fbe66

Voici la suite de l'analyse GMER postée précédemment : .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 000007fdb9a32c60 6 bytes [48, B8, 49, E0, BA, 5A] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 000007fdb9a32c68 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000007fdb9a32cd0 6 bytes [48, B8, 49, C4, BA, 5A] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 000007fdb9a32cd8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000007fdb9a32da0 6 bytes [48, B8, 09, B1, BA, 5A] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 000007fdb9a32da8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fdb9a32e40 6 bytes [48, B8, C9, 2D, BA, 5A] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 000007fdb9a32e48 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000007fdb9a32e60 6 bytes [48, B8, C9, 18, BA, 5A] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000007fdb9a32e68 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000007fdb9a32e80 6 bytes [48, B8, 89, 1A, BA, 5A] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 000007fdb9a32e88 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fdb9a32ea0 6 bytes [48, B8, 49, AF, BA, 5A] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 000007fdb9a32ea8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fdb9a32f50 6 bytes [48, B8, C9, DC, BA, 5A] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 000007fdb9a32f58 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fdb9a32f80 6 bytes [48, B8, 49, 2A, BA, 5A] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 000007fdb9a32f88 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fdb9a32fa0 6 bytes [48, B8, 49, 31, BA, 5A] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 000007fdb9a32fa8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000007fdb9a33030 6 bytes [48, B8, 89, 2F, BA, 5A] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 000007fdb9a33038 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fdb9a33080 6 bytes [48, B8, 09, E2, BA, 5A] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 000007fdb9a33088 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 000007fdb9a330b0 6 bytes [48, B8, C9, 26, BA, 5A] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 000007fdb9a330b8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fdb9a330c0 6 bytes [48, B8, 49, 23, BA, 5A] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 000007fdb9a330c8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000007fdb9a33130 6 bytes [48, B8, 89, DE, BA, 5A] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000007fdb9a33138 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000007fdb9a331e1 6 bytes [48, B8, 89, E5, BA, 5A] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 000007fdb9a331e9 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fdb9a33641 6 bytes [48, B8, 09, DB, BA, 5A] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 000007fdb9a33649 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 000007fdb9a33691 6 bytes [48, B8, 09, 25, BA, 5A] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 000007fdb9a33699 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fdb9a336f1 6 bytes [48, B8, 89, 21, BA, 5A] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 000007fdb9a336f9 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fdb9a33ae1 6 bytes [48, B8, 09, C6, BA, 5A] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 000007fdb9a33ae9 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 000007fdb9a34041 6 bytes [48, B8, 09, 72, BA, 5A] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 000007fdb9a34049 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fdb9a34251 6 bytes [48, B8, 09, 2C, BA, 5A] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 000007fdb9a34259 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fdb9a34431 6 bytes [48, B8, C9, C7, BA, 5A] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 000007fdb9a34439 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fdb9a34541 6 bytes [48, B8, C9, E3, BA, 5A] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 000007fdb9a34549 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fdb9a34651 6 bytes [48, B8, C9, D5, BA, 5A] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 000007fdb9a34659 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 000007fdb9a55bd1 11 bytes [b8, C9, 5E, BA, 5A, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 000007fdb9af3be1 11 bytes [b8, C9, 73, BA, 5A, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\system32\KERNEL32.DLL!GetStartupInfoA + 1 000007fdb8a1d9bd 11 bytes [b8, 09, D4, BA, 5A, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\system32\KERNEL32.DLL!CreateToolhelp32Snapshot 000007fdb8a24260 12 bytes [48, B8, C9, 34, BA, 5A, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\system32\KERNEL32.DLL!Process32NextW 000007fdb8a24814 12 bytes [48, B8, 89, C2, BA, 5A, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\system32\KERNELBASE.dll!CloseHandle 000007fdb6b91580 12 bytes [48, B8, 09, 48, BA, 5A, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fdb6b928e9 11 bytes [b8, 49, B6, BA, 5A, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\system32\KERNELBASE.dll!CreateMutexW + 1 000007fdb6b93411 11 bytes [b8, 49, 46, BA, 5A, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fdb6b94541 11 bytes [b8, 09, B8, BA, 5A, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\system32\KERNELBASE.dll!CreateProcessInternalW 000007fdb6b9b970 12 bytes [48, B8, 89, 28, BA, 5A, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fdb6baf590 12 bytes [48, B8, 89, B4, BA, 5A, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fdb6baf679 11 bytes [b8, C9, B2, BA, 5A, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fdb6bbb6dd 11 bytes [b8, 89, 44, BA, 5A, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory + 1 000007fdb6bf5c01 11 bytes [b8, 49, 38, BA, 5A, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputW + 1 000007fdb6c2b2ed 11 bytes [b8, C9, 6C, BA, 5A, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputA + 1 000007fdb6c2b30d 11 bytes [b8, 09, 6B, BA, 5A, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\system32\KERNELBASE.dll!ReadConsoleW 000007fdb6c2bcc0 12 bytes [48, B8, 49, 70, BA, 5A, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\system32\KERNELBASE.dll!ReadConsoleA 000007fdb6c2bd08 12 bytes [48, B8, 89, 6E, BA, 5A, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread 000007fdb6c3720c 12 bytes [48, B8, C9, 1F, BA, 5A, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\system32\KERNELBASE.dll!CreateThread 000007fdb6c37250 12 bytes [48, B8, 89, 36, BA, 5A, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\system32\USER32.dll!PeekMessageW + 1 000007fdb8b510c1 11 bytes [b8, 49, 69, BA, 5A, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\system32\USER32.dll!CallNextHookEx + 1 000007fdb8b51881 11 bytes [b8, 89, 75, BA, 5A, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\system32\USER32.dll!GetMessageW 000007fdb8b51ed0 12 bytes [48, B8, C9, 65, BA, 5A, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx 000007fdb8b52120 6 bytes [48, B8, 49, 77, BA, 5A] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx + 8 000007fdb8b52128 4 bytes [00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\system32\USER32.dll!PostMessageW + 1 000007fdb8b524a1 11 bytes [b8, 49, D9, BA, 5A, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\system32\USER32.dll!PeekMessageA + 1 000007fdb8b55571 11 bytes [b8, 89, 67, BA, 5A, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\system32\USER32.dll!GetMessageA 000007fdb8b55720 12 bytes [48, B8, 09, 64, BA, 5A, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\system32\USER32.dll!UserClientDllInitialize + 1 000007fdb8b557b1 11 bytes [b8, 49, E7, BA, 5A, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\system32\USER32.dll!SetWindowTextW 000007fdb8b57430 12 bytes [48, B8, 89, A6, BA, 5A, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\system32\USER32.dll!FindWindowW 000007fdb8b5b160 12 bytes [48, B8, 49, BD, BA, 5A, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\system32\USER32.dll!SetWindowsHookExW 000007fdb8b5bee0 12 bytes [48, B8, 09, 1E, BA, 5A, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\system32\USER32.dll!CreateWindowExW + 1 000007fdb8b5c5b1 5 bytes [b8, 89, 98, BA, 5A] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\system32\USER32.dll!CreateWindowExW + 7 000007fdb8b5c5b7 5 bytes [00, 00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\system32\USER32.dll!PostMessageA + 1 000007fdb8b65061 11 bytes [b8, 89, D7, BA, 5A, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\system32\USER32.dll!CreateWindowExA + 1 000007fdb8b66261 5 bytes [b8, 49, 9A, BA, 5A] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\system32\USER32.dll!CreateWindowExA + 7 000007fdb8b66267 5 bytes [00, 00, 00, 50, C3] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\system32\USER32.dll!FindWindowExW 000007fdb8b685c0 12 bytes [48, B8, 09, BF, BA, 5A, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\system32\USER32.dll!FindWindowExA + 1 000007fdb8b68aa1 11 bytes [b8, 89, BB, BA, 5A, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\system32\USER32.dll!CreateDialogIndirectParamAorW + 1 000007fdb8b6da61 11 bytes [b8, C9, 9D, BA, 5A, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\system32\USER32.dll!DialogBoxIndirectParamAorW + 1 000007fdb8b7b8e1 11 bytes [b8, 89, 9F, BA, 5A, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\system32\USER32.dll!SetWindowsHookExA + 1 000007fdb8b81851 8 bytes [b8, 49, 1C, BA, 5A, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\system32\USER32.dll!SetWindowsHookExA + 10 000007fdb8b8185a 2 bytes [50, C3] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\system32\USER32.dll!MessageBoxExW + 1 000007fdb8bc02ed 11 bytes [b8, 09, A3, BA, 5A, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\system32\USER32.dll!MessageBoxExA + 1 000007fdb8bc0311 11 bytes [b8, 49, A1, BA, 5A, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\system32\USER32.dll!SetWindowTextA + 1 000007fdb8bc8211 11 bytes [b8, C9, A4, BA, 5A, 00, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fdb13d1532 4 bytes [3D, B1, FD, 07] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fdb13d153a 4 bytes [3D, B1, FD, 07] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fdb13d165a 4 bytes [3D, B1, FD, 07] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fdb73ad138 12 bytes [48, B8, 49, 62, BA, 5A, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fdb73ad1c0 12 bytes [48, B8, 89, 60, BA, 5A, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW 000007fdb73ad350 12 bytes [48, B8, 09, 56, BA, 5A, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007fdb73ad3e8 12 bytes [48, B8, 49, 54, BA, 5A, 00, ...] .text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\system32\SHELL32.dll!Shell_NotifyIconW + 1 000007fdb75dd181 11 bytes [b8, 09, 79, BA, 5A, 00, 00, ...] .text C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe[3800] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fdb9a32ea0 6 bytes [48, B8, 30, 08, 12, 03] .text C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe[3800] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 000007fdb9a32ea8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe[3800] C:\Windows\system32\KERNEL32.DLL!UnhandledExceptionFilter + 1 000007fdb8ad4695 5 bytes [b8, 30, 08, 35, 03] .text C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe[3800] C:\Windows\system32\KERNEL32.DLL!UnhandledExceptionFilter + 7 000007fdb8ad469b 5 bytes [00, 00, 00, 50, C3] .text C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe[3800] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fdb91d177a 4 bytes [1D, B9, FD, 07] .text C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe[3800] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fdb91d1782 4 bytes [1D, B9, FD, 07] .text C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe[4024] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fdb9a32ea0 6 bytes [48, B8, 30, 08, FF, 02] .text C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe[4024] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 000007fdb9a32ea8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe[4024] C:\Windows\system32\KERNEL32.DLL!UnhandledExceptionFilter + 1 000007fdb8ad4695 5 bytes [b8, 30, 08, EF, 02] .text C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe[4024] C:\Windows\system32\KERNEL32.DLL!UnhandledExceptionFilter + 7 000007fdb8ad469b 5 bytes [00, 00, 00, 50, C3] .text C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe[4024] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fdb91d177a 4 bytes [1D, B9, FD, 07] .text C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe[4024] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fdb91d1782 4 bytes [1D, B9, FD, 07] .text C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe[3304] C:\Windows\system32\USER32.dll!PeekMessageW + 1 000007fdb8b510c1 11 bytes [b8, 49, 69, BA, 5A, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe[3304] C:\Windows\system32\USER32.dll!CallNextHookEx + 1 000007fdb8b51881 11 bytes [b8, 89, 75, BA, 5A, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe[3304] C:\Windows\system32\USER32.dll!GetMessageW 000007fdb8b51ed0 12 bytes [48, B8, C9, 65, BA, 5A, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe[3304] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx 000007fdb8b52120 6 bytes [48, B8, 49, 77, BA, 5A] .text C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe[3304] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx + 8 000007fdb8b52128 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe[3304] C:\Windows\system32\USER32.dll!PostMessageW + 1 000007fdb8b524a1 11 bytes [b8, 49, D9, BA, 5A, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe[3304] C:\Windows\system32\USER32.dll!PeekMessageA + 1 000007fdb8b55571 11 bytes [b8, 89, 67, BA, 5A, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe[3304] C:\Windows\system32\USER32.dll!GetMessageA 000007fdb8b55720 12 bytes [48, B8, 09, 64, BA, 5A, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe[3304] C:\Windows\system32\USER32.dll!UserClientDllInitialize + 1 000007fdb8b557b1 11 bytes [b8, 49, E7, BA, 5A, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe[3304] C:\Windows\system32\USER32.dll!SetWindowTextW 000007fdb8b57430 12 bytes [48, B8, 89, A6, BA, 5A, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe[3304] C:\Windows\system32\USER32.dll!FindWindowW 000007fdb8b5b160 12 bytes [48, B8, 49, BD, BA, 5A, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe[3304] C:\Windows\system32\USER32.dll!SetWindowsHookExW 000007fdb8b5bee0 12 bytes [48, B8, 09, 1E, BA, 5A, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe[3304] C:\Windows\system32\USER32.dll!CreateWindowExW + 1 000007fdb8b5c5b1 5 bytes [b8, 89, 98, BA, 5A] .text C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe[3304] C:\Windows\system32\USER32.dll!CreateWindowExW + 7 000007fdb8b5c5b7 5 bytes [00, 00, 00, 50, C3] .text C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe[3304] C:\Windows\system32\USER32.dll!PostMessageA + 1 000007fdb8b65061 11 bytes [b8, 89, D7, BA, 5A, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe[3304] C:\Windows\system32\USER32.dll!CreateWindowExA + 1 000007fdb8b66261 5 bytes [b8, 49, 9A, BA, 5A] .text C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe[3304] C:\Windows\system32\USER32.dll!CreateWindowExA + 7 000007fdb8b66267 5 bytes [00, 00, 00, 50, C3] .text C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe[3304] C:\Windows\system32\USER32.dll!FindWindowExW 000007fdb8b685c0 12 bytes [48, B8, 09, BF, BA, 5A, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe[3304] C:\Windows\system32\USER32.dll!FindWindowExA + 1 000007fdb8b68aa1 11 bytes [b8, 89, BB, BA, 5A, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe[3304] C:\Windows\system32\USER32.dll!CreateDialogIndirectParamAorW + 1 000007fdb8b6da61 11 bytes [b8, C9, 9D, BA, 5A, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe[3304] C:\Windows\system32\USER32.dll!DialogBoxIndirectParamAorW + 1 000007fdb8b7b8e1 11 bytes [b8, 89, 9F, BA, 5A, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe[3304] C:\Windows\system32\USER32.dll!SetWindowsHookExA + 1 000007fdb8b81851 8 bytes [b8, 49, 1C, BA, 5A, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe[3304] C:\Windows\system32\USER32.dll!SetWindowsHookExA + 10 000007fdb8b8185a 2 bytes [50, C3] .text C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe[3304] C:\Windows\system32\USER32.dll!MessageBoxExW + 1 000007fdb8bc02ed 11 bytes [b8, 09, A3, BA, 5A, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe[3304] C:\Windows\system32\USER32.dll!MessageBoxExA + 1 000007fdb8bc0311 11 bytes [b8, 49, A1, BA, 5A, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe[3304] C:\Windows\system32\USER32.dll!SetWindowTextA + 1 000007fdb8bc8211 11 bytes [b8, C9, A4, BA, 5A, 00, 00, ...] ---- Modules - GMER 2.1 ---- Module \??\C:\Users\UTILIS~1\AppData\Local\Temp\fwldypob.sys (GMER) fffff8800ae00000-fffff8800ae10000 (65536 bytes) ---- Threads - GMER 2.1 ---- Thread C:\Windows\system32\svchost.exe [1200:5952] 000007fdaff65c38 Thread C:\Windows\system32\svchost.exe [1200:4920] 000007fdad4110f0 Thread C:\Windows\system32\svchost.exe [1980:3340] 000007fda86d1544 Thread C:\Windows\system32\svchost.exe [1980:3348] 000007fda86b55dc Thread C:\Windows\system32\svchost.exe [1980:3988] 000007fda3224910 Thread C:\Windows\system32\svchost.exe [1980:5388] 000007fda3221044 Thread C:\Windows\system32\csrss.exe [4008:4612] fffff960009bf5e8 ---- Processes - GMER 2.1 ---- Library C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\mso.dll (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE [2024] 000000006c640000 Library C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\csi.dll (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE [2024] 0000000066af0000 Library C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\ACEOLEDB.DLL (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE [2024] 0000000060ee0000 ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ---- Merci encore à tous Franck

Bonjour à tous, Je suis à la recherche de logiciels Espions sur mon ordi, et ai donc utilisé GMER... Mais le résultat est assez Hallucinant. Voici le contenu présent dans l'onglet Rootkit/Malware... Pour info l'ordi a à peine 2 mois... Merci à tous de votre aide ... GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-03-14 12:02:43 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000003a ST1000LM024_HN-M101MBB rev.2AR20002 931,51GB Running: gmer.exe; Driver: C:\Users\UTILIS~1\AppData\Local\Temp\fwldypob.sys ---- User code sections - GMER 2.1 ---- .text C:\Windows\System32\svchost.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 000007fdb9a32c60 6 bytes [48, B8, 09, DB, 30, 5C] .text C:\Windows\System32\svchost.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 000007fdb9a32c68 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000007fdb9a32cd0 6 bytes [48, B8, 49, C4, 30, 5C] .text C:\Windows\System32\svchost.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 000007fdb9a32cd8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000007fdb9a32da0 6 bytes [48, B8, 09, B1, 30, 5C] .text C:\Windows\System32\svchost.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 000007fdb9a32da8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fdb9a32e40 6 bytes [48, B8, C9, 2D, 30, 5C] .text C:\Windows\System32\svchost.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 000007fdb9a32e48 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000007fdb9a32e60 6 bytes [48, B8, C9, 18, 30, 5C] .text C:\Windows\System32\svchost.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000007fdb9a32e68 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000007fdb9a32e80 6 bytes [48, B8, 89, 1A, 30, 5C] .text C:\Windows\System32\svchost.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 000007fdb9a32e88 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fdb9a32ea0 6 bytes [48, B8, 49, AF, 30, 5C] .text C:\Windows\System32\svchost.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 000007fdb9a32ea8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fdb9a32f50 6 bytes [48, B8, 89, D7, 30, 5C] .text C:\Windows\System32\svchost.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 000007fdb9a32f58 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fdb9a32f80 6 bytes [48, B8, 49, 2A, 30, 5C] .text C:\Windows\System32\svchost.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 000007fdb9a32f88 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fdb9a32fa0 6 bytes [48, B8, 49, 31, 30, 5C] .text C:\Windows\System32\svchost.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 000007fdb9a32fa8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000007fdb9a33030 6 bytes [48, B8, 89, 2F, 30, 5C] .text C:\Windows\System32\svchost.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 000007fdb9a33038 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fdb9a33080 6 bytes [48, B8, C9, DC, 30, 5C] .text C:\Windows\System32\svchost.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 000007fdb9a33088 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 000007fdb9a330b0 6 bytes [48, B8, C9, 26, 30, 5C] .text C:\Windows\System32\svchost.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 000007fdb9a330b8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fdb9a330c0 6 bytes [48, B8, 49, 23, 30, 5C] .text C:\Windows\System32\svchost.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 000007fdb9a330c8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000007fdb9a33130 6 bytes [48, B8, 49, D9, 30, 5C] .text C:\Windows\System32\svchost.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000007fdb9a33138 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000007fdb9a331e1 6 bytes [48, B8, 49, E0, 30, 5C] .text C:\Windows\System32\svchost.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 000007fdb9a331e9 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fdb9a33641 6 bytes [48, B8, C9, D5, 30, 5C] .text C:\Windows\System32\svchost.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 000007fdb9a33649 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 000007fdb9a33691 6 bytes [48, B8, 09, 25, 30, 5C] .text C:\Windows\System32\svchost.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 000007fdb9a33699 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fdb9a336f1 6 bytes [48, B8, 89, 21, 30, 5C] .text C:\Windows\System32\svchost.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 000007fdb9a336f9 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fdb9a33ae1 6 bytes [48, B8, 09, C6, 30, 5C] .text C:\Windows\System32\svchost.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 000007fdb9a33ae9 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 000007fdb9a34041 6 bytes [48, B8, 09, 72, 30, 5C] .text C:\Windows\System32\svchost.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 000007fdb9a34049 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fdb9a34251 6 bytes [48, B8, 09, 2C, 30, 5C] .text C:\Windows\System32\svchost.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 000007fdb9a34259 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fdb9a34431 6 bytes [48, B8, C9, C7, 30, 5C] .text C:\Windows\System32\svchost.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 000007fdb9a34439 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fdb9a34541 6 bytes [48, B8, 89, DE, 30, 5C] .text C:\Windows\System32\svchost.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 000007fdb9a34549 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 000007fdb9a55bd1 11 bytes [b8, C9, 5E, 30, 5C, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 000007fdb9af3be1 11 bytes [b8, C9, 73, 30, 5C, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1384] C:\Windows\system32\KERNEL32.DLL!GetStartupInfoA + 1 000007fdb8a1d9bd 11 bytes [b8, 09, D4, 30, 5C, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1384] C:\Windows\system32\KERNEL32.DLL!CreateToolhelp32Snapshot 000007fdb8a24260 12 bytes [48, B8, C9, 34, 30, 5C, 00, ...] .text C:\Windows\System32\svchost.exe[1384] C:\Windows\system32\KERNEL32.DLL!Process32NextW 000007fdb8a24814 12 bytes [48, B8, 89, C2, 30, 5C, 00, ...] .text C:\Windows\System32\svchost.exe[1384] C:\Windows\system32\KERNELBASE.dll!CloseHandle 000007fdb6b91580 12 bytes [48, B8, 09, 48, 30, 5C, 00, ...] .text C:\Windows\System32\svchost.exe[1384] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fdb6b928e9 11 bytes [b8, 49, B6, 30, 5C, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1384] C:\Windows\system32\KERNELBASE.dll!CreateMutexW + 1 000007fdb6b93411 11 bytes [b8, 49, 46, 30, 5C, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1384] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fdb6b94541 11 bytes [b8, 09, B8, 30, 5C, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1384] C:\Windows\system32\KERNELBASE.dll!CreateProcessInternalW 000007fdb6b9b970 12 bytes [48, B8, 89, 28, 30, 5C, 00, ...] .text C:\Windows\System32\svchost.exe[1384] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fdb6baf590 12 bytes [48, B8, 89, B4, 30, 5C, 00, ...] .text C:\Windows\System32\svchost.exe[1384] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fdb6baf679 11 bytes [b8, C9, B2, 30, 5C, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1384] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fdb6bbb6dd 11 bytes [b8, 89, 44, 30, 5C, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1384] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory + 1 000007fdb6bf5c01 11 bytes [b8, 49, 38, 30, 5C, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1384] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputW + 1 000007fdb6c2b2ed 11 bytes [b8, C9, 6C, 30, 5C, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1384] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputA + 1 000007fdb6c2b30d 11 bytes [b8, 09, 6B, 30, 5C, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1384] C:\Windows\system32\KERNELBASE.dll!ReadConsoleW 000007fdb6c2bcc0 12 bytes [48, B8, 49, 70, 30, 5C, 00, ...] .text C:\Windows\System32\svchost.exe[1384] C:\Windows\system32\KERNELBASE.dll!ReadConsoleA 000007fdb6c2bd08 12 bytes [48, B8, 89, 6E, 30, 5C, 00, ...] .text C:\Windows\System32\svchost.exe[1384] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread 000007fdb6c3720c 12 bytes [48, B8, C9, 1F, 30, 5C, 00, ...] .text C:\Windows\System32\svchost.exe[1384] C:\Windows\system32\KERNELBASE.dll!CreateThread 000007fdb6c37250 12 bytes [48, B8, 89, 36, 30, 5C, 00, ...] .text C:\Windows\System32\svchost.exe[1384] C:\Windows\SYSTEM32\user32.dll!PeekMessageW + 1 000007fdb8b510c1 11 bytes [b8, 49, 69, 30, 5C, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1384] C:\Windows\SYSTEM32\user32.dll!CallNextHookEx + 1 000007fdb8b51881 11 bytes [b8, 89, 75, 30, 5C, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1384] C:\Windows\SYSTEM32\user32.dll!GetMessageW 000007fdb8b51ed0 12 bytes [48, B8, C9, 65, 30, 5C, 00, ...] .text C:\Windows\System32\svchost.exe[1384] C:\Windows\SYSTEM32\user32.dll!UnhookWindowsHookEx 000007fdb8b52120 6 bytes [48, B8, 49, 77, 30, 5C] .text C:\Windows\System32\svchost.exe[1384] C:\Windows\SYSTEM32\user32.dll!UnhookWindowsHookEx + 8 000007fdb8b52128 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1384] C:\Windows\SYSTEM32\user32.dll!PeekMessageA + 1 000007fdb8b55571 11 bytes [b8, 89, 67, 30, 5C, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1384] C:\Windows\SYSTEM32\user32.dll!GetMessageA 000007fdb8b55720 12 bytes [48, B8, 09, 64, 30, 5C, 00, ...] .text C:\Windows\System32\svchost.exe[1384] C:\Windows\SYSTEM32\user32.dll!UserClientDllInitialize + 1 000007fdb8b557b1 11 bytes [b8, 09, E2, 30, 5C, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1384] C:\Windows\SYSTEM32\user32.dll!SetWindowTextW 000007fdb8b57430 12 bytes [48, B8, 89, A6, 30, 5C, 00, ...] .text C:\Windows\System32\svchost.exe[1384] C:\Windows\SYSTEM32\user32.dll!FindWindowW 000007fdb8b5b160 12 bytes [48, B8, 49, BD, 30, 5C, 00, ...] .text C:\Windows\System32\svchost.exe[1384] C:\Windows\SYSTEM32\user32.dll!SetWindowsHookExW 000007fdb8b5bee0 12 bytes [48, B8, 09, 1E, 30, 5C, 00, ...] .text C:\Windows\System32\svchost.exe[1384] C:\Windows\SYSTEM32\user32.dll!CreateWindowExW + 1 000007fdb8b5c5b1 5 bytes [b8, 89, 98, 30, 5C] .text C:\Windows\System32\svchost.exe[1384] C:\Windows\SYSTEM32\user32.dll!CreateWindowExW + 7 000007fdb8b5c5b7 5 bytes [00, 00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1384] C:\Windows\SYSTEM32\user32.dll!CreateWindowExA + 1 000007fdb8b66261 5 bytes [b8, 49, 9A, 30, 5C] .text C:\Windows\System32\svchost.exe[1384] C:\Windows\SYSTEM32\user32.dll!CreateWindowExA + 7 000007fdb8b66267 5 bytes [00, 00, 00, 50, C3] .text C:\Windows\System32\svchost.exe[1384] C:\Windows\SYSTEM32\user32.dll!FindWindowExW 000007fdb8b685c0 12 bytes [48, B8, 09, BF, 30, 5C, 00, ...] .text C:\Windows\System32\svchost.exe[1384] C:\Windows\SYSTEM32\user32.dll!FindWindowExA + 1 000007fdb8b68aa1 11 bytes [b8, 89, BB, 30, 5C, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1384] C:\Windows\SYSTEM32\user32.dll!CreateDialogIndirectParamAorW + 1 000007fdb8b6da61 11 bytes [b8, C9, 9D, 30, 5C, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1384] C:\Windows\SYSTEM32\user32.dll!DialogBoxIndirectParamAorW + 1 000007fdb8b7b8e1 11 bytes [b8, 89, 9F, 30, 5C, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1384] C:\Windows\SYSTEM32\user32.dll!SetWindowsHookExA + 1 000007fdb8b81851 8 bytes [b8, 49, 1C, 30, 5C, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1384] C:\Windows\SYSTEM32\user32.dll!SetWindowsHookExA + 10 000007fdb8b8185a 2 bytes [50, C3] .text C:\Windows\System32\svchost.exe[1384] C:\Windows\SYSTEM32\user32.dll!MessageBoxExW + 1 000007fdb8bc02ed 11 bytes [b8, 09, A3, 30, 5C, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1384] C:\Windows\SYSTEM32\user32.dll!MessageBoxExA + 1 000007fdb8bc0311 11 bytes [b8, 49, A1, 30, 5C, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1384] C:\Windows\SYSTEM32\user32.dll!SetWindowTextA + 1 000007fdb8bc8211 11 bytes [b8, C9, A4, 30, 5C, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1384] C:\Windows\system32\WS2_32.dll!closesocket 000007fdb8ce1cd0 10 bytes [48, B8, C9, AB, 30, 5C, 00, ...] .text C:\Windows\System32\svchost.exe[1384] C:\Windows\system32\WS2_32.dll!closesocket + 11 000007fdb8ce1cdb 1 byte [C3] .text C:\Windows\System32\svchost.exe[1384] C:\Windows\system32\WS2_32.dll!recv + 1 000007fdb8ce1f41 11 bytes [b8, C9, CE, 30, 5C, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1384] C:\Windows\system32\WS2_32.dll!WSASocketW 000007fdb8ce24d0 12 bytes [48, B8, 09, AA, 30, 5C, 00, ...] .text C:\Windows\System32\svchost.exe[1384] C:\Windows\system32\WS2_32.dll!socket + 1 000007fdb8ce2a91 11 bytes [b8, 89, C9, 30, 5C, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1384] C:\Windows\system32\WS2_32.dll!send + 1 000007fdb8ce3051 11 bytes [b8, 49, A8, 30, 5C, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1384] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 000007fdb8ce3930 12 bytes [48, B8, 09, 95, 30, 5C, 00, ...] .text C:\Windows\System32\svchost.exe[1384] C:\Windows\system32\WS2_32.dll!connect 000007fdb8ce4940 12 bytes [48, B8, 09, 5D, 30, 5C, 00, ...] .text C:\Windows\System32\svchost.exe[1384] C:\Windows\system32\WS2_32.dll!gethostbyname 000007fdb8cee910 7 bytes [48, B8, C9, 96, 30, 5C, 00] .text C:\Windows\System32\svchost.exe[1384] C:\Windows\system32\WS2_32.dll!gethostbyname + 9 000007fdb8cee919 3 bytes [00, 50, C3] .text C:\Windows\System32\svchost.exe[1384] C:\Windows\system32\WS2_32.dll!WSASend + 1 000007fdb8cf2e81 11 bytes [b8, 89, AD, 30, 5C, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1384] C:\Windows\system32\WS2_32.dll!WSARecv + 1 000007fdb8cf3141 11 bytes [b8, 89, D0, 30, 5C, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1384] C:\Windows\system32\WS2_32.dll!WSAConnect + 1 000007fdb8cf76e1 11 bytes [b8, 09, CD, 30, 5C, 00, 00, ...] .text C:\Windows\System32\svchost.exe[1384] C:\Windows\SYSTEM32\advapi32.dll!CreateServiceW 000007fdb73ad138 12 bytes [48, B8, 49, 62, 30, 5C, 00, ...] .text C:\Windows\System32\svchost.exe[1384] C:\Windows\SYSTEM32\advapi32.dll!CreateServiceA 000007fdb73ad1c0 12 bytes [48, B8, 89, 60, 30, 5C, 00, ...] .text C:\Windows\System32\svchost.exe[1384] C:\Windows\SYSTEM32\advapi32.dll!ChangeServiceConfigW 000007fdb73ad350 12 bytes [48, B8, 09, 56, 30, 5C, 00, ...] .text C:\Windows\System32\svchost.exe[1384] C:\Windows\SYSTEM32\advapi32.dll!ChangeServiceConfigA 000007fdb73ad3e8 12 bytes [48, B8, 49, 54, 30, 5C, 00, ...] .text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 000007fdb9a32c60 6 bytes [48, B8, 49, E0, 30, 5C] .text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 000007fdb9a32c68 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000007fdb9a32cd0 6 bytes [48, B8, 49, C4, 30, 5C] .text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 000007fdb9a32cd8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000007fdb9a32da0 6 bytes [48, B8, 09, B1, 30, 5C] .text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 000007fdb9a32da8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fdb9a32e40 6 bytes [48, B8, C9, 2D, 30, 5C] .text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 000007fdb9a32e48 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000007fdb9a32e60 6 bytes [48, B8, C9, 18, 30, 5C] .text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000007fdb9a32e68 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000007fdb9a32e80 6 bytes [48, B8, 89, 1A, 30, 5C] .text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 000007fdb9a32e88 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fdb9a32ea0 6 bytes [48, B8, 49, AF, 30, 5C] .text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 000007fdb9a32ea8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fdb9a32f50 6 bytes [48, B8, C9, DC, 30, 5C] .text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 000007fdb9a32f58 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fdb9a32f80 6 bytes [48, B8, 49, 2A, 30, 5C] .text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 000007fdb9a32f88 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fdb9a32fa0 6 bytes [48, B8, 49, 31, 30, 5C] .text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 000007fdb9a32fa8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000007fdb9a33030 6 bytes [48, B8, 89, 2F, 30, 5C] .text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 000007fdb9a33038 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fdb9a33080 6 bytes [48, B8, 09, E2, 30, 5C] .text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 000007fdb9a33088 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 000007fdb9a330b0 6 bytes [48, B8, C9, 26, 30, 5C] .text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 000007fdb9a330b8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fdb9a330c0 6 bytes [48, B8, 49, 23, 30, 5C] .text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 000007fdb9a330c8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000007fdb9a33130 6 bytes [48, B8, 89, DE, 30, 5C] .text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000007fdb9a33138 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000007fdb9a331e1 6 bytes [48, B8, 89, E5, 30, 