1764] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 0000000075a6137f 5 bytes JMP 0000000174883a29 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1764] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075a61d29 5 bytes JMP 0000000174881981 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1764] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress 0000000075a61e15 5 bytes JMP 00000001748824c9 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1764] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075a62ab1 5 bytes JMP 0000000174886029 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1764] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA 0000000075a62cd9 5 bytes JMP 0000000174885f91 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1764] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075a62d17 5 bytes JMP 00000001748860c1 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1764] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA 0000000075a62e7a 5 bytes JMP 00000001748818e9 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1764] C:\Windows\syswow64\KERNELBASE.dll!SleepEx 0000000075a63b70 5 bytes JMP 0000000174882269 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1764] C:\Windows\syswow64\KERNELBASE.dll!Sleep 0000000075a64496 5 bytes JMP 0000000174882431 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1764] C:\Windows\syswow64\KERNELBASE.dll!CreateThread 0000000075a64608 5 bytes JMP 0000000174883569 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1764] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread 0000000075a64631 5 bytes JMP 0000000174882c81 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1764] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA 0000000075a6c734 5 bytes JMP 00000001748827c1 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1764] C:\Windows\syswow64\USER32.dll!GetMessageW 00000000774278e2 5 bytes JMP 0000000174884441 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1764] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000077427bd3 5 bytes JMP 00000001748843a9 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1764] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000077428a29 5 bytes JMP 00000001748857d9 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1764] C:\Windows\syswow64\USER32.dll!FindWindowW 00000000774298fd 5 bytes JMP 0000000174886289 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1764] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize 000000007742b6ed 5 bytes JMP 0000000174886e69 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1764] C:\Windows\syswow64\USER32.dll!CreateWindowExA 000000007742d22e 5 bytes JMP 0000000174885871 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1764] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007742ee09 5 bytes JMP 00000001748834d1 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1764] C:\Windows\syswow64\USER32.dll!FindWindowA 000000007742ffe6 5 bytes JMP 0000000174886159 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1764] C:\Windows\syswow64\USER32.dll!FindWindowExA 00000000774300d9 5 bytes JMP 00000001748861f1 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1764] C:\Windows\syswow64\USER32.dll!PeekMessageW 00000000774305ba 5 bytes JMP 0000000174884571 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1764] C:\Windows\syswow64\USER32.dll!ShowWindow 0000000077430dfb 5 bytes JMP 0000000174885909 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1764] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000774312a5 5 bytes JMP 0000000174886ad9 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1764] C:\Windows\syswow64\USER32.dll!SetWindowTextW 00000000774320ec 5 bytes JMP 0000000174885c99 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1764] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000077433baa 5 bytes JMP 0000000174886a41 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1764] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000077435f74 5 bytes JMP 00000001748844d9 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1764] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000077436285 5 bytes JMP 0000000174884bf9 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1764] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000077437603 5 bytes JMP 0000000174882be9 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1764] C:\Windows\syswow64\USER32.dll!SetWindowTextA 0000000077437aee 5 bytes JMP 0000000174885c01 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1764] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007743835c 5 bytes JMP 0000000174882b51 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1764] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamAorW 000000007744ce54 5 bytes JMP 0000000174885a39 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1764] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007744f52b 5 bytes JMP 0000000174884c91 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1764] C:\Windows\syswow64\USER32.dll!FindWindowExW 000000007744f588 5 bytes JMP 0000000174886321 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1764] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamAorW 00000000774510a0 5 bytes JMP 00000001748859a1 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1764] C:\Windows\syswow64\USER32.dll!MessageBoxExA 000000007747fcd6 5 bytes JMP 0000000174885ad1 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1764] C:\Windows\syswow64\USER32.dll!MessageBoxExW 000000007747fcfa 5 bytes JMP 0000000174885b69 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1764] C:\Windows\syswow64\msvcrt.dll!_lock + 41 000000007605a472 5 bytes JMP 0000000174886f01 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1764] C:\Windows\syswow64\msvcrt.dll!__p__fmode 00000000760627ce 5 bytes JMP 0000000174881be1 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1764] C:\Windows\syswow64\msvcrt.dll!__p__environ 000000007606e6cf 5 bytes JMP 0000000174881b49 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1764] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceW 000000007737c9ec 5 bytes JMP 0000000174883c89 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1764] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceA 0000000077382b70 5 bytes JMP 0000000174883bf1 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1764] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle 000000007738361c 5 bytes JMP 00000001748840b1 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1764] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA + 222 0000000077384965 5 bytes JMP 0000000174886f99 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1764] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 00000000773970c4 5 bytes JMP 0000000174884311 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1764] C:\Windows\syswow64\ADVAPI32.dll!ControlService 00000000773970dc 5 bytes JMP 0000000174883e51 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1764] C:\Windows\syswow64\ADVAPI32.dll!DeleteService 00000000773970f4 5 bytes JMP 0000000174883ee9 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1764] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA 00000000773b31f4 5 bytes JMP 0000000174883f81 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1764] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW 00000000773b3204 5 bytes JMP 0000000174884019 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1764] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA 00000000773b3214 5 bytes JMP 0000000174883d21 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1764] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExW 00000000773b3224 5 bytes JMP 0000000174883db9 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1764] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 00000000773b3264 5 bytes JMP 0000000174884279 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1764] C:\Windows\syswow64\SHELL32.dll!Shell_NotifyIconW 0000000076740179 5 bytes JMP 0000000174884d29 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1764] C:\Windows\syswow64\WS2_32.dll!closesocket 00000000763b3918 5 bytes JMP 0000000174885dc9 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1764] C:\Windows\syswow64\WS2_32.dll!WSASocketW 00000000763b3cd3 5 bytes JMP 0000000174885d31 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1764] C:\Windows\syswow64\WS2_32.dll!socket 00000000763b3eb8 5 bytes JMP 00000001748866b1 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1764] C:\Windows\syswow64\WS2_32.dll!WSASend 00000000763b4406 5 bytes JMP 0000000174882139 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1764] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoW 00000000763b4889 5 bytes JMP 00000001748856a9 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1764] C:\Windows\syswow64\WS2_32.dll!recv 00000000763b6b0e 5 bytes JMP 0000000174886879 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1764] C:\Windows\syswow64\WS2_32.dll!connect 00000000763b6bdd 1 byte JMP 00000001748841e1 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1764] C:\Windows\syswow64\WS2_32.dll!connect + 2 00000000763b6bdf 3 bytes {CALL RBP} .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1764] C:\Windows\syswow64\WS2_32.dll!send 00000000763b6f01 5 bytes JMP 00000001748820a1 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1764] C:\Windows\syswow64\WS2_32.dll!WSARecv 00000000763b7089 5 bytes JMP 0000000174886911 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1764] C:\Windows\syswow64\WS2_32.dll!WSAConnect 00000000763bcc3f 5 bytes JMP 00000001748867e1 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1764] C:\Windows\syswow64\WS2_32.dll!gethostbyname 00000000763c7673 5 bytes JMP 0000000174885741 .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2064] C:\Windows\SysWOW64\ntdll.dll!NtWriteFile 0000000077e8f928 5 bytes JMP 0000000174886ca1 .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2064] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000077e8f9e0 5 bytes JMP 00000001748864e9 .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2064] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000077e8fb28 5 bytes JMP 0000000174885ef9 .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2064] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 0000000077e8fc20 5 bytes JMP 00000001748831d9 .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2064] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 0000000077e8fc50 5 bytes JMP 00000001748815f1 .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2064] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 0000000077e8fc80 5 bytes JMP 0000000174881689 .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2064] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077e8fcb0 5 bytes JMP 0000000174885e61 .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2064] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 0000000077e8fdc8 5 bytes JMP 0000000174886c09 .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2064] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077e8fe14 5 bytes JMP 00000001748830a9 .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2064] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 0000000077e8fe44 5 bytes JMP 0000000174883309 .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2064] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 0000000077e8ff24 5 bytes JMP 0000000174883271 .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2064] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 0000000077e8ffa4 5 bytes JMP 0000000174886d39 .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2064] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 0000000077e8ffec 5 bytes JMP 0000000174882ee1 .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2064] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077e90004 5 bytes JMP 0000000174882db1 .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2064] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077e900b4 5 bytes JMP 0000000174881ed9 .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2064] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 0000000077e901c4 5 bytes JMP 0000000174882301 .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2064] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077e9079c 5 bytes JMP 0000000174886b71 .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2064] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 0000000077e90814 5 bytes JMP 0000000174882e49 .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2064] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077e908a4 5 bytes JMP 0000000174882d19 .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2064] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077e90df4 5 bytes JMP 0000000174886581 .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2064] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError 0000000077e91604 5 bytes JMP 0000000174884ac9 .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2064] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077e91920 5 bytes JMP 0000000174883141 .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2064] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077e91be4 5 bytes JMP 0000000174886619 .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2064] C:\Windows\SysWOW64\ntdll.dll!NtSuspendProcess 0000000077e91d54 5 bytes JMP 0000000174883439 .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2064] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077e91d70 5 bytes JMP 00000001748833a1 .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2064] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077e91d8c 5 bytes JMP 0000000174886dd1 .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2064] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl 0000000077e91ee8 5 bytes JMP 00000001748869a9 .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2064] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter 0000000077ea88c4 5 bytes JMP 0000000174881ab1 .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2064] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx 0000000077ed0d3b 5 bytes JMP 0000000174882009 .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2064] C:\Windows\SysWOW64\ntdll.dll!RtlReportException 0000000077f1860f 5 bytes JMP 0000000174884b61 .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2064] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters 0000000077f1e8ab 5 bytes JMP 0000000174881f71 .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2064] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA 0000000077520e00 5 bytes JMP 0000000174881da9 .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2064] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000077521072 5 bytes JMP 0000000174882a21 .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2064] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 000000007752499f 5 bytes JMP 00000001748825f9 .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2064] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000077533bbb 5 bytes JMP 0000000174883011 .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2064] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot 0000000077547327 5 bytes JMP 0000000174882729 .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2064] C:\Windows\syswow64\kernel32.dll!Process32NextW 00000000775488da 5 bytes JMP 0000000174886451 .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2064] C:\Windows\syswow64\kernel32.dll!WinExec 00000000775a2ff1 5 bytes JMP 00000001748828f1 .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2064] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA 00000000775c748b 5 bytes JMP 00000001748846a1 .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2064] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW 00000000775c74ae 5 bytes JMP 00000001748847d1 .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2064] C:\Windows\syswow64\kernel32.dll!ReadConsoleA 00000000775c7859 5 bytes JMP 0000000174884901 .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2064] C:\Windows\syswow64\kernel32.dll!ReadConsoleW 00000000775c78d2 5 bytes JMP 0000000174884a31 .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2064] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime 0000000075a58f8d 5 bytes JMP 0000000174881a19 .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2064] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle 0000000075a5c436 5 bytes JMP 0000000174883b59 .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2064] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 0000000075a5eca6 5 bytes JMP 0000000174883601 .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2064] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess 0000000075a5f206 5 bytes JMP 0000000174882399 .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2064] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW 0000000075a5fa89 5 bytes JMP 0000000174881e41 .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2064] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW 0000000075a61358 5 bytes JMP 0000000174883ac1 .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2064] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 0000000075a6137f 5 bytes JMP 0000000174883a29 .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2064] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075a61d29 5 bytes JMP 0000000174881981 .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2064] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress 0000000075a61e15 5 bytes JMP 00000001748824c9 .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2064] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075a62ab1 5 bytes JMP 0000000174886029 .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2064] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA 0000000075a62cd9 5 bytes JMP 0000000174885f91 .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2064] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075a62d17 5 bytes JMP 00000001748860c1 .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2064] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA 0000000075a62e7a 5 bytes JMP 00000001748818e9 .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2064] C:\Windows\syswow64\KERNELBASE.dll!SleepEx 0000000075a63b70 5 bytes JMP 0000000174882269 .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2064] C:\Windows\syswow64\KERNELBASE.dll!Sleep 0000000075a64496 5 bytes JMP 0000000174882431 .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2064] C:\Windows\syswow64\KERNELBASE.dll!CreateThread 0000000075a64608 5 bytes JMP 0000000174883569 .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2064] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread 0000000075a64631 5 bytes JMP 0000000174882c81 .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2064] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA 0000000075a6c734 5 bytes JMP 00000001748827c1 .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2064] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceW 000000007737c9ec 5 bytes JMP 0000000174883c89 .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2064] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceA 0000000077382b70 5 bytes JMP 0000000174883bf1 .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2064] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle 000000007738361c 5 bytes JMP 00000001748840b1 .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2064] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA + 222 0000000077384965 1 byte JMP 0000000174886e69 .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2064] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA + 224 0000000077384967 3 bytes {JMP QWORD [RAX+RDX*2]} .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2064] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 00000000773970c4 5 bytes JMP 0000000174884311 .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2064] C:\Windows\syswow64\ADVAPI32.dll!ControlService 00000000773970dc 5 bytes JMP 0000000174883e51 .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2064] C:\Windows\syswow64\ADVAPI32.dll!DeleteService 00000000773970f4 5 bytes JMP 0000000174883ee9 .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2064] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA 00000000773b31f4 5 bytes JMP 0000000174883f81 .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2064] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW 00000000773b3204 5 bytes JMP 0000000174884019 .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2064] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA 00000000773b3214 5 bytes JMP 0000000174883d21 .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2064] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExW 00000000773b3224 5 bytes JMP 0000000174883db9 .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2064] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 00000000773b3264 5 bytes JMP 0000000174884279 .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2064] C:\Windows\syswow64\msvcrt.dll!_lock + 41 000000007605a472 5 bytes JMP 0000000174886f01 .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2064] C:\Windows\syswow64\msvcrt.dll!__p__fmode 00000000760627ce 5 bytes JMP 0000000174881be1 .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2064] C:\Windows\syswow64\msvcrt.dll!__p__environ 000000007606e6cf 5 bytes JMP 0000000174881b49 .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2064] C:\Windows\syswow64\USER32.dll!GetMessageW 00000000774278e2 5 bytes JMP 0000000174884441 .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2064] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000077427bd3 5 bytes JMP 00000001748843a9 .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2064] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000077428a29 5 bytes JMP 00000001748857d9 .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2064] C:\Windows\syswow64\USER32.dll!FindWindowW 00000000774298fd 5 bytes JMP 0000000174886289 .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2064] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize 000000007742b6ed 5 bytes JMP 0000000174886f99 .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2064] C:\Windows\syswow64\USER32.dll!CreateWindowExA 000000007742d22e 5 bytes JMP 0000000174885871 .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2064] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007742ee09 5 bytes JMP 00000001748834d1 .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2064] C:\Windows\syswow64\USER32.dll!FindWindowA 000000007742ffe6 5 bytes JMP 0000000174886159 .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2064] C:\Windows\syswow64\USER32.dll!FindWindowExA 00000000774300d9 5 bytes JMP 00000001748861f1 .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2064] C:\Windows\syswow64\USER32.dll!PeekMessageW 00000000774305ba 5 bytes JMP 0000000174884571 .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2064] C:\Windows\syswow64\USER32.dll!ShowWindow 0000000077430dfb 5 bytes JMP 0000000174885909 .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2064] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000774312a5 5 bytes JMP 0000000174886ad9 .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2064] C:\Windows\syswow64\USER32.dll!SetWindowTextW 00000000774320ec 5 bytes JMP 0000000174885c99 .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2064] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000077433baa 5 bytes JMP 0000000174886a41 .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2064] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000077435f74 5 bytes JMP 00000001748844d9 .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2064] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000077436285 5 bytes JMP 0000000174884bf9 .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2064] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000077437603 5 bytes JMP 0000000174882be9 .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2064] C:\Windows\syswow64\USER32.dll!SetWindowTextA 0000000077437aee 5 bytes JMP 0000000174885c01 .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2064] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007743835c 5 bytes JMP 0000000174882b51 .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2064] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamAorW 000000007744ce54 5 bytes JMP 0000000174885a39 .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2064] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007744f52b 5 bytes JMP 0000000174884c91 .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2064] C:\Windows\syswow64\USER32.dll!FindWindowExW 000000007744f588 5 bytes JMP 0000000174886321 .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2064] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamAorW 00000000774510a0 5 bytes JMP 00000001748859a1 .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2064] C:\Windows\syswow64\USER32.dll!MessageBoxExA 000000007747fcd6 5 bytes JMP 0000000174885ad1 .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2064] C:\Windows\syswow64\USER32.dll!MessageBoxExW 000000007747fcfa 5 bytes JMP 0000000174885b69 .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2064] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000765b1465 2 bytes [5B, 76] .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2064] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000765b14bb 2 bytes [5B, 76] .text ... * 2 .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2064] C:\Windows\syswow64\SHELL32.dll!Shell_NotifyIconW 0000000076740179 5 bytes JMP 0000000174884d29 .text C:\Windows\System32\svchost.exe[2120] C:\Windows\system32\kernel32.dll!Process32NextW + 1 0000000077a71b21 11 bytes [B8, F9, D3, 64, 76, 00, 00, ...] .text C:\Windows\System32\svchost.exe[2120] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 0000000077a71c10 12 bytes [48, B8, F9, 39, 64, 76, 00, ...] .text C:\Windows\System32\svchost.exe[2120] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000077a8db80 12 bytes [48, B8, B9, 2D, 64, 76, 00, ...] .text C:\Windows\System32\svchost.exe[2120] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 0000000077a90931 11 bytes [B8, 79, E5, 64, 76, 00, 00, ...] .text C:\Windows\System32\svchost.exe[2120] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 0000000077ac52f1 11 bytes [B8, B9, 7A, 64, 76, 00, 00, ...] .text C:\Windows\System32\svchost.exe[2120] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000077ac5311 11 bytes [B8, 39, 77, 64, 76, 00, 00, ...] .text C:\Windows\System32\svchost.exe[2120] C:\Windows\system32\kernel32.dll!ReadConsoleW 0000000077ada5e0 12 bytes [48, B8, B9, 81, 64, 76, 00, ...] .text C:\Windows\System32\svchost.exe[2120] C:\Windows\system32\kernel32.dll!ReadConsoleA 0000000077ada6f0 12 bytes [48, B8, 39, 7E, 64, 76, 00, ...] .text C:\Windows\System32\svchost.exe[2120] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefdc21861 11 bytes [B8, 79, 52, 64, 76, 00, 00, ...] .text C:\Windows\System32\svchost.exe[2120] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefdc22db1 11 bytes [B8, B9, C7, 64, 76, 00, 00, ...] .text C:\Windows\System32\svchost.exe[2120] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefdc23461 11 bytes [B8, 79, C9, 64, 76, 00, 00, ...] .text C:\Windows\System32\svchost.exe[2120] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdc28ef0 12 bytes [48, B8, F9, C5, 64, 76, 00, ...] .text C:\Windows\System32\svchost.exe[2120] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefdc294c0 12 bytes [48, B8, B9, 50, 64, 76, 00, ...] .text C:\Windows\System32\svchost.exe[2120] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefdc2bfd1 11 bytes [B8, 39, C4, 64, 76, 00, 00, ...] .text C:\Windows\System32\svchost.exe[2120] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefdc32af1 11 bytes [B8, F9, 4E, 64, 76, 00, 00, ...] .text C:\Windows\System32\svchost.exe[2120] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefdc54350 12 bytes [48, B8, B9, 42, 64, 76, 00, ...] .text C:\Windows\System32\svchost.exe[2120] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefdc62871 8 bytes [B8, 39, 23, 64, 76, 00, 00, ...] .text C:\Windows\System32\svchost.exe[2120] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefdc6287a 2 bytes [50, C3] .text C:\Windows\System32\svchost.exe[2120] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefdc628b1 11 bytes [B8, F9, 40, 64, 76, 00, 00, ...] .text C:\Windows\System32\svchost.exe[2120] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefefe642d 11 bytes [B8, 39, 5B, 64, 76, 00, 00, ...] .text C:\Windows\System32\svchost.exe[2120] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefefe6484 12 bytes [48, B8, F9, 55, 64, 76, 00, ...] .text C:\Windows\System32\svchost.exe[2120] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefefe6519 11 bytes [B8, 39, 62, 64, 76, 00, 00, ...] .text C:\Windows\System32\svchost.exe[2120] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefefe6c34 12 bytes [48, B8, 39, 54, 64, 76, 00, ...] .text C:\Windows\System32\svchost.exe[2120] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefefe7ab5 11 bytes [B8, F9, 5C, 64, 76, 00, 00, ...] .text C:\Windows\System32\svchost.exe[2120] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefefe8b01 11 bytes [B8, B9, 57, 64, 76, 00, 00, ...] .text C:\Windows\System32\svchost.exe[2120] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefefe8c39 11 bytes [B8, 79, 59, 64, 76, 00, 00, ...] .text C:\Windows\System32\svchost.exe[2120] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49 000007fefedf4ea1 11 bytes [B8, 39, F5, 64, 76, 00, 00, ...] .text C:\Windows\System32\svchost.exe[2120] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fefedf55c8 12 bytes [48, B8, B9, 6C, 64, 76, 00, ...] .text C:\Windows\System32\svchost.exe[2120] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fefee0b85c 12 bytes [48, B8, F9, 6A, 64, 76, 00, ...] .text C:\Windows\System32\svchost.exe[2120] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW 000007fefee0b9d0 12 bytes [48, B8, 79, 60, 64, 76, 00, ...] .text C:\Windows\System32\svchost.exe[2120] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007fefee0ba3c 12 bytes [48, B8, B9, 5E, 64, 76, 00, ...] .text C:\Windows\System32\svchost.exe[2120] C:\Windows\system32\WS2_32.dll!WSASend + 1 000007feff7013b1 11 bytes [B8, F9, BE, 64, 76, 00, 00, ...] .text C:\Windows\System32\svchost.exe[2120] C:\Windows\system32\WS2_32.dll!closesocket 000007feff7018e0 12 bytes [48, B8, 39, BD, 64, 76, 00, ...] .text C:\Windows\System32\svchost.exe[2120] C:\Windows\system32\WS2_32.dll!WSASocketW + 1 000007feff701bd1 11 bytes [B8, 79, BB, 64, 76, 00, 00, ...] .text C:\Windows\System32\svchost.exe[2120] C:\Windows\system32\WS2_32.dll!WSARecv + 1 000007feff702201 11 bytes [B8, F9, E1, 64, 76, 00, 00, ...] .text C:\Windows\System32\svchost.exe[2120] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 000007feff7023c0 12 bytes [48, B8, 79, A6, 64, 76, 00, ...] .text C:\Windows\System32\svchost.exe[2120] C:\Windows\system32\WS2_32.dll!connect 000007feff7045c0 12 bytes [48, B8, 79, 67, 64, 76, 00, ...] .text C:\Windows\System32\svchost.exe[2120] C:\Windows\system32\WS2_32.dll!send + 1 000007feff708001 11 bytes [B8, B9, B9, 64, 76, 00, 00, ...] .text C:\Windows\System32\svchost.exe[2120] C:\Windows\system32\WS2_32.dll!gethostbyname 000007feff708df0 7 bytes [48, B8, 39, A8, 64, 76, 00] .text C:\Windows\System32\svchost.exe[2120] C:\Windows\system32\WS2_32.dll!gethostbyname + 9 000007feff708df9 3 bytes [00, 50, C3] .text C:\Windows\System32\svchost.exe[2120] C:\Windows\system32\WS2_32.dll!socket + 1 000007feff70de91 11 bytes [B8, F9, DA, 64, 76, 00, 00, ...] .text C:\Windows\System32\svchost.exe[2120] C:\Windows\system32\WS2_32.dll!recv + 1 000007feff70df41 11 bytes [B8, 39, E0, 64, 76, 00, 00, ...] .text C:\Windows\System32\svchost.exe[2120] C:\Windows\system32\WS2_32.dll!WSAConnect + 1 000007feff72e0f1 11 bytes [B8, 79, DE, 64, 76, 00, 00, ...] .text C:\Windows\System32\svchost.exe[2220] C:\Windows\system32\kernel32.dll!Process32NextW + 1 0000000077a71b21 11 bytes [B8, F9, D3, 64, 76, 00, 00, ...] .text C:\Windows\System32\svchost.exe[2220] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 0000000077a71c10 12 bytes [48, B8, F9, 39, 64, 76, 00, ...] .text C:\Windows\System32\svchost.exe[2220] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000077a8db80 12 bytes [48, B8, B9, 2D, 64, 76, 00, ...] .text C:\Windows\System32\svchost.exe[2220] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 0000000077a90931 11 bytes [B8, 79, E5, 64, 76, 00, 00, ...] .text C:\Windows\System32\svchost.exe[2220] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 0000000077ac52f1 11 bytes [B8, B9, 7A, 64, 76, 00, 00, ...] .text C:\Windows\System32\svchost.exe[2220] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000077ac5311 11 bytes [B8, 39, 77, 64, 76, 00, 00, ...] .text C:\Windows\System32\svchost.exe[2220] C:\Windows\system32\kernel32.dll!ReadConsoleW 0000000077ada5e0 12 bytes [48, B8, B9, 81, 64, 76, 00, ...] .text C:\Windows\System32\svchost.exe[2220] C:\Windows\system32\kernel32.dll!ReadConsoleA 0000000077ada6f0 12 bytes [48, B8, 39, 7E, 64, 76, 00, ...] .text C:\Windows\System32\svchost.exe[2220] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefdc21861 11 bytes [B8, 79, 52, 64, 76, 00, 00, ...] .text C:\Windows\System32\svchost.exe[2220] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefdc22db1 11 bytes [B8, B9, C7, 64, 76, 00, 00, ...] .text C:\Windows\System32\svchost.exe[2220] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefdc23461 11 bytes [B8, 79, C9, 64, 76, 00, 00, ...] .text C:\Windows\System32\svchost.exe[2220] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdc28ef0 12 bytes [48, B8, F9, C5, 64, 76, 00, ...] .text C:\Windows\System32\svchost.exe[2220] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefdc294c0 12 bytes [48, B8, B9, 50, 64, 76, 00, ...] .text C:\Windows\System32\svchost.exe[2220] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefdc2bfd1 11 bytes [B8, 39, C4, 64, 76, 00, 00, ...] .text C:\Windows\System32\svchost.exe[2220] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefdc32af1 11 bytes [B8, F9, 4E, 64, 76, 00, 00, ...] .text C:\Windows\System32\svchost.exe[2220] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefdc54350 12 bytes [48, B8, B9, 42, 64, 76, 00, ...] .text C:\Windows\System32\svchost.exe[2220] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefdc62871 8 bytes [B8, 39, 23, 64, 76, 00, 00, ...] .text C:\Windows\System32\svchost.exe[2220] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefdc6287a 2 bytes [50, C3] .text C:\Windows\System32\svchost.exe[2220] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefdc628b1 11 bytes [B8, F9, 40, 64, 76, 00, 00, ...] .text C:\Windows\System32\svchost.exe[2220] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefefe642d 11 bytes [B8, 39, 5B, 64, 76, 00, 00, ...] .text C:\Windows\System32\svchost.exe[2220] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefefe6484 12 bytes [48, B8, F9, 55, 64, 76, 00, ...] .text C:\Windows\System32\svchost.exe[2220] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefefe6519 11 bytes [B8, 39, 62, 64, 76, 00, 00, ...] .text C:\Windows\System32\svchost.exe[2220] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefefe6c34 12 bytes [48, B8, 39, 54, 64, 76, 00, ...] .text C:\Windows\System32\svchost.exe[2220] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefefe7ab5 11 bytes [B8, F9, 5C, 64, 76, 00, 00, ...] .text C:\Windows\System32\svchost.exe[2220] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefefe8b01 11 bytes [B8, B9, 57, 64, 76, 00, 00, ...] .text C:\Windows\System32\svchost.exe[2220] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefefe8c39 11 bytes [B8, 79, 59, 64, 76, 00, 00, ...] .text C:\Windows\System32\svchost.exe[2220] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49 000007fefedf4ea1 11 bytes [B8, 39, F5, 64, 76, 00, 00, ...] .text C:\Windows\System32\svchost.exe[2220] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fefedf55c8 12 bytes [48, B8, B9, 6C, 64, 76, 00, ...] .text C:\Windows\System32\svchost.exe[2220] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fefee0b85c 12 bytes [48, B8, F9, 6A, 64, 76, 00, ...] .text C:\Windows\System32\svchost.exe[2220] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW 000007fefee0b9d0 12 bytes [48, B8, 79, 60, 64, 76, 00, ...] .text C:\Windows\System32\svchost.exe[2220] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007fefee0ba3c 12 bytes [48, B8, B9, 5E, 64, 76, 00, ...] .text C:\Windows\System32\svchost.exe[2220] C:\Windows\system32\WS2_32.dll!WSASend + 1 000007feff7013b1 11 bytes [B8, F9, BE, 64, 76, 00, 00, ...] .text C:\Windows\System32\svchost.exe[2220] C:\Windows\system32\WS2_32.dll!closesocket 000007feff7018e0 12 bytes [48, B8, 39, BD, 64, 76, 00, ...] .text C:\Windows\System32\svchost.exe[2220] C:\Windows\system32\WS2_32.dll!WSASocketW + 1 000007feff701bd1 11 bytes [B8, 79, BB, 64, 76, 00, 00, ...] .text C:\Windows\System32\svchost.exe[2220] C:\Windows\system32\WS2_32.dll!WSARecv + 1 000007feff702201 11 bytes [B8, F9, E1, 64, 76, 00, 00, ...] .text C:\Windows\System32\svchost.exe[2220] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 000007feff7023c0 12 bytes [48, B8, 79, A6, 64, 76, 00, ...] .text C:\Windows\System32\svchost.exe[2220] C:\Windows\system32\WS2_32.dll!connect 000007feff7045c0 12 bytes [48, B8, 79, 67, 64, 76, 00, ...] .text C:\Windows\System32\svchost.exe[2220] C:\Windows\system32\WS2_32.dll!send + 1 000007feff708001 11 bytes [B8, B9, B9, 64, 76, 00, 00, ...] .text C:\Windows\System32\svchost.exe[2220] C:\Windows\system32\WS2_32.dll!gethostbyname 000007feff708df0 7 bytes [48, B8, 39, A8, 64, 76, 00] .text C:\Windows\System32\svchost.exe[2220] C:\Windows\system32\WS2_32.dll!gethostbyname + 9 000007feff708df9 3 bytes [00, 50, C3] .text C:\Windows\System32\svchost.exe[2220] C:\Windows\system32\WS2_32.dll!socket + 1 000007feff70de91 11 bytes [B8, F9, DA, 64, 76, 00, 00, ...] .text C:\Windows\System32\svchost.exe[2220] C:\Windows\system32\WS2_32.dll!recv + 1 000007feff70df41 11 bytes [B8, 39, E0, 64, 76, 00, 00, ...] .text C:\Windows\System32\svchost.exe[2220] C:\Windows\system32\WS2_32.dll!WSAConnect + 1 000007feff72e0f1 11 bytes [B8, 79, DE, 64, 76, 00, 00, ...] .text C:\Windows\system32\taskhost.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000077cc92d1 5 bytes [B8, 39, 69, 64, 76] .text C:\Windows\system32\taskhost.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7 0000000077cc92d7 5 bytes [00, 00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 0000000077ce1330 6 bytes [48, B8, B9, F1, 64, 76] .text C:\Windows\system32\taskhost.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 0000000077ce1338 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077ce13a0 6 bytes [48, B8, B9, D5, 64, 76] .text C:\Windows\system32\taskhost.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 0000000077ce13a8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077ce1470 6 bytes [48, B8, 79, C2, 64, 76] .text C:\Windows\system32\taskhost.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 0000000077ce1478 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077ce1510 6 bytes [48, B8, F9, 32, 64, 76] .text C:\Windows\system32\taskhost.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000077ce1518 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077ce1530 6 bytes [48, B8, 39, 1C, 64, 76] .text C:\Windows\system32\taskhost.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000077ce1538 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000077ce1550 6 bytes [48, B8, F9, 1D, 64, 76] .text C:\Windows\system32\taskhost.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000077ce1558 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077ce1570 6 bytes [48, B8, B9, C0, 64, 76] .text C:\Windows\system32\taskhost.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 0000000077ce1578 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077ce1620 6 bytes [48, B8, 39, EE, 64, 76] .text C:\Windows\system32\taskhost.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 0000000077ce1628 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077ce1650 6 bytes [48, B8, 79, 2F, 64, 76] .text C:\Windows\system32\taskhost.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 0000000077ce1658 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077ce1670 6 bytes [48, B8, 79, 36, 64, 76] .text C:\Windows\system32\taskhost.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 0000000077ce1678 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077ce1700 6 bytes [48, B8, B9, 34, 64, 76] .text C:\Windows\system32\taskhost.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 0000000077ce1708 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077ce1750 6 bytes [48, B8, 79, F3, 64, 76] .text C:\Windows\system32\taskhost.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 0000000077ce1758 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000077ce1780 6 bytes [48, B8, 39, 2A, 64, 76] .text C:\Windows\system32\taskhost.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 0000000077ce1788 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077ce1790 6 bytes [48, B8, B9, 26, 64, 76] .text C:\Windows\system32\taskhost.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 0000000077ce1798 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077ce1800 6 bytes [48, B8, F9, EF, 64, 76] .text C:\Windows\system32\taskhost.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000077ce1808 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 0000000077ce18b0 6 bytes [48, B8, F9, F6, 64, 76] .text C:\Windows\system32\taskhost.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 0000000077ce18b8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077ce1c80 6 bytes [48, B8, 79, EC, 64, 76] .text C:\Windows\system32\taskhost.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 0000000077ce1c88 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000077ce1cd0 6 bytes [48, B8, 79, 28, 64, 76] .text C:\Windows\system32\taskhost.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 0000000077ce1cd8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077ce1d30 6 bytes [48, B8, F9, 24, 64, 76] .text C:\Windows\system32\taskhost.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 0000000077ce1d38 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077ce20a0 6 bytes [48, B8, 79, D7, 64, 76] .text C:\Windows\system32\taskhost.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 0000000077ce20a8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 0000000077ce25e0 6 bytes [48, B8, 79, 83, 64, 76] .text C:\Windows\system32\taskhost.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 0000000077ce25e8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077ce27e0 6 bytes [48, B8, 39, 31, 64, 76] .text C:\Windows\system32\taskhost.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 0000000077ce27e8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077ce29a0 6 bytes [48, B8, 39, D9, 64, 76] .text C:\Windows\system32\taskhost.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 0000000077ce29a8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077ce2a80 6 bytes [48, B8, 79, 3D, 64, 76] .text C:\Windows\system32\taskhost.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8 0000000077ce2a88 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077ce2a90 6 bytes [48, B8, B9, 3B, 64, 76] .text C:\Windows\system32\taskhost.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8 0000000077ce2a98 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077ce2aa0 6 bytes [48, B8, 39, F5, 64, 76] .text C:\Windows\system32\taskhost.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 0000000077ce2aa8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077ce2b80 6 bytes [48, B8, 39, E7, 64, 76] .text C:\Windows\system32\taskhost.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 0000000077ce2b88 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 0000000077d53201 11 bytes [B8, 39, 85, 64, 76, 00, 00, ...] .text C:\Windows\system32\taskhost.exe[2564] C:\Windows\system32\kernel32.dll!Process32NextW + 1 0000000077a71b21 11 bytes [B8, F9, D3, 64, 76, 00, 00, ...] .text C:\Windows\system32\taskhost.exe[2564] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 0000000077a71c10 12 bytes [48, B8, F9, 39, 64, 76, 00, ...] .text C:\Windows\system32\taskhost.exe[2564] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000077a8db80 12 bytes [48, B8, B9, 2D, 64, 76, 00, ...] .text C:\Windows\system32\taskhost.exe[2564] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 0000000077a90931 11 bytes [B8, 79, E5, 64, 76, 00, 00, ...] .text C:\Windows\system32\taskhost.exe[2564] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 0000000077ac52f1 11 bytes [B8, B9, 7A, 64, 76, 00, 00, ...] .text C:\Windows\system32\taskhost.exe[2564] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000077ac5311 11 bytes [B8, 39, 77, 64, 76, 00, 00, ...] .text C:\Windows\system32\taskhost.exe[2564] C:\Windows\system32\kernel32.dll!ReadConsoleW 0000000077ada5e0 12 bytes [48, B8, B9, 81, 64, 76, 00, ...] .text C:\Windows\system32\taskhost.exe[2564] C:\Windows\system32\kernel32.dll!ReadConsoleA 0000000077ada6f0 12 bytes [48, B8, 39, 7E, 64, 76, 00, ...] .text C:\Windows\system32\taskhost.exe[2564] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefdc21861 11 bytes [B8, 79, 52, 64, 76, 00, 00, ...] .text C:\Windows\system32\taskhost.exe[2564] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefdc22db1 11 bytes [B8, B9, C7, 64, 76, 00, 00, ...] .text C:\Windows\system32\taskhost.exe[2564] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefdc23461 11 bytes [B8, 79, C9, 64, 76, 00, 00, ...] .text C:\Windows\system32\taskhost.exe[2564] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdc28ef0 12 bytes [48, B8, F9, C5, 64, 76, 00, ...] .text C:\Windows\system32\taskhost.exe[2564] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefdc294c0 12 bytes [48, B8, B9, 50, 64, 76, 00, ...] .text C:\Windows\system32\taskhost.exe[2564] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefdc2bfd1 11 bytes [B8, 39, C4, 64, 76, 00, 00, ...] .text C:\Windows\system32\taskhost.exe[2564] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefdc32af1 11 bytes [B8, F9, 4E, 64, 76, 00, 00, ...] .text C:\Windows\system32\taskhost.exe[2564] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefdc54350 12 bytes [48, B8, B9, 42, 64, 76, 00, ...] .text C:\Windows\system32\taskhost.exe[2564] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefdc62871 8 bytes [B8, 39, 23, 64, 76, 00, 00, ...] .text C:\Windows\system32\taskhost.exe[2564] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefdc6287a 2 bytes [50, C3] .text C:\Windows\system32\taskhost.exe[2564] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefdc628b1 11 bytes [B8, F9, 40, 64, 76, 00, 00, ...] .text C:\Windows\system32\taskhost.exe[2564] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefefe642d 11 bytes [B8, 39, 5B, 64, 76, 00, 00, ...] .text C:\Windows\system32\taskhost.exe[2564] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefefe6484 12 bytes [48, B8, F9, 55, 64, 76, 00, ...] .text C:\Windows\system32\taskhost.exe[2564] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefefe6519 11 bytes [B8, 39, 62, 64, 76, 00, 00, ...] .text C:\Windows\system32\taskhost.exe[2564] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefefe6c34 12 bytes [48, B8, 39, 54, 64, 76, 00, ...] .text C:\Windows\system32\taskhost.exe[2564] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefefe7ab5 11 bytes [B8, F9, 5C, 64, 76, 00, 00, ...] .text C:\Windows\system32\taskhost.exe[2564] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefefe8b01 11 bytes [B8, B9, 57, 64, 76, 00, 00, ...] .text C:\Windows\system32\taskhost.exe[2564] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefefe8c39 11 bytes [B8, 79, 59, 64, 76, 00, 00, ...] .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2572] C:\Windows\SysWOW64\ntdll.dll!NtWriteFile 0000000077e8f928 5 bytes JMP 0000000174886ca1 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2572] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000077e8f9e0 5 bytes JMP 00000001748864e9 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2572] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000077e8fb28 5 bytes JMP 0000000174885ef9 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2572] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 0000000077e8fc20 5 bytes JMP 00000001748831d9 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2572] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 0000000077e8fc50 5 bytes JMP 00000001748815f1 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2572] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 0000000077e8fc80 5 bytes JMP 0000000174881689 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2572] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077e8fcb0 5 bytes JMP 0000000174885e61 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2572] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 0000000077e8fdc8 5 bytes JMP 0000000174886c09 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2572] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077e8fe14 5 bytes JMP 00000001748830a9 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2572] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 0000000077e8fe44 5 bytes JMP 0000000174883309 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2572] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 0000000077e8ff24 5 bytes JMP 0000000174883271 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2572] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 0000000077e8ffa4 5 bytes JMP 0000000174886d39 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2572] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 0000000077e8ffec 5 bytes JMP 0000000174882ee1 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2572] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077e90004 5 bytes JMP 0000000174882db1 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2572] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077e900b4 5 bytes JMP 0000000174881ed9 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2572] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 0000000077e901c4 5 bytes JMP 0000000174882301 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2572] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077e9079c 5 bytes JMP 0000000174886b71 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2572] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 0000000077e90814 5 bytes JMP 0000000174882e49 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2572] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077e908a4 5 bytes JMP 0000000174882d19 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2572] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077e90df4 5 bytes JMP 0000000174886581 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2572] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError 0000000077e91604 5 bytes JMP 0000000174884ac9 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2572] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077e91920 5 bytes JMP 0000000174883141 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2572] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077e91be4 5 bytes JMP 0000000174886619 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2572] C:\Windows\SysWOW64\ntdll.dll!NtSuspendProcess 0000000077e91d54 5 bytes JMP 0000000174883439 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2572] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077e91d70 5 bytes JMP 00000001748833a1 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2572] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077e91d8c 5 bytes JMP 0000000174886dd1 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2572] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl 0000000077e91ee8 5 bytes JMP 00000001748869a9 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2572] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter 0000000077ea88c4 5 bytes JMP 0000000174881ab1 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2572] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx 0000000077ed0d3b 5 bytes JMP 0000000174882009 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2572] C:\Windows\SysWOW64\ntdll.dll!RtlReportException 0000000077f1860f 5 bytes JMP 0000000174884b61 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2572] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters 0000000077f1e8ab 5 bytes JMP 0000000174881f71 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2572] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA 0000000077520e00 5 bytes JMP 0000000174881da9 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2572] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000077521072 5 bytes JMP 0000000174882a21 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2572] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 000000007752499f 5 bytes JMP 00000001748825f9 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2572] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000077533bbb 5 bytes JMP 0000000174883011 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2572] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot 0000000077547327 5 bytes JMP 0000000174882729 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2572] C:\Windows\syswow64\kernel32.dll!Process32NextW 00000000775488da 5 bytes JMP 0000000174886451 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2572] C:\Windows\syswow64\kernel32.dll!WinExec 00000000775a2ff1 5 bytes JMP 00000001748828f1 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2572] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA 00000000775c748b 5 bytes JMP 00000001748846a1 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2572] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW 00000000775c74ae 5 bytes JMP 00000001748847d1 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2572] C:\Windows\syswow64\kernel32.dll!ReadConsoleA 00000000775c7859 5 bytes JMP 0000000174884901 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2572] C:\Windows\syswow64\kernel32.dll!ReadConsoleW 00000000775c78d2 5 bytes JMP 0000000174884a31 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2572] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime 0000000075a58f8d 5 bytes JMP 0000000174881a19 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2572] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle 0000000075a5c436 5 bytes JMP 0000000174883b59 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2572] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 0000000075a5eca6 5 bytes JMP 0000000174883601 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2572] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess 0000000075a5f206 5 bytes JMP 0000000174882399 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2572] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW 0000000075a5fa89 5 bytes JMP 0000000174881e41 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2572] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW 0000000075a61358 5 bytes JMP 0000000174883ac1 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2572] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 0000000075a6137f 5 bytes JMP 0000000174883a29 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2572] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075a61d29 5 bytes JMP 0000000174881981 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2572] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress 0000000075a61e15 5 bytes JMP 00000001748824c9 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2572] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075a62ab1 5 bytes JMP 0000000174886029 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2572] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA 0000000075a62cd9 5 bytes JMP 0000000174885f91 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2572] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075a62d17 5 bytes JMP 00000001748860c1 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2572] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA 0000000075a62e7a 5 bytes JMP 00000001748818e9 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2572] C:\Windows\syswow64\KERNELBASE.dll!SleepEx 0000000075a63b70 5 bytes JMP 0000000174882269 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2572] C:\Windows\syswow64\KERNELBASE.dll!Sleep 0000000075a64496 5 bytes JMP 0000000174882431 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2572] C:\Windows\syswow64\KERNELBASE.dll!CreateThread 0000000075a64608 5 bytes JMP 0000000174883569 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2572] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread 0000000075a64631 5 bytes JMP 0000000174882c81 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2572] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA 0000000075a6c734 5 bytes JMP 00000001748827c1 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2572] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceW 000000007737c9ec 5 bytes JMP 0000000174883c89 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2572] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceA 0000000077382b70 5 bytes JMP 0000000174883bf1 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2572] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle 000000007738361c 5 bytes JMP 00000001748840b1 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2572] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA + 222 0000000077384965 1 byte JMP 0000000174886e69 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2572] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA + 224 0000000077384967 3 bytes {JMP QWORD [RAX+RDX*2]} .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2572] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 00000000773970c4 5 bytes JMP 0000000174884311 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2572] C:\Windows\syswow64\ADVAPI32.dll!ControlService 00000000773970dc 5 bytes JMP 0000000174883e51 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2572] C:\Windows\syswow64\ADVAPI32.dll!DeleteService 00000000773970f4 5 bytes JMP 0000000174883ee9 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2572] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA 00000000773b31f4 5 bytes JMP 0000000174883f81 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2572] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW 00000000773b3204 5 bytes JMP 0000000174884019 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2572] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA 00000000773b3214 5 bytes JMP 0000000174883d21 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2572] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExW 00000000773b3224 5 bytes JMP 0000000174883db9 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2572] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 00000000773b3264 5 bytes JMP 0000000174884279 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2572] C:\Windows\syswow64\msvcrt.dll!_lock + 41 000000007605a472 5 bytes JMP 0000000174886f01 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2572] C:\Windows\syswow64\msvcrt.dll!__p__fmode 00000000760627ce 5 bytes JMP 0000000174881be1 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2572] C:\Windows\syswow64\msvcrt.dll!__p__environ 000000007606e6cf 5 bytes JMP 0000000174881b49 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2572] C:\Windows\syswow64\USER32.dll!GetMessageW 00000000774278e2 5 bytes JMP 0000000174884441 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2572] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000077427bd3 5 bytes JMP 00000001748843a9 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2572] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000077428a29 5 bytes JMP 00000001748857d9 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2572] C:\Windows\syswow64\USER32.dll!FindWindowW 00000000774298fd 5 bytes JMP 0000000174886289 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2572] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize 000000007742b6ed 5 bytes JMP 0000000174886f99 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2572] C:\Windows\syswow64\USER32.dll!CreateWindowExA 000000007742d22e 5 bytes JMP 0000000174885871 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2572] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007742ee09 5 bytes JMP 00000001748834d1 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2572] C:\Windows\syswow64\USER32.dll!FindWindowA 000000007742ffe6 5 bytes JMP 0000000174886159 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2572] C:\Windows\syswow64\USER32.dll!FindWindowExA 00000000774300d9 5 bytes JMP 00000001748861f1 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2572] C:\Windows\syswow64\USER32.dll!PeekMessageW 00000000774305ba 5 bytes JMP 0000000174884571 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2572] C:\Windows\syswow64\USER32.dll!ShowWindow 0000000077430dfb 5 bytes JMP 0000000174885909 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2572] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000774312a5 5 bytes JMP 0000000174886ad9 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2572] C:\Windows\syswow64\USER32.dll!SetWindowTextW 00000000774320ec 5 bytes JMP 0000000174885c99 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2572] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000077433baa 5 bytes JMP 0000000174886a41 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2572] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000077435f74 5 bytes JMP 00000001748844d9 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2572] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000077436285 5 bytes JMP 0000000174884bf9 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2572] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000077437603 5 bytes JMP 0000000174882be9 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2572] C:\Windows\syswow64\USER32.dll!SetWindowTextA 0000000077437aee 5 bytes JMP 0000000174885c01 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2572] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007743835c 5 bytes JMP 0000000174882b51 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2572] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamAorW 000000007744ce54 5 bytes JMP 0000000174885a39 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2572] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007744f52b 5 bytes JMP 0000000174884c91 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2572] C:\Windows\syswow64\USER32.dll!FindWindowExW 000000007744f588 5 bytes JMP 0000000174886321 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2572] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamAorW 00000000774510a0 5 bytes JMP 00000001748859a1 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2572] C:\Windows\syswow64\USER32.dll!MessageBoxExA 000000007747fcd6 5 bytes JMP 0000000174885ad1 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2572] C:\Windows\syswow64\USER32.dll!MessageBoxExW 000000007747fcfa 5 bytes JMP 0000000174885b69 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2572] C:\Windows\syswow64\SHELL32.dll!Shell_NotifyIconW 0000000076740179 5 bytes JMP 0000000174884d29 .text C:\Windows\system32\svchost.exe[2648] C:\Windows\system32\kernel32.dll!Process32NextW + 1 0000000077a71b21 11 bytes [B8, F9, D3, 64, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2648] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 0000000077a71c10 12 bytes [48, B8, F9, 39, 64, 76, 00, ...] .text C:\Windows\system32\svchost.exe[2648] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000077a8db80 12 bytes [48, B8, B9, 2D, 64, 76, 00, ...] .text C:\Windows\system32\svchost.exe[2648] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 0000000077a90931 11 bytes [B8, 79, E5, 64, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2648] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 0000000077ac52f1 11 bytes [B8, B9, 7A, 64, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2648] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000077ac5311 11 bytes [B8, 39, 77, 64, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2648] C:\Windows\system32\kernel32.dll!ReadConsoleW 0000000077ada5e0 12 bytes [48, B8, B9, 81, 64, 76, 00, ...] .text C:\Windows\system32\svchost.exe[2648] C:\Windows\system32\kernel32.dll!ReadConsoleA 0000000077ada6f0 12 bytes [48, B8, 39, 7E, 64, 76, 00, ...] .text C:\Windows\system32\svchost.exe[2648] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefdc21861 11 bytes [B8, 79, 52, 64, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2648] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefdc22db1 11 bytes [B8, B9, C7, 64, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2648] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefdc23461 11 bytes [B8, 79, C9, 64, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2648] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdc28ef0 12 bytes [48, B8, F9, C5, 64, 76, 00, ...] .text C:\Windows\system32\svchost.exe[2648] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefdc294c0 12 bytes [48, B8, B9, 50, 64, 76, 00, ...] .text C:\Windows\system32\svchost.exe[2648] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefdc2bfd1 11 bytes [B8, 39, C4, 64, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2648] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefdc32af1 11 bytes [B8, F9, 4E, 64, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2648] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefdc54350 12 bytes [48, B8, B9, 42, 64, 76, 00, ...] .text C:\Windows\system32\svchost.exe[2648] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefdc62871 8 bytes [B8, 39, 23, 64, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2648] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefdc6287a 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[2648] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefdc628b1 11 bytes [B8, F9, 40, 64, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2648] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefefe642d 11 bytes [B8, 39, 5B, 64, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2648] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefefe6484 12 bytes [48, B8, F9, 55, 64, 76, 00, ...] .text C:\Windows\system32\svchost.exe[2648] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefefe6519 11 bytes [B8, 39, 62, 64, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2648] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefefe6c34 12 bytes [48, B8, 39, 54, 64, 76, 00, ...] .text C:\Windows\system32\svchost.exe[2648] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefefe7ab5 11 bytes [B8, F9, 5C, 64, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2648] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefefe8b01 11 bytes [B8, B9, 57, 64, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2648] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefefe8c39 11 bytes [B8, 79, 59, 64, 76, 00, 00, ...] .text C:\Windows\Explorer.EXE[2792] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000077cc92d1 5 bytes [B8, F9, 55, 64, 76] .text C:\Windows\Explorer.EXE[2792] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7 0000000077cc92d7 5 bytes [00, 00, 00, 50, C3] .text C:\Windows\Explorer.EXE[2792] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077ce1470 6 bytes [48, B8, F9, 5C, 64, 76] .text C:\Windows\Explorer.EXE[2792] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 0000000077ce1478 4 bytes [00, 00, 50, C3] .text C:\Windows\Explorer.EXE[2792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077ce1510 6 bytes [48, B8, F9, 32, 64, 76] .text C:\Windows\Explorer.EXE[2792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000077ce1518 4 bytes [00, 00, 50, C3] .text C:\Windows\Explorer.EXE[2792] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077ce1530 6 bytes [48, B8, 39, 1C, 64, 76] .text C:\Windows\Explorer.EXE[2792] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000077ce1538 4 bytes [00, 00, 50, C3] .text C:\Windows\Explorer.EXE[2792] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000077ce1550 6 bytes [48, B8, F9, 1D, 64, 76] .text C:\Windows\Explorer.EXE[2792] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000077ce1558 4 bytes [00, 00, 50, C3] .text C:\Windows\Explorer.EXE[2792] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077ce1570 6 bytes [48, B8, 39, 5B, 64, 76] .text C:\Windows\Explorer.EXE[2792] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 0000000077ce1578 4 bytes [00, 00, 50, C3] .text C:\Windows\Explorer.EXE[2792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077ce1620 6 bytes [48, B8, 39, 70, 64, 76] .text C:\Windows\Explorer.EXE[2792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 0000000077ce1628 4 bytes [00, 00, 50, C3] .text C:\Windows\Explorer.EXE[2792] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077ce1650 6 bytes [48, B8, 79, 2F, 64, 76] .text C:\Windows\Explorer.EXE[2792] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 0000000077ce1658 4 bytes [00, 00, 50, C3] .text C:\Windows\Explorer.EXE[2792] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077ce1670 6 bytes [48, B8, 79, 36, 64, 76] .text C:\Windows\Explorer.EXE[2792] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 0000000077ce1678 4 bytes [00, 00, 50, C3] .text C:\Windows\Explorer.EXE[2792] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077ce1700 6 bytes [48, B8, B9, 34, 64, 76] .text C:\Windows\Explorer.EXE[2792] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 0000000077ce1708 4 bytes [00, 00, 50, C3] .text C:\Windows\Explorer.EXE[2792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077ce1750 6 bytes [48, B8, F9, 71, 64, 76] .text C:\Windows\Explorer.EXE[2792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 0000000077ce1758 4 bytes [00, 00, 50, C3] .text C:\Windows\Explorer.EXE[2792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000077ce1780 6 bytes [48, B8, 39, 2A, 64, 76] .text C:\Windows\Explorer.EXE[2792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 0000000077ce1788 4 bytes [00, 00, 50, C3] .text C:\Windows\Explorer.EXE[2792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077ce1790 6 bytes [48, B8, B9, 26, 64, 76] .text C:\Windows\Explorer.EXE[2792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 0000000077ce1798 4 bytes [00, 00, 50, C3] .text C:\Windows\Explorer.EXE[2792] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 0000000077ce18b0 6 bytes [48, B8, 79, 75, 64, 76] .text C:\Windows\Explorer.EXE[2792] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 0000000077ce18b8 4 bytes [00, 00, 50, C3] .text C:\Windows\Explorer.EXE[2792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077ce1c80 6 bytes [48, B8, 79, 6E, 64, 76] .text C:\Windows\Explorer.EXE[2792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 0000000077ce1c88 4 bytes [00, 00, 50, C3] .text C:\Windows\Explorer.EXE[2792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000077ce1cd0 6 bytes [48, B8, 79, 28, 64, 76] .text C:\Windows\Explorer.EXE[2792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 0000000077ce1cd8 4 bytes [00, 00, 50, C3] .text C:\Windows\Explorer.EXE[2792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077ce1d30 6 bytes [48, B8, F9, 24, 64, 76] .text C:\Windows\Explorer.EXE[2792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 0000000077ce1d38 4 bytes [00, 00, 50, C3] .text C:\Windows\Explorer.EXE[2792] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077ce20a0 6 bytes [48, B8, B9, 5E, 64, 76] .text C:\Windows\Explorer.EXE[2792] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 0000000077ce20a8 4 bytes [00, 00, 50, C3] .text C:\Windows\Explorer.EXE[2792] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077ce27e0 6 bytes [48, B8, 39, 31, 64, 76] .text C:\Windows\Explorer.EXE[2792] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 0000000077ce27e8 4 bytes [00, 00, 50, C3] .text C:\Windows\Explorer.EXE[2792] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077ce29a0 6 bytes [48, B8, 79, 60, 64, 76] .text C:\Windows\Explorer.EXE[2792] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 0000000077ce29a8 4 bytes [00, 00, 50, C3] .text C:\Windows\Explorer.EXE[2792] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077ce2a80 6 bytes [48, B8, 79, 3D, 64, 76] .text C:\Windows\Explorer.EXE[2792] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8 0000000077ce2a88 4 bytes [00, 00, 50, C3] .text C:\Windows\Explorer.EXE[2792] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077ce2a90 6 bytes [48, B8, B9, 3B, 64, 76] .text C:\Windows\Explorer.EXE[2792] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8 0000000077ce2a98 4 bytes [00, 00, 50, C3] .text C:\Windows\Explorer.EXE[2792] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077ce2aa0 6 bytes [48, B8, B9, 73, 64, 76] .text C:\Windows\Explorer.EXE[2792] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 0000000077ce2aa8 4 bytes [00, 00, 50, C3] .text C:\Windows\Explorer.EXE[2792] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077ce2b80 6 bytes [48, B8, B9, 65, 64, 76] .text C:\Windows\Explorer.EXE[2792] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 0000000077ce2b88 4 bytes [00, 00, 50, C3] .text C:\Windows\Explorer.EXE[2792] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 0000000077a71c10 12 bytes [48, B8, F9, 39, 64, 76, 00, ...] .text C:\Windows\Explorer.EXE[2792] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000077a8db80 12 bytes [48, B8, B9, 2D, 64, 76, 00, ...] .text C:\Windows\Explorer.EXE[2792] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 0000000077a90931 11 bytes [B8, F9, 63, 64, 76, 00, 00, ...] .text C:\Windows\Explorer.EXE[2792] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefdc54350 12 bytes [48, B8, B9, 42, 64, 76, 00, ...] .text C:\Windows\Explorer.EXE[2792] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefdc62871 8 bytes [B8, 39, 23, 64, 76, 00, 00, ...] .text C:\Windows\Explorer.EXE[2792] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefdc6287a 2 bytes [50, C3] .text C:\Windows\Explorer.EXE[2792] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefdc628b1 11 bytes [B8, F9, 40, 64, 76, 00, 00, ...] .text C:\Windows\Explorer.EXE[2792] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefefe642d 11 bytes [B8, 79, 4B, 64, 76, 00, 00, ...] .text C:\Windows\Explorer.EXE[2792] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefefe6484 12 bytes [48, B8, 39, 46, 64, 76, 00, ...] .text C:\Windows\Explorer.EXE[2792] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefefe6519 11 bytes [B8, 79, 52, 64, 76, 00, 00, ...] .text C:\Windows\Explorer.EXE[2792] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefefe6c34 12 bytes [48, B8, 79, 44, 64, 76, 00, ...] .text C:\Windows\Explorer.EXE[2792] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefefe7ab5 11 bytes [B8, 39, 4D, 64, 76, 00, 00, ...] .text C:\Windows\Explorer.EXE[2792] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefefe8b01 11 bytes [B8, F9, 47, 64, 76, 00, 00, ...] .text C:\Windows\Explorer.EXE[2792] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefefe8c39 11 bytes [B8, B9, 49, 64, 76, 00, 00, ...] .text C:\Windows\Explorer.EXE[2792] C:\Windows\system32\WS2_32.dll!connect 000007feff7045c0 12 bytes [48, B8, 39, 54, 64, 76, 00, ...] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2932] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000077cc92d1 5 bytes [B8, 39, 69, 64, 76] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2932] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7 0000000077cc92d7 5 bytes [00, 00, 00, 50, C3] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2932] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 0000000077ce1330 6 bytes [48, B8, B9, F1, 64, 76] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2932] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 0000000077ce1338 4 bytes [00, 00, 50, C3] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2932] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077ce13a0 6 bytes [48, B8, B9, D5, 64, 76] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2932] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 0000000077ce13a8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2932] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077ce1470 6 bytes [48, B8, 79, C2, 64, 76] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2932] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 0000000077ce1478 4 bytes [00, 00, 50, C3] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077ce1510 6 bytes [48, B8, F9, 32, 64, 76] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000077ce1518 4 bytes [00, 00, 50, C3] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2932] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077ce1530 6 bytes [48, B8, 39, 1C, 64, 76] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2932] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000077ce1538 4 bytes [00, 00, 50, C3] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2932] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000077ce1550 6 bytes [48, B8, F9, 1D, 64, 76] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2932] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000077ce1558 4 bytes [00, 00, 50, C3] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2932] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077ce1570 6 bytes [48, B8, B9, C0, 64, 76] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2932] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 0000000077ce1578 4 bytes [00, 00, 50, C3] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077ce1620 6 bytes [48, B8, 39, EE, 64, 76] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 0000000077ce1628 4 bytes [00, 00, 50, C3] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2932] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077ce1650 6 bytes [48, B8, 79, 2F, 64, 76] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2932] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 0000000077ce1658 4 bytes [00, 00, 50, C3] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2932] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077ce1670 6 bytes [48, B8, 79, 36, 64, 76] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2932] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 0000000077ce1678 4 bytes [00, 00, 50, C3] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2932] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077ce1700 6 bytes [48, B8, B9, 34, 64, 76] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2932] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 0000000077ce1708 4 bytes [00, 00, 50, C3] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077ce1750 6 bytes [48, B8, 79, F3, 64, 76] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 0000000077ce1758 4 bytes [00, 00, 50, C3] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000077ce1780 6 bytes [48, B8, 39, 2A, 64, 76] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 0000000077ce1788 4 bytes [00, 00, 50, C3] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077ce1790 6 bytes [48, B8, B9, 26, 64, 76] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 0000000077ce1798 4 bytes [00, 00, 50, C3] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077ce1800 6 bytes [48, B8, F9, EF, 64, 76] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000077ce1808 4 bytes [00, 00, 50, C3] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2932] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 0000000077ce18b0 6 bytes [48, B8, F9, F6, 64, 76] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2932] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 0000000077ce18b8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077ce1c80 6 bytes [48, B8, 79, EC, 64, 76] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 0000000077ce1c88 4 bytes [00, 00, 50, C3] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000077ce1cd0 6 bytes [48, B8, 79, 28, 64, 76] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 0000000077ce1cd8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077ce1d30 6 bytes [48, B8, F9, 24, 64, 76] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 0000000077ce1d38 4 bytes [00, 00, 50, C3] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2932] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077ce20a0 6 bytes [48, B8, 79, D7, 64, 76] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2932] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 0000000077ce20a8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2932] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 0000000077ce25e0 6 bytes [48, B8, 79, 83, 64, 76] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2932] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 0000000077ce25e8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2932] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077ce27e0 6 bytes [48, B8, 39, 31, 64, 76] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2932] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 0000000077ce27e8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2932] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077ce29a0 6 bytes [48, B8, 39, D9, 64, 76] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2932] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 0000000077ce29a8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2932] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077ce2a80 6 bytes [48, B8, 79, 3D, 64, 76] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2932] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8 0000000077ce2a88 4 bytes [00, 00, 50, C3] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2932] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077ce2a90 6 bytes [48, B8, B9, 3B, 64, 76] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2932] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8 0000000077ce2a98 4 bytes [00, 00, 50, C3] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2932] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077ce2aa0 6 bytes [48, B8, 39, F5, 64, 76] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2932] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 0000000077ce2aa8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2932] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077ce2b80 6 bytes [48, B8, 39, E7, 64, 76] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2932] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 0000000077ce2b88 4 bytes [00, 00, 50, C3] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2932] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 0000000077d53201 11 bytes [B8, 39, 85, 64, 76, 00, 00, ...] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2932] C:\Windows\system32\kernel32.dll!Process32NextW + 1 0000000077a71b21 11 bytes [B8, F9, D3, 64, 76, 00, 00, ...] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2932] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 0000000077a71c10 12 bytes [48, B8, F9, 39, 64, 76, 00, ...] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2932] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000077a8db80 12 bytes [48, B8, B9, 2D, 64, 76, 00, ...] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2932] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 0000000077a90931 11 bytes [B8, 79, E5, 64, 76, 00, 00, ...] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2932] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 0000000077ac52f1 11 bytes [B8, B9, 7A, 64, 76, 00, 00, ...] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2932] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000077ac5311 11 bytes [B8, 39, 77, 64, 76, 00, 00, ...] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2932] C:\Windows\system32\kernel32.dll!ReadConsoleW 0000000077ada5e0 12 bytes [48, B8, B9, 81, 64, 76, 00, ...] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2932] C:\Windows\system32\kernel32.dll!ReadConsoleA 0000000077ada6f0 12 bytes [48, B8, 39, 7E, 64, 76, 00, ...] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2932] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefdc21861 11 bytes [B8, 79, 52, 64, 76, 00, 00, ...] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2932] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefdc22db1 11 bytes [B8, B9, C7, 64, 76, 00, 00, ...] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2932] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefdc23461 11 bytes [B8, 79, C9, 64, 76, 00, 00, ...] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2932] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdc28ef0 12 bytes [48, B8, F9, C5, 64, 76, 00, ...] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2932] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefdc294c0 12 bytes [48, B8, B9, 50, 64, 76, 00, ...] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2932] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefdc2bfd1 11 bytes [B8, 39, C4, 64, 76, 00, 00, ...] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2932] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefdc32af1 11 bytes [B8, F9, 4E, 64, 76, 00, 00, ...] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2932] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefdc54350 12 bytes [48, B8, B9, 42, 64, 76, 00, ...] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2932] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefdc62871 8 bytes [B8, 39, 23, 64, 76, 00, 00, ...] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2932] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefdc6287a 2 bytes [50, C3] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2932] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefdc628b1 11 bytes [B8, F9, 40, 64, 76, 00, 00, ...] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2932] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49 000007fefedf4ea1 11 bytes [B8, 79, FA, 64, 76, 00, 00, ...] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2932] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fefedf55c8 12 bytes [48, B8, B9, 6C, 64, 76, 00, ...] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2932] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fefee0b85c 12 bytes [48, B8, F9, 6A, 64, 76, 00, ...] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2932] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW 000007fefee0b9d0 12 bytes [48, B8, 79, 60, 64, 76, 00, ...] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2932] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007fefee0ba3c 12 bytes [48, B8, B9, 5E, 64, 76, 00, ...] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2932] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefefe642d 11 bytes [B8, 39, 5B, 64, 76, 00, 00, ...] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2932] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefefe6484 12 bytes [48, B8, F9, 55, 64, 76, 00, ...] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2932] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefefe6519 11 bytes [B8, 39, 62, 64, 76, 00, 00, ...] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2932] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefefe6c34 12 bytes [48, B8, 39, 54, 64, 76, 00, ...] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2932] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefefe7ab5 11 bytes [B8, F9, 5C, 64, 76, 00, 00, ...] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2932] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefefe8b01 11 bytes [B8, B9, 57, 64, 76, 00, 00, ...] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2932] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefefe8c39 11 bytes [B8, 79, 59, 64, 76, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000077cc92d1 5 bytes [B8, 39, 69, 64, 76] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7 0000000077cc92d7 5 bytes [00, 00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 0000000077ce1330 6 bytes [48, B8, B9, F1, 64, 76] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 0000000077ce1338 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077ce13a0 6 bytes [48, B8, B9, D5, 64, 76] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 0000000077ce13a8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077ce1470 6 bytes [48, B8, 79, C2, 64, 76] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 0000000077ce1478 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077ce1510 6 bytes [48, B8, F9, 32, 64, 76] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000077ce1518 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077ce1530 6 bytes [48, B8, 39, 1C, 64, 76] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000077ce1538 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000077ce1550 6 bytes [48, B8, F9, 1D, 64, 76] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000077ce1558 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077ce1570 6 bytes [48, B8, B9, C0, 64, 76] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 0000000077ce1578 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077ce1620 6 bytes [48, B8, 39, EE, 64, 76] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 0000000077ce1628 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077ce1650 6 bytes [48, B8, 79, 2F, 64, 76] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 0000000077ce1658 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077ce1670 6 bytes [48, B8, 79, 36, 64, 76] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 0000000077ce1678 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077ce1700 6 bytes [48, B8, B9, 34, 64, 76] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 0000000077ce1708 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077ce1750 6 bytes [48, B8, 79, F3, 64, 76] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 0000000077ce1758 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000077ce1780 6 bytes [48, B8, 39, 2A, 64, 76] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 0000000077ce1788 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077ce1790 6 bytes [48, B8, B9, 26, 64, 76] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 0000000077ce1798 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077ce1800 6 bytes [48, B8, F9, EF, 64, 76] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000077ce1808 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 0000000077ce18b0 6 bytes [48, B8, F9, F6, 64, 76] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 0000000077ce18b8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077ce1c80 6 bytes [48, B8, 79, EC, 64, 76] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 0000000077ce1c88 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000077ce1cd0 6 bytes [48, B8, 79, 28, 64, 76] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 0000000077ce1cd8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077ce1d30 6 bytes [48, B8, F9, 24, 64, 76] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 0000000077ce1d38 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077ce20a0 6 bytes [48, B8, 79, D7, 64, 76] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 0000000077ce20a8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 0000000077ce25e0 6 bytes [48, B8, 79, 83, 64, 76] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 0000000077ce25e8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077ce27e0 6 bytes [48, B8, 39, 31, 64, 76] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 0000000077ce27e8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077ce29a0 6 bytes [48, B8, 39, D9, 64, 76] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 0000000077ce29a8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077ce2a80 6 bytes [48, B8, 79, 3D, 64, 76] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8 0000000077ce2a88 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077ce2a90 6 bytes [48, B8, B9, 3B, 64, 76] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8 0000000077ce2a98 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077ce2aa0 6 bytes [48, B8, 39, F5, 64, 76] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 0000000077ce2aa8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077ce2b80 6 bytes [48, B8, 39, E7, 64, 76] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 0000000077ce2b88 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2944] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 0000000077d53201 11 bytes [B8, 39, 85, 64, 76, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2944] C:\Windows\system32\kernel32.dll!Process32NextW + 1 0000000077a71b21 11 bytes [B8, F9, D3, 64, 76, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2944] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 0000000077a71c10 12 bytes [48, B8, F9, 39, 64, 76, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2944] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000077a8db80 12 bytes [48, B8, B9, 2D, 64, 76, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2944] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 0000000077a90931 11 bytes [B8, 79, E5, 64, 76, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2944] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 0000000077ac52f1 11 bytes [B8, B9, 7A, 64, 76, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2944] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000077ac5311 11 bytes [B8, 39, 77, 64, 76, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2944] C:\Windows\system32\kernel32.dll!ReadConsoleW 0000000077ada5e0 12 bytes [48, B8, B9, 81, 64, 76, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2944] C:\Windows\system32\kernel32.dll!ReadConsoleA 0000000077ada6f0 12 bytes [48, B8, 39, 7E, 64, 76, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2944] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefdc21861 11 bytes [B8, 79, 52, 64, 76, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2944] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefdc22db1 11 bytes [B8, B9, C7, 64, 76, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2944] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefdc23461 11 bytes [B8, 79, C9, 64, 76, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2944] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdc28ef0 12 bytes [48, B8, F9, C5, 64, 76, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2944] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefdc294c0 12 bytes [48, B8, B9, 50, 64, 76, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2944] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefdc2bfd1 11 bytes [B8, 39, C4, 64, 76, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2944] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefdc32af1 11 bytes [B8, F9, 4E, 64, 76, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2944] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefdc54350 12 bytes [48, B8, B9, 42, 64, 76, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2944] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefdc62871 8 bytes [B8, 39, 23, 64, 76, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2944] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefdc6287a 2 bytes [50, C3] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2944] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefdc628b1 11 bytes [B8, F9, 40, 64, 76, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2944] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefefe642d 11 bytes [B8, 39, 5B, 64, 76, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2944] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefefe6484 12 bytes [48, B8, F9, 55, 64, 76, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2944] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefefe6519 11 bytes [B8, 39, 62, 64, 76, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2944] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefefe6c34 12 bytes [48, B8, 39, 54, 64, 76, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2944] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefefe7ab5 11 bytes [B8, F9, 5C, 64, 76, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2944] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefefe8b01 11 bytes [B8, B9, 57, 64, 76, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2944] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefefe8c39 11 bytes [B8, 79, 59, 64, 76, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2944] C:\Windows\system32\OPENGL32.dll!wglMakeCurrent 000007fef56954b0 12 bytes [48, B8, F9, 9B, 64, 76, 00, ...] .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2968] C:\Windows\SysWOW64\ntdll.dll!NtWriteFile 0000000077e8f928 5 bytes JMP 0000000174886ca1 .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2968] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000077e8f9e0 5 bytes JMP 00000001748864e9 .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2968] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000077e8fb28 5 bytes JMP 0000000174885ef9 .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2968] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 0000000077e8fc20 5 bytes JMP 00000001748831d9 .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2968] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 0000000077e8fc50 5 bytes JMP 00000001748815f1 .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2968] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 0000000077e8fc80 5 bytes JMP 0000000174881689 .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2968] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077e8fcb0 5 bytes JMP 0000000174885e61 .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2968] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 0000000077e8fdc8 5 bytes JMP 0000000174886c09 .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2968] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077e8fe14 5 bytes JMP 00000001748830a9 .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2968] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 0000000077e8fe44 5 bytes JMP 0000000174883309 .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2968] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 0000000077e8ff24 5 bytes JMP 0000000174883271 .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2968] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 0000000077e8ffa4 5 bytes JMP 0000000174886d39 .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2968] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 0000000077e8ffec 5 bytes JMP 0000000174882ee1 .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2968] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077e90004 5 bytes JMP 0000000174882db1 .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2968] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077e900b4 5 bytes JMP 0000000174881ed9 .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2968] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 0000000077e901c4 5 bytes JMP 0000000174882301 .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2968] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077e9079c 5 bytes JMP 0000000174886b71 .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2968] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 0000000077e90814 5 bytes JMP 0000000174882e49 .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2968] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077e908a4 5 bytes JMP 0000000174882d19 .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2968] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077e90df4 5 bytes JMP 0000000174886581 .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2968] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError 0000000077e91604 5 bytes JMP 0000000174884ac9 .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2968] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077e91920 5 bytes JMP 0000000174883141 .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2968] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077e91be4 5 bytes JMP 0000000174886619 .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2968] C:\Windows\SysWOW64\ntdll.dll!NtSuspendProcess 0000000077e91d54 5 bytes JMP 0000000174883439 .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2968] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077e91d70 5 bytes JMP 00000001748833a1 .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2968] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077e91d8c 5 bytes JMP 0000000174886dd1 .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2968] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl 0000000077e91ee8 5 bytes JMP 00000001748869a9 .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2968] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter 0000000077ea88c4 5 bytes JMP 0000000174881ab1 .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2968] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx 0000000077ed0d3b 5 bytes JMP 0000000174882009 .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2968] C:\Windows\SysWOW64\ntdll.dll!RtlReportException 0000000077f1860f 5 bytes JMP 0000000174884b61 .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2968] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters 0000000077f1e8ab 5 bytes JMP 0000000174881f71 .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2968] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA 0000000077520e00 5 bytes JMP 0000000174881da9 .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2968] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000077521072 5 bytes JMP 0000000174882a21 .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2968] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 000000007752499f 5 bytes JMP 00000001748825f9 .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2968] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000077533bbb 5 bytes JMP 0000000174883011 .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2968] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot 0000000077547327 5 bytes JMP 0000000174882729 .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2968] C:\Windows\syswow64\kernel32.dll!Process32NextW 00000000775488da 5 bytes JMP 0000000174886451 .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2968] C:\Windows\syswow64\kernel32.dll!WinExec 00000000775a2ff1 5 bytes JMP 00000001748828f1 .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2968] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA 00000000775c748b 5 bytes JMP 00000001748846a1 .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2968] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW 00000000775c74ae 5 bytes JMP 00000001748847d1 .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2968] C:\Windows\syswow64\kernel32.dll!ReadConsoleA 00000000775c7859 5 bytes JMP 0000000174884901 .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2968] C:\Windows\syswow64\kernel32.dll!ReadConsoleW 00000000775c78d2 5 bytes JMP 0000000174884a31 .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2968] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime 0000000075a58f8d 5 bytes JMP 0000000174881a19 .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2968] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle 0000000075a5c436 5 bytes JMP 0000000174883b59 .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2968] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 0000000075a5eca6 5 bytes JMP 0000000174883601 .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2968] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess 0000000075a5f206 5 bytes JMP 0000000174882399 .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2968] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW 0000000075a5fa89 5 bytes JMP 0000000174881e41 .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2968] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW 0000000075a61358 5 bytes JMP 0000000174883ac1 .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2968] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 0000000075a6137f 5 bytes JMP 0000000174883a29 .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2968] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075a61d29 5 bytes JMP 0000000174881981 .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2968] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress 0000000075a61e15 5 bytes JMP 00000001748824c9 .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2968] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075a62ab1 5 bytes JMP 0000000174886029 .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2968] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA 0000000075a62cd9 5 bytes JMP 0000000174885f91 .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2968] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075a62d17 5 bytes JMP 00000001748860c1 .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2968] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA 0000000075a62e7a 5 bytes JMP 00000001748818e9 .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2968] C:\Windows\syswow64\KERNELBASE.dll!SleepEx 0000000075a63b70 5 bytes JMP 0000000174882269 .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2968] C:\Windows\syswow64\KERNELBASE.dll!Sleep 0000000075a64496 5 bytes JMP 0000000174882431 .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2968] C:\Windows\syswow64\KERNELBASE.dll!CreateThread 0000000075a64608 5 bytes JMP 0000000174883569 .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2968] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread 0000000075a64631 5 bytes JMP 0000000174882c81 .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2968] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA 0000000075a6c734 5 bytes JMP 00000001748827c1 .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2968] C:\Windows\syswow64\USER32.dll!GetMessageW 00000000774278e2 5 bytes JMP 0000000174884441 .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2968] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000077427bd3 5 bytes JMP 00000001748843a9 .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2968] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000077428a29 5 bytes JMP 00000001748857d9 .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2968] C:\Windows\syswow64\USER32.dll!FindWindowW 00000000774298fd 5 bytes JMP 0000000174886289 .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2968] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize 000000007742b6ed 5 bytes JMP 0000000174886e69 .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2968] C:\Windows\syswow64\USER32.dll!CreateWindowExA 000000007742d22e 5 bytes JMP 0000000174885871 .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2968] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007742ee09 5 bytes JMP 00000001748834d1 .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2968] C:\Windows\syswow64\USER32.dll!FindWindowA 000000007742ffe6 5 bytes JMP 0000000174886159 .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2968] C:\Windows\syswow64\USER32.dll!FindWindowExA 00000000774300d9 5 bytes JMP 00000001748861f1 .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2968] C:\Windows\syswow64\USER32.dll!PeekMessageW 00000000774305ba 5 bytes JMP 0000000174884571 .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2968] C:\Windows\syswow64\USER32.dll!ShowWindow 0000000077430dfb 5 bytes JMP 0000000174885909 .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2968] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000774312a5 5 bytes JMP 0000000174886ad9 .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2968] C:\Windows\syswow64\USER32.dll!SetWindowTextW 00000000774320ec 5 bytes JMP 0000000174885c99 .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2968] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000077433baa 5 bytes JMP 0000000174886a41 .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2968] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000077435f74 5 bytes JMP 00000001748844d9 .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2968] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000077436285 5 bytes JMP 0000000174884bf9 .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2968] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000077437603 5 bytes JMP 0000000174882be9 .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2968] C:\Windows\syswow64\USER32.dll!SetWindowTextA 0000000077437aee 5 bytes JMP 0000000174885c01 .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2968] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007743835c 5 bytes JMP 0000000174882b51 .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2968] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamAorW 000000007744ce54 5 bytes JMP 0000000174885a39 .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2968] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007744f52b 5 bytes JMP 0000000174884c91 .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2968] C:\Windows\syswow64\USER32.dll!FindWindowExW 000000007744f588 5 bytes JMP 0000000174886321 .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2968] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamAorW 00000000774510a0 5 bytes JMP 00000001748859a1 .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2968] C:\Windows\syswow64\USER32.dll!MessageBoxExA 000000007747fcd6 5 bytes JMP 0000000174885ad1 .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2968] C:\Windows\syswow64\USER32.dll!MessageBoxExW 000000007747fcfa 5 bytes JMP 0000000174885b69 .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2968] C:\Windows\syswow64\msvcrt.dll!_lock + 41 000000007605a472 5 bytes JMP 0000000174886f01 .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2968] C:\Windows\syswow64\msvcrt.dll!__p__fmode 00000000760627ce 5 bytes JMP 0000000174881be1 .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2968] C:\Windows\syswow64\msvcrt.dll!__p__environ 000000007606e6cf 5 bytes JMP 0000000174881b49 .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2968] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceW 000000007737c9ec 5 bytes JMP 0000000174883c89 .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2968] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceA 0000000077382b70 5 bytes JMP 0000000174883bf1 .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2968] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle 000000007738361c 5 bytes JMP 00000001748840b1 .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2968] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA + 222 0000000077384965 5 bytes JMP 0000000174886f99 .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2968] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 00000000773970c4 5 bytes JMP 0000000174884311 .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2968] C:\Windows\syswow64\ADVAPI32.dll!ControlService 00000000773970dc 5 bytes JMP 0000000174883e51 .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2968] C:\Windows\syswow64\ADVAPI32.dll!DeleteService 00000000773970f4 5 bytes JMP 0000000174883ee9 .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2968] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA 00000000773b31f4 5 bytes JMP 0000000174883f81 .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2968] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW 00000000773b3204 5 bytes JMP 0000000174884019 .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2968] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA 00000000773b3214 5 bytes JMP 0000000174883d21 .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2968] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExW 00000000773b3224 5 bytes JMP 0000000174883db9 .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2968] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 00000000773b3264 5 bytes JMP 0000000174884279 .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2968] C:\Windows\syswow64\WS2_32.dll!closesocket 00000000763b3918 5 bytes JMP 0000000174885dc9 .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2968] C:\Windows\syswow64\WS2_32.dll!WSASocketW 00000000763b3cd3 5 bytes JMP 0000000174885d31 .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2968] C:\Windows\syswow64\WS2_32.dll!socket 00000000763b3eb8 5 bytes JMP 00000001748866b1 .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2968] C:\Windows\syswow64\WS2_32.dll!WSASend 00000000763b4406 5 bytes JMP 0000000174882139 .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2968] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoW 00000000763b4889 5 bytes JMP 00000001748856a9 .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2968] C:\Windows\syswow64\WS2_32.dll!recv 00000000763b6b0e 5 bytes JMP 0000000174886879 .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2968] C:\Windows\syswow64\WS2_32.dll!connect 00000000763b6bdd 1 byte JMP 00000001748841e1 .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2968] C:\Windows\syswow64\WS2_32.dll!connect + 2 00000000763b6bdf 3 bytes {CALL RBP} .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2968] C:\Windows\syswow64\WS2_32.dll!send 00000000763b6f01 5 bytes JMP 00000001748820a1 .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2968] C:\Windows\syswow64\WS2_32.dll!WSARecv 00000000763b7089 5 bytes JMP 0000000174886911 .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2968] C:\Windows\syswow64\WS2_32.dll!WSAConnect 00000000763bcc3f 5 bytes JMP 00000001748867e1 .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2968] C:\Windows\syswow64\WS2_32.dll!gethostbyname 00000000763c7673 5 bytes JMP 0000000174885741 .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2968] C:\Windows\syswow64\SHELL32.dll!Shell_NotifyIconW 0000000076740179 5 bytes JMP 0000000174884d29 .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2968] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000765b1465 2 bytes [5B, 76] .text C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe[2968] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000765b14bb 2 bytes [5B, 76] .text ... * 2 .text C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe[2976] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000765b1465 2 bytes [5B, 76] .text C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe[2976] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000765b14bb 2 bytes [5B, 76] .text ... * 2 .text C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe[3012] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077ce1570 6 bytes [48, B8, F0, 12, 9D, 02] .text C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe[3012] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 0000000077ce1578 4 bytes [00, 00, 50, C3] .text C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077ce1570 6 bytes [48, B8, F0, 12, 74, 01] .text C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 0000000077ce1578 4 bytes [00, 00, 50, C3] .text C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe[2548] C:\Windows\system32\kernel32.dll!UnhandledExceptionFilter + 1 0000000077b0b7e1 11 bytes [B8, F0, 12, 83, 01, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[3092] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000077cc92d1 5 bytes [B8, 39, 69, 64, 76] .text C:\Windows\system32\SearchIndexer.exe[3092] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7 0000000077cc92d7 5 bytes [00, 00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[3092] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 0000000077ce1330 6 bytes [48, B8, B9, F1, 64, 76] .text C:\Windows\system32\SearchIndexer.exe[3092] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 0000000077ce1338 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[3092] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077ce13a0 6 bytes [48, B8, B9, D5, 64, 76] .text C:\Windows\system32\SearchIndexer.exe[3092] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 0000000077ce13a8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[3092] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077ce1470 6 bytes [48, B8, 79, C2, 64, 76] .text C:\Windows\system32\SearchIndexer.exe[3092] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 0000000077ce1478 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[3092] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077ce1510 6 bytes [48, B8, F9, 32, 64, 76] .text C:\Windows\system32\SearchIndexer.exe[3092] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000077ce1518 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[3092] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077ce1530 6 bytes [48, B8, 39, 1C, 64, 76] .text C:\Windows\system32\SearchIndexer.exe[3092] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000077ce1538 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[3092] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000077ce1550 6 bytes [48, B8, F9, 1D, 64, 76] .text C:\Windows\system32\SearchIndexer.exe[3092] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000077ce1558 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[3092] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077ce1570 6 bytes [48, B8, B9, C0, 64, 76] .text C:\Windows\system32\SearchIndexer.exe[3092] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 0000000077ce1578 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[3092] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077ce1620 6 bytes [48, B8, 39, EE, 64, 76] .text C:\Windows\system32\SearchIndexer.exe[3092] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 0000000077ce1628 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[3092] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077ce1650 6 bytes [48, B8, 79, 2F, 64, 76] .text C:\Windows\system32\SearchIndexer.exe[3092] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 0000000077ce1658 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[3092] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077ce1670 6 bytes [48, B8, 79, 36, 64, 76] .text C:\Windows\system32\SearchIndexer.exe[3092] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 0000000077ce1678 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[3092] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077ce1700 6 bytes [48, B8, B9, 34, 64, 76] .text C:\Windows\system32\SearchIndexer.exe[3092] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 0000000077ce1708 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[3092] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077ce1750 6 bytes [48, B8, 79, F3, 64, 76] .text C:\Windows\system32\SearchIndexer.exe[3092] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 0000000077ce1758 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[3092] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000077ce1780 6 bytes [48, B8, 39, 2A, 64, 76] .text C:\Windows\system32\SearchIndexer.exe[3092] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 0000000077ce1788 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[3092] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077ce1790 6 bytes [48, B8, B9, 26, 64, 76] .text C:\Windows\system32\SearchIndexer.exe[3092] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 0000000077ce1798 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[3092] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077ce1800 6 bytes [48, B8, F9, EF, 64, 76] .text C:\Windows\system32\SearchIndexer.exe[3092] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000077ce1808 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[3092] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 0000000077ce18b0 6 bytes [48, B8, F9, F6, 64, 76] .text C:\Windows\system32\SearchIndexer.exe[3092] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 0000000077ce18b8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[3092] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077ce1c80 6 bytes [48, B8, 79, EC, 64, 76] .text C:\Windows\system32\SearchIndexer.exe[3092] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 0000000077ce1c88 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[3092] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000077ce1cd0 6 bytes [48, B8, 79, 28, 64, 76] .text C:\Windows\system32\SearchIndexer.exe[3092] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 0000000077ce1cd8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[3092] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077ce1d30 6 bytes [48, B8, F9, 24, 64, 76] .text C:\Windows\system32\SearchIndexer.exe[3092] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 0000000077ce1d38 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[3092] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077ce20a0 6 bytes [48, B8, 79, D7, 64, 76] .text C:\Windows\system32\SearchIndexer.exe[3092] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 0000000077ce20a8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[3092] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 0000000077ce25e0 6 bytes [48, B8, 79, 83, 64, 76] .text C:\Windows\system32\SearchIndexer.exe[3092] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 0000000077ce25e8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[3092] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077ce27e0 6 bytes [48, B8, 39, 31, 64, 76] .text C:\Windows\system32\SearchIndexer.exe[3092] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 0000000077ce27e8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[3092] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077ce29a0 6 bytes [48, B8, 39, D9, 64, 76] .text C:\Windows\system32\SearchIndexer.exe[3092] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 0000000077ce29a8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[3092] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077ce2a80 6 bytes [48, B8, 79, 3D, 64, 76] .text C:\Windows\system32\SearchIndexer.exe[3092] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8 0000000077ce2a88 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[3092] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077ce2a90 6 bytes [48, B8, B9, 3B, 64, 76] .text C:\Windows\system32\SearchIndexer.exe[3092] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8 0000000077ce2a98 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[3092] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077ce2aa0 6 bytes [48, B8, 39, F5, 64, 76] .text C:\Windows\system32\SearchIndexer.exe[3092] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 0000000077ce2aa8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[3092] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077ce2b80 6 bytes [48, B8, 39, E7, 64, 76] .text C:\Windows\system32\SearchIndexer.exe[3092] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 0000000077ce2b88 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[3092] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 0000000077d53201 11 bytes [B8, 39, 85, 64, 76, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[3092] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefdc21861 11 bytes [B8, 79, 52, 64, 76, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[3092] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefdc22db1 11 bytes [B8, B9, C7, 64, 76, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[3092] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefdc23461 11 bytes [B8, 79, C9, 64, 76, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[3092] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdc28ef0 