5C] .text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 000007fdb9a331e9 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fdb9a33641 6 bytes [48, B8, 09, DB, 30, 5C] .text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 000007fdb9a33649 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 000007fdb9a33691 6 bytes [48, B8, 09, 25, 30, 5C] .text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 000007fdb9a33699 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fdb9a336f1 6 bytes [48, B8, 89, 21, 30, 5C] .text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 000007fdb9a336f9 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fdb9a33ae1 6 bytes [48, B8, 09, C6, 30, 5C] .text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 000007fdb9a33ae9 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 000007fdb9a34041 6 bytes [48, B8, 09, 72, 30, 5C] .text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 000007fdb9a34049 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fdb9a34251 6 bytes [48, B8, 09, 2C, 30, 5C] .text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 000007fdb9a34259 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fdb9a34431 6 bytes [48, B8, C9, C7, 30, 5C] .text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 000007fdb9a34439 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fdb9a34541 6 bytes [48, B8, C9, E3, 30, 5C] .text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 000007fdb9a34549 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fdb9a34651 6 bytes [48, B8, C9, D5, 30, 5C] .text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 000007fdb9a34659 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 000007fdb9a55bd1 11 bytes [b8, C9, 5E, 30, 5C, 00, 00, ...] .text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 000007fdb9af3be1 11 bytes [b8, C9, 73, 30, 5C, 00, 00, ...] .text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\system32\KERNEL32.DLL!GetStartupInfoA + 1 000007fdb8a1d9bd 11 bytes [b8, 09, D4, 30, 5C, 00, 00, ...] .text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\system32\KERNEL32.DLL!CreateToolhelp32Snapshot 000007fdb8a24260 12 bytes [48, B8, C9, 34, 30, 5C, 00, ...] .text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\system32\KERNEL32.DLL!Process32NextW 000007fdb8a24814 12 bytes [48, B8, 89, C2, 30, 5C, 00, ...] .text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\system32\KERNELBASE.dll!CloseHandle 000007fdb6b91580 12 bytes [48, B8, 09, 48, 30, 5C, 00, ...] .text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fdb6b928e9 11 bytes [b8, 49, B6, 30, 5C, 00, 00, ...] .text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\system32\KERNELBASE.dll!CreateMutexW + 1 000007fdb6b93411 11 bytes [b8, 49, 46, 30, 5C, 00, 00, ...] .text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fdb6b94541 11 bytes [b8, 09, B8, 30, 5C, 00, 00, ...] .text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\system32\KERNELBASE.dll!CreateProcessInternalW 000007fdb6b9b970 12 bytes [48, B8, 89, 28, 30, 5C, 00, ...] .text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fdb6baf590 12 bytes [48, B8, 89, B4, 30, 5C, 00, ...] .text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fdb6baf679 11 bytes [b8, C9, B2, 30, 5C, 00, 00, ...] .text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fdb6bbb6dd 11 bytes [b8, 89, 44, 30, 5C, 00, 00, ...] .text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory + 1 000007fdb6bf5c01 11 bytes [b8, 49, 38, 30, 5C, 00, 00, ...] .text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputW + 1 000007fdb6c2b2ed 11 bytes [b8, C9, 6C, 30, 5C, 00, 00, ...] .text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputA + 1 000007fdb6c2b30d 11 bytes [b8, 09, 6B, 30, 5C, 00, 00, ...] .text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\system32\KERNELBASE.dll!ReadConsoleW 000007fdb6c2bcc0 12 bytes [48, B8, 49, 70, 30, 5C, 00, ...] .text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\system32\KERNELBASE.dll!ReadConsoleA 000007fdb6c2bd08 12 bytes [48, B8, 89, 6E, 30, 5C, 00, ...] .text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread 000007fdb6c3720c 12 bytes [48, B8, C9, 1F, 30, 5C, 00, ...] .text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\system32\KERNELBASE.dll!CreateThread 000007fdb6c37250 12 bytes [48, B8, 89, 36, 30, 5C, 00, ...] .text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\system32\USER32.dll!PeekMessageW + 1 000007fdb8b510c1 11 bytes [b8, 49, 69, 30, 5C, 00, 00, ...] .text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\system32\USER32.dll!CallNextHookEx + 1 000007fdb8b51881 11 bytes [b8, 89, 75, 30, 5C, 00, 00, ...] .text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\system32\USER32.dll!GetMessageW 000007fdb8b51ed0 12 bytes [48, B8, C9, 65, 30, 5C, 00, ...] .text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx 000007fdb8b52120 6 bytes [48, B8, 49, 77, 30, 5C] .text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx + 8 000007fdb8b52128 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\system32\USER32.dll!PostMessageW + 1 000007fdb8b524a1 11 bytes [b8, 49, D9, 30, 5C, 00, 00, ...] .text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\system32\USER32.dll!PeekMessageA + 1 000007fdb8b55571 11 bytes [b8, 89, 67, 30, 5C, 00, 00, ...] .text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\system32\USER32.dll!GetMessageA 000007fdb8b55720 12 bytes [48, B8, 09, 64, 30, 5C, 00, ...] .text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\system32\USER32.dll!UserClientDllInitialize + 1 000007fdb8b557b1 11 bytes [b8, 49, E7, 30, 5C, 00, 00, ...] .text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\system32\USER32.dll!SetWindowTextW 000007fdb8b57430 12 bytes [48, B8, 89, A6, 30, 5C, 00, ...] .text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\system32\USER32.dll!FindWindowW 000007fdb8b5b160 12 bytes [48, B8, 49, BD, 30, 5C, 00, ...] .text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\system32\USER32.dll!SetWindowsHookExW 000007fdb8b5bee0 12 bytes [48, B8, 09, 1E, 30, 5C, 00, ...] .text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\system32\USER32.dll!CreateWindowExW + 1 000007fdb8b5c5b1 5 bytes [b8, 89, 98, 30, 5C] .text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\system32\USER32.dll!CreateWindowExW + 7 000007fdb8b5c5b7 5 bytes [00, 00, 00, 50, C3] .text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\system32\USER32.dll!PostMessageA + 1 000007fdb8b65061 11 bytes [b8, 89, D7, 30, 5C, 00, 00, ...] .text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\system32\USER32.dll!CreateWindowExA + 1 000007fdb8b66261 5 bytes [b8, 49, 9A, 30, 5C] .text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\system32\USER32.dll!CreateWindowExA + 7 000007fdb8b66267 5 bytes [00, 00, 00, 50, C3] .text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\system32\USER32.dll!FindWindowExW 000007fdb8b685c0 12 bytes [48, B8, 09, BF, 30, 5C, 00, ...] .text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\system32\USER32.dll!FindWindowExA + 1 000007fdb8b68aa1 11 bytes [b8, 89, BB, 30, 5C, 00, 00, ...] .text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\system32\USER32.dll!CreateDialogIndirectParamAorW + 1 000007fdb8b6da61 11 bytes [b8, C9, 9D, 30, 5C, 00, 00, ...] .text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\system32\USER32.dll!DialogBoxIndirectParamAorW + 1 000007fdb8b7b8e1 11 bytes [b8, 89, 9F, 30, 5C, 00, 00, ...] .text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\system32\USER32.dll!SetWindowsHookExA + 1 000007fdb8b81851 8 bytes [b8, 49, 1C, 30, 5C, 00, 00, ...] .text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\system32\USER32.dll!SetWindowsHookExA + 10 000007fdb8b8185a 2 bytes [50, C3] .text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\system32\USER32.dll!MessageBoxExW + 1 000007fdb8bc02ed 11 bytes [b8, 09, A3, 30, 5C, 00, 00, ...] .text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\system32\USER32.dll!MessageBoxExA + 1 000007fdb8bc0311 11 bytes [b8, 49, A1, 30, 5C, 00, 00, ...] .text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\system32\USER32.dll!SetWindowTextA + 1 000007fdb8bc8211 11 bytes [b8, C9, A4, 30, 5C, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 000007fdb9a32c60 6 bytes [48, B8, 09, DB, 30, 5C] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 000007fdb9a32c68 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000007fdb9a32cd0 6 bytes [48, B8, 49, C4, 30, 5C] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 000007fdb9a32cd8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000007fdb9a32da0 6 bytes [48, B8, 09, B1, 30, 5C] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 000007fdb9a32da8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fdb9a32e40 6 bytes [48, B8, C9, 2D, 30, 5C] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 000007fdb9a32e48 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000007fdb9a32e60 6 bytes [48, B8, C9, 18, 30, 5C] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000007fdb9a32e68 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000007fdb9a32e80 6 bytes [48, B8, 89, 1A, 30, 5C] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 000007fdb9a32e88 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fdb9a32ea0 6 bytes [48, B8, 49, AF, 30, 5C] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 000007fdb9a32ea8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fdb9a32f50 6 bytes [48, B8, 89, D7, 30, 5C] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 000007fdb9a32f58 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fdb9a32f80 6 bytes [48, B8, 49, 2A, 30, 5C] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 000007fdb9a32f88 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fdb9a32fa0 6 bytes [48, B8, 49, 31, 30, 5C] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 000007fdb9a32fa8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000007fdb9a33030 6 bytes [48, B8, 89, 2F, 30, 5C] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 000007fdb9a33038 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fdb9a33080 6 bytes [48, B8, C9, DC, 30, 5C] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 000007fdb9a33088 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 000007fdb9a330b0 6 bytes [48, B8, C9, 26, 30, 5C] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 000007fdb9a330b8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fdb9a330c0 6 bytes [48, B8, 49, 23, 30, 5C] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 000007fdb9a330c8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000007fdb9a33130 6 bytes [48, B8, 49, D9, 30, 5C] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000007fdb9a33138 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000007fdb9a331e1 6 bytes [48, B8, 49, E0, 30, 5C] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 000007fdb9a331e9 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fdb9a33641 6 bytes [48, B8, C9, D5, 30, 5C] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 000007fdb9a33649 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 000007fdb9a33691 6 bytes [48, B8, 09, 25, 30, 5C] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 000007fdb9a33699 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fdb9a336f1 6 bytes [48, B8, 89, 21, 30, 5C] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 000007fdb9a336f9 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fdb9a33ae1 6 bytes [48, B8, 09, C6, 30, 5C] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 000007fdb9a33ae9 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 000007fdb9a34041 6 bytes [48, B8, 09, 72, 30, 5C] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 000007fdb9a34049 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fdb9a34251 6 bytes [48, B8, 09, 2C, 30, 5C] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 000007fdb9a34259 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fdb9a34431 6 bytes [48, B8, C9, C7, 30, 5C] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 000007fdb9a34439 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fdb9a34541 6 bytes [48, B8, 89, DE, 30, 5C] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 000007fdb9a34549 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 000007fdb9a55bd1 11 bytes [b8, C9, 5E, 30, 5C, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 000007fdb9af3be1 11 bytes [b8, C9, 73, 30, 5C, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\system32\KERNEL32.DLL!GetStartupInfoA + 1 000007fdb8a1d9bd 11 bytes [b8, 09, D4, 30, 5C, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\system32\KERNEL32.DLL!CreateToolhelp32Snapshot 000007fdb8a24260 12 bytes [48, B8, C9, 34, 30, 5C, 00, ...] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\system32\KERNEL32.DLL!Process32NextW 000007fdb8a24814 12 bytes [48, B8, 89, C2, 30, 5C, 00, ...] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\system32\KERNELBASE.dll!CloseHandle 000007fdb6b91580 12 bytes [48, B8, 09, 48, 30, 5C, 00, ...] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fdb6b928e9 11 bytes [b8, 49, B6, 30, 5C, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\system32\KERNELBASE.dll!CreateMutexW + 1 000007fdb6b93411 11 bytes [b8, 49, 46, 30, 5C, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fdb6b94541 11 bytes [b8, 09, B8, 30, 5C, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\system32\KERNELBASE.dll!CreateProcessInternalW 000007fdb6b9b970 12 bytes [48, B8, 89, 28, 30, 5C, 00, ...] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fdb6baf590 12 bytes [48, B8, 89, B4, 30, 5C, 00, ...] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fdb6baf679 11 bytes [b8, C9, B2, 30, 5C, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fdb6bbb6dd 11 bytes [b8, 89, 44, 30, 5C, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory + 1 000007fdb6bf5c01 11 bytes [b8, 49, 38, 30, 5C, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputW + 1 000007fdb6c2b2ed 11 bytes [b8, C9, 6C, 30, 5C, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputA + 1 000007fdb6c2b30d 11 bytes [b8, 09, 6B, 30, 5C, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\system32\KERNELBASE.dll!ReadConsoleW 000007fdb6c2bcc0 12 bytes [48, B8, 49, 70, 30, 5C, 00, ...] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\system32\KERNELBASE.dll!ReadConsoleA 000007fdb6c2bd08 12 bytes [48, B8, 89, 6E, 30, 5C, 00, ...] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread 000007fdb6c3720c 12 bytes [48, B8, C9, 1F, 30, 5C, 00, ...] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\system32\KERNELBASE.dll!CreateThread 000007fdb6c37250 12 bytes [48, B8, 89, 36, 30, 5C, 00, ...] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\user32.dll!PeekMessageW + 1 000007fdb8b510c1 11 bytes [b8, 49, 69, 30, 5C, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\user32.dll!CallNextHookEx + 1 000007fdb8b51881 11 bytes [b8, 89, 75, 30, 5C, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\user32.dll!GetMessageW 000007fdb8b51ed0 12 bytes [48, B8, C9, 65, 30, 5C, 00, ...] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\user32.dll!UnhookWindowsHookEx 000007fdb8b52120 6 bytes [48, B8, 49, 77, 30, 5C] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\user32.dll!UnhookWindowsHookEx + 8 000007fdb8b52128 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\user32.dll!PeekMessageA + 1 000007fdb8b55571 11 bytes [b8, 89, 67, 30, 5C, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\user32.dll!GetMessageA 000007fdb8b55720 12 bytes [48, B8, 09, 64, 30, 5C, 00, ...] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\user32.dll!UserClientDllInitialize + 1 000007fdb8b557b1 11 bytes [b8, 09, E2, 30, 5C, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\user32.dll!SetWindowTextW 000007fdb8b57430 12 bytes [48, B8, 89, A6, 30, 5C, 00, ...] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\user32.dll!FindWindowW 000007fdb8b5b160 12 bytes [48, B8, 49, BD, 30, 5C, 00, ...] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\user32.dll!SetWindowsHookExW 000007fdb8b5bee0 12 bytes [48, B8, 09, 1E, 30, 5C, 00, ...] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\user32.dll!CreateWindowExW + 1 000007fdb8b5c5b1 5 bytes [b8, 89, 98, 30, 5C] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\user32.dll!CreateWindowExW + 7 000007fdb8b5c5b7 5 bytes [00, 00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\user32.dll!CreateWindowExA + 1 000007fdb8b66261 5 bytes [b8, 49, 9A, 30, 5C] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\user32.dll!CreateWindowExA + 7 000007fdb8b66267 5 bytes [00, 00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\user32.dll!FindWindowExW 000007fdb8b685c0 12 bytes [48, B8, 09, BF, 30, 5C, 00, ...] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\user32.dll!FindWindowExA + 1 000007fdb8b68aa1 11 bytes [b8, 89, BB, 30, 5C, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\user32.dll!CreateDialogIndirectParamAorW + 1 000007fdb8b6da61 11 bytes [b8, C9, 9D, 30, 5C, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\user32.dll!DialogBoxIndirectParamAorW + 1 000007fdb8b7b8e1 11 bytes [b8, 89, 9F, 30, 5C, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\user32.dll!SetWindowsHookExA + 1 000007fdb8b81851 8 bytes [b8, 49, 1C, 30, 5C, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\user32.dll!SetWindowsHookExA + 10 000007fdb8b8185a 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\user32.dll!MessageBoxExW + 1 000007fdb8bc02ed 11 bytes [b8, 09, A3, 30, 5C, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\user32.dll!MessageBoxExA + 1 000007fdb8bc0311 11 bytes [b8, 49, A1, 30, 5C, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\user32.dll!SetWindowTextA + 1 000007fdb8bc8211 11 bytes [b8, C9, A4, 30, 5C, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\system32\WS2_32.dll!closesocket 000007fdb8ce1cd0 10 bytes [48, B8, C9, AB, 30, 5C, 00, ...] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\system32\WS2_32.dll!closesocket + 11 000007fdb8ce1cdb 1 byte [C3] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\system32\WS2_32.dll!recv + 1 000007fdb8ce1f41 11 bytes [b8, C9, CE, 30, 5C, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\system32\WS2_32.dll!WSASocketW 000007fdb8ce24d0 12 bytes [48, B8, 09, AA, 30, 5C, 00, ...] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\system32\WS2_32.dll!socket + 1 000007fdb8ce2a91 11 bytes [b8, 89, C9, 30, 5C, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\system32\WS2_32.dll!send + 1 000007fdb8ce3051 11 bytes [b8, 49, A8, 30, 5C, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 000007fdb8ce3930 12 bytes [48, B8, 09, 95, 30, 5C, 00, ...] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\system32\WS2_32.dll!connect 000007fdb8ce4940 12 bytes [48, B8, 09, 5D, 30, 5C, 00, ...] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\system32\WS2_32.dll!gethostbyname 000007fdb8cee910 7 bytes [48, B8, C9, 96, 30, 5C, 00] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\system32\WS2_32.dll!gethostbyname + 9 000007fdb8cee919 3 bytes [00, 50, C3] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\system32\WS2_32.dll!WSASend + 1 000007fdb8cf2e81 11 bytes [b8, 89, AD, 30, 5C, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\system32\WS2_32.dll!WSARecv + 1 000007fdb8cf3141 11 bytes [b8, 89, D0, 30, 5C, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\system32\WS2_32.dll!WSAConnect + 1 000007fdb8cf76e1 11 bytes [b8, 09, CD, 30, 5C, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fdb73ad138 12 bytes [48, B8, 49, 62, 30, 5C, 00, ...] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fdb73ad1c0 12 bytes [48, B8, 89, 60, 30, 5C, 00, ...] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW 000007fdb73ad350 12 bytes [48, B8, 09, 56, 30, 5C, 00, ...] .text C:\Windows\system32\svchost.exe[1688] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007fdb73ad3e8 12 bytes [48, B8, 49, 54, 30, 5C, 00, ...] .text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 000007fdb9a32c60 6 bytes [48, B8, 49, E0, 30, 5C] .text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 000007fdb9a32c68 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000007fdb9a32cd0 6 bytes [48, B8, 49, C4, 30, 5C] .text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 000007fdb9a32cd8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000007fdb9a32da0 6 bytes [48, B8, 09, B1, 30, 5C] .text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 000007fdb9a32da8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fdb9a32e40 6 bytes [48, B8, C9, 2D, 30, 5C] .text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 000007fdb9a32e48 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000007fdb9a32e60 6 bytes [48, B8, C9, 18, 30, 5C] .text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000007fdb9a32e68 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000007fdb9a32e80 6 bytes [48, B8, 89, 1A, 30, 5C] .text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 000007fdb9a32e88 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fdb9a32ea0 6 bytes [48, B8, 49, AF, 30, 5C] .text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 000007fdb9a32ea8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fdb9a32f50 6 bytes [48, B8, C9, DC, 30, 5C] .text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 000007fdb9a32f58 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fdb9a32f80 6 bytes [48, B8, 49, 2A, 30, 5C] .text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 000007fdb9a32f88 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fdb9a32fa0 6 bytes [48, B8, 49, 31, 30, 5C] .text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 000007fdb9a32fa8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000007fdb9a33030 6 bytes [48, B8, 89, 2F, 30, 5C] .text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 000007fdb9a33038 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fdb9a33080 6 bytes [48, B8, 09, E2, 30, 5C] .text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 000007fdb9a33088 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 000007fdb9a330b0 6 bytes [48, B8, C9, 26, 30, 5C] .text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 000007fdb9a330b8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fdb9a330c0 6 bytes [48, B8, 49, 23, 30, 5C] .text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 000007fdb9a330c8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000007fdb9a33130 6 bytes [48, B8, 89, DE, 30, 5C] .text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000007fdb9a33138 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000007fdb9a331e1 6 bytes [48, B8, 89, E5, 30, 5C] .text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 000007fdb9a331e9 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fdb9a33641 6 bytes [48, B8, 09, DB, 30, 5C] .text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 000007fdb9a33649 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 000007fdb9a33691 6 bytes [48, B8, 09, 25, 30, 5C] .text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 000007fdb9a33699 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fdb9a336f1 6 bytes [48, B8, 89, 21, 30, 5C] .text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 000007fdb9a336f9 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fdb9a33ae1 6 bytes [48, B8, 09, C6, 30, 5C] .text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 000007fdb9a33ae9 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 000007fdb9a34041 6 bytes [48, B8, 09, 72, 30, 5C] .text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 000007fdb9a34049 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fdb9a34251 6 bytes [48, B8, 09, 2C, 30, 5C] .text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 000007fdb9a34259 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fdb9a34431 6 bytes [48, B8, C9, C7, 30, 5C] .text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 000007fdb9a34439 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fdb9a34541 6 bytes [48, B8, C9, E3, 30, 5C] .text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 000007fdb9a34549 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fdb9a34651 6 bytes [48, B8, C9, D5, 30, 5C] .text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 000007fdb9a34659 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 000007fdb9a55bd1 11 bytes [b8, C9, 5E, 30, 5C, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 000007fdb9af3be1 11 bytes [b8, C9, 73, 30, 5C, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\system32\KERNEL32.DLL!GetStartupInfoA + 1 000007fdb8a1d9bd 11 bytes [b8, 09, D4, 30, 5C, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\system32\KERNEL32.DLL!CreateToolhelp32Snapshot 000007fdb8a24260 12 bytes [48, B8, C9, 34, 30, 5C, 00, ...] .text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\system32\KERNEL32.DLL!Process32NextW 000007fdb8a24814 12 bytes [48, B8, 89, C2, 30, 5C, 00, ...] .text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\system32\KERNELBASE.dll!CloseHandle 000007fdb6b91580 12 bytes [48, B8, 09, 48, 30, 5C, 00, ...] .text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fdb6b928e9 11 bytes [b8, 49, B6, 30, 5C, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\system32\KERNELBASE.dll!CreateMutexW + 1 000007fdb6b93411 11 bytes [b8, 49, 46, 30, 5C, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fdb6b94541 11 bytes [b8, 09, B8, 30, 5C, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\system32\KERNELBASE.dll!CreateProcessInternalW 000007fdb6b9b970 12 bytes [48, B8, 89, 28, 30, 5C, 00, ...] .text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fdb6baf590 12 bytes [48, B8, 89, B4, 30, 5C, 00, ...] .text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fdb6baf679 11 bytes [b8, C9, B2, 30, 5C, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fdb6bbb6dd 11 bytes [b8, 89, 44, 30, 5C, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory + 1 000007fdb6bf5c01 11 bytes [b8, 49, 38, 30, 5C, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputW + 1 000007fdb6c2b2ed 11 bytes [b8, C9, 6C, 30, 5C, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputA + 1 000007fdb6c2b30d 11 bytes [b8, 09, 6B, 30, 5C, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\system32\KERNELBASE.dll!ReadConsoleW 000007fdb6c2bcc0 12 bytes [48, B8, 49, 70, 30, 5C, 00, ...] .text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\system32\KERNELBASE.dll!ReadConsoleA 000007fdb6c2bd08 12 bytes [48, B8, 89, 6E, 30, 5C, 00, ...] .text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread 000007fdb6c3720c 12 bytes [48, B8, C9, 1F, 30, 5C, 00, ...] .text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\system32\KERNELBASE.dll!CreateThread 000007fdb6c37250 12 bytes [48, B8, 89, 36, 30, 5C, 00, ...] .text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\system32\USER32.dll!PeekMessageW + 1 000007fdb8b510c1 11 bytes [b8, 49, 69, 30, 5C, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\system32\USER32.dll!CallNextHookEx + 1 000007fdb8b51881 11 bytes [b8, 89, 75, 30, 5C, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\system32\USER32.dll!GetMessageW 000007fdb8b51ed0 12 bytes [48, B8, C9, 65, 30, 5C, 00, ...] .text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx 000007fdb8b52120 6 bytes [48, B8, 49, 77, 30, 5C] .text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx + 8 000007fdb8b52128 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\system32\USER32.dll!PostMessageW + 1 000007fdb8b524a1 11 bytes [b8, 49, D9, 30, 5C, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\system32\USER32.dll!PeekMessageA + 1 000007fdb8b55571 11 bytes [b8, 89, 67, 30, 5C, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\system32\USER32.dll!GetMessageA 000007fdb8b55720 12 bytes [48, B8, 09, 64, 30, 5C, 00, ...] .text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\system32\USER32.dll!UserClientDllInitialize + 1 000007fdb8b557b1 11 bytes [b8, 49, E7, 30, 5C, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\system32\USER32.dll!SetWindowTextW 000007fdb8b57430 12 bytes [48, B8, 89, A6, 30, 5C, 00, ...] .text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\system32\USER32.dll!FindWindowW 000007fdb8b5b160 12 bytes [48, B8, 49, BD, 30, 5C, 00, ...] .text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\system32\USER32.dll!SetWindowsHookExW 000007fdb8b5bee0 12 bytes [48, B8, 09, 1E, 30, 5C, 00, ...] .text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\system32\USER32.dll!CreateWindowExW + 1 000007fdb8b5c5b1 5 bytes [b8, 89, 98, 30, 5C] .text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\system32\USER32.dll!CreateWindowExW + 7 000007fdb8b5c5b7 5 bytes [00, 00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\system32\USER32.dll!PostMessageA + 1 000007fdb8b65061 11 bytes [b8, 89, D7, 30, 5C, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\system32\USER32.dll!CreateWindowExA + 1 000007fdb8b66261 5 bytes [b8, 49, 9A, 30, 5C] .text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\system32\USER32.dll!CreateWindowExA + 7 000007fdb8b66267 5 bytes [00, 00, 00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\system32\USER32.dll!FindWindowExW 000007fdb8b685c0 12 bytes [48, B8, 09, BF, 30, 5C, 00, ...] .text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\system32\USER32.dll!FindWindowExA + 1 000007fdb8b68aa1 11 bytes [b8, 89, BB, 30, 5C, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\system32\USER32.dll!CreateDialogIndirectParamAorW + 1 000007fdb8b6da61 11 bytes [b8, C9, 9D, 30, 5C, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\system32\USER32.dll!DialogBoxIndirectParamAorW + 1 000007fdb8b7b8e1 11 bytes [b8, 89, 9F, 30, 5C, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\system32\USER32.dll!SetWindowsHookExA + 1 000007fdb8b81851 8 bytes [b8, 49, 1C, 30, 5C, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\system32\USER32.dll!SetWindowsHookExA + 10 000007fdb8b8185a 2 bytes [50, C3] .text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\system32\USER32.dll!MessageBoxExW + 1 000007fdb8bc02ed 11 bytes [b8, 09, A3, 30, 5C, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\system32\USER32.dll!MessageBoxExA + 1 000007fdb8bc0311 11 bytes [b8, 49, A1, 30, 5C, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\system32\USER32.dll!SetWindowTextA + 1 000007fdb8bc8211 11 bytes [b8, C9, A4, 30, 5C, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\system32\WS2_32.dll!closesocket 000007fdb8ce1cd0 10 bytes [48, B8, C9, AB, 30, 5C, 00, ...] .text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\system32\WS2_32.dll!closesocket + 11 000007fdb8ce1cdb 1 byte [C3] .text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\system32\WS2_32.dll!recv + 1 000007fdb8ce1f41 11 bytes [b8, C9, CE, 30, 5C, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\system32\WS2_32.dll!WSASocketW 000007fdb8ce24d0 12 bytes [48, B8, 09, AA, 30, 5C, 00, ...] .text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\system32\WS2_32.dll!socket + 1 000007fdb8ce2a91 11 bytes [b8, 89, C9, 30, 5C, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\system32\WS2_32.dll!send + 1 000007fdb8ce3051 11 bytes [b8, 49, A8, 30, 5C, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 000007fdb8ce3930 12 bytes [48, B8, 09, 95, 30, 5C, 00, ...] .text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\system32\WS2_32.dll!connect 000007fdb8ce4940 12 bytes [48, B8, 09, 5D, 30, 5C, 00, ...] .text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\system32\WS2_32.dll!gethostbyname 000007fdb8cee910 7 bytes [48, B8, C9, 96, 30, 5C, 00] .text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\system32\WS2_32.dll!gethostbyname + 9 000007fdb8cee919 3 bytes [00, 50, C3] .text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\system32\WS2_32.dll!WSASend + 1 000007fdb8cf2e81 11 bytes [b8, 89, AD, 30, 5C, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\system32\WS2_32.dll!WSARecv + 1 000007fdb8cf3141 11 bytes [b8, 89, D0, 30, 5C, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\system32\WS2_32.dll!WSAConnect + 1 000007fdb8cf76e1 11 bytes [b8, 09, CD, 30, 5C, 00, 00, ...] .text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\SYSTEM32\advapi32.dll!CreateServiceW 000007fdb73ad138 12 bytes [48, B8, 49, 62, 30, 5C, 00, ...] .text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\SYSTEM32\advapi32.dll!CreateServiceA 000007fdb73ad1c0 12 bytes [48, B8, 89, 60, 30, 5C, 00, ...] .text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\SYSTEM32\advapi32.dll!ChangeServiceConfigW 000007fdb73ad350 12 bytes [48, B8, 09, 56, 30, 5C, 00, ...] .text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\SYSTEM32\advapi32.dll!ChangeServiceConfigA 000007fdb73ad3e8 12 bytes [48, B8, 49, 54, 30, 5C, 00, ...] .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 000007fdb9a32c60 6 bytes [48, B8, 09, DB, 30, 5C] .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 000007fdb9a32c68 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000007fdb9a32cd0 6 bytes [48, B8, 49, C4, 30, 5C] .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 000007fdb9a32cd8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000007fdb9a32da0 6 bytes [48, B8, 09, B1, 30, 5C] .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 000007fdb9a32da8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fdb9a32e40 6 bytes [48, B8, C9, 2D, 30, 5C] .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 000007fdb9a32e48 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000007fdb9a32e60 6 bytes [48, B8, C9, 18, 30, 5C] .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000007fdb9a32e68 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000007fdb9a32e80 6 bytes [48, B8, 89, 1A, 30, 5C] .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 000007fdb9a32e88 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fdb9a32ea0 6 bytes [48, B8, 49, AF, 30, 5C] .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 000007fdb9a32ea8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fdb9a32f50 6 bytes [48, B8, 89, D7, 30, 5C] .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 000007fdb9a32f58 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fdb9a32f80 6 bytes [48, B8, 49, 2A, 30, 5C] .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 000007fdb9a32f88 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fdb9a32fa0 6 bytes [48, B8, 49, 31, 30, 5C] .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 000007fdb9a32fa8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000007fdb9a33030 6 bytes [48, B8, 89, 2F, 30, 5C] .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 000007fdb9a33038 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fdb9a33080 6 bytes [48, B8, C9, DC, 30, 5C] .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 000007fdb9a33088 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 000007fdb9a330b0 6 bytes [48, B8, C9, 26, 30, 5C] .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 000007fdb9a330b8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fdb9a330c0 6 bytes [48, B8, 49, 23, 30, 5C] .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 000007fdb9a330c8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000007fdb9a33130 6 bytes [48, B8, 49, D9, 30, 5C] .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000007fdb9a33138 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000007fdb9a331e1 6 bytes [48, B8, 49, E0, 30, 5C] .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 000007fdb9a331e9 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fdb9a33641 6 bytes [48, B8, C9, D5, 30, 5C] .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 000007fdb9a33649 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 000007fdb9a33691 6 bytes [48, B8, 09, 25, 30, 5C] .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 000007fdb9a33699 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fdb9a336f1 6 bytes [48, B8, 89, 21, 30, 5C] .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 000007fdb9a336f9 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fdb9a33ae1 6 bytes [48, B8, 09, C6, 30, 5C] .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 000007fdb9a33ae9 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 000007fdb9a34041 6 bytes [48, B8, 09, 72, 30, 5C] .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 000007fdb9a34049 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fdb9a34251 6 bytes [48, B8, 09, 2C, 30, 5C] .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 000007fdb9a34259 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fdb9a34431 6 bytes [48, B8, C9, C7, 30, 5C] .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 000007fdb9a34439 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fdb9a34541 6 bytes [48, B8, 89, DE, 30, 5C] .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 000007fdb9a34549 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 000007fdb9a55bd1 11 bytes [b8, C9, 5E, 30, 5C, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 000007fdb9af3be1 11 bytes [b8, C9, 73, 30, 5C, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1980] C:\Windows\system32\KERNEL32.DLL!GetStartupInfoA + 1 000007fdb8a1d9bd 11 bytes [b8, 09, D4, 30, 5C, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1980] C:\Windows\system32\KERNEL32.DLL!CreateToolhelp32Snapshot 000007fdb8a24260 12 bytes [48, B8, C9, 34, 30, 5C, 00, ...] .text C:\Windows\system32\svchost.exe[1980] C:\Windows\system32\KERNEL32.DLL!Process32NextW 000007fdb8a24814 12 bytes [48, B8, 89, C2, 30, 5C, 00, ...] .text C:\Windows\system32\svchost.exe[1980] C:\Windows\system32\KERNELBASE.dll!CloseHandle 000007fdb6b91580 12 bytes [48, B8, 09, 48, 30, 5C, 00, ...] .text C:\Windows\system32\svchost.exe[1980] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fdb6b928e9 11 bytes [b8, 49, B6, 30, 5C, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1980] C:\Windows\system32\KERNELBASE.dll!CreateMutexW + 1 000007fdb6b93411 11 bytes [b8, 49, 46, 30, 5C, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1980] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fdb6b94541 11 bytes [b8, 09, B8, 30, 5C, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1980] C:\Windows\system32\KERNELBASE.dll!CreateProcessInternalW 000007fdb6b9b970 12 bytes [48, B8, 89, 28, 30, 5C, 00, ...] .text C:\Windows\system32\svchost.exe[1980] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fdb6baf590 12 bytes [48, B8, 89, B4, 30, 5C, 00, ...] .text C:\Windows\system32\svchost.exe[1980] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fdb6baf679 11 bytes [b8, C9, B2, 30, 5C, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1980] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fdb6bbb6dd 11 bytes [b8, 89, 44, 30, 5C, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1980] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory + 1 000007fdb6bf5c01 11 bytes [b8, 49, 38, 30, 5C, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1980] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputW + 1 000007fdb6c2b2ed 11 bytes [b8, C9, 6C, 30, 5C, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1980] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputA + 1 000007fdb6c2b30d 11 bytes [b8, 09, 6B, 30, 5C, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1980] C:\Windows\system32\KERNELBASE.dll!ReadConsoleW 000007fdb6c2bcc0 12 bytes [48, B8, 49, 70, 30, 5C, 00, ...] .text C:\Windows\system32\svchost.exe[1980] C:\Windows\system32\KERNELBASE.dll!ReadConsoleA 000007fdb6c2bd08 12 bytes [48, B8, 89, 6E, 30, 5C, 00, ...] .text C:\Windows\system32\svchost.exe[1980] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread 000007fdb6c3720c 12 bytes [48, B8, C9, 1F, 30, 5C, 00, ...] .text C:\Windows\system32\svchost.exe[1980] C:\Windows\system32\KERNELBASE.dll!CreateThread 000007fdb6c37250 12 bytes [48, B8, 89, 36, 30, 5C, 00, ...] .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\user32.dll!PeekMessageW + 1 000007fdb8b510c1 11 bytes [b8, 49, 69, 30, 5C, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\user32.dll!CallNextHookEx + 1 000007fdb8b51881 11 bytes [b8, 89, 75, 30, 5C, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\user32.dll!GetMessageW 000007fdb8b51ed0 12 bytes [48, B8, C9, 65, 30, 5C, 00, ...] .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\user32.dll!UnhookWindowsHookEx 000007fdb8b52120 6 bytes [48, B8, 49, 77, 30, 5C] .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\user32.dll!UnhookWindowsHookEx + 8 000007fdb8b52128 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\user32.dll!PeekMessageA + 1 000007fdb8b55571 11 bytes [b8, 89, 67, 30, 5C, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\user32.dll!GetMessageA 000007fdb8b55720 12 bytes [48, B8, 09, 64, 30, 5C, 00, ...] .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\user32.dll!UserClientDllInitialize + 1 000007fdb8b557b1 11 bytes [b8, 09, E2, 30, 5C, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\user32.dll!SetWindowTextW 000007fdb8b57430 12 bytes [48, B8, 89, A6, 30, 5C, 00, ...] .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\user32.dll!FindWindowW 000007fdb8b5b160 12 bytes [48, B8, 49, BD, 30, 5C, 00, ...] .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\user32.dll!SetWindowsHookExW 000007fdb8b5bee0 12 bytes [48, B8, 09, 1E, 30, 5C, 00, ...] .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\user32.dll!CreateWindowExW + 1 000007fdb8b5c5b1 5 bytes [b8, 89, 98, 30, 5C] .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\user32.dll!CreateWindowExW + 7 000007fdb8b5c5b7 5 bytes [00, 00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\user32.dll!CreateWindowExA + 1 000007fdb8b66261 5 bytes [b8, 49, 9A, 30, 5C] .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\user32.dll!CreateWindowExA + 7 000007fdb8b66267 5 bytes [00, 00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\user32.dll!FindWindowExW 000007fdb8b685c0 12 bytes [48, B8, 09, BF, 30, 5C, 00, ...] .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\user32.dll!FindWindowExA + 1 000007fdb8b68aa1 11 bytes [b8, 89, BB, 30, 5C, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\user32.dll!CreateDialogIndirectParamAorW + 1 000007fdb8b6da61 11 bytes [b8, C9, 9D, 30, 5C, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\user32.dll!DialogBoxIndirectParamAorW + 1 000007fdb8b7b8e1 11 bytes [b8, 89, 9F, 30, 5C, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\user32.dll!SetWindowsHookExA + 1 000007fdb8b81851 8 bytes [b8, 49, 1C, 30, 5C, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\user32.dll!SetWindowsHookExA + 10 000007fdb8b8185a 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\user32.dll!MessageBoxExW + 1 000007fdb8bc02ed 11 bytes [b8, 09, A3, 30, 5C, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\user32.dll!MessageBoxExA + 1 000007fdb8bc0311 11 bytes [b8, 49, A1, 30, 5C, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\user32.dll!SetWindowTextA + 1 000007fdb8bc8211 11 bytes [b8, C9, A4, 30, 5C, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1980] C:\Windows\system32\WS2_32.dll!closesocket 000007fdb8ce1cd0 10 bytes [48, B8, C9, AB, 30, 5C, 00, ...] .text C:\Windows\system32\svchost.exe[1980] C:\Windows\system32\WS2_32.dll!closesocket + 11 000007fdb8ce1cdb 1 byte [C3] .text C:\Windows\system32\svchost.exe[1980] C:\Windows\system32\WS2_32.dll!recv + 1 000007fdb8ce1f41 11 bytes [b8, C9, CE, 30, 5C, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1980] C:\Windows\system32\WS2_32.dll!WSASocketW 000007fdb8ce24d0 12 bytes [48, B8, 09, AA, 30, 5C, 00, ...] .text C:\Windows\system32\svchost.exe[1980] C:\Windows\system32\WS2_32.dll!socket + 1 000007fdb8ce2a91 11 bytes [b8, 89, C9, 30, 5C, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1980] C:\Windows\system32\WS2_32.dll!send + 1 000007fdb8ce3051 11 bytes [b8, 49, A8, 30, 5C, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1980] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 000007fdb8ce3930 12 bytes [48, B8, 09, 95, 30, 5C, 00, ...] .text C:\Windows\system32\svchost.exe[1980] C:\Windows\system32\WS2_32.dll!connect 000007fdb8ce4940 12 bytes [48, B8, 09, 5D, 30, 5C, 00, ...] .text C:\Windows\system32\svchost.exe[1980] C:\Windows\system32\WS2_32.dll!gethostbyname 000007fdb8cee910 7 bytes [48, B8, C9, 96, 30, 5C, 00] .text C:\Windows\system32\svchost.exe[1980] C:\Windows\system32\WS2_32.dll!gethostbyname + 9 000007fdb8cee919 3 bytes [00, 50, C3] .text C:\Windows\system32\svchost.exe[1980] C:\Windows\system32\WS2_32.dll!WSASend + 1 000007fdb8cf2e81 11 bytes [b8, 89, AD, 30, 5C, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1980] C:\Windows\system32\WS2_32.dll!WSARecv + 1 000007fdb8cf3141 11 bytes [b8, 89, D0, 30, 5C, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1980] C:\Windows\system32\WS2_32.dll!WSAConnect + 1 000007fdb8cf76e1 11 bytes [b8, 09, CD, 30, 5C, 00, 00, ...] .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\advapi32.dll!CreateServiceW 000007fdb73ad138 12 bytes [48, B8, 49, 62, 30, 5C, 00, ...] .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\advapi32.dll!CreateServiceA 000007fdb73ad1c0 12 bytes [48, B8, 89, 60, 30, 5C, 00, ...] .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\advapi32.dll!ChangeServiceConfigW 000007fdb73ad350 12 bytes [48, B8, 09, 56, 30, 5C, 00, ...] .text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\advapi32.dll!ChangeServiceConfigA 000007fdb73ad3e8 12 bytes [48, B8, 49, 54, 30, 5C, 00, ...] .text C:\Windows\system32\svchost.exe[1980] C:\Windows\system32\urlmon.dll!URLDownloadToCacheFileW 000007fdb70e12f0 12 bytes [48, B8, 49, 5B, 30, 5C, 00, ...] .text C:\Windows\system32\svchost.exe[1980] C:\Windows\system32\urlmon.dll!URLDownloadToFileW + 1 000007fdb70fba59 11 bytes [b8, 89, 59, 30, 5C, 00, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 000007fdb9a32c60 6 bytes [48, B8, 49, E0, 30, 5C] .text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 000007fdb9a32c68 4 bytes [00, 00, 50, C3] .text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000007fdb9a32cd0 6 bytes [48, B8, 49, C4, 30, 5C] .text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 000007fdb9a32cd8 4 bytes [00, 00, 50, C3] .text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000007fdb9a32da0 6 bytes [48, B8, 09, B1, 30, 5C] .text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 000007fdb9a32da8 4 bytes [00, 00, 50, C3] .text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fdb9a32e40 6 bytes [48, B8, C9, 2D, 30, 5C] .text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 000007fdb9a32e48 4 bytes [00, 00, 50, C3] .text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000007fdb9a32e60 6 bytes [48, B8, C9, 18, 30, 5C] .text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000007fdb9a32e68 4 bytes [00, 00, 50, C3] .text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000007fdb9a32e80 6 bytes [48, B8, 89, 1A, 30, 5C] .text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 000007fdb9a32e88 4 bytes [00, 00, 50, C3] .text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fdb9a32ea0 6 bytes [48, B8, 49, AF, 30, 5C] .text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 000007fdb9a32ea8 4 bytes [00, 00, 50, C3] .text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fdb9a32f50 6 bytes [48, B8, C9, DC, 30, 5C] .text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 000007fdb9a32f58 4 bytes [00, 00, 50, C3] .text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fdb9a32f80 6 bytes [48, B8, 49, 2A, 30, 5C] .text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 000007fdb9a32f88 4 bytes [00, 00, 50, C3] .text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fdb9a32fa0 6 bytes [48, B8, 49, 31, 30, 5C] .text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 000007fdb9a32fa8 4 bytes [00, 00, 50, C3] .text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000007fdb9a33030 6 bytes [48, B8, 89, 2F, 30, 5C] .text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 000007fdb9a33038 4 bytes [00, 00, 50, C3] .text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fdb9a33080 6 bytes [48, B8, 09, E2, 30, 5C] .text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 000007fdb9a33088 4 bytes [00, 00, 50, C3] .text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 000007fdb9a330b0 6 bytes [48, B8, C9, 26, 30, 5C] .text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 000007fdb9a330b8 4 bytes [00, 00, 50, C3] .text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fdb9a330c0 6 bytes [48, B8, 49, 23, 30, 5C] .text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 000007fdb9a330c8 4 bytes [00, 00, 50, C3] .text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000007fdb9a33130 6 bytes [48, B8, 89, DE, 30, 5C] .text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000007fdb9a33138 4 bytes [00, 00, 50, C3] .text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000007fdb9a331e1 6 bytes [48, B8, 89, E5, 30, 5C] .text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 000007fdb9a331e9 4 bytes [00, 00, 50, C3] .text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fdb9a33641 6 bytes [48, B8, 09, DB, 30, 5C] .text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 000007fdb9a33649 4 bytes [00, 00, 50, C3] .text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 000007fdb9a33691 6 bytes [48, B8, 09, 25, 30, 5C] .text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 000007fdb9a33699 4 bytes [00, 00, 50, C3] .text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fdb9a336f1 6 bytes [48, B8, 89, 21, 30, 5C] .text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 000007fdb9a336f9 4 bytes [00, 00, 50, C3] .text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fdb9a33ae1 6 bytes [48, B8, 09, C6, 30, 5C] .text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 000007fdb9a33ae9 4 bytes [00, 00, 50, C3] .text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 000007fdb9a34041 6 bytes [48, B8, 09, 72, 30, 5C] .text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 000007fdb9a34049 4 bytes [00, 00, 50, C3] .text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fdb9a34251 6 bytes [48, B8, 09, 2C, 30, 5C] .text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 000007fdb9a34259 4 bytes [00, 00, 50, C3] .text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fdb9a34431 6 bytes [48, B8, C9, C7, 30, 5C] .text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 000007fdb9a34439 4 bytes [00, 00, 50, C3] .text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fdb9a34541 6 bytes [48, B8, C9, E3, 30, 5C] .text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 000007fdb9a34549 4 bytes [00, 00, 50, C3] .text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fdb9a34651 6 bytes [48, B8, C9, D5, 30, 5C] .text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 000007fdb9a34659 4 bytes [00, 00, 50, C3] .text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 000007fdb9a55bd1 11 bytes [b8, C9, 5E, 30, 5C, 00, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 000007fdb9af3be1 11 bytes [b8, C9, 73, 30, 5C, 00, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\system32\KERNEL32.DLL!GetStartupInfoA + 1 000007fdb8a1d9bd 11 bytes [b8, 09, D4, 30, 5C, 00, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\system32\KERNEL32.DLL!CreateToolhelp32Snapshot 000007fdb8a24260 12 bytes [48, B8, C9, 34, 30, 5C, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\system32\KERNEL32.DLL!Process32NextW 000007fdb8a24814 12 bytes [48, B8, 89, C2, 30, 5C, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\system32\KERNELBASE.dll!CloseHandle 000007fdb6b91580 12 bytes [48, B8, 09, 48, 30, 5C, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fdb6b928e9 11 bytes [b8, 49, B6, 30, 5C, 00, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\system32\KERNELBASE.dll!CreateMutexW + 1 000007fdb6b93411 11 bytes [b8, 49, 46, 30, 5C, 00, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fdb6b94541 11 bytes [b8, 09, B8, 30, 5C, 00, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\system32\KERNELBASE.dll!CreateProcessInternalW 000007fdb6b9b970 12 bytes [48, B8, 89, 28, 30, 5C, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fdb6baf590 12 bytes [48, B8, 89, B4, 30, 5C, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fdb6baf679 11 bytes [b8, C9, B2, 30, 5C, 00, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fdb6bbb6dd 11 bytes [b8, 89, 44, 30, 5C, 00, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory + 1 000007fdb6bf5c01 11 bytes [b8, 49, 38, 30, 5C, 00, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputW + 1 000007fdb6c2b2ed 11 bytes [b8, C9, 6C, 30, 5C, 00, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputA + 1 000007fdb6c2b30d 11 bytes [b8, 09, 6B, 30, 5C, 00, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\system32\KERNELBASE.dll!ReadConsoleW 000007fdb6c2bcc0 12 bytes [48, B8, 49, 70, 30, 5C, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\system32\KERNELBASE.dll!ReadConsoleA 000007fdb6c2bd08 12 bytes [48, B8, 89, 6E, 30, 5C, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread 000007fdb6c3720c 12 bytes [48, B8, C9, 1F, 30, 5C, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\system32\KERNELBASE.dll!CreateThread 000007fdb6c37250 12 bytes [48, B8, 89, 36, 30, 5C, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\system32\USER32.dll!PeekMessageW + 1 000007fdb8b510c1 11 bytes [b8, 49, 69, 30, 5C, 00, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\system32\USER32.dll!CallNextHookEx + 1 000007fdb8b51881 11 bytes [b8, 89, 75, 30, 5C, 00, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\system32\USER32.dll!GetMessageW 000007fdb8b51ed0 12 bytes [48, B8, C9, 65, 30, 5C, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx 000007fdb8b52120 6 bytes [48, B8, 49, 77, 30, 5C] .text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx + 8 000007fdb8b52128 4 bytes [00, 00, 50, C3] .text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\system32\USER32.dll!PostMessageW + 1 000007fdb8b524a1 11 bytes [b8, 49, D9, 30, 5C, 00, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\system32\USER32.dll!PeekMessageA + 1 000007fdb8b55571 11 bytes [b8, 89, 67, 30, 5C, 00, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\system32\USER32.dll!GetMessageA 000007fdb8b55720 12 bytes [48, B8, 09, 64, 30, 5C, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\system32\USER32.dll!UserClientDllInitialize + 1 000007fdb8b557b1 11 bytes [b8, 49, E7, 30, 5C, 00, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\system32\USER32.dll!SetWindowTextW 000007fdb8b57430 12 bytes [48, B8, 89, A6, 30, 5C, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\system32\USER32.dll!FindWindowW 000007fdb8b5b160 12 bytes [48, B8, 49, BD, 30, 5C, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\system32\USER32.dll!SetWindowsHookExW 000007fdb8b5bee0 12 bytes [48, B8, 09, 1E, 30, 5C, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\system32\USER32.dll!CreateWindowExW + 1 000007fdb8b5c5b1 5 bytes [b8, 89, 98, 30, 5C] .text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\system32\USER32.dll!CreateWindowExW + 7 000007fdb8b5c5b7 5 bytes [00, 00, 00, 50, C3] .text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\system32\USER32.dll!PostMessageA + 1 000007fdb8b65061 11 bytes [b8, 89, D7, 30, 5C, 00, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\system32\USER32.dll!CreateWindowExA + 1 000007fdb8b66261 5 bytes [b8, 49, 9A, 30, 5C] .text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\system32\USER32.dll!CreateWindowExA + 7 000007fdb8b66267 5 bytes [00, 00, 00, 50, C3] .text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\system32\USER32.dll!FindWindowExW 000007fdb8b685c0 12 bytes [48, B8, 09, BF, 30, 5C, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\system32\USER32.dll!FindWindowExA + 1 000007fdb8b68aa1 11 bytes [b8, 89, BB, 30, 5C, 00, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\system32\USER32.dll!CreateDialogIndirectParamAorW + 1 000007fdb8b6da61 11 bytes [b8, C9, 9D, 30, 5C, 00, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\system32\USER32.dll!DialogBoxIndirectParamAorW + 1 000007fdb8b7b8e1 11 bytes [b8, 89, 9F, 30, 5C, 00, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\system32\USER32.dll!SetWindowsHookExA + 1 000007fdb8b81851 8 bytes [b8, 49, 1C, 30, 5C, 00, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\system32\USER32.dll!SetWindowsHookExA + 10 000007fdb8b8185a 2 bytes [50, C3] .text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\system32\USER32.dll!MessageBoxExW + 1 000007fdb8bc02ed 11 bytes [b8, 09, A3, 30, 5C, 00, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\system32\USER32.dll!MessageBoxExA + 1 000007fdb8bc0311 11 bytes [b8, 49, A1, 30, 5C, 00, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\system32\USER32.dll!SetWindowTextA + 1 000007fdb8bc8211 11 bytes [b8, C9, A4, 30, 5C, 00, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fdb73ad138 12 bytes [48, B8, 49, 62, 30, 5C, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fdb73ad1c0 12 bytes [48, B8, 89, 60, 30, 5C, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW 000007fdb73ad350 12 bytes [48, B8, 09, 56, 30, 5C, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007fdb73ad3e8 12 bytes [48, B8, 49, 54, 30, 5C, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\system32\SHELL32.dll!Shell_NotifyIconW + 1 000007fdb75dd181 11 bytes [b8, 09, 79, 30, 5C, 00, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 000007fdb9a32c60 6 bytes [48, B8, 49, E0, 30, 5C] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 000007fdb9a32c68 4 bytes [00, 00, 50, C3] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000007fdb9a32cd0 6 bytes [48, B8, 49, C4, 30, 5C] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 000007fdb9a32cd8 4 bytes [00, 00, 50, C3] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000007fdb9a32da0 6 bytes [48, B8, 09, B1, 30, 5C] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 000007fdb9a32da8 4 bytes [00, 00, 50, C3] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fdb9a32e40 6 bytes [48, B8, C9, 2D, 30, 5C] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 000007fdb9a32e48 4 bytes [00, 00, 50, C3] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000007fdb9a32e60 6 bytes [48, B8, C9, 18, 30, 5C] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000007fdb9a32e68 4 bytes [00, 00, 50, C3] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000007fdb9a32e80 6 bytes [48, B8, 89, 1A, 30, 5C] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 000007fdb9a32e88 4 bytes [00, 00, 50, C3] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fdb9a32ea0 6 bytes [48, B8, 49, AF, 30, 5C] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 000007fdb9a32ea8 4 bytes [00, 00, 50, C3] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fdb9a32f50 6 bytes [48, B8, C9, DC, 30, 5C] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 000007fdb9a32f58 4 bytes [00, 00, 50, C3] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fdb9a32f80 6 bytes [48, B8, 49, 2A, 30, 5C] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 000007fdb9a32f88 4 bytes [00, 00, 50, C3] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fdb9a32fa0 6 bytes [48, B8, 49, 31, 30, 5C] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 000007fdb9a32fa8 4 bytes [00, 00, 50, C3] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000007fdb9a33030 6 bytes [48, B8, 89, 2F, 30, 5C] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 000007fdb9a33038 4 bytes [00, 00, 50, C3] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fdb9a33080 6 bytes [48, B8, 09, E2, 30, 5C] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 000007fdb9a33088 4 bytes [00, 00, 50, C3] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 000007fdb9a330b0 6 bytes [48, B8, C9, 26, 30, 5C] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 000007fdb9a330b8 4 bytes [00, 00, 50, C3] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fdb9a330c0 6 bytes [48, B8, 49, 23, 30, 5C] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 000007fdb9a330c8 4 bytes [00, 00, 50, C3] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000007fdb9a33130 6 bytes [48, B8, 89, DE, 30, 5C] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000007fdb9a33138 4 bytes [00, 00, 50, C3] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000007fdb9a331e1 6 bytes [48, B8, 89, E5, 30, 5C] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 000007fdb9a331e9 4 bytes [00, 00, 50, C3] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fdb9a33641 6 bytes [48, B8, 09, DB, 30, 5C] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 000007fdb9a33649 4 bytes [00, 00, 50, C3] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 000007fdb9a33691 6 bytes [48, B8, 09, 25, 30, 5C] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 000007fdb9a33699 4 bytes [00, 00, 50, C3] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fdb9a336f1 6 bytes [48, B8, 89, 21, 30, 5C] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 000007fdb9a336f9 4 bytes [00, 00, 50, C3] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fdb9a33ae1 6 bytes [48, B8, 09, C6, 30, 5C] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 000007fdb9a33ae9 4 bytes [00, 00, 50, C3] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 000007fdb9a34041 6 bytes [48, B8, 09, 72, 30, 5C] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 000007fdb9a34049 4 bytes [00, 00, 50, C3] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fdb9a34251 6 bytes [48, B8, 09, 2C, 30, 5C] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 000007fdb9a34259 4 bytes [00, 00, 50, C3] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fdb9a34431 6 bytes [48, B8, C9, C7, 30, 5C] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 000007fdb9a34439 4 bytes [00, 00, 50, C3] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fdb9a34541 6 bytes [48, B8, C9, E3, 30, 5C] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 000007fdb9a34549 4 bytes [00, 00, 50, C3] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fdb9a34651 6 bytes [48, B8, C9, D5, 30, 5C] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 000007fdb9a34659 4 bytes [00, 00, 50, C3] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 000007fdb9a55bd1 11 bytes [b8, C9, 5E, 30, 5C, 00, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 000007fdb9af3be1 11 bytes [b8, C9, 73, 30, 5C, 00, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\system32\KERNEL32.DLL!GetStartupInfoA + 1 000007fdb8a1d9bd 11 bytes [b8, 09, D4, 30, 5C, 00, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\system32\KERNEL32.DLL!CreateToolhelp32Snapshot 000007fdb8a24260 12 bytes [48, B8, C9, 34, 30, 5C, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\system32\KERNEL32.DLL!Process32NextW 000007fdb8a24814 12 bytes [48, B8, 89, C2, 30, 5C, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\system32\KERNELBASE.dll!CloseHandle 000007fdb6b91580 12 bytes [48, B8, 09, 48, 30, 5C, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fdb6b928e9 11 bytes [b8, 49, B6, 30, 5C, 00, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\system32\KERNELBASE.dll!CreateMutexW + 1 000007fdb6b93411 11 bytes [b8, 49, 46, 30, 5C, 00, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fdb6b94541 11 bytes [b8, 09, B8, 30, 5C, 00, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\system32\KERNELBASE.dll!CreateProcessInternalW 000007fdb6b9b970 12 bytes [48, B8, 89, 28, 30, 5C, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fdb6baf590 12 bytes [48, B8, 89, B4, 30, 5C, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fdb6baf679 11 bytes [b8, C9, B2, 30, 5C, 00, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fdb6bbb6dd 11 bytes [b8, 89, 44, 30, 5C, 00, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory + 1 000007fdb6bf5c01 11 bytes [b8, 49, 38, 30, 5C, 00, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputW + 1 000007fdb6c2b2ed 11 bytes [b8, C9, 6C, 30, 5C, 00, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputA + 1 000007fdb6c2b30d 11 bytes [b8, 09, 6B, 30, 5C, 00, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\system32\KERNELBASE.dll!ReadConsoleW 000007fdb6c2bcc0 12 bytes [48, B8, 49, 70, 30, 5C, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\system32\KERNELBASE.dll!ReadConsoleA 000007fdb6c2bd08 12 bytes [48, B8, 89, 6E, 30, 5C, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread 000007fdb6c3720c 12 bytes [48, B8, C9, 1F, 30, 5C, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\system32\KERNELBASE.dll!CreateThread 000007fdb6c37250 12 bytes [48, B8, 89, 36, 30, 5C, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\system32\USER32.dll!PeekMessageW + 1 000007fdb8b510c1 11 bytes [b8, 49, 69, 30, 5C, 00, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\system32\USER32.dll!CallNextHookEx + 1 000007fdb8b51881 11 bytes [b8, 89, 75, 30, 5C, 00, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\system32\USER32.dll!GetMessageW 000007fdb8b51ed0 12 bytes [48, B8, C9, 65, 30, 5C, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx 000007fdb8b52120 6 bytes [48, B8, 49, 77, 30, 5C] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx + 8 000007fdb8b52128 4 bytes [00, 00, 50, C3] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\system32\USER32.dll!PostMessageW + 1 000007fdb8b524a1 11 bytes [b8, 49, D9, 30, 5C, 00, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\system32\USER32.dll!PeekMessageA + 1 000007fdb8b55571 11 bytes [b8, 89, 67, 30, 5C, 00, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\system32\USER32.dll!GetMessageA 000007fdb8b55720 12 bytes [48, B8, 09, 64, 30, 5C, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\system32\USER32.dll!UserClientDllInitialize + 1 000007fdb8b557b1 11 bytes [b8, 49, E7, 30, 5C, 00, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\system32\USER32.dll!SetWindowTextW 000007fdb8b57430 12 bytes [48, B8, 89, A6, 30, 5C, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\system32\USER32.dll!FindWindowW 000007fdb8b5b160 12 bytes [48, B8, 49, BD, 30, 5C, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\system32\USER32.dll!SetWindowsHookExW 000007fdb8b5bee0 12 bytes [48, B8, 09, 1E, 30, 5C, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\system32\USER32.dll!CreateWindowExW + 1 000007fdb8b5c5b1 5 bytes [b8, 89, 98, 30, 5C] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\system32\USER32.dll!CreateWindowExW + 7 000007fdb8b5c5b7 5 bytes [00, 00, 00, 50, C3] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\system32\USER32.dll!PostMessageA + 1 000007fdb8b65061 11 bytes [b8, 89, D7, 30, 5C, 00, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\system32\USER32.dll!CreateWindowExA + 1 000007fdb8b66261 5 bytes [b8, 49, 9A, 30, 5C] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\system32\USER32.dll!CreateWindowExA + 7 000007fdb8b66267 5 bytes [00, 00, 00, 50, C3] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\system32\USER32.dll!FindWindowExW 000007fdb8b685c0 12 bytes [48, B8, 09, BF, 30, 5C, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\system32\USER32.dll!FindWindowExA + 1 000007fdb8b68aa1 11 bytes [b8, 89, BB, 30, 5C, 00, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\system32\USER32.dll!CreateDialogIndirectParamAorW + 1 000007fdb8b6da61 11 bytes [b8, C9, 9D, 30, 5C, 00, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\system32\USER32.dll!DialogBoxIndirectParamAorW + 1 000007fdb8b7b8e1 11 bytes [b8, 89, 9F, 30, 5C, 00, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\system32\USER32.dll!SetWindowsHookExA + 1 000007fdb8b81851 8 bytes [b8, 49, 1C, 30, 5C, 00, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\system32\USER32.dll!SetWindowsHookExA + 10 000007fdb8b8185a 2 bytes [50, C3] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\system32\USER32.dll!MessageBoxExW + 1 000007fdb8bc02ed 11 bytes [b8, 09, A3, 30, 5C, 00, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\system32\USER32.dll!MessageBoxExA + 1 000007fdb8bc0311 11 bytes [b8, 49, A1, 30, 5C, 00, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\system32\USER32.dll!SetWindowTextA + 1 000007fdb8bc8211 11 bytes [b8, C9, A4, 30, 5C, 00, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fdb73ad138 12 bytes [48, B8, 49, 62, 30, 5C, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fdb73ad1c0 12 bytes [48, B8, 89, 60, 30, 5C, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW 000007fdb73ad350 12 bytes [48, B8, 09, 56, 30, 5C, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007fdb73ad3e8 12 bytes [48, B8, 49, 54, 30, 5C, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\system32\SHELL32.dll!Shell_NotifyIconW + 1 000007fdb75dd181 11 bytes [b8, 09, 79, 30, 5C, 00, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\system32\WS2_32.dll!closesocket 000007fdb8ce1cd0 10 bytes [48, B8, C9, AB, 30, 5C, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\system32\WS2_32.dll!closesocket + 11 000007fdb8ce1cdb 1 byte [C3] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\system32\WS2_32.dll!recv + 1 000007fdb8ce1f41 11 bytes [b8, C9, CE, 30, 5C, 00, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\system32\WS2_32.dll!WSASocketW 000007fdb8ce24d0 12 bytes [48, B8, 09, AA, 30, 5C, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\system32\WS2_32.dll!socket + 1 000007fdb8ce2a91 11 bytes [b8, 89, C9, 30, 5C, 00, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\system32\WS2_32.dll!send + 1 000007fdb8ce3051 11 bytes [b8, 49, A8, 30, 5C, 00, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 000007fdb8ce3930 12 bytes [48, B8, 09, 95, 30, 5C, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\system32\WS2_32.dll!connect 000007fdb8ce4940 12 bytes [48, B8, 09, 5D, 30, 5C, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\system32\WS2_32.dll!gethostbyname 000007fdb8cee910 7 bytes [48, B8, C9, 96, 30, 5C, 00] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\system32\WS2_32.dll!gethostbyname + 9 000007fdb8cee919 3 bytes [00, 50, C3] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\system32\WS2_32.dll!WSASend + 1 000007fdb8cf2e81 11 bytes [b8, 89, AD, 30, 5C, 00, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\system32\WS2_32.dll!WSARecv + 1 000007fdb8cf3141 11 bytes [b8, 89, D0, 30, 5C, 00, 00, ...] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\system32\WS2_32.dll!WSAConnect + 1 000007fdb8cf76e1 11 bytes [b8, 09, CD, 30, 5C, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 000007fdb9a32c60 6 bytes [48, B8, 09, DB, 30, 5C] .text C:\Windows\system32\svchost.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 000007fdb9a32c68 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000007fdb9a32cd0 6 bytes [48, B8, 49, C4, 30, 5C] .text C:\Windows\system32\svchost.