12 bytes [48, B8, F9, C5, 64, 76, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[3092] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefdc294c0 12 bytes [48, B8, B9, 50, 64, 76, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[3092] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefdc2bfd1 11 bytes [B8, 39, C4, 64, 76, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[3092] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefdc32af1 11 bytes [B8, F9, 4E, 64, 76, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[3092] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefdc54350 12 bytes [48, B8, B9, 42, 64, 76, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[3092] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefdc62871 8 bytes [B8, 39, 23, 64, 76, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[3092] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefdc6287a 2 bytes [50, C3] .text C:\Windows\system32\SearchIndexer.exe[3092] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefdc628b1 11 bytes [B8, F9, 40, 64, 76, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[3092] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefefe642d 11 bytes [B8, 39, 5B, 64, 76, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[3092] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefefe6484 12 bytes [48, B8, F9, 55, 64, 76, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[3092] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefefe6519 11 bytes [B8, 39, 62, 64, 76, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[3092] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefefe6c34 12 bytes [48, B8, 39, 54, 64, 76, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[3092] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefefe7ab5 11 bytes [B8, F9, 5C, 64, 76, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[3092] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefefe8b01 11 bytes [B8, B9, 57, 64, 76, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[3092] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefefe8c39 11 bytes [B8, 79, 59, 64, 76, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3252] C:\Windows\SysWOW64\ntdll.dll!NtWriteFile 0000000077e8f928 5 bytes JMP 0000000174886ca1 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3252] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000077e8f9e0 5 bytes JMP 00000001748864e9 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3252] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000077e8fb28 5 bytes JMP 0000000174885ef9 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3252] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 0000000077e8fc20 5 bytes JMP 00000001748831d9 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3252] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 0000000077e8fc50 5 bytes JMP 00000001748815f1 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3252] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 0000000077e8fc80 5 bytes JMP 0000000174881689 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3252] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077e8fcb0 5 bytes JMP 0000000174885e61 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3252] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 0000000077e8fdc8 5 bytes JMP 0000000174886c09 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3252] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077e8fe14 5 bytes JMP 00000001748830a9 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3252] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 0000000077e8fe44 5 bytes JMP 0000000174883309 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3252] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 0000000077e8ff24 5 bytes JMP 0000000174883271 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3252] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 0000000077e8ffa4 5 bytes JMP 0000000174886d39 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3252] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 0000000077e8ffec 5 bytes JMP 0000000174882ee1 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3252] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077e90004 5 bytes JMP 0000000174882db1 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3252] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077e900b4 5 bytes JMP 0000000174881ed9 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3252] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 0000000077e901c4 5 bytes JMP 0000000174882301 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3252] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077e9079c 5 bytes JMP 0000000174886b71 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3252] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 0000000077e90814 5 bytes JMP 0000000174882e49 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3252] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077e908a4 5 bytes JMP 0000000174882d19 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3252] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077e90df4 5 bytes JMP 0000000174886581 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3252] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError 0000000077e91604 5 bytes JMP 0000000174884ac9 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3252] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077e91920 5 bytes JMP 0000000174883141 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3252] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077e91be4 5 bytes JMP 0000000174886619 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3252] C:\Windows\SysWOW64\ntdll.dll!NtSuspendProcess 0000000077e91d54 5 bytes JMP 0000000174883439 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3252] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077e91d70 5 bytes JMP 00000001748833a1 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3252] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077e91d8c 5 bytes JMP 0000000174886dd1 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3252] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl 0000000077e91ee8 5 bytes JMP 00000001748869a9 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3252] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter 0000000077ea88c4 5 bytes JMP 0000000174881ab1 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3252] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx 0000000077ed0d3b 5 bytes JMP 0000000174882009 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3252] C:\Windows\SysWOW64\ntdll.dll!RtlReportException 0000000077f1860f 5 bytes JMP 0000000174884b61 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3252] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters 0000000077f1e8ab 5 bytes JMP 0000000174881f71 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3252] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA 0000000077520e00 5 bytes JMP 0000000174881da9 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3252] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000077521072 5 bytes JMP 0000000174882a21 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3252] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 000000007752499f 5 bytes JMP 00000001748825f9 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3252] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000077533bbb 5 bytes JMP 0000000174883011 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3252] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot 0000000077547327 5 bytes JMP 0000000174882729 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3252] C:\Windows\syswow64\kernel32.dll!Process32NextW 00000000775488da 5 bytes JMP 0000000174886451 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3252] C:\Windows\syswow64\kernel32.dll!WinExec 00000000775a2ff1 5 bytes JMP 00000001748828f1 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3252] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA 00000000775c748b 5 bytes JMP 00000001748846a1 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3252] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW 00000000775c74ae 5 bytes JMP 00000001748847d1 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3252] C:\Windows\syswow64\kernel32.dll!ReadConsoleA 00000000775c7859 5 bytes JMP 0000000174884901 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3252] C:\Windows\syswow64\kernel32.dll!ReadConsoleW 00000000775c78d2 5 bytes JMP 0000000174884a31 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3252] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime 0000000075a58f8d 5 bytes JMP 0000000174881a19 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3252] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle 0000000075a5c436 5 bytes JMP 0000000174883b59 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3252] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 0000000075a5eca6 5 bytes JMP 0000000174883601 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3252] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess 0000000075a5f206 5 bytes JMP 0000000174882399 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3252] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW 0000000075a5fa89 5 bytes JMP 0000000174881e41 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3252] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW 0000000075a61358 5 bytes JMP 0000000174883ac1 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3252] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 0000000075a6137f 5 bytes JMP 0000000174883a29 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3252] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075a61d29 5 bytes JMP 0000000174881981 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3252] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress 0000000075a61e15 5 bytes JMP 00000001748824c9 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3252] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075a62ab1 5 bytes JMP 0000000174886029 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3252] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA 0000000075a62cd9 5 bytes JMP 0000000174885f91 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3252] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075a62d17 5 bytes JMP 00000001748860c1 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3252] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA 0000000075a62e7a 5 bytes JMP 00000001748818e9 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3252] C:\Windows\syswow64\KERNELBASE.dll!SleepEx 0000000075a63b70 5 bytes JMP 0000000174882269 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3252] C:\Windows\syswow64\KERNELBASE.dll!Sleep 0000000075a64496 5 bytes JMP 0000000174882431 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3252] C:\Windows\syswow64\KERNELBASE.dll!CreateThread 0000000075a64608 5 bytes JMP 0000000174883569 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3252] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread 0000000075a64631 5 bytes JMP 0000000174882c81 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3252] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA 0000000075a6c734 5 bytes JMP 00000001748827c1 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3252] C:\Windows\syswow64\SHELL32.dll!Shell_NotifyIconW 0000000076740179 5 bytes JMP 0000000174884d29 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3252] C:\Windows\syswow64\msvcrt.dll!_lock + 41 000000007605a472 5 bytes JMP 0000000174886f01 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3252] C:\Windows\syswow64\msvcrt.dll!__p__fmode 00000000760627ce 5 bytes JMP 0000000174881be1 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3252] C:\Windows\syswow64\msvcrt.dll!__p__environ 000000007606e6cf 5 bytes JMP 0000000174881b49 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3252] C:\Windows\syswow64\USER32.dll!GetMessageW 00000000774278e2 5 bytes JMP 0000000174884441 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3252] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000077427bd3 5 bytes JMP 00000001748843a9 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3252] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000077428a29 5 bytes JMP 00000001748857d9 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3252] C:\Windows\syswow64\USER32.dll!FindWindowW 00000000774298fd 5 bytes JMP 0000000174886289 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3252] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize 000000007742b6ed 5 bytes JMP 0000000174886f99 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3252] C:\Windows\syswow64\USER32.dll!CreateWindowExA 000000007742d22e 5 bytes JMP 0000000174885871 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3252] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007742ee09 5 bytes JMP 00000001748834d1 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3252] C:\Windows\syswow64\USER32.dll!FindWindowA 000000007742ffe6 5 bytes JMP 0000000174886159 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3252] C:\Windows\syswow64\USER32.dll!FindWindowExA 00000000774300d9 5 bytes JMP 00000001748861f1 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3252] C:\Windows\syswow64\USER32.dll!PeekMessageW 00000000774305ba 5 bytes JMP 0000000174884571 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3252] C:\Windows\syswow64\USER32.dll!ShowWindow 0000000077430dfb 5 bytes JMP 0000000174885909 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3252] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000774312a5 5 bytes JMP 0000000174886ad9 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3252] C:\Windows\syswow64\USER32.dll!SetWindowTextW 00000000774320ec 5 bytes JMP 0000000174885c99 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3252] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000077433baa 5 bytes JMP 0000000174886a41 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3252] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000077435f74 5 bytes JMP 00000001748844d9 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3252] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000077436285 5 bytes JMP 0000000174884bf9 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3252] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000077437603 5 bytes JMP 0000000174882be9 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3252] C:\Windows\syswow64\USER32.dll!SetWindowTextA 0000000077437aee 5 bytes JMP 0000000174885c01 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3252] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007743835c 5 bytes JMP 0000000174882b51 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3252] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamAorW 000000007744ce54 5 bytes JMP 0000000174885a39 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3252] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007744f52b 5 bytes JMP 0000000174884c91 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3252] C:\Windows\syswow64\USER32.dll!FindWindowExW 000000007744f588 5 bytes JMP 0000000174886321 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3252] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamAorW 00000000774510a0 5 bytes JMP 00000001748859a1 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3252] C:\Windows\syswow64\USER32.dll!MessageBoxExA 000000007747fcd6 5 bytes JMP 0000000174885ad1 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3252] C:\Windows\syswow64\USER32.dll!MessageBoxExW 000000007747fcfa 5 bytes JMP 0000000174885b69 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3252] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceW 000000007737c9ec 5 bytes JMP 0000000174883c89 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3252] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceA 0000000077382b70 5 bytes JMP 0000000174883bf1 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3252] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle 000000007738361c 5 bytes JMP 00000001748840b1 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3252] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA + 222 0000000077384965 5 bytes JMP 0000000174887031 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3252] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 00000000773970c4 5 bytes JMP 0000000174884311 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3252] C:\Windows\syswow64\ADVAPI32.dll!ControlService 00000000773970dc 5 bytes JMP 0000000174883e51 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3252] C:\Windows\syswow64\ADVAPI32.dll!DeleteService 00000000773970f4 5 bytes JMP 0000000174883ee9 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3252] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA 00000000773b31f4 5 bytes JMP 0000000174883f81 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3252] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW 00000000773b3204 5 bytes JMP 0000000174884019 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3252] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA 00000000773b3214 5 bytes JMP 0000000174883d21 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3252] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExW 00000000773b3224 5 bytes JMP 0000000174883db9 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3252] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 00000000773b3264 5 bytes JMP 0000000174884279 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3252] C:\Windows\syswow64\WS2_32.dll!closesocket 00000000763b3918 5 bytes JMP 0000000174885dc9 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3252] C:\Windows\syswow64\WS2_32.dll!WSASocketW 00000000763b3cd3 5 bytes JMP 0000000174885d31 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3252] C:\Windows\syswow64\WS2_32.dll!socket 00000000763b3eb8 5 bytes JMP 00000001748866b1 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3252] C:\Windows\syswow64\WS2_32.dll!WSASend 00000000763b4406 5 bytes JMP 0000000174882139 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3252] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoW 00000000763b4889 5 bytes JMP 00000001748856a9 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3252] C:\Windows\syswow64\WS2_32.dll!recv 00000000763b6b0e 5 bytes JMP 0000000174886879 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3252] C:\Windows\syswow64\WS2_32.dll!connect 00000000763b6bdd 1 byte JMP 00000001748841e1 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3252] C:\Windows\syswow64\WS2_32.dll!connect + 2 00000000763b6bdf 3 bytes {CALL RBP} .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3252] C:\Windows\syswow64\WS2_32.dll!send 00000000763b6f01 5 bytes JMP 00000001748820a1 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3252] C:\Windows\syswow64\WS2_32.dll!WSARecv 00000000763b7089 5 bytes JMP 0000000174886911 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3252] C:\Windows\syswow64\WS2_32.dll!WSAConnect 00000000763bcc3f 5 bytes JMP 00000001748867e1 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3252] C:\Windows\syswow64\WS2_32.dll!gethostbyname 00000000763c7673 5 bytes JMP 0000000174885741 .text C:\Program Files (x86)\USB Disk Win98 Driver\Res.exe[3260] C:\Windows\SysWOW64\ntdll.dll!NtWriteFile 0000000077e8f928 5 bytes JMP 0000000174886ca1 .text C:\Program Files (x86)\USB Disk Win98 Driver\Res.exe[3260] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000077e8f9e0 5 bytes JMP 00000001748864e9 .text C:\Program Files (x86)\USB Disk Win98 Driver\Res.exe[3260] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000077e8fb28 5 bytes JMP 0000000174885ef9 .text C:\Program Files (x86)\USB Disk Win98 Driver\Res.exe[3260] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 0000000077e8fc20 5 bytes JMP 00000001748831d9 .text C:\Program Files (x86)\USB Disk Win98 Driver\Res.exe[3260] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 0000000077e8fc50 5 bytes JMP 00000001748815f1 .text C:\Program Files (x86)\USB Disk Win98 Driver\Res.exe[3260] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 0000000077e8fc80 5 bytes JMP 0000000174881689 .text C:\Program Files (x86)\USB Disk Win98 Driver\Res.exe[3260] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077e8fcb0 5 bytes JMP 0000000174885e61 .text C:\Program Files (x86)\USB Disk Win98 Driver\Res.exe[3260] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 0000000077e8fdc8 5 bytes JMP 0000000174886c09 .text C:\Program Files (x86)\USB Disk Win98 Driver\Res.exe[3260] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077e8fe14 5 bytes JMP 00000001748830a9 .text C:\Program Files (x86)\USB Disk Win98 Driver\Res.exe[3260] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 0000000077e8fe44 5 bytes JMP 0000000174883309 .text C:\Program Files (x86)\USB Disk Win98 Driver\Res.exe[3260] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 0000000077e8ff24 5 bytes JMP 0000000174883271 .text C:\Program Files (x86)\USB Disk Win98 Driver\Res.exe[3260] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 0000000077e8ffa4 5 bytes JMP 0000000174886d39 .text C:\Program Files (x86)\USB Disk Win98 Driver\Res.exe[3260] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 0000000077e8ffec 5 bytes JMP 0000000174882ee1 .text C:\Program Files (x86)\USB Disk Win98 Driver\Res.exe[3260] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077e90004 5 bytes JMP 0000000174882db1 .text C:\Program Files (x86)\USB Disk Win98 Driver\Res.exe[3260] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077e900b4 5 bytes JMP 0000000174881ed9 .text C:\Program Files (x86)\USB Disk Win98 Driver\Res.exe[3260] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 0000000077e901c4 5 bytes JMP 0000000174882301 .text C:\Program Files (x86)\USB Disk Win98 Driver\Res.exe[3260] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077e9079c 5 bytes JMP 0000000174886b71 .text C:\Program Files (x86)\USB Disk Win98 Driver\Res.exe[3260] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 0000000077e90814 5 bytes JMP 0000000174882e49 .text C:\Program Files (x86)\USB Disk Win98 Driver\Res.exe[3260] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077e908a4 5 bytes JMP 0000000174882d19 .text C:\Program Files (x86)\USB Disk Win98 Driver\Res.exe[3260] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077e90df4 5 bytes JMP 0000000174886581 .text C:\Program Files (x86)\USB Disk Win98 Driver\Res.exe[3260] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError 0000000077e91604 5 bytes JMP 0000000174884ac9 .text C:\Program Files (x86)\USB Disk Win98 Driver\Res.exe[3260] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077e91920 5 bytes JMP 0000000174883141 .text C:\Program Files (x86)\USB Disk Win98 Driver\Res.exe[3260] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077e91be4 5 bytes JMP 0000000174886619 .text C:\Program Files (x86)\USB Disk Win98 Driver\Res.exe[3260] C:\Windows\SysWOW64\ntdll.dll!NtSuspendProcess 0000000077e91d54 5 bytes JMP 0000000174883439 .text C:\Program Files (x86)\USB Disk Win98 Driver\Res.exe[3260] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077e91d70 5 bytes JMP 00000001748833a1 .text C:\Program Files (x86)\USB Disk Win98 Driver\Res.exe[3260] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077e91d8c 5 bytes JMP 0000000174886dd1 .text C:\Program Files (x86)\USB Disk Win98 Driver\Res.exe[3260] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl 0000000077e91ee8 5 bytes JMP 00000001748869a9 .text C:\Program Files (x86)\USB Disk Win98 Driver\Res.exe[3260] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter 0000000077ea88c4 5 bytes JMP 0000000174881ab1 .text C:\Program Files (x86)\USB Disk Win98 Driver\Res.exe[3260] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx 0000000077ed0d3b 5 bytes JMP 0000000174882009 .text C:\Program Files (x86)\USB Disk Win98 Driver\Res.exe[3260] C:\Windows\SysWOW64\ntdll.dll!RtlReportException 0000000077f1860f 5 bytes JMP 0000000174884b61 .text C:\Program Files (x86)\USB Disk Win98 Driver\Res.exe[3260] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters 0000000077f1e8ab 5 bytes JMP 0000000174881f71 .text C:\Program Files (x86)\USB Disk Win98 Driver\Res.exe[3260] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA 0000000077520e00 5 bytes JMP 0000000174881da9 .text C:\Program Files (x86)\USB Disk Win98 Driver\Res.exe[3260] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000077521072 5 bytes JMP 0000000174882a21 .text C:\Program Files (x86)\USB Disk Win98 Driver\Res.exe[3260] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 000000007752499f 5 bytes JMP 00000001748825f9 .text C:\Program Files (x86)\USB Disk Win98 Driver\Res.exe[3260] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000077533bbb 5 bytes JMP 0000000174883011 .text C:\Program Files (x86)\USB Disk Win98 Driver\Res.exe[3260] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot 0000000077547327 5 bytes JMP 0000000174882729 .text C:\Program Files (x86)\USB Disk Win98 Driver\Res.exe[3260] C:\Windows\syswow64\kernel32.dll!Process32NextW 00000000775488da 5 bytes JMP 0000000174886451 .text C:\Program Files (x86)\USB Disk Win98 Driver\Res.exe[3260] C:\Windows\syswow64\kernel32.dll!WinExec 00000000775a2ff1 5 bytes JMP 00000001748828f1 .text C:\Program Files (x86)\USB Disk Win98 Driver\Res.exe[3260] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA 00000000775c748b 5 bytes JMP 00000001748846a1 .text C:\Program Files (x86)\USB Disk Win98 Driver\Res.exe[3260] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW 00000000775c74ae 5 bytes JMP 00000001748847d1 .text C:\Program Files (x86)\USB Disk Win98 Driver\Res.exe[3260] C:\Windows\syswow64\kernel32.dll!ReadConsoleA 00000000775c7859 5 bytes JMP 0000000174884901 .text C:\Program Files (x86)\USB Disk Win98 Driver\Res.exe[3260] C:\Windows\syswow64\kernel32.dll!ReadConsoleW 00000000775c78d2 5 bytes JMP 0000000174884a31 .text C:\Program Files (x86)\USB Disk Win98 Driver\Res.exe[3260] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime 0000000075a58f8d 5 bytes JMP 0000000174881a19 .text C:\Program Files (x86)\USB Disk Win98 Driver\Res.exe[3260] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle 0000000075a5c436 5 bytes JMP 0000000174883b59 .text C:\Program Files (x86)\USB Disk Win98 Driver\Res.exe[3260] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 0000000075a5eca6 5 bytes JMP 0000000174883601 .text C:\Program Files (x86)\USB Disk Win98 Driver\Res.exe[3260] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess 0000000075a5f206 5 bytes JMP 0000000174882399 .text C:\Program Files (x86)\USB Disk Win98 Driver\Res.exe[3260] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW 0000000075a5fa89 5 bytes JMP 0000000174881e41 .text C:\Program Files (x86)\USB Disk Win98 Driver\Res.exe[3260] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW 0000000075a61358 5 bytes JMP 0000000174883ac1 .text C:\Program Files (x86)\USB Disk Win98 Driver\Res.exe[3260] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 0000000075a6137f 5 bytes JMP 0000000174883a29 .text C:\Program Files (x86)\USB Disk Win98 Driver\Res.exe[3260] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075a61d29 5 bytes JMP 0000000174881981 .text C:\Program Files (x86)\USB Disk Win98 Driver\Res.exe[3260] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress 0000000075a61e15 5 bytes JMP 00000001748824c9 .text C:\Program Files (x86)\USB Disk Win98 Driver\Res.exe[3260] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075a62ab1 5 bytes JMP 0000000174886029 .text C:\Program Files (x86)\USB Disk Win98 Driver\Res.exe[3260] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA 0000000075a62cd9 5 bytes JMP 0000000174885f91 .text C:\Program Files (x86)\USB Disk Win98 Driver\Res.exe[3260] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075a62d17 5 bytes JMP 00000001748860c1 .text C:\Program Files (x86)\USB Disk Win98 Driver\Res.exe[3260] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA 0000000075a62e7a 5 bytes JMP 00000001748818e9 .text C:\Program Files (x86)\USB Disk Win98 Driver\Res.exe[3260] C:\Windows\syswow64\KERNELBASE.dll!SleepEx 0000000075a63b70 5 bytes JMP 0000000174882269 .text C:\Program Files (x86)\USB Disk Win98 Driver\Res.exe[3260] C:\Windows\syswow64\KERNELBASE.dll!Sleep 0000000075a64496 5 bytes JMP 0000000174882431 .text C:\Program Files (x86)\USB Disk Win98 Driver\Res.exe[3260] C:\Windows\syswow64\KERNELBASE.dll!CreateThread 0000000075a64608 5 bytes JMP 0000000174883569 .text C:\Program Files (x86)\USB Disk Win98 Driver\Res.exe[3260] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread 0000000075a64631 5 bytes JMP 0000000174882c81 .text C:\Program Files (x86)\USB Disk Win98 Driver\Res.exe[3260] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA 0000000075a6c734 5 bytes JMP 00000001748827c1 .text C:\Program Files (x86)\USB Disk Win98 Driver\Res.exe[3260] C:\Windows\syswow64\USER32.dll!GetMessageW 00000000774278e2 5 bytes JMP 0000000174884441 .text C:\Program Files (x86)\USB Disk Win98 Driver\Res.exe[3260] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000077427bd3 5 bytes JMP 00000001748843a9 .text C:\Program Files (x86)\USB Disk Win98 Driver\Res.exe[3260] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000077428a29 5 bytes JMP 00000001748857d9 .text C:\Program Files (x86)\USB Disk Win98 Driver\Res.exe[3260] C:\Windows\syswow64\USER32.dll!FindWindowW 00000000774298fd 5 bytes JMP 0000000174886289 .text C:\Program Files (x86)\USB Disk Win98 Driver\Res.exe[3260] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize 000000007742b6ed 5 bytes JMP 0000000174886e69 .text C:\Program Files (x86)\USB Disk Win98 Driver\Res.exe[3260] C:\Windows\syswow64\USER32.dll!CreateWindowExA 000000007742d22e 5 bytes JMP 0000000174885871 .text C:\Program Files (x86)\USB Disk Win98 Driver\Res.exe[3260] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007742ee09 5 bytes JMP 00000001748834d1 .text C:\Program Files (x86)\USB Disk Win98 Driver\Res.exe[3260] C:\Windows\syswow64\USER32.dll!FindWindowA 000000007742ffe6 5 bytes JMP 0000000174886159 .text C:\Program Files (x86)\USB Disk Win98 Driver\Res.exe[3260] C:\Windows\syswow64\USER32.dll!FindWindowExA 00000000774300d9 5 bytes JMP 00000001748861f1 .text C:\Program Files (x86)\USB Disk Win98 Driver\Res.exe[3260] C:\Windows\syswow64\USER32.dll!PeekMessageW 00000000774305ba 5 bytes JMP 0000000174884571 .text C:\Program Files (x86)\USB Disk Win98 Driver\Res.exe[3260] C:\Windows\syswow64\USER32.dll!ShowWindow 0000000077430dfb 5 bytes JMP 0000000174885909 .text C:\Program Files (x86)\USB Disk Win98 Driver\Res.exe[3260] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000774312a5 5 bytes JMP 0000000174886ad9 .text C:\Program Files (x86)\USB Disk Win98 Driver\Res.exe[3260] C:\Windows\syswow64\USER32.dll!SetWindowTextW 00000000774320ec 5 bytes JMP 0000000174885c99 .text C:\Program Files (x86)\USB Disk Win98 Driver\Res.exe[3260] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000077433baa 5 bytes JMP 0000000174886a41 .text C:\Program Files (x86)\USB Disk Win98 Driver\Res.exe[3260] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000077435f74 5 bytes JMP 00000001748844d9 .text C:\Program Files (x86)\USB Disk Win98 Driver\Res.exe[3260] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000077436285 5 bytes JMP 0000000174884bf9 .text C:\Program Files (x86)\USB Disk Win98 Driver\Res.exe[3260] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000077437603 5 bytes JMP 0000000174882be9 .text C:\Program Files (x86)\USB Disk Win98 Driver\Res.exe[3260] C:\Windows\syswow64\USER32.dll!SetWindowTextA 0000000077437aee 5 bytes JMP 0000000174885c01 .text C:\Program Files (x86)\USB Disk Win98 Driver\Res.exe[3260] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007743835c 5 bytes JMP 0000000174882b51 .text C:\Program Files (x86)\USB Disk Win98 Driver\Res.exe[3260] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamAorW 000000007744ce54 5 bytes JMP 0000000174885a39 .text C:\Program Files (x86)\USB Disk Win98 Driver\Res.exe[3260] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007744f52b 5 bytes JMP 0000000174884c91 .text C:\Program Files (x86)\USB Disk Win98 Driver\Res.exe[3260] C:\Windows\syswow64\USER32.dll!FindWindowExW 000000007744f588 5 bytes JMP 0000000174886321 .text C:\Program Files (x86)\USB Disk Win98 Driver\Res.exe[3260] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamAorW 00000000774510a0 5 bytes JMP 00000001748859a1 .text C:\Program Files (x86)\USB Disk Win98 Driver\Res.exe[3260] C:\Windows\syswow64\USER32.dll!MessageBoxExA 000000007747fcd6 5 bytes JMP 0000000174885ad1 .text C:\Program Files (x86)\USB Disk Win98 Driver\Res.exe[3260] C:\Windows\syswow64\USER32.dll!MessageBoxExW 000000007747fcfa 5 bytes JMP 0000000174885b69 .text C:\Program Files (x86)\USB Disk Win98 Driver\Res.exe[3260] C:\Windows\syswow64\msvcrt.dll!_lock + 41 000000007605a472 5 bytes JMP 0000000174886f01 .text C:\Program Files (x86)\USB Disk Win98 Driver\Res.exe[3260] C:\Windows\syswow64\msvcrt.dll!__p__fmode 00000000760627ce 5 bytes JMP 0000000174881be1 .text C:\Program Files (x86)\USB Disk Win98 Driver\Res.exe[3260] C:\Windows\syswow64\msvcrt.dll!__p__environ 000000007606e6cf 5 bytes JMP 0000000174881b49 .text C:\Program Files (x86)\USB Disk Win98 Driver\Res.exe[3260] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceW 000000007737c9ec 5 bytes JMP 0000000174883c89 .text C:\Program Files (x86)\USB Disk Win98 Driver\Res.exe[3260] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceA 0000000077382b70 5 bytes JMP 0000000174883bf1 .text C:\Program Files (x86)\USB Disk Win98 Driver\Res.exe[3260] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle 000000007738361c 5 bytes JMP 00000001748840b1 .text C:\Program Files (x86)\USB Disk Win98 Driver\Res.exe[3260] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA + 222 0000000077384965 5 bytes JMP 0000000174886f99 .text C:\Program Files (x86)\USB Disk Win98 Driver\Res.exe[3260] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 00000000773970c4 5 bytes JMP 0000000174884311 .text C:\Program Files (x86)\USB Disk Win98 Driver\Res.exe[3260] C:\Windows\syswow64\ADVAPI32.dll!ControlService 00000000773970dc 5 bytes JMP 0000000174883e51 .text C:\Program Files (x86)\USB Disk Win98 Driver\Res.exe[3260] C:\Windows\syswow64\ADVAPI32.dll!DeleteService 00000000773970f4 5 bytes JMP 0000000174883ee9 .text C:\Program Files (x86)\USB Disk Win98 Driver\Res.exe[3260] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA 00000000773b31f4 5 bytes JMP 0000000174883f81 .text C:\Program Files (x86)\USB Disk Win98 Driver\Res.exe[3260] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW 00000000773b3204 5 bytes JMP 0000000174884019 .text C:\Program Files (x86)\USB Disk Win98 Driver\Res.exe[3260] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA 00000000773b3214 5 bytes JMP 0000000174883d21 .text C:\Program Files (x86)\USB Disk Win98 Driver\Res.exe[3260] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExW 00000000773b3224 5 bytes JMP 0000000174883db9 .text C:\Program Files (x86)\USB Disk Win98 Driver\Res.exe[3260] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 00000000773b3264 5 bytes JMP 0000000174884279 .text C:\Program Files (x86)\USB Disk Win98 Driver\Res.exe[3260] C:\Windows\syswow64\SHELL32.dll!Shell_NotifyIconW 0000000076740179 5 bytes JMP 0000000174884d29 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3284] C:\Windows\SysWOW64\ntdll.dll!NtWriteFile 0000000077e8f928 5 bytes JMP 0000000174886ca1 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3284] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000077e8f9e0 5 bytes JMP 00000001748864e9 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3284] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000077e8fb28 5 bytes JMP 0000000174885ef9 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3284] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 0000000077e8fc20 5 bytes JMP 00000001748831d9 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3284] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 0000000077e8fc50 5 bytes JMP 00000001748815f1 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3284] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 0000000077e8fc80 5 bytes JMP 0000000174881689 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3284] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077e8fcb0 5 bytes JMP 0000000174885e61 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3284] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 0000000077e8fdc8 5 bytes JMP 0000000174886c09 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3284] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077e8fe14 5 bytes JMP 00000001748830a9 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3284] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 0000000077e8fe44 5 bytes JMP 0000000174883309 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3284] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 0000000077e8ff24 5 bytes JMP 0000000174883271 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3284] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 0000000077e8ffa4 5 bytes JMP 0000000174886d39 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3284] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 0000000077e8ffec 5 bytes JMP 0000000174882ee1 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3284] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077e90004 5 bytes JMP 0000000174882db1 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3284] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077e900b4 5 bytes JMP 0000000174881ed9 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3284] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 0000000077e901c4 5 bytes JMP 0000000174882301 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3284] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077e9079c 5 bytes JMP 0000000174886b71 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3284] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 0000000077e90814 5 bytes JMP 0000000174882e49 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3284] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077e908a4 5 bytes JMP 0000000174882d19 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3284] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077e90df4 5 bytes JMP 0000000174886581 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3284] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError 0000000077e91604 5 bytes JMP 0000000174884ac9 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3284] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077e91920 5 bytes JMP 0000000174883141 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3284] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077e91be4 5 bytes JMP 0000000174886619 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3284] C:\Windows\SysWOW64\ntdll.dll!NtSuspendProcess 0000000077e91d54 5 bytes JMP 0000000174883439 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3284] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077e91d70 5 bytes JMP 00000001748833a1 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3284] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077e91d8c 5 bytes JMP 0000000174886dd1 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3284] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl 0000000077e91ee8 5 bytes JMP 00000001748869a9 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3284] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter 0000000077ea88c4 5 bytes JMP 0000000174881ab1 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3284] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx 0000000077ed0d3b 5 bytes JMP 0000000174882009 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3284] C:\Windows\SysWOW64\ntdll.dll!RtlReportException 0000000077f1860f 5 bytes JMP 0000000174884b61 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3284] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters 0000000077f1e8ab 5 bytes JMP 0000000174881f71 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3284] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA 0000000077520e00 5 bytes JMP 0000000174881da9 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3284] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000077521072 5 bytes JMP 0000000174882a21 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3284] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 000000007752499f 5 bytes JMP 00000001748825f9 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3284] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000077533bbb 5 bytes JMP 0000000174883011 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3284] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot 0000000077547327 5 bytes JMP 0000000174882729 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3284] C:\Windows\syswow64\kernel32.dll!Process32NextW 00000000775488da 5 bytes JMP 0000000174886451 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3284] C:\Windows\syswow64\kernel32.dll!WinExec 00000000775a2ff1 5 bytes JMP 00000001748828f1 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3284] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA 00000000775c748b 5 bytes JMP 00000001748846a1 