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 000007fdb9a32cd8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000007fdb9a32da0 6 bytes [48, B8, 09, B1, 30, 5C] .text C:\Windows\system32\svchost.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 000007fdb9a32da8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fdb9a32e40 6 bytes [48, B8, C9, 2D, 30, 5C] .text C:\Windows\system32\svchost.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 000007fdb9a32e48 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000007fdb9a32e60 6 bytes [48, B8, C9, 18, 30, 5C] .text C:\Windows\system32\svchost.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000007fdb9a32e68 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000007fdb9a32e80 6 bytes [48, B8, 89, 1A, 30, 5C] .text C:\Windows\system32\svchost.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 000007fdb9a32e88 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fdb9a32ea0 6 bytes [48, B8, 49, AF, 30, 5C] .text C:\Windows\system32\svchost.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 000007fdb9a32ea8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fdb9a32f50 6 bytes [48, B8, 89, D7, 30, 5C] .text C:\Windows\system32\svchost.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 000007fdb9a32f58 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fdb9a32f80 6 bytes [48, B8, 49, 2A, 30, 5C] .text C:\Windows\system32\svchost.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 000007fdb9a32f88 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fdb9a32fa0 6 bytes [48, B8, 49, 31, 30, 5C] .text C:\Windows\system32\svchost.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 000007fdb9a32fa8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000007fdb9a33030 6 bytes [48, B8, 89, 2F, 30, 5C] .text C:\Windows\system32\svchost.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 000007fdb9a33038 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fdb9a33080 6 bytes [48, B8, C9, DC, 30, 5C] .text C:\Windows\system32\svchost.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 000007fdb9a33088 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 000007fdb9a330b0 6 bytes [48, B8, C9, 26, 30, 5C] .text C:\Windows\system32\svchost.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 000007fdb9a330b8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fdb9a330c0 6 bytes [48, B8, 49, 23, 30, 5C] .text C:\Windows\system32\svchost.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 000007fdb9a330c8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000007fdb9a33130 6 bytes [48, B8, 49, D9, 30, 5C] .text C:\Windows\system32\svchost.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000007fdb9a33138 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000007fdb9a331e1 6 bytes [48, B8, 49, E0, 30, 5C] .text C:\Windows\system32\svchost.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 000007fdb9a331e9 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fdb9a33641 6 bytes [48, B8, C9, D5, 30, 5C] .text C:\Windows\system32\svchost.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 000007fdb9a33649 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 000007fdb9a33691 6 bytes [48, B8, 09, 25, 30, 5C] .text C:\Windows\system32\svchost.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 000007fdb9a33699 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fdb9a336f1 6 bytes [48, B8, 89, 21, 30, 5C] .text C:\Windows\system32\svchost.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 000007fdb9a336f9 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fdb9a33ae1 6 bytes [48, B8, 09, C6, 30, 5C] .text C:\Windows\system32\svchost.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 000007fdb9a33ae9 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 000007fdb9a34041 6 bytes [48, B8, 09, 72, 30, 5C] .text C:\Windows\system32\svchost.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 000007fdb9a34049 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fdb9a34251 6 bytes [48, B8, 09, 2C, 30, 5C] .text C:\Windows\system32\svchost.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 000007fdb9a34259 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fdb9a34431 6 bytes [48, B8, C9, C7, 30, 5C] .text C:\Windows\system32\svchost.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 000007fdb9a34439 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fdb9a34541 6 bytes [48, B8, 89, DE, 30, 5C] .text C:\Windows\system32\svchost.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 000007fdb9a34549 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 000007fdb9a55bd1 11 bytes [b8, C9, 5E, 30, 5C, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 000007fdb9af3be1 11 bytes [b8, C9, 73, 30, 5C, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2132] C:\Windows\system32\KERNEL32.DLL!GetStartupInfoA + 1 000007fdb8a1d9bd 11 bytes [b8, 09, D4, 30, 5C, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2132] C:\Windows\system32\KERNEL32.DLL!CreateToolhelp32Snapshot 000007fdb8a24260 12 bytes [48, B8, C9, 34, 30, 5C, 00, ...] .text C:\Windows\system32\svchost.exe[2132] C:\Windows\system32\KERNEL32.DLL!Process32NextW 000007fdb8a24814 12 bytes [48, B8, 89, C2, 30, 5C, 00, ...] .text C:\Windows\system32\svchost.exe[2132] C:\Windows\system32\KERNELBASE.dll!CloseHandle 000007fdb6b91580 12 bytes [48, B8, 09, 48, 30, 5C, 00, ...] .text C:\Windows\system32\svchost.exe[2132] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fdb6b928e9 11 bytes [b8, 49, B6, 30, 5C, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2132] C:\Windows\system32\KERNELBASE.dll!CreateMutexW + 1 000007fdb6b93411 11 bytes [b8, 49, 46, 30, 5C, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2132] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fdb6b94541 11 bytes [b8, 09, B8, 30, 5C, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2132] C:\Windows\system32\KERNELBASE.dll!CreateProcessInternalW 000007fdb6b9b970 12 bytes [48, B8, 89, 28, 30, 5C, 00, ...] .text C:\Windows\system32\svchost.exe[2132] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fdb6baf590 12 bytes [48, B8, 89, B4, 30, 5C, 00, ...] .text C:\Windows\system32\svchost.exe[2132] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fdb6baf679 11 bytes [b8, C9, B2, 30, 5C, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2132] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fdb6bbb6dd 11 bytes [b8, 89, 44, 30, 5C, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2132] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory + 1 000007fdb6bf5c01 11 bytes [b8, 49, 38, 30, 5C, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2132] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputW + 1 000007fdb6c2b2ed 11 bytes [b8, C9, 6C, 30, 5C, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2132] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputA + 1 000007fdb6c2b30d 11 bytes [b8, 09, 6B, 30, 5C, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2132] C:\Windows\system32\KERNELBASE.dll!ReadConsoleW 000007fdb6c2bcc0 12 bytes [48, B8, 49, 70, 30, 5C, 00, ...] .text C:\Windows\system32\svchost.exe[2132] C:\Windows\system32\KERNELBASE.dll!ReadConsoleA 000007fdb6c2bd08 12 bytes [48, B8, 89, 6E, 30, 5C, 00, ...] .text C:\Windows\system32\svchost.exe[2132] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread 000007fdb6c3720c 12 bytes [48, B8, C9, 1F, 30, 5C, 00, ...] .text C:\Windows\system32\svchost.exe[2132] C:\Windows\system32\KERNELBASE.dll!CreateThread 000007fdb6c37250 12 bytes [48, B8, 89, 36, 30, 5C, 00, ...] .text C:\Windows\system32\svchost.exe[2132] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fdb73ad138 12 bytes [48, B8, 49, 62, 30, 5C, 00, ...] .text C:\Windows\system32\svchost.exe[2132] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fdb73ad1c0 12 bytes [48, B8, 89, 60, 30, 5C, 00, ...] .text C:\Windows\system32\svchost.exe[2132] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW 000007fdb73ad350 12 bytes [48, B8, 09, 56, 30, 5C, 00, ...] .text C:\Windows\system32\svchost.exe[2132] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007fdb73ad3e8 12 bytes [48, B8, 49, 54, 30, 5C, 00, ...] .text C:\Windows\system32\svchost.exe[2132] C:\Windows\system32\WS2_32.dll!closesocket 000007fdb8ce1cd0 10 bytes [48, B8, C9, AB, 30, 5C, 00, ...] .text C:\Windows\system32\svchost.exe[2132] C:\Windows\system32\WS2_32.dll!closesocket + 11 000007fdb8ce1cdb 1 byte [C3] .text C:\Windows\system32\svchost.exe[2132] C:\Windows\system32\WS2_32.dll!recv + 1 000007fdb8ce1f41 11 bytes [b8, C9, CE, 30, 5C, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2132] C:\Windows\system32\WS2_32.dll!WSASocketW 000007fdb8ce24d0 12 bytes [48, B8, 09, AA, 30, 5C, 00, ...] .text C:\Windows\system32\svchost.exe[2132] C:\Windows\system32\WS2_32.dll!socket + 1 000007fdb8ce2a91 11 bytes [b8, 89, C9, 30, 5C, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2132] C:\Windows\system32\WS2_32.dll!send + 1 000007fdb8ce3051 11 bytes [b8, 49, A8, 30, 5C, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2132] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 000007fdb8ce3930 12 bytes [48, B8, 09, 95, 30, 5C, 00, ...] .text C:\Windows\system32\svchost.exe[2132] C:\Windows\system32\WS2_32.dll!connect 000007fdb8ce4940 12 bytes [48, B8, 09, 5D, 30, 5C, 00, ...] .text C:\Windows\system32\svchost.exe[2132] C:\Windows\system32\WS2_32.dll!gethostbyname 000007fdb8cee910 7 bytes [48, B8, C9, 96, 30, 5C, 00] .text C:\Windows\system32\svchost.exe[2132] C:\Windows\system32\WS2_32.dll!gethostbyname + 9 000007fdb8cee919 3 bytes [00, 50, C3] .text C:\Windows\system32\svchost.exe[2132] C:\Windows\system32\WS2_32.dll!WSASend + 1 000007fdb8cf2e81 11 bytes [b8, 89, AD, 30, 5C, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2132] C:\Windows\system32\WS2_32.dll!WSARecv + 1 000007fdb8cf3141 11 bytes [b8, 89, D0, 30, 5C, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2132] C:\Windows\system32\WS2_32.dll!WSAConnect + 1 000007fdb8cf76e1 11 bytes [b8, 09, CD, 30, 5C, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2132] C:\Windows\system32\USER32.dll!PeekMessageW + 1 000007fdb8b510c1 11 bytes [b8, 49, 69, 30, 5C, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2132] C:\Windows\system32\USER32.dll!CallNextHookEx + 1 000007fdb8b51881 11 bytes [b8, 89, 75, 30, 5C, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2132] C:\Windows\system32\USER32.dll!GetMessageW 000007fdb8b51ed0 12 bytes [48, B8, C9, 65, 30, 5C, 00, ...] .text C:\Windows\system32\svchost.exe[2132] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx 000007fdb8b52120 6 bytes [48, B8, 49, 77, 30, 5C] .text C:\Windows\system32\svchost.exe[2132] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx + 8 000007fdb8b52128 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2132] C:\Windows\system32\USER32.dll!PeekMessageA + 1 000007fdb8b55571 11 bytes [b8, 89, 67, 30, 5C, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2132] C:\Windows\system32\USER32.dll!GetMessageA 000007fdb8b55720 12 bytes [48, B8, 09, 64, 30, 5C, 00, ...] .text C:\Windows\system32\svchost.exe[2132] C:\Windows\system32\USER32.dll!UserClientDllInitialize + 1 000007fdb8b557b1 11 bytes [b8, 89, E5, 30, 5C, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2132] C:\Windows\system32\USER32.dll!SetWindowTextW 000007fdb8b57430 12 bytes [48, B8, 89, A6, 30, 5C, 00, ...] .text C:\Windows\system32\svchost.exe[2132] C:\Windows\system32\USER32.dll!FindWindowW 000007fdb8b5b160 12 bytes [48, B8, 49, BD, 30, 5C, 00, ...] .text C:\Windows\system32\svchost.exe[2132] C:\Windows\system32\USER32.dll!SetWindowsHookExW 000007fdb8b5bee0 12 bytes [48, B8, 09, 1E, 30, 5C, 00, ...] .text C:\Windows\system32\svchost.exe[2132] C:\Windows\system32\USER32.dll!CreateWindowExW + 1 000007fdb8b5c5b1 5 bytes [b8, 89, 98, 30, 5C] .text C:\Windows\system32\svchost.exe[2132] C:\Windows\system32\USER32.dll!CreateWindowExW + 7 000007fdb8b5c5b7 5 bytes [00, 00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2132] C:\Windows\system32\USER32.dll!CreateWindowExA + 1 000007fdb8b66261 5 bytes [b8, 49, 9A, 30, 5C] .text C:\Windows\system32\svchost.exe[2132] C:\Windows\system32\USER32.dll!CreateWindowExA + 7 000007fdb8b66267 5 bytes [00, 00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2132] C:\Windows\system32\USER32.dll!FindWindowExW 000007fdb8b685c0 12 bytes [48, B8, 09, BF, 30, 5C, 00, ...] .text C:\Windows\system32\svchost.exe[2132] C:\Windows\system32\USER32.dll!FindWindowExA + 1 000007fdb8b68aa1 11 bytes [b8, 89, BB, 30, 5C, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2132] C:\Windows\system32\USER32.dll!CreateDialogIndirectParamAorW + 1 000007fdb8b6da61 11 bytes [b8, C9, 9D, 30, 5C, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2132] C:\Windows\system32\USER32.dll!DialogBoxIndirectParamAorW + 1 000007fdb8b7b8e1 11 bytes [b8, 89, 9F, 30, 5C, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2132] C:\Windows\system32\USER32.dll!SetWindowsHookExA + 1 000007fdb8b81851 8 bytes [b8, 49, 1C, 30, 5C, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2132] C:\Windows\system32\USER32.dll!SetWindowsHookExA + 10 000007fdb8b8185a 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[2132] C:\Windows\system32\USER32.dll!MessageBoxExW + 1 000007fdb8bc02ed 11 bytes [b8, 09, A3, 30, 5C, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2132] C:\Windows\system32\USER32.dll!MessageBoxExA + 1 000007fdb8bc0311 11 bytes [b8, 49, A1, 30, 5C, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2132] C:\Windows\system32\USER32.dll!SetWindowTextA + 1 000007fdb8bc8211 11 bytes [b8, C9, A4, 30, 5C, 00, 00, ...] .text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 000007fdb9a32c60 6 bytes [48, B8, 49, E0, 30, 5C] .text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 000007fdb9a32c68 4 bytes [00, 00, 50, C3] .text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000007fdb9a32cd0 6 bytes [48, B8, 49, C4, 30, 5C] .text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 000007fdb9a32cd8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000007fdb9a32da0 6 bytes [48, B8, 09, B1, 30, 5C] .text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 000007fdb9a32da8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fdb9a32e40 6 bytes [48, B8, C9, 2D, 30, 5C] .text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 000007fdb9a32e48 4 bytes [00, 00, 50, C3] .text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000007fdb9a32e60 6 bytes [48, B8, C9, 18, 30, 5C] .text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000007fdb9a32e68 4 bytes [00, 00, 50, C3] .text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000007fdb9a32e80 6 bytes [48, B8, 89, 1A, 30, 5C] .text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 000007fdb9a32e88 4 bytes [00, 00, 50, C3] .text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fdb9a32ea0 6 bytes [48, B8, 49, AF, 30, 5C] .text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 000007fdb9a32ea8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fdb9a32f50 6 bytes [48, B8, C9, DC, 30, 5C] .text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 000007fdb9a32f58 4 bytes [00, 00, 50, C3] .text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fdb9a32f80 6 bytes [48, B8, 49, 2A, 30, 5C] .text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 000007fdb9a32f88 4 bytes [00, 00, 50, C3] .text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fdb9a32fa0 6 bytes [48, B8, 49, 31, 30, 5C] .text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 000007fdb9a32fa8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000007fdb9a33030 6 bytes [48, B8, 89, 2F, 30, 5C] .text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 000007fdb9a33038 4 bytes [00, 00, 50, C3] .text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fdb9a33080 6 bytes [48, B8, 09, E2, 30, 5C] .text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 000007fdb9a33088 4 bytes [00, 00, 50, C3] .text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 000007fdb9a330b0 6 bytes [48, B8, C9, 26, 30, 5C] .text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 000007fdb9a330b8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fdb9a330c0 6 bytes [48, B8, 49, 23, 30, 5C] .text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 000007fdb9a330c8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000007fdb9a33130 6 bytes [48, B8, 89, DE, 30, 5C] .text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000007fdb9a33138 4 bytes [00, 00, 50, C3] .text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000007fdb9a331e1 6 bytes [48, B8, 89, E5, 30, 5C] .text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 000007fdb9a331e9 4 bytes [00, 00, 50, C3] .text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fdb9a33641 6 bytes [48, B8, 09, DB, 30, 5C] .text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 000007fdb9a33649 4 bytes [00, 00, 50, C3] .text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 000007fdb9a33691 6 bytes [48, B8, 09, 25, 30, 5C] .text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 000007fdb9a33699 4 bytes [00, 00, 50, C3] .text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fdb9a336f1 6 bytes [48, B8, 89, 21, 30, 5C] .text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 000007fdb9a336f9 4 bytes [00, 00, 50, C3] .text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fdb9a33ae1 6 bytes [48, B8, 09, C6, 30, 5C] .text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 000007fdb9a33ae9 4 bytes [00, 00, 50, C3] .text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 000007fdb9a34041 6 bytes [48, B8, 09, 72, 30, 5C] .text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 000007fdb9a34049 4 bytes [00, 00, 50, C3] .text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fdb9a34251 6 bytes [48, B8, 09, 2C, 30, 5C] .text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 000007fdb9a34259 4 bytes [00, 00, 50, C3] .text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fdb9a34431 6 bytes [48, B8, C9, C7, 30, 5C] .text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 000007fdb9a34439 4 bytes [00, 00, 50, C3] .text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fdb9a34541 6 bytes [48, B8, C9, E3, 30, 5C] .text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 000007fdb9a34549 4 bytes [00, 00, 50, C3] .text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fdb9a34651 6 bytes [48, B8, C9, D5, 30, 5C] .text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 000007fdb9a34659 4 bytes [00, 00, 50, C3] .text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 000007fdb9a55bd1 11 bytes [b8, C9, 5E, 30, 5C, 00, 00, ...] .text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 000007fdb9af3be1 11 bytes [b8, C9, 73, 30, 5C, 00, 00, ...] .text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\system32\KERNEL32.DLL!GetStartupInfoA + 1 000007fdb8a1d9bd 11 bytes [b8, 09, D4, 30, 5C, 00, 00, ...] .text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\system32\KERNEL32.DLL!CreateToolhelp32Snapshot 000007fdb8a24260 12 bytes [48, B8, C9, 34, 30, 5C, 00, ...] .text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\system32\KERNEL32.DLL!Process32NextW 000007fdb8a24814 12 bytes [48, B8, 89, C2, 30, 5C, 00, ...] .text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\system32\KERNELBASE.dll!CloseHandle 000007fdb6b91580 12 bytes [48, B8, 09, 48, 30, 5C, 00, ...] .text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fdb6b928e9 11 bytes [b8, 49, B6, 30, 5C, 00, 00, ...] .text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\system32\KERNELBASE.dll!CreateMutexW + 1 000007fdb6b93411 11 bytes [b8, 49, 46, 30, 5C, 00, 00, ...] .text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fdb6b94541 11 bytes [b8, 09, B8, 30, 5C, 00, 00, ...] .text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\system32\KERNELBASE.dll!CreateProcessInternalW 000007fdb6b9b970 12 bytes [48, B8, 89, 28, 30, 5C, 00, ...] .text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fdb6baf590 12 bytes [48, B8, 89, B4, 30, 5C, 00, ...] .text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fdb6baf679 11 bytes [b8, C9, B2, 30, 5C, 00, 00, ...] .text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fdb6bbb6dd 11 bytes [b8, 89, 44, 30, 5C, 00, 00, ...] .text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory + 1 000007fdb6bf5c01 11 bytes [b8, 49, 38, 30, 5C, 00, 00, ...] .text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputW + 1 000007fdb6c2b2ed 11 bytes [b8, C9, 6C, 30, 5C, 00, 00, ...] .text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputA + 1 000007fdb6c2b30d 11 bytes [b8, 09, 6B, 30, 5C, 00, 00, ...] .text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\system32\KERNELBASE.dll!ReadConsoleW 000007fdb6c2bcc0 12 bytes [48, B8, 49, 70, 30, 5C, 00, ...] .text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\system32\KERNELBASE.dll!ReadConsoleA 000007fdb6c2bd08 12 bytes [48, B8, 89, 6E, 30, 5C, 00, ...] .text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread 000007fdb6c3720c 12 bytes [48, B8, C9, 1F, 30, 5C, 00, ...] .text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\system32\KERNELBASE.dll!CreateThread 000007fdb6c37250 12 bytes [48, B8, 89, 36, 30, 5C, 00, ...] .text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\system32\WS2_32.dll!closesocket 000007fdb8ce1cd0 10 bytes [48, B8, C9, AB, 30, 5C, 00, ...] .text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\system32\WS2_32.dll!closesocket + 11 000007fdb8ce1cdb 1 byte [C3] .text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\system32\WS2_32.dll!recv + 1 000007fdb8ce1f41 11 bytes [b8, C9, CE, 30, 5C, 00, 00, ...] .text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\system32\WS2_32.dll!WSASocketW 000007fdb8ce24d0 12 bytes [48, B8, 09, AA, 30, 5C, 00, ...] .text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\system32\WS2_32.dll!socket + 1 000007fdb8ce2a91 11 bytes [b8, 89, C9, 30, 5C, 00, 00, ...] .text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\system32\WS2_32.dll!send + 1 000007fdb8ce3051 11 bytes [b8, 49, A8, 30, 5C, 00, 00, ...] .text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 000007fdb8ce3930 12 bytes [48, B8, 09, 95, 30, 5C, 00, ...] .text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\system32\WS2_32.dll!connect 000007fdb8ce4940 12 bytes [48, B8, 09, 5D, 30, 5C, 00, ...] .text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\system32\WS2_32.dll!gethostbyname 000007fdb8cee910 7 bytes [48, B8, C9, 96, 30, 5C, 00] .text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\system32\WS2_32.dll!gethostbyname + 9 000007fdb8cee919 3 bytes [00, 50, C3] .text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\system32\WS2_32.dll!WSASend + 1 000007fdb8cf2e81 11 bytes [b8, 89, AD, 30, 5C, 00, 00, ...] .text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\system32\WS2_32.dll!WSARecv + 1 000007fdb8cf3141 11 bytes [b8, 89, D0, 30, 5C, 00, 00, ...] .text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\system32\WS2_32.dll!WSAConnect + 1 000007fdb8cf76e1 11 bytes [b8, 09, CD, 30, 5C, 00, 00, ...] .text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\system32\USER32.dll!PeekMessageW + 1 000007fdb8b510c1 11 bytes [b8, 49, 69, 30, 5C, 00, 00, ...] .text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\system32\USER32.dll!CallNextHookEx + 1 000007fdb8b51881 11 bytes [b8, 89, 75, 30, 5C, 00, 00, ...] .text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\system32\USER32.dll!GetMessageW 000007fdb8b51ed0 12 bytes [48, B8, C9, 65, 30, 5C, 00, ...] .text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx 000007fdb8b52120 6 bytes [48, B8, 49, 77, 30, 5C] .text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx + 8 000007fdb8b52128 4 bytes [00, 00, 50, C3] .text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\system32\USER32.dll!PostMessageW + 1 000007fdb8b524a1 11 bytes [b8, 49, D9, 30, 5C, 00, 00, ...] .text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\system32\USER32.dll!PeekMessageA + 1 000007fdb8b55571 11 bytes [b8, 89, 67, 30, 5C, 00, 00, ...] .text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\system32\USER32.dll!GetMessageA 000007fdb8b55720 12 bytes [48, B8, 09, 64, 30, 5C, 00, ...] .text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\system32\USER32.dll!UserClientDllInitialize + 1 000007fdb8b557b1 11 bytes [b8, 09, E9, 30, 5C, 00, 00, ...] .text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\system32\USER32.dll!SetWindowTextW 000007fdb8b57430 12 bytes [48, B8, 89, A6, 30, 5C, 00, ...] .text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\system32\USER32.dll!FindWindowW 000007fdb8b5b160 12 bytes [48, B8, 49, BD, 30, 5C, 00, ...] .text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\system32\USER32.dll!SetWindowsHookExW 000007fdb8b5bee0 12 bytes [48, B8, 09, 1E, 30, 5C, 00, ...] .text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\system32\USER32.dll!CreateWindowExW + 1 000007fdb8b5c5b1 5 bytes [b8, 89, 98, 30, 5C] .text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\system32\USER32.dll!CreateWindowExW + 7 000007fdb8b5c5b7 5 bytes [00, 00, 00, 50, C3] .text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\system32\USER32.dll!PostMessageA + 1 000007fdb8b65061 11 bytes [b8, 89, D7, 30, 5C, 00, 00, ...] .text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\system32\USER32.dll!CreateWindowExA + 1 000007fdb8b66261 5 bytes [b8, 49, 9A, 30, 5C] .text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\system32\USER32.dll!CreateWindowExA + 7 000007fdb8b66267 5 bytes [00, 00, 00, 50, C3] .text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\system32\USER32.dll!FindWindowExW 000007fdb8b685c0 12 bytes [48, B8, 09, BF, 30, 5C, 00, ...] .text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\system32\USER32.dll!FindWindowExA + 1 000007fdb8b68aa1 11 bytes [b8, 89, BB, 30, 5C, 00, 00, ...] .text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\system32\USER32.dll!CreateDialogIndirectParamAorW + 1 000007fdb8b6da61 11 bytes [b8, C9, 9D, 30, 5C, 00, 00, ...] .text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\system32\USER32.dll!DialogBoxIndirectParamAorW + 1 000007fdb8b7b8e1 11 bytes [b8, 89, 9F, 30, 5C, 00, 00, ...] .text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\system32\USER32.dll!SetWindowsHookExA + 1 000007fdb8b81851 8 bytes [b8, 49, 1C, 30, 5C, 00, 00, ...] .text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\system32\USER32.dll!SetWindowsHookExA + 10 000007fdb8b8185a 2 bytes [50, C3] .text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\system32\USER32.dll!MessageBoxExW + 1 000007fdb8bc02ed 11 bytes [b8, 09, A3, 30, 5C, 00, 00, ...] .text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\system32\USER32.dll!MessageBoxExA + 1 000007fdb8bc0311 11 bytes [b8, 49, A1, 30, 5C, 00, 00, ...] .text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\system32\USER32.dll!SetWindowTextA + 1 000007fdb8bc8211 11 bytes [b8, C9, A4, 30, 5C, 00, 00, ...] .text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fdb73ad138 12 bytes [48, B8, 49, 62, 30, 5C, 00, ...] .text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fdb73ad1c0 12 bytes [48, B8, 89, 60, 30, 5C, 00, ...] .text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW 000007fdb73ad350 12 bytes [48, B8, 09, 56, 30, 5C, 00, ...] .text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007fdb73ad3e8 12 bytes [48, B8, 49, 54, 30, 5C, 00, ...] .text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 000007fdb9a32c60 6 bytes [48, B8, 49, E0, 30, 5C] .text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 000007fdb9a32c68 4 bytes [00, 00, 50, C3] .text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000007fdb9a32cd0 6 bytes [48, B8, 49, C4, 30, 5C] .text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 000007fdb9a32cd8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000007fdb9a32da0 6 bytes [48, B8, 09, B1, 30, 5C] .text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 000007fdb9a32da8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fdb9a32e40 6 bytes [48, B8, C9, 2D, 30, 5C] .text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 000007fdb9a32e48 4 bytes [00, 00, 50, C3] .text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000007fdb9a32e60 6 bytes [48, B8, C9, 18, 30, 5C] .text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000007fdb9a32e68 4 bytes [00, 00, 50, C3] .text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000007fdb9a32e80 6 bytes [48, B8, 89, 1A, 30, 5C] .text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 000007fdb9a32e88 4 bytes [00, 00, 50, C3] .text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fdb9a32ea0 6 bytes [48, B8, 49, AF, 30, 5C] .text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 000007fdb9a32ea8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fdb9a32f50 6 bytes [48, B8, C9, DC, 30, 5C] .text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 000007fdb9a32f58 4 bytes [00, 00, 50, C3] .text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fdb9a32f80 6 bytes [48, B8, 49, 2A, 30, 5C] .text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 000007fdb9a32f88 4 bytes [00, 00, 50, C3] .text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fdb9a32fa0 6 bytes [48, B8, 49, 31, 30, 5C] .text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 000007fdb9a32fa8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000007fdb9a33030 6 bytes [48, B8, 89, 2F, 30, 5C] .text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 000007fdb9a33038 4 bytes [00, 00, 50, C3] .text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fdb9a33080 6 bytes [48, B8, 09, E2, 30, 5C] .text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 000007fdb9a33088 4 bytes [00, 00, 50, C3] .text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 000007fdb9a330b0 6 bytes [48, B8, C9, 26, 30, 5C] .text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 000007fdb9a330b8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fdb9a330c0 6 bytes [48, B8, 49, 23, 30, 5C] .text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 000007fdb9a330c8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000007fdb9a33130 6 bytes [48, B8, 89, DE, 30, 5C] .text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000007fdb9a33138 4 bytes [00, 00, 50, C3] .text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000007fdb9a331e1 6 bytes [48, B8, 89, E5, 30, 5C] .text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 000007fdb9a331e9 4 bytes [00, 00, 50, C3] .text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fdb9a33641 6 bytes [48, B8, 09, DB, 30, 5C] .text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 000007fdb9a33649 4 bytes [00, 00, 50, C3] .text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 000007fdb9a33691 6 bytes [48, B8, 09, 25, 30, 5C] .text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 000007fdb9a33699 4 bytes [00, 00, 50, C3] .text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fdb9a336f1 6 bytes [48, B8, 89, 21, 30, 5C] .text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 000007fdb9a336f9 4 bytes [00, 00, 50, C3] .text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fdb9a33ae1 6 bytes [48, B8, 09, C6, 30, 5C] .text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 000007fdb9a33ae9 4 bytes [00, 00, 50, C3] .text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 000007fdb9a34041 6 bytes [48, B8, 09, 72, 30, 5C] .text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 000007fdb9a34049 4 bytes [00, 00, 50, C3] .text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fdb9a34251 6 bytes [48, B8, 09, 2C, 30, 5C] .text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 000007fdb9a34259 4 bytes [00, 00, 50, C3] .text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fdb9a34431 6 bytes [48, B8, C9, C7, 30, 5C] .text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 000007fdb9a34439 4 bytes [00, 00, 50, C3] .text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fdb9a34541 6 bytes [48, B8, C9, E3, 30, 5C] .text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 000007fdb9a34549 4 bytes [00, 00, 50, C3] .text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fdb9a34651 6 bytes [48, B8, C9, D5, 30, 5C] .text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 000007fdb9a34659 4 bytes [00, 00, 50, C3] .text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 000007fdb9a55bd1 11 bytes [b8, C9, 5E, 30, 5C, 00, 00, ...] .text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 000007fdb9af3be1 11 bytes [b8, C9, 73, 30, 5C, 00, 00, ...] .text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\system32\KERNEL32.DLL!GetStartupInfoA + 1 000007fdb8a1d9bd 11 bytes [b8, 09, D4, 30, 5C, 00, 00, ...] .text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\system32\KERNEL32.DLL!CreateToolhelp32Snapshot 000007fdb8a24260 12 bytes [48, B8, C9, 34, 30, 5C, 00, ...] .text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\system32\KERNEL32.DLL!Process32NextW 000007fdb8a24814 12 bytes [48, B8, 89, C2, 30, 5C, 00, ...] .text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\system32\KERNELBASE.dll!CloseHandle 000007fdb6b91580 12 bytes [48, B8, 09, 48, 30, 5C, 00, ...] .text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fdb6b928e9 11 bytes [b8, 49, B6, 30, 5C, 00, 00, ...] .text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\system32\KERNELBASE.dll!CreateMutexW + 1 000007fdb6b93411 11 bytes [b8, 49, 46, 30, 5C, 00, 00, ...] .text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fdb6b94541 11 bytes [b8, 09, B8, 30, 5C, 00, 00, ...] .text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\system32\KERNELBASE.dll!CreateProcessInternalW 000007fdb6b9b970 12 bytes [48, B8, 89, 28, 30, 5C, 00, ...] .text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fdb6baf590 12 bytes [48, B8, 89, B4, 30, 5C, 00, ...] .text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fdb6baf679 11 bytes [b8, C9, B2, 30, 5C, 00, 00, ...] .text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fdb6bbb6dd 11 bytes [b8, 89, 44, 30, 5C, 00, 00, ...] .text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory + 1 000007fdb6bf5c01 11 bytes [b8, 49, 38, 30, 5C, 00, 00, ...] .text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputW + 1 000007fdb6c2b2ed 11 bytes [b8, C9, 6C, 30, 5C, 00, 00, ...] .text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputA + 1 000007fdb6c2b30d 11 bytes [b8, 09, 6B, 30, 5C, 00, 00, ...] .text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\system32\KERNELBASE.dll!ReadConsoleW 000007fdb6c2bcc0 12 bytes [48, B8, 49, 70, 30, 5C, 00, ...] .text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\system32\KERNELBASE.dll!ReadConsoleA 000007fdb6c2bd08 12 bytes [48, B8, 89, 6E, 30, 5C, 00, ...] .text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread 000007fdb6c3720c 12 bytes [48, B8, C9, 1F, 30, 5C, 00, ...] .text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\system32\KERNELBASE.dll!CreateThread 000007fdb6c37250 12 bytes [48, B8, 89, 36, 30, 5C, 00, ...] .text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fdb73ad138 12 bytes [48, B8, 49, 62, 30, 5C, 00, ...] .text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fdb73ad1c0 12 bytes [48, B8, 89, 60, 30, 5C, 00, ...] .text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW 000007fdb73ad350 12 bytes [48, B8, 09, 56, 30, 5C, 00, ...] .text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007fdb73ad3e8 12 bytes [48, B8, 49, 54, 30, 5C, 00, ...] .text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\system32\WS2_32.dll!closesocket 000007fdb8ce1cd0 10 bytes [48, B8, C9, AB, 30, 5C, 00, ...] .text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\system32\WS2_32.dll!closesocket + 11 000007fdb8ce1cdb 1 byte [C3] .text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\system32\WS2_32.dll!recv + 1 000007fdb8ce1f41 11 bytes [b8, C9, CE, 30, 5C, 00, 00, ...] .text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\system32\WS2_32.dll!WSASocketW 000007fdb8ce24d0 12 bytes [48, B8, 09, AA, 30, 5C, 00, ...] .text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\system32\WS2_32.dll!socket + 1 000007fdb8ce2a91 11 bytes [b8, 89, C9, 30, 5C, 00, 00, ...] .text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\system32\WS2_32.dll!send + 1 000007fdb8ce3051 11 bytes [b8, 49, A8, 30, 5C, 00, 00, ...] .text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 000007fdb8ce3930 12 bytes [48, B8, 09, 95, 30, 5C, 00, ...] .text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\system32\WS2_32.dll!connect 000007fdb8ce4940 12 bytes [48, B8, 09, 5D, 30, 5C, 00, ...] .text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\system32\WS2_32.dll!gethostbyname 000007fdb8cee910 7 bytes [48, B8, C9, 96, 30, 5C, 00] .text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\system32\WS2_32.dll!gethostbyname + 9 000007fdb8cee919 3 bytes [00, 50, C3] .text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\system32\WS2_32.dll!WSASend + 1 000007fdb8cf2e81 11 bytes [b8, 89, AD, 30, 5C, 00, 00, ...] .text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\system32\WS2_32.dll!WSARecv + 1 000007fdb8cf3141 11 bytes [b8, 89, D0, 30, 5C, 00, 00, ...] .text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\system32\WS2_32.dll!WSAConnect + 1 000007fdb8cf76e1 11 bytes [b8, 09, CD, 30, 5C, 00, 00, ...] .text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\system32\USER32.dll!PeekMessageW + 1 000007fdb8b510c1 11 bytes [b8, 49, 69, 30, 5C, 00, 00, ...] .text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\system32\USER32.dll!CallNextHookEx + 1 000007fdb8b51881 11 bytes [b8, 89, 75, 30, 5C, 00, 00, ...] .text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\system32\USER32.dll!GetMessageW 000007fdb8b51ed0 12 bytes [48, B8, C9, 65, 30, 5C, 00, ...] .text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx 000007fdb8b52120 6 bytes [48, B8, 49, 77, 30, 5C] .text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx + 8 000007fdb8b52128 4 bytes [00, 00, 50, C3] .text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\system32\USER32.dll!PostMessageW + 1 000007fdb8b524a1 11 bytes [b8, 49, D9, 30, 5C, 00, 00, ...] .text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\system32\USER32.dll!PeekMessageA + 1 000007fdb8b55571 11 bytes [b8, 89, 67, 30, 5C, 00, 00, ...] .text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\system32\USER32.dll!GetMessageA 000007fdb8b55720 12 bytes [48, B8, 09, 64, 30, 5C, 00, ...] .text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\system32\USER32.dll!UserClientDllInitialize + 1 000007fdb8b557b1 11 bytes [b8, C9, EA, 30, 5C, 00, 00, ...] .text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\system32\USER32.dll!SetWindowTextW 000007fdb8b57430 12 bytes [48, B8, 89, A6, 30, 5C, 00, ...] .text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\system32\USER32.dll!FindWindowW 000007fdb8b5b160 12 bytes [48, B8, 49, BD, 30, 5C, 00, ...] .text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\system32\USER32.dll!SetWindowsHookExW 000007fdb8b5bee0 12 bytes [48, B8, 09, 1E, 30, 5C, 00, ...] .text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\system32\USER32.dll!CreateWindowExW + 1 000007fdb8b5c5b1 5 bytes [b8, 89, 98, 30, 5C] .text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\system32\USER32.dll!CreateWindowExW + 7 000007fdb8b5c5b7 5 bytes [00, 00, 00, 50, C3] .text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\system32\USER32.dll!PostMessageA + 1 000007fdb8b65061 11 bytes [b8, 89, D7, 30, 5C, 00, 00, ...] .text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\system32\USER32.dll!CreateWindowExA + 1 000007fdb8b66261 5 bytes [b8, 49, 9A, 30, 5C] .text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\system32\USER32.dll!CreateWindowExA + 7 000007fdb8b66267 5 bytes [00, 00, 00, 50, C3] .text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\system32\USER32.dll!FindWindowExW 000007fdb8b685c0 12 bytes [48, B8, 09, BF, 30, 5C, 00, ...] .text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\system32\USER32.dll!FindWindowExA + 1 000007fdb8b68aa1 11 bytes [b8, 89, BB, 30, 5C, 00, 00, ...] .text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\system32\USER32.dll!CreateDialogIndirectParamAorW + 1 000007fdb8b6da61 11 bytes [b8, C9, 9D, 30, 5C, 00, 00, ...] .text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\system32\USER32.dll!DialogBoxIndirectParamAorW + 1 000007fdb8b7b8e1 11 bytes [b8, 89, 9F, 30, 5C, 00, 00, ...] .text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\system32\USER32.dll!SetWindowsHookExA + 1 000007fdb8b81851 8 bytes [b8, 49, 1C, 30, 5C, 00, 00, ...] .text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\system32\USER32.dll!SetWindowsHookExA + 10 000007fdb8b8185a 2 bytes [50, C3] .text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\system32\USER32.dll!MessageBoxExW + 1 000007fdb8bc02ed 11 bytes [b8, 09, A3, 30, 5C, 00, 00, ...] .text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\system32\USER32.dll!MessageBoxExA + 1 000007fdb8bc0311 11 bytes [b8, 49, A1, 30, 5C, 00, 00, ...] .text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\system32\USER32.dll!SetWindowTextA + 1 000007fdb8bc8211 11 bytes [b8, C9, A4, 30, 5C, 00, 00, ...] .text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\system32\urlmon.dll!URLDownloadToCacheFileW 000007fdb70e12f0 12 bytes [48, B8, 49, 5B, 30, 5C, 00, ...] .text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\system32\urlmon.dll!URLDownloadToFileW + 1 000007fdb70fba59 11 bytes [b8, 89, 59, 30, 5C, 00, 00, ...] .text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\system32\SHELL32.dll!Shell_NotifyIconW + 1 000007fdb75dd181 11 bytes [b8, 09, 79, 30, 5C, 00, 00, ...] .text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fdb91d177a 4 bytes [1D, B9, FD, 07] .text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fdb91d1782 4 bytes [1D, B9, FD, 07] .text C:\Windows\system32\svchost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 000007fdb9a32c60 6 bytes [48, B8, 09, DB, 30, 5C] .text C:\Windows\system32\svchost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 000007fdb9a32c68 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000007fdb9a32cd0 6 bytes [48, B8, 49, C4, 30, 5C] .text C:\Windows\system32\svchost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 000007fdb9a32cd8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000007fdb9a32da0 6 bytes [48, B8, 09, B1, 30, 5C] .text C:\Windows\system32\svchost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 000007fdb9a32da8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fdb9a32e40 6 bytes [48, B8, C9, 2D, 30, 5C] .text C:\Windows\system32\svchost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 000007fdb9a32e48 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000007fdb9a32e60 6 bytes [48, B8, C9, 18, 30, 5C] .text C:\Windows\system32\svchost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000007fdb9a32e68 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000007fdb9a32e80 6 bytes [48, B8, 89, 1A, 30, 5C] .text C:\Windows\system32\svchost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 000007fdb9a32e88 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fdb9a32ea0 6 bytes [48, B8, 49, AF, 30, 5C] .text C:\Windows\system32\svchost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 000007fdb9a32ea8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fdb9a32f50 6 bytes [48, B8, 89, D7, 30, 5C] .text C:\Windows\system32\svchost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 000007fdb9a32f58 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fdb9a32f80 6 bytes [48, B8, 49, 2A, 30, 5C] .text C:\Windows\system32\svchost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 000007fdb9a32f88 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fdb9a32fa0 6 bytes [48, B8, 49, 31, 30, 5C] .text C:\Windows\system32\svchost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 000007fdb9a32fa8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000007fdb9a33030 6 bytes [48, B8, 89, 2F, 30, 5C] .text C:\Windows\system32\svchost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 000007fdb9a33038 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fdb9a33080 6 bytes [48, B8, C9, DC, 30, 5C] .text C:\Windows\system32\svchost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 000007fdb9a33088 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 000007fdb9a330b0 6 bytes [48, B8, C9, 26, 30, 5C] .text C:\Windows\system32\svchost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 000007fdb9a330b8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fdb9a330c0 6 bytes [48, B8, 49, 23, 30, 5C] .text C:\Windows\system32\svchost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 000007fdb9a330c8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000007fdb9a33130 6 bytes [48, B8, 49, D9, 30, 5C] .text C:\Windows\system32\svchost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000007fdb9a33138 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000007fdb9a331e1 6 bytes [48, B8, 49, E0, 30, 5C] .text C:\Windows\system32\svchost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 000007fdb9a331e9 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fdb9a33641 6 bytes [48, B8, C9, D5, 30, 5C] .text C:\Windows\system32\svchost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 000007fdb9a33649 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 000007fdb9a33691 6 bytes [48, B8, 09, 25, 30, 5C] .text C:\Windows\system32\svchost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 000007fdb9a33699 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fdb9a336f1 6 bytes [48, B8, 89, 21, 30, 5C] .text C:\Windows\system32\svchost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 000007fdb9a336f9 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fdb9a33ae1 6 bytes [48, B8, 09, C6, 30, 5C] .text C:\Windows\system32\svchost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 000007fdb9a33ae9 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 000007fdb9a34041 6 bytes [48, B8, 09, 72, 30, 5C] .text C:\Windows\system32\svchost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 000007fdb9a34049 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fdb9a34251 6 bytes [48, B8, 09, 2C, 30, 5C] .text C:\Windows\system32\svchost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 000007fdb9a34259 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fdb9a34431 6 bytes [48, B8, C9, C7, 30, 5C] .text C:\Windows\system32\svchost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 000007fdb9a34439 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fdb9a34541 6 bytes [48, B8, 89, DE, 30, 5C] .text C:\Windows\system32\svchost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 000007fdb9a34549 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 000007fdb9a55bd1 11 bytes [b8, C9, 5E, 30, 5C, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 000007fdb9af3be1 11 bytes [b8, C9, 73, 30, 5C, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2472] C:\Windows\system32\KERNEL32.DLL!GetStartupInfoA + 1 000007fdb8a1d9bd 11 bytes [b8, 09, D4, 30, 5C, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2472] C:\Windows\system32\KERNEL32.DLL!CreateToolhelp32Snapshot 000007fdb8a24260 12 bytes [48, B8, C9, 34, 30, 5C, 00, ...] .text C:\Windows\system32\svchost.exe[2472] C:\Windows\system32\KERNEL32.DLL!Process32NextW 000007fdb8a24814 12 bytes [48, B8, 89, C2, 30, 5C, 00, ...] .text C:\Windows\system32\svchost.exe[2472] C:\Windows\system32\KERNELBASE.dll!CloseHandle 000007fdb6b91580 12 bytes [48, B8, 09, 48, 30, 5C, 00, ...] .text C:\Windows\system32\svchost.exe[2472] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fdb6b928e9 11 bytes [b8, 49, B6, 30, 5C, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2472] C:\Windows\system32\KERNELBASE.dll!CreateMutexW + 1 000007fdb6b93411 11 bytes [b8, 49, 46, 30, 5C, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2472] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fdb6b94541 11 bytes [b8, 09, B8, 30, 5C, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2472] C:\Windows\system32\KERNELBASE.dll!CreateProcessInternalW 000007fdb6b9b970 12 bytes [48, B8, 89, 28, 30, 5C, 00, ...] .text C:\Windows\system32\svchost.exe[2472] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fdb6baf590 12 bytes [48, B8, 89, B4, 30, 5C, 00, ...] .text C:\Windows\system32\svchost.exe[2472] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fdb6baf679 11 bytes [b8, C9, B2, 30, 5C, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2472] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fdb6bbb6dd 11 bytes [b8, 89, 44, 30, 5C, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2472] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory + 1 000007fdb6bf5c01 11 bytes [b8, 49, 38, 30, 5C, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2472] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputW + 1 000007fdb6c2b2ed 11 bytes [b8, C9, 6C, 30, 5C, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2472] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputA + 1 000007fdb6c2b30d 11 bytes [b8, 09, 6B, 30, 5C, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2472] C:\Windows\system32\KERNELBASE.dll!ReadConsoleW 000007fdb6c2bcc0 12 bytes [48, B8, 49, 70, 30, 5C, 00, ...] .text C:\Windows\system32\svchost.exe[2472] C:\Windows\system32\KERNELBASE.dll!ReadConsoleA 000007fdb6c2bd08 12 bytes [48, B8, 89, 6E, 30, 5C, 00, ...] .text C:\Windows\system32\svchost.exe[2472] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread 000007fdb6c3720c 12 bytes [48, B8, C9, 1F, 30, 5C, 00, ...] .text C:\Windows\system32\svchost.exe[2472] C:\Windows\system32\KERNELBASE.dll!CreateThread 000007fdb6c37250 12 bytes [48, B8, 89, 36, 30, 5C, 00, ...] .text C:\Windows\system32\svchost.exe[2472] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fdb73ad138 12 bytes [48, B8, 49, 62, 30, 5C, 00, ...] .text C:\Windows\system32\svchost.exe[2472] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fdb73ad1c0 12 bytes [48, B8, 89, 60, 30, 5C, 00, ...] .text C:\Windows\system32\svchost.exe[2472] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW 000007fdb73ad350 12 bytes [48, B8, 09, 56, 30, 5C, 00, ...] .text C:\Windows\system32\svchost.exe[2472] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007fdb73ad3e8 12 bytes [48, B8, 49, 54, 30, 5C, 00, ...] .text C:\Windows\system32\svchost.exe[2472] C:\Windows\system32\USER32.dll!PeekMessageW + 1 000007fdb8b510c1 11 bytes [b8, 49, 69, 30, 5C, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2472] C:\Windows\system32\USER32.dll!CallNextHookEx + 1 000007fdb8b51881 11 bytes [b8, 89, 75, 30, 5C, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2472] C:\Windows\system32\USER32.dll!GetMessageW 000007fdb8b51ed0 12 bytes [48, B8, C9, 65, 30, 5C, 00, ...] .text C:\Windows\system32\svchost.exe[2472] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx 000007fdb8b52120 6 bytes [48, B8, 49, 77, 30, 5C] .text C:\Windows\system32\svchost.exe[2472] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx + 8 000007fdb8b52128 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2472] C:\Windows\system32\USER32.dll!PeekMessageA + 1 000007fdb8b55571 11 bytes [b8, 89, 67, 30, 5C, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2472] C:\Windows\system32\USER32.dll!GetMessageA 000007fdb8b55720 12 bytes [48, B8, 09, 64, 30, 5C, 00, ...] .text C:\Windows\system32\svchost.exe[2472] C:\Windows\system32\USER32.dll!UserClientDllInitialize + 1 000007fdb8b557b1 11 bytes [b8, C9, E3, 30, 5C, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2472] C:\Windows\system32\USER32.dll!SetWindowTextW 000007fdb8b57430 12 bytes [48, B8, 89, A6, 30, 5C, 00, ...] .text C:\Windows\system32\svchost.exe[2472] C:\Windows\system32\USER32.dll!FindWindowW 000007fdb8b5b160 12 bytes [48, B8, 49, BD, 30, 5C, 00, ...] .text C:\Windows\system32\svchost.exe[2472] C:\Windows\system32\USER32.dll!SetWindowsHookExW 000007fdb8b5bee0 12 bytes [48, B8, 09, 1E, 30, 5C, 00, ...] .text C:\Windows\system32\svchost.exe[2472] C:\Windows\system32\USER32.dll!CreateWindowExW + 1 000007fdb8b5c5b1 5 bytes [b8, 89, 98, 30, 5C] .text C:\Windows\system32\svchost.exe[2472] C:\Windows\system32\USER32.dll!CreateWindowExW + 7 000007fdb8b5c5b7 5 bytes [00, 00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2472] C:\Windows\system32\USER32.dll!CreateWindowExA + 1 000007fdb8b66261 5 bytes [b8, 49, 9A, 30, 5C] .text C:\Windows\system32\svchost.exe[2472] C:\Windows\system32\USER32.dll!CreateWindowExA + 7 000007fdb8b66267 5 bytes [00, 00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[2472] C:\Windows\system32\USER32.dll!FindWindowExW 000007fdb8b685c0 12 bytes [48, B8, 09, BF, 30, 5C, 00, ...] .text C:\Windows\system32\svchost.exe[2472] C:\Windows\system32\USER32.dll!FindWindowExA + 1 000007fdb8b68aa1 11 bytes [b8, 89, BB, 30, 5C, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2472] C:\Windows\system32\USER32.dll!CreateDialogIndirectParamAorW + 1 000007fdb8b6da61 11 bytes [b8, C9, 9D, 30, 5C, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2472] C:\Windows\system32\USER32.dll!DialogBoxIndirectParamAorW + 1 000007fdb8b7b8e1 11 bytes [b8, 89, 9F, 30, 5C, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2472] C:\Windows\system32\USER32.dll!SetWindowsHookExA + 1 000007fdb8b81851 8 bytes [b8, 49, 1C, 30, 5C, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2472] C:\Windows\system32\USER32.dll!SetWindowsHookExA + 10 000007fdb8b8185a 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[2472] C:\Windows\system32\USER32.dll!MessageBoxExW + 1 000007fdb8bc02ed 11 bytes [b8, 09, A3, 30, 5C, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2472] C:\Windows\system32\USER32.dll!MessageBoxExA + 1 000007fdb8bc0311 11 bytes [b8, 49, A1, 30, 5C, 00, 00, ...] .text C:\Windows\system32\svchost.exe[2472] C:\Windows\system32\USER32.dll!SetWindowTextA + 1 000007fdb8bc8211 11 bytes [b8, C9, A4, 30, 5C, 00, 00, ...] .text C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fdb9a32ea0 6 bytes [48, B8, 30, 08, 16, 02] .text C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 000007fdb9a32ea8 4 bytes [00, 00, 50, C3] .text C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe[2564] C:\Windows\system32\KERNEL32.DLL!UnhandledExceptionFilter + 1 000007fdb8ad4695 5 bytes [b8, 30, 08, 21, 02] .text C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe[2564] C:\Windows\system32\KERNEL32.DLL!UnhandledExceptionFilter + 7 000007fdb8ad469b 5 bytes [00, 00, 00, 50, C3] .text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 000007fdb9a32c60 6 bytes [48, B8, 49, E0, 30, 5C] .text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 000007fdb9a32c68 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000007fdb9a32cd0 6 bytes [48, B8, 49, C4, 30, 5C] .text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 000007fdb9a32cd8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000007fdb9a32da0 6 bytes [48, B8, 09, B1, 30, 5C] .text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 000007fdb9a32da8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fdb9a32e40 6 bytes [48, B8, C9, 2D, 30, 5C] .text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 000007fdb9a32e48 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000007fdb9a32e60 6 bytes [48, B8, C9, 18, 30, 5C] .text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000007fdb9a32e68 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000007fdb9a32e80 6 bytes [48, B8, 89, 1A, 30, 5C] .text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 000007fdb9a32e88 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fdb9a32ea0 6 bytes [48, B8, 49, AF, 30, 5C] .text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 000007fdb9a32ea8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fdb9a32f50 6 bytes [48, B8, C9, DC, 30, 5C] .text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 000007fdb9a32f58 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fdb9a32f80 6 bytes [48, B8, 49, 2A, 30, 5C] .text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 000007fdb9a32f88 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fdb9a32fa0 6 bytes [48, B8, 49, 31, 30, 5C] .text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 000007fdb9a32fa8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000007fdb9a33030 6 bytes [48, B8, 89, 2F, 30, 5C] .text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 000007fdb9a33038 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fdb9a33080 6 bytes [48, B8, 09, E2, 30, 5C] .text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 000007fdb9a33088 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 000007fdb9a330b0 6 bytes [48, B8, C9, 26, 30, 5C] .text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 000007fdb9a330b8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fdb9a330c0 6 bytes [48, B8, 49, 23, 30, 5C] .text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 000007fdb9a330c8 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000007fdb9a33130 6 bytes [48, B8, 89, DE, 30, 5C] .text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000007fdb9a33138 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000007fdb9a331e1 6 bytes [48, B8, 89, E5, 30, 5C] .text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 000007fdb9a331e9 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fdb9a33641 6 bytes [48, B8, 09, DB, 30, 5C] .text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 000007fdb9a33649 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 000007fdb9a33691 6 bytes [48, B8, 09, 25, 30, 5C] .text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 000007fdb9a33699 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fdb9a336f1 6 bytes [48, B8, 89, 21, 30, 5C] .text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 000007fdb9a336f9 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fdb9a33ae1 6 bytes [48, B8, 09, C6, 30, 5C] .text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 000007fdb9a33ae9 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 000007fdb9a34041 6 bytes [48, B8, 09, 72, 30, 5C] .text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 000007fdb9a34049 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fdb9a34251 6 bytes [48, B8, 09, 2C, 30, 5C] .text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 000007fdb9a34259 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fdb9a34431 6 bytes [48, B8, C9, C7, 30, 5C] .text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 000007fdb9a34439 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fdb9a34541 6 bytes [48, B8, C9, E3, 30, 5C] .text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 000007fdb9a34549 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fdb9a34651 6 bytes [48, B8, C9, D5, 30, 5C] .text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 000007fdb9a34659 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 000007fdb9a55bd1 11 bytes [b8, C9, 5E, 30, 5C, 00, 00, ...] .text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 000007fdb9af3be1 11 bytes [b8, C9, 73, 30, 5C, 00, 00, ...] .text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\system32\KERNEL32.DLL!GetStartupInfoA + 1 000007fdb8a1d9bd 11 bytes [b8, 09, D4, 30, 5C, 00, 00, ...] .text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\system32\KERNEL32.DLL!CreateToolhelp32Snapshot 000007fdb8a24260 12 bytes [48, B8, C9, 34, 30, 5C, 00, ...] .text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\system32\KERNEL32.DLL!Process32NextW 000007fdb8a24814 12 bytes [48, B8, 89, C2, 30, 5C, 00, ...] .text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\system32\KERNELBASE.dll!CloseHandle 000007fdb6b91580 12 bytes [48, B8, 09, 48, 30, 5C, 00, ...] .text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fdb6b928e9 11 bytes [b8, 49, B6, 30, 5C, 00, 00, ...] .text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\system32\KERNELBASE.dll!CreateMutexW + 1 000007fdb6b93411 11 bytes [b8, 49, 46, 30, 5C, 00, 00, ...] .text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fdb6b94541 11 bytes [b8, 09, B8, 30, 5C, 00, 00, ...] .text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\system32\KERNELBASE.dll!CreateProcessInternalW 000007fdb6b9b970 12 bytes [48, B8, 89, 28, 30, 5C, 00, ...] .text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fdb6baf590 12 bytes [48, B8, 89, B4, 30, 5C, 00, ...] .text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fdb6baf679 11 bytes [b8, C9, B2, 30, 5C, 00, 00, ...] .text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fdb6bbb6dd 11 bytes [b8, 89, 44, 30, 5C, 00, 00, ...] .text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory + 1 000007fdb6bf5c01 11 bytes [b8, 49, 38, 30, 5C, 00, 00, ...] .text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputW + 1 000007fdb6c2b2ed 11 bytes [b8, C9, 6C, 30, 5C, 00, 00, ...] .text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputA + 1 000007fdb6c2b30d 11 bytes [b8, 09, 6B, 30, 5C, 00, 00, ...] .text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\system32\KERNELBASE.dll!ReadConsoleW 000007fdb6c2bcc0 12 bytes [48, B8, 49, 70, 30, 5C, 00, ...] .text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\system32\KERNELBASE.dll!ReadConsoleA 000007fdb6c2bd08 12 bytes [48, B8, 89, 6E, 30, 5C, 00, ...] .text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread 000007fdb6c3720c 12 bytes [48, B8, C9, 1F, 30, 5C, 00, ...] .text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\system32\KERNELBASE.dll!CreateThread 000007fdb6c37250 12 bytes [48, B8, 89, 36, 30, 5C, 00, ...] .text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fdb73ad138 12 bytes [48, B8, 49, 62, 30, 5C, 00, ...] .text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fdb73ad1c0 12 bytes [48, B8, 89, 60, 30, 5C, 00, ...] .text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW 000007fdb73ad350 12 bytes [48, B8, 09, 56, 30, 5C, 00, ...] .text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007fdb73ad3e8 12 bytes [48, B8, 49, 54, 30, 5C, 00, ...] .text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\system32\USER32.dll!PeekMessageW + 1 000007fdb8b510c1 11 bytes [b8, 49, 69, 30, 5C, 00, 00, ...] .text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\system32\USER32.dll!CallNextHookEx + 1 000007fdb8b51881 11 bytes [b8, 89, 75, 30, 5C, 00, 00, ...] .text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\system32\USER32.dll!GetMessageW 000007fdb8b51ed0 12 bytes [48, B8, C9, 65, 30, 5C, 00, ...] .text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx 000007fdb8b52120 6 bytes [48, B8, 49, 77, 30, 5C] .text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx + 8 000007fdb8b52128 4 bytes [00, 00, 50, C3] .text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\system32\USER32.dll!PostMessageW + 1 000007fdb8b524a1 11 bytes [b8, 49, D9, 30, 5C, 00, 00, ...] .text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\system32\USER32.dll!PeekMessageA + 1 000007fdb8b55571 11 bytes [b8, 89, 67, 30, 5C, 00, 00, ...] .text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\system32\USER32.dll!GetMessageA 000007fdb8b55720 12 bytes [48, B8, 09, 64, 30, 5C, 00, ...] .text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\system32\USER32.dll!UserClientDllInitialize + 1 000007fdb8b557b1 11 bytes [b8, 09, E9, 30, 5C, 00, 00, ...] .text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\system32\USER32.dll!SetWindowTextW 000007fdb8b57430 12 bytes [48, B8, 89, A6, 30, 5C, 00, ...] .text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\system32\USER32.dll!FindWindowW 000007fdb8b5b160 12 bytes [48, B8, 49, BD, 30, 5C, 00, ...] .text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\system32\USER32.dll!SetWindowsHookExW 000007fdb8b5bee0 12 bytes [48, B8, 09, 1E, 30, 5C, 00, ...] .text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\system32\USER32.dll!CreateWindowExW + 1 000007fdb8b5c5b1 5 bytes [b8, 89, 98, 30, 5C] .text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\system32\USER32.dll!CreateWindowExW + 7 000007fdb8b5c5b7 5 bytes [00, 00, 00, 50, C3] .text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\system32\USER32.dll!PostMessageA + 1 000007fdb8b65061 11 bytes [b8, 89, D7, 30, 5C, 00, 00, ...] .text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\system32\USER32.dll!CreateWindowExA + 1 000007fdb8b66261 5 bytes [b8, 49, 9A, 30, 5C] .text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\system32\USER32.dll!CreateWindowExA + 7 000007fdb8b66267 5 bytes [00, 00, 00, 50, C3] .text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\system32\USER32.dll!FindWindowExW 000007fdb8b685c0 12 bytes [48, B8, 09, BF, 30, 5C, 00, ...] .text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\system32\USER32.dll!FindWindowExA + 1 000007fdb8b68aa1 11 bytes [b8, 89, BB, 30, 5C, 00, 00, ...] .text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\system32\USER32.dll!CreateDialogIndirectParamAorW + 1 000007fdb8b6da61 11 bytes [b8, C9, 9D, 30, 5C, 00, 00, ...] .text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\system32\USER32.dll!DialogBoxIndirectParamAorW + 1 000007fdb8b7b8e1 11 bytes [b8, 89, 9F, 30, 5C, 00, 00, ...] .text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\system32\USER32.dll!SetWindowsHookExA + 1 000007fdb8b81851 8 bytes [b8, 49, 1C, 30, 5C, 00, 00, ...] .text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\system32\USER32.dll!SetWindowsHookExA + 10 000007fdb8b8185a 2 bytes [50, C3] .text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\system32\USER32.dll!MessageBoxExW + 1 000007fdb8bc02ed 11 bytes [b8, 09, A3, 30, 5C, 00, 00, ...] .text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\system32\USER32.dll!MessageBoxExA + 1 000007fdb8bc0311 11 bytes [b8, 49, A1, 30, 5C, 00, 00, ...] .text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\system32\USER32.dll!SetWindowTextA + 1 000007fdb8bc8211 11 bytes [b8, C9, A4, 30, 5C, 00, 00, ...] .text C:\Windows\system32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 000007fdb9a32c60 6 bytes [48, B8, 09, DB, 30, 5C] .text C:\Windows\system32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 000007fdb9a32c68 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000007fdb9a32cd0 6 bytes [48, B8, 49, C4, 30, 5C] .text C:\Windows\system32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 000007fdb9a32cd8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000007fdb9a32da0 6 bytes [48, B8, 09, B1, 30, 5C] .text C:\Windows\system32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 000007fdb9a32da8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fdb9a32e40 6 bytes [48, B8, C9, 2D, 30, 5C] .text C:\Windows\system32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 000007fdb9a32e48 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000007fdb9a32e60 6 bytes [48, B8, C9, 18, 30, 5C] .text C:\Windows\system32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000007fdb9a32e68 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000007fdb9a32e80 6 bytes [48, B8, 89, 1A, 30, 5C] .text C:\Windows\system32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 000007fdb9a32e88 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fdb9a32ea0 6 bytes [48, B8, 49, AF, 30, 5C] .text C:\Windows\system32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 000007fdb9a32ea8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fdb9a32f50 6 bytes [48, B8, 89, D7, 30, 5C] .text C:\Windows\system32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 000007fdb9a32f58 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fdb9a32f80 6 bytes [48, B8, 49, 2A, 30, 5C] .text C:\Windows\system32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 000007fdb9a32f88 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fdb9a32fa0 6 bytes [48, B8, 49, 31, 30, 5C] .text C:\Windows\system32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 000007fdb9a32fa8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000007fdb9a33030 6 bytes [48, B8, 89, 2F, 30, 5C] .text C:\Windows\system32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 000007fdb9a33038 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fdb9a33080 6 bytes [48, B8, C9, DC, 30, 5C] .text C:\Windows\system32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 000007fdb9a33088 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 000007fdb9a330b0 6 bytes [48, B8, C9, 26, 30, 5C] .text C:\Windows\system32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 000007fdb9a330b8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fdb9a330c0 6 bytes [48, B8, 49, 23, 30, 5C] .text C:\Windows\system32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 000007fdb9a330c8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000007fdb9a33130 6 bytes [48, B8, 49, D9, 30, 5C] .text C:\Windows\system32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000007fdb9a33138 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000007fdb9a331e1 6 bytes [48, B8, 49, E0, 30, 5C] .text C:\Windows\system32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 000007fdb9a331e9 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fdb9a33641 6 bytes [48, B8, C9, D5, 30, 5C] .text C:\Windows\system32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 000007fdb9a33649 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 000007fdb9a33691 6 bytes [48, B8, 09, 25, 30, 5C] .text C:\Windows\system32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 000007fdb9a33699 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fdb9a336f1 6 bytes [48, B8, 89, 21, 30, 5C] .text C:\Windows\system32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 000007fdb9a336f9 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fdb9a33ae1 6 bytes [48, B8, 09, C6, 30, 5C] .text C:\Windows\system32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 000007fdb9a33ae9 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 000007fdb9a34041 6 bytes [48, B8, 09, 72, 30, 5C] .text C:\Windows\system32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 000007fdb9a34049 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fdb9a34251 6 bytes [48, B8, 09, 2C, 30, 5C] .text C:\Windows\system32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 000007fdb9a34259 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fdb9a34431 6 bytes [48, B8, C9, C7, 30, 5C] .text C:\Windows\system32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 000007fdb9a34439 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fdb9a34541 6 bytes [48, B8, 89, DE, 30, 5C] .text C:\Windows\system32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 000007fdb9a34549 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 000007fdb9a55bd1 11 bytes [b8, C9, 5E, 30, 5C, 00, 00, ...] .text C:\Windows\system32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 000007fdb9af3be1 11 bytes [b8, C9, 73, 30, 5C, 00, 00, ...] .text C:\Windows\system32\svchost.exe[3984] C:\Windows\system32\KERNEL32.DLL!GetStartupInfoA + 1 000007fdb8a1d9bd 11 bytes [b8, 09, D4, 30, 5C, 00, 00, ...] .text C:\Windows\system32\svchost.exe[3984] C:\Windows\system32\KERNEL32.DLL!CreateToolhelp32Snapshot 000007fdb8a24260 12 bytes [48, B8, C9, 34, 30, 5C, 00, ...] .text C:\Windows\system32\svchost.exe[3984] C:\Windows\system32\KERNEL32.DLL!Process32NextW 000007fdb8a24814 12 bytes [48, B8, 89, C2, 30, 5C, 00, ...] .text C:\Windows\system32\svchost.exe[3984] C:\Windows\system32\KERNELBASE.dll!CloseHandle 000007fdb6b91580 12 bytes [48, B8, 09, 48, 30, 5C, 00, ...] .text C:\Windows\system32\svchost.exe[3984] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fdb6b928e9 11 bytes [b8, 49, B6, 30, 5C, 00, 00, ...] .text C:\Windows\system32\svchost.exe[3984] C:\Windows\system32\KERNELBASE.dll!CreateMutexW + 1 000007fdb6b93411 11 bytes [b8, 49, 46, 30, 5C, 00, 00, ...] .text C:\Windows\system32\svchost.exe[3984] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fdb6b94541 11 bytes [b8, 09, B8, 30, 5C, 00, 00, ...] .text C:\Windows\system32\svchost.exe[3984] C:\Windows\system32\KERNELBASE.dll!CreateProcessInternalW 000007fdb6b9b970 12 bytes [48, B8, 89, 28, 30, 5C, 00, ...] .text C:\Windows\system32\svchost.exe[3984] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fdb6baf590 12 bytes [48, B8, 89, B4, 30, 5C, 00, ...] .text C:\Windows\system32\svchost.exe[3984] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fdb6baf679 11 bytes [b8, C9, B2, 30, 5C, 00, 00, ...] .text C:\Windows\system32\svchost.exe[3984] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fdb6bbb6dd 11 bytes [b8, 89, 44, 30, 5C, 00, 00, ...] .text C:\Windows\system32\svchost.exe[3984] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory + 1 000007fdb6bf5c01 11 bytes [b8, 49, 38, 30, 5C, 00, 00, ...] .text C:\Windows\system32\svchost.exe[3984] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputW + 1 000007fdb6c2b2ed 11 bytes [b8, C9, 6C, 30, 5C, 00, 00, ...] .text C:\Windows\system32\svchost.exe[3984] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputA + 1 000007fdb6c2b30d 11 bytes [b8, 09, 6B, 30, 5C, 00, 00, ...] .text C:\Windows\system32\svchost.exe[3984] C:\Windows\system32\KERNELBASE.dll!ReadConsoleW 000007fdb6c2bcc0 12 bytes [48, B8, 49, 70, 30, 5C, 00, ...] .text C:\Windows\system32\svchost.exe[3984] C:\Windows\system32\KERNELBASE.dll!ReadConsoleA 000007fdb6c2bd08 12 bytes [48, B8, 89, 6E, 30, 5C, 00, ...] .text C:\Windows\system32\svchost.exe[3984] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread 000007fdb6c3720c 12 bytes [48, B8, C9, 1F, 30, 5C, 00, ...] .text C:\Windows\system32\svchost.exe[3984] C:\Windows\system32\KERNELBASE.dll!CreateThread 000007fdb6c37250 12 bytes [48, B8, 89, 36, 30, 5C, 00, ...] .text C:\Windows\system32\svchost.exe[3984] C:\Windows\SYSTEM32\user32.dll!PeekMessageW + 1 000007fdb8b510c1 11 bytes [b8, 49, 69, 30, 5C, 00, 00, ...] .text C:\Windows\system32\svchost.exe[3984] C:\Windows\SYSTEM32\user32.dll!CallNextHookEx + 1 000007fdb8b51881 11 bytes [b8, 89, 75, 30, 5C, 00, 00, ...] .text C:\Windows\system32\svchost.exe[3984] C:\Windows\SYSTEM32\user32.dll!GetMessageW 000007fdb8b51ed0 12 bytes [48, B8, C9, 65, 30, 5C, 00, ...] .text C:\Windows\system32\svchost.exe[3984] C:\Windows\SYSTEM32\user32.dll!UnhookWindowsHookEx 000007fdb8b52120 6 bytes [48, B8, 49, 77, 30, 5C] .text C:\Windows\system32\svchost.exe[3984] C:\Windows\SYSTEM32\user32.dll!UnhookWindowsHookEx + 8 000007fdb8b52128 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[3984] C:\Windows\SYSTEM32\user32.dll!PeekMessageA + 1 000007fdb8b55571 11 bytes [b8, 89, 67, 30, 5C, 00, 00, ...] .text C:\Windows\system32\svchost.exe[3984] C:\Windows\SYSTEM32\user32.dll!GetMessageA 000007fdb8b55720 12 bytes [48, B8, 09, 64, 30, 5C, 00, ...] .text C:\Windows\system32\svchost.exe[3984] C:\Windows\SYSTEM32\user32.dll!UserClientDllInitialize + 1 000007fdb8b557b1 11 bytes [b8, 09, E2, 30, 5C, 00, 00, ...] .text C:\Windows\system32\svchost.exe[3984] C:\Windows\SYSTEM32\user32.dll!SetWindowTextW 000007fdb8b57430 12 bytes [48, B8, 89, A6, 30, 5C, 00, ...] .text C:\Windows\system32\svchost.exe[3984] C:\Windows\SYSTEM32\user32.dll!FindWindowW 000007fdb8b5b160 12 bytes [48, B8, 49, BD, 30, 5C, 00, ...] .text C:\Windows\system32\svchost.exe[3984] C:\Windows\SYSTEM32\user32.dll!SetWindowsHookExW 000007fdb8b5bee0 12 bytes [48, B8, 09, 1E, 30, 5C, 00, ...] .text C:\Windows\system32\svchost.exe[3984] C:\Windows\SYSTEM32\user32.dll!CreateWindowExW + 1 000007fdb8b5c5b1 5 bytes [b8, 89, 98, 30, 5C] .text C:\Windows\system32\svchost.exe[3984] C:\Windows\SYSTEM32\user32.dll!CreateWindowExW + 7 000007fdb8b5c5b7 5 bytes [00, 00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[3984] C:\Windows\SYSTEM32\user32.dll!CreateWindowExA + 1 000007fdb8b66261 5 bytes [b8, 49, 9A, 30, 5C] .text C:\Windows\system32\svchost.exe[3984] C:\Windows\SYSTEM32\user32.dll!CreateWindowExA + 7 000007fdb8b66267 5 bytes [00, 00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[3984] C:\Windows\SYSTEM32\user32.dll!FindWindowExW 000007fdb8b685c0 12 bytes [48, B8, 09, BF, 30, 5C, 00, ...] .text C:\Windows\system32\svchost.exe[3984] C:\Windows\SYSTEM32\user32.dll!FindWindowExA + 1 000007fdb8b68aa1 11 bytes [b8, 89, BB, 30, 5C, 00, 00, ...] .text C:\Windows\system32\svchost.exe[3984] C:\Windows\SYSTEM32\user32.dll!CreateDialogIndirectParamAorW + 1 000007fdb8b6da61 11 bytes [b8, C9, 9D, 30, 5C, 00, 00, ...] .text C:\Windows\system32\svchost.exe[3984] C:\Windows\SYSTEM32\user32.dll!DialogBoxIndirectParamAorW + 1 000007fdb8b7b8e1 11 bytes [b8, 89, 9F, 30, 5C, 00, 00, ...] .text C:\Windows\system32\svchost.exe[3984] C:\Windows\SYSTEM32\user32.dll!SetWindowsHookExA + 1 000007fdb8b81851 8 bytes [b8, 49, 1C, 30, 5C, 00, 00, ...] .text C:\Windows\system32\svchost.exe[3984] C:\Windows\SYSTEM32\user32.dll!SetWindowsHookExA + 10 000007fdb8b8185a 2 bytes [50, C3] .text C:\Windows\system32\svchost.exe[3984] C:\Windows\SYSTEM32\user32.dll!MessageBoxExW + 1 000007fdb8bc02ed 11 bytes [b8, 09, A3, 30, 5C, 00, 00, ...] .text C:\Windows\system32\svchost.exe[3984] C:\Windows\SYSTEM32\user32.dll!MessageBoxExA + 1 000007fdb8bc0311 11 bytes [b8, 49, A1, 30, 5C, 00, 00, ...] .text C:\Windows\system32\svchost.exe[3984] C:\Windows\SYSTEM32\user32.dll!SetWindowTextA + 1 000007fdb8bc8211 11 bytes [b8, C9, A4, 30, 5C, 00, 00, ...] .text C:\Windows\system32\svchost.exe[3984] C:\Windows\system32\WS2_32.dll!closesocket 000007fdb8ce1cd0 10 bytes [48, B8, C9, AB, 30, 5C, 00, ...] .text C:\Windows\system32\svchost.exe[3984] C:\Windows\system32\WS2_32.dll!closesocket + 11 000007fdb8ce1cdb 1 byte [C3] .text C:\Windows\system32\svchost.exe[3984] C:\Windows\system32\WS2_32.dll!recv + 1 000007fdb8ce1f41 11 bytes [b8, C9, CE, 30, 5C, 00, 00, ...] .text C:\Windows\system32\svchost.exe[3984] C:\Windows\system32\WS2_32.dll!WSASocketW 000007fdb8ce24d0 12 bytes [48, B8, 09, AA, 30, 5C, 00, ...] .text C:\Windows\system32\svchost.exe[3984] C:\Windows\system32\WS2_32.dll!socket + 1 000007fdb8ce2a91 11 bytes [b8, 89, C9, 30, 5C, 00, 00, ...] .text C:\Windows\system32\svchost.exe[3984] C:\Windows\system32\WS2_32.dll!send + 1 000007fdb8ce3051 11 bytes [b8, 49, A8, 30, 5C, 00, 00, ...] .text C:\Windows\system32\svchost.exe[3984] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 000007fdb8ce3930 12 bytes [48, B8, 09, 95, 30, 5C, 00, ...] .text C:\Windows\system32\svchost.exe[3984] C:\Windows\system32\WS2_32.dll!connect 000007fdb8ce4940 12 bytes [48, B8, 09, 5D, 30, 5C, 00, ...] .text C:\Windows\system32\svchost.exe[3984] C:\Windows\system32\WS2_32.dll!gethostbyname 000007fdb8cee910 7 bytes [48, B8, C9, 96, 30, 5C, 00] .text C:\Windows\system32\svchost.exe[3984] C:\Windows\system32\WS2_32.dll!gethostbyname + 9 000007fdb8cee919 3 bytes [00, 50, C3] .text C:\Windows\system32\svchost.exe[3984] C:\Windows\system32\WS2_32.dll!WSASend + 1 000007fdb8cf2e81 11 bytes [b8, 89, AD, 30, 5C, 00, 00, ...] .text C:\Windows\system32\svchost.exe[3984] C:\Windows\system32\WS2_32.dll!WSARecv + 1 000007fdb8cf3141 11 bytes [b8, 89, D0, 30, 5C, 00, 00, ...] .text C:\Windows\system32\svchost.exe[3984] C:\Windows\system32\WS2_32.dll!WSAConnect + 1 000007fdb8cf76e1 11 bytes [b8, 09, CD, 30, 5C, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 000007fdb9a32c60 6 bytes [48, B8, 49, E0, 30, 5C] .text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 000007fdb9a32c68 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000007fdb9a32cd0 6 bytes [48, B8, 49, C4, 30, 5C] .text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 000007fdb9a32cd8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000007fdb9a32da0 6 bytes [48, B8, 09, B1, 30, 5C] .text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 000007fdb9a32da8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fdb9a32e40 6 bytes [48, B8, C9, 2D, 30, 5C] .text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 000007fdb9a32e48 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000007fdb9a32e60 6 bytes [48, B8, C9, 18, 30, 5C] .text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000007fdb9a32e68 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000007fdb9a32e80 6 bytes [48, B8, 89, 1A, 30, 5C] .text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 000007fdb9a32e88 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fdb9a32ea0 6 bytes [48, B8, 49, AF, 30, 5C] .text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 000007fdb9a32ea8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fdb9a32f50 6 bytes [48, B8, C9, DC, 30, 5C] .text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 000007fdb9a32f58 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fdb9a32f80 6 bytes [48, B8, 49, 2A, 30, 5C] .text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 000007fdb9a32f88 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fdb9a32fa0 6 bytes [48, B8, 49, 31, 30, 5C] .text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 000007fdb9a32fa8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000007fdb9a33030 6 bytes [48, B8, 89, 2F, 30, 5C] .text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 000007fdb9a33038 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fdb9a33080 6 bytes [48, B8, 09, E2, 30, 5C] .text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 000007fdb9a33088 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 000007fdb9a330b0 6 bytes [48, B8, C9, 26, 30, 5C] .text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 000007fdb9a330b8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fdb9a330c0 6 bytes [48, B8, 49, 23, 30, 5C] .text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 000007fdb9a330c8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000007fdb9a33130 6 bytes [48, B8, 89, DE, 30, 5C] .text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000007fdb9a33138 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000007fdb9a331e1 6 bytes [48, B8, 89, E5, 30, 5C] .text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 000007fdb9a331e9 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fdb9a33641 6 bytes [48, B8, 09, DB, 30, 5C] .text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 000007fdb9a33649 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 000007fdb9a33691 6 bytes [48, B8, 09, 25, 30, 5C] .text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 000007fdb9a33699 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fdb9a336f1 6 bytes [48, B8, 89, 21, 30, 5C] .text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 000007fdb9a336f9 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fdb9a33ae1 6 bytes [48, B8, 09, C6, 30, 5C] .text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 000007fdb9a33ae9 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 000007fdb9a34041 6 bytes [48, B8, 09, 72, 30, 5C] .text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 000007fdb9a34049 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fdb9a34251 6 bytes [48, B8, 09, 2C, 30, 5C] .text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 000007fdb9a34259 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fdb9a34431 6 bytes [48, B8, C9, C7, 30, 5C] .text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 000007fdb9a34439 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fdb9a34541 6 bytes [48, B8, C9, E3, 30, 5C] .text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 000007fdb9a34549 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fdb9a34651 6 bytes [48, B8, C9, D5, 30, 5C] .text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 000007fdb9a34659 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 000007fdb9a55bd1 11 bytes [b8, C9, 5E, 30, 5C, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 000007fdb9af3be1 11 bytes [b8, C9, 73, 30, 5C, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\system32\KERNEL32.DLL!GetStartupInfoA + 1 000007fdb8a1d9bd 11 bytes [b8, 09, D4, 30, 5C, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\system32\KERNEL32.DLL!CreateToolhelp32Snapshot 000007fdb8a24260 12 bytes [48, B8, C9, 34, 30, 5C, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\system32\KERNEL32.DLL!Process32NextW 000007fdb8a24814 12 bytes [48, B8, 89, C2, 30, 5C, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\system32\KERNELBASE.dll!CloseHandle 000007fdb6b91580 12 bytes [48, B8, 09, 48, 30, 5C, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fdb6b928e9 11 bytes [b8, 49, B6, 30, 5C, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\system32\KERNELBASE.dll!CreateMutexW + 1 000007fdb6b93411 11 bytes [b8, 49, 46, 30, 5C, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fdb6b94541 11 bytes [b8, 09, B8, 30, 5C, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\system32\KERNELBASE.dll!CreateProcessInternalW 000007fdb6b9b970 12 bytes [48, B8, 89, 28, 30, 5C, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fdb6baf590 12 bytes [48, B8, 89, B4, 30, 5C, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fdb6baf679 11 bytes [b8, C9, B2, 30, 5C, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fdb6bbb6dd 11 bytes [b8, 89, 44, 30, 5C, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory + 1 000007fdb6bf5c01 11 bytes [b8, 49, 38, 30, 5C, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputW + 1 000007fdb6c2b2ed 11 bytes [b8, C9, 6C, 30, 5C, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputA + 1 000007fdb6c2b30d 11 bytes [b8, 09, 6B, 30, 5C, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\system32\KERNELBASE.dll!ReadConsoleW 000007fdb6c2bcc0 12 bytes [48, B8, 49, 70, 30, 5C, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\system32\KERNELBASE.dll!ReadConsoleA 000007fdb6c2bd08 12 bytes [48, B8, 89, 6E, 30, 5C, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread 000007fdb6c3720c 12 bytes [48, B8, C9, 1F, 30, 5C, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\system32\KERNELBASE.dll!CreateThread 000007fdb6c37250 12 bytes [48, B8, 89, 36, 30, 5C, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fdb73ad138 12 bytes [48, B8, 49, 62, 30, 5C, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fdb73ad1c0 12 bytes [48, B8, 89, 60, 30, 5C, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW 000007fdb73ad350 12 bytes [48, B8, 09, 56, 30, 5C, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007fdb73ad3e8 12 bytes [48, B8, 49, 54, 30, 5C, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\system32\USER32.dll!PeekMessageW + 1 000007fdb8b510c1 11 bytes [b8, 49, 69, 30, 5C, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\system32\USER32.dll!CallNextHookEx + 1 000007fdb8b51881 11 bytes [b8, 89, 75, 30, 5C, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\system32\USER32.dll!GetMessageW 000007fdb8b51ed0 12 bytes [48, B8, C9, 65, 30, 5C, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx 000007fdb8b52120 6 bytes [48, B8, 49, 77, 30, 5C] .text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx + 8 000007fdb8b52128 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\system32\USER32.dll!PostMessageW + 1 000007fdb8b524a1 11 bytes [b8, 49, D9, 30, 5C, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\system32\USER32.dll!PeekMessageA + 1 000007fdb8b55571 11 bytes [b8, 89, 67, 30, 5C, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\system32\USER32.dll!GetMessageA 000007fdb8b55720 12 bytes [48, B8, 09, 64, 30, 5C, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\system32\USER32.dll!UserClientDllInitialize + 1 000007fdb8b557b1 11 bytes [b8, 09, E9, 30, 5C, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\system32\USER32.dll!SetWindowTextW 000007fdb8b57430 12 bytes [48, B8, 89, A6, 30, 5C, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\system32\USER32.dll!FindWindowW 000007fdb8b5b160 12 bytes [48, B8, 49, BD, 30, 5C, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\system32\USER32.dll!SetWindowsHookExW 000007fdb8b5bee0 12 bytes [48, B8, 09, 1E, 30, 5C, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\system32\USER32.dll!CreateWindowExW + 1 000007fdb8b5c5b1 5 bytes [b8, 89, 98, 30, 5C] .text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\system32\USER32.dll!CreateWindowExW + 7 000007fdb8b5c5b7 5 bytes [00, 00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\system32\USER32.dll!PostMessageA + 1 000007fdb8b65061 11 bytes [b8, 89, D7, 30, 5C, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\system32\USER32.dll!CreateWindowExA + 1 000007fdb8b66261 5 bytes [b8, 49, 9A, 30, 5C] .text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\system32\USER32.dll!CreateWindowExA + 7 000007fdb8b66267 5 bytes [00, 00, 00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\system32\USER32.dll!FindWindowExW 000007fdb8b685c0 12 bytes [48, B8, 09, BF, 30, 5C, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\system32\USER32.dll!FindWindowExA + 1 000007fdb8b68aa1 11 bytes [b8, 89, BB, 30, 5C, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\system32\USER32.dll!CreateDialogIndirectParamAorW + 1 000007fdb8b6da61 11 bytes [b8, C9, 9D, 30, 5C, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\system32\USER32.dll!DialogBoxIndirectParamAorW + 1 000007fdb8b7b8e1 11 bytes [b8, 89, 9F, 30, 5C, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\system32\USER32.dll!SetWindowsHookExA + 1 000007fdb8b81851 8 bytes [b8, 49, 1C, 30, 5C, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\system32\USER32.dll!SetWindowsHookExA + 10 000007fdb8b8185a 2 bytes [50, C3] .text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\system32\USER32.dll!MessageBoxExW + 1 000007fdb8bc02ed 11 bytes [b8, 09, A3, 30, 5C, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\system32\USER32.dll!MessageBoxExA + 1 000007fdb8bc0311 11 bytes [b8, 49, A1, 30, 5C, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\system32\USER32.dll!SetWindowTextA + 1 000007fdb8bc8211 11 bytes [b8, C9, A4, 30, 5C, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\system32\SHELL32.dll!Shell_NotifyIconW + 1 000007fdb75dd181 11 bytes [b8, 09, 79, 30, 5C, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\system32\WS2_32.dll!closesocket 000007fdb8ce1cd0 10 bytes [48, B8, C9, AB, 30, 5C, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\system32\WS2_32.dll!closesocket + 11 000007fdb8ce1cdb 1 byte [C3] .text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\system32\WS2_32.dll!recv + 1 000007fdb8ce1f41 11 bytes [b8, C9, CE, 30, 5C, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\system32\WS2_32.dll!WSASocketW 000007fdb8ce24d0 12 bytes [48, B8, 09, AA, 30, 5C, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\system32\WS2_32.dll!socket + 1 000007fdb8ce2a91 11 bytes [b8, 89, C9, 30, 5C, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\system32\WS2_32.dll!send + 1 000007fdb8ce3051 11 bytes [b8, 49, A8, 30, 5C, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 000007fdb8ce3930 12 bytes [48, B8, 09, 95, 30, 5C, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\system32\WS2_32.dll!connect 000007fdb8ce4940 12 bytes [48, B8, 09, 5D, 30, 5C, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\system32\WS2_32.dll!gethostbyname 000007fdb8cee910 7 bytes [48, B8, C9, 96, 30, 5C, 00] .text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\system32\WS2_32.dll!gethostbyname + 9 000007fdb8cee919 3 bytes [00, 50, C3] .text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\system32\WS2_32.dll!WSASend + 1 000007fdb8cf2e81 11 bytes [b8, 89, AD, 30, 5C, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\system32\WS2_32.dll!WSARecv + 1 000007fdb8cf3141 11 bytes [b8, 89, D0, 30, 5C, 00, 00, ...] .text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\system32\WS2_32.dll!WSAConnect + 1 000007fdb8cf76e1 11 bytes [b8, 09, CD, 30, 5C, 00, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 000007fdb9a32c60 6 bytes [48, B8, 49, E0, 30, 5C] .text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 000007fdb9a32c68 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000007fdb9a32cd0 6 bytes [48, B8, 49, C4, 30, 5C] .text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 000007fdb9a32cd8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000007fdb9a32da0 6 bytes [48, B8, 09, B1, 30, 5C] .text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 000007fdb9a32da8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fdb9a32e40 6 bytes [48, B8, C9, 2D, 30, 5C] .text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 000007fdb9a32e48 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000007fdb9a32e60 6 bytes [48, B8, C9, 18, 30, 5C] .text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000007fdb9a32e68 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000007fdb9a32e80 6 bytes [48, B8, 89, 1A, 30, 5C] .text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 000007fdb9a32e88 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fdb9a32ea0 6 bytes [48, B8, 49, AF, 30, 5C] .text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 000007fdb9a32ea8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fdb9a32f50 6 bytes [48, B8, C9, DC, 30, 5C] .text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 000007fdb9a32f58 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fdb9a32f80 6 bytes [48, B8, 49, 2A, 30, 5C] .text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 000007fdb9a32f88 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fdb9a32fa0 6 bytes [48, B8, 49, 31, 30, 5C] .text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 000007fdb9a32fa8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000007fdb9a33030 6 bytes [48, B8, 89, 2F, 30, 5C] .text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 000007fdb9a33038 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fdb9a33080 6 bytes [48, B8, 09, E2, 30, 5C] .text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 000007fdb9a33088 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 000007fdb9a330b0 6 bytes [48, B8, C9, 26, 30, 5C] .text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 000007fdb9a330b8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fdb9a330c0 6 bytes [48, B8, 49, 23, 30, 5C] .text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 000007fdb9a330c8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000007fdb9a33130 6 bytes [48, B8, 89, DE, 30, 5C] .text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000007fdb9a33138 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000007fdb9a331e1 6 bytes [48, B8, 89, E5, 30, 5C] .text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 000007fdb9a331e9 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fdb9a33641 6 bytes [48, B8, 09, DB, 30, 5C] .text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 000007fdb9a33649 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 000007fdb9a33691 6 bytes [48, B8, 09, 25, 30, 5C] .text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 000007fdb9a33699 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fdb9a336f1 6 bytes [48, B8, 89, 21, 30, 5C] .text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 000007fdb9a336f9 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fdb9a33ae1 6 bytes [48, B8, 09, C6, 30, 5C] .text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 000007fdb9a33ae9 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 000007fdb9a34041 6 bytes [48, B8, 09, 72, 30, 5C] .text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 000007fdb9a34049 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fdb9a34251 6 bytes [48, B8, 09, 2C, 30, 5C] .text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 000007fdb9a34259 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fdb9a34431 6 bytes [48, B8, C9, C7, 30, 5C] .text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 000007fdb9a34439 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fdb9a34541 6 bytes [48, B8, C9, E3, 30, 5C] .text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 000007fdb9a34549 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fdb9a34651 6 bytes [48, B8, C9, D5, 30, 5C] .text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 000007fdb9a34659 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 000007fdb9a55bd1 11 bytes [b8, C9, 5E, 30, 5C, 00, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 000007fdb9af3be1 11 bytes [b8, C9, 73, 30, 5C, 00, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\system32\KERNEL32.DLL!GetStartupInfoA + 1 000007fdb8a1d9bd 11 bytes [b8, 09, D4, 30, 5C, 00, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\system32\KERNEL32.DLL!CreateToolhelp32Snapshot 000007fdb8a24260 12 bytes [48, B8, C9, 34, 30, 5C, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\system32\KERNEL32.DLL!Process32NextW 000007fdb8a24814 12 bytes [48, B8, 89, C2, 30, 5C, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\system32\KERNELBASE.dll!CloseHandle 000007fdb6b91580 12 bytes [48, B8, 09, 48, 30, 5C, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fdb6b928e9 11 bytes [b8, 49, B6, 30, 5C, 00, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\system32\KERNELBASE.dll!CreateMutexW + 1 000007fdb6b93411 11 bytes [b8, 49, 46, 30, 5C, 00, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fdb6b94541 11 bytes [b8, 09, B8, 30, 5C, 00, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\system32\KERNELBASE.dll!CreateProcessInternalW 000007fdb6b9b970 12 bytes [48, B8, 89, 28, 30, 5C, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fdb6baf590 12 bytes [48, B8, 89, B4, 30, 5C, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fdb6baf679 11 bytes [b8, C9, B2, 30, 5C, 00, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fdb6bbb6dd 11 bytes [b8, 89, 44, 30, 5C, 00, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory + 1 000007fdb6bf5c01 11 bytes [b8, 49, 38, 30, 5C, 00, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputW + 1 000007fdb6c2b2ed 11 bytes [b8, C9, 6C, 30, 5C, 00, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputA + 1 000007fdb6c2b30d 11 bytes [b8, 09, 6B, 30, 5C, 00, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\system32\KERNELBASE.dll!ReadConsoleW 000007fdb6c2bcc0 12 bytes [48, B8, 49, 70, 30, 5C, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\system32\KERNELBASE.dll!ReadConsoleA 000007fdb6c2bd08 12 bytes [48, B8, 89, 6E, 30, 5C, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread 000007fdb6c3720c 12 bytes [48, B8, C9, 1F, 30, 5C, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\system32\KERNELBASE.dll!CreateThread 000007fdb6c37250 12 bytes [48, B8, 89, 36, 30, 5C, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\system32\WS2_32.dll!closesocket 000007fdb8ce1cd0 10 bytes [48, B8, C9, AB, 30, 5C, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\system32\WS2_32.dll!closesocket + 11 000007fdb8ce1cdb 1 byte [C3] .text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\system32\WS2_32.dll!recv + 1 000007fdb8ce1f41 11 bytes [b8, C9, CE, 30, 5C, 00, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\system32\WS2_32.dll!WSASocketW 000007fdb8ce24d0 12 bytes [48, B8, 09, AA, 30, 5C, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\system32\WS2_32.dll!socket + 1 000007fdb8ce2a91 11 bytes [b8, 89, C9, 30, 5C, 00, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\system32\WS2_32.dll!send + 1 000007fdb8ce3051 11 bytes [b8, 49, A8, 30, 5C, 00, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 000007fdb8ce3930 12 bytes [48, B8, 09, 95, 30, 5C, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\system32\WS2_32.dll!connect 000007fdb8ce4940 12 bytes [48, B8, 09, 5D, 30, 5C, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\system32\WS2_32.dll!gethostbyname 000007fdb8cee910 7 bytes [48, B8, C9, 96, 30, 5C, 00] .text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\system32\WS2_32.dll!gethostbyname + 9 000007fdb8cee919 3 bytes [00, 50, C3] .text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\system32\WS2_32.dll!WSASend + 1 000007fdb8cf2e81 11 bytes [b8, 89, AD, 30, 5C, 00, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\system32\WS2_32.dll!WSARecv + 1 000007fdb8cf3141 11 bytes [b8, 89, D0, 30, 5C, 00, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\system32\WS2_32.dll!WSAConnect + 1 000007fdb8cf76e1 11 bytes [b8, 09, CD, 30, 5C, 00, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\advapi32.dll!CreateServiceW 000007fdb73ad138 12 bytes [48, B8, 49, 62, 30, 5C, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\advapi32.dll!CreateServiceA 000007fdb73ad1c0 12 bytes [48, B8, 89, 60, 30, 5C, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\advapi32.dll!ChangeServiceConfigW 000007fdb73ad350 12 bytes [48, B8, 09, 56, 30, 5C, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\advapi32.dll!ChangeServiceConfigA 000007fdb73ad3e8 12 bytes [48, B8, 49, 54, 30, 5C, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\user32.dll!PeekMessageW + 1 000007fdb8b510c1 11 bytes [b8, 49, 69, 30, 5C, 00, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\user32.dll!CallNextHookEx + 1 000007fdb8b51881 11 bytes [b8, 89, 75, 30, 5C, 00, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\user32.dll!GetMessageW 000007fdb8b51ed0 12 bytes [48, B8, C9, 65, 30, 5C, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\user32.dll!UnhookWindowsHookEx 000007fdb8b52120 6 bytes [48, B8, 49, 77, 30, 5C] .text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\user32.dll!UnhookWindowsHookEx + 8 000007fdb8b52128 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\user32.dll!PostMessageW + 1 000007fdb8b524a1 11 bytes [b8, 49, D9, 30, 5C, 00, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\user32.dll!PeekMessageA + 1 000007fdb8b55571 11 bytes [b8, 89, 67, 30, 5C, 00, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\user32.dll!GetMessageA 000007fdb8b55720 12 bytes [48, B8, 09, 64, 30, 5C, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\user32.dll!UserClientDllInitialize + 1 000007fdb8b557b1 11 bytes [b8, C9, EA, 30, 5C, 00, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\user32.dll!SetWindowTextW 000007fdb8b57430 12 bytes [48, B8, 89, A6, 30, 5C, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\user32.dll!FindWindowW 000007fdb8b5b160 12 bytes [48, B8, 49, BD, 30, 5C, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\user32.dll!SetWindowsHookExW 000007fdb8b5bee0 12 bytes [48, B8, 09, 1E, 30, 5C, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\user32.dll!CreateWindowExW + 1 000007fdb8b5c5b1 5 bytes [b8, 89, 98, 30, 5C] .text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\user32.dll!CreateWindowExW + 7 000007fdb8b5c5b7 5 bytes [00, 00, 00, 50, C3] .text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\user32.dll!PostMessageA + 1 000007fdb8b65061 11 bytes [b8, 89, D7, 30, 5C, 00, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\user32.dll!CreateWindowExA + 1 000007fdb8b66261 5 bytes [b8, 49, 9A, 30, 5C] .text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\user32.dll!CreateWindowExA + 7 000007fdb8b66267 5 bytes [00, 00, 00, 50, C3] .text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\user32.dll!FindWindowExW 000007fdb8b685c0 12 bytes [48, B8, 09, BF, 30, 5C, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\user32.dll!FindWindowExA + 1 000007fdb8b68aa1 11 bytes [b8, 89, BB, 30, 5C, 00, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\user32.dll!CreateDialogIndirectParamAorW + 1 000007fdb8b6da61 11 bytes [b8, C9, 9D, 30, 5C, 00, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\user32.dll!DialogBoxIndirectParamAorW + 1 000007fdb8b7b8e1 11 bytes [b8, 89, 9F, 30, 5C, 00, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\user32.dll!SetWindowsHookExA + 1 000007fdb8b81851 8 bytes [b8, 49, 1C, 30, 5C, 00, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\user32.dll!SetWindowsHookExA + 10 000007fdb8b8185a 2 bytes [50, C3] .text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\user32.dll!MessageBoxExW + 1 000007fdb8bc02ed 11 bytes [b8, 09, A3, 30, 5C, 00, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\user32.dll!MessageBoxExA + 1 000007fdb8bc0311 11 bytes [b8, 49, A1, 30, 5C, 00, 00, ...] .text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\user32.dll!SetWindowTextA + 1 000007fdb8bc8211 11 bytes [b8, C9, A4, 30, 5C, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 000007fdb9a32c60 6 bytes [48, B8, 49, E0, 30, 5C] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 000007fdb9a32c68 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000007fdb9a32cd0 6 bytes [48, B8, 49, C4, 30, 5C] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 000007fdb9a32cd8 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000007fdb9a32da0 6 bytes [48, B8, 09, B1, 30, 5C] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 000007fdb9a32da8 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fdb9a32e40 6 bytes [48, B8, C9, 2D, 30, 5C] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 000007fdb9a32e48 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000007fdb9a32e60 6 bytes [48, B8, C9, 18, 30, 5C] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000007fdb9a32e68 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000007fdb9a32e80 6 bytes [48, B8, 89, 1A, 30, 5C] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 000007fdb9a32e88 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fdb9a32ea0 6 bytes [48, B8, 49, AF, 30, 5C] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 000007fdb9a32ea8 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fdb9a32f50 6 bytes [48, B8, C9, DC, 30, 5C] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 000007fdb9a32f58 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fdb9a32f80 6 bytes [48, B8, 49, 2A, 30, 5C] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 000007fdb9a32f88 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fdb9a32fa0 6 bytes [48, B8, 49, 31, 30, 5C] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 000007fdb9a32fa8 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000007fdb9a33030 6 bytes [48, B8, 89, 2F, 30, 5C] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 000007fdb9a33038 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fdb9a33080 6 bytes [48, B8, 09, E2, 30, 5C] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 000007fdb9a33088 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 000007fdb9a330b0 6 bytes [48, B8, C9, 26, 30, 5C] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 000007fdb9a330b8 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fdb9a330c0 6 bytes [48, B8, 49, 23, 30, 5C] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 000007fdb9a330c8 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000007fdb9a33130 6 bytes [48, B8, 89, DE, 30, 5C] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000007fdb9a33138 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000007fdb9a331e1 6 bytes [48, B8, 89, E5, 30, 5C] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 000007fdb9a331e9 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fdb9a33641 6 bytes [48, B8, 09, DB, 30, 5C] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 000007fdb9a33649 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 000007fdb9a33691 6 bytes [48, B8, 09, 25, 30, 5C] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 000007fdb9a33699 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fdb9a336f1 6 bytes [48, B8, 89, 21, 30, 5C] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 000007fdb9a336f9 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fdb9a33ae1 6 bytes [48, B8, 09, C6, 30, 5C] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 000007fdb9a33ae9 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 000007fdb9a34041 6 bytes [48, B8, 09, 72, 30, 5C] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 000007fdb9a34049 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fdb9a34251 6 bytes [48, B8, 09, 2C, 30, 5C] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 000007fdb9a34259 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fdb9a34431 6 bytes [48, B8, C9, C7, 30, 5C] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 000007fdb9a34439 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fdb9a34541 6 bytes [48, B8, C9, E3, 30, 5C] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 000007fdb9a34549 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fdb9a34651 6 bytes [48, B8, C9, D5, 30, 5C] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 000007fdb9a34659 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 000007fdb9a55bd1 11 bytes [b8, C9, 5E, 30, 5C, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 000007fdb9af3be1 11 bytes [b8, C9, 73, 30, 5C, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\system32\KERNEL32.dll!GetStartupInfoA + 1 000007fdb8a1d9bd 11 bytes [b8, 09, D4, 30, 5C, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\system32\KERNEL32.dll!CreateToolhelp32Snapshot 000007fdb8a24260 12 bytes [48, B8, C9, 34, 30, 5C, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\system32\KERNEL32.dll!Process32NextW 000007fdb8a24814 12 bytes [48, B8, 89, C2, 30, 5C, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\system32\KERNELBASE.dll!CloseHandle 000007fdb6b91580 12 bytes [48, B8, 09, 48, 30, 5C, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fdb6b928e9 11 bytes [b8, 49, B6, 30, 5C, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\system32\KERNELBASE.dll!CreateMutexW + 1 000007fdb6b93411 11 bytes [b8, 49, 46, 30, 5C, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fdb6b94541 11 bytes [b8, 09, B8, 30, 5C, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\system32\KERNELBASE.dll!CreateProcessInternalW 000007fdb6b9b970 12 bytes [48, B8, 89, 28, 30, 5C, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fdb6baf590 12 bytes [48, B8, 89, B4, 30, 5C, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fdb6baf679 11 bytes [b8, C9, B2, 30, 5C, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fdb6bbb6dd 11 bytes [b8, 89, 44, 30, 5C, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory + 1 000007fdb6bf5c01 11 bytes [b8, 49, 38, 30, 5C, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputW + 1 000007fdb6c2b2ed 11 bytes [b8, C9, 6C, 30, 5C, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputA + 1 000007fdb6c2b30d 11 bytes [b8, 09, 6B, 30, 5C, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\system32\KERNELBASE.dll!ReadConsoleW 000007fdb6c2bcc0 12 bytes [48, B8, 49, 70, 30, 5C, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\system32\KERNELBASE.dll!ReadConsoleA 000007fdb6c2bd08 12 bytes [48, B8, 89, 6E, 30, 5C, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread 000007fdb6c3720c 12 bytes [48, B8, C9, 1F, 30, 5C, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\system32\KERNELBASE.dll!CreateThread 000007fdb6c37250 12 bytes [48, B8, 89, 36, 30, 5C, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fdb73ad138 12 bytes [48, B8, 49, 62, 30, 5C, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fdb73ad1c0 12 bytes [48, B8, 89, 60, 30, 5C, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW 000007fdb73ad350 12 bytes [48, B8, 09, 56, 30, 5C, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007fdb73ad3e8 12 bytes [48, B8, 49, 54, 30, 5C, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\system32\USER32.dll!PeekMessageW + 1 000007fdb8b510c1 11 bytes [b8, 49, 69, 30, 5C, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\system32\USER32.dll!CallNextHookEx + 1 000007fdb8b51881 11 bytes [b8, 89, 75, 30, 5C, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\system32\USER32.dll!GetMessageW 000007fdb8b51ed0 12 bytes [48, B8, C9, 65, 30, 5C, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx 000007fdb8b52120 6 bytes [48, B8, 49, 77, 30, 5C] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx + 8 000007fdb8b52128 4 bytes [00, 00, 50, C3] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\system32\USER32.dll!PostMessageW + 1 000007fdb8b524a1 11 bytes [b8, 49, D9, 30, 5C, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\system32\USER32.dll!PeekMessageA + 1 000007fdb8b55571 11 bytes [b8, 89, 67, 30, 5C, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\system32\USER32.dll!GetMessageA 000007fdb8b55720 12 bytes [48, B8, 09, 64, 30, 5C, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\system32\USER32.dll!UserClientDllInitialize + 1 000007fdb8b557b1 11 bytes [b8, 09, E9, 30, 5C, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\system32\USER32.dll!SetWindowTextW 000007fdb8b57430 12 bytes [48, B8, 89, A6, 30, 5C, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\system32\USER32.dll!FindWindowW 000007fdb8b5b160 12 bytes [48, B8, 49, BD, 30, 5C, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\system32\USER32.dll!SetWindowsHookExW 000007fdb8b5bee0 12 bytes [48, B8, 09, 1E, 30, 5C, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\system32\USER32.dll!CreateWindowExW + 1 000007fdb8b5c5b1 5 bytes [b8, 89, 98, 30, 5C] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\system32\USER32.dll!CreateWindowExW + 7 000007fdb8b5c5b7 5 bytes [00, 00, 00, 50, C3] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\system32\USER32.dll!PostMessageA + 1 000007fdb8b65061 11 bytes [b8, 89, D7, 30, 5C, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\system32\USER32.dll!CreateWindowExA + 1 000007fdb8b66261 5 bytes [b8, 49, 9A, 30, 5C] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\system32\USER32.dll!CreateWindowExA + 7 000007fdb8b66267 5 bytes [00, 00, 00, 50, C3] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\system32\USER32.dll!FindWindowExW 000007fdb8b685c0 12 bytes [48, B8, 09, BF, 30, 5C, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\system32\USER32.dll!FindWindowExA + 1 000007fdb8b68aa1 11 bytes [b8, 89, BB, 30, 5C, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\system32\USER32.dll!CreateDialogIndirectParamAorW + 1 000007fdb8b6da61 11 bytes [b8, C9, 9D, 30, 5C, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\system32\USER32.dll!DialogBoxIndirectParamAorW + 1 000007fdb8b7b8e1 11 bytes [b8, 89, 9F, 30, 5C, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\system32\USER32.dll!SetWindowsHookExA + 1 000007fdb8b81851 8 bytes [b8, 49, 1C, 30, 5C, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\system32\USER32.dll!SetWindowsHookExA + 10 000007fdb8b8185a 2 bytes [50, C3] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\system32\USER32.dll!MessageBoxExW + 1 000007fdb8bc02ed 11 bytes [b8, 09, A3, 30, 5C, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\system32\USER32.dll!MessageBoxExA + 1 000007fdb8bc0311 11 bytes [b8, 49, A1, 30, 5C, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\system32\USER32.dll!SetWindowTextA + 1 000007fdb8bc8211 11 bytes [b8, C9, A4, 30, 5C, 00, 00, ...] .text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\system32\shell32.dll!Shell_NotifyIconW + 1 000007fdb75dd181 11 bytes [b8, 09, 79, 30, 5C, 00, 00, ...] .text C:\Windows\system32\svchost.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 000007fdb9a32c60 6 bytes [48, B8, 09, DB, 30, 5C] .text C:\Windows\system32\svchost.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 000007fdb9a32c68 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000007fdb9a32cd0 6 bytes [48, B8, 49, C4, 30, 5C] .text C:\Windows\system32\svchost.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 000007fdb9a32cd8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000007fdb9a32da0 6 bytes [48, B8, 09, B1, 30, 5C] .text C:\Windows\system32\svchost.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 000007fdb9a32da8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fdb9a32e40 6 bytes [48, B8, C9, 2D, 30, 5C] .text C:\Windows\system32\svchost.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 000007fdb9a32e48 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000007fdb9a32e60 6 bytes [48, B8, C9, 18, 30, 5C] .text C:\Windows\system32\svchost.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000007fdb9a32e68 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000007fdb9a32e80 6 bytes [48, B8, 89, 1A, 30, 5C] .text C:\Windows\system32\svchost.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 000007fdb9a32e88 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fdb9a32ea0 6 bytes [48, B8, 49, AF, 30, 5C] .text C:\Windows\system32\svchost.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 000007fdb9a32ea8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fdb9a32f50 6 bytes [48, B8, 89, D7, 30, 5C] .text C:\Windows\system32\svchost.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 000007fdb9a32f58 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fdb9a32f80 6 bytes [48, B8, 49, 2A, 30, 5C] .text C:\Windows\system32\svchost.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 000007fdb9a32f88 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fdb9a32fa0 6 bytes [48, B8, 49, 31, 30, 5C] .text C:\Windows\system32\svchost.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 000007fdb9a32fa8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000007fdb9a33030 6 bytes [48, B8, 89, 2F, 30, 5C] .text C:\Windows\system32\svchost.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 000007fdb9a33038 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fdb9a33080 6 bytes [48, B8, C9, DC, 30, 5C] .text C:\Windows\system32\svchost.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 000007fdb9a33088 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 000007fdb9a330b0 6 bytes [48, B8, C9, 26, 30, 5C] .text C:\Windows\system32\svchost.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 000007fdb9a330b8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fdb9a330c0 6 bytes [48, B8, 49, 23, 30, 5C] .text C:\Windows\system32\svchost.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 000007fdb9a330c8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000007fdb9a33130 6 bytes [48, B8, 49, D9, 30, 5C] .text C:\Windows\system32\svchost.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000007fdb9a33138 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000007fdb9a331e1 6 bytes [48, B8, 49, E0, 30, 5C] .text C:\Windows\system32\svchost.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 000007fdb9a331e9 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fdb9a33641 6 bytes [48, B8, C9, D5, 30, 5C] .text C:\Windows\system32\svchost.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 000007fdb9a33649 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 000007fdb9a33691 6 bytes [48, B8, 09, 25, 30, 5C] .text C:\Windows\system32\svchost.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 000007fdb9a33699 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fdb9a336f1 6 bytes [48, B8, 89, 21, 30, 5C] .text C:\Windows\system32\svchost.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 000007fdb9a336f9 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fdb9a33ae1 6 bytes [48, B8, 09, C6, 30, 5C] .text C:\Windows\system32\svchost.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 000007fdb9a33ae9 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 000007fdb9a34041 6 bytes [48, B8, 09, 72, 30, 5C] .text C:\Windows\system32\svchost.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 000007fdb9a34049 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fdb9a34251 6 bytes [48, B8, 09, 2C, 30, 5C] .text C:\Windows\system32\svchost.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 000007fdb9a34259 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fdb9a34431 6 bytes [48, B8, C9, C7, 30, 5C] .text C:\Windows\system32\svchost.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 000007fdb9a34439 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fdb9a34541 6 bytes [48, B8, 89, DE, 30, 5C] .text C:\Windows\system32\svchost.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 000007fdb9a34549 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\svchost.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 000007fdb9a55bd1 11 bytes [b8, C9, 5E, 30, 5C, 00, 00, ...] .text C:\Windows\system32\svchost.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 000007fdb9af3be1 11 bytes [b8, C9, 73, 30, 5C, 00, 00, ...] .text C:\Windows\system32\svchost.exe[5348] C:\Windows\system32\KERNEL32.DLL!GetStartupInfoA + 1 000007fdb8a1d9bd 11 bytes [b8, 09, D4, 30, 5C, 00, 00, ...] .text C:\Windows\system32\svchost.exe[5348] C:\Windows\system32\KERNEL32.DLL!CreateToolhelp32Snapshot 000007fdb8a24260 12 bytes [48, B8, C9, 34, 30, 5C, 00, ...] .text C:\Windows\system32\svchost.exe[5348] C:\Windows\system32\KERNEL32.DLL!Process32NextW 000007fdb8a24814 12 bytes [48, B8, 89, C2, 30, 5C, 00, ...] .text C:\Windows\system32\svchost.exe[5348] C:\Windows\system32\KERNELBASE.dll!CloseHandle 000007fdb6b91580 12 bytes [48, B8, 09, 48, 30, 5C, 00, ...] .text C:\Windows\system32\svchost.exe[5348] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fdb6b928e9 11 bytes [b8, 49, B6, 30, 5C, 00, 00, ...] .text C:\Windows\system32\svchost.exe[5348] C:\Windows\system32\KERNELBASE.dll!CreateMutexW + 1 000007fdb6b93411 11 bytes [b8, 49, 46, 30, 5C, 00, 00, ...] .text C:\Windows\system32\svchost.exe[5348] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fdb6b94541 11 bytes [b8, 09, B8, 30, 5C, 00, 00, ...] .text C:\Windows\system32\svchost.exe[5348] C:\Windows\system32\KERNELBASE.dll!CreateProcessInternalW 000007fdb6b9b970 12 bytes [48, B8, 89, 28, 30, 5C, 00, ...] .text C:\Windows\system32\svchost.exe[5348] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fdb6baf590 12 bytes [48, B8, 89, B4, 30, 5C, 00, ...] .text C:\Windows\system32\svchost.exe[5348] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fdb6baf679 11 bytes [b8, C9, B2, 30, 5C, 00, 00, ...] .text C:\Windows\system32\svchost.exe[5348] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fdb6bbb6dd 11 bytes [b8, 89, 44, 30, 5C, 00, 00, ...] .text C:\Windows\system32\svchost.exe[5348] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory + 1 000007fdb6bf5c01 11 bytes [b8, 49, 38, 30, 5C, 00, 00, ...] .text C:\Windows\system32\svchost.exe[5348] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputW + 1 000007fdb6c2b2ed 11 bytes [b8, C9, 6C, 30, 5C, 00, 00, ...] .text C:\Windows\system32\svchost.exe[5348] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputA + 1 000007fdb6c2b30d 11 bytes [b8, 09, 6B, 30, 5C, 00, 00, ...] .text C:\Windows\system32\svchost.exe[5348] C:\Windows\system32\KERNELBASE.dll!ReadConsoleW 000007fdb6c2bcc0 12 bytes [48, B8, 49, 70, 30, 5C, 00, ...] .text C:\Windows\system32\svchost.exe[5348] C:\Windows\system32\KERNELBASE.dll!ReadConsoleA 000007fdb6c2bd08 12 bytes [48, B8, 89, 6E, 30, 5C, 00, ...] .text C:\Windows\system32\svchost.exe[5348] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread 000007fdb6c3720c 12 bytes [48, B8, C9, 1F, 30, 5C, 00, ...] .text C:\Windows\system32\svchost.exe[5348] C:\Windows\system32\KERNELBASE.dll!CreateThread 000007fdb6c37250 12 bytes [48, B8, 89, 36, 30, 5C, 00, ...] .text C:\Windows\system32\svchost.exe[5348] C:\Windows\system32\WS2_32.dll!closesocket 000007fdb8ce1cd0 10 bytes [48, B8, C9, AB, 30, 5C, 00, ...] .text C:\Windows\system32\svchost.exe[5348] C:\Windows\system32\WS2_32.dll!closesocket + 11 000007fdb8ce1cdb 1 byte [C3] .text C:\Windows\system32\svchost.exe[5348] C:\Windows\system32\WS2_32.dll!recv + 1 000007fdb8ce1f41 11 bytes [b8, C9, CE, 30, 5C, 00, 00, ...] .text C:\Windows\system32\svchost.exe[5348] C:\Windows\system32\WS2_32.dll!WSASocketW 000007fdb8ce24d0 12 bytes [48, B8, 09, AA, 30, 5C, 00, ...] .text C:\Windows\system32\svchost.exe[5348] C:\Windows\system32\WS2_32.dll!socket + 1 000007fdb8ce2a91 11 bytes [b8, 89, C9, 30, 5C, 00, 00, ...] .text C:\Windows\system32\svchost.exe[5348] C:\Windows\system32\WS2_32.dll!send + 1 000007fdb8ce3051 11 bytes [b8, 49, A8, 30, 5C, 00, 00, ...] .text C:\Windows\system32\svchost.exe[5348] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 000007fdb8ce3930 12 bytes [48, B8, 09, 95, 30, 5C, 00, ...] .text C:\Windows\system32\svchost.exe[5348] C:\Windows\system32\WS2_32.dll!connect 000007fdb8ce4940 12 bytes [48, B8, 09, 5D, 30, 5C, 00, ...] .text C:\Windows\system32\svchost.exe[5348] C:\Windows\system32\WS2_32.dll!gethostbyname 000007fdb8cee910 7 bytes [48, B8, C9, 96, 30, 5C, 00] .text C:\Windows\system32\svchost.exe[5348] C:\Windows\system32\WS2_32.dll!gethostbyname + 9 000007fdb8cee919 3 bytes [00, 50, C3] .text C:\Windows\system32\svchost.exe[5348] C:\Windows\system32\WS2_32.dll!WSASend + 1 000007fdb8cf2e81 11 bytes [b8, 89, AD, 30, 5C, 00, 00, ...] .text C:\Windows\system32\svchost.exe[5348] C:\Windows\system32\WS2_32.dll!WSARecv + 1 000007fdb8cf3141 11 bytes [b8, 89, D0, 30, 5C, 00, 00, ...] .text C:\Windows\system32\svchost.exe[5348] C:\Windows\system32\WS2_32.dll!WSAConnect + 1 000007fdb8cf76e1 11 bytes [b8, 09, CD, 30, 5C, 00, 00, ...] .text C:\Windows\system32\taskhost.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 000007fdb9a32c60 6 bytes [48, B8, 49, E0, 30, 5C] .text C:\Windows\system32\taskhost.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 000007fdb9a32c68 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000007fdb9a32cd0 6 bytes [48, B8, 49, C4, 30, 5C] .text C:\Windows\system32\taskhost.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 000007fdb9a32cd8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000007fdb9a32da0 6 bytes [48, B8, 09, B1, 30, 5C] .text C:\Windows\system32\taskhost.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 000007fdb9a32da8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fdb9a32e40 6 bytes [48, B8, C9, 2D, 30, 5C] .text C:\Windows\system32\taskhost.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 000007fdb9a32e48 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000007fdb9a32e60 6 bytes [48, B8, C9, 18, 30, 5C] .text C:\Windows\system32\taskhost.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000007fdb9a32e68 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000007fdb9a32e80 6 bytes [48, B8, 89, 1A, 30, 5C] .text C:\Windows\system32\taskhost.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 000007fdb9a32e88 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fdb9a32ea0 6 bytes [48, B8, 49, AF, 30, 5C] .text C:\Windows\system32\taskhost.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 000007fdb9a32ea8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fdb9a32f50 6 bytes [48, B8, C9, DC, 30, 5C] .text C:\Windows\system32\taskhost.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 000007fdb9a32f58 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fdb9a32f80 6 bytes [48, B8, 49, 2A, 30, 5C] .text C:\Windows\system32\taskhost.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 000007fdb9a32f88 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fdb9a32fa0 6 bytes [48, B8, 49, 31, 30, 5C] .text C:\Windows\system32\taskhost.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 000007fdb9a32fa8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000007fdb9a33030 6 bytes [48, B8, 89, 2F, 30, 5C] .text C:\Windows\system32\taskhost.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 000007fdb9a33038 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fdb9a33080 6 bytes [48, B8, 09, E2, 30, 5C] .text C:\Windows\system32\taskhost.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 000007fdb9a33088 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 000007fdb9a330b0 6 bytes [48, B8, C9, 26, 30, 5C] .text C:\Windows\system32\taskhost.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 000007fdb9a330b8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fdb9a330c0 6 bytes [48, B8, 49, 23, 30, 5C] .text C:\Windows\system32\taskhost.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 000007fdb9a330c8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000007fdb9a33130 6 bytes [48, B8, 89, DE, 30, 5C] .text C:\Windows\system32\taskhost.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000007fdb9a33138 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000007fdb9a331e1 6 bytes [48, B8, 89, E5, 30, 5C] .text C:\Windows\system32\taskhost.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 000007fdb9a331e9 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fdb9a33641 6 bytes [48, B8, 09, DB, 30, 5C] .text C:\Windows\system32\taskhost.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 000007fdb9a33649 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 000007fdb9a33691 6 bytes [48, B8, 09, 25, 30, 5C] .text C:\Windows\system32\taskhost.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 000007fdb9a33699 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fdb9a336f1 6 bytes [48, B8, 89, 21, 30, 5C] .text C:\Windows\system32\taskhost.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 000007fdb9a336f9 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fdb9a33ae1 6 bytes [48, B8, 09, C6, 30, 5C] .text C:\Windows\system32\taskhost.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 000007fdb9a33ae9 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 000007fdb9a34041 6 bytes [48, B8, 09, 72, 30, 5C] .text C:\Windows\system32\taskhost.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 000007fdb9a34049 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fdb9a34251 6 bytes [48, B8, 09, 2C, 30, 5C] .text C:\Windows\system32\taskhost.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 000007fdb9a34259 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fdb9a34431 6 bytes [48, B8, C9, C7, 30, 5C] .text C:\Windows\system32\taskhost.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 000007fdb9a34439 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fdb9a34541 6 bytes [48, B8, C9, E3, 30, 5C] .text C:\Windows\system32\taskhost.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 000007fdb9a34549 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fdb9a34651 6 bytes [48, B8, C9, D5, 30, 5C] .text C:\Windows\system32\taskhost.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 000007fdb9a34659 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 000007fdb9a55bd1 11 bytes [b8, C9, 5E, 30, 5C, 00, 00, ...] .text C:\Windows\system32\taskhost.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 000007fdb9af3be1 11 bytes [b8, C9, 73, 30, 5C, 00, 00, ...] .text C:\Windows\system32\taskhost.exe[4776] C:\Windows\system32\KERNEL32.DLL!GetStartupInfoA + 1 000007fdb8a1d9bd 11 bytes [b8, 09, D4, 30, 5C, 00, 00, ...] .text C:\Windows\system32\taskhost.exe[4776] C:\Windows\system32\KERNEL32.DLL!CreateToolhelp32Snapshot 000007fdb8a24260 12 bytes [48, B8, C9, 34, 30, 5C, 00, ...] .text C:\Windows\system32\taskhost.exe[4776] C:\Windows\system32\KERNEL32.DLL!Process32NextW 000007fdb8a24814 12 bytes [48, B8, 89, C2, 30, 5C, 00, ...] .text C:\Windows\system32\taskhost.exe[4776] C:\Windows\system32\KERNELBASE.dll!CloseHandle 000007fdb6b91580 12 bytes [48, B8, 09, 48, 30, 5C, 00, ...] .text C:\Windows\system32\taskhost.exe[4776] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fdb6b928e9 11 bytes [b8, 49, B6, 30, 5C, 00, 00, ...] .text C:\Windows\system32\taskhost.exe[4776] C:\Windows\system32\KERNELBASE.dll!CreateMutexW + 1 000007fdb6b93411 11 bytes [b8, 49, 46, 30, 5C, 00, 00, ...] .text C:\Windows\system32\taskhost.exe[4776] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fdb6b94541 11 bytes [b8, 09, B8, 30, 5C, 00, 00, ...] .text C:\Windows\system32\taskhost.exe[4776] C:\Windows\system32\KERNELBASE.dll!CreateProcessInternalW 000007fdb6b9b970 12 bytes [48, B8, 89, 28, 30, 5C, 00, ...] .text C:\Windows\system32\taskhost.exe[4776] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fdb6baf590 12 bytes [48, B8, 89, B4, 30, 5C, 00, ...] .text C:\Windows\system32\taskhost.exe[4776] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fdb6baf679 11 bytes [b8, C9, B2, 30, 5C, 00, 00, ...] .text C:\Windows\system32\taskhost.exe[4776] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fdb6bbb6dd 11 bytes [b8, 89, 44, 30, 5C, 00, 00, ...] .text C:\Windows\system32\taskhost.exe[4776] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory + 1 000007fdb6bf5c01 11 bytes [b8, 49, 38, 30, 5C, 00, 00, ...] .text C:\Windows\system32\taskhost.exe[4776] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputW + 1 000007fdb6c2b2ed 11 bytes [b8, C9, 6C, 30, 5C, 00, 00, ...] .text C:\Windows\system32\taskhost.exe[4776] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputA + 1 000007fdb6c2b30d 11 bytes [b8, 09, 6B, 30, 5C, 00, 00, ...] .text C:\Windows\system32\taskhost.exe[4776] C:\Windows\system32\KERNELBASE.dll!ReadConsoleW 000007fdb6c2bcc0 12 bytes [48, B8, 49, 70, 30, 5C, 00, ...] .text C:\Windows\system32\taskhost.exe[4776] C:\Windows\system32\KERNELBASE.dll!ReadConsoleA 000007fdb6c2bd08 12 bytes [48, B8, 89, 6E, 30, 5C, 00, ...] .text C:\Windows\system32\taskhost.exe[4776] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread 000007fdb6c3720c 12 bytes [48, B8, C9, 1F, 30, 5C, 00, ...] .text C:\Windows\system32\taskhost.exe[4776] C:\Windows\system32\KERNELBASE.dll!CreateThread 000007fdb6c37250 12 bytes [48, B8, 89, 36, 30, 5C, 00, ...] .text C:\Windows\system32\taskhost.exe[4776] C:\Windows\SYSTEM32\user32.dll!PeekMessageW + 1 000007fdb8b510c1 11 bytes [b8, 49, 69, 30, 5C, 00, 00, ...] .text C:\Windows\system32\taskhost.exe[4776] C:\Windows\SYSTEM32\user32.dll!CallNextHookEx + 1 000007fdb8b51881 11 bytes [b8, 89, 75, 30, 5C, 00, 00, ...] .text C:\Windows\system32\taskhost.exe[4776] C:\Windows\SYSTEM32\user32.dll!GetMessageW 000007fdb8b51ed0 12 bytes [48, B8, C9, 65, 30, 5C, 00, ...] .text C:\Windows\system32\taskhost.exe[4776] C:\Windows\SYSTEM32\user32.dll!UnhookWindowsHookEx 000007fdb8b52120 6 bytes [48, B8, 49, 77, 30, 5C] .text C:\Windows\system32\taskhost.exe[4776] C:\Windows\SYSTEM32\user32.dll!UnhookWindowsHookEx + 8 000007fdb8b52128 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[4776] C:\Windows\SYSTEM32\user32.dll!PostMessageW + 1 000007fdb8b524a1 11 bytes [b8, 49, D9, 30, 5C, 00, 00, ...] .text C:\Windows\system32\taskhost.exe[4776] C:\Windows\SYSTEM32\user32.dll!PeekMessageA + 1 000007fdb8b55571 11 bytes [b8, 89, 67, 30, 5C, 00, 00, ...] .text C:\Windows\system32\taskhost.exe[4776] C:\Windows\SYSTEM32\user32.dll!GetMessageA 000007fdb8b55720 12 bytes [48, B8, 09, 64, 30, 5C, 00, ...] .text C:\Windows\system32\taskhost.exe[4776] C:\Windows\SYSTEM32\user32.dll!UserClientDllInitialize + 1 000007fdb8b557b1 11 bytes [b8, 49, E7, 30, 5C, 00, 00, ...] .text C:\Windows\system32\taskhost.exe[4776] C:\Windows\SYSTEM32\user32.dll!SetWindowTextW 000007fdb8b57430 12 bytes [48, B8, 89, A6, 30, 5C, 00, ...] .text C:\Windows\system32\taskhost.exe[4776] C:\Windows\SYSTEM32\user32.dll!FindWindowW 000007fdb8b5b160 12 bytes [48, B8, 49, BD, 30, 5C, 00, ...] .text C:\Windows\system32\taskhost.exe[4776] C:\Windows\SYSTEM32\user32.dll!SetWindowsHookExW 000007fdb8b5bee0 12 bytes [48, B8, 09, 1E, 30, 5C, 00, ...] .text C:\Windows\system32\taskhost.exe[4776] C:\Windows\SYSTEM32\user32.dll!CreateWindowExW + 1 000007fdb8b5c5b1 5 bytes [b8, 89, 98, 30, 5C] .text C:\Windows\system32\taskhost.exe[4776] C:\Windows\SYSTEM32\user32.dll!CreateWindowExW + 7 000007fdb8b5c5b7 5 bytes [00, 00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[4776] C:\Windows\SYSTEM32\user32.dll!PostMessageA + 1 000007fdb8b65061 11 bytes [b8, 89, D7, 30, 5C, 00, 00, ...] .text C:\Windows\system32\taskhost.exe[4776] C:\Windows\SYSTEM32\user32.dll!CreateWindowExA + 1 000007fdb8b66261 5 bytes [b8, 49, 9A, 30, 5C] .text C:\Windows\system32\taskhost.exe[4776] C:\Windows\SYSTEM32\user32.dll!CreateWindowExA + 7 000007fdb8b66267 5 bytes [00, 00, 00, 50, C3] .text C:\Windows\system32\taskhost.exe[4776] C:\Windows\SYSTEM32\user32.dll!FindWindowExW 000007fdb8b685c0 12 bytes [48, B8, 09, BF, 30, 5C, 00, ...] .text C:\Windows\system32\taskhost.exe[4776] C:\Windows\SYSTEM32\user32.dll!FindWindowExA + 1 000007fdb8b68aa1 11 bytes [b8, 89, BB, 30, 5C, 00, 00, ...] .text C:\Windows\system32\taskhost.exe[4776] C:\Windows\SYSTEM32\user32.dll!CreateDialogIndirectParamAorW + 1 000007fdb8b6da61 11 bytes [b8, C9, 9D, 30, 5C, 00, 00, ...] .text C:\Windows\system32\taskhost.exe[4776] C:\Windows\SYSTEM32\user32.dll!DialogBoxIndirectParamAorW + 1 000007fdb8b7b8e1 11 bytes [b8, 89, 9F, 30, 5C, 00, 00, ...] .text C:\Windows\system32\taskhost.exe[4776] C:\Windows\SYSTEM32\user32.dll!SetWindowsHookExA + 1 000007fdb8b81851 8 bytes [b8, 49, 1C, 30, 5C, 00, 00, ...] .text C:\Windows\system32\taskhost.exe[4776] C:\Windows\SYSTEM32\user32.dll!SetWindowsHookExA + 10 000007fdb8b8185a 2 bytes [50, C3] .text C:\Windows\system32\taskhost.exe[4776] C:\Windows\SYSTEM32\user32.dll!MessageBoxExW + 1 000007fdb8bc02ed 11 bytes [b8, 09, A3, 30, 5C, 00, 00, ...] .text C:\Windows\system32\taskhost.exe[4776] C:\Windows\SYSTEM32\user32.dll!MessageBoxExA + 1 000007fdb8bc0311 11 bytes [b8, 49, A1, 30, 5C, 00, 00, ...] .text C:\Windows\system32\taskhost.exe[4776] C:\Windows\SYSTEM32\user32.dll!SetWindowTextA + 1 000007fdb8bc8211 11 bytes [b8, C9, A4, 30, 5C, 00, 00, ...] .text C:\Windows\system32\taskhost.exe[4776] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fdb73ad138 12 bytes [48, B8, 49, 62, 30, 5C, 00, ...] .text C:\Windows\system32\taskhost.exe[4776] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fdb73ad1c0 12 bytes [48, B8, 89, 60, 30, 5C, 00, ...] .text C:\Windows\system32\taskhost.exe[4776] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW 000007fdb73ad350 12 bytes [48, B8, 09, 56, 30, 5C, 00, ...] .text C:\Windows\system32\taskhost.exe[4776] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007fdb73ad3e8 12 bytes [48, B8, 49, 54, 30, 5C, 00, ...] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 000007fdb9a32c60 6 bytes [48, B8, 49, E0, 30, 5C] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 000007fdb9a32c68 4 bytes [00, 00, 50, C3] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000007fdb9a32cd0 6 bytes [48, B8, 49, C4, 30, 5C] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 000007fdb9a32cd8 4 bytes [00, 00, 50, C3] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000007fdb9a32da0 6 bytes [48, B8, 09, B1, 30, 5C] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 000007fdb9a32da8 4 bytes [00, 00, 50, C3] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fdb9a32e40 6 bytes [48, B8, C9, 2D, 30, 5C] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 000007fdb9a32e48 4 bytes [00, 00, 50, C3] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000007fdb9a32e60 6 bytes [48, B8, C9, 18, 30, 5C] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000007fdb9a32e68 4 bytes [00, 00, 50, C3] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000007fdb9a32e80 6 bytes [48, B8, 89, 1A, 30, 5C] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 000007fdb9a32e88 4 bytes [00, 00, 50, C3] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fdb9a32ea0 6 bytes [48, B8, 49, AF, 30, 5C] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 000007fdb9a32ea8 4 bytes [00, 00, 50, C3] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fdb9a32f50 6 bytes [48, B8, C9, DC, 30, 5C] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 000007fdb9a32f58 4 bytes [00, 00, 50, C3] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fdb9a32f80 6 bytes [48, B8, 49, 2A, 30, 5C] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 000007fdb9a32f88 4 bytes [00, 00, 50, C3] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fdb9a32fa0 6 bytes [48, B8, 49, 31, 30, 5C] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 000007fdb9a32fa8 4 bytes [00, 00, 50, C3] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000007fdb9a33030 6 bytes [48, B8, 89, 2F, 30, 5C] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 000007fdb9a33038 4 bytes [00, 00, 50, C3] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fdb9a33080 6 bytes [48, B8, 09, E2, 30, 5C] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 000007fdb9a33088 4 bytes [00, 00, 50, C3] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 000007fdb9a330b0 6 bytes [48, B8, C9, 26, 30, 5C] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 000007fdb9a330b8 4 bytes [00, 00, 50, C3] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fdb9a330c0 6 bytes [48, B8, 49, 23, 30, 5C] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 000007fdb9a330c8 4 bytes [00, 00, 50, C3] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000007fdb9a33130 6 bytes [48, B8, 89, DE, 30, 5C] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000007fdb9a33138 4 bytes [00, 00, 50, C3] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000007fdb9a331e1 6 bytes [48, B8, 89, E5, 30, 5C] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 000007fdb9a331e9 4 bytes [00, 00, 50, C3] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fdb9a33641 6 bytes [48, B8, 09, DB, 30, 5C] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 000007fdb9a33649 4 bytes [00, 00, 50, C3] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 000007fdb9a33691 6 bytes [48, B8, 09, 25, 30, 5C] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 000007fdb9a33699 4 bytes [00, 00, 50, C3] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fdb9a336f1 6 bytes [48, B8, 89, 21, 30, 5C] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 000007fdb9a336f9 4 bytes [00, 00, 50, C3] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fdb9a33ae1 6 bytes [48, B8, 09, C6, 30, 5C] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 000007fdb9a33ae9 4 bytes [00, 00, 50, C3] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 000007fdb9a34041 6 bytes [48, B8, 09, 72, 30, 5C] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 000007fdb9a34049 4 bytes [00, 00, 50, C3] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fdb9a34251 6 bytes [48, B8, 09, 2C, 30, 5C] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 000007fdb9a34259 4 bytes [00, 00, 50, C3] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fdb9a34431 6 bytes [48, B8, C9, C7, 30, 5C] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 000007fdb9a34439 4 bytes [00, 00, 50, C3] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fdb9a34541 6 bytes [48, B8, C9, E3, 30, 5C] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 000007fdb9a34549 4 bytes [00, 00, 50, C3] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fdb9a34651 6 bytes [48, B8, C9, D5, 30, 5C] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 000007fdb9a34659 4 bytes [00, 00, 50, C3] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 000007fdb9a55bd1 11 bytes [b8, C9, 5E, 30, 5C, 00, 00, ...] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 000007fdb9af3be1 11 bytes [b8, C9, 73, 30, 5C, 00, 00, ...] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\system32\KERNEL32.dll!GetStartupInfoA + 1 000007fdb8a1d9bd 11 bytes [b8, 09, D4, 30, 5C, 00, 00, ...] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\system32\KERNEL32.dll!CreateToolhelp32Snapshot 000007fdb8a24260 12 bytes [48, B8, C9, 34, 30, 5C, 00, ...] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\system32\KERNEL32.dll!Process32NextW 000007fdb8a24814 12 bytes [48, B8, 89, C2, 30, 5C, 00, ...] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\system32\KERNELBASE.dll!CloseHandle 000007fdb6b91580 12 bytes [48, B8, 09, 48, 30, 5C, 00, ...] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fdb6b928e9 11 bytes [b8, 49, B6, 30, 5C, 00, 00, ...] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\system32\KERNELBASE.dll!CreateMutexW + 1 000007fdb6b93411 11 bytes [b8, 49, 46, 30, 5C, 00, 00, ...] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fdb6b94541 11 bytes [b8, 09, B8, 30, 5C, 00, 00, ...] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\system32\KERNELBASE.dll!CreateProcessInternalW 000007fdb6b9b970 12 bytes [48, B8, 89, 28, 30, 5C, 00, ...] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fdb6baf590 12 bytes [48, B8, 89, B4, 30, 5C, 00, ...] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fdb6baf679 11 bytes [b8, C9, B2, 30, 5C, 00, 00, ...] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fdb6bbb6dd 11 bytes [b8, 89, 44, 30, 5C, 00, 00, ...] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory + 1 000007fdb6bf5c01 11 bytes [b8, 49, 38, 30, 5C, 00, 00, ...] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputW + 1 000007fdb6c2b2ed 11 bytes [b8, C9, 6C, 30, 5C, 00, 00, ...] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputA + 1 000007fdb6c2b30d 11 bytes [b8, 09, 6B, 30, 5C, 00, 00, ...] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\system32\KERNELBASE.dll!ReadConsoleW 000007fdb6c2bcc0 12 bytes [48, B8, 49, 70, 30, 5C, 00, ...] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\system32\KERNELBASE.dll!ReadConsoleA 000007fdb6c2bd08 12 bytes [48, B8, 89, 6E, 30, 5C, 00, ...] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread 000007fdb6c3720c 12 bytes [48, B8, C9, 1F, 30, 5C, 00, ...] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\system32\KERNELBASE.dll!CreateThread 000007fdb6c37250 12 bytes [48, B8, 89, 36, 30, 5C, 00, ...] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fdb73ad138 12 bytes [48, B8, 49, 62, 30, 5C, 00, ...] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fdb73ad1c0 12 bytes [48, B8, 89, 60, 30, 5C, 00, ...] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW 000007fdb73ad350 12 bytes [48, B8, 09, 56, 30, 5C, 00, ...] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007fdb73ad3e8 12 bytes [48, B8, 49, 54, 30, 5C, 00, ...] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\system32\USER32.dll!PeekMessageW + 1 000007fdb8b510c1 11 bytes [b8, 49, 69, 30, 5C, 00, 00, ...] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\system32\USER32.dll!CallNextHookEx + 1 000007fdb8b51881 11 bytes [b8, 89, 75, 30, 5C, 00, 00, ...] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\system32\USER32.dll!GetMessageW 000007fdb8b51ed0 12 bytes [48, B8, C9, 65, 30, 5C, 00, ...] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx 000007fdb8b52120 6 bytes [48, B8, 49, 77, 30, 5C] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx + 8 000007fdb8b52128 4 bytes [00, 00, 50, C3] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\system32\USER32.dll!PostMessageW + 1 000007fdb8b524a1 11 bytes [b8, 49, D9, 30, 5C, 00, 00, ...] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\system32\USER32.dll!PeekMessageA + 1 000007fdb8b55571 11 bytes [b8, 89, 67, 30, 5C, 00, 00, ...] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\system32\USER32.dll!GetMessageA 000007fdb8b55720 12 bytes [48, B8, 09, 64, 30, 5C, 00, ...] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\system32\USER32.dll!UserClientDllInitialize + 1 000007fdb8b557b1 11 bytes [b8, 09, E9, 30, 5C, 00, 00, ...] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\system32\USER32.dll!SetWindowTextW 000007fdb8b57430 12 bytes [48, B8, 89, A6, 30, 5C, 00, ...] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\system32\USER32.dll!FindWindowW 000007fdb8b5b160 12 bytes [48, B8, 49, BD, 30, 5C, 00, ...] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\system32\USER32.dll!SetWindowsHookExW 000007fdb8b5bee0 12 bytes [48, B8, 09, 1E, 30, 5C, 00, ...] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\system32\USER32.dll!CreateWindowExW + 1 000007fdb8b5c5b1 5 bytes [b8, 89, 98, 30, 5C] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\system32\USER32.dll!CreateWindowExW + 7 000007fdb8b5c5b7 5 bytes [00, 00, 00, 50, C3] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\system32\USER32.dll!PostMessageA + 1 000007fdb8b65061 11 bytes [b8, 89, D7, 30, 5C, 00, 00, ...] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\system32\USER32.dll!CreateWindowExA + 1 000007fdb8b66261 5 bytes [b8, 49, 9A, 30, 5C] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\system32\USER32.dll!CreateWindowExA + 7 000007fdb8b66267 5 bytes [00, 00, 00, 50, C3] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\system32\USER32.dll!FindWindowExW 000007fdb8b685c0 12 bytes [48, B8, 09, BF, 30, 5C, 00, ...] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\system32\USER32.dll!FindWindowExA + 1 000007fdb8b68aa1 11 bytes [b8, 89, BB, 30, 5C, 00, 00, ...] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\system32\USER32.dll!CreateDialogIndirectParamAorW + 1 000007fdb8b6da61 11 bytes [b8, C9, 9D, 30, 5C, 00, 00, ...] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\system32\USER32.dll!DialogBoxIndirectParamAorW + 1 000007fdb8b7b8e1 11 bytes [b8, 89, 9F, 30, 5C, 00, 00, ...] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\system32\USER32.dll!SetWindowsHookExA + 1 000007fdb8b81851 8 bytes [b8, 49, 1C, 30, 5C, 00, 00, ...] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\system32\USER32.dll!SetWindowsHookExA + 10 000007fdb8b8185a 2 bytes [50, C3] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\system32\USER32.dll!MessageBoxExW + 1 000007fdb8bc02ed 11 bytes [b8, 09, A3, 30, 5C, 00, 00, ...] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\system32\USER32.dll!MessageBoxExA + 1 000007fdb8bc0311 11 bytes [b8, 49, A1, 30, 5C, 00, 00, ...] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\system32\USER32.dll!SetWindowTextA + 1 000007fdb8bc8211 11 bytes [b8, C9, A4, 30, 5C, 00, 00, ...] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\system32\shell32.dll!Shell_NotifyIconW + 1 000007fdb75dd181 11 bytes [b8, 09, 79, 30, 5C, 00, 00, ...] .text F:\PC-SOFT\Serveur HyperFileSQL\Manta64.exe[5980] C:\Windows\SYSTEM32\ntdll.dll!NtReadFile 000007fdb9a32c40 6 bytes [48, B8, 89, C9, BA, 5A] .text F:\PC-SOFT\Serveur HyperFileSQL\Manta64.exe[5980] C:\Windows\SYSTEM32\ntdll.dll!NtReadFile + 8 000007fdb9a32c48 4 bytes [00, 00, 50, C3] .text F:\PC-SOFT\Serveur HyperFileSQL\Manta64.exe[5980] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 000007fdb9a32c60 6 bytes [48, B8, 09, E2, BA, 5A] .text F:\PC-SOFT\Serveur HyperFileSQL\Manta64.exe[5980] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 000007fdb9a32c68 4 bytes [00, 00, 50, C3] .text F:\PC-SOFT\Serveur HyperFileSQL\Manta64.exe[5980] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000007fdb9a32cd0 6 bytes [48, B8, 49, C4, BA, 5A] .text F:\PC-SOFT\Serveur HyperFileSQL\Manta64.exe[5980] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 000007fdb9a32cd8 4 bytes [00, 00, 50, C3] .text F:\PC-SOFT\Serveur HyperFileSQL\Manta64.exe[5980] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000007fdb9a32da0 6 bytes [48, B8, 09, B1, BA, 5A] .text F:\PC-SOFT\Serveur HyperFileSQL\Manta64.exe[5980] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 000007fdb9a32da8 4 bytes [00, 00, 50, C3] .text F:\PC-SOFT\Serveur HyperFileSQL\Manta64.exe[5980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fdb9a32e40 6 bytes [48, B8, C9, 2D, BA, 5A] .text F:\PC-SOFT\Serveur HyperFileSQL\Manta64.exe[5980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 000007fdb9a32e48 4 bytes [00, 00, 50, C3] .text F:\PC-SOFT\Serveur HyperFileSQL\Manta64.exe[5980] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000007fdb9a32e60 6 bytes [48, B8, C9, 18, BA, 5A] .text F:\PC-SOFT\Serveur HyperFileSQL\Manta64.exe[5980] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000007fdb9a32e68 4 bytes [00, 00, 50, C3] .text F:\PC-SOFT\Serveur HyperFileSQL\Manta64.exe[5980] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000007fdb9a32e80 6 bytes [48, B8, 89, 1A, BA, 5A] .text F:\PC-SOFT\Serveur HyperFileSQL\Manta64.exe[5980] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 000007fdb9a32e88 4 bytes [00, 00, 50, C3] .text F:\PC-SOFT\Serveur HyperFileSQL\Manta64.exe[5980] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fdb9a32ea0 6 bytes [48, B8, 49, AF, BA, 5A] .text F:\PC-SOFT\Serveur HyperFileSQL\Manta64.exe[5980] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 000007fdb9a32ea8 4 bytes [00, 00, 50, C3] .text F:\PC-SOFT\Serveur HyperFileSQL\Manta64.exe[5980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fdb9a32f50 6 bytes [48, B8, 89, DE, BA, 5A] .text F:\PC-SOFT\Serveur HyperFileSQL\Manta64.exe[5980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 000007fdb9a32f58 4 bytes [00, 00, 50, C3] .text F:\PC-SOFT\Serveur HyperFileSQL\Manta64.exe[5980] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fdb9a32f80 6 bytes [48, B8, 49, 2A, BA, 5A] .text F:\PC-SOFT\Serveur HyperFileSQL\Manta64.exe[5980] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 000007fdb9a32f88 4 bytes [00, 00, 50, C3] .text F:\PC-SOFT\Serveur HyperFileSQL\Manta64.exe[5980] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fdb9a32fa0 6 bytes [48, B8, 49, 31, BA, 5A] .text F:\PC-SOFT\Serveur HyperFileSQL\Manta64.exe[5980] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 000007fdb9a32fa8 4 bytes [00, 00, 50, C3] .text F:\PC-SOFT\Serveur HyperFileSQL\Manta64.exe[5980] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000007fdb9a33030 6 bytes [48, B8, 89, 2F, BA, 5A] .text F:\PC-SOFT\Serveur HyperFileSQL\Manta64.exe[5980] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 000007fdb9a33038 4 bytes [00, 00, 50, C3] .text F:\PC-SOFT\Serveur HyperFileSQL\Manta64.exe[5980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fdb9a33080 6 bytes [48, B8, C9, E3, BA, 5A] .text F:\PC-SOFT\Serveur HyperFileSQL\Manta64.exe[5980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 000007fdb9a33088 4 bytes [00, 00, 50, C3] .text F:\PC-SOFT\Serveur HyperFileSQL\Manta64.exe[5980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 000007fdb9a330b0 6 bytes [48, B8, C9, 26, BA, 5A] .text F:\PC-SOFT\Serveur HyperFileSQL\Manta64.exe[5980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 000007fdb9a330b8 4 bytes [00, 00, 50, C3] .text F:\PC-SOFT\Serveur HyperFileSQL\Manta64.exe[5980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fdb9a330c0 6 bytes [48, B8, 49, 23, BA, 5A] .text F:\PC-SOFT\Serveur HyperFileSQL\Manta64.exe[5980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 000007fdb9a330c8 4 bytes [00, 00, 50, C3] .text F:\PC-SOFT\Serveur HyperFileSQL\Manta64.exe[5980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000007fdb9a33130 6 bytes [48, B8, 49, E0, BA, 5A] .text F:\PC-SOFT\Serveur HyperFileSQL\Manta64.exe[5980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000007fdb9a33138 4 bytes [00, 00, 50, C3] .text F:\PC-SOFT\Serveur HyperFileSQL\Manta64.exe[5980] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000007fdb9a331e1 6 bytes [48, B8, 49, E7, BA, 5A] .text F:\PC-SOFT\Serveur HyperFileSQL\Manta64.exe[5980] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 000007fdb9a331e9 4 bytes [00, 00, 50, C3] .text F:\PC-SOFT\Serveur HyperFileSQL\Manta64.exe[5980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fdb9a33641 6 bytes [48, B8, C9, DC, BA, 5A] .text F:\PC-SOFT\Serveur HyperFileSQL\Manta64.exe[5980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 000007fdb9a33649 4 bytes [00, 00, 50, C3] .text F:\PC-SOFT\Serveur HyperFileSQL\Manta64.exe[5980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 000007fdb9a33691 6 bytes [48, B8, 09, 25, BA, 5A] .text F:\PC-SOFT\Serveur HyperFileSQL\Manta64.exe[5980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 000007fdb9a33699 4 bytes [00, 00, 50, C3] .text F:\PC-SOFT\Serveur HyperFileSQL\Manta64.exe[5980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fdb9a336f1 6 bytes [48, B8, 89, 21, BA, 5A] .text F:\PC-SOFT\Serveur HyperFileSQL\Manta64.exe[5980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 000007fdb9a336f9 4 bytes [00, 00, 50, C3] .text F:\PC-SOFT\Serveur HyperFileSQL\Manta64.exe[5980] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fdb9a33ae1 6 bytes [48, B8, 09, C6, BA, 5A] .text F:\PC-SOFT\Serveur HyperFileSQL\Manta64.exe[5980] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 000007fdb9a33ae9 4 bytes [00, 00, 50, C3] .text F:\PC-SOFT\Serveur HyperFileSQL\Manta64.exe[5980] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 000007fdb9a34041 6 bytes [48, B8, 09, 72, BA, 5A] .text F:\PC-SOFT\Serveur HyperFileSQL\Manta64.exe[5980] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 000007fdb9a34049 4 bytes [00, 00, 50, C3] .text F:\PC-SOFT\Serveur HyperFileSQL\Manta64.exe[5980] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fdb9a34251 6 bytes [48, B8, 09, 2C, BA, 5A] .text F:\PC-SOFT\Serveur HyperFileSQL\Manta64.exe[5980] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 000007fdb9a34259 4 bytes [00, 00, 50, C3] .text F:\PC-SOFT\Serveur HyperFileSQL\Manta64.exe[5980] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fdb9a34431 6 bytes [48, B8, C9, C7, BA, 5A] .text F:\PC-SOFT\Serveur HyperFileSQL\Manta64.exe[5980] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 000007fdb9a34439 4 bytes [00, 00, 50, C3] .text F:\PC-SOFT\Serveur HyperFileSQL\Manta64.exe[5980] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fdb9a34541 6 bytes [48, B8, 89, E5, BA, 5A] .text F:\PC-SOFT\Serveur HyperFileSQL\Manta64.exe[5980] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 000007fdb9a34549 4 bytes [00, 00, 50, C3] .text F:\PC-SOFT\Serveur HyperFileSQL\Manta64.exe[5980] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fdb9a34651 6 bytes [48, B8, 89, D7, BA, 5A] .text F:\PC-SOFT\Serveur HyperFileSQL\Manta64.exe[5980] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 000007fdb9a34659 4 bytes [00, 00, 50, C3] .text F:\PC-SOFT\Serveur HyperFileSQL\Manta64.exe[5980] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 000007fdb9a55bd1 11 bytes [b8, C9, 5E, BA, 5A, 00, 00, ...] .text F:\PC-SOFT\Serveur HyperFileSQL\Manta64.exe[5980] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 000007fdb9af3be1 11 bytes [b8, C9, 73, BA, 5A, 00, 00, ...] .text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 000007fdb9a32c60 6 bytes [48, B8, 49, E0, BA, 5A] .text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 000007fdb9a32c68 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000007fdb9a32cd0 6 bytes [48, B8, 49, C4, BA, 5A] .text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 000007fdb9a32cd8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000007fdb9a32da0 6 bytes [48, B8, 09, B1, BA, 5A] .text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 000007fdb9a32da8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fdb9a32e40 6 bytes [48, B8, C9, 2D, BA, 5A] .text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 000007fdb9a32e48 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000007fdb9a32e60 6 bytes [48, B8, C9, 18, BA, 5A] .text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000007fdb9a32e68 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000007fdb9a32e80 6 bytes [48, B8, 89, 1A, BA, 5A] .text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 000007fdb9a32e88 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fdb9a32ea0 6 bytes [48, B8, 49, AF, BA, 5A] .text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 000007fdb9a32ea8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fdb9a32f50 6 bytes [48, B8, C9, DC, BA, 5A] .text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 000007fdb9a32f58 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fdb9a32f80 6 bytes [48, B8, 49, 2A, BA, 5A] .text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 000007fdb9a32f88 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fdb9a32fa0 6 bytes [48, B8, 49, 31, BA, 5A] .text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 000007fdb9a32fa8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000007fdb9a33030 6 bytes [48, B8, 89, 2F, BA, 5A] .text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 000007fdb9a33038 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fdb9a33080 6 bytes [48, B8, 09, E2, BA, 5A] .text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 000007fdb9a33088 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 000007fdb9a330b0 6 bytes [48, B8, C9, 26, BA, 5A] .text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 000007fdb9a330b8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fdb9a330c0 6 bytes [48, B8, 49, 23, BA, 5A] .text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 000007fdb9a330c8 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000007fdb9a33130 6 bytes [48, B8, 89, DE, BA, 5A] .text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000007fdb9a33138 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000007fdb9a331e1 6 bytes [48, B8, 89, E5, BA, 5A] .text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 000007fdb9a331e9 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fdb9a33641 6 bytes [48, B8, 09, DB, BA, 5A] .text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 000007fdb9a33649 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 000007fdb9a33691 6 bytes [48, B8, 09, 25, BA, 5A] .text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 000007fdb9a33699 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fdb9a336f1 6 bytes [48, B8, 89, 21, BA, 5A] .text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 000007fdb9a336f9 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fdb9a33ae1 6 bytes [48, B8, 09, C6, BA, 5A] .text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 000007fdb9a33ae9 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 000007fdb9a34041 6 bytes [48, B8, 09, 72, BA, 5A] .text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 000007fdb9a34049 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fdb9a34251 6 bytes [48, B8, 09, 2C, BA, 5A] .text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 000007fdb9a34259 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fdb9a34431 6 bytes [48, B8, C9, C7, BA, 5A] .text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 000007fdb9a34439 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fdb9a34541 6 bytes [48, B8, C9, E3, BA, 5A] .text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 000007fdb9a34549 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fdb9a34651 6 bytes [48, B8, C9, D5, BA, 5A] .text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 000007fdb9a34659 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 000007fdb9a55bd1 11 bytes [b8, C9, 5E, BA, 5A, 00, 00, ...] .text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 000007fdb9af3be1 11 bytes [b8, C9, 73, BA, 5A, 00, 00, ...] .text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\system32\KERNEL32.DLL!GetStartupInfoA + 1 000007fdb8a1d9bd 11 bytes [b8, 09, D4, BA, 5A, 00, 00, ...] .text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\system32\KERNEL32.DLL!CreateToolhelp32Snapshot 000007fdb8a24260 12 bytes [48, B8, C9, 34, BA, 5A, 00, ...] .text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\system32\KERNEL32.DLL!Process32NextW 000007fdb8a24814 12 bytes [48, B8, 89, C2, BA, 5A, 00, ...] .text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\system32\KERNELBASE.dll!CloseHandle 000007fdb6b91580 12 bytes [48, B8, 09, 48, BA, 5A, 00, ...] .text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fdb6b928e9 11 bytes [b8, 49, B6, BA, 5A, 00, 00, ...] .text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\system32\KERNELBASE.dll!CreateMutexW + 1 000007fdb6b93411 11 bytes [b8, 49, 46, BA, 5A, 00, 00, ...] .text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fdb6b94541 11 bytes [b8, 09, B8, BA, 5A, 00, 00, ...] .text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\system32\KERNELBASE.dll!CreateProcessInternalW 000007fdb6b9b970 12 bytes [48, B8, 89, 28, BA, 5A, 00, ...] .text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fdb6baf590 12 bytes [48, B8, 89, B4, BA, 5A, 00, ...] .text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fdb6baf679 11 bytes [b8, C9, B2, BA, 5A, 00, 00, ...] .text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fdb6bbb6dd 11 bytes [b8, 89, 44, BA, 5A, 00, 00, ...] .text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory + 1 000007fdb6bf5c01 11 bytes [b8, 49, 38, BA, 5A, 00, 00, ...] .text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputW + 1 000007fdb6c2b2ed 11 bytes [b8, C9, 6C, BA, 5A, 00, 00, ...] .text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputA + 1 000007fdb6c2b30d 11 bytes [b8, 09, 6B, BA, 5A, 00, 00, ...] .text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\system32\KERNELBASE.dll!ReadConsoleW 000007fdb6c2bcc0 12 bytes [48, B8, 49, 70, BA, 5A, 00, ...] .text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\system32\KERNELBASE.dll!ReadConsoleA 000007fdb6c2bd08 12 bytes [48, B8, 89, 6E, BA, 5A, 00, ...] .text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread 000007fdb6c3720c 12 bytes [48, B8, C9, 1F, BA, 5A, 00, ...] .text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\system32\KERNELBASE.dll!CreateThread 000007fdb6c37250 12 bytes [48, B8, 89, 36, BA, 5A, 00, ...] .text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\SYSTEM32\user32.dll!PeekMessageW + 1 000007fdb8b510c1 11 bytes [b8, 49, 69, BA, 5A, 00, 00, ...] .text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\SYSTEM32\user32.dll!CallNextHookEx + 1 000007fdb8b51881 11 bytes [b8, 89, 75, BA, 5A, 00, 00, ...] .text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\SYSTEM32\user32.dll!GetMessageW 000007fdb8b51ed0 12 bytes [48, B8, C9, 65, BA, 5A, 00, ...] .text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\SYSTEM32\user32.dll!UnhookWindowsHookEx 000007fdb8b52120 6 bytes [48, B8, 49, 77, BA, 5A] .text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\SYSTEM32\user32.dll!UnhookWindowsHookEx + 8 000007fdb8b52128 4 bytes [00, 00, 50, C3] .text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\SYSTEM32\user32.dll!PostMessageW + 1 000007fdb8b524a1 11 bytes [b8, 49, D9, BA, 5A, 00, 00, ...] .text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\SYSTEM32\user32.dll!PeekMessageA + 1 000007fdb8b55571 11 bytes [b8, 89, 67, BA, 5A, 00, 00, ...] .text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\SYSTEM32\user32.dll!GetMessageA 000007fdb8b55720 12 bytes [48, B8, 09, 64, BA, 5A, 00, ...] .text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\SYSTEM32\user32.dll!UserClientDllInitialize + 1 000007fdb8b557b1 11 bytes [b8, 49, E7, BA, 5A, 00, 00, ...] .text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\SYSTEM32\user32.dll!SetWindowTextW 000007fdb8b57430 12 bytes [48, B8, 89, A6, BA, 5A, 00, ...] .text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\SYSTEM32\user32.dll!FindWindowW 000007fdb8b5b160 12 bytes [48, B8, 49, BD, BA, 5A, 00, ...] .text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\SYSTEM32\user32.dll!SetWindowsHookExW 000007fdb8b5bee0 12 bytes [48, B8, 09, 1E, BA, 5A, 00, ...] .text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\SYSTEM32\user32.dll!CreateWindowExW + 1 000007fdb8b5c5b1 5 bytes [b8, 89, 98, BA, 5A] .text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\SYSTEM32\user32.dll!CreateWindowExW + 7 000007fdb8b5c5b7 5 bytes [00, 00, 00, 50, C3] .text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\SYSTEM32\user32.dll!PostMessageA + 1 000007fdb8b65061 11 bytes [b8, 89, D7, BA, 5A, 00, 00, ...] .text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\SYSTEM32\user32.dll!CreateWindowExA + 1 000007fdb8b66261 5 bytes [b8, 49, 9A, BA, 5A] .text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\SYSTEM32\user32.dll!CreateWindowExA + 7 000007fdb8b66267 5 bytes [00, 00, 00, 50, C3] .text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\SYSTEM32\user32.dll!FindWindowExW 000007fdb8b685c0 12 bytes [48, B8, 09, BF, BA, 5A, 00, ...] .text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\SYSTEM32\user32.dll!FindWindowExA + 1 000007fdb8b68aa1 11 bytes [b8, 89, BB, BA, 5A, 00, 00, ...] .text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\SYSTEM32\user32.dll!CreateDialogIndirectParamAorW + 1 000007fdb8b6da61 11 bytes [b8, C9, 9D, BA, 5A, 00, 00, ...] .text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\SYSTEM32\user32.dll!DialogBoxIndirectParamAorW + 1 000007fdb8b7b8e1 11 bytes [b8, 89, 9F, BA, 5A, 00, 00, ...] .text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\SYSTEM32\user32.dll!SetWindowsHookExA + 1 000007fdb8b81851 8 bytes [b8, 49, 1C, BA, 5A, 00, 00, ...] .text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\SYSTEM32\user32.dll!SetWindowsHookExA + 10 000007fdb8b8185a 2 bytes [50, C3] .text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\SYSTEM32\user32.dll!MessageBoxExW + 1 000007fdb8bc02ed 11 bytes [b8, 09, A3, BA, 5A, 00, 00, ...] .text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\SYSTEM32\user32.dll!MessageBoxExA + 1 000007fdb8bc0311 11 bytes [b8, 49, A1, BA, 5A, 00, 00, ...] .text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\SYSTEM32\user32.dll!SetWindowTextA + 1 000007fdb8bc8211 11 bytes [b8, C9, A4, BA, 5A, 00, 00, ...] .text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fdb73ad138 12 bytes [48, B8, 49, 62, BA, 5A, 00, ...] .text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fdb73ad1c0 12 bytes [48, B8, 89, 60, BA, 5A, 00, ...] .text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW 000007fdb73ad350 12 bytes [48, B8, 09, 56, BA, 5A, 00, ...] .text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007fdb73ad3e8 12 bytes [48, B8, 49, 54, BA, 5A, 00, ...] .text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\system32\SHELL32.dll!Shell_NotifyIconW + 1 000007fdb75dd181 11 bytes [b8, 09, 79, BA, 5A, 00, 00, ...] .text C:\Windows\Explorer.EXE[6912] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000007fdb9a32da0 6 bytes [48, B8, 89, 52, BA, 5A] .text C:\Windows\Explorer.EXE[6912] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 000007fdb9a32da8 4 bytes [00, 00, 50, C3] .text C:\Windows\Explorer.EXE[6912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fdb9a32e40 6 bytes [48, B8, C9, 2D, BA, 5A] .text C:\Windows\Explorer.EXE[6912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 000007fdb9a32e48 4 bytes [00, 00, 50, C3] .text C:\Windows\Explorer.EXE[6912] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000007fdb9a32e60 6 bytes [48, B8, C9, 18, BA, 5A] .text C:\Windows\Explorer.EXE[6912] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000007fdb9a32e68 4 bytes [00, 00, 50, C3] .text C:\Windows\Explorer.EXE[6912] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000007fdb9a32e80 6 bytes [48, B8, 89, 1A, BA, 5A] .text C:\Windows\Explorer.EXE[6912] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 000007fdb9a32e88 4 bytes [00, 00, 50, C3] .text C:\Windows\Explorer.EXE[6912] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fdb9a32ea0 6 bytes [48, B8, C9, 50, BA, 5A] .text C:\Windows\Explorer.EXE[6912] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 000007fdb9a32ea8 4 bytes [00, 00, 50, C3] .text C:\Windows\Explorer.EXE[6912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fdb9a32f50 6 bytes [48, B8, C9, 65, BA, 5A] .text C:\Windows\Explorer.EXE[6912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 000007fdb9a32f58 4 bytes [00, 00, 50, C3] .text C:\Windows\Explorer.EXE[6912] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fdb9a32f80 6 bytes [48, B8, 49, 2A, BA, 5A] .text C:\Windows\Explorer.EXE[6912] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 000007fdb9a32f88 4 bytes [00, 00, 50, C3] .text C:\Windows\Explorer.EXE[6912] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fdb9a32fa0 6 bytes [48, B8, 49, 31, BA, 5A] .text C:\Windows\Explorer.EXE[6912] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 000007fdb9a32fa8 4 bytes [00, 00, 50, C3] .text C:\Windows\Explorer.EXE[6912] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000007fdb9a33030 6 bytes [48, B8, 89, 2F, BA, 5A] .text C:\Windows\Explorer.EXE[6912] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 000007fdb9a33038 4 bytes [00, 00, 50, C3] .text C:\Windows\Explorer.EXE[6912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fdb9a33080 6 bytes [48, B8, 89, 67, BA, 5A] .text C:\Windows\Explorer.EXE[6912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 000007fdb9a33088 4 bytes [00, 00, 50, C3] .text C:\Windows\Explorer.EXE[6912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 000007fdb9a330b0 6 bytes [48, B8, C9, 26, BA, 5A] .text C:\Windows\Explorer.EXE[6912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 000007fdb9a330b8 4 bytes [00, 00, 50, C3] .text C:\Windows\Explorer.EXE[6912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fdb9a330c0 6 bytes [48, B8, 49, 23, BA, 5A] .text C:\Windows\Explorer.EXE[6912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 000007fdb9a330c8 4 bytes [00, 00, 50, C3] .text C:\Windows\Explorer.EXE[6912] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000007fdb9a331e1 6 bytes [48, B8, 09, 6B, BA, 5A] .text C:\Windows\Explorer.EXE[6912] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 000007fdb9a331e9 4 bytes [00, 00, 50, C3] .text C:\Windows\Explorer.EXE[6912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fdb9a33641 6 bytes [48, B8, 09, 64, BA, 5A] .text C:\Windows\Explorer.EXE[6912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 000007fdb9a33649 4 bytes [00, 00, 50, C3] .text C:\Windows\Explorer.EXE[6912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 000007fdb9a33691 6 bytes [48, B8, 09, 25, BA, 5A] .text C:\Windows\Explorer.EXE[6912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 000007fdb9a33699 4 bytes [00, 00, 50, C3] .text C:\Windows\Explorer.EXE[6912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fdb9a336f1 6 bytes [48, B8, 89, 21, BA, 5A] .text C:\Windows\Explorer.EXE[6912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 000007fdb9a336f9 4 bytes [00, 00, 50, C3] .text C:\Windows\Explorer.EXE[6912] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fdb9a33ae1 6 bytes [48, B8, 49, 54, BA, 5A] .text C:\Windows\Explorer.EXE[6912] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 000007fdb9a33ae9 4 bytes [00, 00, 50, C3] .text C:\Windows\Explorer.EXE[6912] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fdb9a34251 6 bytes [48, B8, 09, 2C, BA, 5A] .text C:\Windows\Explorer.EXE[6912] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 000007fdb9a34259 4 bytes [00, 00, 50, C3] .text C:\Windows\Explorer.EXE[6912] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fdb9a34431 6 bytes [48, B8, 09, 56, BA, 5A] .text C:\Windows\Explorer.EXE[6912] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 000007fdb9a34439 4 bytes [00, 00, 50, C3] .text C:\Windows\Explorer.EXE[6912] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fdb9a34541 6 bytes [48, B8, 49, 69, BA, 5A] .text C:\Windows\Explorer.EXE[6912] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 000007fdb9a34549 4 bytes [00, 00, 50, C3] .text C:\Windows\Explorer.EXE[6912] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fdb9a34651 6 bytes [48, B8, 49, 5B, BA, 5A] .text C:\Windows\Explorer.EXE[6912] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 000007fdb9a34659 4 bytes [00, 00, 50, C3] .text C:\Windows\Explorer.EXE[6912] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 000007fdb9a55bd1 11 bytes [b8, 89, 4B, BA, 5A, 00, 00, ...] .text C:\Windows\Explorer.EXE[6912] C:\Windows\system32\KERNEL32.DLL!GetStartupInfoA + 1 000007fdb8a1d9bd 11 bytes [b8, 89, 59, BA, 5A, 00, 00, ...] .text C:\Windows\Explorer.EXE[6912] C:\Windows\system32\KERNEL32.DLL!CreateToolhelp32Snapshot 000007fdb8a24260 12 bytes [48, B8, C9, 34, BA, 5A, 00, ...] .text C:\Windows\Explorer.EXE[6912] C:\Windows\system32\KERNELBASE.dll!CreateProcessInternalW 000007fdb6b9b970 12 bytes [48, B8, 89, 28, BA, 5A, 00, ...] .text C:\Windows\Explorer.EXE[6912] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory + 1 000007fdb6bf5c01 11 bytes [b8, 49, 38, BA, 5A, 00, 00, ...] .text C:\Windows\Explorer.EXE[6912] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread 000007fdb6c3720c 12 bytes [48, B8, C9, 1F, BA, 5A, 00, ...] .text C:\Windows\Explorer.EXE[6912] C:\Windows\system32\KERNELBASE.dll!CreateThread 000007fdb6c37250 12 bytes [48, B8, 89, 36, BA, 5A, 00, ...] .text C:\Windows\Explorer.EXE[6912] C:\Windows\SYSTEM32\advapi32.dll!CreateServiceW 000007fdb73ad138 12 bytes [48, B8, 09, 4F, BA, 5A, 00, ...] .text C:\Windows\Explorer.EXE[6912] C:\Windows\SYSTEM32\advapi32.dll!CreateServiceA 000007fdb73ad1c0 12 bytes [48, B8, 49, 4D, BA, 5A, 00, ...] .text C:\Windows\Explorer.EXE[6912] C:\Windows\SYSTEM32\advapi32.dll!ChangeServiceConfigW 000007fdb73ad350 12 bytes [48, B8, 49, 46, BA, 5A, 00, ...] .text C:\Windows\Explorer.EXE[6912] C:\Windows\SYSTEM32\advapi32.dll!ChangeServiceConfigA 000007fdb73ad3e8 12 bytes [48, B8, 89, 44, BA, 5A, 00, ...] .text C:\Windows\Explorer.EXE[6912] C:\Windows\system32\USER32.dll!GetMessageW 000007fdb8b51ed0 12 bytes [48, B8, C9, 5E, BA, 5A, 00, ...] .text C:\Windows\Explorer.EXE[6912] C:\Windows\system32\USER32.dll!PostMessageW + 1 000007fdb8b524a1 11 bytes [b8, 49, 62, BA, 5A, 00, 00, ...] .text C:\Windows\Explorer.EXE[6912] C:\Windows\system32\USER32.dll!GetMessageA 000007fdb8b55720 12 bytes [48, B8, 09, 5D, BA, 5A, 00, ...] .text C:\Windows\Explorer.EXE[6912] C:\Windows\system32\USER32.dll!UserClientDllInitialize + 1 000007fdb8b557b1 11 bytes [b8, 89, 6E, BA, 5A, 00, 00, ...] .text C:\Windows\Explorer.EXE[6912] C:\Windows\system32\USER32.dll!SetWindowsHookExW 000007fdb8b5bee0 12 bytes [48, B8, 09, 1E, BA, 5A, 00, ...] .text C:\Windows\Explorer.EXE[6912] C:\Windows\system32\USER32.dll!PostMessageA + 1 000007fdb8b65061 11 bytes [b8, 89, 60, BA, 5A, 00, 00, ...] .text C:\Windows\Explorer.EXE[6912] C:\Windows\system32\USER32.dll!SetWindowsHookExA + 1 000007fdb8b81851 8 bytes [b8, 49, 1C, BA, 5A, 00, 00, ...] .text C:\Windows\Explorer.EXE[6912] C:\Windows\system32\USER32.dll!SetWindowsHookExA + 10 000007fdb8b8185a 2 bytes [50, C3] .text C:\Windows\Explorer.EXE[6912] C:\Windows\system32\WS2_32.dll!connect 000007fdb8ce4940 12 bytes [48, B8, C9, 49, BA, 5A, 00, ...] ... Y a une suite.... au prochain post...