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3284] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW 00000000775c74ae 5 bytes JMP 00000001748847d1 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3284] C:\Windows\syswow64\kernel32.dll!ReadConsoleA 00000000775c7859 5 bytes JMP 0000000174884901 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3284] C:\Windows\syswow64\kernel32.dll!ReadConsoleW 00000000775c78d2 5 bytes JMP 0000000174884a31 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3284] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime 0000000075a58f8d 5 bytes JMP 0000000174881a19 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3284] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle 0000000075a5c436 5 bytes JMP 0000000174883b59 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3284] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 0000000075a5eca6 5 bytes JMP 0000000174883601 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3284] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess 0000000075a5f206 5 bytes JMP 0000000174882399 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3284] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW 0000000075a5fa89 5 bytes JMP 0000000174881e41 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3284] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW 0000000075a61358 5 bytes JMP 0000000174883ac1 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3284] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 0000000075a6137f 5 bytes JMP 0000000174883a29 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3284] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075a61d29 5 bytes JMP 0000000174881981 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3284] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress 0000000075a61e15 5 bytes JMP 00000001748824c9 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3284] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075a62ab1 5 bytes JMP 0000000174886029 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3284] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA 0000000075a62cd9 5 bytes JMP 0000000174885f91 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3284] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075a62d17 5 bytes JMP 00000001748860c1 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3284] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA 0000000075a62e7a 5 bytes JMP 00000001748818e9 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3284] C:\Windows\syswow64\KERNELBASE.dll!SleepEx 0000000075a63b70 5 bytes JMP 0000000174882269 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3284] C:\Windows\syswow64\KERNELBASE.dll!Sleep 0000000075a64496 5 bytes JMP 0000000174882431 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3284] C:\Windows\syswow64\KERNELBASE.dll!CreateThread 0000000075a64608 5 bytes JMP 0000000174883569 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3284] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread 0000000075a64631 5 bytes JMP 0000000174882c81 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3284] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA 0000000075a6c734 5 bytes JMP 00000001748827c1 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3284] C:\Windows\syswow64\USER32.dll!GetMessageW 00000000774278e2 5 bytes JMP 0000000174884441 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3284] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000077427bd3 5 bytes JMP 00000001748843a9 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3284] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000077428a29 5 bytes JMP 00000001748857d9 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3284] C:\Windows\syswow64\USER32.dll!FindWindowW 00000000774298fd 5 bytes JMP 0000000174886289 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3284] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize 000000007742b6ed 5 bytes JMP 0000000174886e69 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3284] C:\Windows\syswow64\USER32.dll!CreateWindowExA 000000007742d22e 5 bytes JMP 0000000174885871 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3284] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007742ee09 5 bytes JMP 00000001748834d1 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3284] C:\Windows\syswow64\USER32.dll!FindWindowA 000000007742ffe6 5 bytes JMP 0000000174886159 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3284] C:\Windows\syswow64\USER32.dll!FindWindowExA 00000000774300d9 5 bytes JMP 00000001748861f1 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3284] C:\Windows\syswow64\USER32.dll!PeekMessageW 00000000774305ba 5 bytes JMP 0000000174884571 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3284] C:\Windows\syswow64\USER32.dll!ShowWindow 0000000077430dfb 5 bytes JMP 0000000174885909 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3284] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000774312a5 5 bytes JMP 0000000174886ad9 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3284] C:\Windows\syswow64\USER32.dll!SetWindowTextW 00000000774320ec 5 bytes JMP 0000000174885c99 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3284] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000077433baa 5 bytes JMP 0000000174886a41 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3284] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000077435f74 5 bytes JMP 00000001748844d9 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3284] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000077436285 5 bytes JMP 0000000174884bf9 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3284] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000077437603 5 bytes JMP 0000000174882be9 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3284] C:\Windows\syswow64\USER32.dll!SetWindowTextA 0000000077437aee 5 bytes JMP 0000000174885c01 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3284] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007743835c 5 bytes JMP 0000000174882b51 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3284] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamAorW 000000007744ce54 5 bytes JMP 0000000174885a39 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3284] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007744f52b 5 bytes JMP 0000000174884c91 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3284] C:\Windows\syswow64\USER32.dll!FindWindowExW 000000007744f588 5 bytes JMP 0000000174886321 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3284] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamAorW 00000000774510a0 5 bytes JMP 00000001748859a1 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3284] C:\Windows\syswow64\USER32.dll!MessageBoxExA 000000007747fcd6 5 bytes JMP 0000000174885ad1 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3284] C:\Windows\syswow64\USER32.dll!MessageBoxExW 000000007747fcfa 5 bytes JMP 0000000174885b69 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3284] C:\Windows\syswow64\msvcrt.dll!_lock + 41 000000007605a472 5 bytes JMP 0000000174886f01 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3284] C:\Windows\syswow64\msvcrt.dll!__p__fmode 00000000760627ce 5 bytes JMP 0000000174881be1 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3284] C:\Windows\syswow64\msvcrt.dll!__p__environ 000000007606e6cf 5 bytes JMP 0000000174881b49 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3284] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceW 000000007737c9ec 5 bytes JMP 0000000174883c89 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3284] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceA 0000000077382b70 5 bytes JMP 0000000174883bf1 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3284] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle 000000007738361c 5 bytes JMP 00000001748840b1 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3284] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA + 222 0000000077384965 5 bytes JMP 0000000174886f99 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3284] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 00000000773970c4 5 bytes JMP 0000000174884311 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3284] C:\Windows\syswow64\ADVAPI32.dll!ControlService 00000000773970dc 5 bytes JMP 0000000174883e51 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3284] C:\Windows\syswow64\ADVAPI32.dll!DeleteService 00000000773970f4 5 bytes JMP 0000000174883ee9 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3284] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA 00000000773b31f4 5 bytes JMP 0000000174883f81 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3284] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW 00000000773b3204 5 bytes JMP 0000000174884019 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3284] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA 00000000773b3214 5 bytes JMP 0000000174883d21 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3284] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExW 00000000773b3224 5 bytes JMP 0000000174883db9 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3284] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 00000000773b3264 5 bytes JMP 0000000174884279 .text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[3284] C:\Windows\syswow64\SHELL32.dll!Shell_NotifyIconW 0000000076740179 5 bytes JMP 0000000174884d29 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3340] C:\Windows\SysWOW64\ntdll.dll!NtWriteFile 0000000077e8f928 5 bytes JMP 0000000174886ca1 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3340] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000077e8f9e0 5 bytes JMP 00000001748864e9 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3340] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000077e8fb28 5 bytes JMP 0000000174885ef9 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3340] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 0000000077e8fc20 5 bytes JMP 00000001748831d9 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3340] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 0000000077e8fc50 5 bytes JMP 00000001748815f1 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3340] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 0000000077e8fc80 5 bytes JMP 0000000174881689 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3340] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077e8fcb0 5 bytes JMP 0000000174885e61 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3340] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 0000000077e8fdc8 5 bytes JMP 0000000174886c09 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3340] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077e8fe14 5 bytes JMP 00000001748830a9 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3340] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 0000000077e8fe44 5 bytes JMP 0000000174883309 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3340] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 0000000077e8ff24 5 bytes JMP 0000000174883271 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3340] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 0000000077e8ffa4 5 bytes JMP 0000000174886d39 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3340] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 0000000077e8ffec 5 bytes JMP 0000000174882ee1 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3340] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077e90004 5 bytes JMP 0000000174882db1 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3340] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077e900b4 5 bytes JMP 0000000174881ed9 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3340] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 0000000077e901c4 5 bytes JMP 0000000174882301 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3340] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077e9079c 5 bytes JMP 0000000174886b71 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3340] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 0000000077e90814 5 bytes JMP 0000000174882e49 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3340] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077e908a4 5 bytes JMP 0000000174882d19 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3340] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077e90df4 5 bytes JMP 0000000174886581 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3340] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError 0000000077e91604 5 bytes JMP 0000000174884ac9 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3340] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077e91920 5 bytes JMP 0000000174883141 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3340] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077e91be4 5 bytes JMP 0000000174886619 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3340] C:\Windows\SysWOW64\ntdll.dll!NtSuspendProcess 0000000077e91d54 5 bytes JMP 0000000174883439 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3340] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077e91d70 5 bytes JMP 00000001748833a1 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3340] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077e91d8c 5 bytes JMP 0000000174886dd1 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3340] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl 0000000077e91ee8 5 bytes JMP 00000001748869a9 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3340] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter 0000000077ea88c4 5 bytes JMP 0000000174881ab1 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3340] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx 0000000077ed0d3b 5 bytes JMP 0000000174882009 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3340] C:\Windows\SysWOW64\ntdll.dll!RtlReportException 0000000077f1860f 5 bytes JMP 0000000174884b61 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3340] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters 0000000077f1e8ab 5 bytes JMP 0000000174881f71 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3340] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA 0000000077520e00 5 bytes JMP 0000000174881da9 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3340] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000077521072 5 bytes JMP 0000000174882a21 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3340] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 000000007752499f 5 bytes JMP 00000001748825f9 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3340] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000077533bbb 5 bytes JMP 0000000174883011 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3340] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot 0000000077547327 5 bytes JMP 0000000174882729 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3340] C:\Windows\syswow64\kernel32.dll!Process32NextW 00000000775488da 5 bytes JMP 0000000174886451 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3340] C:\Windows\syswow64\kernel32.dll!WinExec 00000000775a2ff1 5 bytes JMP 00000001748828f1 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3340] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA 00000000775c748b 5 bytes JMP 00000001748846a1 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3340] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW 00000000775c74ae 5 bytes JMP 00000001748847d1 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3340] C:\Windows\syswow64\kernel32.dll!ReadConsoleA 00000000775c7859 5 bytes JMP 0000000174884901 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3340] C:\Windows\syswow64\kernel32.dll!ReadConsoleW 00000000775c78d2 5 bytes JMP 0000000174884a31 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3340] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime 0000000075a58f8d 5 bytes JMP 0000000174881a19 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3340] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle 0000000075a5c436 5 bytes JMP 0000000174883b59 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3340] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 0000000075a5eca6 5 bytes JMP 0000000174883601 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3340] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess 0000000075a5f206 5 bytes JMP 0000000174882399 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3340] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW 0000000075a5fa89 5 bytes JMP 0000000174881e41 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3340] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW 0000000075a61358 5 bytes JMP 0000000174883ac1 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3340] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 0000000075a6137f 5 bytes JMP 0000000174883a29 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3340] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075a61d29 5 bytes JMP 0000000174881981 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3340] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress 0000000075a61e15 5 bytes JMP 00000001748824c9 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3340] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075a62ab1 5 bytes JMP 0000000174886029 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3340] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA 0000000075a62cd9 5 bytes JMP 0000000174885f91 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3340] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075a62d17 5 bytes JMP 00000001748860c1 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3340] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA 0000000075a62e7a 5 bytes JMP 00000001748818e9 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3340] C:\Windows\syswow64\KERNELBASE.dll!SleepEx 0000000075a63b70 5 bytes JMP 0000000174882269 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3340] C:\Windows\syswow64\KERNELBASE.dll!Sleep 0000000075a64496 5 bytes JMP 0000000174882431 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3340] C:\Windows\syswow64\KERNELBASE.dll!CreateThread 0000000075a64608 5 bytes JMP 0000000174883569 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3340] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread 0000000075a64631 5 bytes JMP 0000000174882c81 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3340] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA 0000000075a6c734 5 bytes JMP 00000001748827c1 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3340] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceW 000000007737c9ec 5 bytes JMP 0000000174883c89 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3340] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceA 0000000077382b70 5 bytes JMP 0000000174883bf1 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3340] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle 000000007738361c 5 bytes JMP 00000001748840b1 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3340] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA + 222 0000000077384965 1 byte JMP 0000000174886e69 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3340] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA + 224 0000000077384967 3 bytes {JMP QWORD [RAX+RDX*2]} .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3340] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 00000000773970c4 5 bytes JMP 0000000174884311 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3340] C:\Windows\syswow64\ADVAPI32.dll!ControlService 00000000773970dc 5 bytes JMP 0000000174883e51 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3340] C:\Windows\syswow64\ADVAPI32.dll!DeleteService 00000000773970f4 5 bytes JMP 0000000174883ee9 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3340] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA 00000000773b31f4 5 bytes JMP 0000000174883f81 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3340] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW 00000000773b3204 5 bytes JMP 0000000174884019 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3340] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA 00000000773b3214 5 bytes JMP 0000000174883d21 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3340] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExW 00000000773b3224 5 bytes JMP 0000000174883db9 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3340] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 00000000773b3264 5 bytes JMP 0000000174884279 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3340] C:\Windows\syswow64\msvcrt.dll!_lock + 41 000000007605a472 5 bytes JMP 0000000174886f01 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3340] C:\Windows\syswow64\msvcrt.dll!__p__fmode 00000000760627ce 5 bytes JMP 0000000174881be1 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3340] C:\Windows\syswow64\msvcrt.dll!__p__environ 000000007606e6cf 5 bytes JMP 0000000174881b49 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3340] C:\Windows\syswow64\USER32.dll!GetMessageW 00000000774278e2 5 bytes JMP 0000000174884441 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3340] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000077427bd3 5 bytes JMP 00000001748843a9 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3340] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000077428a29 5 bytes JMP 00000001748857d9 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3340] C:\Windows\syswow64\USER32.dll!FindWindowW 00000000774298fd 5 bytes JMP 0000000174886289 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3340] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize 000000007742b6ed 5 bytes JMP 0000000174886f99 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3340] C:\Windows\syswow64\USER32.dll!CreateWindowExA 000000007742d22e 5 bytes JMP 0000000174885871 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3340] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007742ee09 5 bytes JMP 00000001748834d1 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3340] C:\Windows\syswow64\USER32.dll!FindWindowA 000000007742ffe6 5 bytes JMP 0000000174886159 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3340] C:\Windows\syswow64\USER32.dll!FindWindowExA 00000000774300d9 5 bytes JMP 00000001748861f1 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3340] C:\Windows\syswow64\USER32.dll!PeekMessageW 00000000774305ba 5 bytes JMP 0000000174884571 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3340] C:\Windows\syswow64\USER32.dll!ShowWindow 0000000077430dfb 5 bytes JMP 0000000174885909 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3340] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000774312a5 5 bytes JMP 0000000174886ad9 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3340] C:\Windows\syswow64\USER32.dll!SetWindowTextW 00000000774320ec 5 bytes JMP 0000000174885c99 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3340] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000077433baa 5 bytes JMP 0000000174886a41 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3340] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000077435f74 5 bytes JMP 00000001748844d9 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3340] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000077436285 5 bytes JMP 0000000174884bf9 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3340] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000077437603 5 bytes JMP 0000000174882be9 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3340] C:\Windows\syswow64\USER32.dll!SetWindowTextA 0000000077437aee 5 bytes JMP 0000000174885c01 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3340] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007743835c 5 bytes JMP 0000000174882b51 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3340] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamAorW 000000007744ce54 5 bytes JMP 0000000174885a39 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3340] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007744f52b 5 bytes JMP 0000000174884c91 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3340] C:\Windows\syswow64\USER32.dll!FindWindowExW 000000007744f588 5 bytes JMP 0000000174886321 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3340] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamAorW 00000000774510a0 5 bytes JMP 00000001748859a1 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3340] C:\Windows\syswow64\USER32.dll!MessageBoxExA 000000007747fcd6 5 bytes JMP 0000000174885ad1 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3340] C:\Windows\syswow64\USER32.dll!MessageBoxExW 000000007747fcfa 5 bytes JMP 0000000174885b69 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3340] C:\Windows\syswow64\SHELL32.dll!Shell_NotifyIconW 0000000076740179 5 bytes JMP 0000000174884d29 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3340] C:\Windows\syswow64\WS2_32.dll!closesocket 00000000763b3918 5 bytes JMP 0000000174885dc9 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3340] C:\Windows\syswow64\WS2_32.dll!WSASocketW 00000000763b3cd3 5 bytes JMP 0000000174885d31 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3340] C:\Windows\syswow64\WS2_32.dll!socket 00000000763b3eb8 5 bytes JMP 00000001748866b1 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3340] C:\Windows\syswow64\WS2_32.dll!WSASend 00000000763b4406 5 bytes JMP 0000000174882139 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3340] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoW 00000000763b4889 5 bytes JMP 00000001748856a9 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3340] C:\Windows\syswow64\WS2_32.dll!recv 00000000763b6b0e 5 bytes JMP 0000000174886879 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3340] C:\Windows\syswow64\WS2_32.dll!connect 00000000763b6bdd 1 byte JMP 00000001748841e1 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3340] C:\Windows\syswow64\WS2_32.dll!connect + 2 00000000763b6bdf 3 bytes {CALL RBP} .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3340] C:\Windows\syswow64\WS2_32.dll!send 00000000763b6f01 5 bytes JMP 00000001748820a1 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3340] C:\Windows\syswow64\WS2_32.dll!WSARecv 00000000763b7089 5 bytes JMP 0000000174886911 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3340] C:\Windows\syswow64\WS2_32.dll!WSAConnect 00000000763bcc3f 5 bytes JMP 00000001748867e1 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3340] C:\Windows\syswow64\WS2_32.dll!gethostbyname 00000000763c7673 5 bytes JMP 0000000174885741 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3340] C:\Windows\syswow64\urlmon.dll!URLDownloadToCacheFileW 0000000075f56dd3 5 bytes JMP 0000000174884149 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3340] C:\Windows\syswow64\urlmon.dll!URLDownloadToFileW 0000000075f573ab 5 bytes JMP 00000001748821d1 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3340] C:\Windows\syswow64\urlmon.dll!URLDownloadToFileA 0000000075fcd27c 3 bytes JMP 0000000174882ab9 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3340] C:\Windows\syswow64\urlmon.dll!URLDownloadToFileA + 4 0000000075fcd280 1 byte [FE] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[1184] C:\Windows\SysWOW64\ntdll.dll!NtWriteFile 0000000077e8f928 5 bytes JMP 0000000174886ca1 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[1184] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000077e8f9e0 5 bytes JMP 00000001748864e9 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[1184] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000077e8fb28 5 bytes JMP 0000000174885ef9 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[1184] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 0000000077e8fc20 5 bytes JMP 00000001748831d9 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[1184] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 0000000077e8fc50 5 bytes JMP 00000001748815f1 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[1184] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 0000000077e8fc80 5 bytes JMP 0000000174881689 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[1184] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077e8fcb0 5 bytes JMP 0000000174885e61 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[1184] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 0000000077e8fdc8 5 bytes JMP 0000000174886c09 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[1184] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077e8fe14 5 bytes JMP 00000001748830a9 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[1184] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 0000000077e8fe44 5 bytes JMP 0000000174883309 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[1184] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 0000000077e8ff24 5 bytes JMP 0000000174883271 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[1184] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 0000000077e8ffa4 5 bytes JMP 0000000174886d39 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[1184] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 0000000077e8ffec 5 bytes JMP 0000000174882ee1 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[1184] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077e90004 5 bytes JMP 0000000174882db1 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[1184] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077e900b4 5 bytes JMP 0000000174881ed9 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[1184] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 0000000077e901c4 5 bytes JMP 0000000174882301 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[1184] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077e9079c 5 bytes JMP 0000000174886b71 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[1184] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 0000000077e90814 5 bytes JMP 0000000174882e49 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[1184] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077e908a4 5 bytes JMP 0000000174882d19 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[1184] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077e90df4 5 bytes JMP 0000000174886581 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[1184] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError 0000000077e91604 5 bytes JMP 0000000174884ac9 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[1184] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077e91920 5 bytes JMP 0000000174883141 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[1184] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077e91be4 5 bytes JMP 0000000174886619 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[1184] C:\Windows\SysWOW64\ntdll.dll!NtSuspendProcess 0000000077e91d54 5 bytes JMP 0000000174883439 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[1184] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077e91d70 5 bytes JMP 00000001748833a1 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[1184] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077e91d8c 5 bytes JMP 0000000174886dd1 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[1184] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl 0000000077e91ee8 5 bytes JMP 00000001748869a9 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[1184] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter 0000000077ea88c4 5 bytes JMP 0000000174881ab1 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[1184] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx 0000000077ed0d3b 5 bytes JMP 0000000174882009 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[1184] C:\Windows\SysWOW64\ntdll.dll!RtlReportException 0000000077f1860f 5 bytes JMP 0000000174884b61 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[1184] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters 0000000077f1e8ab 5 bytes JMP 0000000174881f71 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[1184] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA 0000000077520e00 5 bytes JMP 0000000174881da9 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[1184] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000077521072 5 bytes JMP 0000000174882a21 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[1184] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 000000007752499f 5 bytes JMP 00000001748825f9 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[1184] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000077533bbb 5 bytes JMP 0000000174883011 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[1184] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot 0000000077547327 5 bytes JMP 0000000174882729 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[1184] C:\Windows\syswow64\kernel32.dll!Process32NextW 00000000775488da 5 bytes JMP 0000000174886451 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[1184] C:\Windows\syswow64\kernel32.dll!WinExec 00000000775a2ff1 5 bytes JMP 00000001748828f1 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[1184] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA 00000000775c748b 5 bytes JMP 00000001748846a1 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[1184] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW 00000000775c74ae 5 bytes JMP 00000001748847d1 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[1184] C:\Windows\syswow64\kernel32.dll!ReadConsoleA 00000000775c7859 5 bytes JMP 0000000174884901 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[1184] C:\Windows\syswow64\kernel32.dll!ReadConsoleW 00000000775c78d2 5 bytes JMP 0000000174884a31 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[1184] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime 0000000075a58f8d 5 bytes JMP 0000000174881a19 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[1184] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle 0000000075a5c436 5 bytes JMP 0000000174883b59 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[1184] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 0000000075a5eca6 5 bytes JMP 0000000174883601 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[1184] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess 0000000075a5f206 5 bytes JMP 0000000174882399 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[1184] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW 0000000075a5fa89 5 bytes JMP 0000000174881e41 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[1184] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW 0000000075a61358 5 bytes JMP 0000000174883ac1 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[1184] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 0000000075a6137f 5 bytes JMP 0000000174883a29 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[1184] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075a61d29 5 bytes JMP 0000000174881981 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[1184] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress 0000000075a61e15 5 bytes JMP 00000001748824c9 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[1184] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075a62ab1 5 bytes JMP 0000000174886029 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[1184] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA 0000000075a62cd9 5 bytes JMP 0000000174885f91 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[1184] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075a62d17 5 bytes JMP 00000001748860c1 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[1184] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA 0000000075a62e7a 5 bytes JMP 00000001748818e9 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[1184] C:\Windows\syswow64\KERNELBASE.dll!SleepEx 0000000075a63b70 5 bytes JMP 0000000174882269 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[1184] C:\Windows\syswow64\KERNELBASE.dll!Sleep 0000000075a64496 5 bytes JMP 0000000174882431 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[1184] C:\Windows\syswow64\KERNELBASE.dll!CreateThread 0000000075a64608 5 bytes JMP 0000000174883569 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[1184] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread 0000000075a64631 5 bytes JMP 0000000174882c81 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[1184] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA 0000000075a6c734 5 bytes JMP 00000001748827c1 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[1184] C:\Windows\syswow64\msvcrt.dll!_lock + 41 000000007605a472 5 bytes JMP 0000000174886e69 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[1184] C:\Windows\syswow64\msvcrt.dll!__p__fmode 00000000760627ce 5 bytes JMP 0000000174881be1 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[1184] C:\Windows\syswow64\msvcrt.dll!__p__environ 000000007606e6cf 5 bytes JMP 0000000174881b49 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[1184] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceW 000000007737c9ec 5 bytes JMP 0000000174883c89 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[1184] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceA 0000000077382b70 5 bytes JMP 0000000174883bf1 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[1184] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle 000000007738361c 5 bytes JMP 00000001748840b1 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[1184] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA + 222 0000000077384965 5 bytes JMP 0000000174886f01 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[1184] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 00000000773970c4 5 bytes JMP 0000000174884311 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[1184] C:\Windows\syswow64\ADVAPI32.dll!ControlService 00000000773970dc 5 bytes JMP 0000000174883e51 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[1184] C:\Windows\syswow64\ADVAPI32.dll!DeleteService 00000000773970f4 5 bytes JMP 0000000174883ee9 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[1184] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA 00000000773b31f4 5 bytes JMP 0000000174883f81 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[1184] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW 00000000773b3204 5 bytes JMP 0000000174884019 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[1184] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA 00000000773b3214 5 bytes JMP 0000000174883d21 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[1184] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExW 00000000773b3224 5 bytes JMP 0000000174883db9 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[1184] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 00000000773b3264 5 bytes JMP 0000000174884279 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[1184] C:\Windows\syswow64\SHELL32.dll!Shell_NotifyIconW 0000000076740179 5 bytes JMP 0000000174884d29 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[1184] C:\Windows\syswow64\USER32.dll!GetMessageW 00000000774278e2 5 bytes JMP 0000000174884441 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[1184] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000077427bd3 5 bytes JMP 00000001748843a9 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[1184] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000077428a29 5 bytes JMP 00000001748857d9 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[1184] C:\Windows\syswow64\USER32.dll!FindWindowW 00000000774298fd 5 bytes JMP 0000000174886289 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[1184] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize 000000007742b6ed 5 bytes JMP 0000000174887031 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[1184] C:\Windows\syswow64\USER32.dll!CreateWindowExA 000000007742d22e 5 bytes JMP 0000000174885871 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[1184] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007742ee09 5 bytes JMP 00000001748834d1 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[1184] C:\Windows\syswow64\USER32.dll!FindWindowA 000000007742ffe6 5 bytes JMP 0000000174886159 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[1184] C:\Windows\syswow64\USER32.dll!FindWindowExA 00000000774300d9 5 bytes JMP 00000001748861f1 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[1184] C:\Windows\syswow64\USER32.dll!PeekMessageW 00000000774305ba 5 bytes JMP 0000000174884571 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[1184] C:\Windows\syswow64\USER32.dll!ShowWindow 0000000077430dfb 5 bytes JMP 0000000174885909 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[1184] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000774312a5 5 bytes JMP 0000000174886ad9 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[1184] C:\Windows\syswow64\USER32.dll!SetWindowTextW 00000000774320ec 5 bytes JMP 0000000174885c99 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[1184] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000077433baa 5 bytes JMP 0000000174886a41 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[1184] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000077435f74 5 bytes JMP 00000001748844d9 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[1184] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000077436285 5 bytes JMP 0000000174884bf9 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[1184] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000077437603 5 bytes JMP 0000000174882be9 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[1184] C:\Windows\syswow64\USER32.dll!SetWindowTextA 0000000077437aee 5 bytes JMP 0000000174885c01 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[1184] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007743835c 5 bytes JMP 0000000174882b51 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[1184] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamAorW 000000007744ce54 5 bytes JMP 0000000174885a39 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[1184] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007744f52b 5 bytes JMP 0000000174884c91 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[1184] C:\Windows\syswow64\USER32.dll!FindWindowExW 000000007744f588 5 bytes JMP 0000000174886321 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[1184] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamAorW 00000000774510a0 5 bytes JMP 00000001748859a1 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[1184] C:\Windows\syswow64\USER32.dll!MessageBoxExA 000000007747fcd6 5 bytes JMP 0000000174885ad1 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[1184] C:\Windows\syswow64\USER32.dll!MessageBoxExW 000000007747fcfa 5 bytes JMP 0000000174885b69 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[1184] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000765b1465 2 bytes [5B, 76] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[1184] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000765b14bb 2 bytes [5B, 76] .text ... * 2 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[1184] C:\Windows\syswow64\urlmon.dll!URLDownloadToCacheFileW 0000000075f56dd3 5 bytes JMP 0000000174884149 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[1184] C:\Windows\syswow64\urlmon.dll!URLDownloadToFileW 0000000075f573ab 5 bytes JMP 00000001748821d1 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[1184] C:\Windows\syswow64\urlmon.dll!URLDownloadToFileA 0000000075fcd27c 3 bytes JMP 0000000174882ab9 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[1184] C:\Windows\syswow64\urlmon.dll!URLDownloadToFileA + 4 0000000075fcd280 1 byte [FE] .text C:\Windows\System32\wbem\WmiPrvSE.exe[3180] C:\Windows\system32\kernel32.dll!Process32NextW + 1 0000000077a71b21 11 bytes [B8, F9, D3, 64, 76, 00, 00, ...] .text C:\Windows\System32\wbem\WmiPrvSE.exe[3180] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 0000000077a71c10 12 bytes [48, B8, F9, 39, 64, 76, 00, ...] .text C:\Windows\System32\wbem\WmiPrvSE.exe[3180] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000077a8db80 12 bytes [48, B8, B9, 2D, 64, 76, 00, ...] .text C:\Windows\System32\wbem\WmiPrvSE.exe[3180] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 0000000077a90931 11 bytes [B8, 79, E5, 64, 76, 00, 00, ...] .text C:\Windows\System32\wbem\WmiPrvSE.exe[3180] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 0000000077ac52f1 11 bytes [B8, B9, 7A, 64, 76, 00, 00, ...] .text C:\Windows\System32\wbem\WmiPrvSE.exe[3180] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000077ac5311 11 bytes [B8, 39, 77, 64, 76, 00, 00, ...] .text C:\Windows\System32\wbem\WmiPrvSE.exe[3180] C:\Windows\system32\kernel32.dll!ReadConsoleW 0000000077ada5e0 12 bytes [48, B8, B9, 81, 64, 76, 00, ...] .text C:\Windows\System32\wbem\WmiPrvSE.exe[3180] C:\Windows\system32\kernel32.dll!ReadConsoleA 0000000077ada6f0 12 bytes [48, B8, 39, 7E, 64, 76, 00, ...] .text C:\Windows\System32\wbem\WmiPrvSE.exe[3180] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefdc21861 11 bytes [B8, 79, 52, 64, 76, 00, 00, ...] .text C:\Windows\System32\wbem\WmiPrvSE.exe[3180] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefdc22db1 11 bytes [B8, B9, C7, 64, 76, 00, 00, ...] .text C:\Windows\System32\wbem\WmiPrvSE.exe[3180] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefdc23461 11 bytes [B8, 79, C9, 64, 76, 00, 00, ...] .text C:\Windows\System32\wbem\WmiPrvSE.exe[3180] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdc28ef0 12 bytes [48, B8, F9, C5, 64, 76, 00, ...] .text C:\Windows\System32\wbem\WmiPrvSE.exe[3180] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefdc294c0 12 bytes [48, B8, B9, 50, 64, 76, 00, ...] .text C:\Windows\System32\wbem\WmiPrvSE.exe[3180] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefdc2bfd1 11 bytes [B8, 39, C4, 64, 76, 00, 00, ...] .text C:\Windows\System32\wbem\WmiPrvSE.exe[3180] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefdc32af1 11 bytes [B8, F9, 4E, 64, 76, 00, 00, ...] .text C:\Windows\System32\wbem\WmiPrvSE.exe[3180] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefdc54350 12 bytes [48, B8, B9, 42, 64, 76, 00, ...] .text C:\Windows\System32\wbem\WmiPrvSE.exe[3180] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefdc62871 8 bytes [B8, 39, 23, 64, 76, 00, 00, ...] .text C:\Windows\System32\wbem\WmiPrvSE.exe[3180] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefdc6287a 2 bytes [50, C3] .text C:\Windows\System32\wbem\WmiPrvSE.exe[3180] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefdc628b1 11 bytes [B8, F9, 40, 64, 76, 00, 00, ...] .text C:\Windows\System32\wbem\WmiPrvSE.exe[3180] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefefe642d 11 bytes [B8, 39, 5B, 64, 76, 00, 00, ...] .text C:\Windows\System32\wbem\WmiPrvSE.exe[3180] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefefe6484 12 bytes [48, B8, F9, 55, 64, 76, 00, ...] .text C:\Windows\System32\wbem\WmiPrvSE.exe[3180] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefefe6519 11 bytes [B8, 39, 62, 64, 76, 00, 00, ...] .text C:\Windows\System32\wbem\WmiPrvSE.exe[3180] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefefe6c34 12 bytes [48, B8, 39, 54, 64, 76, 00, ...] .text C:\Windows\System32\wbem\WmiPrvSE.exe[3180] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefefe7ab5 11 bytes [B8, F9, 5C, 64, 76, 00, 00, ...] .text C:\Windows\System32\wbem\WmiPrvSE.exe[3180] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefefe8b01 11 bytes [B8, B9, 57, 64, 76, 00, 00, ...] .text C:\Windows\System32\wbem\WmiPrvSE.exe[3180] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefefe8c39 11 bytes [B8, 79, 59, 64, 76, 00, 00, ...] .text C:\Windows\System32\wbem\WmiPrvSE.exe[3180] C:\Windows\system32\WS2_32.dll!WSASend + 1 000007feff7013b1 11 bytes [B8, F9, BE, 64, 76, 00, 00, ...] .text C:\Windows\System32\wbem\WmiPrvSE.exe[3180] C:\Windows\system32\WS2_32.dll!closesocket 000007feff7018e0 12 bytes [48, B8, 39, BD, 64, 76, 00, ...] .text C:\Windows\System32\wbem\WmiPrvSE.exe[3180] C:\Windows\system32\WS2_32.dll!WSASocketW + 1 000007feff701bd1 11 bytes [B8, 79, BB, 64, 76, 00, 00, ...] .text C:\Windows\System32\wbem\WmiPrvSE.exe[3180] C:\Windows\system32\WS2_32.dll!WSARecv + 1 000007feff702201 11 bytes [B8, F9, E1, 64, 76, 00, 00, ...] .text C:\Windows\System32\wbem\WmiPrvSE.exe[3180] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 000007feff7023c0 12 bytes [48, B8, 79, A6, 64, 76, 00, ...] .text C:\Windows\System32\wbem\WmiPrvSE.exe[3180] C:\Windows\system32\WS2_32.dll!connect 000007feff7045c0 12 bytes [48, B8, 79, 67, 64, 76, 00, ...] .text C:\Windows\System32\wbem\WmiPrvSE.exe[3180] C:\Windows\system32\WS2_32.dll!send + 1 000007feff708001 11 bytes [B8, B9, B9, 64, 76, 00, 00, ...] .text C:\Windows\System32\wbem\WmiPrvSE.exe[3180] C:\Windows\system32\WS2_32.dll!gethostbyname 000007feff708df0 7 bytes [48, B8, 39, A8, 64, 76, 00] .text C:\Windows\System32\wbem\WmiPrvSE.exe[3180] C:\Windows\system32\WS2_32.dll!gethostbyname + 9 000007feff708df9 3 bytes [00, 50, C3] .text C:\Windows\System32\wbem\WmiPrvSE.exe[3180] C:\Windows\system32\WS2_32.dll!socket + 1 000007feff70de91 11 bytes [B8, F9, DA, 64, 76, 00, 00, ...] .text C:\Windows\System32\wbem\WmiPrvSE.exe[3180] C:\Windows\system32\WS2_32.dll!recv + 1 000007feff70df41 11 bytes [B8, 39, E0, 64, 76, 00, 00, ...] .text C:\Windows\System32\wbem\WmiPrvSE.exe[3180] C:\Windows\system32\WS2_32.dll!WSAConnect + 1 000007feff72e0f1 11 bytes [B8, 79, DE, 64, 76, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe[3740] C:\Windows\SysWOW64\ntdll.dll!NtWriteFile 0000000077e8f928 5 bytes JMP 0000000174886ca1 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe[3740] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000077e8f9e0 5 bytes JMP 00000001748864e9 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe[3740] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000077e8fb28 5 bytes JMP 0000000174885ef9 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe[3740] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 0000000077e8fc20 5 bytes JMP 00000001748831d9 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe[3740] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 0000000077e8fc50 5 bytes JMP 00000001748815f1 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe[3740] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 0000000077e8fc80 5 bytes JMP 0000000174881689 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe[3740] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077e8fcb0 5 bytes JMP 0000000174885e61 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe[3740] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 0000000077e8fdc8 5 bytes JMP 0000000174886c09 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe[3740] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077e8fe14 5 bytes JMP 00000001748830a9 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe[3740] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 0000000077e8fe44 5 bytes JMP 0000000174883309 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe[3740] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 0000000077e8ff24 5 bytes JMP 0000000174883271 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe[3740] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 0000000077e8ffa4 5 bytes JMP 0000000174886d39 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe[3740] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 0000000077e8ffec 5 bytes JMP 0000000174882ee1 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe[3740] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077e90004 5 bytes JMP 0000000174882db1 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe[3740] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077e900b4 5 bytes JMP 0000000174881ed9 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe[3740] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 0000000077e901c4 5 bytes JMP 0000000174882301 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe[3740] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077e9079c 5 bytes JMP 0000000174886b71 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe[3740] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 0000000077e90814 5 bytes JMP 0000000174882e49 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe[3740] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077e908a4 5 bytes JMP 0000000174882d19 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe[3740] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077e90df4 5 bytes JMP 0000000174886581 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe[3740] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError 0000000077e91604 5 bytes JMP 0000000174884ac9 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe[3740] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077e91920 5 bytes JMP 0000000174883141 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe[3740] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077e91be4 5 bytes JMP 0000000174886619 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe[3740] C:\Windows\SysWOW64\ntdll.dll!NtSuspendProcess 0000000077e91d54 5 bytes JMP 0000000174883439 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe[3740] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077e91d70 5 bytes JMP 00000001748833a1 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe[3740] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077e91d8c 5 bytes JMP 0000000174886dd1 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe[3740] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl 0000000077e91ee8 5 bytes JMP 00000001748869a9 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe[3740] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter 0000000077ea88c4 5 bytes JMP 0000000174881ab1 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe[3740] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx 0000000077ed0d3b 5 bytes JMP 0000000174882009 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe[3740] C:\Windows\SysWOW64\ntdll.dll!RtlReportException 0000000077f1860f 5 bytes JMP 0000000174884b61 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe[3740] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters 0000000077f1e8ab 5 bytes JMP 0000000174881f71 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe[3740] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA 0000000077520e00 5 bytes JMP 0000000174881da9 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe[3740] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000077521072 5 bytes JMP 0000000174882a21 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe[3740] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 000000007752499f 5 bytes JMP 00000001748825f9 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe[3740] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000077533bbb 5 bytes JMP 0000000174883011 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe[3740] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot 0000000077547327 5 bytes JMP 0000000174882729 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe[3740] C:\Windows\syswow64\kernel32.dll!Process32NextW 00000000775488da 5 bytes JMP 0000000174886451 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe[3740] C:\Windows\syswow64\kernel32.dll!WinExec 00000000775a2ff1 5 bytes JMP 00000001748828f1 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe[3740] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA 00000000775c748b 5 bytes JMP 00000001748846a1 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe[3740] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW 00000000775c74ae 5 bytes JMP 00000001748847d1 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe[3740] C:\Windows\syswow64\kernel32.dll!ReadConsoleA 00000000775c7859 5 bytes JMP 0000000174884901 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe[3740] C:\Windows\syswow64\kernel32.dll!ReadConsoleW 00000000775c78d2 5 bytes JMP 0000000174884a31 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe[3740] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime 0000000075a58f8d 5 bytes JMP 0000000174881a19 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe[3740] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle 0000000075a5c436 5 bytes JMP 0000000174883b59 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe[3740] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 0000000075a5eca6 5 bytes JMP 0000000174883601 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe[3740] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess 0000000075a5f206 5 bytes JMP 0000000174882399 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe[3740] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW 0000000075a5fa89 5 bytes JMP 0000000174881e41 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe[3740] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW 0000000075a61358 5 bytes JMP 0000000174883ac1 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe[3740] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 0000000075a6137f 5 bytes JMP 0000000174883a29 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe[3740] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075a61d29 5 bytes JMP 0000000174881981 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe[3740] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress 0000000075a61e15 5 bytes JMP 00000001748824c9 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe[3740] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075a62ab1 5 bytes JMP 0000000174886029 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe[3740] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA 0000000075a62cd9 5 bytes JMP 0000000174885f91 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe[3740] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075a62d17 5 bytes JMP 00000001748860c1 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe[3740] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA 0000000075a62e7a 5 bytes JMP 00000001748818e9 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe[3740] C:\Windows\syswow64\KERNELBASE.dll!SleepEx 0000000075a63b70 5 bytes JMP 0000000174882269 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe[3740] C:\Windows\syswow64\KERNELBASE.dll!Sleep 0000000075a64496 5 bytes JMP 0000000174882431 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe[3740] C:\Windows\syswow64\KERNELBASE.dll!CreateThread 0000000075a64608 5 bytes JMP 0000000174883569 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe[3740] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread 0000000075a64631 5 bytes JMP 0000000174882c81 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe[3740] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA 0000000075a6c734 5 bytes JMP 00000001748827c1 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe[3740] C:\Windows\syswow64\msvcrt.dll!_lock + 41 000000007605a472 5 bytes JMP 0000000174886e69 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe[3740] C:\Windows\syswow64\msvcrt.dll!__p__fmode 00000000760627ce 5 bytes JMP 0000000174881be1 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe[3740] C:\Windows\syswow64\msvcrt.dll!__p__environ 000000007606e6cf 5 bytes JMP 0000000174881b49 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe[3740] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceW 000000007737c9ec 5 bytes JMP 0000000174883c89 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe[3740] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceA 0000000077382b70 5 bytes JMP 0000000174883bf1 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe[3740] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle 000000007738361c 5 bytes JMP 00000001748840b1 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe[3740] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA + 222 0000000077384965 5 bytes JMP 0000000174886f01 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe[3740] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 00000000773970c4 5 bytes JMP 0000000174884311 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe[3740] C:\Windows\syswow64\ADVAPI32.dll!ControlService 00000000773970dc 5 bytes JMP 0000000174883e51 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe[3740] C:\Windows\syswow64\ADVAPI32.dll!DeleteService 00000000773970f4 5 bytes JMP 0000000174883ee9 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe[3740] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA 00000000773b31f4 5 bytes JMP 0000000174883f81 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe[3740] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW 00000000773b3204 5 bytes JMP 0000000174884019 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe[3740] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA 00000000773b3214 5 bytes JMP 0000000174883d21 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe[3740] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExW 00000000773b3224 5 bytes JMP 0000000174883db9 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe[3740] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 00000000773b3264 5 bytes JMP 0000000174884279 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe[3740] C:\Windows\syswow64\USER32.dll!GetMessageW 00000000774278e2 5 bytes JMP 0000000174884441 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe[3740] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000077427bd3 5 bytes JMP 00000001748843a9 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe[3740] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000077428a29 5 bytes JMP 00000001748857d9 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe[3740] C:\Windows\syswow64\USER32.dll!FindWindowW 00000000774298fd 5 bytes JMP 0000000174886289 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe[3740] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize 000000007742b6ed 5 bytes JMP 0000000174886f99 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe[3740] C:\Windows\syswow64\USER32.dll!CreateWindowExA 000000007742d22e 5 bytes JMP 0000000174885871 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe[3740] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007742ee09 5 bytes JMP 00000001748834d1 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe[3740] C:\Windows\syswow64\USER32.dll!FindWindowA 000000007742ffe6 5 bytes JMP 0000000174886159 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe[3740] C:\Windows\syswow64\USER32.dll!FindWindowExA 00000000774300d9 5 bytes JMP 00000001748861f1 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe[3740] C:\Windows\syswow64\USER32.dll!PeekMessageW 00000000774305ba 5 bytes JMP 0000000174884571 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe[3740] C:\Windows\syswow64\USER32.dll!ShowWindow 0000000077430dfb 5 bytes JMP 0000000174885909 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe[3740] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000774312a5 5 bytes JMP 0000000174886ad9 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe[3740] C:\Windows\syswow64\USER32.dll!SetWindowTextW 00000000774320ec 5 bytes JMP 0000000174885c99 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe[3740] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000077433baa 5 bytes JMP 0000000174886a41 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe[3740] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000077435f74 5 bytes JMP 00000001748844d9 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe[3740] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000077436285 5 bytes JMP 0000000174884bf9 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe[3740] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000077437603 5 bytes JMP 0000000174882be9 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe[3740] C:\Windows\syswow64\USER32.dll!SetWindowTextA 0000000077437aee 5 bytes JMP 0000000174885c01 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe[3740] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007743835c 5 bytes JMP 0000000174882b51 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe[3740] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamAorW 000000007744ce54 5 bytes JMP 0000000174885a39 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe[3740] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007744f52b 5 bytes JMP 0000000174884c91 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe[3740] C:\Windows\syswow64\USER32.dll!FindWindowExW 000000007744f588 5 bytes JMP 0000000174886321 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe[3740] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamAorW 00000000774510a0 5 bytes JMP 00000001748859a1 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe[3740] C:\Windows\syswow64\USER32.dll!MessageBoxExA 000000007747fcd6 5 bytes JMP 0000000174885ad1 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe[3740] C:\Windows\syswow64\USER32.dll!MessageBoxExW 000000007747fcfa 5 bytes JMP 0000000174885b69 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe[3740] C:\Windows\syswow64\SHELL32.dll!Shell_NotifyIconW 0000000076740179 5 bytes JMP 0000000174884d29 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe[3740] C:\Windows\syswow64\WS2_32.dll!closesocket 00000000763b3918 5 bytes JMP 0000000174885dc9 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe[3740] C:\Windows\syswow64\WS2_32.dll!WSASocketW 00000000763b3cd3 5 bytes JMP 0000000174885d31 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe[3740] C:\Windows\syswow64\WS2_32.dll!socket 00000000763b3eb8 5 bytes JMP 00000001748866b1 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe[3740] C:\Windows\syswow64\WS2_32.dll!WSASend 00000000763b4406 5 bytes JMP 0000000174882139 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe[3740] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoW 00000000763b4889 5 bytes JMP 00000001748856a9 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe[3740] C:\Windows\syswow64\WS2_32.dll!recv 00000000763b6b0e 5 bytes JMP 0000000174886879 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe[3740] C:\Windows\syswow64\WS2_32.dll!connect 00000000763b6bdd 1 byte JMP 00000001748841e1 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe[3740] C:\Windows\syswow64\WS2_32.dll!connect + 2 00000000763b6bdf 3 bytes {CALL RBP} .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe[3740] C:\Windows\syswow64\WS2_32.dll!send 00000000763b6f01 5 bytes JMP 00000001748820a1 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe[3740] C:\Windows\syswow64\WS2_32.dll!WSARecv 00000000763b7089 5 bytes JMP 0000000174886911 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe[3740] C:\Windows\syswow64\WS2_32.dll!WSAConnect 00000000763bcc3f 5 bytes JMP 00000001748867e1 .text C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe[3740] C:\Windows\syswow64\WS2_32.dll!gethostbyname 00000000763c7673 5 bytes JMP 0000000174885741 .text C:\Windows\system32\svchost.exe[2004] C:\Windows\system32\kernel32.dll!Process32NextW + 1 0000000077a71b21 11 bytes [B8, F9, D3, 64, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2004] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 0000000077a71c10 12 bytes [48, B8, F9, 39, 64, 76, 00, ...] .text C:\Windows\system32\svchost.exe[2004] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000077a8db80 12 bytes [48, B8, B9, 2D, 64, 76, 00, ...] .text C:\Windows\system32\svchost.exe[2004] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 0000000077a90931 11 bytes [B8, 79, E5, 64, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2004] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 0000000077ac52f1 11 bytes [B8, B9, 7A, 64, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2004] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000077ac5311 11 bytes [B8, 39, 77, 64, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2004] C:\Windows\system32\kernel32.dll!ReadConsoleW 0000000077ada5e0 12 bytes [48, B8, B9, 81, 64, 76, 00, ...] .text C:\Windows\system32\svchost.exe[2004] C:\Windows\system32\kernel32.dll!ReadConsoleA 0000000077ada6f0 12 bytes [48, B8, 39, 7E, 64, 76, 00, ...] .text C:\Windows\system32\svchost.exe[2004] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefdc21861 11 bytes [B8, 79, 52, 64, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2004] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefdc22db1 11 bytes [B8, B9, C7, 64, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2004] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefdc23461 11 bytes [B8, 79, C9, 64, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2004] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdc28ef0 12 bytes [48, B8, F9, C5, 64, 76, 00, ...] .text C:\Windows\system32\svchost.exe[2004] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefdc294c0 12 bytes [48, B8, B9, 50, 64, 76, 00, ...] .text C:\Windows\system32\svchost.exe[2004] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefdc2bfd1 11 bytes [B8, 39, C4, 64, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2004] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefdc32af1 11 bytes [B8, F9, 4E, 64, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2004] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefdc54350 12 bytes [48, B8, B9, 42, 64, 76, 00, ...] .text C:\Windows\system32\svchost.exe[2004] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefdc62871 8 bytes [B8, 39, 23, 64, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2004] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefdc6287a 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[2004] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefdc628b1 11 bytes [B8, F9, 40, 64, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2004] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefefe642d 11 bytes [B8, 39, 5B, 64, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2004] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefefe6484 12 bytes [48, B8, F9, 55, 64, 76, 00, ...] .text C:\Windows\system32\svchost.exe[2004] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefefe6519 11 bytes [B8, 39, 62, 64, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2004] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefefe6c34 12 bytes [48, B8, 39, 54, 64, 76, 00, ...] .text C:\Windows\system32\svchost.exe[2004] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefefe7ab5 11 bytes [B8, F9, 5C, 64, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2004] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefefe8b01 11 bytes [B8, B9, 57, 64, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2004] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefefe8c39 11 bytes [B8, 79, 59, 64, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2004] C:\Windows\system32\WS2_32.dll!WSASend + 1 000007feff7013b1 11 bytes [B8, F9, BE, 64, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2004] C:\Windows\system32\WS2_32.dll!closesocket 000007feff7018e0 12 bytes [48, B8, 39, BD, 64, 76, 00, ...] .text C:\Windows\system32\svchost.exe[2004] C:\Windows\system32\WS2_32.dll!WSASocketW + 1 000007feff701bd1 11 bytes [B8, 79, BB, 64, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2004] C:\Windows\system32\WS2_32.dll!WSARecv + 1 000007feff702201 11 bytes [B8, F9, E1, 64, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2004] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 000007feff7023c0 12 bytes [48, B8, 79, A6, 64, 76, 00, ...] .text C:\Windows\system32\svchost.exe[2004] C:\Windows\system32\WS2_32.dll!connect 000007feff7045c0 12 bytes [48, B8, 79, 67, 64, 76, 00, ...] .text C:\Windows\system32\svchost.exe[2004] C:\Windows\system32\WS2_32.dll!send + 1 000007feff708001 11 bytes [B8, B9, B9, 64, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2004] C:\Windows\system32\WS2_32.dll!gethostbyname 000007feff708df0 7 bytes [48, B8, 39, A8, 64, 76, 00] .text C:\Windows\system32\svchost.exe[2004] C:\Windows\system32\WS2_32.dll!gethostbyname + 9 000007feff708df9 3 bytes [00, 50, C3] .text C:\Windows\system32\svchost.exe[2004] C:\Windows\system32\WS2_32.dll!socket + 1 000007feff70de91 11 bytes [B8, F9, DA, 64, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2004] C:\Windows\system32\WS2_32.dll!recv + 1 000007feff70df41 11 bytes [B8, 39, E0, 64, 76, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2004] C:\Windows\system32\WS2_32.dll!WSAConnect + 1 000007feff72e0f1 11 bytes [B8, 79, DE, 64, 76, 00, 00, ...] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4312] C:\Windows\system32\kernel32.dll!Process32NextW + 1 0000000077a71b21 11 bytes [B8, F9, D3, 64, 76, 00, 00, ...] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4312] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 0000000077a71c10 12 bytes [48, B8, F9, 39, 64, 76, 00, ...] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4312] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000077a8db80 12 bytes [48, B8, B9, 2D, 64, 76, 00, ...] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4312] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 0000000077a90931 11 bytes [B8, 79, E5, 64, 76, 00, 00, ...] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4312] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 0000000077ac52f1 11 bytes [B8, B9, 7A, 64, 76, 00, 00, ...] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4312] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000077ac5311 11 bytes [B8, 39, 77, 64, 76, 00, 00, ...] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4312] C:\Windows\system32\kernel32.dll!ReadConsoleW 0000000077ada5e0 12 bytes [48, B8, B9, 81, 64, 76, 00, ...] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4312] C:\Windows\system32\kernel32.dll!ReadConsoleA 0000000077ada6f0 12 bytes [48, B8, 39, 7E, 64, 76, 00, ...] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4312] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefdc21861 11 bytes [B8, 79, 52, 64, 76, 00, 00, ...] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4312] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefdc22db1 11 bytes [B8, B9, C7, 64, 76, 00, 00, ...] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4312] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefdc23461 11 bytes [B8, 79, C9, 64, 76, 00, 00, ...] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4312] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdc28ef0 12 bytes [48, B8, F9, C5, 64, 76, 00, ...] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4312] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefdc294c0 12 bytes [48, B8, B9, 50, 64, 76, 00, ...] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4312] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefdc2bfd1 11 bytes [B8, 39, C4, 64, 76, 00, 00, ...] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4312] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefdc32af1 11 bytes [B8, F9, 4E, 64, 76, 00, 00, ...] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4312] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefdc54350 12 bytes [48, B8, B9, 42, 64, 76, 00, ...] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4312] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefdc62871 8 bytes [B8, 39, 23, 64, 76, 00, 00, ...] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4312] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefdc6287a 2 bytes [50, C3] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4312] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefdc628b1 11 bytes [B8, F9, 40, 64, 76, 00, 00, ...] .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4840] C:\Windows\system32\kernel32.dll!Process32NextW + 1 0000000077a71b21 11 bytes [B8, F9, D3, 64, 76, 00, 00, ...] .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4840] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 0000000077a71c10 12 bytes [48, B8, F9, 39, 64, 76, 00, ...] .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4840] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000077a8db80 12 bytes [48, B8, B9, 2D, 64, 76, 00, ...] .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4840] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 0000000077a90931 11 bytes [B8, 79, E5, 64, 76, 00, 00, ...] .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4840] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 0000000077ac52f1 11 bytes [B8, B9, 7A, 64, 76, 00, 00, ...] .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4840] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000077ac5311 11 bytes [B8, 39, 77, 64, 76, 00, 00, ...] .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4840] C:\Windows\system32\kernel32.dll!ReadConsoleW 0000000077ada5e0 12 bytes [48, B8, B9, 81, 64, 76, 00, ...] .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4840] C:\Windows\system32\kernel32.dll!ReadConsoleA 0000000077ada6f0 12 bytes [48, B8, 39, 7E, 64, 76, 00, ...] .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4840] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefdc21861 11 bytes [B8, 79, 52, 64, 76, 00, 00, ...] .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4840] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefdc22db1 11 bytes [B8, B9, C7, 64, 76, 00, 00, ...] .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4840] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefdc23461 11 bytes [B8, 79, C9, 64, 76, 00, 00, ...] .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4840] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdc28ef0 12 bytes [48, B8, F9, C5, 64, 76, 00, ...] .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4840] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefdc294c0 12 bytes [48, B8, B9, 50, 64, 76, 00, ...] .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4840] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefdc2bfd1 11 bytes [B8, 39, C4, 64, 76, 00, 00, ...] .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4840] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefdc32af1 11 bytes [B8, F9, 4E, 64, 76, 00, 00, ...] .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4840] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefdc54350 12 bytes [48, B8, B9, 42, 64, 76, 00, ...] .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4840] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefdc62871 8 bytes [B8, 39, 23, 64, 76, 00, 00, ...] .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4840] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefdc6287a 2 bytes [50, C3] .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4840] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefdc628b1 11 bytes [B8, F9, 40, 64, 76, 00, 00, ...] .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4840] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49 000007fefedf4ea1 11 bytes [B8, 79, FA, 64, 76, 00, 00, ...] .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4840] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fefedf55c8 12 bytes [48, B8, B9, 6C, 64, 76, 00, ...] .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4840] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fefee0b85c 12 bytes [48, B8, F9, 6A, 64, 76, 00, ...] .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4840] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW 000007fefee0b9d0 12 bytes [48, B8, 79, 60, 64, 76, 00, ...] .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4840] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007fefee0ba3c 12 bytes [48, B8, B9, 5E, 64, 76, 00, ...] .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4840] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefefe642d 11 bytes [B8, 39, 5B, 64, 76, 00, 00, ...] .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4840] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefefe6484 12 bytes [48, B8, F9, 55, 64, 76, 00, ...] .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4840] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefefe6519 11 bytes [B8, 39, 62, 64, 76, 00, 00, ...] .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4840] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefefe6c34 12 bytes [48, B8, 39, 54, 64, 76, 00, ...] .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4840] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefefe7ab5 11 bytes [B8, F9, 5C, 64, 76, 00, 00, ...] .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4840] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefefe8b01 11 bytes [B8, B9, 57, 64, 76, 00, 00, ...] .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4840] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefefe8c39 11 bytes [B8, 79, 59, 64, 76, 00, 00, ...] .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5068] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000077cc92d1 5 bytes [B8, 39, 69, 64, 76] .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5068] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7 0000000077cc92d7 5 bytes [00, 00, 00, 50, C3] .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5068] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 0000000077ce1330 6 bytes [48, B8, B9, F1, 64, 76] .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5068] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 0000000077ce1338 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5068] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077ce13a0 6 bytes [48, B8, B9, D5, 64, 76] .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5068] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 0000000077ce13a8 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5068] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077ce1470 6 bytes [48, B8, 79, C2, 64, 76] .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5068] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 0000000077ce1478 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077ce1510 6 bytes [48, B8, F9, 32, 64, 76] .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000077ce1518 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5068] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077ce1530 6 bytes [48, B8, 39, 1C, 64, 76] .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5068] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000077ce1538 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5068] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000077ce1550 6 bytes [48, B8, F9, 1D, 64, 76] .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5068] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000077ce1558 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5068] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077ce1570 6 bytes [48, B8, B9, C0, 64, 76] .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5068] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 0000000077ce1578 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077ce1620 6 bytes [48, B8, 39, EE, 64, 76] .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 0000000077ce1628 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5068] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077ce1650 6 bytes [48, B8, 79, 2F, 64, 76] .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5068] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 0000000077ce1658 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5068] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077ce1670 6 bytes [48, B8, 79, 36, 64, 76] .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5068] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 0000000077ce1678 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5068] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077ce1700 6 bytes [48, B8, B9, 34, 64, 76] .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5068] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 0000000077ce1708 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077ce1750 6 bytes [48, B8, 79, F3, 64, 76] .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 0000000077ce1758 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000077ce1780 6 bytes [48, B8, 39, 2A, 64, 76] .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 0000000077ce1788 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077ce1790 6 bytes [48, B8, B9, 26, 64, 76] .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 0000000077ce1798 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077ce1800 6 bytes [48, B8, F9, EF, 64, 76] .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000077ce1808 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5068] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 0000000077ce18b0 6 bytes [48, B8, F9, F6, 64, 76] .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5068] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 0000000077ce18b8 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077ce1c80 6 bytes [48, B8, 79, EC, 64, 76] .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 0000000077ce1c88 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000077ce1cd0 6 bytes [48, B8, 79, 28, 64, 76] .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 0000000077ce1cd8 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077ce1d30 6 bytes [48, B8, F9, 24, 64, 76] .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 0000000077ce1d38 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5068] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077ce20a0 6 bytes [48, B8, 79, D7, 64, 76] .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5068] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 0000000077ce20a8 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5068] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 0000000077ce25e0 6 bytes [48, B8, 79, 83, 64, 76] .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5068] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 0000000077ce25e8 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5068] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077ce27e0 6 bytes [48, B8, 39, 31, 64, 76] .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5068] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 0000000077ce27e8 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5068] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077ce29a0 6 bytes [48, B8, 39, D9, 64, 76] .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5068] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 0000000077ce29a8 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5068] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077ce2a80 6 bytes [48, B8, 79, 3D, 64, 76] .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5068] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8 0000000077ce2a88 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5068] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077ce2a90 6 bytes [48, B8, B9, 3B, 64, 76] .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5068] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8 0000000077ce2a98 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5068] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077ce2aa0 6 bytes [48, B8, 39, F5, 64, 76] .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5068] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 0000000077ce2aa8 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5068] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077ce2b80 6 bytes [48, B8, 39, E7, 64, 76] .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5068] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 0000000077ce2b88 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[5068] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 0000000077d53201 11 bytes [B8, 39, 85, 64, 76, 00, 00, ...] .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4148] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000077cc92d1 5 bytes [B8, 39, 69, 64, 76] .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4148] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7 0000000077cc92d7 5 bytes [00, 00, 00, 50, C3] .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4148] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 0000000077ce1330 6 bytes [48, B8, B9, F1, 64, 76] .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4148] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 0000000077ce1338 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4148] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077ce13a0 6 bytes [48, B8, B9, D5, 64, 76] .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4148] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 0000000077ce13a8 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4148] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077ce1470 6 bytes [48, B8, 79, C2, 64, 76] .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4148] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 0000000077ce1478 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4148] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077ce1510 6 bytes [48, B8, F9, 32, 64, 76] .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4148] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000077ce1518 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4148] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077ce1530 6 bytes [48, B8, 39, 1C, 64, 76] .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4148] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000077ce1538 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4148] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000077ce1550 6 bytes [48, B8, F9, 1D, 64, 76] .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4148] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000077ce1558 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4148] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077ce1570 6 bytes [48, B8, B9, C0, 64, 76] .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4148] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 0000000077ce1578 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4148] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077ce1620 6 bytes [48, B8, 39, EE, 64, 76] .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4148] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 0000000077ce1628 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4148] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077ce1650 6 bytes [48, B8, 79, 2F, 64, 76] .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4148] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 0000000077ce1658 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4148] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077ce1670 6 bytes [48, B8, 79, 36, 64, 76] .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4148] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 0000000077ce1678 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4148] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077ce1700 6 bytes [48, B8, B9, 34, 64, 76] .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4148] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 0000000077ce1708 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4148] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077ce1750 6 bytes [48, B8, 79, F3, 64, 76] .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4148] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 0000000077ce1758 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4148] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000077ce1780 6 bytes [48, B8, 39, 2A, 64, 76] .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4148] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 0000000077ce1788 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4148] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077ce1790 6 bytes [48, B8, B9, 26, 64, 76] .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4148] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 0000000077ce1798 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4148] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077ce1800 6 bytes [48, B8, F9, EF, 64, 76] .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4148] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000077ce1808 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4148] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 0000000077ce18b0 6 bytes [48, B8, F9, F6, 64, 76] .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4148] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 0000000077ce18b8 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4148] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077ce1c80 6 bytes [48, B8, 79, EC, 64, 76] .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4148] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 0000000077ce1c88 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4148] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000077ce1cd0 6 bytes [48, B8, 79, 28, 64, 76] .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4148] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 0000000077ce1cd8 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4148] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077ce1d30 6 bytes [48, B8, F9, 24, 64, 76] .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4148] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 0000000077ce1d38 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4148] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077ce20a0 6 bytes [48, B8, 79, D7, 64, 76] .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4148] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 0000000077ce20a8 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4148] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 0000000077ce25e0 6 bytes [48, B8, 79, 83, 64, 76] .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4148] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 0000000077ce25e8 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4148] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077ce27e0 6 bytes [48, B8, 39, 31, 64, 76] .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4148] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 0000000077ce27e8 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4148] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077ce29a0 6 bytes [48, B8, 39, D9, 64, 76] .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4148] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 0000000077ce29a8 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4148] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077ce2a80 6 bytes [48, B8, 79, 3D, 64, 76] .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4148] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8 0000000077ce2a88 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4148] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077ce2a90 6 bytes [48, B8, B9, 3B, 64, 76] .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4148] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8 0000000077ce2a98 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4148] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077ce2aa0 6 bytes [48, B8, 39, F5, 64, 76] .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4148] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 0000000077ce2aa8 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4148] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077ce2b80 6 bytes [48, B8, 39, E7, 64, 76] .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4148] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 0000000077ce2b88 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4148] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 0000000077d53201 11 bytes [B8, 39, 85, 64, 76, 00, 00, ...] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[4960] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000077cc92d1 5 bytes [B8, 39, 69, 64, 76] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[4960] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7 0000000077cc92d7 5 bytes [00, 00, 00, 50, C3] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[4960] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 0000000077ce1330 6 bytes [48, B8, B9, F1, 64, 76] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[4960] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 0000000077ce1338 4 bytes [00, 00, 50, C3] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[4960] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077ce13a0 6 bytes [48, B8, B9, D5, 64, 76] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[4960] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 0000000077ce13a8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[4960] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077ce1470 6 bytes [48, B8, 79, C2, 64, 76] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[4960] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 0000000077ce1478 4 bytes [00, 00, 50, C3] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[4960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077ce1510 6 bytes [48, B8, F9, 32, 64, 76] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[4960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000077ce1518 4 bytes [00, 00, 50, C3] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[4960] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077ce1530 6 bytes [48, B8, 39, 1C, 64, 76] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[4960] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000077ce1538 4 bytes [00, 00, 50, C3] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[4960] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000077ce1550 6 bytes [48, B8, F9, 1D, 64, 76] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[4960] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000077ce1558 4 bytes [00, 00, 50, C3] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[4960] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077ce1570 6 bytes [48, B8, B9, C0, 64, 76] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[4960] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 0000000077ce1578 4 bytes [00, 00, 50, C3] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[4960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077ce1620 6 bytes [48, B8, 39, EE, 64, 76] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[4960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 0000000077ce1628 4 bytes [00, 00, 50, C3] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[4960] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077ce1650 6 bytes [48, B8, 79, 2F, 64, 76] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[4960] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 0000000077ce1658 4 bytes [00, 00, 50, C3] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[4960] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077ce1670 6 bytes [48, B8, 79, 36, 64, 76] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[4960] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 0000000077ce1678 4 bytes [00, 00, 50, C3] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[4960] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077ce1700 6 bytes [48, B8, B9, 34, 64, 76] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[4960] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 0000000077ce1708 4 bytes [00, 00, 50, C3] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[4960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077ce1750 6 bytes [48, B8, 79, F3, 64, 76] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[4960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 0000000077ce1758 4 bytes [00, 00, 50, C3] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[4960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000077ce1780 6 bytes [48, B8, 39, 2A, 64, 76] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[4960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 0000000077ce1788 4 bytes [00, 00, 50, C3] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[4960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077ce1790 6 bytes [48, B8, B9, 26, 64, 76] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[4960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 0000000077ce1798 4 bytes [00, 00, 50, C3] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[4960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077ce1800 6 bytes [48, B8, F9, EF, 64, 76] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[4960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000077ce1808 4 bytes [00, 00, 50, C3] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[4960] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 0000000077ce18b0 6 bytes [48, B8, F9, F6, 64, 76] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[4960] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 0000000077ce18b8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[4960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077ce1c80 6 bytes [48, B8, 79, EC, 64, 76] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[4960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 0000000077ce1c88 4 bytes [00, 00, 50, C3] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[4960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000077ce1cd0 6 bytes [48, B8, 79, 28, 64, 76] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[4960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 0000000077ce1cd8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[4960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077ce1d30 6 bytes [48, B8, F9, 24, 64, 76] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[4960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 0000000077ce1d38 4 bytes [00, 00, 50, C3] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[4960] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077ce20a0 6 bytes [48, B8, 79, D7, 64, 76] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[4960] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 0000000077ce20a8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[4960] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 0000000077ce25e0 6 bytes [48, B8, 79, 83, 64, 76] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[4960] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 0000000077ce25e8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[4960] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077ce27e0 6 bytes [48, B8, 39, 31, 64, 76] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[4960] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 0000000077ce27e8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[4960] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077ce29a0 6 bytes [48, B8, 39, D9, 64, 76] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[4960] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 0000000077ce29a8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[4960] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077ce2a80 6 bytes [48, B8, 79, 3D, 64, 76] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[4960] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8 0000000077ce2a88 4 bytes [00, 00, 50, C3] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[4960] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077ce2a90 6 bytes [48, B8, B9, 3B, 64, 76] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[4960] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8 0000000077ce2a98 4 bytes [00, 00, 50, C3] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[4960] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077ce2aa0 6 bytes [48, B8, 39, F5, 64, 76] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[4960] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 0000000077ce2aa8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[4960] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077ce2b80 6 bytes [48, B8, 39, E7, 64, 76] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[4960] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 0000000077ce2b88 4 bytes [00, 00, 50, C3] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[4960] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 0000000077d53201 11 bytes [B8, 39, 85, 64, 76, 00, 00, ...] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[4960] C:\Windows\system32\KERNEL32.dll!Process32NextW + 1 0000000077a71b21 11 bytes [B8, F9, D3, 64, 76, 00, 00, ...] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[4960] C:\Windows\system32\KERNEL32.dll!CreateToolhelp32Snapshot 0000000077a71c10 12 bytes [48, B8, F9, 39, 64, 76, 00, ...] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[4960] C:\Windows\system32\KERNEL32.dll!CreateProcessInternalW 0000000077a8db80 12 bytes [48, B8, B9, 2D, 64, 76, 00, ...] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[4960] C:\Windows\system32\KERNEL32.dll!GetStartupInfoA + 1 0000000077a90931 11 bytes [B8, 79, E5, 64, 76, 00, 00, ...] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[4960] C:\Windows\system32\KERNEL32.dll!ReadConsoleInputW + 1 0000000077ac52f1 11 bytes [B8, B9, 7A, 64, 76, 00, 00, ...] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[4960] C:\Windows\system32\KERNEL32.dll!ReadConsoleInputA + 1 0000000077ac5311 11 bytes [B8, 39, 77, 64, 76, 00, 00, ...] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[4960] C:\Windows\system32\KERNEL32.dll!ReadConsoleW 0000000077ada5e0 12 bytes [48, B8, B9, 81, 64, 76, 00, ...] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[4960] C:\Windows\system32\KERNEL32.dll!ReadConsoleA 0000000077ada6f0 12 bytes [48, B8, 39, 7E, 64, 76, 00, ...] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[4960] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefdc21861 11 bytes [B8, 79, 52, 64, 76, 00, 00, ...] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[4960] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefdc22db1 11 bytes [B8, B9, C7, 64, 76, 00, 00, ...] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[4960] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefdc23461 11 bytes [B8, 79, C9, 64, 76, 00, 00, ...] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[4960] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdc28ef0 12 bytes [48, B8, F9, C5, 64, 76, 00, ...] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[4960] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefdc294c0 12 bytes [48, B8, B9, 50, 64, 76, 00, ...] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[4960] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefdc2bfd1 11 bytes [B8, 39, C4, 64, 76, 00, 00, ...] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[4960] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefdc32af1 11 bytes [B8, F9, 4E, 64, 76, 00, 00, ...] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[4960] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefdc54350 12 bytes [48, B8, B9, 42, 64, 76, 00, ...] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[4960] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefdc62871 8 bytes [B8, 39, 23, 64, 76, 00, 00, ...] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[4960] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefdc6287a 2 bytes [50, C3] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[4960] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefdc628b1 11 bytes [B8, F9, 40, 64, 76, 00, 00, ...] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[4960] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49 000007fefedf4ea1 11 bytes [B8, B9, F8, 64, 76, 00, 00, ...] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[4960] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fefedf55c8 12 bytes [48, B8, B9, 6C, 64, 76, 00, ...] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[4960] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fefee0b85c 12 bytes [48, B8, F9, 6A, 64, 76, 00, ...] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[4960] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW 000007fefee0b9d0 12 bytes [48, B8, 79, 60, 64, 76, 00, ...] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[4960] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007fefee0ba3c 12 bytes [48, B8, B9, 5E, 64, 76, 00, ...] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[4960] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefefe642d 11 bytes [B8, 39, 5B, 64, 76, 00, 00, ...] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[4960] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefefe6484 12 bytes [48, B8, F9, 55, 64, 76, 00, ...] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[4960] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefefe6519 11 bytes [B8, 39, 62, 64, 76, 00, 00, ...] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[4960] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefefe6c34 12 bytes [48, B8, 39, 54, 64, 76, 00, ...] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[4960] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefefe7ab5 11 bytes [B8, F9, 5C, 64, 76, 00, 00, ...] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[4960] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefefe8b01 11 bytes [B8, B9, 57, 64, 76, 00, 00, ...] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[4960] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefefe8c39 11 bytes [B8, 79, 59, 64, 76, 00, 00, ...] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[4960] C:\Windows\system32\d3d9.dll!Direct3DCreate9 000007fee96096b0 12 bytes [48, B8, F9, 8D, 64, 76, 00, ...] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[4960] C:\Windows\system32\urlmon.dll!URLDownloadToFileW + 1 000007feff5d69ed 11 bytes [B8, F9, 63, 64, 76, 00, 00, ...] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[4960] C:\Windows\system32\urlmon.dll!URLDownloadToCacheFileW 000007feff5e7620 12 bytes [48, B8, B9, 65, 64, 76, 00, ...] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000077cc92d1 5 bytes [B8, 39, 69, 64, 76] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7 0000000077cc92d7 5 bytes [00, 00, 00, 50, C3] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 0000000077ce1330 6 bytes [48, B8, B9, F1, 64, 76] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 0000000077ce1338 4 bytes [00, 00, 50, C3] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077ce13a0 6 bytes [48, B8, B9, D5, 64, 76] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 0000000077ce13a8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077ce1470 6 bytes [48, B8, 79, C2, 64, 76] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 0000000077ce1478 4 bytes [00, 00, 50, C3] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077ce1510 6 bytes [48, B8, F9, 32, 64, 76] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000077ce1518 4 bytes [00, 00, 50, C3] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077ce1530 6 bytes [48, B8, 39, 1C, 64, 76] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000077ce1538 4 bytes [00, 00, 50, C3] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000077ce1550 6 bytes [48, B8, F9, 1D, 64, 76] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000077ce1558 4 bytes [00, 00, 50, C3] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077ce1570 6 bytes [48, B8, B9, C0, 64, 76] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 0000000077ce1578 4 bytes [00, 00, 50, C3] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077ce1620 6 bytes [48, B8, 39, EE, 64, 76] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 0000000077ce1628 4 bytes [00, 00, 50, C3] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077ce1650 6 bytes [48, B8, 79, 2F, 64, 76] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 0000000077ce1658 4 bytes [00, 00, 50, C3] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077ce1670 6 bytes [48, B8, 79, 36, 64, 76] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 0000000077ce1678 4 bytes [00, 00, 50, C3] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077ce1700 6 bytes [48, B8, B9, 34, 64, 76] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 0000000077ce1708 4 bytes [00, 00, 50, C3] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077ce1750 6 bytes [48, B8, 79, F3, 64, 76] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 0000000077ce1758 4 bytes [00, 00, 50, C3] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000077ce1780 6 bytes [48, B8, 39, 2A, 64, 76] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 0000000077ce1788 4 bytes [00, 00, 50, C3] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077ce1790 6 bytes [48, B8, B9, 26, 64, 76] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 0000000077ce1798 4 bytes [00, 00, 50, C3] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077ce1800 6 bytes [48, B8, F9, EF, 64, 76] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000077ce1808 4 bytes [00, 00, 50, C3] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 0000000077ce18b0 6 bytes [48, B8, F9, F6, 64, 76] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 0000000077ce18b8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077ce1c80 6 bytes [48, B8, 79, EC, 64, 76] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 0000000077ce1c88 4 bytes [00, 00, 50, C3] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000077ce1cd0 6 bytes [48, B8, 79, 28, 64, 76] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 0000000077ce1cd8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077ce1d30 6 bytes [48, B8, F9, 24, 64, 76] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 0000000077ce1d38 4 bytes [00, 00, 50, C3] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077ce20a0 6 bytes [48, B8, 79, D7, 64, 76] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 0000000077ce20a8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 0000000077ce25e0 6 bytes [48, B8, 79, 83, 64, 76] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 0000000077ce25e8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077ce27e0 6 bytes [48, B8, 39, 31, 64, 76] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 0000000077ce27e8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077ce29a0 6 bytes [48, B8, 39, D9, 64, 76] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 0000000077ce29a8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077ce2a80 6 bytes [48, B8, 79, 3D, 64, 76] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8 0000000077ce2a88 4 bytes [00, 00, 50, C3] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077ce2a90 6 bytes [48, B8, B9, 3B, 64, 76] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8 0000000077ce2a98 4 bytes [00, 00, 50, C3] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077ce2aa0 6 bytes [48, B8, 39, F5, 64, 76] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 0000000077ce2aa8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077ce2b80 6 bytes [48, B8, 39, E7, 64, 76] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 0000000077ce2b88 4 bytes [00, 00, 50, C3] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[4760] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 0000000077d53201 11 bytes [B8, 39, 85, 64, 76, 00, 00, ...] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[4760] C:\Windows\system32\KERNEL32.dll!Process32NextW + 1 0000000077a71b21 11 bytes [B8, F9, D3, 64, 76, 00, 00, ...] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[4760] C:\Windows\system32\KERNEL32.dll!CreateToolhelp32Snapshot 0000000077a71c10 12 bytes [48, B8, F9, 39, 64, 76, 00, ...] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[4760] C:\Windows\system32\KERNEL32.dll!CreateProcessInternalW 0000000077a8db80 12 bytes [48, B8, B9, 2D, 64, 76, 00, ...] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[4760] C:\Windows\system32\KERNEL32.dll!GetStartupInfoA + 1 0000000077a90931 11 bytes [B8, 79, E5, 64, 76, 00, 00, ...] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[4760] C:\Windows\system32\KERNEL32.dll!ReadConsoleInputW + 1 0000000077ac52f1 11 bytes [B8, B9, 7A, 64, 76, 00, 00, ...] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[4760] C:\Windows\system32\KERNEL32.dll!ReadConsoleInputA + 1 0000000077ac5311 11 bytes [B8, 39, 77, 64, 76, 00, 00, ...] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[4760] C:\Windows\system32\KERNEL32.dll!ReadConsoleW 0000000077ada5e0 12 bytes [48, B8, B9, 81, 64, 76, 00, ...] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[4760] C:\Windows\system32\KERNEL32.dll!ReadConsoleA 0000000077ada6f0 12 bytes [48, B8, 39, 7E, 64, 76, 00, ...] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[4760] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefdc21861 11 bytes [B8, 79, 52, 64, 76, 00, 00, ...] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[4760] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefdc22db1 11 bytes [B8, B9, C7, 64, 76, 00, 00, ...] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[4760] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefdc23461 11 bytes [B8, 79, C9, 64, 76, 00, 00, ...] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[4760] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdc28ef0 12 bytes [48, B8, F9, C5, 64, 76, 00, ...] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[4760] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefdc294c0 12 bytes [48, B8, B9, 50, 64, 76, 00, ...] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[4760] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefdc2bfd1 11 bytes [B8, 39, C4, 64, 76, 00, 00, ...] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[4760] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefdc32af1 11 bytes [B8, F9, 4E, 64, 76, 00, 00, ...] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[4760] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefdc54350 12 bytes [48, B8, B9, 42, 64, 76, 00, ...] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[4760] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefdc62871 8 bytes [B8, 39, 23, 64, 76, 00, 00, ...] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[4760] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefdc6287a 2 bytes [50, C3] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[4760] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefdc628b1 11 bytes [B8, F9, 40, 64, 76, 00, 00, ...] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[4760] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49 000007fefedf4ea1 11 bytes [B8, B9, F8, 64, 76, 00, 00, ...] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[4760] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fefedf55c8 12 bytes [48, B8, B9, 6C, 64, 76, 00, ...] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[4760] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fefee0b85c 12 bytes [48, B8, F9, 6A, 64, 76, 00, ...] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[4760] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW 000007fefee0b9d0 12 bytes [48, B8, 79, 60, 64, 76, 00, ...] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[4760] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007fefee0ba3c 12 bytes [48, B8, B9, 5E, 64, 76, 00, ...] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[4760] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefefe642d 11 bytes [B8, 39, 5B, 64, 76, 00, 00, ...] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[4760] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefefe6484 12 bytes [48, B8, F9, 55, 64, 76, 00, ...] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[4760] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefefe6519 11 bytes [B8, 39, 62, 64, 76, 00, 00, ...] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[4760] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefefe6c34 12 bytes [48, B8, 39, 54, 64, 76, 00, ...] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[4760] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefefe7ab5 11 bytes [B8, F9, 5C, 64, 76, 00, 00, ...] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[4760] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefefe8b01 11 bytes [B8, B9, 57, 64, 76, 00, 00, ...] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[4760] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefefe8c39 11 bytes [B8, 79, 59, 64, 76, 00, 00, ...] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[4760] C:\Windows\system32\WS2_32.dll!WSASend + 1 000007feff7013b1 11 bytes [B8, F9, BE, 64, 76, 00, 00, ...] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[4760] C:\Windows\system32\WS2_32.dll!closesocket 000007feff7018e0 12 bytes [48, B8, 39, BD, 64, 76, 00, ...] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[4760] C:\Windows\system32\WS2_32.dll!WSASocketW + 1 000007feff701bd1 11 bytes [B8, 79, BB, 64, 76, 00, 00, ...] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[4760] C:\Windows\system32\WS2_32.dll!WSARecv + 1 000007feff702201 11 bytes [B8, F9, E1, 64, 76, 00, 00, ...] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[4760] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 000007feff7023c0 12 bytes [48, B8, 79, A6, 64, 76, 00, ...] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[4760] C:\Windows\system32\WS2_32.dll!connect 000007feff7045c0 12 bytes [48, B8, 79, 67, 64, 76, 00, ...] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[4760] C:\Windows\system32\WS2_32.dll!send + 1 000007feff708001 11 bytes [B8, B9, B9, 64, 76, 00, 00, ...] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[4760] C:\Windows\system32\WS2_32.dll!gethostbyname 000007feff708df0 7 bytes [48, B8, 39, A8, 64, 76, 00] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[4760] C:\Windows\system32\WS2_32.dll!gethostbyname + 9 000007feff708df9 3 bytes [00, 50, C3] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[4760] C:\Windows\system32\WS2_32.dll!socket + 1 000007feff70de91 11 bytes [B8, F9, DA, 64, 76, 00, 00, ...] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[4760] C:\Windows\system32\WS2_32.dll!recv + 1 000007feff70df41 11 bytes [B8, 39, E0, 64, 76, 00, 00, ...] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[4760] C:\Windows\system32\WS2_32.dll!WSAConnect + 1 000007feff72e0f1 11 bytes [B8, 79, DE, 64, 76, 00, 00, ...] .text C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000077cc92d1 5 bytes [B8, 39, 69, 64, 76] .text C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7 0000000077cc92d7 5 bytes [00, 00, 00, 50, C3] .text C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 0000000077ce1330 6 bytes [48, B8, B9, F1, 64, 76] .text C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 0000000077ce1338 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077ce13a0 6 bytes [48, B8, B9, D5, 64, 76] .text C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 0000000077ce13a8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077ce1470 6 bytes [48, B8, 79, C2, 64, 76] .text C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 0000000077ce1478 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077ce1510 6 bytes [48, B8, F9, 32, 64, 76] .text C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000077ce1518 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077ce1530 6 bytes [48, B8, 39, 1C, 64, 76] .text C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000077ce1538 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000077ce1550 6 bytes [48, B8, F9, 1D, 64, 76] .text C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000077ce1558 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077ce1570 6 bytes [48, B8, B9, C0, 64, 76] .text C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 0000000077ce1578 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077ce1620 6 bytes [48, B8, 39, EE, 64, 76] .text C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 0000000077ce1628 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077ce1650 6 bytes [48, B8, 79, 2F, 64, 76] .text C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 0000000077ce1658 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077ce1670 6 bytes [48, B8, 79, 36, 64, 76] .text C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 0000000077ce1678 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077ce1700 6 bytes [48, B8, B9, 34, 64, 76] .text C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 0000000077ce1708 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077ce1750 6 bytes [48, B8, 79, F3, 64, 76] .text C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 0000000077ce1758 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000077ce1780 6 bytes [48, B8, 39, 2A, 64, 76] .text C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 0000000077ce1788 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077ce1790 6 bytes [48, B8, B9, 26, 64, 76] .text C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 0000000077ce1798 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077ce1800 6 bytes [48, B8, F9, EF, 64, 76] .text C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000077ce1808 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 0000000077ce18b0 6 bytes [48, B8, F9, F6, 64, 76] .text C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 0000000077ce18b8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077ce1c80 6 bytes [48, B8, 79, EC, 64, 76] .text C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 0000000077ce1c88 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000077ce1cd0 6 bytes [48, B8, 79, 28, 64, 76] .text C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 0000000077ce1cd8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077ce1d30 6 bytes [48, B8, F9, 24, 64, 76] .text C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 0000000077ce1d38 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077ce20a0 6 bytes [48, B8, 79, D7, 64, 76] .text C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 0000000077ce20a8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 0000000077ce25e0 6 bytes [48, B8, 79, 83, 64, 76] .text C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 0000000077ce25e8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077ce27e0 6 bytes [48, B8, 39, 31, 64, 76] .text C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 0000000077ce27e8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077ce29a0 6 bytes [48, B8, 39, D9, 64, 76] .text C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 0000000077ce29a8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077ce2a80 6 bytes [48, B8, 79, 3D, 64, 76] .text C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8 0000000077ce2a88 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077ce2a90 6 bytes [48, B8, B9, 3B, 64, 76] .text C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8 0000000077ce2a98 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077ce2aa0 6 bytes [48, B8, 39, F5, 64, 76] .text C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 0000000077ce2aa8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077ce2b80 6 bytes [48, B8, 39, E7, 64, 76] .text C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 0000000077ce2b88 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe[4468] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 0000000077d53201 11 bytes [B8, 39, 85, 64, 76, 00, 00, ...] .text C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe[4468] C:\Windows\system32\KERNEL32.dll!Process32NextW + 1 0000000077a71b21 11 bytes [B8, F9, D3, 64, 76, 00, 00, ...] .text C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe[4468] C:\Windows\system32\KERNEL32.dll!CreateToolhelp32Snapshot 0000000077a71c10 12 bytes [48, B8, F9, 39, 64, 76, 00, ...] .text C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe[4468] C:\Windows\system32\KERNEL32.dll!CreateProcessInternalW 0000000077a8db80 12 bytes [48, B8, B9, 2D, 64, 76, 00, ...] .text C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe[4468] C:\Windows\system32\KERNEL32.dll!GetStartupInfoA + 1 0000000077a90931 11 bytes [B8, 79, E5, 64, 76, 00, 00, ...] .text C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe[4468] C:\Windows\system32\KERNEL32.dll!ReadConsoleInputW + 1 0000000077ac52f1 11 bytes [B8, B9, 7A, 64, 76, 00, 00, ...] .text C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe[4468] C:\Windows\system32\KERNEL32.dll!ReadConsoleInputA + 1 0000000077ac5311 11 bytes [B8, 39, 77, 64, 76, 00, 00, ...] .text C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe[4468] C:\Windows\system32\KERNEL32.dll!ReadConsoleW 0000000077ada5e0 12 bytes [48, B8, B9, 81, 64, 76, 00, ...] .text C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe[4468] C:\Windows\system32\KERNEL32.dll!ReadConsoleA 0000000077ada6f0 12 bytes [48, B8, 39, 7E, 64, 76, 00, ...] .text C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe[4468] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefdc21861 11 bytes [B8, 79, 52, 64, 76, 00, 00, ...] .text C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe[4468] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefdc22db1 11 bytes [B8, B9, C7, 64, 76, 00, 00, ...] .text C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe[4468] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefdc23461 11 bytes [B8, 79, C9, 64, 76, 00, 00, ...] .text C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe[4468] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdc28ef0 12 bytes [48, B8, F9, C5, 64, 76, 00, ...] .text C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe[4468] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefdc294c0 12 bytes [48, B8, B9, 50, 64, 76, 00, ...] .text C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe[4468] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefdc2bfd1 11 bytes [B8, 39, C4, 64, 76, 00, 00, ...] .text C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe[4468] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefdc32af1 11 bytes [B8, F9, 4E, 64, 76, 00, 00, ...] .text C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe[4468] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefdc54350 12 bytes [48, B8, B9, 42, 64, 76, 00, ...] .text C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe[4468] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefdc62871 8 bytes [B8, 39, 23, 64, 76, 00, 00, ...] .text C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe[4468] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefdc6287a 2 bytes [50, C3] .text C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe[4468] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefdc628b1 11 bytes [B8, F9, 40, 64, 76, 00, 00, ...] .text C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe[4468] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefefe642d 11 bytes [B8, 39, 5B, 64, 76, 00, 00, ...] .text C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe[4468] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefefe6484 12 bytes [48, B8, F9, 55, 64, 76, 00, ...] .text C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe[4468] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefefe6519 11 bytes [B8, 39, 62, 64, 76, 00, 00, ...] .text C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe[4468] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefefe6c34 12 bytes [48, B8, 39, 54, 64, 76, 00, ...] .text C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe[4468] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefefe7ab5 11 bytes [B8, F9, 5C, 64, 76, 00, 00, ...] .text C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe[4468] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefefe8b01 11 bytes [B8, B9, 57, 64, 76, 00, 00, ...] .text C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe[4468] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefefe8c39 11 bytes [B8, 79, 59, 64, 76, 00, 00, ...] .text C:\Program Files\Realtek\RtVOsd\RtVOsd.exe[3560] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000077cc92d1 5 bytes [B8, 39, 69, 64, 76] .text C:\Program Files\Realtek\RtVOsd\RtVOsd.exe[3560] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7 0000000077cc92d7 5 bytes [00, 00, 00, 50, C3] .text C:\Program Files\Realtek\RtVOsd\RtVOsd.exe[3560] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 0000000077ce1330 6 bytes [48, B8, B9, F1, 64, 76] .text C:\Program Files\Realtek\RtVOsd\RtVOsd.exe[3560] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 0000000077ce1338 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\RtVOsd\RtVOsd.exe[3560] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000077ce13a0 6 bytes [48, B8, B9, D5, 64, 76] .text C:\Program Files\Realtek\RtVOsd\RtVOsd.exe[3560] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 0000000077ce13a8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\RtVOsd\RtVOsd.exe[3560] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077ce1470 6 bytes [48, B8, 79, C2, 64, 76] .text C:\Program Files\Realtek\RtVOsd\RtVOsd.exe[3560] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 0000000077ce1478 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\RtVOsd\RtVOsd.exe[3560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077ce1510 6 bytes [48, B8, F9, 32, 64, 76] .text C:\Program Files\Realtek\RtVOsd\RtVOsd.exe[3560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000077ce1518 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\RtVOsd\RtVOsd.exe[3560] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077ce1530 6 bytes [48, B8, 39, 1C, 64, 76] .text C:\Program Files\Realtek\RtVOsd\RtVOsd.exe[3560] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000077ce1538 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\RtVOsd\RtVOsd.exe[3560] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000077ce1550 6 bytes [48, B8, F9, 1D, 64, 76] .text C:\Program Files\Realtek\RtVOsd\RtVOsd.exe[3560] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000077ce1558 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\RtVOsd\RtVOsd.exe[3560] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077ce1570 6 bytes [48, B8, B9, C0, 64, 76] .text C:\Program Files\Realtek\RtVOsd\RtVOsd.exe[3560] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 0000000077ce1578 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\RtVOsd\RtVOsd.exe[3560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077ce1620 6 bytes [48, B8, 39, EE, 64, 76] .text C:\Program Files\Realtek\RtVOsd\RtVOsd.exe[3560] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 0000000077ce1628 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\RtVOsd\RtVOsd.exe[3560] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077ce1650 6 bytes [48, B8, 79, 2F, 64, 76] .text C:\Program Files\Realtek\RtVOsd\RtVOsd.exe[3560] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 0000000077ce1658 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\RtVOsd\RtVOsd.exe[3560] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077ce1670 6 bytes [48, B8, 79, 36, 64, 76] .text C:\Program Files\Realtek\RtVOsd\RtVOsd.exe[3560] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 0000000077ce1678 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\RtVOsd\RtVOsd.exe[3560] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077ce1700 6 bytes [48, B8, B9, 34, 64, 76] .text C:\Program Files\Realtek\RtVOsd\RtVOsd.exe[3560] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 0000000077ce1708 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\RtVOsd\RtVOsd.exe[3560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077ce1750 6 bytes [48, B8, 79, F3, 64, 76] .text C:\Program Files\Realtek\RtVOsd\RtVOsd.exe[3560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 0000000077ce1758 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\RtVOsd\RtVOsd.exe[3560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000077ce1780 6 bytes [48, B8, 39, 2A, 64, 76] .text C:\Program Files\Realtek\RtVOsd\RtVOsd.exe[3560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 0000000077ce1788 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\RtVOsd\RtVOsd.exe[3560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077ce1790 6 bytes [48, B8, B9, 26, 64, 76] .text C:\Program Files\Realtek\RtVOsd\RtVOsd.exe[3560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 0000000077ce1798 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\RtVOsd\RtVOsd.exe[3560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077ce1800 6 bytes [48, B8, F9, EF, 64, 76] .text C:\Program Files\Realtek\RtVOsd\RtVOsd.exe[3560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000077ce1808 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\RtVOsd\RtVOsd.exe[3560] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 0000000077ce18b0 6 bytes [48, B8, F9, F6, 64, 76] .text C:\Program Files\Realtek\RtVOsd\RtVOsd.exe[3560] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 0000000077ce18b8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\RtVOsd\RtVOsd.exe[3560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077ce1c80 6 bytes [48, B8, 79, EC, 64, 76] .text C:\Program Files\Realtek\RtVOsd\RtVOsd.exe[3560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 0000000077ce1c88 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\RtVOsd\RtVOsd.exe[3560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000077ce1cd0 6 bytes [48, B8, 79, 28, 64, 76] .text C:\Program Files\Realtek\RtVOsd\RtVOsd.exe[3560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 0000000077ce1cd8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\RtVOsd\RtVOsd.exe[3560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077ce1d30 6 bytes [48, B8, F9, 24, 64, 76] .text C:\Program Files\Realtek\RtVOsd\RtVOsd.exe[3560] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 0000000077ce1d38 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\RtVOsd\RtVOsd.exe[3560] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077ce20a0 6 bytes [48, B8, 79, D7, 64, 76] .text C:\Program Files\Realtek\RtVOsd\RtVOsd.exe[3560] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 0000000077ce20a8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\RtVOsd\RtVOsd.exe[3560] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 0000000077ce25e0 6 bytes [48, B8, 79, 83, 64, 76] .text C:\Program Files\Realtek\RtVOsd\RtVOsd.exe[3560] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 0000000077ce25e8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\RtVOsd\RtVOsd.exe[3560] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077ce27e0 6 bytes [48, B8, 39, 31, 64, 76] .text C:\Program Files\Realtek\RtVOsd\RtVOsd.exe[3560] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 0000000077ce27e8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\RtVOsd\RtVOsd.exe[3560] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077ce29a0 6 bytes [48, B8, 39, D9, 64, 76] .text C:\Program Files\Realtek\RtVOsd\RtVOsd.exe[3560] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 0000000077ce29a8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\RtVOsd\RtVOsd.exe[3560] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077ce2a80 6 bytes [48, B8, 79, 3D, 64, 76] .text C:\Program Files\Realtek\RtVOsd\RtVOsd.exe[3560] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8 0000000077ce2a88 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\RtVOsd\RtVOsd.exe[3560] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077ce2a90 6 bytes [48, B8, B9, 3B, 64, 76] .text C:\Program Files\Realtek\RtVOsd\RtVOsd.exe[3560] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8 0000000077ce2a98 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\RtVOsd\RtVOsd.exe[3560] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077ce2aa0 6 bytes [48, B8, 39, F5, 64, 76] .text C:\Program Files\Realtek\RtVOsd\RtVOsd.exe[3560] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 0000000077ce2aa8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\RtVOsd\RtVOsd.exe[3560] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077ce2b80 6 bytes [48, B8, 39, E7, 64, 76] .text C:\Program Files\Realtek\RtVOsd\RtVOsd.exe[3560] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 0000000077ce2b88 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\RtVOsd\RtVOsd.exe[3560] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 0000000077d53201 11 bytes [B8, 39, 85, 64, 76, 00, 00, ...] .text C:\Program Files\Realtek\RtVOsd\RtVOsd.exe[3560] C:\Windows\system32\kernel32.dll!Process32NextW + 1 0000000077a71b21 11 bytes [B8, F9, D3, 64, 76, 00, 00, ...] .text C:\Program Files\Realtek\RtVOsd\RtVOsd.exe[3560] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 0000000077a71c10 12 bytes [48, B8, F9, 39, 64, 76, 00, ...] .text C:\Program Files\Realtek\RtVOsd\RtVOsd.exe[3560] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000077a8db80 12 bytes [48, B8, B9, 2D, 64, 76, 00, ...] .text C:\Program Files\Realtek\RtVOsd\RtVOsd.exe[3560] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 0000000077a90931 11 bytes [B8, 79, E5, 64, 76, 00, 00, ...] .text C:\Program Files\Realtek\RtVOsd\RtVOsd.exe[3560] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 0000000077ac52f1 11 bytes [B8, B9, 7A, 64, 76, 00, 00, ...] .text C:\Program Files\Realtek\RtVOsd\RtVOsd.exe[3560] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000077ac5311 11 bytes [B8, 39, 77, 64, 76, 00, 00, ...] .text C:\Program Files\Realtek\RtVOsd\RtVOsd.exe[3560] C:\Windows\system32\kernel32.dll!ReadConsoleW 0000000077ada5e0 12 bytes [48, B8, B9, 81, 64, 76, 00, ...] .text C:\Program Files\Realtek\RtVOsd\RtVOsd.exe[3560] C:\Windows\system32\kernel32.dll!ReadConsoleA 0000000077ada6f0 12 bytes [48, B8, 39, 7E, 64, 76, 00, ...] .text C:\Program Files\Realtek\RtVOsd\RtVOsd.exe[3560] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefdc21861 11 bytes [B8, 79, 52, 64, 76, 00, 00, ...] .text C:\Program Files\Realtek\RtVOsd\RtVOsd.exe[3560] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefdc22db1 11 bytes [B8, B9, C7, 64, 76, 00, 00, ...] .text C:\Program Files\Realtek\RtVOsd\RtVOsd.exe[3560] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefdc23461 11 bytes [B8, 79, C9, 64, 76, 00, 00, ...] .text C:\Program Files\Realtek\RtVOsd\RtVOsd.exe[3560] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdc28ef0 12 bytes [48, B8, F9, C5, 64, 76, 00, ...] .text C:\Program Files\Realtek\RtVOsd\RtVOsd.exe[3560] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefdc294c0 12 bytes [48, B8, B9, 50, 64, 76, 00, ...] .text C:\Program Files\Realtek\RtVOsd\RtVOsd.exe[3560] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefdc2bfd1 11 bytes [B8, 39, C4, 64, 76, 00, 00, ...] .text C:\Program Files\Realtek\RtVOsd\RtVOsd.exe[3560] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefdc32af1 11 bytes [B8, F9, 4E, 64, 76, 00, 00, ...] .text C:\Program Files\Realtek\RtVOsd\RtVOsd.exe[3560] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefdc54350 12 bytes [48, B8, B9, 42, 64, 76, 00, ...] .text C:\Program Files\Realtek\RtVOsd\RtVOsd.exe[3560] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefdc62871 8 bytes [B8, 39, 23, 64, 76, 00, 00, ...] .text C:\Program Files\Realtek\RtVOsd\RtVOsd.exe[3560] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefdc6287a 2 bytes [50, C3] .text C:\Program Files\Realtek\RtVOsd\RtVOsd.exe[3560] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefdc628b1 11 bytes [B8, F9, 40, 64, 76, 00, 00, ...] .text C:\Program Files\Realtek\RtVOsd\RtVOsd.exe[3560] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefefe642d 11 bytes [B8, 39, 5B, 64, 76, 00, 00, ...] .text C:\Program Files\Realtek\RtVOsd\RtVOsd.exe[3560] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefefe6484 12 bytes [48, B8, F9, 55, 64, 76, 00, ...] .text C:\Program Files\Realtek\RtVOsd\RtVOsd.exe[3560] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefefe6519 11 bytes [B8, 39, 62, 64, 76, 00, 00, ...] .text C:\Program Files\Realtek\RtVOsd\RtVOsd.exe[3560] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefefe6c34 12 bytes [48, B8, 39, 54, 64, 76, 00, ...] .text C:\Program Files\Realtek\RtVOsd\RtVOsd.exe[3560] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefefe7ab5 11 bytes [B8, F9, 5C, 64, 76, 00, 00, ...] .text C:\Program Files\Realtek\RtVOsd\RtVOsd.exe[3560] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefefe8b01 11 bytes [B8, B9, 57, 64, 76, 00, 00, ...] .text C:\Program Files\Realtek\RtVOsd\RtVOsd.exe[3560] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefefe8c39 11 bytes [B8, 79, 59, 64, 76, 00, 00, ...] .text C:\Windows\System32\wbem\WmiPrvSE.exe[4924] C:\Windows\system32\kernel32.dll!Process32NextW + 1 0000000077a71b21 11 bytes [B8, F9, D3, 64, 76, 00, 00, ...] .text C:\Windows\System32\wbem\WmiPrvSE.exe[4924] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 0000000077a71c10 12 bytes [48, B8, F9, 39, 64, 76, 00, ...] .text C:\Windows\System32\wbem\WmiPrvSE.exe[4924] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000077a8db80 12 bytes [48, B8, B9, 2D, 64, 76, 00, ...] .text C:\Windows\System32\wbem\WmiPrvSE.exe[4924] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 0000000077a90931 11 bytes [B8, 79, E5, 64, 76, 00, 00, ...] .text C:\Windows\System32\wbem\WmiPrvSE.exe[4924] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 0000000077ac52f1 11 bytes [B8, B9, 7A, 64, 76, 00, 00, ...] .text C:\Windows\System32\wbem\WmiPrvSE.exe[4924] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000077ac5311 11 bytes [B8, 39, 77, 64, 76, 00, 00, ...] .text C:\Windows\System32\wbem\WmiPrvSE.exe[4924] C:\Windows\system32\kernel32.dll!ReadConsoleW 0000000077ada5e0 12 bytes [48, B8, B9, 81, 64, 76, 00, ...] .text C:\Windows\System32\wbem\WmiPrvSE.exe[4924] C:\Windows\system32\kernel32.dll!ReadConsoleA 0000000077ada6f0 12 bytes [48, B8, 39, 7E, 64, 76, 00, ...] .text C:\Windows\System32\wbem\WmiPrvSE.exe[4924] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefdc21861 11 bytes [B8, 79, 52, 64, 76, 00, 00, ...] .text C:\Windows\System32\wbem\WmiPrvSE.exe[4924] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefdc22db1 11 bytes [B8, B9, C7, 64, 76, 00, 00, ...] .text C:\Windows\System32\wbem\WmiPrvSE.exe[4924] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefdc23461 11 bytes [B8, 79, C9, 64, 76, 00, 00, ...] .text C:\Windows\System32\wbem\WmiPrvSE.exe[4924] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdc28ef0 12 bytes [48, B8, F9, C5, 64, 76, 00, ...] .text C:\Windows\System32\wbem\WmiPrvSE.exe[4924] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefdc294c0 12 bytes [48, B8, B9, 50, 64, 76, 00, ...] .text C:\Windows\System32\wbem\WmiPrvSE.exe[4924] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefdc2bfd1 11 bytes [B8, 39, C4, 64, 76, 00, 00, ...] .text C:\Windows\System32\wbem\WmiPrvSE.exe[4924] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefdc32af1 11 bytes [B8, F9, 4E, 64, 76, 00, 00, ...] .text C:\Windows\System32\wbem\WmiPrvSE.exe[4924] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefdc54350 12 bytes [48, B8, B9, 42, 64, 76, 00, ...] .text C:\Windows\System32\wbem\WmiPrvSE.exe[4924] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefdc62871 8 bytes [B8, 39, 23, 64, 76, 00, 00, ...] .text C:\Windows\System32\wbem\WmiPrvSE.exe[4924] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefdc6287a 2 bytes [50, C3] .text C:\Windows\System32\wbem\WmiPrvSE.exe[4924] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefdc628b1 11 bytes [B8, F9, 40, 64, 76, 00, 00, ...] .text C:\Windows\System32\wbem\WmiPrvSE.exe[4924] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefefe642d 11 bytes [B8, 39, 5B, 64, 76, 00, 00, ...] .text C:\Windows\System32\wbem\WmiPrvSE.exe[4924] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefefe6484 12 bytes [48, B8, F9, 55, 64, 76, 00, ...] .text C:\Windows\System32\wbem\WmiPrvSE.exe[4924] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefefe6519 11 bytes [B8, 39, 62, 64, 76, 00, 00, ...] .text C:\Windows\System32\wbem\WmiPrvSE.exe[4924] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefefe6c34 12 bytes [48, B8, 39, 54, 64, 76, 00, ...] .text C:\Windows\System32\wbem\WmiPrvSE.exe[4924] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefefe7ab5 11 bytes [B8, F9, 5C, 64, 76, 00, 00, ...] .text C:\Windows\System32\wbem\WmiPrvSE.exe[4924] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefefe8b01 11 bytes [B8, B9, 57, 64, 76, 00, 00, ...] .text C:\Windows\System32\wbem\WmiPrvSE.exe[4924] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefefe8c39 11 bytes [B8, 79, 59, 64, 76, 00, 00, ...] .text C:\Windows\System32\wbem\WmiPrvSE.exe[4924] C:\Windows\system32\WS2_32.dll!WSASend + 1 000007feff7013b1 11 bytes [B8, F9, BE, 64, 76, 00, 00, ...] .text C:\Windows\System32\wbem\WmiPrvSE.exe[4924] C:\Windows\system32\WS2_32.dll!closesocket 000007feff7018e0 12 bytes [48, B8, 39, BD, 64, 76, 00, ...] .text C:\Windows\System32\wbem\WmiPrvSE.exe[4924] C:\Windows\system32\WS2_32.dll!WSASocketW + 1 000007feff701bd1 11 bytes [B8, 79, BB, 64, 76, 00, 00, ...] .text C:\Windows\System32\wbem\WmiPrvSE.exe[4924] C:\Windows\system32\WS2_32.dll!WSARecv + 1 000007feff702201 11 bytes [B8, F9, E1, 64, 76, 00, 00, ...] .text C:\Windows\System32\wbem\WmiPrvSE.exe[4924] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 000007feff7023c0 12 bytes [48, B8, 79, A6, 64, 76, 00, ...] .text C:\Windows\System32\wbem\WmiPrvSE.exe[4924] C:\Windows\system32\WS2_32.dll!connect 000007feff7045c0 12 bytes [48, B8, 79, 67, 64, 76, 00, ...] .text C:\Windows\System32\wbem\WmiPrvSE.exe[4924] C:\Windows\system32\WS2_32.dll!send + 1 000007feff708001 11 bytes [B8, B9, B9, 64, 76, 00, 00, ...] .text C:\Windows\System32\wbem\WmiPrvSE.exe[4924] C:\Windows\system32\WS2_32.dll!gethostbyname 000007feff708df0 7 bytes [48, B8, 39, A8, 64, 76, 00] .text C:\Windows\System32\wbem\WmiPrvSE.exe[4924] C:\Windows\system32\WS2_32.dll!gethostbyname + 9 000007feff708df9 3 bytes [00, 50, C3] .text C:\Windows\System32\wbem\WmiPrvSE.exe[4924] C:\Windows\system32\WS2_32.dll!socket + 1 000007feff70de91 11 bytes [B8, F9, DA, 64, 76, 00, 00, ...] .text C:\Windows\System32\wbem\WmiPrvSE.exe[4924] C:\Windows\system32\WS2_32.dll!recv + 1 000007feff70df41 11 bytes [B8, 39, E0, 64, 76, 00, 00, ...] .text C:\Windows\System32\wbem\WmiPrvSE.exe[4924] C:\Windows\system32\WS2_32.dll!WSAConnect + 1 000007feff72e0f1 11 bytes [B8, 79, DE, 64, 76, 00, 00, ...] .text C:\Users\Laure\Desktop\kq8okcvu.exe[1888] C:\Windows\SysWOW64\ntdll.dll!NtReadFile 0000000077e8f8f0 5 bytes JMP 00000001748866b1 .text C:\Users\Laure\Desktop\kq8okcvu.exe[1888] C:\Windows\SysWOW64\ntdll.dll!NtWriteFile 0000000077e8f928 5 bytes JMP 0000000174886d39 .text C:\Users\Laure\Desktop\kq8okcvu.exe[1888] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000077e8f9e0 5 bytes JMP 00000001748864e9 .text C:\Users\Laure\Desktop\kq8okcvu.exe[1888] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000077e8fb28 5 bytes JMP 0000000174885ef9 .text C:\Users\Laure\Desktop\kq8okcvu.exe[1888] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 0000000077e8fc20 5 bytes JMP 00000001748831d9 .text C:\Users\Laure\Desktop\kq8okcvu.exe[1888] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 0000000077e8fc50 5 bytes JMP 00000001748815f1 .text C:\Users\Laure\Desktop\kq8okcvu.exe[1888] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 0000000077e8fc80 5 bytes JMP 0000000174881689 .text C:\Users\Laure\Desktop\kq8okcvu.exe[1888] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077e8fcb0 5 bytes JMP 0000000174885e61 .text C:\Users\Laure\Desktop\kq8okcvu.exe[1888] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 0000000077e8fdc8 5 bytes JMP 0000000174886ca1 .text C:\Users\Laure\Desktop\kq8okcvu.exe[1888] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077e8fe14 5 bytes JMP 00000001748830a9 .text C:\Users\Laure\Desktop\kq8okcvu.exe[1888] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 0000000077e8fe44 5 bytes JMP 0000000174883309 .text C:\Users\Laure\Desktop\kq8okcvu.exe[1888] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 0000000077e8ff24 5 bytes JMP 0000000174883271 .text C:\Users\Laure\Desktop\kq8okcvu.exe[1888] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 0000000077e8ffa4 5 bytes JMP 0000000174886dd1 .text C:\Users\Laure\Desktop\kq8okcvu.exe[1888] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 0000000077e8ffec 5 bytes JMP 0000000174882ee1 .text C:\Users\Laure\Desktop\kq8okcvu.exe[1888] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077e90004 5 bytes JMP 0000000174882db1 .text C:\Users\Laure\Desktop\kq8okcvu.exe[1888] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077e900b4 5 bytes JMP 0000000174881ed9 .text C:\Users\Laure\Desktop\kq8okcvu.exe[1888] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 0000000077e901c4 5 bytes JMP 0000000174882301 .text C:\Users\Laure\Desktop\kq8okcvu.exe[1888] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077e9079c 5 bytes JMP 0000000174886c09 .text C:\Users\Laure\Desktop\kq8okcvu.exe[1888] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 0000000077e90814 5 bytes JMP 0000000174882e49 .text C:\Users\Laure\Desktop\kq8okcvu.exe[1888] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077e908a4 5 bytes JMP 0000000174882d19 .text C:\Users\Laure\Desktop\kq8okcvu.exe[1888] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077e90df4 5 bytes JMP 0000000174886581 .text C:\Users\Laure\Desktop\kq8okcvu.exe[1888] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError 0000000077e91604 5 bytes JMP 0000000174884ac9 .text C:\Users\Laure\Desktop\kq8okcvu.exe[1888] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077e91920 5 bytes JMP 0000000174883141 .text C:\Users\Laure\Desktop\kq8okcvu.exe[1888] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077e91be4 5 bytes JMP 0000000174886619 .text C:\Users\Laure\Desktop\kq8okcvu.exe[1888] C:\Windows\SysWOW64\ntdll.dll!NtSuspendProcess 0000000077e91d54 5 bytes JMP 0000000174883439 .text C:\Users\Laure\Desktop\kq8okcvu.exe[1888] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077e91d70 5 bytes JMP 00000001748833a1 .text C:\Users\Laure\Desktop\kq8okcvu.exe[1888] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077e91d8c 5 bytes JMP 0000000174886e69 .text C:\Users\Laure\Desktop\kq8okcvu.exe[1888] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl 0000000077e91ee8 5 bytes JMP 0000000174886a41 .text C:\Users\Laure\Desktop\kq8okcvu.exe[1888] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter 0000000077ea88c4 5 bytes JMP 0000000174881ab1 .text C:\Users\Laure\Desktop\kq8okcvu.exe[1888] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx 0000000077ed0d3b 5 bytes JMP 0000000174882009 .text C:\Users\Laure\Desktop\kq8okcvu.exe[1888] C:\Windows\SysWOW64\ntdll.dll!RtlReportException 0000000077f1860f 5 bytes JMP 0000000174884b61 .text C:\Users\Laure\Desktop\kq8okcvu.exe[1888] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters 0000000077f1e8ab 5 bytes JMP 0000000174881f71 .text C:\Users\Laure\Desktop\kq8okcvu.exe[1888] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA 0000000077520e00 5 bytes JMP 0000000174881da9 .text C:\Users\Laure\Desktop\kq8okcvu.exe[1888] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000077521072 5 bytes JMP 0000000174882a21 .text C:\Users\Laure\Desktop\kq8okcvu.exe[1888] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 000000007752499f 5 bytes JMP 00000001748825f9 .text C:\Users\Laure\Desktop\kq8okcvu.exe[1888] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000077533bbb 5 bytes JMP 0000000174883011 .text C:\Users\Laure\Desktop\kq8okcvu.exe[1888] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot 0000000077547327 5 bytes JMP 0000000174882729 .text C:\Users\Laure\Desktop\kq8okcvu.exe[1888] C:\Windows\syswow64\kernel32.dll!Process32NextW 00000000775488da 5 bytes JMP 0000000174886451 .text C:\Users\Laure\Desktop\kq8okcvu.exe[1888] C:\Windows\syswow64\kernel32.dll!WinExec 00000000775a2ff1 5 bytes JMP 00000001748828f1 .text C:\Users\Laure\Desktop\kq8okcvu.exe[1888] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA 00000000775c748b 5 bytes JMP 00000001748846a1 .text C:\Users\Laure\Desktop\kq8okcvu.exe[1888] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW 00000000775c74ae 5 bytes JMP 00000001748847d1 .text C:\Users\Laure\Desktop\kq8okcvu.exe[1888] C:\Windows\syswow64\kernel32.dll!ReadConsoleA 00000000775c7859 5 bytes JMP 0000000174884901 .text C:\Users\Laure\Desktop\kq8okcvu.exe[1888] C:\Windows\syswow64\kernel32.dll!ReadConsoleW 00000000775c78d2 5 bytes JMP 0000000174884a31 .text C:\Users\Laure\Desktop\kq8okcvu.exe[1888] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime 0000000075a58f8d 5 bytes JMP 0000000174881a19 .text C:\Users\Laure\Desktop\kq8okcvu.exe[1888] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle 0000000075a5c436 5 bytes JMP 0000000174883b59 .text C:\Users\Laure\Desktop\kq8okcvu.exe[1888] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 0000000075a5eca6 5 bytes JMP 0000000174883601 .text C:\Users\Laure\Desktop\kq8okcvu.exe[1888] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess 0000000075a5f206 5 bytes JMP 0000000174882399 .text C:\Users\Laure\Desktop\kq8okcvu.exe[1888] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW 0000000075a5fa89 5 bytes JMP 0000000174881e41 .text C:\Users\Laure\Desktop\kq8okcvu.exe[1888] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW 0000000075a61358 5 bytes JMP 0000000174883ac1 .text C:\Users\Laure\Desktop\kq8okcvu.exe[1888] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 0000000075a6137f 5 bytes JMP 0000000174883a29 .text C:\Users\Laure\Desktop\kq8okcvu.exe[1888] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075a61d29 5 bytes JMP 0000000174881981 .text C:\Users\Laure\Desktop\kq8okcvu.exe[1888] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress 0000000075a61e15 5 bytes JMP 00000001748824c9 .text C:\Users\Laure\Desktop\kq8okcvu.exe[1888] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075a62ab1 5 bytes JMP 0000000174886029 .text C:\Users\Laure\Desktop\kq8okcvu.exe[1888] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA 0000000075a62cd9 5 bytes JMP 0000000174885f91 .text C:\Users\Laure\Desktop\kq8okcvu.exe[1888] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075a62d17 5 bytes JMP 00000001748860c1 .text C:\Users\Laure\Desktop\kq8okcvu.exe[1888] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA 0000000075a62e7a 5 bytes JMP 00000001748818e9 .text C:\Users\Laure\Desktop\kq8okcvu.exe[1888] C:\Windows\syswow64\KERNELBASE.dll!SleepEx 0000000075a63b70 5 bytes JMP 0000000174882269 .text C:\Users\Laure\Desktop\kq8okcvu.exe[1888] C:\Windows\syswow64\KERNELBASE.dll!Sleep 0000000075a64496 5 bytes JMP 0000000174882431 .text C:\Users\Laure\Desktop\kq8okcvu.exe[1888] C:\Windows\syswow64\KERNELBASE.dll!CreateThread 0000000075a64608 5 bytes JMP 0000000174883569 .text C:\Users\Laure\Desktop\kq8okcvu.exe[1888] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread 0000000075a64631 5 bytes JMP 0000000174882c81 .text C:\Users\Laure\Desktop\kq8okcvu.exe[1888] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA 0000000075a6c734 5 bytes JMP 00000001748827c1 .text C:\Users\Laure\Desktop\kq8okcvu.exe[1888] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceW 000000007737c9ec 5 bytes JMP 0000000174883c89 .text C:\Users\Laure\Desktop\kq8okcvu.exe[1888] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceA 0000000077382b70 5 bytes JMP 0000000174883bf1 .text C:\Users\Laure\Desktop\kq8okcvu.exe[1888] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle 000000007738361c 5 bytes JMP 00000001748840b1 .text C:\Users\Laure\Desktop\kq8okcvu.exe[1888] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA + 222 0000000077384965 5 bytes JMP 0000000174886f01 .text C:\Users\Laure\Desktop\kq8okcvu.exe[1888] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 00000000773970c4 5 bytes JMP 0000000174884311 .text C:\Users\Laure\Desktop\kq8okcvu.exe[1888] C:\Windows\syswow64\ADVAPI32.dll!ControlService 00000000773970dc 5 bytes JMP 0000000174883e51 .text C:\Users\Laure\Desktop\kq8okcvu.exe[1888] C:\Windows\syswow64\ADVAPI32.dll!DeleteService 00000000773970f4 5 bytes JMP 0000000174883ee9 .text C:\Users\Laure\Desktop\kq8okcvu.exe[1888] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA 00000000773b31f4 5 bytes JMP 0000000174883f81 .text C:\Users\Laure\Desktop\kq8okcvu.exe[1888] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW 00000000773b3204 5 bytes JMP 0000000174884019 .text C:\Users\Laure\Desktop\kq8okcvu.exe[1888] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA 00000000773b3214 5 bytes JMP 0000000174883d21 .text C:\Users\Laure\Desktop\kq8okcvu.exe[1888] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExW 00000000773b3224 5 bytes JMP 0000000174883db9 .text C:\Users\Laure\Desktop\kq8okcvu.exe[1888] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 00000000773b3264 5 bytes JMP 0000000174884279 .text C:\Users\Laure\Desktop\kq8okcvu.exe[1888] C:\Windows\syswow64\msvcrt.dll!_lock + 41 000000007605a472 5 bytes JMP 0000000174886f99 .text C:\Users\Laure\Desktop\kq8okcvu.exe[1888] C:\Windows\syswow64\msvcrt.dll!__p__fmode 00000000760627ce 5 bytes JMP 0000000174881be1 .text C:\Users\Laure\Desktop\kq8okcvu.exe[1888] C:\Windows\syswow64\msvcrt.dll!__p__environ 000000007606e6cf 5 bytes JMP 0000000174881b49 .text C:\Users\Laure\Desktop\kq8okcvu.exe[1888] C:\Windows\syswow64\USER32.dll!GetMessageW 00000000774278e2 5 bytes JMP 0000000174884441 .text C:\Users\Laure\Desktop\kq8okcvu.exe[1888] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000077427bd3 5 bytes JMP 00000001748843a9 .text C:\Users\Laure\Desktop\kq8okcvu.exe[1888] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000077428a29 5 bytes JMP 00000001748857d9 .text C:\Users\Laure\Desktop\kq8okcvu.exe[1888] C:\Windows\syswow64\USER32.dll!FindWindowW 00000000774298fd 5 bytes JMP 0000000174886289 .text C:\Users\Laure\Desktop\kq8okcvu.exe[1888] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize 000000007742b6ed 5 bytes JMP 0000000174887031 .text C:\Users\Laure\Desktop\kq8okcvu.exe[1888] C:\Windows\syswow64\USER32.dll!CreateWindowExA 000000007742d22e 5 bytes JMP 0000000174885871 .text C:\Users\Laure\Desktop\kq8okcvu.exe[1888] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007742ee09 5 bytes JMP 00000001748834d1 .text C:\Users\Laure\Desktop\kq8okcvu.exe[1888] C:\Windows\syswow64\USER32.dll!FindWindowA 000000007742ffe6 5 bytes JMP 0000000174886159 .text C:\Users\Laure\Desktop\kq8okcvu.exe[1888] C:\Windows\syswow64\USER32.dll!FindWindowExA 00000000774300d9 5 bytes JMP 00000001748861f1 .text C:\Users\Laure\Desktop\kq8okcvu.exe[1888] C:\Windows\syswow64\USER32.dll!PeekMessageW 00000000774305ba 5 bytes JMP 0000000174884571 .text C:\Users\Laure\Desktop\kq8okcvu.exe[1888] C:\Windows\syswow64\USER32.dll!ShowWindow 0000000077430dfb 5 bytes JMP 0000000174885909 .text C:\Users\Laure\Desktop\kq8okcvu.exe[1888] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000774312a5 5 bytes JMP 0000000174886b71 .text C:\Users\Laure\Desktop\kq8okcvu.exe[1888] C:\Windows\syswow64\USER32.dll!SetWindowTextW 00000000774320ec 5 bytes JMP 0000000174885c99 .text C:\Users\Laure\Desktop\kq8okcvu.exe[1888] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000077433baa 5 bytes JMP 0000000174886ad9 .text C:\Users\Laure\Desktop\kq8okcvu.exe[1888] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000077435f74 5 bytes JMP 00000001748844d9 .text C:\Users\Laure\Desktop\kq8okcvu.exe[1888] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000077436285 5 bytes JMP 0000000174884bf9 .text C:\Users\Laure\Desktop\kq8okcvu.exe[1888] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000077437603 5 bytes JMP 0000000174882be9 .text C:\Users\Laure\Desktop\kq8okcvu.exe[1888] C:\Windows\syswow64\USER32.dll!SetWindowTextA 0000000077437aee 5 bytes JMP 0000000174885c01 .text C:\Users\Laure\Desktop\kq8okcvu.exe[1888] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007743835c 5 bytes JMP 0000000174882b51 .text C:\Users\Laure\Desktop\kq8okcvu.exe[1888] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamAorW 000000007744ce54 5 bytes JMP 0000000174885a39 .text C:\Users\Laure\Desktop\kq8okcvu.exe[1888] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007744f52b 5 bytes JMP 0000000174884c91 .text C:\Users\Laure\Desktop\kq8okcvu.exe[1888] C:\Windows\syswow64\USER32.dll!FindWindowExW 000000007744f588 5 bytes JMP 0000000174886321 .text C:\Users\Laure\Desktop\kq8okcvu.exe[1888] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamAorW 00000000774510a0 5 bytes JMP 00000001748859a1 .text C:\Users\Laure\Desktop\kq8okcvu.exe[1888] C:\Windows\syswow64\USER32.dll!MessageBoxExA 000000007747fcd6 5 bytes JMP 0000000174885ad1 .text C:\Users\Laure\Desktop\kq8okcvu.exe[1888] C:\Windows\syswow64\USER32.dll!MessageBoxExW 000000007747fcfa 5 bytes JMP 0000000174885b69 ---- Threads - GMER 2.1 ---- Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4092:4836] 0000000077797587 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4092:4880] 00000000745c7712 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4092:4884] 0000000077ec2e65 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4092:2520] 0000000077ec3e85 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4092:4240] 0000000077ec3e85 Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4092:4784] 0000000077ec3e85 ---- Processes - GMER 2.1 ---- Library \\?\C:\Program Files\Common Files\Bitdefender\Bitdefender Threat Scanner\trufos.dll (*** suspicious ***) @ C:\Program Files\Bitdefender\Bitdefender\vsserv.exe [808] (FILE NOT FOUND) 000007fefc6d0000 Library \\?\C:\Program Files\Bitdefender\Bitdefender\bdnc.dll (*** suspicious ***) @ C:\Program Files\Bitdefender\Bitdefender\vsserv.exe [808] (FILE NOT FOUND) 000007fefc380000 ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ----