Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

Analyse rootkit via GMER

fbe66

Par fbe66
dans Analyses et éradication malwares

 Partager

Messages recommandés

fbe66 Junior Member

fbe66

Posté(e)
Posté(e)

Bonjour à tous,

 

Je suis à la recherche de logiciels Espions sur mon ordi, et ai donc utilisé GMER... Mais le résultat est assez Hallucinant. Voici le contenu présent dans l'onglet Rootkit/Malware... Pour info l'ordi a à peine 2 mois... Merci à tous de votre aide ...

 

 

GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-03-14 12:02:43
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000003a ST1000LM024_HN-M101MBB rev.2AR20002 931,51GB
Running: gmer.exe; Driver: C:\Users\UTILIS~1\AppData\Local\Temp\fwldypob.sys


---- User code sections - GMER 2.1 ----

.text C:\Windows\System32\svchost.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 000007fdb9a32c60 6 bytes [48, B8, 09, DB, 30, 5C]
.text C:\Windows\System32\svchost.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 000007fdb9a32c68 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\svchost.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000007fdb9a32cd0 6 bytes [48, B8, 49, C4, 30, 5C]
.text C:\Windows\System32\svchost.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 000007fdb9a32cd8 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\svchost.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000007fdb9a32da0 6 bytes [48, B8, 09, B1, 30, 5C]
.text C:\Windows\System32\svchost.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 000007fdb9a32da8 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\svchost.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fdb9a32e40 6 bytes [48, B8, C9, 2D, 30, 5C]
.text C:\Windows\System32\svchost.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 000007fdb9a32e48 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\svchost.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000007fdb9a32e60 6 bytes [48, B8, C9, 18, 30, 5C]
.text C:\Windows\System32\svchost.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000007fdb9a32e68 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\svchost.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000007fdb9a32e80 6 bytes [48, B8, 89, 1A, 30, 5C]
.text C:\Windows\System32\svchost.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 000007fdb9a32e88 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\svchost.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fdb9a32ea0 6 bytes [48, B8, 49, AF, 30, 5C]
.text C:\Windows\System32\svchost.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 000007fdb9a32ea8 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\svchost.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fdb9a32f50 6 bytes [48, B8, 89, D7, 30, 5C]
.text C:\Windows\System32\svchost.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 000007fdb9a32f58 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\svchost.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fdb9a32f80 6 bytes [48, B8, 49, 2A, 30, 5C]
.text C:\Windows\System32\svchost.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 000007fdb9a32f88 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\svchost.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fdb9a32fa0 6 bytes [48, B8, 49, 31, 30, 5C]
.text C:\Windows\System32\svchost.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 000007fdb9a32fa8 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\svchost.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000007fdb9a33030 6 bytes [48, B8, 89, 2F, 30, 5C]
.text C:\Windows\System32\svchost.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 000007fdb9a33038 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\svchost.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fdb9a33080 6 bytes [48, B8, C9, DC, 30, 5C]
.text C:\Windows\System32\svchost.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 000007fdb9a33088 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\svchost.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 000007fdb9a330b0 6 bytes [48, B8, C9, 26, 30, 5C]
.text C:\Windows\System32\svchost.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 000007fdb9a330b8 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\svchost.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fdb9a330c0 6 bytes [48, B8, 49, 23, 30, 5C]
.text C:\Windows\System32\svchost.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 000007fdb9a330c8 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\svchost.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000007fdb9a33130 6 bytes [48, B8, 49, D9, 30, 5C]
.text C:\Windows\System32\svchost.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000007fdb9a33138 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\svchost.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000007fdb9a331e1 6 bytes [48, B8, 49, E0, 30, 5C]
.text C:\Windows\System32\svchost.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 000007fdb9a331e9 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\svchost.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fdb9a33641 6 bytes [48, B8, C9, D5, 30, 5C]
.text C:\Windows\System32\svchost.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 000007fdb9a33649 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\svchost.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 000007fdb9a33691 6 bytes [48, B8, 09, 25, 30, 5C]
.text C:\Windows\System32\svchost.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 000007fdb9a33699 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\svchost.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fdb9a336f1 6 bytes [48, B8, 89, 21, 30, 5C]
.text C:\Windows\System32\svchost.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 000007fdb9a336f9 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\svchost.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fdb9a33ae1 6 bytes [48, B8, 09, C6, 30, 5C]
.text C:\Windows\System32\svchost.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 000007fdb9a33ae9 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\svchost.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 000007fdb9a34041 6 bytes [48, B8, 09, 72, 30, 5C]
.text C:\Windows\System32\svchost.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 000007fdb9a34049 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\svchost.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fdb9a34251 6 bytes [48, B8, 09, 2C, 30, 5C]
.text C:\Windows\System32\svchost.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 000007fdb9a34259 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\svchost.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fdb9a34431 6 bytes [48, B8, C9, C7, 30, 5C]
.text C:\Windows\System32\svchost.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 000007fdb9a34439 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\svchost.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fdb9a34541 6 bytes [48, B8, 89, DE, 30, 5C]
.text C:\Windows\System32\svchost.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 000007fdb9a34549 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\svchost.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 000007fdb9a55bd1 11 bytes [b8, C9, 5E, 30, 5C, 00, 00, ...]
.text C:\Windows\System32\svchost.exe[1384] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 000007fdb9af3be1 11 bytes [b8, C9, 73, 30, 5C, 00, 00, ...]
.text C:\Windows\System32\svchost.exe[1384] C:\Windows\system32\KERNEL32.DLL!GetStartupInfoA + 1 000007fdb8a1d9bd 11 bytes [b8, 09, D4, 30, 5C, 00, 00, ...]
.text C:\Windows\System32\svchost.exe[1384] C:\Windows\system32\KERNEL32.DLL!CreateToolhelp32Snapshot 000007fdb8a24260 12 bytes [48, B8, C9, 34, 30, 5C, 00, ...]
.text C:\Windows\System32\svchost.exe[1384] C:\Windows\system32\KERNEL32.DLL!Process32NextW 000007fdb8a24814 12 bytes [48, B8, 89, C2, 30, 5C, 00, ...]
.text C:\Windows\System32\svchost.exe[1384] C:\Windows\system32\KERNELBASE.dll!CloseHandle 000007fdb6b91580 12 bytes [48, B8, 09, 48, 30, 5C, 00, ...]
.text C:\Windows\System32\svchost.exe[1384] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fdb6b928e9 11 bytes [b8, 49, B6, 30, 5C, 00, 00, ...]
.text C:\Windows\System32\svchost.exe[1384] C:\Windows\system32\KERNELBASE.dll!CreateMutexW + 1 000007fdb6b93411 11 bytes [b8, 49, 46, 30, 5C, 00, 00, ...]
.text C:\Windows\System32\svchost.exe[1384] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fdb6b94541 11 bytes [b8, 09, B8, 30, 5C, 00, 00, ...]
.text C:\Windows\System32\svchost.exe[1384] C:\Windows\system32\KERNELBASE.dll!CreateProcessInternalW 000007fdb6b9b970 12 bytes [48, B8, 89, 28, 30, 5C, 00, ...]
.text C:\Windows\System32\svchost.exe[1384] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fdb6baf590 12 bytes [48, B8, 89, B4, 30, 5C, 00, ...]
.text C:\Windows\System32\svchost.exe[1384] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fdb6baf679 11 bytes [b8, C9, B2, 30, 5C, 00, 00, ...]
.text C:\Windows\System32\svchost.exe[1384] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fdb6bbb6dd 11 bytes [b8, 89, 44, 30, 5C, 00, 00, ...]
.text C:\Windows\System32\svchost.exe[1384] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory + 1 000007fdb6bf5c01 11 bytes [b8, 49, 38, 30, 5C, 00, 00, ...]
.text C:\Windows\System32\svchost.exe[1384] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputW + 1 000007fdb6c2b2ed 11 bytes [b8, C9, 6C, 30, 5C, 00, 00, ...]
.text C:\Windows\System32\svchost.exe[1384] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputA + 1 000007fdb6c2b30d 11 bytes [b8, 09, 6B, 30, 5C, 00, 00, ...]
.text C:\Windows\System32\svchost.exe[1384] C:\Windows\system32\KERNELBASE.dll!ReadConsoleW 000007fdb6c2bcc0 12 bytes [48, B8, 49, 70, 30, 5C, 00, ...]
.text C:\Windows\System32\svchost.exe[1384] C:\Windows\system32\KERNELBASE.dll!ReadConsoleA 000007fdb6c2bd08 12 bytes [48, B8, 89, 6E, 30, 5C, 00, ...]
.text C:\Windows\System32\svchost.exe[1384] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread 000007fdb6c3720c 12 bytes [48, B8, C9, 1F, 30, 5C, 00, ...]
.text C:\Windows\System32\svchost.exe[1384] C:\Windows\system32\KERNELBASE.dll!CreateThread 000007fdb6c37250 12 bytes [48, B8, 89, 36, 30, 5C, 00, ...]
.text C:\Windows\System32\svchost.exe[1384] C:\Windows\SYSTEM32\user32.dll!PeekMessageW + 1 000007fdb8b510c1 11 bytes [b8, 49, 69, 30, 5C, 00, 00, ...]
.text C:\Windows\System32\svchost.exe[1384] C:\Windows\SYSTEM32\user32.dll!CallNextHookEx + 1 000007fdb8b51881 11 bytes [b8, 89, 75, 30, 5C, 00, 00, ...]
.text C:\Windows\System32\svchost.exe[1384] C:\Windows\SYSTEM32\user32.dll!GetMessageW 000007fdb8b51ed0 12 bytes [48, B8, C9, 65, 30, 5C, 00, ...]
.text C:\Windows\System32\svchost.exe[1384] C:\Windows\SYSTEM32\user32.dll!UnhookWindowsHookEx 000007fdb8b52120 6 bytes [48, B8, 49, 77, 30, 5C]
.text C:\Windows\System32\svchost.exe[1384] C:\Windows\SYSTEM32\user32.dll!UnhookWindowsHookEx + 8 000007fdb8b52128 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\svchost.exe[1384] C:\Windows\SYSTEM32\user32.dll!PeekMessageA + 1 000007fdb8b55571 11 bytes [b8, 89, 67, 30, 5C, 00, 00, ...]
.text C:\Windows\System32\svchost.exe[1384] C:\Windows\SYSTEM32\user32.dll!GetMessageA 000007fdb8b55720 12 bytes [48, B8, 09, 64, 30, 5C, 00, ...]
.text C:\Windows\System32\svchost.exe[1384] C:\Windows\SYSTEM32\user32.dll!UserClientDllInitialize + 1 000007fdb8b557b1 11 bytes [b8, 09, E2, 30, 5C, 00, 00, ...]
.text C:\Windows\System32\svchost.exe[1384] C:\Windows\SYSTEM32\user32.dll!SetWindowTextW 000007fdb8b57430 12 bytes [48, B8, 89, A6, 30, 5C, 00, ...]
.text C:\Windows\System32\svchost.exe[1384] C:\Windows\SYSTEM32\user32.dll!FindWindowW 000007fdb8b5b160 12 bytes [48, B8, 49, BD, 30, 5C, 00, ...]
.text C:\Windows\System32\svchost.exe[1384] C:\Windows\SYSTEM32\user32.dll!SetWindowsHookExW 000007fdb8b5bee0 12 bytes [48, B8, 09, 1E, 30, 5C, 00, ...]
.text C:\Windows\System32\svchost.exe[1384] C:\Windows\SYSTEM32\user32.dll!CreateWindowExW + 1 000007fdb8b5c5b1 5 bytes [b8, 89, 98, 30, 5C]
.text C:\Windows\System32\svchost.exe[1384] C:\Windows\SYSTEM32\user32.dll!CreateWindowExW + 7 000007fdb8b5c5b7 5 bytes [00, 00, 00, 50, C3]
.text C:\Windows\System32\svchost.exe[1384] C:\Windows\SYSTEM32\user32.dll!CreateWindowExA + 1 000007fdb8b66261 5 bytes [b8, 49, 9A, 30, 5C]
.text C:\Windows\System32\svchost.exe[1384] C:\Windows\SYSTEM32\user32.dll!CreateWindowExA + 7 000007fdb8b66267 5 bytes [00, 00, 00, 50, C3]
.text C:\Windows\System32\svchost.exe[1384] C:\Windows\SYSTEM32\user32.dll!FindWindowExW 000007fdb8b685c0 12 bytes [48, B8, 09, BF, 30, 5C, 00, ...]
.text C:\Windows\System32\svchost.exe[1384] C:\Windows\SYSTEM32\user32.dll!FindWindowExA + 1 000007fdb8b68aa1 11 bytes [b8, 89, BB, 30, 5C, 00, 00, ...]
.text C:\Windows\System32\svchost.exe[1384] C:\Windows\SYSTEM32\user32.dll!CreateDialogIndirectParamAorW + 1 000007fdb8b6da61 11 bytes [b8, C9, 9D, 30, 5C, 00, 00, ...]
.text C:\Windows\System32\svchost.exe[1384] C:\Windows\SYSTEM32\user32.dll!DialogBoxIndirectParamAorW + 1 000007fdb8b7b8e1 11 bytes [b8, 89, 9F, 30, 5C, 00, 00, ...]
.text C:\Windows\System32\svchost.exe[1384] C:\Windows\SYSTEM32\user32.dll!SetWindowsHookExA + 1 000007fdb8b81851 8 bytes [b8, 49, 1C, 30, 5C, 00, 00, ...]
.text C:\Windows\System32\svchost.exe[1384] C:\Windows\SYSTEM32\user32.dll!SetWindowsHookExA + 10 000007fdb8b8185a 2 bytes [50, C3]
.text C:\Windows\System32\svchost.exe[1384] C:\Windows\SYSTEM32\user32.dll!MessageBoxExW + 1 000007fdb8bc02ed 11 bytes [b8, 09, A3, 30, 5C, 00, 00, ...]
.text C:\Windows\System32\svchost.exe[1384] C:\Windows\SYSTEM32\user32.dll!MessageBoxExA + 1 000007fdb8bc0311 11 bytes [b8, 49, A1, 30, 5C, 00, 00, ...]
.text C:\Windows\System32\svchost.exe[1384] C:\Windows\SYSTEM32\user32.dll!SetWindowTextA + 1 000007fdb8bc8211 11 bytes [b8, C9, A4, 30, 5C, 00, 00, ...]
.text C:\Windows\System32\svchost.exe[1384] C:\Windows\system32\WS2_32.dll!closesocket 000007fdb8ce1cd0 10 bytes [48, B8, C9, AB, 30, 5C, 00, ...]
.text C:\Windows\System32\svchost.exe[1384] C:\Windows\system32\WS2_32.dll!closesocket + 11 000007fdb8ce1cdb 1 byte [C3]
.text C:\Windows\System32\svchost.exe[1384] C:\Windows\system32\WS2_32.dll!recv + 1 000007fdb8ce1f41 11 bytes [b8, C9, CE, 30, 5C, 00, 00, ...]
.text C:\Windows\System32\svchost.exe[1384] C:\Windows\system32\WS2_32.dll!WSASocketW 000007fdb8ce24d0 12 bytes [48, B8, 09, AA, 30, 5C, 00, ...]
.text C:\Windows\System32\svchost.exe[1384] C:\Windows\system32\WS2_32.dll!socket + 1 000007fdb8ce2a91 11 bytes [b8, 89, C9, 30, 5C, 00, 00, ...]
.text C:\Windows\System32\svchost.exe[1384] C:\Windows\system32\WS2_32.dll!send + 1 000007fdb8ce3051 11 bytes [b8, 49, A8, 30, 5C, 00, 00, ...]
.text C:\Windows\System32\svchost.exe[1384] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 000007fdb8ce3930 12 bytes [48, B8, 09, 95, 30, 5C, 00, ...]
.text C:\Windows\System32\svchost.exe[1384] C:\Windows\system32\WS2_32.dll!connect 000007fdb8ce4940 12 bytes [48, B8, 09, 5D, 30, 5C, 00, ...]
.text C:\Windows\System32\svchost.exe[1384] C:\Windows\system32\WS2_32.dll!gethostbyname 000007fdb8cee910 7 bytes [48, B8, C9, 96, 30, 5C, 00]
.text C:\Windows\System32\svchost.exe[1384] C:\Windows\system32\WS2_32.dll!gethostbyname + 9 000007fdb8cee919 3 bytes [00, 50, C3]
.text C:\Windows\System32\svchost.exe[1384] C:\Windows\system32\WS2_32.dll!WSASend + 1 000007fdb8cf2e81 11 bytes [b8, 89, AD, 30, 5C, 00, 00, ...]
.text C:\Windows\System32\svchost.exe[1384] C:\Windows\system32\WS2_32.dll!WSARecv + 1 000007fdb8cf3141 11 bytes [b8, 89, D0, 30, 5C, 00, 00, ...]
.text C:\Windows\System32\svchost.exe[1384] C:\Windows\system32\WS2_32.dll!WSAConnect + 1 000007fdb8cf76e1 11 bytes [b8, 09, CD, 30, 5C, 00, 00, ...]
.text C:\Windows\System32\svchost.exe[1384] C:\Windows\SYSTEM32\advapi32.dll!CreateServiceW 000007fdb73ad138 12 bytes [48, B8, 49, 62, 30, 5C, 00, ...]
.text C:\Windows\System32\svchost.exe[1384] C:\Windows\SYSTEM32\advapi32.dll!CreateServiceA 000007fdb73ad1c0 12 bytes [48, B8, 89, 60, 30, 5C, 00, ...]
.text C:\Windows\System32\svchost.exe[1384] C:\Windows\SYSTEM32\advapi32.dll!ChangeServiceConfigW 000007fdb73ad350 12 bytes [48, B8, 09, 56, 30, 5C, 00, ...]
.text C:\Windows\System32\svchost.exe[1384] C:\Windows\SYSTEM32\advapi32.dll!ChangeServiceConfigA 000007fdb73ad3e8 12 bytes [48, B8, 49, 54, 30, 5C, 00, ...]
.text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 000007fdb9a32c60 6 bytes [48, B8, 49, E0, 30, 5C]
.text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 000007fdb9a32c68 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000007fdb9a32cd0 6 bytes [48, B8, 49, C4, 30, 5C]
.text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 000007fdb9a32cd8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000007fdb9a32da0 6 bytes [48, B8, 09, B1, 30, 5C]
.text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 000007fdb9a32da8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fdb9a32e40 6 bytes [48, B8, C9, 2D, 30, 5C]
.text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 000007fdb9a32e48 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000007fdb9a32e60 6 bytes [48, B8, C9, 18, 30, 5C]
.text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000007fdb9a32e68 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000007fdb9a32e80 6 bytes [48, B8, 89, 1A, 30, 5C]
.text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 000007fdb9a32e88 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fdb9a32ea0 6 bytes [48, B8, 49, AF, 30, 5C]
.text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 000007fdb9a32ea8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fdb9a32f50 6 bytes [48, B8, C9, DC, 30, 5C]
.text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 000007fdb9a32f58 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fdb9a32f80 6 bytes [48, B8, 49, 2A, 30, 5C]
.text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 000007fdb9a32f88 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fdb9a32fa0 6 bytes [48, B8, 49, 31, 30, 5C]
.text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 000007fdb9a32fa8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000007fdb9a33030 6 bytes [48, B8, 89, 2F, 30, 5C]
.text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 000007fdb9a33038 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fdb9a33080 6 bytes [48, B8, 09, E2, 30, 5C]
.text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 000007fdb9a33088 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 000007fdb9a330b0 6 bytes [48, B8, C9, 26, 30, 5C]
.text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 000007fdb9a330b8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fdb9a330c0 6 bytes [48, B8, 49, 23, 30, 5C]
.text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 000007fdb9a330c8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000007fdb9a33130 6 bytes [48, B8, 89, DE, 30, 5C]
.text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000007fdb9a33138 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000007fdb9a331e1 6 bytes [48, B8, 89, E5, 30, 5C]
.text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 000007fdb9a331e9 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fdb9a33641 6 bytes [48, B8, 09, DB, 30, 5C]
.text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 000007fdb9a33649 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 000007fdb9a33691 6 bytes [48, B8, 09, 25, 30, 5C]
.text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 000007fdb9a33699 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fdb9a336f1 6 bytes [48, B8, 89, 21, 30, 5C]
.text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 000007fdb9a336f9 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fdb9a33ae1 6 bytes [48, B8, 09, C6, 30, 5C]
.text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 000007fdb9a33ae9 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 000007fdb9a34041 6 bytes [48, B8, 09, 72, 30, 5C]
.text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 000007fdb9a34049 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fdb9a34251 6 bytes [48, B8, 09, 2C, 30, 5C]
.text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 000007fdb9a34259 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fdb9a34431 6 bytes [48, B8, C9, C7, 30, 5C]
.text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 000007fdb9a34439 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fdb9a34541 6 bytes [48, B8, C9, E3, 30, 5C]
.text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 000007fdb9a34549 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fdb9a34651 6 bytes [48, B8, C9, D5, 30, 5C]
.text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 000007fdb9a34659 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 000007fdb9a55bd1 11 bytes [b8, C9, 5E, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 000007fdb9af3be1 11 bytes [b8, C9, 73, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\system32\KERNEL32.DLL!GetStartupInfoA + 1 000007fdb8a1d9bd 11 bytes [b8, 09, D4, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\system32\KERNEL32.DLL!CreateToolhelp32Snapshot 000007fdb8a24260 12 bytes [48, B8, C9, 34, 30, 5C, 00, ...]
.text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\system32\KERNEL32.DLL!Process32NextW 000007fdb8a24814 12 bytes [48, B8, 89, C2, 30, 5C, 00, ...]
.text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\system32\KERNELBASE.dll!CloseHandle 000007fdb6b91580 12 bytes [48, B8, 09, 48, 30, 5C, 00, ...]
.text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fdb6b928e9 11 bytes [b8, 49, B6, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\system32\KERNELBASE.dll!CreateMutexW + 1 000007fdb6b93411 11 bytes [b8, 49, 46, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fdb6b94541 11 bytes [b8, 09, B8, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\system32\KERNELBASE.dll!CreateProcessInternalW 000007fdb6b9b970 12 bytes [48, B8, 89, 28, 30, 5C, 00, ...]
.text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fdb6baf590 12 bytes [48, B8, 89, B4, 30, 5C, 00, ...]
.text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fdb6baf679 11 bytes [b8, C9, B2, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fdb6bbb6dd 11 bytes [b8, 89, 44, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory + 1 000007fdb6bf5c01 11 bytes [b8, 49, 38, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputW + 1 000007fdb6c2b2ed 11 bytes [b8, C9, 6C, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputA + 1 000007fdb6c2b30d 11 bytes [b8, 09, 6B, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\system32\KERNELBASE.dll!ReadConsoleW 000007fdb6c2bcc0 12 bytes [48, B8, 49, 70, 30, 5C, 00, ...]
.text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\system32\KERNELBASE.dll!ReadConsoleA 000007fdb6c2bd08 12 bytes [48, B8, 89, 6E, 30, 5C, 00, ...]
.text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread 000007fdb6c3720c 12 bytes [48, B8, C9, 1F, 30, 5C, 00, ...]
.text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\system32\KERNELBASE.dll!CreateThread 000007fdb6c37250 12 bytes [48, B8, 89, 36, 30, 5C, 00, ...]
.text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\system32\USER32.dll!PeekMessageW + 1 000007fdb8b510c1 11 bytes [b8, 49, 69, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\system32\USER32.dll!CallNextHookEx + 1 000007fdb8b51881 11 bytes [b8, 89, 75, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\system32\USER32.dll!GetMessageW 000007fdb8b51ed0 12 bytes [48, B8, C9, 65, 30, 5C, 00, ...]
.text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx 000007fdb8b52120 6 bytes [48, B8, 49, 77, 30, 5C]
.text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx + 8 000007fdb8b52128 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\system32\USER32.dll!PostMessageW + 1 000007fdb8b524a1 11 bytes [b8, 49, D9, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\system32\USER32.dll!PeekMessageA + 1 000007fdb8b55571 11 bytes [b8, 89, 67, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\system32\USER32.dll!GetMessageA 000007fdb8b55720 12 bytes [48, B8, 09, 64, 30, 5C, 00, ...]
.text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\system32\USER32.dll!UserClientDllInitialize + 1 000007fdb8b557b1 11 bytes [b8, 49, E7, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\system32\USER32.dll!SetWindowTextW 000007fdb8b57430 12 bytes [48, B8, 89, A6, 30, 5C, 00, ...]
.text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\system32\USER32.dll!FindWindowW 000007fdb8b5b160 12 bytes [48, B8, 49, BD, 30, 5C, 00, ...]
.text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\system32\USER32.dll!SetWindowsHookExW 000007fdb8b5bee0 12 bytes [48, B8, 09, 1E, 30, 5C, 00, ...]
.text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\system32\USER32.dll!CreateWindowExW + 1 000007fdb8b5c5b1 5 bytes [b8, 89, 98, 30, 5C]
.text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\system32\USER32.dll!CreateWindowExW + 7 000007fdb8b5c5b7 5 bytes [00, 00, 00, 50, C3]
.text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\system32\USER32.dll!PostMessageA + 1 000007fdb8b65061 11 bytes [b8, 89, D7, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\system32\USER32.dll!CreateWindowExA + 1 000007fdb8b66261 5 bytes [b8, 49, 9A, 30, 5C]
.text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\system32\USER32.dll!CreateWindowExA + 7 000007fdb8b66267 5 bytes [00, 00, 00, 50, C3]
.text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\system32\USER32.dll!FindWindowExW 000007fdb8b685c0 12 bytes [48, B8, 09, BF, 30, 5C, 00, ...]
.text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\system32\USER32.dll!FindWindowExA + 1 000007fdb8b68aa1 11 bytes [b8, 89, BB, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\system32\USER32.dll!CreateDialogIndirectParamAorW + 1 000007fdb8b6da61 11 bytes [b8, C9, 9D, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\system32\USER32.dll!DialogBoxIndirectParamAorW + 1 000007fdb8b7b8e1 11 bytes [b8, 89, 9F, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\system32\USER32.dll!SetWindowsHookExA + 1 000007fdb8b81851 8 bytes [b8, 49, 1C, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\system32\USER32.dll!SetWindowsHookExA + 10 000007fdb8b8185a 2 bytes [50, C3]
.text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\system32\USER32.dll!MessageBoxExW + 1 000007fdb8bc02ed 11 bytes [b8, 09, A3, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\system32\USER32.dll!MessageBoxExA + 1 000007fdb8bc0311 11 bytes [b8, 49, A1, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\Hpservice.exe[1512] C:\Windows\system32\USER32.dll!SetWindowTextA + 1 000007fdb8bc8211 11 bytes [b8, C9, A4, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 000007fdb9a32c60 6 bytes [48, B8, 09, DB, 30, 5C]
.text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 000007fdb9a32c68 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000007fdb9a32cd0 6 bytes [48, B8, 49, C4, 30, 5C]
.text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 000007fdb9a32cd8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000007fdb9a32da0 6 bytes [48, B8, 09, B1, 30, 5C]
.text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 000007fdb9a32da8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fdb9a32e40 6 bytes [48, B8, C9, 2D, 30, 5C]
.text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 000007fdb9a32e48 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000007fdb9a32e60 6 bytes [48, B8, C9, 18, 30, 5C]
.text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000007fdb9a32e68 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000007fdb9a32e80 6 bytes [48, B8, 89, 1A, 30, 5C]
.text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 000007fdb9a32e88 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fdb9a32ea0 6 bytes [48, B8, 49, AF, 30, 5C]
.text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 000007fdb9a32ea8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fdb9a32f50 6 bytes [48, B8, 89, D7, 30, 5C]
.text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 000007fdb9a32f58 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fdb9a32f80 6 bytes [48, B8, 49, 2A, 30, 5C]
.text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 000007fdb9a32f88 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fdb9a32fa0 6 bytes [48, B8, 49, 31, 30, 5C]
.text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 000007fdb9a32fa8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000007fdb9a33030 6 bytes [48, B8, 89, 2F, 30, 5C]
.text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 000007fdb9a33038 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fdb9a33080 6 bytes [48, B8, C9, DC, 30, 5C]
.text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 000007fdb9a33088 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 000007fdb9a330b0 6 bytes [48, B8, C9, 26, 30, 5C]
.text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 000007fdb9a330b8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fdb9a330c0 6 bytes [48, B8, 49, 23, 30, 5C]
.text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 000007fdb9a330c8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000007fdb9a33130 6 bytes [48, B8, 49, D9, 30, 5C]
.text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000007fdb9a33138 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000007fdb9a331e1 6 bytes [48, B8, 49, E0, 30, 5C]
.text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 000007fdb9a331e9 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fdb9a33641 6 bytes [48, B8, C9, D5, 30, 5C]
.text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 000007fdb9a33649 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 000007fdb9a33691 6 bytes [48, B8, 09, 25, 30, 5C]
.text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 000007fdb9a33699 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fdb9a336f1 6 bytes [48, B8, 89, 21, 30, 5C]
.text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 000007fdb9a336f9 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fdb9a33ae1 6 bytes [48, B8, 09, C6, 30, 5C]
.text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 000007fdb9a33ae9 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 000007fdb9a34041 6 bytes [48, B8, 09, 72, 30, 5C]
.text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 000007fdb9a34049 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fdb9a34251 6 bytes [48, B8, 09, 2C, 30, 5C]
.text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 000007fdb9a34259 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fdb9a34431 6 bytes [48, B8, C9, C7, 30, 5C]
.text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 000007fdb9a34439 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fdb9a34541 6 bytes [48, B8, 89, DE, 30, 5C]
.text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 000007fdb9a34549 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 000007fdb9a55bd1 11 bytes [b8, C9, 5E, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 000007fdb9af3be1 11 bytes [b8, C9, 73, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[1688] C:\Windows\system32\KERNEL32.DLL!GetStartupInfoA + 1 000007fdb8a1d9bd 11 bytes [b8, 09, D4, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[1688] C:\Windows\system32\KERNEL32.DLL!CreateToolhelp32Snapshot 000007fdb8a24260 12 bytes [48, B8, C9, 34, 30, 5C, 00, ...]
.text C:\Windows\system32\svchost.exe[1688] C:\Windows\system32\KERNEL32.DLL!Process32NextW 000007fdb8a24814 12 bytes [48, B8, 89, C2, 30, 5C, 00, ...]
.text C:\Windows\system32\svchost.exe[1688] C:\Windows\system32\KERNELBASE.dll!CloseHandle 000007fdb6b91580 12 bytes [48, B8, 09, 48, 30, 5C, 00, ...]
.text C:\Windows\system32\svchost.exe[1688] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fdb6b928e9 11 bytes [b8, 49, B6, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[1688] C:\Windows\system32\KERNELBASE.dll!CreateMutexW + 1 000007fdb6b93411 11 bytes [b8, 49, 46, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[1688] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fdb6b94541 11 bytes [b8, 09, B8, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[1688] C:\Windows\system32\KERNELBASE.dll!CreateProcessInternalW 000007fdb6b9b970 12 bytes [48, B8, 89, 28, 30, 5C, 00, ...]
.text C:\Windows\system32\svchost.exe[1688] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fdb6baf590 12 bytes [48, B8, 89, B4, 30, 5C, 00, ...]
.text C:\Windows\system32\svchost.exe[1688] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fdb6baf679 11 bytes [b8, C9, B2, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[1688] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fdb6bbb6dd 11 bytes [b8, 89, 44, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[1688] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory + 1 000007fdb6bf5c01 11 bytes [b8, 49, 38, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[1688] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputW + 1 000007fdb6c2b2ed 11 bytes [b8, C9, 6C, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[1688] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputA + 1 000007fdb6c2b30d 11 bytes [b8, 09, 6B, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[1688] C:\Windows\system32\KERNELBASE.dll!ReadConsoleW 000007fdb6c2bcc0 12 bytes [48, B8, 49, 70, 30, 5C, 00, ...]
.text C:\Windows\system32\svchost.exe[1688] C:\Windows\system32\KERNELBASE.dll!ReadConsoleA 000007fdb6c2bd08 12 bytes [48, B8, 89, 6E, 30, 5C, 00, ...]
.text C:\Windows\system32\svchost.exe[1688] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread 000007fdb6c3720c 12 bytes [48, B8, C9, 1F, 30, 5C, 00, ...]
.text C:\Windows\system32\svchost.exe[1688] C:\Windows\system32\KERNELBASE.dll!CreateThread 000007fdb6c37250 12 bytes [48, B8, 89, 36, 30, 5C, 00, ...]
.text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\user32.dll!PeekMessageW + 1 000007fdb8b510c1 11 bytes [b8, 49, 69, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\user32.dll!CallNextHookEx + 1 000007fdb8b51881 11 bytes [b8, 89, 75, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\user32.dll!GetMessageW 000007fdb8b51ed0 12 bytes [48, B8, C9, 65, 30, 5C, 00, ...]
.text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\user32.dll!UnhookWindowsHookEx 000007fdb8b52120 6 bytes [48, B8, 49, 77, 30, 5C]
.text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\user32.dll!UnhookWindowsHookEx + 8 000007fdb8b52128 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\user32.dll!PeekMessageA + 1 000007fdb8b55571 11 bytes [b8, 89, 67, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\user32.dll!GetMessageA 000007fdb8b55720 12 bytes [48, B8, 09, 64, 30, 5C, 00, ...]
.text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\user32.dll!UserClientDllInitialize + 1 000007fdb8b557b1 11 bytes [b8, 09, E2, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\user32.dll!SetWindowTextW 000007fdb8b57430 12 bytes [48, B8, 89, A6, 30, 5C, 00, ...]
.text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\user32.dll!FindWindowW 000007fdb8b5b160 12 bytes [48, B8, 49, BD, 30, 5C, 00, ...]
.text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\user32.dll!SetWindowsHookExW 000007fdb8b5bee0 12 bytes [48, B8, 09, 1E, 30, 5C, 00, ...]
.text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\user32.dll!CreateWindowExW + 1 000007fdb8b5c5b1 5 bytes [b8, 89, 98, 30, 5C]
.text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\user32.dll!CreateWindowExW + 7 000007fdb8b5c5b7 5 bytes [00, 00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\user32.dll!CreateWindowExA + 1 000007fdb8b66261 5 bytes [b8, 49, 9A, 30, 5C]
.text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\user32.dll!CreateWindowExA + 7 000007fdb8b66267 5 bytes [00, 00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\user32.dll!FindWindowExW 000007fdb8b685c0 12 bytes [48, B8, 09, BF, 30, 5C, 00, ...]
.text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\user32.dll!FindWindowExA + 1 000007fdb8b68aa1 11 bytes [b8, 89, BB, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\user32.dll!CreateDialogIndirectParamAorW + 1 000007fdb8b6da61 11 bytes [b8, C9, 9D, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\user32.dll!DialogBoxIndirectParamAorW + 1 000007fdb8b7b8e1 11 bytes [b8, 89, 9F, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\user32.dll!SetWindowsHookExA + 1 000007fdb8b81851 8 bytes [b8, 49, 1C, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\user32.dll!SetWindowsHookExA + 10 000007fdb8b8185a 2 bytes [50, C3]
.text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\user32.dll!MessageBoxExW + 1 000007fdb8bc02ed 11 bytes [b8, 09, A3, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\user32.dll!MessageBoxExA + 1 000007fdb8bc0311 11 bytes [b8, 49, A1, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[1688] C:\Windows\SYSTEM32\user32.dll!SetWindowTextA + 1 000007fdb8bc8211 11 bytes [b8, C9, A4, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[1688] C:\Windows\system32\WS2_32.dll!closesocket 000007fdb8ce1cd0 10 bytes [48, B8, C9, AB, 30, 5C, 00, ...]
.text C:\Windows\system32\svchost.exe[1688] C:\Windows\system32\WS2_32.dll!closesocket + 11 000007fdb8ce1cdb 1 byte [C3]
.text C:\Windows\system32\svchost.exe[1688] C:\Windows\system32\WS2_32.dll!recv + 1 000007fdb8ce1f41 11 bytes [b8, C9, CE, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[1688] C:\Windows\system32\WS2_32.dll!WSASocketW 000007fdb8ce24d0 12 bytes [48, B8, 09, AA, 30, 5C, 00, ...]
.text C:\Windows\system32\svchost.exe[1688] C:\Windows\system32\WS2_32.dll!socket + 1 000007fdb8ce2a91 11 bytes [b8, 89, C9, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[1688] C:\Windows\system32\WS2_32.dll!send + 1 000007fdb8ce3051 11 bytes [b8, 49, A8, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[1688] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 000007fdb8ce3930 12 bytes [48, B8, 09, 95, 30, 5C, 00, ...]
.text C:\Windows\system32\svchost.exe[1688] C:\Windows\system32\WS2_32.dll!connect 000007fdb8ce4940 12 bytes [48, B8, 09, 5D, 30, 5C, 00, ...]
.text C:\Windows\system32\svchost.exe[1688] C:\Windows\system32\WS2_32.dll!gethostbyname 000007fdb8cee910 7 bytes [48, B8, C9, 96, 30, 5C, 00]
.text C:\Windows\system32\svchost.exe[1688] C:\Windows\system32\WS2_32.dll!gethostbyname + 9 000007fdb8cee919 3 bytes [00, 50, C3]
.text C:\Windows\system32\svchost.exe[1688] C:\Windows\system32\WS2_32.dll!WSASend + 1 000007fdb8cf2e81 11 bytes [b8, 89, AD, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[1688] C:\Windows\system32\WS2_32.dll!WSARecv + 1 000007fdb8cf3141 11 bytes [b8, 89, D0, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[1688] C:\Windows\system32\WS2_32.dll!WSAConnect + 1 000007fdb8cf76e1 11 bytes [b8, 09, CD, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[1688] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fdb73ad138 12 bytes [48, B8, 49, 62, 30, 5C, 00, ...]
.text C:\Windows\system32\svchost.exe[1688] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fdb73ad1c0 12 bytes [48, B8, 89, 60, 30, 5C, 00, ...]
.text C:\Windows\system32\svchost.exe[1688] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW 000007fdb73ad350 12 bytes [48, B8, 09, 56, 30, 5C, 00, ...]
.text C:\Windows\system32\svchost.exe[1688] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007fdb73ad3e8 12 bytes [48, B8, 49, 54, 30, 5C, 00, ...]
.text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 000007fdb9a32c60 6 bytes [48, B8, 49, E0, 30, 5C]
.text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 000007fdb9a32c68 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000007fdb9a32cd0 6 bytes [48, B8, 49, C4, 30, 5C]
.text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 000007fdb9a32cd8 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000007fdb9a32da0 6 bytes [48, B8, 09, B1, 30, 5C]
.text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 000007fdb9a32da8 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fdb9a32e40 6 bytes [48, B8, C9, 2D, 30, 5C]
.text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 000007fdb9a32e48 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000007fdb9a32e60 6 bytes [48, B8, C9, 18, 30, 5C]
.text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000007fdb9a32e68 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000007fdb9a32e80 6 bytes [48, B8, 89, 1A, 30, 5C]
.text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 000007fdb9a32e88 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fdb9a32ea0 6 bytes [48, B8, 49, AF, 30, 5C]
.text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 000007fdb9a32ea8 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fdb9a32f50 6 bytes [48, B8, C9, DC, 30, 5C]
.text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 000007fdb9a32f58 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fdb9a32f80 6 bytes [48, B8, 49, 2A, 30, 5C]
.text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 000007fdb9a32f88 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fdb9a32fa0 6 bytes [48, B8, 49, 31, 30, 5C]
.text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 000007fdb9a32fa8 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000007fdb9a33030 6 bytes [48, B8, 89, 2F, 30, 5C]
.text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 000007fdb9a33038 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fdb9a33080 6 bytes [48, B8, 09, E2, 30, 5C]
.text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 000007fdb9a33088 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 000007fdb9a330b0 6 bytes [48, B8, C9, 26, 30, 5C]
.text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 000007fdb9a330b8 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fdb9a330c0 6 bytes [48, B8, 49, 23, 30, 5C]
.text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 000007fdb9a330c8 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000007fdb9a33130 6 bytes [48, B8, 89, DE, 30, 5C]
.text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000007fdb9a33138 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000007fdb9a331e1 6 bytes [48, B8, 89, E5, 30, 5C]
.text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 000007fdb9a331e9 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fdb9a33641 6 bytes [48, B8, 09, DB, 30, 5C]
.text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 000007fdb9a33649 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 000007fdb9a33691 6 bytes [48, B8, 09, 25, 30, 5C]
.text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 000007fdb9a33699 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fdb9a336f1 6 bytes [48, B8, 89, 21, 30, 5C]
.text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 000007fdb9a336f9 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fdb9a33ae1 6 bytes [48, B8, 09, C6, 30, 5C]
.text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 000007fdb9a33ae9 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 000007fdb9a34041 6 bytes [48, B8, 09, 72, 30, 5C]
.text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 000007fdb9a34049 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fdb9a34251 6 bytes [48, B8, 09, 2C, 30, 5C]
.text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 000007fdb9a34259 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fdb9a34431 6 bytes [48, B8, C9, C7, 30, 5C]
.text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 000007fdb9a34439 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fdb9a34541 6 bytes [48, B8, C9, E3, 30, 5C]
.text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 000007fdb9a34549 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fdb9a34651 6 bytes [48, B8, C9, D5, 30, 5C]
.text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 000007fdb9a34659 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 000007fdb9a55bd1 11 bytes [b8, C9, 5E, 30, 5C, 00, 00, ...]
.text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 000007fdb9af3be1 11 bytes [b8, C9, 73, 30, 5C, 00, 00, ...]
.text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\system32\KERNEL32.DLL!GetStartupInfoA + 1 000007fdb8a1d9bd 11 bytes [b8, 09, D4, 30, 5C, 00, 00, ...]
.text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\system32\KERNEL32.DLL!CreateToolhelp32Snapshot 000007fdb8a24260 12 bytes [48, B8, C9, 34, 30, 5C, 00, ...]
.text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\system32\KERNEL32.DLL!Process32NextW 000007fdb8a24814 12 bytes [48, B8, 89, C2, 30, 5C, 00, ...]
.text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\system32\KERNELBASE.dll!CloseHandle 000007fdb6b91580 12 bytes [48, B8, 09, 48, 30, 5C, 00, ...]
.text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fdb6b928e9 11 bytes [b8, 49, B6, 30, 5C, 00, 00, ...]
.text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\system32\KERNELBASE.dll!CreateMutexW + 1 000007fdb6b93411 11 bytes [b8, 49, 46, 30, 5C, 00, 00, ...]
.text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fdb6b94541 11 bytes [b8, 09, B8, 30, 5C, 00, 00, ...]
.text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\system32\KERNELBASE.dll!CreateProcessInternalW 000007fdb6b9b970 12 bytes [48, B8, 89, 28, 30, 5C, 00, ...]
.text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fdb6baf590 12 bytes [48, B8, 89, B4, 30, 5C, 00, ...]
.text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fdb6baf679 11 bytes [b8, C9, B2, 30, 5C, 00, 00, ...]
.text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fdb6bbb6dd 11 bytes [b8, 89, 44, 30, 5C, 00, 00, ...]
.text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory + 1 000007fdb6bf5c01 11 bytes [b8, 49, 38, 30, 5C, 00, 00, ...]
.text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputW + 1 000007fdb6c2b2ed 11 bytes [b8, C9, 6C, 30, 5C, 00, 00, ...]
.text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputA + 1 000007fdb6c2b30d 11 bytes [b8, 09, 6B, 30, 5C, 00, 00, ...]
.text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\system32\KERNELBASE.dll!ReadConsoleW 000007fdb6c2bcc0 12 bytes [48, B8, 49, 70, 30, 5C, 00, ...]
.text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\system32\KERNELBASE.dll!ReadConsoleA 000007fdb6c2bd08 12 bytes [48, B8, 89, 6E, 30, 5C, 00, ...]
.text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread 000007fdb6c3720c 12 bytes [48, B8, C9, 1F, 30, 5C, 00, ...]
.text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\system32\KERNELBASE.dll!CreateThread 000007fdb6c37250 12 bytes [48, B8, 89, 36, 30, 5C, 00, ...]
.text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\system32\USER32.dll!PeekMessageW + 1 000007fdb8b510c1 11 bytes [b8, 49, 69, 30, 5C, 00, 00, ...]
.text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\system32\USER32.dll!CallNextHookEx + 1 000007fdb8b51881 11 bytes [b8, 89, 75, 30, 5C, 00, 00, ...]
.text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\system32\USER32.dll!GetMessageW 000007fdb8b51ed0 12 bytes [48, B8, C9, 65, 30, 5C, 00, ...]
.text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx 000007fdb8b52120 6 bytes [48, B8, 49, 77, 30, 5C]
.text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx + 8 000007fdb8b52128 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\system32\USER32.dll!PostMessageW + 1 000007fdb8b524a1 11 bytes [b8, 49, D9, 30, 5C, 00, 00, ...]
.text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\system32\USER32.dll!PeekMessageA + 1 000007fdb8b55571 11 bytes [b8, 89, 67, 30, 5C, 00, 00, ...]
.text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\system32\USER32.dll!GetMessageA 000007fdb8b55720 12 bytes [48, B8, 09, 64, 30, 5C, 00, ...]
.text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\system32\USER32.dll!UserClientDllInitialize + 1 000007fdb8b557b1 11 bytes [b8, 49, E7, 30, 5C, 00, 00, ...]
.text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\system32\USER32.dll!SetWindowTextW 000007fdb8b57430 12 bytes [48, B8, 89, A6, 30, 5C, 00, ...]
.text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\system32\USER32.dll!FindWindowW 000007fdb8b5b160 12 bytes [48, B8, 49, BD, 30, 5C, 00, ...]
.text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\system32\USER32.dll!SetWindowsHookExW 000007fdb8b5bee0 12 bytes [48, B8, 09, 1E, 30, 5C, 00, ...]
.text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\system32\USER32.dll!CreateWindowExW + 1 000007fdb8b5c5b1 5 bytes [b8, 89, 98, 30, 5C]
.text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\system32\USER32.dll!CreateWindowExW + 7 000007fdb8b5c5b7 5 bytes [00, 00, 00, 50, C3]
.text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\system32\USER32.dll!PostMessageA + 1 000007fdb8b65061 11 bytes [b8, 89, D7, 30, 5C, 00, 00, ...]
.text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\system32\USER32.dll!CreateWindowExA + 1 000007fdb8b66261 5 bytes [b8, 49, 9A, 30, 5C]
.text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\system32\USER32.dll!CreateWindowExA + 7 000007fdb8b66267 5 bytes [00, 00, 00, 50, C3]
.text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\system32\USER32.dll!FindWindowExW 000007fdb8b685c0 12 bytes [48, B8, 09, BF, 30, 5C, 00, ...]
.text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\system32\USER32.dll!FindWindowExA + 1 000007fdb8b68aa1 11 bytes [b8, 89, BB, 30, 5C, 00, 00, ...]
.text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\system32\USER32.dll!CreateDialogIndirectParamAorW + 1 000007fdb8b6da61 11 bytes [b8, C9, 9D, 30, 5C, 00, 00, ...]
.text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\system32\USER32.dll!DialogBoxIndirectParamAorW + 1 000007fdb8b7b8e1 11 bytes [b8, 89, 9F, 30, 5C, 00, 00, ...]
.text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\system32\USER32.dll!SetWindowsHookExA + 1 000007fdb8b81851 8 bytes [b8, 49, 1C, 30, 5C, 00, 00, ...]
.text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\system32\USER32.dll!SetWindowsHookExA + 10 000007fdb8b8185a 2 bytes [50, C3]
.text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\system32\USER32.dll!MessageBoxExW + 1 000007fdb8bc02ed 11 bytes [b8, 09, A3, 30, 5C, 00, 00, ...]
.text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\system32\USER32.dll!MessageBoxExA + 1 000007fdb8bc0311 11 bytes [b8, 49, A1, 30, 5C, 00, 00, ...]
.text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\system32\USER32.dll!SetWindowTextA + 1 000007fdb8bc8211 11 bytes [b8, C9, A4, 30, 5C, 00, 00, ...]
.text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\system32\WS2_32.dll!closesocket 000007fdb8ce1cd0 10 bytes [48, B8, C9, AB, 30, 5C, 00, ...]
.text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\system32\WS2_32.dll!closesocket + 11 000007fdb8ce1cdb 1 byte [C3]
.text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\system32\WS2_32.dll!recv + 1 000007fdb8ce1f41 11 bytes [b8, C9, CE, 30, 5C, 00, 00, ...]
.text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\system32\WS2_32.dll!WSASocketW 000007fdb8ce24d0 12 bytes [48, B8, 09, AA, 30, 5C, 00, ...]
.text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\system32\WS2_32.dll!socket + 1 000007fdb8ce2a91 11 bytes [b8, 89, C9, 30, 5C, 00, 00, ...]
.text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\system32\WS2_32.dll!send + 1 000007fdb8ce3051 11 bytes [b8, 49, A8, 30, 5C, 00, 00, ...]
.text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 000007fdb8ce3930 12 bytes [48, B8, 09, 95, 30, 5C, 00, ...]
.text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\system32\WS2_32.dll!connect 000007fdb8ce4940 12 bytes [48, B8, 09, 5D, 30, 5C, 00, ...]
.text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\system32\WS2_32.dll!gethostbyname 000007fdb8cee910 7 bytes [48, B8, C9, 96, 30, 5C, 00]
.text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\system32\WS2_32.dll!gethostbyname + 9 000007fdb8cee919 3 bytes [00, 50, C3]
.text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\system32\WS2_32.dll!WSASend + 1 000007fdb8cf2e81 11 bytes [b8, 89, AD, 30, 5C, 00, 00, ...]
.text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\system32\WS2_32.dll!WSARecv + 1 000007fdb8cf3141 11 bytes [b8, 89, D0, 30, 5C, 00, 00, ...]
.text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\system32\WS2_32.dll!WSAConnect + 1 000007fdb8cf76e1 11 bytes [b8, 09, CD, 30, 5C, 00, 00, ...]
.text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\SYSTEM32\advapi32.dll!CreateServiceW 000007fdb73ad138 12 bytes [48, B8, 49, 62, 30, 5C, 00, ...]
.text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\SYSTEM32\advapi32.dll!CreateServiceA 000007fdb73ad1c0 12 bytes [48, B8, 89, 60, 30, 5C, 00, ...]
.text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\SYSTEM32\advapi32.dll!ChangeServiceConfigW 000007fdb73ad350 12 bytes [48, B8, 09, 56, 30, 5C, 00, ...]
.text C:\Windows\System32\spoolsv.exe[1952] C:\Windows\SYSTEM32\advapi32.dll!ChangeServiceConfigA 000007fdb73ad3e8 12 bytes [48, B8, 49, 54, 30, 5C, 00, ...]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 000007fdb9a32c60 6 bytes [48, B8, 09, DB, 30, 5C]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 000007fdb9a32c68 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000007fdb9a32cd0 6 bytes [48, B8, 49, C4, 30, 5C]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 000007fdb9a32cd8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000007fdb9a32da0 6 bytes [48, B8, 09, B1, 30, 5C]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 000007fdb9a32da8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fdb9a32e40 6 bytes [48, B8, C9, 2D, 30, 5C]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 000007fdb9a32e48 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000007fdb9a32e60 6 bytes [48, B8, C9, 18, 30, 5C]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000007fdb9a32e68 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000007fdb9a32e80 6 bytes [48, B8, 89, 1A, 30, 5C]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 000007fdb9a32e88 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fdb9a32ea0 6 bytes [48, B8, 49, AF, 30, 5C]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 000007fdb9a32ea8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fdb9a32f50 6 bytes [48, B8, 89, D7, 30, 5C]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 000007fdb9a32f58 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fdb9a32f80 6 bytes [48, B8, 49, 2A, 30, 5C]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 000007fdb9a32f88 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fdb9a32fa0 6 bytes [48, B8, 49, 31, 30, 5C]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 000007fdb9a32fa8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000007fdb9a33030 6 bytes [48, B8, 89, 2F, 30, 5C]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 000007fdb9a33038 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fdb9a33080 6 bytes [48, B8, C9, DC, 30, 5C]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 000007fdb9a33088 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 000007fdb9a330b0 6 bytes [48, B8, C9, 26, 30, 5C]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 000007fdb9a330b8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fdb9a330c0 6 bytes [48, B8, 49, 23, 30, 5C]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 000007fdb9a330c8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000007fdb9a33130 6 bytes [48, B8, 49, D9, 30, 5C]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000007fdb9a33138 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000007fdb9a331e1 6 bytes [48, B8, 49, E0, 30, 5C]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 000007fdb9a331e9 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fdb9a33641 6 bytes [48, B8, C9, D5, 30, 5C]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 000007fdb9a33649 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 000007fdb9a33691 6 bytes [48, B8, 09, 25, 30, 5C]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 000007fdb9a33699 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fdb9a336f1 6 bytes [48, B8, 89, 21, 30, 5C]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 000007fdb9a336f9 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fdb9a33ae1 6 bytes [48, B8, 09, C6, 30, 5C]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 000007fdb9a33ae9 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 000007fdb9a34041 6 bytes [48, B8, 09, 72, 30, 5C]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 000007fdb9a34049 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fdb9a34251 6 bytes [48, B8, 09, 2C, 30, 5C]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 000007fdb9a34259 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fdb9a34431 6 bytes [48, B8, C9, C7, 30, 5C]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 000007fdb9a34439 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fdb9a34541 6 bytes [48, B8, 89, DE, 30, 5C]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 000007fdb9a34549 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 000007fdb9a55bd1 11 bytes [b8, C9, 5E, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 000007fdb9af3be1 11 bytes [b8, C9, 73, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\system32\KERNEL32.DLL!GetStartupInfoA + 1 000007fdb8a1d9bd 11 bytes [b8, 09, D4, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\system32\KERNEL32.DLL!CreateToolhelp32Snapshot 000007fdb8a24260 12 bytes [48, B8, C9, 34, 30, 5C, 00, ...]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\system32\KERNEL32.DLL!Process32NextW 000007fdb8a24814 12 bytes [48, B8, 89, C2, 30, 5C, 00, ...]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\system32\KERNELBASE.dll!CloseHandle 000007fdb6b91580 12 bytes [48, B8, 09, 48, 30, 5C, 00, ...]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fdb6b928e9 11 bytes [b8, 49, B6, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\system32\KERNELBASE.dll!CreateMutexW + 1 000007fdb6b93411 11 bytes [b8, 49, 46, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fdb6b94541 11 bytes [b8, 09, B8, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\system32\KERNELBASE.dll!CreateProcessInternalW 000007fdb6b9b970 12 bytes [48, B8, 89, 28, 30, 5C, 00, ...]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fdb6baf590 12 bytes [48, B8, 89, B4, 30, 5C, 00, ...]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fdb6baf679 11 bytes [b8, C9, B2, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fdb6bbb6dd 11 bytes [b8, 89, 44, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory + 1 000007fdb6bf5c01 11 bytes [b8, 49, 38, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputW + 1 000007fdb6c2b2ed 11 bytes [b8, C9, 6C, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputA + 1 000007fdb6c2b30d 11 bytes [b8, 09, 6B, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\system32\KERNELBASE.dll!ReadConsoleW 000007fdb6c2bcc0 12 bytes [48, B8, 49, 70, 30, 5C, 00, ...]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\system32\KERNELBASE.dll!ReadConsoleA 000007fdb6c2bd08 12 bytes [48, B8, 89, 6E, 30, 5C, 00, ...]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread 000007fdb6c3720c 12 bytes [48, B8, C9, 1F, 30, 5C, 00, ...]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\system32\KERNELBASE.dll!CreateThread 000007fdb6c37250 12 bytes [48, B8, 89, 36, 30, 5C, 00, ...]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\user32.dll!PeekMessageW + 1 000007fdb8b510c1 11 bytes [b8, 49, 69, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\user32.dll!CallNextHookEx + 1 000007fdb8b51881 11 bytes [b8, 89, 75, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\user32.dll!GetMessageW 000007fdb8b51ed0 12 bytes [48, B8, C9, 65, 30, 5C, 00, ...]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\user32.dll!UnhookWindowsHookEx 000007fdb8b52120 6 bytes [48, B8, 49, 77, 30, 5C]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\user32.dll!UnhookWindowsHookEx + 8 000007fdb8b52128 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\user32.dll!PeekMessageA + 1 000007fdb8b55571 11 bytes [b8, 89, 67, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\user32.dll!GetMessageA 000007fdb8b55720 12 bytes [48, B8, 09, 64, 30, 5C, 00, ...]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\user32.dll!UserClientDllInitialize + 1 000007fdb8b557b1 11 bytes [b8, 09, E2, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\user32.dll!SetWindowTextW 000007fdb8b57430 12 bytes [48, B8, 89, A6, 30, 5C, 00, ...]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\user32.dll!FindWindowW 000007fdb8b5b160 12 bytes [48, B8, 49, BD, 30, 5C, 00, ...]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\user32.dll!SetWindowsHookExW 000007fdb8b5bee0 12 bytes [48, B8, 09, 1E, 30, 5C, 00, ...]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\user32.dll!CreateWindowExW + 1 000007fdb8b5c5b1 5 bytes [b8, 89, 98, 30, 5C]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\user32.dll!CreateWindowExW + 7 000007fdb8b5c5b7 5 bytes [00, 00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\user32.dll!CreateWindowExA + 1 000007fdb8b66261 5 bytes [b8, 49, 9A, 30, 5C]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\user32.dll!CreateWindowExA + 7 000007fdb8b66267 5 bytes [00, 00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\user32.dll!FindWindowExW 000007fdb8b685c0 12 bytes [48, B8, 09, BF, 30, 5C, 00, ...]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\user32.dll!FindWindowExA + 1 000007fdb8b68aa1 11 bytes [b8, 89, BB, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\user32.dll!CreateDialogIndirectParamAorW + 1 000007fdb8b6da61 11 bytes [b8, C9, 9D, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\user32.dll!DialogBoxIndirectParamAorW + 1 000007fdb8b7b8e1 11 bytes [b8, 89, 9F, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\user32.dll!SetWindowsHookExA + 1 000007fdb8b81851 8 bytes [b8, 49, 1C, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\user32.dll!SetWindowsHookExA + 10 000007fdb8b8185a 2 bytes [50, C3]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\user32.dll!MessageBoxExW + 1 000007fdb8bc02ed 11 bytes [b8, 09, A3, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\user32.dll!MessageBoxExA + 1 000007fdb8bc0311 11 bytes [b8, 49, A1, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\user32.dll!SetWindowTextA + 1 000007fdb8bc8211 11 bytes [b8, C9, A4, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\system32\WS2_32.dll!closesocket 000007fdb8ce1cd0 10 bytes [48, B8, C9, AB, 30, 5C, 00, ...]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\system32\WS2_32.dll!closesocket + 11 000007fdb8ce1cdb 1 byte [C3]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\system32\WS2_32.dll!recv + 1 000007fdb8ce1f41 11 bytes [b8, C9, CE, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\system32\WS2_32.dll!WSASocketW 000007fdb8ce24d0 12 bytes [48, B8, 09, AA, 30, 5C, 00, ...]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\system32\WS2_32.dll!socket + 1 000007fdb8ce2a91 11 bytes [b8, 89, C9, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\system32\WS2_32.dll!send + 1 000007fdb8ce3051 11 bytes [b8, 49, A8, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 000007fdb8ce3930 12 bytes [48, B8, 09, 95, 30, 5C, 00, ...]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\system32\WS2_32.dll!connect 000007fdb8ce4940 12 bytes [48, B8, 09, 5D, 30, 5C, 00, ...]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\system32\WS2_32.dll!gethostbyname 000007fdb8cee910 7 bytes [48, B8, C9, 96, 30, 5C, 00]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\system32\WS2_32.dll!gethostbyname + 9 000007fdb8cee919 3 bytes [00, 50, C3]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\system32\WS2_32.dll!WSASend + 1 000007fdb8cf2e81 11 bytes [b8, 89, AD, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\system32\WS2_32.dll!WSARecv + 1 000007fdb8cf3141 11 bytes [b8, 89, D0, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\system32\WS2_32.dll!WSAConnect + 1 000007fdb8cf76e1 11 bytes [b8, 09, CD, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\advapi32.dll!CreateServiceW 000007fdb73ad138 12 bytes [48, B8, 49, 62, 30, 5C, 00, ...]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\advapi32.dll!CreateServiceA 000007fdb73ad1c0 12 bytes [48, B8, 89, 60, 30, 5C, 00, ...]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\advapi32.dll!ChangeServiceConfigW 000007fdb73ad350 12 bytes [48, B8, 09, 56, 30, 5C, 00, ...]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\advapi32.dll!ChangeServiceConfigA 000007fdb73ad3e8 12 bytes [48, B8, 49, 54, 30, 5C, 00, ...]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\system32\urlmon.dll!URLDownloadToCacheFileW 000007fdb70e12f0 12 bytes [48, B8, 49, 5B, 30, 5C, 00, ...]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\system32\urlmon.dll!URLDownloadToFileW + 1 000007fdb70fba59 11 bytes [b8, 89, 59, 30, 5C, 00, 00, ...]
.text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 000007fdb9a32c60 6 bytes [48, B8, 49, E0, 30, 5C]
.text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 000007fdb9a32c68 4 bytes [00, 00, 50, C3]
.text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000007fdb9a32cd0 6 bytes [48, B8, 49, C4, 30, 5C]
.text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 000007fdb9a32cd8 4 bytes [00, 00, 50, C3]
.text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000007fdb9a32da0 6 bytes [48, B8, 09, B1, 30, 5C]
.text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 000007fdb9a32da8 4 bytes [00, 00, 50, C3]
.text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fdb9a32e40 6 bytes [48, B8, C9, 2D, 30, 5C]
.text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 000007fdb9a32e48 4 bytes [00, 00, 50, C3]
.text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000007fdb9a32e60 6 bytes [48, B8, C9, 18, 30, 5C]
.text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000007fdb9a32e68 4 bytes [00, 00, 50, C3]
.text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000007fdb9a32e80 6 bytes [48, B8, 89, 1A, 30, 5C]
.text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 000007fdb9a32e88 4 bytes [00, 00, 50, C3]
.text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fdb9a32ea0 6 bytes [48, B8, 49, AF, 30, 5C]
.text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 000007fdb9a32ea8 4 bytes [00, 00, 50, C3]
.text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fdb9a32f50 6 bytes [48, B8, C9, DC, 30, 5C]
.text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 000007fdb9a32f58 4 bytes [00, 00, 50, C3]
.text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fdb9a32f80 6 bytes [48, B8, 49, 2A, 30, 5C]
.text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 000007fdb9a32f88 4 bytes [00, 00, 50, C3]
.text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fdb9a32fa0 6 bytes [48, B8, 49, 31, 30, 5C]
.text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 000007fdb9a32fa8 4 bytes [00, 00, 50, C3]
.text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000007fdb9a33030 6 bytes [48, B8, 89, 2F, 30, 5C]
.text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 000007fdb9a33038 4 bytes [00, 00, 50, C3]
.text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fdb9a33080 6 bytes [48, B8, 09, E2, 30, 5C]
.text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 000007fdb9a33088 4 bytes [00, 00, 50, C3]
.text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 000007fdb9a330b0 6 bytes [48, B8, C9, 26, 30, 5C]
.text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 000007fdb9a330b8 4 bytes [00, 00, 50, C3]
.text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fdb9a330c0 6 bytes [48, B8, 49, 23, 30, 5C]
.text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 000007fdb9a330c8 4 bytes [00, 00, 50, C3]
.text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000007fdb9a33130 6 bytes [48, B8, 89, DE, 30, 5C]
.text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000007fdb9a33138 4 bytes [00, 00, 50, C3]
.text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000007fdb9a331e1 6 bytes [48, B8, 89, E5, 30, 5C]
.text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 000007fdb9a331e9 4 bytes [00, 00, 50, C3]
.text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fdb9a33641 6 bytes [48, B8, 09, DB, 30, 5C]
.text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 000007fdb9a33649 4 bytes [00, 00, 50, C3]
.text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 000007fdb9a33691 6 bytes [48, B8, 09, 25, 30, 5C]
.text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 000007fdb9a33699 4 bytes [00, 00, 50, C3]
.text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fdb9a336f1 6 bytes [48, B8, 89, 21, 30, 5C]
.text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 000007fdb9a336f9 4 bytes [00, 00, 50, C3]
.text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fdb9a33ae1 6 bytes [48, B8, 09, C6, 30, 5C]
.text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 000007fdb9a33ae9 4 bytes [00, 00, 50, C3]
.text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 000007fdb9a34041 6 bytes [48, B8, 09, 72, 30, 5C]
.text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 000007fdb9a34049 4 bytes [00, 00, 50, C3]
.text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fdb9a34251 6 bytes [48, B8, 09, 2C, 30, 5C]
.text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 000007fdb9a34259 4 bytes [00, 00, 50, C3]
.text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fdb9a34431 6 bytes [48, B8, C9, C7, 30, 5C]
.text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 000007fdb9a34439 4 bytes [00, 00, 50, C3]
.text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fdb9a34541 6 bytes [48, B8, C9, E3, 30, 5C]
.text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 000007fdb9a34549 4 bytes [00, 00, 50, C3]
.text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fdb9a34651 6 bytes [48, B8, C9, D5, 30, 5C]
.text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 000007fdb9a34659 4 bytes [00, 00, 50, C3]
.text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 000007fdb9a55bd1 11 bytes [b8, C9, 5E, 30, 5C, 00, 00, ...]
.text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 000007fdb9af3be1 11 bytes [b8, C9, 73, 30, 5C, 00, 00, ...]
.text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\system32\KERNEL32.DLL!GetStartupInfoA + 1 000007fdb8a1d9bd 11 bytes [b8, 09, D4, 30, 5C, 00, 00, ...]
.text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\system32\KERNEL32.DLL!CreateToolhelp32Snapshot 000007fdb8a24260 12 bytes [48, B8, C9, 34, 30, 5C, 00, ...]
.text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\system32\KERNEL32.DLL!Process32NextW 000007fdb8a24814 12 bytes [48, B8, 89, C2, 30, 5C, 00, ...]
.text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\system32\KERNELBASE.dll!CloseHandle 000007fdb6b91580 12 bytes [48, B8, 09, 48, 30, 5C, 00, ...]
.text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fdb6b928e9 11 bytes [b8, 49, B6, 30, 5C, 00, 00, ...]
.text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\system32\KERNELBASE.dll!CreateMutexW + 1 000007fdb6b93411 11 bytes [b8, 49, 46, 30, 5C, 00, 00, ...]
.text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fdb6b94541 11 bytes [b8, 09, B8, 30, 5C, 00, 00, ...]
.text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\system32\KERNELBASE.dll!CreateProcessInternalW 000007fdb6b9b970 12 bytes [48, B8, 89, 28, 30, 5C, 00, ...]
.text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fdb6baf590 12 bytes [48, B8, 89, B4, 30, 5C, 00, ...]
.text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fdb6baf679 11 bytes [b8, C9, B2, 30, 5C, 00, 00, ...]
.text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fdb6bbb6dd 11 bytes [b8, 89, 44, 30, 5C, 00, 00, ...]
.text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory + 1 000007fdb6bf5c01 11 bytes [b8, 49, 38, 30, 5C, 00, 00, ...]
.text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputW + 1 000007fdb6c2b2ed 11 bytes [b8, C9, 6C, 30, 5C, 00, 00, ...]
.text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputA + 1 000007fdb6c2b30d 11 bytes [b8, 09, 6B, 30, 5C, 00, 00, ...]
.text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\system32\KERNELBASE.dll!ReadConsoleW 000007fdb6c2bcc0 12 bytes [48, B8, 49, 70, 30, 5C, 00, ...]
.text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\system32\KERNELBASE.dll!ReadConsoleA 000007fdb6c2bd08 12 bytes [48, B8, 89, 6E, 30, 5C, 00, ...]
.text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread 000007fdb6c3720c 12 bytes [48, B8, C9, 1F, 30, 5C, 00, ...]
.text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\system32\KERNELBASE.dll!CreateThread 000007fdb6c37250 12 bytes [48, B8, 89, 36, 30, 5C, 00, ...]
.text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\system32\USER32.dll!PeekMessageW + 1 000007fdb8b510c1 11 bytes [b8, 49, 69, 30, 5C, 00, 00, ...]
.text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\system32\USER32.dll!CallNextHookEx + 1 000007fdb8b51881 11 bytes [b8, 89, 75, 30, 5C, 00, 00, ...]
.text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\system32\USER32.dll!GetMessageW 000007fdb8b51ed0 12 bytes [48, B8, C9, 65, 30, 5C, 00, ...]
.text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx 000007fdb8b52120 6 bytes [48, B8, 49, 77, 30, 5C]
.text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx + 8 000007fdb8b52128 4 bytes [00, 00, 50, C3]
.text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\system32\USER32.dll!PostMessageW + 1 000007fdb8b524a1 11 bytes [b8, 49, D9, 30, 5C, 00, 00, ...]
.text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\system32\USER32.dll!PeekMessageA + 1 000007fdb8b55571 11 bytes [b8, 89, 67, 30, 5C, 00, 00, ...]
.text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\system32\USER32.dll!GetMessageA 000007fdb8b55720 12 bytes [48, B8, 09, 64, 30, 5C, 00, ...]
.text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\system32\USER32.dll!UserClientDllInitialize + 1 000007fdb8b557b1 11 bytes [b8, 49, E7, 30, 5C, 00, 00, ...]
.text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\system32\USER32.dll!SetWindowTextW 000007fdb8b57430 12 bytes [48, B8, 89, A6, 30, 5C, 00, ...]
.text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\system32\USER32.dll!FindWindowW 000007fdb8b5b160 12 bytes [48, B8, 49, BD, 30, 5C, 00, ...]
.text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\system32\USER32.dll!SetWindowsHookExW 000007fdb8b5bee0 12 bytes [48, B8, 09, 1E, 30, 5C, 00, ...]
.text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\system32\USER32.dll!CreateWindowExW + 1 000007fdb8b5c5b1 5 bytes [b8, 89, 98, 30, 5C]
.text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\system32\USER32.dll!CreateWindowExW + 7 000007fdb8b5c5b7 5 bytes [00, 00, 00, 50, C3]
.text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\system32\USER32.dll!PostMessageA + 1 000007fdb8b65061 11 bytes [b8, 89, D7, 30, 5C, 00, 00, ...]
.text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\system32\USER32.dll!CreateWindowExA + 1 000007fdb8b66261 5 bytes [b8, 49, 9A, 30, 5C]
.text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\system32\USER32.dll!CreateWindowExA + 7 000007fdb8b66267 5 bytes [00, 00, 00, 50, C3]
.text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\system32\USER32.dll!FindWindowExW 000007fdb8b685c0 12 bytes [48, B8, 09, BF, 30, 5C, 00, ...]
.text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\system32\USER32.dll!FindWindowExA + 1 000007fdb8b68aa1 11 bytes [b8, 89, BB, 30, 5C, 00, 00, ...]
.text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\system32\USER32.dll!CreateDialogIndirectParamAorW + 1 000007fdb8b6da61 11 bytes [b8, C9, 9D, 30, 5C, 00, 00, ...]
.text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\system32\USER32.dll!DialogBoxIndirectParamAorW + 1 000007fdb8b7b8e1 11 bytes [b8, 89, 9F, 30, 5C, 00, 00, ...]
.text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\system32\USER32.dll!SetWindowsHookExA + 1 000007fdb8b81851 8 bytes [b8, 49, 1C, 30, 5C, 00, 00, ...]
.text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\system32\USER32.dll!SetWindowsHookExA + 10 000007fdb8b8185a 2 bytes [50, C3]
.text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\system32\USER32.dll!MessageBoxExW + 1 000007fdb8bc02ed 11 bytes [b8, 09, A3, 30, 5C, 00, 00, ...]
.text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\system32\USER32.dll!MessageBoxExA + 1 000007fdb8bc0311 11 bytes [b8, 49, A1, 30, 5C, 00, 00, ...]
.text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\system32\USER32.dll!SetWindowTextA + 1 000007fdb8bc8211 11 bytes [b8, C9, A4, 30, 5C, 00, 00, ...]
.text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fdb73ad138 12 bytes [48, B8, 49, 62, 30, 5C, 00, ...]
.text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fdb73ad1c0 12 bytes [48, B8, 89, 60, 30, 5C, 00, ...]
.text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW 000007fdb73ad350 12 bytes [48, B8, 09, 56, 30, 5C, 00, ...]
.text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007fdb73ad3e8 12 bytes [48, B8, 49, 54, 30, 5C, 00, ...]
.text C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe[1680] C:\Windows\system32\SHELL32.dll!Shell_NotifyIconW + 1 000007fdb75dd181 11 bytes [b8, 09, 79, 30, 5C, 00, 00, ...]
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 000007fdb9a32c60 6 bytes [48, B8, 49, E0, 30, 5C]
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 000007fdb9a32c68 4 bytes [00, 00, 50, C3]
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000007fdb9a32cd0 6 bytes [48, B8, 49, C4, 30, 5C]
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 000007fdb9a32cd8 4 bytes [00, 00, 50, C3]
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000007fdb9a32da0 6 bytes [48, B8, 09, B1, 30, 5C]
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 000007fdb9a32da8 4 bytes [00, 00, 50, C3]
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fdb9a32e40 6 bytes [48, B8, C9, 2D, 30, 5C]
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 000007fdb9a32e48 4 bytes [00, 00, 50, C3]
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000007fdb9a32e60 6 bytes [48, B8, C9, 18, 30, 5C]
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000007fdb9a32e68 4 bytes [00, 00, 50, C3]
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000007fdb9a32e80 6 bytes [48, B8, 89, 1A, 30, 5C]
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 000007fdb9a32e88 4 bytes [00, 00, 50, C3]
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fdb9a32ea0 6 bytes [48, B8, 49, AF, 30, 5C]
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 000007fdb9a32ea8 4 bytes [00, 00, 50, C3]
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fdb9a32f50 6 bytes [48, B8, C9, DC, 30, 5C]
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 000007fdb9a32f58 4 bytes [00, 00, 50, C3]
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fdb9a32f80 6 bytes [48, B8, 49, 2A, 30, 5C]
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 000007fdb9a32f88 4 bytes [00, 00, 50, C3]
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fdb9a32fa0 6 bytes [48, B8, 49, 31, 30, 5C]
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 000007fdb9a32fa8 4 bytes [00, 00, 50, C3]
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000007fdb9a33030 6 bytes [48, B8, 89, 2F, 30, 5C]
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 000007fdb9a33038 4 bytes [00, 00, 50, C3]
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fdb9a33080 6 bytes [48, B8, 09, E2, 30, 5C]
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 000007fdb9a33088 4 bytes [00, 00, 50, C3]
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 000007fdb9a330b0 6 bytes [48, B8, C9, 26, 30, 5C]
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 000007fdb9a330b8 4 bytes [00, 00, 50, C3]
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fdb9a330c0 6 bytes [48, B8, 49, 23, 30, 5C]
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 000007fdb9a330c8 4 bytes [00, 00, 50, C3]
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000007fdb9a33130 6 bytes [48, B8, 89, DE, 30, 5C]
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000007fdb9a33138 4 bytes [00, 00, 50, C3]
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000007fdb9a331e1 6 bytes [48, B8, 89, E5, 30, 5C]
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 000007fdb9a331e9 4 bytes [00, 00, 50, C3]
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fdb9a33641 6 bytes [48, B8, 09, DB, 30, 5C]
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 000007fdb9a33649 4 bytes [00, 00, 50, C3]
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 000007fdb9a33691 6 bytes [48, B8, 09, 25, 30, 5C]
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 000007fdb9a33699 4 bytes [00, 00, 50, C3]
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fdb9a336f1 6 bytes [48, B8, 89, 21, 30, 5C]
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 000007fdb9a336f9 4 bytes [00, 00, 50, C3]
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fdb9a33ae1 6 bytes [48, B8, 09, C6, 30, 5C]
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 000007fdb9a33ae9 4 bytes [00, 00, 50, C3]
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 000007fdb9a34041 6 bytes [48, B8, 09, 72, 30, 5C]
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 000007fdb9a34049 4 bytes [00, 00, 50, C3]
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fdb9a34251 6 bytes [48, B8, 09, 2C, 30, 5C]
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 000007fdb9a34259 4 bytes [00, 00, 50, C3]
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fdb9a34431 6 bytes [48, B8, C9, C7, 30, 5C]
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 000007fdb9a34439 4 bytes [00, 00, 50, C3]
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fdb9a34541 6 bytes [48, B8, C9, E3, 30, 5C]
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 000007fdb9a34549 4 bytes [00, 00, 50, C3]
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fdb9a34651 6 bytes [48, B8, C9, D5, 30, 5C]
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 000007fdb9a34659 4 bytes [00, 00, 50, C3]
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 000007fdb9a55bd1 11 bytes [b8, C9, 5E, 30, 5C, 00, 00, ...]
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 000007fdb9af3be1 11 bytes [b8, C9, 73, 30, 5C, 00, 00, ...]
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\system32\KERNEL32.DLL!GetStartupInfoA + 1 000007fdb8a1d9bd 11 bytes [b8, 09, D4, 30, 5C, 00, 00, ...]
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\system32\KERNEL32.DLL!CreateToolhelp32Snapshot 000007fdb8a24260 12 bytes [48, B8, C9, 34, 30, 5C, 00, ...]
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\system32\KERNEL32.DLL!Process32NextW 000007fdb8a24814 12 bytes [48, B8, 89, C2, 30, 5C, 00, ...]
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\system32\KERNELBASE.dll!CloseHandle 000007fdb6b91580 12 bytes [48, B8, 09, 48, 30, 5C, 00, ...]
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fdb6b928e9 11 bytes [b8, 49, B6, 30, 5C, 00, 00, ...]
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\system32\KERNELBASE.dll!CreateMutexW + 1 000007fdb6b93411 11 bytes [b8, 49, 46, 30, 5C, 00, 00, ...]
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fdb6b94541 11 bytes [b8, 09, B8, 30, 5C, 00, 00, ...]
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\system32\KERNELBASE.dll!CreateProcessInternalW 000007fdb6b9b970 12 bytes [48, B8, 89, 28, 30, 5C, 00, ...]
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fdb6baf590 12 bytes [48, B8, 89, B4, 30, 5C, 00, ...]
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fdb6baf679 11 bytes [b8, C9, B2, 30, 5C, 00, 00, ...]
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fdb6bbb6dd 11 bytes [b8, 89, 44, 30, 5C, 00, 00, ...]
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory + 1 000007fdb6bf5c01 11 bytes [b8, 49, 38, 30, 5C, 00, 00, ...]
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputW + 1 000007fdb6c2b2ed 11 bytes [b8, C9, 6C, 30, 5C, 00, 00, ...]
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputA + 1 000007fdb6c2b30d 11 bytes [b8, 09, 6B, 30, 5C, 00, 00, ...]
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\system32\KERNELBASE.dll!ReadConsoleW 000007fdb6c2bcc0 12 bytes [48, B8, 49, 70, 30, 5C, 00, ...]
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\system32\KERNELBASE.dll!ReadConsoleA 000007fdb6c2bd08 12 bytes [48, B8, 89, 6E, 30, 5C, 00, ...]
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread 000007fdb6c3720c 12 bytes [48, B8, C9, 1F, 30, 5C, 00, ...]
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\system32\KERNELBASE.dll!CreateThread 000007fdb6c37250 12 bytes [48, B8, 89, 36, 30, 5C, 00, ...]
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\system32\USER32.dll!PeekMessageW + 1 000007fdb8b510c1 11 bytes [b8, 49, 69, 30, 5C, 00, 00, ...]
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\system32\USER32.dll!CallNextHookEx + 1 000007fdb8b51881 11 bytes [b8, 89, 75, 30, 5C, 00, 00, ...]
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\system32\USER32.dll!GetMessageW 000007fdb8b51ed0 12 bytes [48, B8, C9, 65, 30, 5C, 00, ...]
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx 000007fdb8b52120 6 bytes [48, B8, 49, 77, 30, 5C]
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx + 8 000007fdb8b52128 4 bytes [00, 00, 50, C3]
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\system32\USER32.dll!PostMessageW + 1 000007fdb8b524a1 11 bytes [b8, 49, D9, 30, 5C, 00, 00, ...]
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\system32\USER32.dll!PeekMessageA + 1 000007fdb8b55571 11 bytes [b8, 89, 67, 30, 5C, 00, 00, ...]
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\system32\USER32.dll!GetMessageA 000007fdb8b55720 12 bytes [48, B8, 09, 64, 30, 5C, 00, ...]
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\system32\USER32.dll!UserClientDllInitialize + 1 000007fdb8b557b1 11 bytes [b8, 49, E7, 30, 5C, 00, 00, ...]
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\system32\USER32.dll!SetWindowTextW 000007fdb8b57430 12 bytes [48, B8, 89, A6, 30, 5C, 00, ...]
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\system32\USER32.dll!FindWindowW 000007fdb8b5b160 12 bytes [48, B8, 49, BD, 30, 5C, 00, ...]
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\system32\USER32.dll!SetWindowsHookExW 000007fdb8b5bee0 12 bytes [48, B8, 09, 1E, 30, 5C, 00, ...]
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\system32\USER32.dll!CreateWindowExW + 1 000007fdb8b5c5b1 5 bytes [b8, 89, 98, 30, 5C]
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\system32\USER32.dll!CreateWindowExW + 7 000007fdb8b5c5b7 5 bytes [00, 00, 00, 50, C3]
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\system32\USER32.dll!PostMessageA + 1 000007fdb8b65061 11 bytes [b8, 89, D7, 30, 5C, 00, 00, ...]
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\system32\USER32.dll!CreateWindowExA + 1 000007fdb8b66261 5 bytes [b8, 49, 9A, 30, 5C]
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\system32\USER32.dll!CreateWindowExA + 7 000007fdb8b66267 5 bytes [00, 00, 00, 50, C3]
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\system32\USER32.dll!FindWindowExW 000007fdb8b685c0 12 bytes [48, B8, 09, BF, 30, 5C, 00, ...]
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\system32\USER32.dll!FindWindowExA + 1 000007fdb8b68aa1 11 bytes [b8, 89, BB, 30, 5C, 00, 00, ...]
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\system32\USER32.dll!CreateDialogIndirectParamAorW + 1 000007fdb8b6da61 11 bytes [b8, C9, 9D, 30, 5C, 00, 00, ...]
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\system32\USER32.dll!DialogBoxIndirectParamAorW + 1 000007fdb8b7b8e1 11 bytes [b8, 89, 9F, 30, 5C, 00, 00, ...]
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\system32\USER32.dll!SetWindowsHookExA + 1 000007fdb8b81851 8 bytes [b8, 49, 1C, 30, 5C, 00, 00, ...]
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\system32\USER32.dll!SetWindowsHookExA + 10 000007fdb8b8185a 2 bytes [50, C3]
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\system32\USER32.dll!MessageBoxExW + 1 000007fdb8bc02ed 11 bytes [b8, 09, A3, 30, 5C, 00, 00, ...]
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\system32\USER32.dll!MessageBoxExA + 1 000007fdb8bc0311 11 bytes [b8, 49, A1, 30, 5C, 00, 00, ...]
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\system32\USER32.dll!SetWindowTextA + 1 000007fdb8bc8211 11 bytes [b8, C9, A4, 30, 5C, 00, 00, ...]
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fdb73ad138 12 bytes [48, B8, 49, 62, 30, 5C, 00, ...]
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fdb73ad1c0 12 bytes [48, B8, 89, 60, 30, 5C, 00, ...]
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW 000007fdb73ad350 12 bytes [48, B8, 09, 56, 30, 5C, 00, ...]
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007fdb73ad3e8 12 bytes [48, B8, 49, 54, 30, 5C, 00, ...]
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\system32\SHELL32.dll!Shell_NotifyIconW + 1 000007fdb75dd181 11 bytes [b8, 09, 79, 30, 5C, 00, 00, ...]
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\system32\WS2_32.dll!closesocket 000007fdb8ce1cd0 10 bytes [48, B8, C9, AB, 30, 5C, 00, ...]
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\system32\WS2_32.dll!closesocket + 11 000007fdb8ce1cdb 1 byte [C3]
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\system32\WS2_32.dll!recv + 1 000007fdb8ce1f41 11 bytes [b8, C9, CE, 30, 5C, 00, 00, ...]
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\system32\WS2_32.dll!WSASocketW 000007fdb8ce24d0 12 bytes [48, B8, 09, AA, 30, 5C, 00, ...]
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\system32\WS2_32.dll!socket + 1 000007fdb8ce2a91 11 bytes [b8, 89, C9, 30, 5C, 00, 00, ...]
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\system32\WS2_32.dll!send + 1 000007fdb8ce3051 11 bytes [b8, 49, A8, 30, 5C, 00, 00, ...]
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 000007fdb8ce3930 12 bytes [48, B8, 09, 95, 30, 5C, 00, ...]
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\system32\WS2_32.dll!connect 000007fdb8ce4940 12 bytes [48, B8, 09, 5D, 30, 5C, 00, ...]
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\system32\WS2_32.dll!gethostbyname 000007fdb8cee910 7 bytes [48, B8, C9, 96, 30, 5C, 00]
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\system32\WS2_32.dll!gethostbyname + 9 000007fdb8cee919 3 bytes [00, 50, C3]
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\system32\WS2_32.dll!WSASend + 1 000007fdb8cf2e81 11 bytes [b8, 89, AD, 30, 5C, 00, 00, ...]
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\system32\WS2_32.dll!WSARecv + 1 000007fdb8cf3141 11 bytes [b8, 89, D0, 30, 5C, 00, 00, ...]
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2108] C:\Windows\system32\WS2_32.dll!WSAConnect + 1 000007fdb8cf76e1 11 bytes [b8, 09, CD, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 000007fdb9a32c60 6 bytes [48, B8, 09, DB, 30, 5C]
.text C:\Windows\system32\svchost.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 000007fdb9a32c68 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000007fdb9a32cd0 6 bytes [48, B8, 49, C4, 30, 5C]
.text C:\Windows\system32\svchost.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 000007fdb9a32cd8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000007fdb9a32da0 6 bytes [48, B8, 09, B1, 30, 5C]
.text C:\Windows\system32\svchost.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 000007fdb9a32da8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fdb9a32e40 6 bytes [48, B8, C9, 2D, 30, 5C]
.text C:\Windows\system32\svchost.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 000007fdb9a32e48 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000007fdb9a32e60 6 bytes [48, B8, C9, 18, 30, 5C]
.text C:\Windows\system32\svchost.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000007fdb9a32e68 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000007fdb9a32e80 6 bytes [48, B8, 89, 1A, 30, 5C]
.text C:\Windows\system32\svchost.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 000007fdb9a32e88 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fdb9a32ea0 6 bytes [48, B8, 49, AF, 30, 5C]
.text C:\Windows\system32\svchost.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 000007fdb9a32ea8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fdb9a32f50 6 bytes [48, B8, 89, D7, 30, 5C]
.text C:\Windows\system32\svchost.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 000007fdb9a32f58 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fdb9a32f80 6 bytes [48, B8, 49, 2A, 30, 5C]
.text C:\Windows\system32\svchost.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 000007fdb9a32f88 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fdb9a32fa0 6 bytes [48, B8, 49, 31, 30, 5C]
.text C:\Windows\system32\svchost.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 000007fdb9a32fa8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000007fdb9a33030 6 bytes [48, B8, 89, 2F, 30, 5C]
.text C:\Windows\system32\svchost.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 000007fdb9a33038 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fdb9a33080 6 bytes [48, B8, C9, DC, 30, 5C]
.text C:\Windows\system32\svchost.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 000007fdb9a33088 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 000007fdb9a330b0 6 bytes [48, B8, C9, 26, 30, 5C]
.text C:\Windows\system32\svchost.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 000007fdb9a330b8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fdb9a330c0 6 bytes [48, B8, 49, 23, 30, 5C]
.text C:\Windows\system32\svchost.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 000007fdb9a330c8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000007fdb9a33130 6 bytes [48, B8, 49, D9, 30, 5C]
.text C:\Windows\system32\svchost.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000007fdb9a33138 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000007fdb9a331e1 6 bytes [48, B8, 49, E0, 30, 5C]
.text C:\Windows\system32\svchost.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 000007fdb9a331e9 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fdb9a33641 6 bytes [48, B8, C9, D5, 30, 5C]
.text C:\Windows\system32\svchost.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 000007fdb9a33649 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 000007fdb9a33691 6 bytes [48, B8, 09, 25, 30, 5C]
.text C:\Windows\system32\svchost.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 000007fdb9a33699 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fdb9a336f1 6 bytes [48, B8, 89, 21, 30, 5C]
.text C:\Windows\system32\svchost.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 000007fdb9a336f9 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fdb9a33ae1 6 bytes [48, B8, 09, C6, 30, 5C]
.text C:\Windows\system32\svchost.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 000007fdb9a33ae9 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 000007fdb9a34041 6 bytes [48, B8, 09, 72, 30, 5C]
.text C:\Windows\system32\svchost.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 000007fdb9a34049 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fdb9a34251 6 bytes [48, B8, 09, 2C, 30, 5C]
.text C:\Windows\system32\svchost.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 000007fdb9a34259 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fdb9a34431 6 bytes [48, B8, C9, C7, 30, 5C]
.text C:\Windows\system32\svchost.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 000007fdb9a34439 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fdb9a34541 6 bytes [48, B8, 89, DE, 30, 5C]
.text C:\Windows\system32\svchost.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 000007fdb9a34549 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 000007fdb9a55bd1 11 bytes [b8, C9, 5E, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[2132] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 000007fdb9af3be1 11 bytes [b8, C9, 73, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[2132] C:\Windows\system32\KERNEL32.DLL!GetStartupInfoA + 1 000007fdb8a1d9bd 11 bytes [b8, 09, D4, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[2132] C:\Windows\system32\KERNEL32.DLL!CreateToolhelp32Snapshot 000007fdb8a24260 12 bytes [48, B8, C9, 34, 30, 5C, 00, ...]
.text C:\Windows\system32\svchost.exe[2132] C:\Windows\system32\KERNEL32.DLL!Process32NextW 000007fdb8a24814 12 bytes [48, B8, 89, C2, 30, 5C, 00, ...]
.text C:\Windows\system32\svchost.exe[2132] C:\Windows\system32\KERNELBASE.dll!CloseHandle 000007fdb6b91580 12 bytes [48, B8, 09, 48, 30, 5C, 00, ...]
.text C:\Windows\system32\svchost.exe[2132] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fdb6b928e9 11 bytes [b8, 49, B6, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[2132] C:\Windows\system32\KERNELBASE.dll!CreateMutexW + 1 000007fdb6b93411 11 bytes [b8, 49, 46, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[2132] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fdb6b94541 11 bytes [b8, 09, B8, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[2132] C:\Windows\system32\KERNELBASE.dll!CreateProcessInternalW 000007fdb6b9b970 12 bytes [48, B8, 89, 28, 30, 5C, 00, ...]
.text C:\Windows\system32\svchost.exe[2132] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fdb6baf590 12 bytes [48, B8, 89, B4, 30, 5C, 00, ...]
.text C:\Windows\system32\svchost.exe[2132] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fdb6baf679 11 bytes [b8, C9, B2, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[2132] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fdb6bbb6dd 11 bytes [b8, 89, 44, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[2132] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory + 1 000007fdb6bf5c01 11 bytes [b8, 49, 38, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[2132] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputW + 1 000007fdb6c2b2ed 11 bytes [b8, C9, 6C, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[2132] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputA + 1 000007fdb6c2b30d 11 bytes [b8, 09, 6B, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[2132] C:\Windows\system32\KERNELBASE.dll!ReadConsoleW 000007fdb6c2bcc0 12 bytes [48, B8, 49, 70, 30, 5C, 00, ...]
.text C:\Windows\system32\svchost.exe[2132] C:\Windows\system32\KERNELBASE.dll!ReadConsoleA 000007fdb6c2bd08 12 bytes [48, B8, 89, 6E, 30, 5C, 00, ...]
.text C:\Windows\system32\svchost.exe[2132] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread 000007fdb6c3720c 12 bytes [48, B8, C9, 1F, 30, 5C, 00, ...]
.text C:\Windows\system32\svchost.exe[2132] C:\Windows\system32\KERNELBASE.dll!CreateThread 000007fdb6c37250 12 bytes [48, B8, 89, 36, 30, 5C, 00, ...]
.text C:\Windows\system32\svchost.exe[2132] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fdb73ad138 12 bytes [48, B8, 49, 62, 30, 5C, 00, ...]
.text C:\Windows\system32\svchost.exe[2132] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fdb73ad1c0 12 bytes [48, B8, 89, 60, 30, 5C, 00, ...]
.text C:\Windows\system32\svchost.exe[2132] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW 000007fdb73ad350 12 bytes [48, B8, 09, 56, 30, 5C, 00, ...]
.text C:\Windows\system32\svchost.exe[2132] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007fdb73ad3e8 12 bytes [48, B8, 49, 54, 30, 5C, 00, ...]
.text C:\Windows\system32\svchost.exe[2132] C:\Windows\system32\WS2_32.dll!closesocket 000007fdb8ce1cd0 10 bytes [48, B8, C9, AB, 30, 5C, 00, ...]
.text C:\Windows\system32\svchost.exe[2132] C:\Windows\system32\WS2_32.dll!closesocket + 11 000007fdb8ce1cdb 1 byte [C3]
.text C:\Windows\system32\svchost.exe[2132] C:\Windows\system32\WS2_32.dll!recv + 1 000007fdb8ce1f41 11 bytes [b8, C9, CE, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[2132] C:\Windows\system32\WS2_32.dll!WSASocketW 000007fdb8ce24d0 12 bytes [48, B8, 09, AA, 30, 5C, 00, ...]
.text C:\Windows\system32\svchost.exe[2132] C:\Windows\system32\WS2_32.dll!socket + 1 000007fdb8ce2a91 11 bytes [b8, 89, C9, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[2132] C:\Windows\system32\WS2_32.dll!send + 1 000007fdb8ce3051 11 bytes [b8, 49, A8, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[2132] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 000007fdb8ce3930 12 bytes [48, B8, 09, 95, 30, 5C, 00, ...]
.text C:\Windows\system32\svchost.exe[2132] C:\Windows\system32\WS2_32.dll!connect 000007fdb8ce4940 12 bytes [48, B8, 09, 5D, 30, 5C, 00, ...]
.text C:\Windows\system32\svchost.exe[2132] C:\Windows\system32\WS2_32.dll!gethostbyname 000007fdb8cee910 7 bytes [48, B8, C9, 96, 30, 5C, 00]
.text C:\Windows\system32\svchost.exe[2132] C:\Windows\system32\WS2_32.dll!gethostbyname + 9 000007fdb8cee919 3 bytes [00, 50, C3]
.text C:\Windows\system32\svchost.exe[2132] C:\Windows\system32\WS2_32.dll!WSASend + 1 000007fdb8cf2e81 11 bytes [b8, 89, AD, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[2132] C:\Windows\system32\WS2_32.dll!WSARecv + 1 000007fdb8cf3141 11 bytes [b8, 89, D0, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[2132] C:\Windows\system32\WS2_32.dll!WSAConnect + 1 000007fdb8cf76e1 11 bytes [b8, 09, CD, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[2132] C:\Windows\system32\USER32.dll!PeekMessageW + 1 000007fdb8b510c1 11 bytes [b8, 49, 69, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[2132] C:\Windows\system32\USER32.dll!CallNextHookEx + 1 000007fdb8b51881 11 bytes [b8, 89, 75, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[2132] C:\Windows\system32\USER32.dll!GetMessageW 000007fdb8b51ed0 12 bytes [48, B8, C9, 65, 30, 5C, 00, ...]
.text C:\Windows\system32\svchost.exe[2132] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx 000007fdb8b52120 6 bytes [48, B8, 49, 77, 30, 5C]
.text C:\Windows\system32\svchost.exe[2132] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx + 8 000007fdb8b52128 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[2132] C:\Windows\system32\USER32.dll!PeekMessageA + 1 000007fdb8b55571 11 bytes [b8, 89, 67, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[2132] C:\Windows\system32\USER32.dll!GetMessageA 000007fdb8b55720 12 bytes [48, B8, 09, 64, 30, 5C, 00, ...]
.text C:\Windows\system32\svchost.exe[2132] C:\Windows\system32\USER32.dll!UserClientDllInitialize + 1 000007fdb8b557b1 11 bytes [b8, 89, E5, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[2132] C:\Windows\system32\USER32.dll!SetWindowTextW 000007fdb8b57430 12 bytes [48, B8, 89, A6, 30, 5C, 00, ...]
.text C:\Windows\system32\svchost.exe[2132] C:\Windows\system32\USER32.dll!FindWindowW 000007fdb8b5b160 12 bytes [48, B8, 49, BD, 30, 5C, 00, ...]
.text C:\Windows\system32\svchost.exe[2132] C:\Windows\system32\USER32.dll!SetWindowsHookExW 000007fdb8b5bee0 12 bytes [48, B8, 09, 1E, 30, 5C, 00, ...]
.text C:\Windows\system32\svchost.exe[2132] C:\Windows\system32\USER32.dll!CreateWindowExW + 1 000007fdb8b5c5b1 5 bytes [b8, 89, 98, 30, 5C]
.text C:\Windows\system32\svchost.exe[2132] C:\Windows\system32\USER32.dll!CreateWindowExW + 7 000007fdb8b5c5b7 5 bytes [00, 00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[2132] C:\Windows\system32\USER32.dll!CreateWindowExA + 1 000007fdb8b66261 5 bytes [b8, 49, 9A, 30, 5C]
.text C:\Windows\system32\svchost.exe[2132] C:\Windows\system32\USER32.dll!CreateWindowExA + 7 000007fdb8b66267 5 bytes [00, 00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[2132] C:\Windows\system32\USER32.dll!FindWindowExW 000007fdb8b685c0 12 bytes [48, B8, 09, BF, 30, 5C, 00, ...]
.text C:\Windows\system32\svchost.exe[2132] C:\Windows\system32\USER32.dll!FindWindowExA + 1 000007fdb8b68aa1 11 bytes [b8, 89, BB, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[2132] C:\Windows\system32\USER32.dll!CreateDialogIndirectParamAorW + 1 000007fdb8b6da61 11 bytes [b8, C9, 9D, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[2132] C:\Windows\system32\USER32.dll!DialogBoxIndirectParamAorW + 1 000007fdb8b7b8e1 11 bytes [b8, 89, 9F, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[2132] C:\Windows\system32\USER32.dll!SetWindowsHookExA + 1 000007fdb8b81851 8 bytes [b8, 49, 1C, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[2132] C:\Windows\system32\USER32.dll!SetWindowsHookExA + 10 000007fdb8b8185a 2 bytes [50, C3]
.text C:\Windows\system32\svchost.exe[2132] C:\Windows\system32\USER32.dll!MessageBoxExW + 1 000007fdb8bc02ed 11 bytes [b8, 09, A3, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[2132] C:\Windows\system32\USER32.dll!MessageBoxExA + 1 000007fdb8bc0311 11 bytes [b8, 49, A1, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[2132] C:\Windows\system32\USER32.dll!SetWindowTextA + 1 000007fdb8bc8211 11 bytes [b8, C9, A4, 30, 5C, 00, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 000007fdb9a32c60 6 bytes [48, B8, 49, E0, 30, 5C]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 000007fdb9a32c68 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000007fdb9a32cd0 6 bytes [48, B8, 49, C4, 30, 5C]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 000007fdb9a32cd8 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000007fdb9a32da0 6 bytes [48, B8, 09, B1, 30, 5C]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 000007fdb9a32da8 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fdb9a32e40 6 bytes [48, B8, C9, 2D, 30, 5C]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 000007fdb9a32e48 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000007fdb9a32e60 6 bytes [48, B8, C9, 18, 30, 5C]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000007fdb9a32e68 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000007fdb9a32e80 6 bytes [48, B8, 89, 1A, 30, 5C]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 000007fdb9a32e88 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fdb9a32ea0 6 bytes [48, B8, 49, AF, 30, 5C]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 000007fdb9a32ea8 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fdb9a32f50 6 bytes [48, B8, C9, DC, 30, 5C]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 000007fdb9a32f58 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fdb9a32f80 6 bytes [48, B8, 49, 2A, 30, 5C]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 000007fdb9a32f88 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fdb9a32fa0 6 bytes [48, B8, 49, 31, 30, 5C]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 000007fdb9a32fa8 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000007fdb9a33030 6 bytes [48, B8, 89, 2F, 30, 5C]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 000007fdb9a33038 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fdb9a33080 6 bytes [48, B8, 09, E2, 30, 5C]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 000007fdb9a33088 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 000007fdb9a330b0 6 bytes [48, B8, C9, 26, 30, 5C]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 000007fdb9a330b8 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fdb9a330c0 6 bytes [48, B8, 49, 23, 30, 5C]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 000007fdb9a330c8 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000007fdb9a33130 6 bytes [48, B8, 89, DE, 30, 5C]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000007fdb9a33138 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000007fdb9a331e1 6 bytes [48, B8, 89, E5, 30, 5C]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 000007fdb9a331e9 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fdb9a33641 6 bytes [48, B8, 09, DB, 30, 5C]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 000007fdb9a33649 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 000007fdb9a33691 6 bytes [48, B8, 09, 25, 30, 5C]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 000007fdb9a33699 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fdb9a336f1 6 bytes [48, B8, 89, 21, 30, 5C]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 000007fdb9a336f9 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fdb9a33ae1 6 bytes [48, B8, 09, C6, 30, 5C]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 000007fdb9a33ae9 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 000007fdb9a34041 6 bytes [48, B8, 09, 72, 30, 5C]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 000007fdb9a34049 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fdb9a34251 6 bytes [48, B8, 09, 2C, 30, 5C]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 000007fdb9a34259 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fdb9a34431 6 bytes [48, B8, C9, C7, 30, 5C]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 000007fdb9a34439 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fdb9a34541 6 bytes [48, B8, C9, E3, 30, 5C]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 000007fdb9a34549 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fdb9a34651 6 bytes [48, B8, C9, D5, 30, 5C]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 000007fdb9a34659 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 000007fdb9a55bd1 11 bytes [b8, C9, 5E, 30, 5C, 00, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 000007fdb9af3be1 11 bytes [b8, C9, 73, 30, 5C, 00, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\system32\KERNEL32.DLL!GetStartupInfoA + 1 000007fdb8a1d9bd 11 bytes [b8, 09, D4, 30, 5C, 00, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\system32\KERNEL32.DLL!CreateToolhelp32Snapshot 000007fdb8a24260 12 bytes [48, B8, C9, 34, 30, 5C, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\system32\KERNEL32.DLL!Process32NextW 000007fdb8a24814 12 bytes [48, B8, 89, C2, 30, 5C, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\system32\KERNELBASE.dll!CloseHandle 000007fdb6b91580 12 bytes [48, B8, 09, 48, 30, 5C, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fdb6b928e9 11 bytes [b8, 49, B6, 30, 5C, 00, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\system32\KERNELBASE.dll!CreateMutexW + 1 000007fdb6b93411 11 bytes [b8, 49, 46, 30, 5C, 00, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fdb6b94541 11 bytes [b8, 09, B8, 30, 5C, 00, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\system32\KERNELBASE.dll!CreateProcessInternalW 000007fdb6b9b970 12 bytes [48, B8, 89, 28, 30, 5C, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fdb6baf590 12 bytes [48, B8, 89, B4, 30, 5C, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fdb6baf679 11 bytes [b8, C9, B2, 30, 5C, 00, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fdb6bbb6dd 11 bytes [b8, 89, 44, 30, 5C, 00, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory + 1 000007fdb6bf5c01 11 bytes [b8, 49, 38, 30, 5C, 00, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputW + 1 000007fdb6c2b2ed 11 bytes [b8, C9, 6C, 30, 5C, 00, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputA + 1 000007fdb6c2b30d 11 bytes [b8, 09, 6B, 30, 5C, 00, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\system32\KERNELBASE.dll!ReadConsoleW 000007fdb6c2bcc0 12 bytes [48, B8, 49, 70, 30, 5C, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\system32\KERNELBASE.dll!ReadConsoleA 000007fdb6c2bd08 12 bytes [48, B8, 89, 6E, 30, 5C, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread 000007fdb6c3720c 12 bytes [48, B8, C9, 1F, 30, 5C, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\system32\KERNELBASE.dll!CreateThread 000007fdb6c37250 12 bytes [48, B8, 89, 36, 30, 5C, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\system32\WS2_32.dll!closesocket 000007fdb8ce1cd0 10 bytes [48, B8, C9, AB, 30, 5C, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\system32\WS2_32.dll!closesocket + 11 000007fdb8ce1cdb 1 byte [C3]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\system32\WS2_32.dll!recv + 1 000007fdb8ce1f41 11 bytes [b8, C9, CE, 30, 5C, 00, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\system32\WS2_32.dll!WSASocketW 000007fdb8ce24d0 12 bytes [48, B8, 09, AA, 30, 5C, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\system32\WS2_32.dll!socket + 1 000007fdb8ce2a91 11 bytes [b8, 89, C9, 30, 5C, 00, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\system32\WS2_32.dll!send + 1 000007fdb8ce3051 11 bytes [b8, 49, A8, 30, 5C, 00, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 000007fdb8ce3930 12 bytes [48, B8, 09, 95, 30, 5C, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\system32\WS2_32.dll!connect 000007fdb8ce4940 12 bytes [48, B8, 09, 5D, 30, 5C, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\system32\WS2_32.dll!gethostbyname 000007fdb8cee910 7 bytes [48, B8, C9, 96, 30, 5C, 00]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\system32\WS2_32.dll!gethostbyname + 9 000007fdb8cee919 3 bytes [00, 50, C3]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\system32\WS2_32.dll!WSASend + 1 000007fdb8cf2e81 11 bytes [b8, 89, AD, 30, 5C, 00, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\system32\WS2_32.dll!WSARecv + 1 000007fdb8cf3141 11 bytes [b8, 89, D0, 30, 5C, 00, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\system32\WS2_32.dll!WSAConnect + 1 000007fdb8cf76e1 11 bytes [b8, 09, CD, 30, 5C, 00, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\system32\USER32.dll!PeekMessageW + 1 000007fdb8b510c1 11 bytes [b8, 49, 69, 30, 5C, 00, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\system32\USER32.dll!CallNextHookEx + 1 000007fdb8b51881 11 bytes [b8, 89, 75, 30, 5C, 00, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\system32\USER32.dll!GetMessageW 000007fdb8b51ed0 12 bytes [48, B8, C9, 65, 30, 5C, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx 000007fdb8b52120 6 bytes [48, B8, 49, 77, 30, 5C]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx + 8 000007fdb8b52128 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\system32\USER32.dll!PostMessageW + 1 000007fdb8b524a1 11 bytes [b8, 49, D9, 30, 5C, 00, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\system32\USER32.dll!PeekMessageA + 1 000007fdb8b55571 11 bytes [b8, 89, 67, 30, 5C, 00, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\system32\USER32.dll!GetMessageA 000007fdb8b55720 12 bytes [48, B8, 09, 64, 30, 5C, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\system32\USER32.dll!UserClientDllInitialize + 1 000007fdb8b557b1 11 bytes [b8, 09, E9, 30, 5C, 00, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\system32\USER32.dll!SetWindowTextW 000007fdb8b57430 12 bytes [48, B8, 89, A6, 30, 5C, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\system32\USER32.dll!FindWindowW 000007fdb8b5b160 12 bytes [48, B8, 49, BD, 30, 5C, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\system32\USER32.dll!SetWindowsHookExW 000007fdb8b5bee0 12 bytes [48, B8, 09, 1E, 30, 5C, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\system32\USER32.dll!CreateWindowExW + 1 000007fdb8b5c5b1 5 bytes [b8, 89, 98, 30, 5C]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\system32\USER32.dll!CreateWindowExW + 7 000007fdb8b5c5b7 5 bytes [00, 00, 00, 50, C3]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\system32\USER32.dll!PostMessageA + 1 000007fdb8b65061 11 bytes [b8, 89, D7, 30, 5C, 00, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\system32\USER32.dll!CreateWindowExA + 1 000007fdb8b66261 5 bytes [b8, 49, 9A, 30, 5C]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\system32\USER32.dll!CreateWindowExA + 7 000007fdb8b66267 5 bytes [00, 00, 00, 50, C3]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\system32\USER32.dll!FindWindowExW 000007fdb8b685c0 12 bytes [48, B8, 09, BF, 30, 5C, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\system32\USER32.dll!FindWindowExA + 1 000007fdb8b68aa1 11 bytes [b8, 89, BB, 30, 5C, 00, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\system32\USER32.dll!CreateDialogIndirectParamAorW + 1 000007fdb8b6da61 11 bytes [b8, C9, 9D, 30, 5C, 00, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\system32\USER32.dll!DialogBoxIndirectParamAorW + 1 000007fdb8b7b8e1 11 bytes [b8, 89, 9F, 30, 5C, 00, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\system32\USER32.dll!SetWindowsHookExA + 1 000007fdb8b81851 8 bytes [b8, 49, 1C, 30, 5C, 00, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\system32\USER32.dll!SetWindowsHookExA + 10 000007fdb8b8185a 2 bytes [50, C3]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\system32\USER32.dll!MessageBoxExW + 1 000007fdb8bc02ed 11 bytes [b8, 09, A3, 30, 5C, 00, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\system32\USER32.dll!MessageBoxExA + 1 000007fdb8bc0311 11 bytes [b8, 49, A1, 30, 5C, 00, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\system32\USER32.dll!SetWindowTextA + 1 000007fdb8bc8211 11 bytes [b8, C9, A4, 30, 5C, 00, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fdb73ad138 12 bytes [48, B8, 49, 62, 30, 5C, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fdb73ad1c0 12 bytes [48, B8, 89, 60, 30, 5C, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW 000007fdb73ad350 12 bytes [48, B8, 09, 56, 30, 5C, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2152] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007fdb73ad3e8 12 bytes [48, B8, 49, 54, 30, 5C, 00, ...]
.text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 000007fdb9a32c60 6 bytes [48, B8, 49, E0, 30, 5C]
.text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 000007fdb9a32c68 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000007fdb9a32cd0 6 bytes [48, B8, 49, C4, 30, 5C]
.text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 000007fdb9a32cd8 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000007fdb9a32da0 6 bytes [48, B8, 09, B1, 30, 5C]
.text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 000007fdb9a32da8 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fdb9a32e40 6 bytes [48, B8, C9, 2D, 30, 5C]
.text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 000007fdb9a32e48 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000007fdb9a32e60 6 bytes [48, B8, C9, 18, 30, 5C]
.text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000007fdb9a32e68 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000007fdb9a32e80 6 bytes [48, B8, 89, 1A, 30, 5C]
.text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 000007fdb9a32e88 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fdb9a32ea0 6 bytes [48, B8, 49, AF, 30, 5C]
.text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 000007fdb9a32ea8 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fdb9a32f50 6 bytes [48, B8, C9, DC, 30, 5C]
.text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 000007fdb9a32f58 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fdb9a32f80 6 bytes [48, B8, 49, 2A, 30, 5C]
.text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 000007fdb9a32f88 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fdb9a32fa0 6 bytes [48, B8, 49, 31, 30, 5C]
.text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 000007fdb9a32fa8 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000007fdb9a33030 6 bytes [48, B8, 89, 2F, 30, 5C]
.text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 000007fdb9a33038 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fdb9a33080 6 bytes [48, B8, 09, E2, 30, 5C]
.text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 000007fdb9a33088 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 000007fdb9a330b0 6 bytes [48, B8, C9, 26, 30, 5C]
.text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 000007fdb9a330b8 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fdb9a330c0 6 bytes [48, B8, 49, 23, 30, 5C]
.text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 000007fdb9a330c8 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000007fdb9a33130 6 bytes [48, B8, 89, DE, 30, 5C]
.text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000007fdb9a33138 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000007fdb9a331e1 6 bytes [48, B8, 89, E5, 30, 5C]
.text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 000007fdb9a331e9 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fdb9a33641 6 bytes [48, B8, 09, DB, 30, 5C]
.text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 000007fdb9a33649 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 000007fdb9a33691 6 bytes [48, B8, 09, 25, 30, 5C]
.text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 000007fdb9a33699 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fdb9a336f1 6 bytes [48, B8, 89, 21, 30, 5C]
.text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 000007fdb9a336f9 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fdb9a33ae1 6 bytes [48, B8, 09, C6, 30, 5C]
.text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 000007fdb9a33ae9 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 000007fdb9a34041 6 bytes [48, B8, 09, 72, 30, 5C]
.text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 000007fdb9a34049 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fdb9a34251 6 bytes [48, B8, 09, 2C, 30, 5C]
.text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 000007fdb9a34259 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fdb9a34431 6 bytes [48, B8, C9, C7, 30, 5C]
.text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 000007fdb9a34439 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fdb9a34541 6 bytes [48, B8, C9, E3, 30, 5C]
.text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 000007fdb9a34549 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fdb9a34651 6 bytes [48, B8, C9, D5, 30, 5C]
.text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 000007fdb9a34659 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 000007fdb9a55bd1 11 bytes [b8, C9, 5E, 30, 5C, 00, 00, ...]
.text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 000007fdb9af3be1 11 bytes [b8, C9, 73, 30, 5C, 00, 00, ...]
.text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\system32\KERNEL32.DLL!GetStartupInfoA + 1 000007fdb8a1d9bd 11 bytes [b8, 09, D4, 30, 5C, 00, 00, ...]
.text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\system32\KERNEL32.DLL!CreateToolhelp32Snapshot 000007fdb8a24260 12 bytes [48, B8, C9, 34, 30, 5C, 00, ...]
.text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\system32\KERNEL32.DLL!Process32NextW 000007fdb8a24814 12 bytes [48, B8, 89, C2, 30, 5C, 00, ...]
.text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\system32\KERNELBASE.dll!CloseHandle 000007fdb6b91580 12 bytes [48, B8, 09, 48, 30, 5C, 00, ...]
.text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fdb6b928e9 11 bytes [b8, 49, B6, 30, 5C, 00, 00, ...]
.text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\system32\KERNELBASE.dll!CreateMutexW + 1 000007fdb6b93411 11 bytes [b8, 49, 46, 30, 5C, 00, 00, ...]
.text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fdb6b94541 11 bytes [b8, 09, B8, 30, 5C, 00, 00, ...]
.text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\system32\KERNELBASE.dll!CreateProcessInternalW 000007fdb6b9b970 12 bytes [48, B8, 89, 28, 30, 5C, 00, ...]
.text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fdb6baf590 12 bytes [48, B8, 89, B4, 30, 5C, 00, ...]
.text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fdb6baf679 11 bytes [b8, C9, B2, 30, 5C, 00, 00, ...]
.text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fdb6bbb6dd 11 bytes [b8, 89, 44, 30, 5C, 00, 00, ...]
.text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory + 1 000007fdb6bf5c01 11 bytes [b8, 49, 38, 30, 5C, 00, 00, ...]
.text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputW + 1 000007fdb6c2b2ed 11 bytes [b8, C9, 6C, 30, 5C, 00, 00, ...]
.text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputA + 1 000007fdb6c2b30d 11 bytes [b8, 09, 6B, 30, 5C, 00, 00, ...]
.text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\system32\KERNELBASE.dll!ReadConsoleW 000007fdb6c2bcc0 12 bytes [48, B8, 49, 70, 30, 5C, 00, ...]
.text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\system32\KERNELBASE.dll!ReadConsoleA 000007fdb6c2bd08 12 bytes [48, B8, 89, 6E, 30, 5C, 00, ...]
.text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread 000007fdb6c3720c 12 bytes [48, B8, C9, 1F, 30, 5C, 00, ...]
.text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\system32\KERNELBASE.dll!CreateThread 000007fdb6c37250 12 bytes [48, B8, 89, 36, 30, 5C, 00, ...]
.text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fdb73ad138 12 bytes [48, B8, 49, 62, 30, 5C, 00, ...]
.text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fdb73ad1c0 12 bytes [48, B8, 89, 60, 30, 5C, 00, ...]
.text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW 000007fdb73ad350 12 bytes [48, B8, 09, 56, 30, 5C, 00, ...]
.text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007fdb73ad3e8 12 bytes [48, B8, 49, 54, 30, 5C, 00, ...]
.text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\system32\WS2_32.dll!closesocket 000007fdb8ce1cd0 10 bytes [48, B8, C9, AB, 30, 5C, 00, ...]
.text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\system32\WS2_32.dll!closesocket + 11 000007fdb8ce1cdb 1 byte [C3]
.text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\system32\WS2_32.dll!recv + 1 000007fdb8ce1f41 11 bytes [b8, C9, CE, 30, 5C, 00, 00, ...]
.text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\system32\WS2_32.dll!WSASocketW 000007fdb8ce24d0 12 bytes [48, B8, 09, AA, 30, 5C, 00, ...]
.text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\system32\WS2_32.dll!socket + 1 000007fdb8ce2a91 11 bytes [b8, 89, C9, 30, 5C, 00, 00, ...]
.text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\system32\WS2_32.dll!send + 1 000007fdb8ce3051 11 bytes [b8, 49, A8, 30, 5C, 00, 00, ...]
.text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 000007fdb8ce3930 12 bytes [48, B8, 09, 95, 30, 5C, 00, ...]
.text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\system32\WS2_32.dll!connect 000007fdb8ce4940 12 bytes [48, B8, 09, 5D, 30, 5C, 00, ...]
.text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\system32\WS2_32.dll!gethostbyname 000007fdb8cee910 7 bytes [48, B8, C9, 96, 30, 5C, 00]
.text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\system32\WS2_32.dll!gethostbyname + 9 000007fdb8cee919 3 bytes [00, 50, C3]
.text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\system32\WS2_32.dll!WSASend + 1 000007fdb8cf2e81 11 bytes [b8, 89, AD, 30, 5C, 00, 00, ...]
.text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\system32\WS2_32.dll!WSARecv + 1 000007fdb8cf3141 11 bytes [b8, 89, D0, 30, 5C, 00, 00, ...]
.text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\system32\WS2_32.dll!WSAConnect + 1 000007fdb8cf76e1 11 bytes [b8, 09, CD, 30, 5C, 00, 00, ...]
.text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\system32\USER32.dll!PeekMessageW + 1 000007fdb8b510c1 11 bytes [b8, 49, 69, 30, 5C, 00, 00, ...]
.text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\system32\USER32.dll!CallNextHookEx + 1 000007fdb8b51881 11 bytes [b8, 89, 75, 30, 5C, 00, 00, ...]
.text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\system32\USER32.dll!GetMessageW 000007fdb8b51ed0 12 bytes [48, B8, C9, 65, 30, 5C, 00, ...]
.text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx 000007fdb8b52120 6 bytes [48, B8, 49, 77, 30, 5C]
.text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx + 8 000007fdb8b52128 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\system32\USER32.dll!PostMessageW + 1 000007fdb8b524a1 11 bytes [b8, 49, D9, 30, 5C, 00, 00, ...]
.text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\system32\USER32.dll!PeekMessageA + 1 000007fdb8b55571 11 bytes [b8, 89, 67, 30, 5C, 00, 00, ...]
.text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\system32\USER32.dll!GetMessageA 000007fdb8b55720 12 bytes [48, B8, 09, 64, 30, 5C, 00, ...]
.text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\system32\USER32.dll!UserClientDllInitialize + 1 000007fdb8b557b1 11 bytes [b8, C9, EA, 30, 5C, 00, 00, ...]
.text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\system32\USER32.dll!SetWindowTextW 000007fdb8b57430 12 bytes [48, B8, 89, A6, 30, 5C, 00, ...]
.text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\system32\USER32.dll!FindWindowW 000007fdb8b5b160 12 bytes [48, B8, 49, BD, 30, 5C, 00, ...]
.text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\system32\USER32.dll!SetWindowsHookExW 000007fdb8b5bee0 12 bytes [48, B8, 09, 1E, 30, 5C, 00, ...]
.text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\system32\USER32.dll!CreateWindowExW + 1 000007fdb8b5c5b1 5 bytes [b8, 89, 98, 30, 5C]
.text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\system32\USER32.dll!CreateWindowExW + 7 000007fdb8b5c5b7 5 bytes [00, 00, 00, 50, C3]
.text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\system32\USER32.dll!PostMessageA + 1 000007fdb8b65061 11 bytes [b8, 89, D7, 30, 5C, 00, 00, ...]
.text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\system32\USER32.dll!CreateWindowExA + 1 000007fdb8b66261 5 bytes [b8, 49, 9A, 30, 5C]
.text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\system32\USER32.dll!CreateWindowExA + 7 000007fdb8b66267 5 bytes [00, 00, 00, 50, C3]
.text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\system32\USER32.dll!FindWindowExW 000007fdb8b685c0 12 bytes [48, B8, 09, BF, 30, 5C, 00, ...]
.text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\system32\USER32.dll!FindWindowExA + 1 000007fdb8b68aa1 11 bytes [b8, 89, BB, 30, 5C, 00, 00, ...]
.text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\system32\USER32.dll!CreateDialogIndirectParamAorW + 1 000007fdb8b6da61 11 bytes [b8, C9, 9D, 30, 5C, 00, 00, ...]
.text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\system32\USER32.dll!DialogBoxIndirectParamAorW + 1 000007fdb8b7b8e1 11 bytes [b8, 89, 9F, 30, 5C, 00, 00, ...]
.text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\system32\USER32.dll!SetWindowsHookExA + 1 000007fdb8b81851 8 bytes [b8, 49, 1C, 30, 5C, 00, 00, ...]
.text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\system32\USER32.dll!SetWindowsHookExA + 10 000007fdb8b8185a 2 bytes [50, C3]
.text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\system32\USER32.dll!MessageBoxExW + 1 000007fdb8bc02ed 11 bytes [b8, 09, A3, 30, 5C, 00, 00, ...]
.text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\system32\USER32.dll!MessageBoxExA + 1 000007fdb8bc0311 11 bytes [b8, 49, A1, 30, 5C, 00, 00, ...]
.text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\system32\USER32.dll!SetWindowTextA + 1 000007fdb8bc8211 11 bytes [b8, C9, A4, 30, 5C, 00, 00, ...]
.text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\system32\urlmon.dll!URLDownloadToCacheFileW 000007fdb70e12f0 12 bytes [48, B8, 49, 5B, 30, 5C, 00, ...]
.text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\system32\urlmon.dll!URLDownloadToFileW + 1 000007fdb70fba59 11 bytes [b8, 89, 59, 30, 5C, 00, 00, ...]
.text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\system32\SHELL32.dll!Shell_NotifyIconW + 1 000007fdb75dd181 11 bytes [b8, 09, 79, 30, 5C, 00, 00, ...]
.text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fdb91d177a 4 bytes [1D, B9, FD, 07]
.text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2412] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fdb91d1782 4 bytes [1D, B9, FD, 07]
.text C:\Windows\system32\svchost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 000007fdb9a32c60 6 bytes [48, B8, 09, DB, 30, 5C]
.text C:\Windows\system32\svchost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 000007fdb9a32c68 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000007fdb9a32cd0 6 bytes [48, B8, 49, C4, 30, 5C]
.text C:\Windows\system32\svchost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 000007fdb9a32cd8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000007fdb9a32da0 6 bytes [48, B8, 09, B1, 30, 5C]
.text C:\Windows\system32\svchost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 000007fdb9a32da8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fdb9a32e40 6 bytes [48, B8, C9, 2D, 30, 5C]
.text C:\Windows\system32\svchost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 000007fdb9a32e48 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000007fdb9a32e60 6 bytes [48, B8, C9, 18, 30, 5C]
.text C:\Windows\system32\svchost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000007fdb9a32e68 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000007fdb9a32e80 6 bytes [48, B8, 89, 1A, 30, 5C]
.text C:\Windows\system32\svchost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 000007fdb9a32e88 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fdb9a32ea0 6 bytes [48, B8, 49, AF, 30, 5C]
.text C:\Windows\system32\svchost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 000007fdb9a32ea8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fdb9a32f50 6 bytes [48, B8, 89, D7, 30, 5C]
.text C:\Windows\system32\svchost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 000007fdb9a32f58 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fdb9a32f80 6 bytes [48, B8, 49, 2A, 30, 5C]
.text C:\Windows\system32\svchost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 000007fdb9a32f88 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fdb9a32fa0 6 bytes [48, B8, 49, 31, 30, 5C]
.text C:\Windows\system32\svchost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 000007fdb9a32fa8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000007fdb9a33030 6 bytes [48, B8, 89, 2F, 30, 5C]
.text C:\Windows\system32\svchost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 000007fdb9a33038 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fdb9a33080 6 bytes [48, B8, C9, DC, 30, 5C]
.text C:\Windows\system32\svchost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 000007fdb9a33088 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 000007fdb9a330b0 6 bytes [48, B8, C9, 26, 30, 5C]
.text C:\Windows\system32\svchost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 000007fdb9a330b8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fdb9a330c0 6 bytes [48, B8, 49, 23, 30, 5C]
.text C:\Windows\system32\svchost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 000007fdb9a330c8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000007fdb9a33130 6 bytes [48, B8, 49, D9, 30, 5C]
.text C:\Windows\system32\svchost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000007fdb9a33138 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000007fdb9a331e1 6 bytes [48, B8, 49, E0, 30, 5C]
.text C:\Windows\system32\svchost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 000007fdb9a331e9 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fdb9a33641 6 bytes [48, B8, C9, D5, 30, 5C]
.text C:\Windows\system32\svchost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 000007fdb9a33649 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 000007fdb9a33691 6 bytes [48, B8, 09, 25, 30, 5C]
.text C:\Windows\system32\svchost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 000007fdb9a33699 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fdb9a336f1 6 bytes [48, B8, 89, 21, 30, 5C]
.text C:\Windows\system32\svchost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 000007fdb9a336f9 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fdb9a33ae1 6 bytes [48, B8, 09, C6, 30, 5C]
.text C:\Windows\system32\svchost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 000007fdb9a33ae9 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 000007fdb9a34041 6 bytes [48, B8, 09, 72, 30, 5C]
.text C:\Windows\system32\svchost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 000007fdb9a34049 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fdb9a34251 6 bytes [48, B8, 09, 2C, 30, 5C]
.text C:\Windows\system32\svchost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 000007fdb9a34259 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fdb9a34431 6 bytes [48, B8, C9, C7, 30, 5C]
.text C:\Windows\system32\svchost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 000007fdb9a34439 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fdb9a34541 6 bytes [48, B8, 89, DE, 30, 5C]
.text C:\Windows\system32\svchost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 000007fdb9a34549 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 000007fdb9a55bd1 11 bytes [b8, C9, 5E, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[2472] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 000007fdb9af3be1 11 bytes [b8, C9, 73, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[2472] C:\Windows\system32\KERNEL32.DLL!GetStartupInfoA + 1 000007fdb8a1d9bd 11 bytes [b8, 09, D4, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[2472] C:\Windows\system32\KERNEL32.DLL!CreateToolhelp32Snapshot 000007fdb8a24260 12 bytes [48, B8, C9, 34, 30, 5C, 00, ...]
.text C:\Windows\system32\svchost.exe[2472] C:\Windows\system32\KERNEL32.DLL!Process32NextW 000007fdb8a24814 12 bytes [48, B8, 89, C2, 30, 5C, 00, ...]
.text C:\Windows\system32\svchost.exe[2472] C:\Windows\system32\KERNELBASE.dll!CloseHandle 000007fdb6b91580 12 bytes [48, B8, 09, 48, 30, 5C, 00, ...]
.text C:\Windows\system32\svchost.exe[2472] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fdb6b928e9 11 bytes [b8, 49, B6, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[2472] C:\Windows\system32\KERNELBASE.dll!CreateMutexW + 1 000007fdb6b93411 11 bytes [b8, 49, 46, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[2472] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fdb6b94541 11 bytes [b8, 09, B8, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[2472] C:\Windows\system32\KERNELBASE.dll!CreateProcessInternalW 000007fdb6b9b970 12 bytes [48, B8, 89, 28, 30, 5C, 00, ...]
.text C:\Windows\system32\svchost.exe[2472] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fdb6baf590 12 bytes [48, B8, 89, B4, 30, 5C, 00, ...]
.text C:\Windows\system32\svchost.exe[2472] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fdb6baf679 11 bytes [b8, C9, B2, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[2472] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fdb6bbb6dd 11 bytes [b8, 89, 44, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[2472] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory + 1 000007fdb6bf5c01 11 bytes [b8, 49, 38, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[2472] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputW + 1 000007fdb6c2b2ed 11 bytes [b8, C9, 6C, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[2472] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputA + 1 000007fdb6c2b30d 11 bytes [b8, 09, 6B, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[2472] C:\Windows\system32\KERNELBASE.dll!ReadConsoleW 000007fdb6c2bcc0 12 bytes [48, B8, 49, 70, 30, 5C, 00, ...]
.text C:\Windows\system32\svchost.exe[2472] C:\Windows\system32\KERNELBASE.dll!ReadConsoleA 000007fdb6c2bd08 12 bytes [48, B8, 89, 6E, 30, 5C, 00, ...]
.text C:\Windows\system32\svchost.exe[2472] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread 000007fdb6c3720c 12 bytes [48, B8, C9, 1F, 30, 5C, 00, ...]
.text C:\Windows\system32\svchost.exe[2472] C:\Windows\system32\KERNELBASE.dll!CreateThread 000007fdb6c37250 12 bytes [48, B8, 89, 36, 30, 5C, 00, ...]
.text C:\Windows\system32\svchost.exe[2472] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fdb73ad138 12 bytes [48, B8, 49, 62, 30, 5C, 00, ...]
.text C:\Windows\system32\svchost.exe[2472] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fdb73ad1c0 12 bytes [48, B8, 89, 60, 30, 5C, 00, ...]
.text C:\Windows\system32\svchost.exe[2472] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW 000007fdb73ad350 12 bytes [48, B8, 09, 56, 30, 5C, 00, ...]
.text C:\Windows\system32\svchost.exe[2472] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007fdb73ad3e8 12 bytes [48, B8, 49, 54, 30, 5C, 00, ...]
.text C:\Windows\system32\svchost.exe[2472] C:\Windows\system32\USER32.dll!PeekMessageW + 1 000007fdb8b510c1 11 bytes [b8, 49, 69, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[2472] C:\Windows\system32\USER32.dll!CallNextHookEx + 1 000007fdb8b51881 11 bytes [b8, 89, 75, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[2472] C:\Windows\system32\USER32.dll!GetMessageW 000007fdb8b51ed0 12 bytes [48, B8, C9, 65, 30, 5C, 00, ...]
.text C:\Windows\system32\svchost.exe[2472] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx 000007fdb8b52120 6 bytes [48, B8, 49, 77, 30, 5C]
.text C:\Windows\system32\svchost.exe[2472] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx + 8 000007fdb8b52128 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[2472] C:\Windows\system32\USER32.dll!PeekMessageA + 1 000007fdb8b55571 11 bytes [b8, 89, 67, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[2472] C:\Windows\system32\USER32.dll!GetMessageA 000007fdb8b55720 12 bytes [48, B8, 09, 64, 30, 5C, 00, ...]
.text C:\Windows\system32\svchost.exe[2472] C:\Windows\system32\USER32.dll!UserClientDllInitialize + 1 000007fdb8b557b1 11 bytes [b8, C9, E3, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[2472] C:\Windows\system32\USER32.dll!SetWindowTextW 000007fdb8b57430 12 bytes [48, B8, 89, A6, 30, 5C, 00, ...]
.text C:\Windows\system32\svchost.exe[2472] C:\Windows\system32\USER32.dll!FindWindowW 000007fdb8b5b160 12 bytes [48, B8, 49, BD, 30, 5C, 00, ...]
.text C:\Windows\system32\svchost.exe[2472] C:\Windows\system32\USER32.dll!SetWindowsHookExW 000007fdb8b5bee0 12 bytes [48, B8, 09, 1E, 30, 5C, 00, ...]
.text C:\Windows\system32\svchost.exe[2472] C:\Windows\system32\USER32.dll!CreateWindowExW + 1 000007fdb8b5c5b1 5 bytes [b8, 89, 98, 30, 5C]
.text C:\Windows\system32\svchost.exe[2472] C:\Windows\system32\USER32.dll!CreateWindowExW + 7 000007fdb8b5c5b7 5 bytes [00, 00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[2472] C:\Windows\system32\USER32.dll!CreateWindowExA + 1 000007fdb8b66261 5 bytes [b8, 49, 9A, 30, 5C]
.text C:\Windows\system32\svchost.exe[2472] C:\Windows\system32\USER32.dll!CreateWindowExA + 7 000007fdb8b66267 5 bytes [00, 00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[2472] C:\Windows\system32\USER32.dll!FindWindowExW 000007fdb8b685c0 12 bytes [48, B8, 09, BF, 30, 5C, 00, ...]
.text C:\Windows\system32\svchost.exe[2472] C:\Windows\system32\USER32.dll!FindWindowExA + 1 000007fdb8b68aa1 11 bytes [b8, 89, BB, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[2472] C:\Windows\system32\USER32.dll!CreateDialogIndirectParamAorW + 1 000007fdb8b6da61 11 bytes [b8, C9, 9D, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[2472] C:\Windows\system32\USER32.dll!DialogBoxIndirectParamAorW + 1 000007fdb8b7b8e1 11 bytes [b8, 89, 9F, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[2472] C:\Windows\system32\USER32.dll!SetWindowsHookExA + 1 000007fdb8b81851 8 bytes [b8, 49, 1C, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[2472] C:\Windows\system32\USER32.dll!SetWindowsHookExA + 10 000007fdb8b8185a 2 bytes [50, C3]
.text C:\Windows\system32\svchost.exe[2472] C:\Windows\system32\USER32.dll!MessageBoxExW + 1 000007fdb8bc02ed 11 bytes [b8, 09, A3, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[2472] C:\Windows\system32\USER32.dll!MessageBoxExA + 1 000007fdb8bc0311 11 bytes [b8, 49, A1, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[2472] C:\Windows\system32\USER32.dll!SetWindowTextA + 1 000007fdb8bc8211 11 bytes [b8, C9, A4, 30, 5C, 00, 00, ...]
.text C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fdb9a32ea0 6 bytes [48, B8, 30, 08, 16, 02]
.text C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe[2564] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 000007fdb9a32ea8 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe[2564] C:\Windows\system32\KERNEL32.DLL!UnhandledExceptionFilter + 1 000007fdb8ad4695 5 bytes [b8, 30, 08, 21, 02]
.text C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe[2564] C:\Windows\system32\KERNEL32.DLL!UnhandledExceptionFilter + 7 000007fdb8ad469b 5 bytes [00, 00, 00, 50, C3]
.text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 000007fdb9a32c60 6 bytes [48, B8, 49, E0, 30, 5C]
.text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 000007fdb9a32c68 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000007fdb9a32cd0 6 bytes [48, B8, 49, C4, 30, 5C]
.text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 000007fdb9a32cd8 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000007fdb9a32da0 6 bytes [48, B8, 09, B1, 30, 5C]
.text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 000007fdb9a32da8 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fdb9a32e40 6 bytes [48, B8, C9, 2D, 30, 5C]
.text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 000007fdb9a32e48 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000007fdb9a32e60 6 bytes [48, B8, C9, 18, 30, 5C]
.text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000007fdb9a32e68 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000007fdb9a32e80 6 bytes [48, B8, 89, 1A, 30, 5C]
.text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 000007fdb9a32e88 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fdb9a32ea0 6 bytes [48, B8, 49, AF, 30, 5C]
.text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 000007fdb9a32ea8 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fdb9a32f50 6 bytes [48, B8, C9, DC, 30, 5C]
.text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 000007fdb9a32f58 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fdb9a32f80 6 bytes [48, B8, 49, 2A, 30, 5C]
.text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 000007fdb9a32f88 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fdb9a32fa0 6 bytes [48, B8, 49, 31, 30, 5C]
.text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 000007fdb9a32fa8 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000007fdb9a33030 6 bytes [48, B8, 89, 2F, 30, 5C]
.text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 000007fdb9a33038 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fdb9a33080 6 bytes [48, B8, 09, E2, 30, 5C]
.text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 000007fdb9a33088 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 000007fdb9a330b0 6 bytes [48, B8, C9, 26, 30, 5C]
.text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 000007fdb9a330b8 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fdb9a330c0 6 bytes [48, B8, 49, 23, 30, 5C]
.text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 000007fdb9a330c8 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000007fdb9a33130 6 bytes [48, B8, 89, DE, 30, 5C]
.text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000007fdb9a33138 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000007fdb9a331e1 6 bytes [48, B8, 89, E5, 30, 5C]
.text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 000007fdb9a331e9 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fdb9a33641 6 bytes [48, B8, 09, DB, 30, 5C]
.text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 000007fdb9a33649 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 000007fdb9a33691 6 bytes [48, B8, 09, 25, 30, 5C]
.text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 000007fdb9a33699 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fdb9a336f1 6 bytes [48, B8, 89, 21, 30, 5C]
.text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 000007fdb9a336f9 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fdb9a33ae1 6 bytes [48, B8, 09, C6, 30, 5C]
.text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 000007fdb9a33ae9 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 000007fdb9a34041 6 bytes [48, B8, 09, 72, 30, 5C]
.text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 000007fdb9a34049 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fdb9a34251 6 bytes [48, B8, 09, 2C, 30, 5C]
.text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 000007fdb9a34259 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fdb9a34431 6 bytes [48, B8, C9, C7, 30, 5C]
.text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 000007fdb9a34439 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fdb9a34541 6 bytes [48, B8, C9, E3, 30, 5C]
.text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 000007fdb9a34549 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fdb9a34651 6 bytes [48, B8, C9, D5, 30, 5C]
.text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 000007fdb9a34659 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 000007fdb9a55bd1 11 bytes [b8, C9, 5E, 30, 5C, 00, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 000007fdb9af3be1 11 bytes [b8, C9, 73, 30, 5C, 00, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\system32\KERNEL32.DLL!GetStartupInfoA + 1 000007fdb8a1d9bd 11 bytes [b8, 09, D4, 30, 5C, 00, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\system32\KERNEL32.DLL!CreateToolhelp32Snapshot 000007fdb8a24260 12 bytes [48, B8, C9, 34, 30, 5C, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\system32\KERNEL32.DLL!Process32NextW 000007fdb8a24814 12 bytes [48, B8, 89, C2, 30, 5C, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\system32\KERNELBASE.dll!CloseHandle 000007fdb6b91580 12 bytes [48, B8, 09, 48, 30, 5C, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fdb6b928e9 11 bytes [b8, 49, B6, 30, 5C, 00, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\system32\KERNELBASE.dll!CreateMutexW + 1 000007fdb6b93411 11 bytes [b8, 49, 46, 30, 5C, 00, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fdb6b94541 11 bytes [b8, 09, B8, 30, 5C, 00, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\system32\KERNELBASE.dll!CreateProcessInternalW 000007fdb6b9b970 12 bytes [48, B8, 89, 28, 30, 5C, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fdb6baf590 12 bytes [48, B8, 89, B4, 30, 5C, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fdb6baf679 11 bytes [b8, C9, B2, 30, 5C, 00, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fdb6bbb6dd 11 bytes [b8, 89, 44, 30, 5C, 00, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory + 1 000007fdb6bf5c01 11 bytes [b8, 49, 38, 30, 5C, 00, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputW + 1 000007fdb6c2b2ed 11 bytes [b8, C9, 6C, 30, 5C, 00, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputA + 1 000007fdb6c2b30d 11 bytes [b8, 09, 6B, 30, 5C, 00, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\system32\KERNELBASE.dll!ReadConsoleW 000007fdb6c2bcc0 12 bytes [48, B8, 49, 70, 30, 5C, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\system32\KERNELBASE.dll!ReadConsoleA 000007fdb6c2bd08 12 bytes [48, B8, 89, 6E, 30, 5C, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread 000007fdb6c3720c 12 bytes [48, B8, C9, 1F, 30, 5C, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\system32\KERNELBASE.dll!CreateThread 000007fdb6c37250 12 bytes [48, B8, 89, 36, 30, 5C, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fdb73ad138 12 bytes [48, B8, 49, 62, 30, 5C, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fdb73ad1c0 12 bytes [48, B8, 89, 60, 30, 5C, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW 000007fdb73ad350 12 bytes [48, B8, 09, 56, 30, 5C, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007fdb73ad3e8 12 bytes [48, B8, 49, 54, 30, 5C, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\system32\USER32.dll!PeekMessageW + 1 000007fdb8b510c1 11 bytes [b8, 49, 69, 30, 5C, 00, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\system32\USER32.dll!CallNextHookEx + 1 000007fdb8b51881 11 bytes [b8, 89, 75, 30, 5C, 00, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\system32\USER32.dll!GetMessageW 000007fdb8b51ed0 12 bytes [48, B8, C9, 65, 30, 5C, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx 000007fdb8b52120 6 bytes [48, B8, 49, 77, 30, 5C]
.text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx + 8 000007fdb8b52128 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\system32\USER32.dll!PostMessageW + 1 000007fdb8b524a1 11 bytes [b8, 49, D9, 30, 5C, 00, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\system32\USER32.dll!PeekMessageA + 1 000007fdb8b55571 11 bytes [b8, 89, 67, 30, 5C, 00, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\system32\USER32.dll!GetMessageA 000007fdb8b55720 12 bytes [48, B8, 09, 64, 30, 5C, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\system32\USER32.dll!UserClientDllInitialize + 1 000007fdb8b557b1 11 bytes [b8, 09, E9, 30, 5C, 00, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\system32\USER32.dll!SetWindowTextW 000007fdb8b57430 12 bytes [48, B8, 89, A6, 30, 5C, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\system32\USER32.dll!FindWindowW 000007fdb8b5b160 12 bytes [48, B8, 49, BD, 30, 5C, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\system32\USER32.dll!SetWindowsHookExW 000007fdb8b5bee0 12 bytes [48, B8, 09, 1E, 30, 5C, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\system32\USER32.dll!CreateWindowExW + 1 000007fdb8b5c5b1 5 bytes [b8, 89, 98, 30, 5C]
.text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\system32\USER32.dll!CreateWindowExW + 7 000007fdb8b5c5b7 5 bytes [00, 00, 00, 50, C3]
.text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\system32\USER32.dll!PostMessageA + 1 000007fdb8b65061 11 bytes [b8, 89, D7, 30, 5C, 00, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\system32\USER32.dll!CreateWindowExA + 1 000007fdb8b66261 5 bytes [b8, 49, 9A, 30, 5C]
.text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\system32\USER32.dll!CreateWindowExA + 7 000007fdb8b66267 5 bytes [00, 00, 00, 50, C3]
.text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\system32\USER32.dll!FindWindowExW 000007fdb8b685c0 12 bytes [48, B8, 09, BF, 30, 5C, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\system32\USER32.dll!FindWindowExA + 1 000007fdb8b68aa1 11 bytes [b8, 89, BB, 30, 5C, 00, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\system32\USER32.dll!CreateDialogIndirectParamAorW + 1 000007fdb8b6da61 11 bytes [b8, C9, 9D, 30, 5C, 00, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\system32\USER32.dll!DialogBoxIndirectParamAorW + 1 000007fdb8b7b8e1 11 bytes [b8, 89, 9F, 30, 5C, 00, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\system32\USER32.dll!SetWindowsHookExA + 1 000007fdb8b81851 8 bytes [b8, 49, 1C, 30, 5C, 00, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\system32\USER32.dll!SetWindowsHookExA + 10 000007fdb8b8185a 2 bytes [50, C3]
.text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\system32\USER32.dll!MessageBoxExW + 1 000007fdb8bc02ed 11 bytes [b8, 09, A3, 30, 5C, 00, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\system32\USER32.dll!MessageBoxExA + 1 000007fdb8bc0311 11 bytes [b8, 49, A1, 30, 5C, 00, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[3268] C:\Windows\system32\USER32.dll!SetWindowTextA + 1 000007fdb8bc8211 11 bytes [b8, C9, A4, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 000007fdb9a32c60 6 bytes [48, B8, 09, DB, 30, 5C]
.text C:\Windows\system32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 000007fdb9a32c68 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000007fdb9a32cd0 6 bytes [48, B8, 49, C4, 30, 5C]
.text C:\Windows\system32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 000007fdb9a32cd8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000007fdb9a32da0 6 bytes [48, B8, 09, B1, 30, 5C]
.text C:\Windows\system32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 000007fdb9a32da8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fdb9a32e40 6 bytes [48, B8, C9, 2D, 30, 5C]
.text C:\Windows\system32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 000007fdb9a32e48 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000007fdb9a32e60 6 bytes [48, B8, C9, 18, 30, 5C]
.text C:\Windows\system32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000007fdb9a32e68 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000007fdb9a32e80 6 bytes [48, B8, 89, 1A, 30, 5C]
.text C:\Windows\system32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 000007fdb9a32e88 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fdb9a32ea0 6 bytes [48, B8, 49, AF, 30, 5C]
.text C:\Windows\system32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 000007fdb9a32ea8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fdb9a32f50 6 bytes [48, B8, 89, D7, 30, 5C]
.text C:\Windows\system32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 000007fdb9a32f58 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fdb9a32f80 6 bytes [48, B8, 49, 2A, 30, 5C]
.text C:\Windows\system32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 000007fdb9a32f88 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fdb9a32fa0 6 bytes [48, B8, 49, 31, 30, 5C]
.text C:\Windows\system32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 000007fdb9a32fa8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000007fdb9a33030 6 bytes [48, B8, 89, 2F, 30, 5C]
.text C:\Windows\system32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 000007fdb9a33038 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fdb9a33080 6 bytes [48, B8, C9, DC, 30, 5C]
.text C:\Windows\system32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 000007fdb9a33088 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 000007fdb9a330b0 6 bytes [48, B8, C9, 26, 30, 5C]
.text C:\Windows\system32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 000007fdb9a330b8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fdb9a330c0 6 bytes [48, B8, 49, 23, 30, 5C]
.text C:\Windows\system32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 000007fdb9a330c8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000007fdb9a33130 6 bytes [48, B8, 49, D9, 30, 5C]
.text C:\Windows\system32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000007fdb9a33138 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000007fdb9a331e1 6 bytes [48, B8, 49, E0, 30, 5C]
.text C:\Windows\system32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 000007fdb9a331e9 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fdb9a33641 6 bytes [48, B8, C9, D5, 30, 5C]
.text C:\Windows\system32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 000007fdb9a33649 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 000007fdb9a33691 6 bytes [48, B8, 09, 25, 30, 5C]
.text C:\Windows\system32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 000007fdb9a33699 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fdb9a336f1 6 bytes [48, B8, 89, 21, 30, 5C]
.text C:\Windows\system32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 000007fdb9a336f9 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fdb9a33ae1 6 bytes [48, B8, 09, C6, 30, 5C]
.text C:\Windows\system32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 000007fdb9a33ae9 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 000007fdb9a34041 6 bytes [48, B8, 09, 72, 30, 5C]
.text C:\Windows\system32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 000007fdb9a34049 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fdb9a34251 6 bytes [48, B8, 09, 2C, 30, 5C]
.text C:\Windows\system32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 000007fdb9a34259 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fdb9a34431 6 bytes [48, B8, C9, C7, 30, 5C]
.text C:\Windows\system32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 000007fdb9a34439 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fdb9a34541 6 bytes [48, B8, 89, DE, 30, 5C]
.text C:\Windows\system32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 000007fdb9a34549 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 000007fdb9a55bd1 11 bytes [b8, C9, 5E, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[3984] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 000007fdb9af3be1 11 bytes [b8, C9, 73, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[3984] C:\Windows\system32\KERNEL32.DLL!GetStartupInfoA + 1 000007fdb8a1d9bd 11 bytes [b8, 09, D4, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[3984] C:\Windows\system32\KERNEL32.DLL!CreateToolhelp32Snapshot 000007fdb8a24260 12 bytes [48, B8, C9, 34, 30, 5C, 00, ...]
.text C:\Windows\system32\svchost.exe[3984] C:\Windows\system32\KERNEL32.DLL!Process32NextW 000007fdb8a24814 12 bytes [48, B8, 89, C2, 30, 5C, 00, ...]
.text C:\Windows\system32\svchost.exe[3984] C:\Windows\system32\KERNELBASE.dll!CloseHandle 000007fdb6b91580 12 bytes [48, B8, 09, 48, 30, 5C, 00, ...]
.text C:\Windows\system32\svchost.exe[3984] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fdb6b928e9 11 bytes [b8, 49, B6, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[3984] C:\Windows\system32\KERNELBASE.dll!CreateMutexW + 1 000007fdb6b93411 11 bytes [b8, 49, 46, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[3984] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fdb6b94541 11 bytes [b8, 09, B8, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[3984] C:\Windows\system32\KERNELBASE.dll!CreateProcessInternalW 000007fdb6b9b970 12 bytes [48, B8, 89, 28, 30, 5C, 00, ...]
.text C:\Windows\system32\svchost.exe[3984] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fdb6baf590 12 bytes [48, B8, 89, B4, 30, 5C, 00, ...]
.text C:\Windows\system32\svchost.exe[3984] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fdb6baf679 11 bytes [b8, C9, B2, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[3984] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fdb6bbb6dd 11 bytes [b8, 89, 44, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[3984] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory + 1 000007fdb6bf5c01 11 bytes [b8, 49, 38, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[3984] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputW + 1 000007fdb6c2b2ed 11 bytes [b8, C9, 6C, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[3984] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputA + 1 000007fdb6c2b30d 11 bytes [b8, 09, 6B, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[3984] C:\Windows\system32\KERNELBASE.dll!ReadConsoleW 000007fdb6c2bcc0 12 bytes [48, B8, 49, 70, 30, 5C, 00, ...]
.text C:\Windows\system32\svchost.exe[3984] C:\Windows\system32\KERNELBASE.dll!ReadConsoleA 000007fdb6c2bd08 12 bytes [48, B8, 89, 6E, 30, 5C, 00, ...]
.text C:\Windows\system32\svchost.exe[3984] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread 000007fdb6c3720c 12 bytes [48, B8, C9, 1F, 30, 5C, 00, ...]
.text C:\Windows\system32\svchost.exe[3984] C:\Windows\system32\KERNELBASE.dll!CreateThread 000007fdb6c37250 12 bytes [48, B8, 89, 36, 30, 5C, 00, ...]
.text C:\Windows\system32\svchost.exe[3984] C:\Windows\SYSTEM32\user32.dll!PeekMessageW + 1 000007fdb8b510c1 11 bytes [b8, 49, 69, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[3984] C:\Windows\SYSTEM32\user32.dll!CallNextHookEx + 1 000007fdb8b51881 11 bytes [b8, 89, 75, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[3984] C:\Windows\SYSTEM32\user32.dll!GetMessageW 000007fdb8b51ed0 12 bytes [48, B8, C9, 65, 30, 5C, 00, ...]
.text C:\Windows\system32\svchost.exe[3984] C:\Windows\SYSTEM32\user32.dll!UnhookWindowsHookEx 000007fdb8b52120 6 bytes [48, B8, 49, 77, 30, 5C]
.text C:\Windows\system32\svchost.exe[3984] C:\Windows\SYSTEM32\user32.dll!UnhookWindowsHookEx + 8 000007fdb8b52128 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[3984] C:\Windows\SYSTEM32\user32.dll!PeekMessageA + 1 000007fdb8b55571 11 bytes [b8, 89, 67, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[3984] C:\Windows\SYSTEM32\user32.dll!GetMessageA 000007fdb8b55720 12 bytes [48, B8, 09, 64, 30, 5C, 00, ...]
.text C:\Windows\system32\svchost.exe[3984] C:\Windows\SYSTEM32\user32.dll!UserClientDllInitialize + 1 000007fdb8b557b1 11 bytes [b8, 09, E2, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[3984] C:\Windows\SYSTEM32\user32.dll!SetWindowTextW 000007fdb8b57430 12 bytes [48, B8, 89, A6, 30, 5C, 00, ...]
.text C:\Windows\system32\svchost.exe[3984] C:\Windows\SYSTEM32\user32.dll!FindWindowW 000007fdb8b5b160 12 bytes [48, B8, 49, BD, 30, 5C, 00, ...]
.text C:\Windows\system32\svchost.exe[3984] C:\Windows\SYSTEM32\user32.dll!SetWindowsHookExW 000007fdb8b5bee0 12 bytes [48, B8, 09, 1E, 30, 5C, 00, ...]
.text C:\Windows\system32\svchost.exe[3984] C:\Windows\SYSTEM32\user32.dll!CreateWindowExW + 1 000007fdb8b5c5b1 5 bytes [b8, 89, 98, 30, 5C]
.text C:\Windows\system32\svchost.exe[3984] C:\Windows\SYSTEM32\user32.dll!CreateWindowExW + 7 000007fdb8b5c5b7 5 bytes [00, 00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[3984] C:\Windows\SYSTEM32\user32.dll!CreateWindowExA + 1 000007fdb8b66261 5 bytes [b8, 49, 9A, 30, 5C]
.text C:\Windows\system32\svchost.exe[3984] C:\Windows\SYSTEM32\user32.dll!CreateWindowExA + 7 000007fdb8b66267 5 bytes [00, 00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[3984] C:\Windows\SYSTEM32\user32.dll!FindWindowExW 000007fdb8b685c0 12 bytes [48, B8, 09, BF, 30, 5C, 00, ...]
.text C:\Windows\system32\svchost.exe[3984] C:\Windows\SYSTEM32\user32.dll!FindWindowExA + 1 000007fdb8b68aa1 11 bytes [b8, 89, BB, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[3984] C:\Windows\SYSTEM32\user32.dll!CreateDialogIndirectParamAorW + 1 000007fdb8b6da61 11 bytes [b8, C9, 9D, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[3984] C:\Windows\SYSTEM32\user32.dll!DialogBoxIndirectParamAorW + 1 000007fdb8b7b8e1 11 bytes [b8, 89, 9F, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[3984] C:\Windows\SYSTEM32\user32.dll!SetWindowsHookExA + 1 000007fdb8b81851 8 bytes [b8, 49, 1C, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[3984] C:\Windows\SYSTEM32\user32.dll!SetWindowsHookExA + 10 000007fdb8b8185a 2 bytes [50, C3]
.text C:\Windows\system32\svchost.exe[3984] C:\Windows\SYSTEM32\user32.dll!MessageBoxExW + 1 000007fdb8bc02ed 11 bytes [b8, 09, A3, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[3984] C:\Windows\SYSTEM32\user32.dll!MessageBoxExA + 1 000007fdb8bc0311 11 bytes [b8, 49, A1, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[3984] C:\Windows\SYSTEM32\user32.dll!SetWindowTextA + 1 000007fdb8bc8211 11 bytes [b8, C9, A4, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[3984] C:\Windows\system32\WS2_32.dll!closesocket 000007fdb8ce1cd0 10 bytes [48, B8, C9, AB, 30, 5C, 00, ...]
.text C:\Windows\system32\svchost.exe[3984] C:\Windows\system32\WS2_32.dll!closesocket + 11 000007fdb8ce1cdb 1 byte [C3]
.text C:\Windows\system32\svchost.exe[3984] C:\Windows\system32\WS2_32.dll!recv + 1 000007fdb8ce1f41 11 bytes [b8, C9, CE, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[3984] C:\Windows\system32\WS2_32.dll!WSASocketW 000007fdb8ce24d0 12 bytes [48, B8, 09, AA, 30, 5C, 00, ...]
.text C:\Windows\system32\svchost.exe[3984] C:\Windows\system32\WS2_32.dll!socket + 1 000007fdb8ce2a91 11 bytes [b8, 89, C9, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[3984] C:\Windows\system32\WS2_32.dll!send + 1 000007fdb8ce3051 11 bytes [b8, 49, A8, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[3984] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 000007fdb8ce3930 12 bytes [48, B8, 09, 95, 30, 5C, 00, ...]
.text C:\Windows\system32\svchost.exe[3984] C:\Windows\system32\WS2_32.dll!connect 000007fdb8ce4940 12 bytes [48, B8, 09, 5D, 30, 5C, 00, ...]
.text C:\Windows\system32\svchost.exe[3984] C:\Windows\system32\WS2_32.dll!gethostbyname 000007fdb8cee910 7 bytes [48, B8, C9, 96, 30, 5C, 00]
.text C:\Windows\system32\svchost.exe[3984] C:\Windows\system32\WS2_32.dll!gethostbyname + 9 000007fdb8cee919 3 bytes [00, 50, C3]
.text C:\Windows\system32\svchost.exe[3984] C:\Windows\system32\WS2_32.dll!WSASend + 1 000007fdb8cf2e81 11 bytes [b8, 89, AD, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[3984] C:\Windows\system32\WS2_32.dll!WSARecv + 1 000007fdb8cf3141 11 bytes [b8, 89, D0, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[3984] C:\Windows\system32\WS2_32.dll!WSAConnect + 1 000007fdb8cf76e1 11 bytes [b8, 09, CD, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 000007fdb9a32c60 6 bytes [48, B8, 49, E0, 30, 5C]
.text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 000007fdb9a32c68 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000007fdb9a32cd0 6 bytes [48, B8, 49, C4, 30, 5C]
.text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 000007fdb9a32cd8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000007fdb9a32da0 6 bytes [48, B8, 09, B1, 30, 5C]
.text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 000007fdb9a32da8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fdb9a32e40 6 bytes [48, B8, C9, 2D, 30, 5C]
.text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 000007fdb9a32e48 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000007fdb9a32e60 6 bytes [48, B8, C9, 18, 30, 5C]
.text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000007fdb9a32e68 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000007fdb9a32e80 6 bytes [48, B8, 89, 1A, 30, 5C]
.text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 000007fdb9a32e88 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fdb9a32ea0 6 bytes [48, B8, 49, AF, 30, 5C]
.text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 000007fdb9a32ea8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fdb9a32f50 6 bytes [48, B8, C9, DC, 30, 5C]
.text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 000007fdb9a32f58 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fdb9a32f80 6 bytes [48, B8, 49, 2A, 30, 5C]
.text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 000007fdb9a32f88 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fdb9a32fa0 6 bytes [48, B8, 49, 31, 30, 5C]
.text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 000007fdb9a32fa8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000007fdb9a33030 6 bytes [48, B8, 89, 2F, 30, 5C]
.text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 000007fdb9a33038 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fdb9a33080 6 bytes [48, B8, 09, E2, 30, 5C]
.text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 000007fdb9a33088 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 000007fdb9a330b0 6 bytes [48, B8, C9, 26, 30, 5C]
.text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 000007fdb9a330b8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fdb9a330c0 6 bytes [48, B8, 49, 23, 30, 5C]
.text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 000007fdb9a330c8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000007fdb9a33130 6 bytes [48, B8, 89, DE, 30, 5C]
.text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000007fdb9a33138 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000007fdb9a331e1 6 bytes [48, B8, 89, E5, 30, 5C]
.text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 000007fdb9a331e9 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fdb9a33641 6 bytes [48, B8, 09, DB, 30, 5C]
.text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 000007fdb9a33649 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 000007fdb9a33691 6 bytes [48, B8, 09, 25, 30, 5C]
.text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 000007fdb9a33699 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fdb9a336f1 6 bytes [48, B8, 89, 21, 30, 5C]
.text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 000007fdb9a336f9 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fdb9a33ae1 6 bytes [48, B8, 09, C6, 30, 5C]
.text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 000007fdb9a33ae9 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 000007fdb9a34041 6 bytes [48, B8, 09, 72, 30, 5C]
.text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 000007fdb9a34049 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fdb9a34251 6 bytes [48, B8, 09, 2C, 30, 5C]
.text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 000007fdb9a34259 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fdb9a34431 6 bytes [48, B8, C9, C7, 30, 5C]
.text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 000007fdb9a34439 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fdb9a34541 6 bytes [48, B8, C9, E3, 30, 5C]
.text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 000007fdb9a34549 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fdb9a34651 6 bytes [48, B8, C9, D5, 30, 5C]
.text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 000007fdb9a34659 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 000007fdb9a55bd1 11 bytes [b8, C9, 5E, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 000007fdb9af3be1 11 bytes [b8, C9, 73, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\system32\KERNEL32.DLL!GetStartupInfoA + 1 000007fdb8a1d9bd 11 bytes [b8, 09, D4, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\system32\KERNEL32.DLL!CreateToolhelp32Snapshot 000007fdb8a24260 12 bytes [48, B8, C9, 34, 30, 5C, 00, ...]
.text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\system32\KERNEL32.DLL!Process32NextW 000007fdb8a24814 12 bytes [48, B8, 89, C2, 30, 5C, 00, ...]
.text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\system32\KERNELBASE.dll!CloseHandle 000007fdb6b91580 12 bytes [48, B8, 09, 48, 30, 5C, 00, ...]
.text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fdb6b928e9 11 bytes [b8, 49, B6, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\system32\KERNELBASE.dll!CreateMutexW + 1 000007fdb6b93411 11 bytes [b8, 49, 46, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fdb6b94541 11 bytes [b8, 09, B8, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\system32\KERNELBASE.dll!CreateProcessInternalW 000007fdb6b9b970 12 bytes [48, B8, 89, 28, 30, 5C, 00, ...]
.text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fdb6baf590 12 bytes [48, B8, 89, B4, 30, 5C, 00, ...]
.text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fdb6baf679 11 bytes [b8, C9, B2, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fdb6bbb6dd 11 bytes [b8, 89, 44, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory + 1 000007fdb6bf5c01 11 bytes [b8, 49, 38, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputW + 1 000007fdb6c2b2ed 11 bytes [b8, C9, 6C, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputA + 1 000007fdb6c2b30d 11 bytes [b8, 09, 6B, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\system32\KERNELBASE.dll!ReadConsoleW 000007fdb6c2bcc0 12 bytes [48, B8, 49, 70, 30, 5C, 00, ...]
.text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\system32\KERNELBASE.dll!ReadConsoleA 000007fdb6c2bd08 12 bytes [48, B8, 89, 6E, 30, 5C, 00, ...]
.text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread 000007fdb6c3720c 12 bytes [48, B8, C9, 1F, 30, 5C, 00, ...]
.text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\system32\KERNELBASE.dll!CreateThread 000007fdb6c37250 12 bytes [48, B8, 89, 36, 30, 5C, 00, ...]
.text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fdb73ad138 12 bytes [48, B8, 49, 62, 30, 5C, 00, ...]
.text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fdb73ad1c0 12 bytes [48, B8, 89, 60, 30, 5C, 00, ...]
.text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW 000007fdb73ad350 12 bytes [48, B8, 09, 56, 30, 5C, 00, ...]
.text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007fdb73ad3e8 12 bytes [48, B8, 49, 54, 30, 5C, 00, ...]
.text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\system32\USER32.dll!PeekMessageW + 1 000007fdb8b510c1 11 bytes [b8, 49, 69, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\system32\USER32.dll!CallNextHookEx + 1 000007fdb8b51881 11 bytes [b8, 89, 75, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\system32\USER32.dll!GetMessageW 000007fdb8b51ed0 12 bytes [48, B8, C9, 65, 30, 5C, 00, ...]
.text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx 000007fdb8b52120 6 bytes [48, B8, 49, 77, 30, 5C]
.text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx + 8 000007fdb8b52128 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\system32\USER32.dll!PostMessageW + 1 000007fdb8b524a1 11 bytes [b8, 49, D9, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\system32\USER32.dll!PeekMessageA + 1 000007fdb8b55571 11 bytes [b8, 89, 67, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\system32\USER32.dll!GetMessageA 000007fdb8b55720 12 bytes [48, B8, 09, 64, 30, 5C, 00, ...]
.text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\system32\USER32.dll!UserClientDllInitialize + 1 000007fdb8b557b1 11 bytes [b8, 09, E9, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\system32\USER32.dll!SetWindowTextW 000007fdb8b57430 12 bytes [48, B8, 89, A6, 30, 5C, 00, ...]
.text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\system32\USER32.dll!FindWindowW 000007fdb8b5b160 12 bytes [48, B8, 49, BD, 30, 5C, 00, ...]
.text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\system32\USER32.dll!SetWindowsHookExW 000007fdb8b5bee0 12 bytes [48, B8, 09, 1E, 30, 5C, 00, ...]
.text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\system32\USER32.dll!CreateWindowExW + 1 000007fdb8b5c5b1 5 bytes [b8, 89, 98, 30, 5C]
.text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\system32\USER32.dll!CreateWindowExW + 7 000007fdb8b5c5b7 5 bytes [00, 00, 00, 50, C3]
.text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\system32\USER32.dll!PostMessageA + 1 000007fdb8b65061 11 bytes [b8, 89, D7, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\system32\USER32.dll!CreateWindowExA + 1 000007fdb8b66261 5 bytes [b8, 49, 9A, 30, 5C]
.text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\system32\USER32.dll!CreateWindowExA + 7 000007fdb8b66267 5 bytes [00, 00, 00, 50, C3]
.text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\system32\USER32.dll!FindWindowExW 000007fdb8b685c0 12 bytes [48, B8, 09, BF, 30, 5C, 00, ...]
.text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\system32\USER32.dll!FindWindowExA + 1 000007fdb8b68aa1 11 bytes [b8, 89, BB, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\system32\USER32.dll!CreateDialogIndirectParamAorW + 1 000007fdb8b6da61 11 bytes [b8, C9, 9D, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\system32\USER32.dll!DialogBoxIndirectParamAorW + 1 000007fdb8b7b8e1 11 bytes [b8, 89, 9F, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\system32\USER32.dll!SetWindowsHookExA + 1 000007fdb8b81851 8 bytes [b8, 49, 1C, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\system32\USER32.dll!SetWindowsHookExA + 10 000007fdb8b8185a 2 bytes [50, C3]
.text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\system32\USER32.dll!MessageBoxExW + 1 000007fdb8bc02ed 11 bytes [b8, 09, A3, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\system32\USER32.dll!MessageBoxExA + 1 000007fdb8bc0311 11 bytes [b8, 49, A1, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\system32\USER32.dll!SetWindowTextA + 1 000007fdb8bc8211 11 bytes [b8, C9, A4, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\system32\SHELL32.dll!Shell_NotifyIconW + 1 000007fdb75dd181 11 bytes [b8, 09, 79, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\system32\WS2_32.dll!closesocket 000007fdb8ce1cd0 10 bytes [48, B8, C9, AB, 30, 5C, 00, ...]
.text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\system32\WS2_32.dll!closesocket + 11 000007fdb8ce1cdb 1 byte [C3]
.text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\system32\WS2_32.dll!recv + 1 000007fdb8ce1f41 11 bytes [b8, C9, CE, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\system32\WS2_32.dll!WSASocketW 000007fdb8ce24d0 12 bytes [48, B8, 09, AA, 30, 5C, 00, ...]
.text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\system32\WS2_32.dll!socket + 1 000007fdb8ce2a91 11 bytes [b8, 89, C9, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\system32\WS2_32.dll!send + 1 000007fdb8ce3051 11 bytes [b8, 49, A8, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 000007fdb8ce3930 12 bytes [48, B8, 09, 95, 30, 5C, 00, ...]
.text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\system32\WS2_32.dll!connect 000007fdb8ce4940 12 bytes [48, B8, 09, 5D, 30, 5C, 00, ...]
.text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\system32\WS2_32.dll!gethostbyname 000007fdb8cee910 7 bytes [48, B8, C9, 96, 30, 5C, 00]
.text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\system32\WS2_32.dll!gethostbyname + 9 000007fdb8cee919 3 bytes [00, 50, C3]
.text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\system32\WS2_32.dll!WSASend + 1 000007fdb8cf2e81 11 bytes [b8, 89, AD, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\system32\WS2_32.dll!WSARecv + 1 000007fdb8cf3141 11 bytes [b8, 89, D0, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\SearchIndexer.exe[3132] C:\Windows\system32\WS2_32.dll!WSAConnect + 1 000007fdb8cf76e1 11 bytes [b8, 09, CD, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 000007fdb9a32c60 6 bytes [48, B8, 49, E0, 30, 5C]
.text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 000007fdb9a32c68 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000007fdb9a32cd0 6 bytes [48, B8, 49, C4, 30, 5C]
.text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 000007fdb9a32cd8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000007fdb9a32da0 6 bytes [48, B8, 09, B1, 30, 5C]
.text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 000007fdb9a32da8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fdb9a32e40 6 bytes [48, B8, C9, 2D, 30, 5C]
.text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 000007fdb9a32e48 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000007fdb9a32e60 6 bytes [48, B8, C9, 18, 30, 5C]
.text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000007fdb9a32e68 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000007fdb9a32e80 6 bytes [48, B8, 89, 1A, 30, 5C]
.text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 000007fdb9a32e88 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fdb9a32ea0 6 bytes [48, B8, 49, AF, 30, 5C]
.text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 000007fdb9a32ea8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fdb9a32f50 6 bytes [48, B8, C9, DC, 30, 5C]
.text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 000007fdb9a32f58 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fdb9a32f80 6 bytes [48, B8, 49, 2A, 30, 5C]
.text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 000007fdb9a32f88 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fdb9a32fa0 6 bytes [48, B8, 49, 31, 30, 5C]
.text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 000007fdb9a32fa8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000007fdb9a33030 6 bytes [48, B8, 89, 2F, 30, 5C]
.text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 000007fdb9a33038 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fdb9a33080 6 bytes [48, B8, 09, E2, 30, 5C]
.text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 000007fdb9a33088 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 000007fdb9a330b0 6 bytes [48, B8, C9, 26, 30, 5C]
.text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 000007fdb9a330b8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fdb9a330c0 6 bytes [48, B8, 49, 23, 30, 5C]
.text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 000007fdb9a330c8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000007fdb9a33130 6 bytes [48, B8, 89, DE, 30, 5C]
.text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000007fdb9a33138 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000007fdb9a331e1 6 bytes [48, B8, 89, E5, 30, 5C]
.text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 000007fdb9a331e9 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fdb9a33641 6 bytes [48, B8, 09, DB, 30, 5C]
.text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 000007fdb9a33649 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 000007fdb9a33691 6 bytes [48, B8, 09, 25, 30, 5C]
.text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 000007fdb9a33699 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fdb9a336f1 6 bytes [48, B8, 89, 21, 30, 5C]
.text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 000007fdb9a336f9 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fdb9a33ae1 6 bytes [48, B8, 09, C6, 30, 5C]
.text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 000007fdb9a33ae9 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 000007fdb9a34041 6 bytes [48, B8, 09, 72, 30, 5C]
.text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 000007fdb9a34049 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fdb9a34251 6 bytes [48, B8, 09, 2C, 30, 5C]
.text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 000007fdb9a34259 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fdb9a34431 6 bytes [48, B8, C9, C7, 30, 5C]
.text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 000007fdb9a34439 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fdb9a34541 6 bytes [48, B8, C9, E3, 30, 5C]
.text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 000007fdb9a34549 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fdb9a34651 6 bytes [48, B8, C9, D5, 30, 5C]
.text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 000007fdb9a34659 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 000007fdb9a55bd1 11 bytes [b8, C9, 5E, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 000007fdb9af3be1 11 bytes [b8, C9, 73, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\system32\KERNEL32.DLL!GetStartupInfoA + 1 000007fdb8a1d9bd 11 bytes [b8, 09, D4, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\system32\KERNEL32.DLL!CreateToolhelp32Snapshot 000007fdb8a24260 12 bytes [48, B8, C9, 34, 30, 5C, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\system32\KERNEL32.DLL!Process32NextW 000007fdb8a24814 12 bytes [48, B8, 89, C2, 30, 5C, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\system32\KERNELBASE.dll!CloseHandle 000007fdb6b91580 12 bytes [48, B8, 09, 48, 30, 5C, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fdb6b928e9 11 bytes [b8, 49, B6, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\system32\KERNELBASE.dll!CreateMutexW + 1 000007fdb6b93411 11 bytes [b8, 49, 46, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fdb6b94541 11 bytes [b8, 09, B8, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\system32\KERNELBASE.dll!CreateProcessInternalW 000007fdb6b9b970 12 bytes [48, B8, 89, 28, 30, 5C, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fdb6baf590 12 bytes [48, B8, 89, B4, 30, 5C, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fdb6baf679 11 bytes [b8, C9, B2, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fdb6bbb6dd 11 bytes [b8, 89, 44, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory + 1 000007fdb6bf5c01 11 bytes [b8, 49, 38, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputW + 1 000007fdb6c2b2ed 11 bytes [b8, C9, 6C, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputA + 1 000007fdb6c2b30d 11 bytes [b8, 09, 6B, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\system32\KERNELBASE.dll!ReadConsoleW 000007fdb6c2bcc0 12 bytes [48, B8, 49, 70, 30, 5C, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\system32\KERNELBASE.dll!ReadConsoleA 000007fdb6c2bd08 12 bytes [48, B8, 89, 6E, 30, 5C, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread 000007fdb6c3720c 12 bytes [48, B8, C9, 1F, 30, 5C, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\system32\KERNELBASE.dll!CreateThread 000007fdb6c37250 12 bytes [48, B8, 89, 36, 30, 5C, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\system32\WS2_32.dll!closesocket 000007fdb8ce1cd0 10 bytes [48, B8, C9, AB, 30, 5C, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\system32\WS2_32.dll!closesocket + 11 000007fdb8ce1cdb 1 byte [C3]
.text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\system32\WS2_32.dll!recv + 1 000007fdb8ce1f41 11 bytes [b8, C9, CE, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\system32\WS2_32.dll!WSASocketW 000007fdb8ce24d0 12 bytes [48, B8, 09, AA, 30, 5C, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\system32\WS2_32.dll!socket + 1 000007fdb8ce2a91 11 bytes [b8, 89, C9, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\system32\WS2_32.dll!send + 1 000007fdb8ce3051 11 bytes [b8, 49, A8, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 000007fdb8ce3930 12 bytes [48, B8, 09, 95, 30, 5C, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\system32\WS2_32.dll!connect 000007fdb8ce4940 12 bytes [48, B8, 09, 5D, 30, 5C, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\system32\WS2_32.dll!gethostbyname 000007fdb8cee910 7 bytes [48, B8, C9, 96, 30, 5C, 00]
.text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\system32\WS2_32.dll!gethostbyname + 9 000007fdb8cee919 3 bytes [00, 50, C3]
.text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\system32\WS2_32.dll!WSASend + 1 000007fdb8cf2e81 11 bytes [b8, 89, AD, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\system32\WS2_32.dll!WSARecv + 1 000007fdb8cf3141 11 bytes [b8, 89, D0, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\system32\WS2_32.dll!WSAConnect + 1 000007fdb8cf76e1 11 bytes [b8, 09, CD, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\advapi32.dll!CreateServiceW 000007fdb73ad138 12 bytes [48, B8, 49, 62, 30, 5C, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\advapi32.dll!CreateServiceA 000007fdb73ad1c0 12 bytes [48, B8, 89, 60, 30, 5C, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\advapi32.dll!ChangeServiceConfigW 000007fdb73ad350 12 bytes [48, B8, 09, 56, 30, 5C, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\advapi32.dll!ChangeServiceConfigA 000007fdb73ad3e8 12 bytes [48, B8, 49, 54, 30, 5C, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\user32.dll!PeekMessageW + 1 000007fdb8b510c1 11 bytes [b8, 49, 69, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\user32.dll!CallNextHookEx + 1 000007fdb8b51881 11 bytes [b8, 89, 75, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\user32.dll!GetMessageW 000007fdb8b51ed0 12 bytes [48, B8, C9, 65, 30, 5C, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\user32.dll!UnhookWindowsHookEx 000007fdb8b52120 6 bytes [48, B8, 49, 77, 30, 5C]
.text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\user32.dll!UnhookWindowsHookEx + 8 000007fdb8b52128 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\user32.dll!PostMessageW + 1 000007fdb8b524a1 11 bytes [b8, 49, D9, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\user32.dll!PeekMessageA + 1 000007fdb8b55571 11 bytes [b8, 89, 67, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\user32.dll!GetMessageA 000007fdb8b55720 12 bytes [48, B8, 09, 64, 30, 5C, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\user32.dll!UserClientDllInitialize + 1 000007fdb8b557b1 11 bytes [b8, C9, EA, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\user32.dll!SetWindowTextW 000007fdb8b57430 12 bytes [48, B8, 89, A6, 30, 5C, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\user32.dll!FindWindowW 000007fdb8b5b160 12 bytes [48, B8, 49, BD, 30, 5C, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\user32.dll!SetWindowsHookExW 000007fdb8b5bee0 12 bytes [48, B8, 09, 1E, 30, 5C, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\user32.dll!CreateWindowExW + 1 000007fdb8b5c5b1 5 bytes [b8, 89, 98, 30, 5C]
.text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\user32.dll!CreateWindowExW + 7 000007fdb8b5c5b7 5 bytes [00, 00, 00, 50, C3]
.text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\user32.dll!PostMessageA + 1 000007fdb8b65061 11 bytes [b8, 89, D7, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\user32.dll!CreateWindowExA + 1 000007fdb8b66261 5 bytes [b8, 49, 9A, 30, 5C]
.text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\user32.dll!CreateWindowExA + 7 000007fdb8b66267 5 bytes [00, 00, 00, 50, C3]
.text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\user32.dll!FindWindowExW 000007fdb8b685c0 12 bytes [48, B8, 09, BF, 30, 5C, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\user32.dll!FindWindowExA + 1 000007fdb8b68aa1 11 bytes [b8, 89, BB, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\user32.dll!CreateDialogIndirectParamAorW + 1 000007fdb8b6da61 11 bytes [b8, C9, 9D, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\user32.dll!DialogBoxIndirectParamAorW + 1 000007fdb8b7b8e1 11 bytes [b8, 89, 9F, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\user32.dll!SetWindowsHookExA + 1 000007fdb8b81851 8 bytes [b8, 49, 1C, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\user32.dll!SetWindowsHookExA + 10 000007fdb8b8185a 2 bytes [50, C3]
.text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\user32.dll!MessageBoxExW + 1 000007fdb8bc02ed 11 bytes [b8, 09, A3, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\user32.dll!MessageBoxExA + 1 000007fdb8bc0311 11 bytes [b8, 49, A1, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[4976] C:\Windows\SYSTEM32\user32.dll!SetWindowTextA + 1 000007fdb8bc8211 11 bytes [b8, C9, A4, 30, 5C, 00, 00, ...]
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 000007fdb9a32c60 6 bytes [48, B8, 49, E0, 30, 5C]
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 000007fdb9a32c68 4 bytes [00, 00, 50, C3]
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000007fdb9a32cd0 6 bytes [48, B8, 49, C4, 30, 5C]
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 000007fdb9a32cd8 4 bytes [00, 00, 50, C3]
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000007fdb9a32da0 6 bytes [48, B8, 09, B1, 30, 5C]
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 000007fdb9a32da8 4 bytes [00, 00, 50, C3]
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fdb9a32e40 6 bytes [48, B8, C9, 2D, 30, 5C]
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 000007fdb9a32e48 4 bytes [00, 00, 50, C3]
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000007fdb9a32e60 6 bytes [48, B8, C9, 18, 30, 5C]
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000007fdb9a32e68 4 bytes [00, 00, 50, C3]
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000007fdb9a32e80 6 bytes [48, B8, 89, 1A, 30, 5C]
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 000007fdb9a32e88 4 bytes [00, 00, 50, C3]
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fdb9a32ea0 6 bytes [48, B8, 49, AF, 30, 5C]
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 000007fdb9a32ea8 4 bytes [00, 00, 50, C3]
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fdb9a32f50 6 bytes [48, B8, C9, DC, 30, 5C]
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 000007fdb9a32f58 4 bytes [00, 00, 50, C3]
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fdb9a32f80 6 bytes [48, B8, 49, 2A, 30, 5C]
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 000007fdb9a32f88 4 bytes [00, 00, 50, C3]
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fdb9a32fa0 6 bytes [48, B8, 49, 31, 30, 5C]
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 000007fdb9a32fa8 4 bytes [00, 00, 50, C3]
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000007fdb9a33030 6 bytes [48, B8, 89, 2F, 30, 5C]
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 000007fdb9a33038 4 bytes [00, 00, 50, C3]
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fdb9a33080 6 bytes [48, B8, 09, E2, 30, 5C]
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 000007fdb9a33088 4 bytes [00, 00, 50, C3]
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 000007fdb9a330b0 6 bytes [48, B8, C9, 26, 30, 5C]
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 000007fdb9a330b8 4 bytes [00, 00, 50, C3]
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fdb9a330c0 6 bytes [48, B8, 49, 23, 30, 5C]
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 000007fdb9a330c8 4 bytes [00, 00, 50, C3]
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000007fdb9a33130 6 bytes [48, B8, 89, DE, 30, 5C]
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000007fdb9a33138 4 bytes [00, 00, 50, C3]
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000007fdb9a331e1 6 bytes [48, B8, 89, E5, 30, 5C]
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 000007fdb9a331e9 4 bytes [00, 00, 50, C3]
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fdb9a33641 6 bytes [48, B8, 09, DB, 30, 5C]
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 000007fdb9a33649 4 bytes [00, 00, 50, C3]
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 000007fdb9a33691 6 bytes [48, B8, 09, 25, 30, 5C]
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 000007fdb9a33699 4 bytes [00, 00, 50, C3]
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fdb9a336f1 6 bytes [48, B8, 89, 21, 30, 5C]
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 000007fdb9a336f9 4 bytes [00, 00, 50, C3]
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fdb9a33ae1 6 bytes [48, B8, 09, C6, 30, 5C]
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 000007fdb9a33ae9 4 bytes [00, 00, 50, C3]
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 000007fdb9a34041 6 bytes [48, B8, 09, 72, 30, 5C]
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 000007fdb9a34049 4 bytes [00, 00, 50, C3]
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fdb9a34251 6 bytes [48, B8, 09, 2C, 30, 5C]
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 000007fdb9a34259 4 bytes [00, 00, 50, C3]
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fdb9a34431 6 bytes [48, B8, C9, C7, 30, 5C]
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 000007fdb9a34439 4 bytes [00, 00, 50, C3]
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fdb9a34541 6 bytes [48, B8, C9, E3, 30, 5C]
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 000007fdb9a34549 4 bytes [00, 00, 50, C3]
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fdb9a34651 6 bytes [48, B8, C9, D5, 30, 5C]
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 000007fdb9a34659 4 bytes [00, 00, 50, C3]
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 000007fdb9a55bd1 11 bytes [b8, C9, 5E, 30, 5C, 00, 00, ...]
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 000007fdb9af3be1 11 bytes [b8, C9, 73, 30, 5C, 00, 00, ...]
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\system32\KERNEL32.dll!GetStartupInfoA + 1 000007fdb8a1d9bd 11 bytes [b8, 09, D4, 30, 5C, 00, 00, ...]
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\system32\KERNEL32.dll!CreateToolhelp32Snapshot 000007fdb8a24260 12 bytes [48, B8, C9, 34, 30, 5C, 00, ...]
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\system32\KERNEL32.dll!Process32NextW 000007fdb8a24814 12 bytes [48, B8, 89, C2, 30, 5C, 00, ...]
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\system32\KERNELBASE.dll!CloseHandle 000007fdb6b91580 12 bytes [48, B8, 09, 48, 30, 5C, 00, ...]
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fdb6b928e9 11 bytes [b8, 49, B6, 30, 5C, 00, 00, ...]
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\system32\KERNELBASE.dll!CreateMutexW + 1 000007fdb6b93411 11 bytes [b8, 49, 46, 30, 5C, 00, 00, ...]
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fdb6b94541 11 bytes [b8, 09, B8, 30, 5C, 00, 00, ...]
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\system32\KERNELBASE.dll!CreateProcessInternalW 000007fdb6b9b970 12 bytes [48, B8, 89, 28, 30, 5C, 00, ...]
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fdb6baf590 12 bytes [48, B8, 89, B4, 30, 5C, 00, ...]
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fdb6baf679 11 bytes [b8, C9, B2, 30, 5C, 00, 00, ...]
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fdb6bbb6dd 11 bytes [b8, 89, 44, 30, 5C, 00, 00, ...]
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory + 1 000007fdb6bf5c01 11 bytes [b8, 49, 38, 30, 5C, 00, 00, ...]
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputW + 1 000007fdb6c2b2ed 11 bytes [b8, C9, 6C, 30, 5C, 00, 00, ...]
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputA + 1 000007fdb6c2b30d 11 bytes [b8, 09, 6B, 30, 5C, 00, 00, ...]
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\system32\KERNELBASE.dll!ReadConsoleW 000007fdb6c2bcc0 12 bytes [48, B8, 49, 70, 30, 5C, 00, ...]
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\system32\KERNELBASE.dll!ReadConsoleA 000007fdb6c2bd08 12 bytes [48, B8, 89, 6E, 30, 5C, 00, ...]
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread 000007fdb6c3720c 12 bytes [48, B8, C9, 1F, 30, 5C, 00, ...]
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\system32\KERNELBASE.dll!CreateThread 000007fdb6c37250 12 bytes [48, B8, 89, 36, 30, 5C, 00, ...]
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fdb73ad138 12 bytes [48, B8, 49, 62, 30, 5C, 00, ...]
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fdb73ad1c0 12 bytes [48, B8, 89, 60, 30, 5C, 00, ...]
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW 000007fdb73ad350 12 bytes [48, B8, 09, 56, 30, 5C, 00, ...]
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007fdb73ad3e8 12 bytes [48, B8, 49, 54, 30, 5C, 00, ...]
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\system32\USER32.dll!PeekMessageW + 1 000007fdb8b510c1 11 bytes [b8, 49, 69, 30, 5C, 00, 00, ...]
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\system32\USER32.dll!CallNextHookEx + 1 000007fdb8b51881 11 bytes [b8, 89, 75, 30, 5C, 00, 00, ...]
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\system32\USER32.dll!GetMessageW 000007fdb8b51ed0 12 bytes [48, B8, C9, 65, 30, 5C, 00, ...]
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx 000007fdb8b52120 6 bytes [48, B8, 49, 77, 30, 5C]
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx + 8 000007fdb8b52128 4 bytes [00, 00, 50, C3]
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\system32\USER32.dll!PostMessageW + 1 000007fdb8b524a1 11 bytes [b8, 49, D9, 30, 5C, 00, 00, ...]
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\system32\USER32.dll!PeekMessageA + 1 000007fdb8b55571 11 bytes [b8, 89, 67, 30, 5C, 00, 00, ...]
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\system32\USER32.dll!GetMessageA 000007fdb8b55720 12 bytes [48, B8, 09, 64, 30, 5C, 00, ...]
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\system32\USER32.dll!UserClientDllInitialize + 1 000007fdb8b557b1 11 bytes [b8, 09, E9, 30, 5C, 00, 00, ...]
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\system32\USER32.dll!SetWindowTextW 000007fdb8b57430 12 bytes [48, B8, 89, A6, 30, 5C, 00, ...]
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\system32\USER32.dll!FindWindowW 000007fdb8b5b160 12 bytes [48, B8, 49, BD, 30, 5C, 00, ...]
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\system32\USER32.dll!SetWindowsHookExW 000007fdb8b5bee0 12 bytes [48, B8, 09, 1E, 30, 5C, 00, ...]
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\system32\USER32.dll!CreateWindowExW + 1 000007fdb8b5c5b1 5 bytes [b8, 89, 98, 30, 5C]
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\system32\USER32.dll!CreateWindowExW + 7 000007fdb8b5c5b7 5 bytes [00, 00, 00, 50, C3]
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\system32\USER32.dll!PostMessageA + 1 000007fdb8b65061 11 bytes [b8, 89, D7, 30, 5C, 00, 00, ...]
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\system32\USER32.dll!CreateWindowExA + 1 000007fdb8b66261 5 bytes [b8, 49, 9A, 30, 5C]
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\system32\USER32.dll!CreateWindowExA + 7 000007fdb8b66267 5 bytes [00, 00, 00, 50, C3]
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\system32\USER32.dll!FindWindowExW 000007fdb8b685c0 12 bytes [48, B8, 09, BF, 30, 5C, 00, ...]
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\system32\USER32.dll!FindWindowExA + 1 000007fdb8b68aa1 11 bytes [b8, 89, BB, 30, 5C, 00, 00, ...]
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\system32\USER32.dll!CreateDialogIndirectParamAorW + 1 000007fdb8b6da61 11 bytes [b8, C9, 9D, 30, 5C, 00, 00, ...]
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\system32\USER32.dll!DialogBoxIndirectParamAorW + 1 000007fdb8b7b8e1 11 bytes [b8, 89, 9F, 30, 5C, 00, 00, ...]
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\system32\USER32.dll!SetWindowsHookExA + 1 000007fdb8b81851 8 bytes [b8, 49, 1C, 30, 5C, 00, 00, ...]
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\system32\USER32.dll!SetWindowsHookExA + 10 000007fdb8b8185a 2 bytes [50, C3]
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\system32\USER32.dll!MessageBoxExW + 1 000007fdb8bc02ed 11 bytes [b8, 09, A3, 30, 5C, 00, 00, ...]
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\system32\USER32.dll!MessageBoxExA + 1 000007fdb8bc0311 11 bytes [b8, 49, A1, 30, 5C, 00, 00, ...]
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\system32\USER32.dll!SetWindowTextA + 1 000007fdb8bc8211 11 bytes [b8, C9, A4, 30, 5C, 00, 00, ...]
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[4184] C:\Windows\system32\shell32.dll!Shell_NotifyIconW + 1 000007fdb75dd181 11 bytes [b8, 09, 79, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 000007fdb9a32c60 6 bytes [48, B8, 09, DB, 30, 5C]
.text C:\Windows\system32\svchost.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 000007fdb9a32c68 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000007fdb9a32cd0 6 bytes [48, B8, 49, C4, 30, 5C]
.text C:\Windows\system32\svchost.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 000007fdb9a32cd8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000007fdb9a32da0 6 bytes [48, B8, 09, B1, 30, 5C]
.text C:\Windows\system32\svchost.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 000007fdb9a32da8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fdb9a32e40 6 bytes [48, B8, C9, 2D, 30, 5C]
.text C:\Windows\system32\svchost.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 000007fdb9a32e48 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000007fdb9a32e60 6 bytes [48, B8, C9, 18, 30, 5C]
.text C:\Windows\system32\svchost.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000007fdb9a32e68 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000007fdb9a32e80 6 bytes [48, B8, 89, 1A, 30, 5C]
.text C:\Windows\system32\svchost.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 000007fdb9a32e88 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fdb9a32ea0 6 bytes [48, B8, 49, AF, 30, 5C]
.text C:\Windows\system32\svchost.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 000007fdb9a32ea8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fdb9a32f50 6 bytes [48, B8, 89, D7, 30, 5C]
.text C:\Windows\system32\svchost.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 000007fdb9a32f58 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fdb9a32f80 6 bytes [48, B8, 49, 2A, 30, 5C]
.text C:\Windows\system32\svchost.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 000007fdb9a32f88 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fdb9a32fa0 6 bytes [48, B8, 49, 31, 30, 5C]
.text C:\Windows\system32\svchost.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 000007fdb9a32fa8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000007fdb9a33030 6 bytes [48, B8, 89, 2F, 30, 5C]
.text C:\Windows\system32\svchost.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 000007fdb9a33038 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fdb9a33080 6 bytes [48, B8, C9, DC, 30, 5C]
.text C:\Windows\system32\svchost.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 000007fdb9a33088 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 000007fdb9a330b0 6 bytes [48, B8, C9, 26, 30, 5C]
.text C:\Windows\system32\svchost.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 000007fdb9a330b8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fdb9a330c0 6 bytes [48, B8, 49, 23, 30, 5C]
.text C:\Windows\system32\svchost.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 000007fdb9a330c8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000007fdb9a33130 6 bytes [48, B8, 49, D9, 30, 5C]
.text C:\Windows\system32\svchost.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000007fdb9a33138 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000007fdb9a331e1 6 bytes [48, B8, 49, E0, 30, 5C]
.text C:\Windows\system32\svchost.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 000007fdb9a331e9 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fdb9a33641 6 bytes [48, B8, C9, D5, 30, 5C]
.text C:\Windows\system32\svchost.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 000007fdb9a33649 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 000007fdb9a33691 6 bytes [48, B8, 09, 25, 30, 5C]
.text C:\Windows\system32\svchost.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 000007fdb9a33699 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fdb9a336f1 6 bytes [48, B8, 89, 21, 30, 5C]
.text C:\Windows\system32\svchost.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 000007fdb9a336f9 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fdb9a33ae1 6 bytes [48, B8, 09, C6, 30, 5C]
.text C:\Windows\system32\svchost.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 000007fdb9a33ae9 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 000007fdb9a34041 6 bytes [48, B8, 09, 72, 30, 5C]
.text C:\Windows\system32\svchost.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 000007fdb9a34049 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fdb9a34251 6 bytes [48, B8, 09, 2C, 30, 5C]
.text C:\Windows\system32\svchost.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 000007fdb9a34259 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fdb9a34431 6 bytes [48, B8, C9, C7, 30, 5C]
.text C:\Windows\system32\svchost.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 000007fdb9a34439 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fdb9a34541 6 bytes [48, B8, 89, DE, 30, 5C]
.text C:\Windows\system32\svchost.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 000007fdb9a34549 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 000007fdb9a55bd1 11 bytes [b8, C9, 5E, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[5348] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 000007fdb9af3be1 11 bytes [b8, C9, 73, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[5348] C:\Windows\system32\KERNEL32.DLL!GetStartupInfoA + 1 000007fdb8a1d9bd 11 bytes [b8, 09, D4, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[5348] C:\Windows\system32\KERNEL32.DLL!CreateToolhelp32Snapshot 000007fdb8a24260 12 bytes [48, B8, C9, 34, 30, 5C, 00, ...]
.text C:\Windows\system32\svchost.exe[5348] C:\Windows\system32\KERNEL32.DLL!Process32NextW 000007fdb8a24814 12 bytes [48, B8, 89, C2, 30, 5C, 00, ...]
.text C:\Windows\system32\svchost.exe[5348] C:\Windows\system32\KERNELBASE.dll!CloseHandle 000007fdb6b91580 12 bytes [48, B8, 09, 48, 30, 5C, 00, ...]
.text C:\Windows\system32\svchost.exe[5348] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fdb6b928e9 11 bytes [b8, 49, B6, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[5348] C:\Windows\system32\KERNELBASE.dll!CreateMutexW + 1 000007fdb6b93411 11 bytes [b8, 49, 46, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[5348] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fdb6b94541 11 bytes [b8, 09, B8, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[5348] C:\Windows\system32\KERNELBASE.dll!CreateProcessInternalW 000007fdb6b9b970 12 bytes [48, B8, 89, 28, 30, 5C, 00, ...]
.text C:\Windows\system32\svchost.exe[5348] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fdb6baf590 12 bytes [48, B8, 89, B4, 30, 5C, 00, ...]
.text C:\Windows\system32\svchost.exe[5348] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fdb6baf679 11 bytes [b8, C9, B2, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[5348] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fdb6bbb6dd 11 bytes [b8, 89, 44, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[5348] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory + 1 000007fdb6bf5c01 11 bytes [b8, 49, 38, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[5348] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputW + 1 000007fdb6c2b2ed 11 bytes [b8, C9, 6C, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[5348] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputA + 1 000007fdb6c2b30d 11 bytes [b8, 09, 6B, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[5348] C:\Windows\system32\KERNELBASE.dll!ReadConsoleW 000007fdb6c2bcc0 12 bytes [48, B8, 49, 70, 30, 5C, 00, ...]
.text C:\Windows\system32\svchost.exe[5348] C:\Windows\system32\KERNELBASE.dll!ReadConsoleA 000007fdb6c2bd08 12 bytes [48, B8, 89, 6E, 30, 5C, 00, ...]
.text C:\Windows\system32\svchost.exe[5348] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread 000007fdb6c3720c 12 bytes [48, B8, C9, 1F, 30, 5C, 00, ...]
.text C:\Windows\system32\svchost.exe[5348] C:\Windows\system32\KERNELBASE.dll!CreateThread 000007fdb6c37250 12 bytes [48, B8, 89, 36, 30, 5C, 00, ...]
.text C:\Windows\system32\svchost.exe[5348] C:\Windows\system32\WS2_32.dll!closesocket 000007fdb8ce1cd0 10 bytes [48, B8, C9, AB, 30, 5C, 00, ...]
.text C:\Windows\system32\svchost.exe[5348] C:\Windows\system32\WS2_32.dll!closesocket + 11 000007fdb8ce1cdb 1 byte [C3]
.text C:\Windows\system32\svchost.exe[5348] C:\Windows\system32\WS2_32.dll!recv + 1 000007fdb8ce1f41 11 bytes [b8, C9, CE, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[5348] C:\Windows\system32\WS2_32.dll!WSASocketW 000007fdb8ce24d0 12 bytes [48, B8, 09, AA, 30, 5C, 00, ...]
.text C:\Windows\system32\svchost.exe[5348] C:\Windows\system32\WS2_32.dll!socket + 1 000007fdb8ce2a91 11 bytes [b8, 89, C9, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[5348] C:\Windows\system32\WS2_32.dll!send + 1 000007fdb8ce3051 11 bytes [b8, 49, A8, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[5348] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 000007fdb8ce3930 12 bytes [48, B8, 09, 95, 30, 5C, 00, ...]
.text C:\Windows\system32\svchost.exe[5348] C:\Windows\system32\WS2_32.dll!connect 000007fdb8ce4940 12 bytes [48, B8, 09, 5D, 30, 5C, 00, ...]
.text C:\Windows\system32\svchost.exe[5348] C:\Windows\system32\WS2_32.dll!gethostbyname 000007fdb8cee910 7 bytes [48, B8, C9, 96, 30, 5C, 00]
.text C:\Windows\system32\svchost.exe[5348] C:\Windows\system32\WS2_32.dll!gethostbyname + 9 000007fdb8cee919 3 bytes [00, 50, C3]
.text C:\Windows\system32\svchost.exe[5348] C:\Windows\system32\WS2_32.dll!WSASend + 1 000007fdb8cf2e81 11 bytes [b8, 89, AD, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[5348] C:\Windows\system32\WS2_32.dll!WSARecv + 1 000007fdb8cf3141 11 bytes [b8, 89, D0, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[5348] C:\Windows\system32\WS2_32.dll!WSAConnect + 1 000007fdb8cf76e1 11 bytes [b8, 09, CD, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\taskhost.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 000007fdb9a32c60 6 bytes [48, B8, 49, E0, 30, 5C]
.text C:\Windows\system32\taskhost.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 000007fdb9a32c68 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskhost.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000007fdb9a32cd0 6 bytes [48, B8, 49, C4, 30, 5C]
.text C:\Windows\system32\taskhost.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 000007fdb9a32cd8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskhost.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000007fdb9a32da0 6 bytes [48, B8, 09, B1, 30, 5C]
.text C:\Windows\system32\taskhost.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 000007fdb9a32da8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskhost.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fdb9a32e40 6 bytes [48, B8, C9, 2D, 30, 5C]
.text C:\Windows\system32\taskhost.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 000007fdb9a32e48 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskhost.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000007fdb9a32e60 6 bytes [48, B8, C9, 18, 30, 5C]
.text C:\Windows\system32\taskhost.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000007fdb9a32e68 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskhost.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000007fdb9a32e80 6 bytes [48, B8, 89, 1A, 30, 5C]
.text C:\Windows\system32\taskhost.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 000007fdb9a32e88 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskhost.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fdb9a32ea0 6 bytes [48, B8, 49, AF, 30, 5C]
.text C:\Windows\system32\taskhost.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 000007fdb9a32ea8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskhost.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fdb9a32f50 6 bytes [48, B8, C9, DC, 30, 5C]
.text C:\Windows\system32\taskhost.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 000007fdb9a32f58 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskhost.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fdb9a32f80 6 bytes [48, B8, 49, 2A, 30, 5C]
.text C:\Windows\system32\taskhost.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 000007fdb9a32f88 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskhost.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fdb9a32fa0 6 bytes [48, B8, 49, 31, 30, 5C]
.text C:\Windows\system32\taskhost.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 000007fdb9a32fa8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskhost.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000007fdb9a33030 6 bytes [48, B8, 89, 2F, 30, 5C]
.text C:\Windows\system32\taskhost.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 000007fdb9a33038 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskhost.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fdb9a33080 6 bytes [48, B8, 09, E2, 30, 5C]
.text C:\Windows\system32\taskhost.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 000007fdb9a33088 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskhost.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 000007fdb9a330b0 6 bytes [48, B8, C9, 26, 30, 5C]
.text C:\Windows\system32\taskhost.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 000007fdb9a330b8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskhost.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fdb9a330c0 6 bytes [48, B8, 49, 23, 30, 5C]
.text C:\Windows\system32\taskhost.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 000007fdb9a330c8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskhost.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000007fdb9a33130 6 bytes [48, B8, 89, DE, 30, 5C]
.text C:\Windows\system32\taskhost.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000007fdb9a33138 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskhost.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000007fdb9a331e1 6 bytes [48, B8, 89, E5, 30, 5C]
.text C:\Windows\system32\taskhost.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 000007fdb9a331e9 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskhost.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fdb9a33641 6 bytes [48, B8, 09, DB, 30, 5C]
.text C:\Windows\system32\taskhost.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 000007fdb9a33649 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskhost.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 000007fdb9a33691 6 bytes [48, B8, 09, 25, 30, 5C]
.text C:\Windows\system32\taskhost.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 000007fdb9a33699 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskhost.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fdb9a336f1 6 bytes [48, B8, 89, 21, 30, 5C]
.text C:\Windows\system32\taskhost.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 000007fdb9a336f9 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskhost.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fdb9a33ae1 6 bytes [48, B8, 09, C6, 30, 5C]
.text C:\Windows\system32\taskhost.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 000007fdb9a33ae9 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskhost.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 000007fdb9a34041 6 bytes [48, B8, 09, 72, 30, 5C]
.text C:\Windows\system32\taskhost.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 000007fdb9a34049 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskhost.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fdb9a34251 6 bytes [48, B8, 09, 2C, 30, 5C]
.text C:\Windows\system32\taskhost.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 000007fdb9a34259 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskhost.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fdb9a34431 6 bytes [48, B8, C9, C7, 30, 5C]
.text C:\Windows\system32\taskhost.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 000007fdb9a34439 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskhost.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fdb9a34541 6 bytes [48, B8, C9, E3, 30, 5C]
.text C:\Windows\system32\taskhost.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 000007fdb9a34549 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskhost.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fdb9a34651 6 bytes [48, B8, C9, D5, 30, 5C]
.text C:\Windows\system32\taskhost.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 000007fdb9a34659 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskhost.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 000007fdb9a55bd1 11 bytes [b8, C9, 5E, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\taskhost.exe[4776] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 000007fdb9af3be1 11 bytes [b8, C9, 73, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\taskhost.exe[4776] C:\Windows\system32\KERNEL32.DLL!GetStartupInfoA + 1 000007fdb8a1d9bd 11 bytes [b8, 09, D4, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\taskhost.exe[4776] C:\Windows\system32\KERNEL32.DLL!CreateToolhelp32Snapshot 000007fdb8a24260 12 bytes [48, B8, C9, 34, 30, 5C, 00, ...]
.text C:\Windows\system32\taskhost.exe[4776] C:\Windows\system32\KERNEL32.DLL!Process32NextW 000007fdb8a24814 12 bytes [48, B8, 89, C2, 30, 5C, 00, ...]
.text C:\Windows\system32\taskhost.exe[4776] C:\Windows\system32\KERNELBASE.dll!CloseHandle 000007fdb6b91580 12 bytes [48, B8, 09, 48, 30, 5C, 00, ...]
.text C:\Windows\system32\taskhost.exe[4776] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fdb6b928e9 11 bytes [b8, 49, B6, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\taskhost.exe[4776] C:\Windows\system32\KERNELBASE.dll!CreateMutexW + 1 000007fdb6b93411 11 bytes [b8, 49, 46, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\taskhost.exe[4776] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fdb6b94541 11 bytes [b8, 09, B8, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\taskhost.exe[4776] C:\Windows\system32\KERNELBASE.dll!CreateProcessInternalW 000007fdb6b9b970 12 bytes [48, B8, 89, 28, 30, 5C, 00, ...]
.text C:\Windows\system32\taskhost.exe[4776] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fdb6baf590 12 bytes [48, B8, 89, B4, 30, 5C, 00, ...]
.text C:\Windows\system32\taskhost.exe[4776] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fdb6baf679 11 bytes [b8, C9, B2, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\taskhost.exe[4776] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fdb6bbb6dd 11 bytes [b8, 89, 44, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\taskhost.exe[4776] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory + 1 000007fdb6bf5c01 11 bytes [b8, 49, 38, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\taskhost.exe[4776] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputW + 1 000007fdb6c2b2ed 11 bytes [b8, C9, 6C, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\taskhost.exe[4776] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputA + 1 000007fdb6c2b30d 11 bytes [b8, 09, 6B, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\taskhost.exe[4776] C:\Windows\system32\KERNELBASE.dll!ReadConsoleW 000007fdb6c2bcc0 12 bytes [48, B8, 49, 70, 30, 5C, 00, ...]
.text C:\Windows\system32\taskhost.exe[4776] C:\Windows\system32\KERNELBASE.dll!ReadConsoleA 000007fdb6c2bd08 12 bytes [48, B8, 89, 6E, 30, 5C, 00, ...]
.text C:\Windows\system32\taskhost.exe[4776] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread 000007fdb6c3720c 12 bytes [48, B8, C9, 1F, 30, 5C, 00, ...]
.text C:\Windows\system32\taskhost.exe[4776] C:\Windows\system32\KERNELBASE.dll!CreateThread 000007fdb6c37250 12 bytes [48, B8, 89, 36, 30, 5C, 00, ...]
.text C:\Windows\system32\taskhost.exe[4776] C:\Windows\SYSTEM32\user32.dll!PeekMessageW + 1 000007fdb8b510c1 11 bytes [b8, 49, 69, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\taskhost.exe[4776] C:\Windows\SYSTEM32\user32.dll!CallNextHookEx + 1 000007fdb8b51881 11 bytes [b8, 89, 75, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\taskhost.exe[4776] C:\Windows\SYSTEM32\user32.dll!GetMessageW 000007fdb8b51ed0 12 bytes [48, B8, C9, 65, 30, 5C, 00, ...]
.text C:\Windows\system32\taskhost.exe[4776] C:\Windows\SYSTEM32\user32.dll!UnhookWindowsHookEx 000007fdb8b52120 6 bytes [48, B8, 49, 77, 30, 5C]
.text C:\Windows\system32\taskhost.exe[4776] C:\Windows\SYSTEM32\user32.dll!UnhookWindowsHookEx + 8 000007fdb8b52128 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskhost.exe[4776] C:\Windows\SYSTEM32\user32.dll!PostMessageW + 1 000007fdb8b524a1 11 bytes [b8, 49, D9, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\taskhost.exe[4776] C:\Windows\SYSTEM32\user32.dll!PeekMessageA + 1 000007fdb8b55571 11 bytes [b8, 89, 67, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\taskhost.exe[4776] C:\Windows\SYSTEM32\user32.dll!GetMessageA 000007fdb8b55720 12 bytes [48, B8, 09, 64, 30, 5C, 00, ...]
.text C:\Windows\system32\taskhost.exe[4776] C:\Windows\SYSTEM32\user32.dll!UserClientDllInitialize + 1 000007fdb8b557b1 11 bytes [b8, 49, E7, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\taskhost.exe[4776] C:\Windows\SYSTEM32\user32.dll!SetWindowTextW 000007fdb8b57430 12 bytes [48, B8, 89, A6, 30, 5C, 00, ...]
.text C:\Windows\system32\taskhost.exe[4776] C:\Windows\SYSTEM32\user32.dll!FindWindowW 000007fdb8b5b160 12 bytes [48, B8, 49, BD, 30, 5C, 00, ...]
.text C:\Windows\system32\taskhost.exe[4776] C:\Windows\SYSTEM32\user32.dll!SetWindowsHookExW 000007fdb8b5bee0 12 bytes [48, B8, 09, 1E, 30, 5C, 00, ...]
.text C:\Windows\system32\taskhost.exe[4776] C:\Windows\SYSTEM32\user32.dll!CreateWindowExW + 1 000007fdb8b5c5b1 5 bytes [b8, 89, 98, 30, 5C]
.text C:\Windows\system32\taskhost.exe[4776] C:\Windows\SYSTEM32\user32.dll!CreateWindowExW + 7 000007fdb8b5c5b7 5 bytes [00, 00, 00, 50, C3]
.text C:\Windows\system32\taskhost.exe[4776] C:\Windows\SYSTEM32\user32.dll!PostMessageA + 1 000007fdb8b65061 11 bytes [b8, 89, D7, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\taskhost.exe[4776] C:\Windows\SYSTEM32\user32.dll!CreateWindowExA + 1 000007fdb8b66261 5 bytes [b8, 49, 9A, 30, 5C]
.text C:\Windows\system32\taskhost.exe[4776] C:\Windows\SYSTEM32\user32.dll!CreateWindowExA + 7 000007fdb8b66267 5 bytes [00, 00, 00, 50, C3]
.text C:\Windows\system32\taskhost.exe[4776] C:\Windows\SYSTEM32\user32.dll!FindWindowExW 000007fdb8b685c0 12 bytes [48, B8, 09, BF, 30, 5C, 00, ...]
.text C:\Windows\system32\taskhost.exe[4776] C:\Windows\SYSTEM32\user32.dll!FindWindowExA + 1 000007fdb8b68aa1 11 bytes [b8, 89, BB, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\taskhost.exe[4776] C:\Windows\SYSTEM32\user32.dll!CreateDialogIndirectParamAorW + 1 000007fdb8b6da61 11 bytes [b8, C9, 9D, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\taskhost.exe[4776] C:\Windows\SYSTEM32\user32.dll!DialogBoxIndirectParamAorW + 1 000007fdb8b7b8e1 11 bytes [b8, 89, 9F, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\taskhost.exe[4776] C:\Windows\SYSTEM32\user32.dll!SetWindowsHookExA + 1 000007fdb8b81851 8 bytes [b8, 49, 1C, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\taskhost.exe[4776] C:\Windows\SYSTEM32\user32.dll!SetWindowsHookExA + 10 000007fdb8b8185a 2 bytes [50, C3]
.text C:\Windows\system32\taskhost.exe[4776] C:\Windows\SYSTEM32\user32.dll!MessageBoxExW + 1 000007fdb8bc02ed 11 bytes [b8, 09, A3, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\taskhost.exe[4776] C:\Windows\SYSTEM32\user32.dll!MessageBoxExA + 1 000007fdb8bc0311 11 bytes [b8, 49, A1, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\taskhost.exe[4776] C:\Windows\SYSTEM32\user32.dll!SetWindowTextA + 1 000007fdb8bc8211 11 bytes [b8, C9, A4, 30, 5C, 00, 00, ...]
.text C:\Windows\system32\taskhost.exe[4776] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fdb73ad138 12 bytes [48, B8, 49, 62, 30, 5C, 00, ...]
.text C:\Windows\system32\taskhost.exe[4776] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fdb73ad1c0 12 bytes [48, B8, 89, 60, 30, 5C, 00, ...]
.text C:\Windows\system32\taskhost.exe[4776] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW 000007fdb73ad350 12 bytes [48, B8, 09, 56, 30, 5C, 00, ...]
.text C:\Windows\system32\taskhost.exe[4776] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007fdb73ad3e8 12 bytes [48, B8, 49, 54, 30, 5C, 00, ...]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 000007fdb9a32c60 6 bytes [48, B8, 49, E0, 30, 5C]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 000007fdb9a32c68 4 bytes [00, 00, 50, C3]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000007fdb9a32cd0 6 bytes [48, B8, 49, C4, 30, 5C]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 000007fdb9a32cd8 4 bytes [00, 00, 50, C3]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000007fdb9a32da0 6 bytes [48, B8, 09, B1, 30, 5C]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 000007fdb9a32da8 4 bytes [00, 00, 50, C3]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fdb9a32e40 6 bytes [48, B8, C9, 2D, 30, 5C]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 000007fdb9a32e48 4 bytes [00, 00, 50, C3]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000007fdb9a32e60 6 bytes [48, B8, C9, 18, 30, 5C]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000007fdb9a32e68 4 bytes [00, 00, 50, C3]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000007fdb9a32e80 6 bytes [48, B8, 89, 1A, 30, 5C]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 000007fdb9a32e88 4 bytes [00, 00, 50, C3]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fdb9a32ea0 6 bytes [48, B8, 49, AF, 30, 5C]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 000007fdb9a32ea8 4 bytes [00, 00, 50, C3]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fdb9a32f50 6 bytes [48, B8, C9, DC, 30, 5C]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 000007fdb9a32f58 4 bytes [00, 00, 50, C3]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fdb9a32f80 6 bytes [48, B8, 49, 2A, 30, 5C]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 000007fdb9a32f88 4 bytes [00, 00, 50, C3]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fdb9a32fa0 6 bytes [48, B8, 49, 31, 30, 5C]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 000007fdb9a32fa8 4 bytes [00, 00, 50, C3]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000007fdb9a33030 6 bytes [48, B8, 89, 2F, 30, 5C]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 000007fdb9a33038 4 bytes [00, 00, 50, C3]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fdb9a33080 6 bytes [48, B8, 09, E2, 30, 5C]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 000007fdb9a33088 4 bytes [00, 00, 50, C3]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 000007fdb9a330b0 6 bytes [48, B8, C9, 26, 30, 5C]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 000007fdb9a330b8 4 bytes [00, 00, 50, C3]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fdb9a330c0 6 bytes [48, B8, 49, 23, 30, 5C]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 000007fdb9a330c8 4 bytes [00, 00, 50, C3]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000007fdb9a33130 6 bytes [48, B8, 89, DE, 30, 5C]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000007fdb9a33138 4 bytes [00, 00, 50, C3]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000007fdb9a331e1 6 bytes [48, B8, 89, E5, 30, 5C]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 000007fdb9a331e9 4 bytes [00, 00, 50, C3]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fdb9a33641 6 bytes [48, B8, 09, DB, 30, 5C]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 000007fdb9a33649 4 bytes [00, 00, 50, C3]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 000007fdb9a33691 6 bytes [48, B8, 09, 25, 30, 5C]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 000007fdb9a33699 4 bytes [00, 00, 50, C3]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fdb9a336f1 6 bytes [48, B8, 89, 21, 30, 5C]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 000007fdb9a336f9 4 bytes [00, 00, 50, C3]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fdb9a33ae1 6 bytes [48, B8, 09, C6, 30, 5C]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 000007fdb9a33ae9 4 bytes [00, 00, 50, C3]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 000007fdb9a34041 6 bytes [48, B8, 09, 72, 30, 5C]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 000007fdb9a34049 4 bytes [00, 00, 50, C3]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fdb9a34251 6 bytes [48, B8, 09, 2C, 30, 5C]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 000007fdb9a34259 4 bytes [00, 00, 50, C3]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fdb9a34431 6 bytes [48, B8, C9, C7, 30, 5C]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 000007fdb9a34439 4 bytes [00, 00, 50, C3]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fdb9a34541 6 bytes [48, B8, C9, E3, 30, 5C]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 000007fdb9a34549 4 bytes [00, 00, 50, C3]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fdb9a34651 6 bytes [48, B8, C9, D5, 30, 5C]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 000007fdb9a34659 4 bytes [00, 00, 50, C3]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 000007fdb9a55bd1 11 bytes [b8, C9, 5E, 30, 5C, 00, 00, ...]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 000007fdb9af3be1 11 bytes [b8, C9, 73, 30, 5C, 00, 00, ...]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\system32\KERNEL32.dll!GetStartupInfoA + 1 000007fdb8a1d9bd 11 bytes [b8, 09, D4, 30, 5C, 00, 00, ...]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\system32\KERNEL32.dll!CreateToolhelp32Snapshot 000007fdb8a24260 12 bytes [48, B8, C9, 34, 30, 5C, 00, ...]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\system32\KERNEL32.dll!Process32NextW 000007fdb8a24814 12 bytes [48, B8, 89, C2, 30, 5C, 00, ...]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\system32\KERNELBASE.dll!CloseHandle 000007fdb6b91580 12 bytes [48, B8, 09, 48, 30, 5C, 00, ...]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fdb6b928e9 11 bytes [b8, 49, B6, 30, 5C, 00, 00, ...]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\system32\KERNELBASE.dll!CreateMutexW + 1 000007fdb6b93411 11 bytes [b8, 49, 46, 30, 5C, 00, 00, ...]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fdb6b94541 11 bytes [b8, 09, B8, 30, 5C, 00, 00, ...]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\system32\KERNELBASE.dll!CreateProcessInternalW 000007fdb6b9b970 12 bytes [48, B8, 89, 28, 30, 5C, 00, ...]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fdb6baf590 12 bytes [48, B8, 89, B4, 30, 5C, 00, ...]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fdb6baf679 11 bytes [b8, C9, B2, 30, 5C, 00, 00, ...]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fdb6bbb6dd 11 bytes [b8, 89, 44, 30, 5C, 00, 00, ...]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory + 1 000007fdb6bf5c01 11 bytes [b8, 49, 38, 30, 5C, 00, 00, ...]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputW + 1 000007fdb6c2b2ed 11 bytes [b8, C9, 6C, 30, 5C, 00, 00, ...]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputA + 1 000007fdb6c2b30d 11 bytes [b8, 09, 6B, 30, 5C, 00, 00, ...]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\system32\KERNELBASE.dll!ReadConsoleW 000007fdb6c2bcc0 12 bytes [48, B8, 49, 70, 30, 5C, 00, ...]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\system32\KERNELBASE.dll!ReadConsoleA 000007fdb6c2bd08 12 bytes [48, B8, 89, 6E, 30, 5C, 00, ...]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread 000007fdb6c3720c 12 bytes [48, B8, C9, 1F, 30, 5C, 00, ...]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\system32\KERNELBASE.dll!CreateThread 000007fdb6c37250 12 bytes [48, B8, 89, 36, 30, 5C, 00, ...]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fdb73ad138 12 bytes [48, B8, 49, 62, 30, 5C, 00, ...]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fdb73ad1c0 12 bytes [48, B8, 89, 60, 30, 5C, 00, ...]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW 000007fdb73ad350 12 bytes [48, B8, 09, 56, 30, 5C, 00, ...]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007fdb73ad3e8 12 bytes [48, B8, 49, 54, 30, 5C, 00, ...]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\system32\USER32.dll!PeekMessageW + 1 000007fdb8b510c1 11 bytes [b8, 49, 69, 30, 5C, 00, 00, ...]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\system32\USER32.dll!CallNextHookEx + 1 000007fdb8b51881 11 bytes [b8, 89, 75, 30, 5C, 00, 00, ...]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\system32\USER32.dll!GetMessageW 000007fdb8b51ed0 12 bytes [48, B8, C9, 65, 30, 5C, 00, ...]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx 000007fdb8b52120 6 bytes [48, B8, 49, 77, 30, 5C]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx + 8 000007fdb8b52128 4 bytes [00, 00, 50, C3]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\system32\USER32.dll!PostMessageW + 1 000007fdb8b524a1 11 bytes [b8, 49, D9, 30, 5C, 00, 00, ...]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\system32\USER32.dll!PeekMessageA + 1 000007fdb8b55571 11 bytes [b8, 89, 67, 30, 5C, 00, 00, ...]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\system32\USER32.dll!GetMessageA 000007fdb8b55720 12 bytes [48, B8, 09, 64, 30, 5C, 00, ...]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\system32\USER32.dll!UserClientDllInitialize + 1 000007fdb8b557b1 11 bytes [b8, 09, E9, 30, 5C, 00, 00, ...]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\system32\USER32.dll!SetWindowTextW 000007fdb8b57430 12 bytes [48, B8, 89, A6, 30, 5C, 00, ...]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\system32\USER32.dll!FindWindowW 000007fdb8b5b160 12 bytes [48, B8, 49, BD, 30, 5C, 00, ...]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\system32\USER32.dll!SetWindowsHookExW 000007fdb8b5bee0 12 bytes [48, B8, 09, 1E, 30, 5C, 00, ...]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\system32\USER32.dll!CreateWindowExW + 1 000007fdb8b5c5b1 5 bytes [b8, 89, 98, 30, 5C]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\system32\USER32.dll!CreateWindowExW + 7 000007fdb8b5c5b7 5 bytes [00, 00, 00, 50, C3]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\system32\USER32.dll!PostMessageA + 1 000007fdb8b65061 11 bytes [b8, 89, D7, 30, 5C, 00, 00, ...]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\system32\USER32.dll!CreateWindowExA + 1 000007fdb8b66261 5 bytes [b8, 49, 9A, 30, 5C]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\system32\USER32.dll!CreateWindowExA + 7 000007fdb8b66267 5 bytes [00, 00, 00, 50, C3]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\system32\USER32.dll!FindWindowExW 000007fdb8b685c0 12 bytes [48, B8, 09, BF, 30, 5C, 00, ...]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\system32\USER32.dll!FindWindowExA + 1 000007fdb8b68aa1 11 bytes [b8, 89, BB, 30, 5C, 00, 00, ...]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\system32\USER32.dll!CreateDialogIndirectParamAorW + 1 000007fdb8b6da61 11 bytes [b8, C9, 9D, 30, 5C, 00, 00, ...]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\system32\USER32.dll!DialogBoxIndirectParamAorW + 1 000007fdb8b7b8e1 11 bytes [b8, 89, 9F, 30, 5C, 00, 00, ...]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\system32\USER32.dll!SetWindowsHookExA + 1 000007fdb8b81851 8 bytes [b8, 49, 1C, 30, 5C, 00, 00, ...]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\system32\USER32.dll!SetWindowsHookExA + 10 000007fdb8b8185a 2 bytes [50, C3]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\system32\USER32.dll!MessageBoxExW + 1 000007fdb8bc02ed 11 bytes [b8, 09, A3, 30, 5C, 00, 00, ...]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\system32\USER32.dll!MessageBoxExA + 1 000007fdb8bc0311 11 bytes [b8, 49, A1, 30, 5C, 00, 00, ...]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\system32\USER32.dll!SetWindowTextA + 1 000007fdb8bc8211 11 bytes [b8, C9, A4, 30, 5C, 00, 00, ...]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[1992] C:\Windows\system32\shell32.dll!Shell_NotifyIconW + 1 000007fdb75dd181 11 bytes [b8, 09, 79, 30, 5C, 00, 00, ...]
.text F:\PC-SOFT\Serveur HyperFileSQL\Manta64.exe[5980] C:\Windows\SYSTEM32\ntdll.dll!NtReadFile 000007fdb9a32c40 6 bytes [48, B8, 89, C9, BA, 5A]
.text F:\PC-SOFT\Serveur HyperFileSQL\Manta64.exe[5980] C:\Windows\SYSTEM32\ntdll.dll!NtReadFile + 8 000007fdb9a32c48 4 bytes [00, 00, 50, C3]
.text F:\PC-SOFT\Serveur HyperFileSQL\Manta64.exe[5980] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 000007fdb9a32c60 6 bytes [48, B8, 09, E2, BA, 5A]
.text F:\PC-SOFT\Serveur HyperFileSQL\Manta64.exe[5980] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 000007fdb9a32c68 4 bytes [00, 00, 50, C3]
.text F:\PC-SOFT\Serveur HyperFileSQL\Manta64.exe[5980] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000007fdb9a32cd0 6 bytes [48, B8, 49, C4, BA, 5A]
.text F:\PC-SOFT\Serveur HyperFileSQL\Manta64.exe[5980] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 000007fdb9a32cd8 4 bytes [00, 00, 50, C3]
.text F:\PC-SOFT\Serveur HyperFileSQL\Manta64.exe[5980] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000007fdb9a32da0 6 bytes [48, B8, 09, B1, BA, 5A]
.text F:\PC-SOFT\Serveur HyperFileSQL\Manta64.exe[5980] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 000007fdb9a32da8 4 bytes [00, 00, 50, C3]
.text F:\PC-SOFT\Serveur HyperFileSQL\Manta64.exe[5980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fdb9a32e40 6 bytes [48, B8, C9, 2D, BA, 5A]
.text F:\PC-SOFT\Serveur HyperFileSQL\Manta64.exe[5980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 000007fdb9a32e48 4 bytes [00, 00, 50, C3]
.text F:\PC-SOFT\Serveur HyperFileSQL\Manta64.exe[5980] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000007fdb9a32e60 6 bytes [48, B8, C9, 18, BA, 5A]
.text F:\PC-SOFT\Serveur HyperFileSQL\Manta64.exe[5980] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000007fdb9a32e68 4 bytes [00, 00, 50, C3]
.text F:\PC-SOFT\Serveur HyperFileSQL\Manta64.exe[5980] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000007fdb9a32e80 6 bytes [48, B8, 89, 1A, BA, 5A]
.text F:\PC-SOFT\Serveur HyperFileSQL\Manta64.exe[5980] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 000007fdb9a32e88 4 bytes [00, 00, 50, C3]
.text F:\PC-SOFT\Serveur HyperFileSQL\Manta64.exe[5980] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fdb9a32ea0 6 bytes [48, B8, 49, AF, BA, 5A]
.text F:\PC-SOFT\Serveur HyperFileSQL\Manta64.exe[5980] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 000007fdb9a32ea8 4 bytes [00, 00, 50, C3]
.text F:\PC-SOFT\Serveur HyperFileSQL\Manta64.exe[5980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fdb9a32f50 6 bytes [48, B8, 89, DE, BA, 5A]
.text F:\PC-SOFT\Serveur HyperFileSQL\Manta64.exe[5980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 000007fdb9a32f58 4 bytes [00, 00, 50, C3]
.text F:\PC-SOFT\Serveur HyperFileSQL\Manta64.exe[5980] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fdb9a32f80 6 bytes [48, B8, 49, 2A, BA, 5A]
.text F:\PC-SOFT\Serveur HyperFileSQL\Manta64.exe[5980] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 000007fdb9a32f88 4 bytes [00, 00, 50, C3]
.text F:\PC-SOFT\Serveur HyperFileSQL\Manta64.exe[5980] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fdb9a32fa0 6 bytes [48, B8, 49, 31, BA, 5A]
.text F:\PC-SOFT\Serveur HyperFileSQL\Manta64.exe[5980] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 000007fdb9a32fa8 4 bytes [00, 00, 50, C3]
.text F:\PC-SOFT\Serveur HyperFileSQL\Manta64.exe[5980] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000007fdb9a33030 6 bytes [48, B8, 89, 2F, BA, 5A]
.text F:\PC-SOFT\Serveur HyperFileSQL\Manta64.exe[5980] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 000007fdb9a33038 4 bytes [00, 00, 50, C3]
.text F:\PC-SOFT\Serveur HyperFileSQL\Manta64.exe[5980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fdb9a33080 6 bytes [48, B8, C9, E3, BA, 5A]
.text F:\PC-SOFT\Serveur HyperFileSQL\Manta64.exe[5980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 000007fdb9a33088 4 bytes [00, 00, 50, C3]
.text F:\PC-SOFT\Serveur HyperFileSQL\Manta64.exe[5980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 000007fdb9a330b0 6 bytes [48, B8, C9, 26, BA, 5A]
.text F:\PC-SOFT\Serveur HyperFileSQL\Manta64.exe[5980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 000007fdb9a330b8 4 bytes [00, 00, 50, C3]
.text F:\PC-SOFT\Serveur HyperFileSQL\Manta64.exe[5980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fdb9a330c0 6 bytes [48, B8, 49, 23, BA, 5A]
.text F:\PC-SOFT\Serveur HyperFileSQL\Manta64.exe[5980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 000007fdb9a330c8 4 bytes [00, 00, 50, C3]
.text F:\PC-SOFT\Serveur HyperFileSQL\Manta64.exe[5980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000007fdb9a33130 6 bytes [48, B8, 49, E0, BA, 5A]
.text F:\PC-SOFT\Serveur HyperFileSQL\Manta64.exe[5980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000007fdb9a33138 4 bytes [00, 00, 50, C3]
.text F:\PC-SOFT\Serveur HyperFileSQL\Manta64.exe[5980] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000007fdb9a331e1 6 bytes [48, B8, 49, E7, BA, 5A]
.text F:\PC-SOFT\Serveur HyperFileSQL\Manta64.exe[5980] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 000007fdb9a331e9 4 bytes [00, 00, 50, C3]
.text F:\PC-SOFT\Serveur HyperFileSQL\Manta64.exe[5980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fdb9a33641 6 bytes [48, B8, C9, DC, BA, 5A]
.text F:\PC-SOFT\Serveur HyperFileSQL\Manta64.exe[5980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 000007fdb9a33649 4 bytes [00, 00, 50, C3]
.text F:\PC-SOFT\Serveur HyperFileSQL\Manta64.exe[5980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 000007fdb9a33691 6 bytes [48, B8, 09, 25, BA, 5A]
.text F:\PC-SOFT\Serveur HyperFileSQL\Manta64.exe[5980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 000007fdb9a33699 4 bytes [00, 00, 50, C3]
.text F:\PC-SOFT\Serveur HyperFileSQL\Manta64.exe[5980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fdb9a336f1 6 bytes [48, B8, 89, 21, BA, 5A]
.text F:\PC-SOFT\Serveur HyperFileSQL\Manta64.exe[5980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 000007fdb9a336f9 4 bytes [00, 00, 50, C3]
.text F:\PC-SOFT\Serveur HyperFileSQL\Manta64.exe[5980] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fdb9a33ae1 6 bytes [48, B8, 09, C6, BA, 5A]
.text F:\PC-SOFT\Serveur HyperFileSQL\Manta64.exe[5980] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 000007fdb9a33ae9 4 bytes [00, 00, 50, C3]
.text F:\PC-SOFT\Serveur HyperFileSQL\Manta64.exe[5980] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 000007fdb9a34041 6 bytes [48, B8, 09, 72, BA, 5A]
.text F:\PC-SOFT\Serveur HyperFileSQL\Manta64.exe[5980] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 000007fdb9a34049 4 bytes [00, 00, 50, C3]
.text F:\PC-SOFT\Serveur HyperFileSQL\Manta64.exe[5980] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fdb9a34251 6 bytes [48, B8, 09, 2C, BA, 5A]
.text F:\PC-SOFT\Serveur HyperFileSQL\Manta64.exe[5980] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 000007fdb9a34259 4 bytes [00, 00, 50, C3]
.text F:\PC-SOFT\Serveur HyperFileSQL\Manta64.exe[5980] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fdb9a34431 6 bytes [48, B8, C9, C7, BA, 5A]
.text F:\PC-SOFT\Serveur HyperFileSQL\Manta64.exe[5980] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 000007fdb9a34439 4 bytes [00, 00, 50, C3]
.text F:\PC-SOFT\Serveur HyperFileSQL\Manta64.exe[5980] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fdb9a34541 6 bytes [48, B8, 89, E5, BA, 5A]
.text F:\PC-SOFT\Serveur HyperFileSQL\Manta64.exe[5980] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 000007fdb9a34549 4 bytes [00, 00, 50, C3]
.text F:\PC-SOFT\Serveur HyperFileSQL\Manta64.exe[5980] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fdb9a34651 6 bytes [48, B8, 89, D7, BA, 5A]
.text F:\PC-SOFT\Serveur HyperFileSQL\Manta64.exe[5980] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 000007fdb9a34659 4 bytes [00, 00, 50, C3]
.text F:\PC-SOFT\Serveur HyperFileSQL\Manta64.exe[5980] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 000007fdb9a55bd1 11 bytes [b8, C9, 5E, BA, 5A, 00, 00, ...]
.text F:\PC-SOFT\Serveur HyperFileSQL\Manta64.exe[5980] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 000007fdb9af3be1 11 bytes [b8, C9, 73, BA, 5A, 00, 00, ...]
.text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 000007fdb9a32c60 6 bytes [48, B8, 49, E0, BA, 5A]
.text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 000007fdb9a32c68 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000007fdb9a32cd0 6 bytes [48, B8, 49, C4, BA, 5A]
.text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 000007fdb9a32cd8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000007fdb9a32da0 6 bytes [48, B8, 09, B1, BA, 5A]
.text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 000007fdb9a32da8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fdb9a32e40 6 bytes [48, B8, C9, 2D, BA, 5A]
.text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 000007fdb9a32e48 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000007fdb9a32e60 6 bytes [48, B8, C9, 18, BA, 5A]
.text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000007fdb9a32e68 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000007fdb9a32e80 6 bytes [48, B8, 89, 1A, BA, 5A]
.text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 000007fdb9a32e88 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fdb9a32ea0 6 bytes [48, B8, 49, AF, BA, 5A]
.text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 000007fdb9a32ea8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fdb9a32f50 6 bytes [48, B8, C9, DC, BA, 5A]
.text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 000007fdb9a32f58 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fdb9a32f80 6 bytes [48, B8, 49, 2A, BA, 5A]
.text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 000007fdb9a32f88 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fdb9a32fa0 6 bytes [48, B8, 49, 31, BA, 5A]
.text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 000007fdb9a32fa8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000007fdb9a33030 6 bytes [48, B8, 89, 2F, BA, 5A]
.text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 000007fdb9a33038 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fdb9a33080 6 bytes [48, B8, 09, E2, BA, 5A]
.text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 000007fdb9a33088 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 000007fdb9a330b0 6 bytes [48, B8, C9, 26, BA, 5A]
.text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 000007fdb9a330b8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fdb9a330c0 6 bytes [48, B8, 49, 23, BA, 5A]
.text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 000007fdb9a330c8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000007fdb9a33130 6 bytes [48, B8, 89, DE, BA, 5A]
.text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000007fdb9a33138 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000007fdb9a331e1 6 bytes [48, B8, 89, E5, BA, 5A]
.text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 000007fdb9a331e9 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fdb9a33641 6 bytes [48, B8, 09, DB, BA, 5A]
.text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 000007fdb9a33649 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 000007fdb9a33691 6 bytes [48, B8, 09, 25, BA, 5A]
.text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 000007fdb9a33699 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fdb9a336f1 6 bytes [48, B8, 89, 21, BA, 5A]
.text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 000007fdb9a336f9 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fdb9a33ae1 6 bytes [48, B8, 09, C6, BA, 5A]
.text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 000007fdb9a33ae9 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 000007fdb9a34041 6 bytes [48, B8, 09, 72, BA, 5A]
.text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 000007fdb9a34049 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fdb9a34251 6 bytes [48, B8, 09, 2C, BA, 5A]
.text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 000007fdb9a34259 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fdb9a34431 6 bytes [48, B8, C9, C7, BA, 5A]
.text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 000007fdb9a34439 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fdb9a34541 6 bytes [48, B8, C9, E3, BA, 5A]
.text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 000007fdb9a34549 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fdb9a34651 6 bytes [48, B8, C9, D5, BA, 5A]
.text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 000007fdb9a34659 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 000007fdb9a55bd1 11 bytes [b8, C9, 5E, BA, 5A, 00, 00, ...]
.text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 000007fdb9af3be1 11 bytes [b8, C9, 73, BA, 5A, 00, 00, ...]
.text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\system32\KERNEL32.DLL!GetStartupInfoA + 1 000007fdb8a1d9bd 11 bytes [b8, 09, D4, BA, 5A, 00, 00, ...]
.text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\system32\KERNEL32.DLL!CreateToolhelp32Snapshot 000007fdb8a24260 12 bytes [48, B8, C9, 34, BA, 5A, 00, ...]
.text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\system32\KERNEL32.DLL!Process32NextW 000007fdb8a24814 12 bytes [48, B8, 89, C2, BA, 5A, 00, ...]
.text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\system32\KERNELBASE.dll!CloseHandle 000007fdb6b91580 12 bytes [48, B8, 09, 48, BA, 5A, 00, ...]
.text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fdb6b928e9 11 bytes [b8, 49, B6, BA, 5A, 00, 00, ...]
.text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\system32\KERNELBASE.dll!CreateMutexW + 1 000007fdb6b93411 11 bytes [b8, 49, 46, BA, 5A, 00, 00, ...]
.text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fdb6b94541 11 bytes [b8, 09, B8, BA, 5A, 00, 00, ...]
.text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\system32\KERNELBASE.dll!CreateProcessInternalW 000007fdb6b9b970 12 bytes [48, B8, 89, 28, BA, 5A, 00, ...]
.text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fdb6baf590 12 bytes [48, B8, 89, B4, BA, 5A, 00, ...]
.text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fdb6baf679 11 bytes [b8, C9, B2, BA, 5A, 00, 00, ...]
.text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fdb6bbb6dd 11 bytes [b8, 89, 44, BA, 5A, 00, 00, ...]
.text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory + 1 000007fdb6bf5c01 11 bytes [b8, 49, 38, BA, 5A, 00, 00, ...]
.text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputW + 1 000007fdb6c2b2ed 11 bytes [b8, C9, 6C, BA, 5A, 00, 00, ...]
.text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputA + 1 000007fdb6c2b30d 11 bytes [b8, 09, 6B, BA, 5A, 00, 00, ...]
.text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\system32\KERNELBASE.dll!ReadConsoleW 000007fdb6c2bcc0 12 bytes [48, B8, 49, 70, BA, 5A, 00, ...]
.text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\system32\KERNELBASE.dll!ReadConsoleA 000007fdb6c2bd08 12 bytes [48, B8, 89, 6E, BA, 5A, 00, ...]
.text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread 000007fdb6c3720c 12 bytes [48, B8, C9, 1F, BA, 5A, 00, ...]
.text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\system32\KERNELBASE.dll!CreateThread 000007fdb6c37250 12 bytes [48, B8, 89, 36, BA, 5A, 00, ...]
.text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\SYSTEM32\user32.dll!PeekMessageW + 1 000007fdb8b510c1 11 bytes [b8, 49, 69, BA, 5A, 00, 00, ...]
.text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\SYSTEM32\user32.dll!CallNextHookEx + 1 000007fdb8b51881 11 bytes [b8, 89, 75, BA, 5A, 00, 00, ...]
.text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\SYSTEM32\user32.dll!GetMessageW 000007fdb8b51ed0 12 bytes [48, B8, C9, 65, BA, 5A, 00, ...]
.text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\SYSTEM32\user32.dll!UnhookWindowsHookEx 000007fdb8b52120 6 bytes [48, B8, 49, 77, BA, 5A]
.text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\SYSTEM32\user32.dll!UnhookWindowsHookEx + 8 000007fdb8b52128 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\SYSTEM32\user32.dll!PostMessageW + 1 000007fdb8b524a1 11 bytes [b8, 49, D9, BA, 5A, 00, 00, ...]
.text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\SYSTEM32\user32.dll!PeekMessageA + 1 000007fdb8b55571 11 bytes [b8, 89, 67, BA, 5A, 00, 00, ...]
.text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\SYSTEM32\user32.dll!GetMessageA 000007fdb8b55720 12 bytes [48, B8, 09, 64, BA, 5A, 00, ...]
.text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\SYSTEM32\user32.dll!UserClientDllInitialize + 1 000007fdb8b557b1 11 bytes [b8, 49, E7, BA, 5A, 00, 00, ...]
.text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\SYSTEM32\user32.dll!SetWindowTextW 000007fdb8b57430 12 bytes [48, B8, 89, A6, BA, 5A, 00, ...]
.text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\SYSTEM32\user32.dll!FindWindowW 000007fdb8b5b160 12 bytes [48, B8, 49, BD, BA, 5A, 00, ...]
.text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\SYSTEM32\user32.dll!SetWindowsHookExW 000007fdb8b5bee0 12 bytes [48, B8, 09, 1E, BA, 5A, 00, ...]
.text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\SYSTEM32\user32.dll!CreateWindowExW + 1 000007fdb8b5c5b1 5 bytes [b8, 89, 98, BA, 5A]
.text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\SYSTEM32\user32.dll!CreateWindowExW + 7 000007fdb8b5c5b7 5 bytes [00, 00, 00, 50, C3]
.text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\SYSTEM32\user32.dll!PostMessageA + 1 000007fdb8b65061 11 bytes [b8, 89, D7, BA, 5A, 00, 00, ...]
.text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\SYSTEM32\user32.dll!CreateWindowExA + 1 000007fdb8b66261 5 bytes [b8, 49, 9A, BA, 5A]
.text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\SYSTEM32\user32.dll!CreateWindowExA + 7 000007fdb8b66267 5 bytes [00, 00, 00, 50, C3]
.text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\SYSTEM32\user32.dll!FindWindowExW 000007fdb8b685c0 12 bytes [48, B8, 09, BF, BA, 5A, 00, ...]
.text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\SYSTEM32\user32.dll!FindWindowExA + 1 000007fdb8b68aa1 11 bytes [b8, 89, BB, BA, 5A, 00, 00, ...]
.text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\SYSTEM32\user32.dll!CreateDialogIndirectParamAorW + 1 000007fdb8b6da61 11 bytes [b8, C9, 9D, BA, 5A, 00, 00, ...]
.text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\SYSTEM32\user32.dll!DialogBoxIndirectParamAorW + 1 000007fdb8b7b8e1 11 bytes [b8, 89, 9F, BA, 5A, 00, 00, ...]
.text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\SYSTEM32\user32.dll!SetWindowsHookExA + 1 000007fdb8b81851 8 bytes [b8, 49, 1C, BA, 5A, 00, 00, ...]
.text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\SYSTEM32\user32.dll!SetWindowsHookExA + 10 000007fdb8b8185a 2 bytes [50, C3]
.text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\SYSTEM32\user32.dll!MessageBoxExW + 1 000007fdb8bc02ed 11 bytes [b8, 09, A3, BA, 5A, 00, 00, ...]
.text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\SYSTEM32\user32.dll!MessageBoxExA + 1 000007fdb8bc0311 11 bytes [b8, 49, A1, BA, 5A, 00, 00, ...]
.text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\SYSTEM32\user32.dll!SetWindowTextA + 1 000007fdb8bc8211 11 bytes [b8, C9, A4, BA, 5A, 00, 00, ...]
.text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fdb73ad138 12 bytes [48, B8, 49, 62, BA, 5A, 00, ...]
.text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fdb73ad1c0 12 bytes [48, B8, 89, 60, BA, 5A, 00, ...]
.text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW 000007fdb73ad350 12 bytes [48, B8, 09, 56, BA, 5A, 00, ...]
.text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007fdb73ad3e8 12 bytes [48, B8, 49, 54, BA, 5A, 00, ...]
.text C:\Windows\system32\taskhostex.exe[8084] C:\Windows\system32\SHELL32.dll!Shell_NotifyIconW + 1 000007fdb75dd181 11 bytes [b8, 09, 79, BA, 5A, 00, 00, ...]
.text C:\Windows\Explorer.EXE[6912] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000007fdb9a32da0 6 bytes [48, B8, 89, 52, BA, 5A]
.text C:\Windows\Explorer.EXE[6912] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 000007fdb9a32da8 4 bytes [00, 00, 50, C3]
.text C:\Windows\Explorer.EXE[6912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fdb9a32e40 6 bytes [48, B8, C9, 2D, BA, 5A]
.text C:\Windows\Explorer.EXE[6912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 000007fdb9a32e48 4 bytes [00, 00, 50, C3]
.text C:\Windows\Explorer.EXE[6912] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000007fdb9a32e60 6 bytes [48, B8, C9, 18, BA, 5A]
.text C:\Windows\Explorer.EXE[6912] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000007fdb9a32e68 4 bytes [00, 00, 50, C3]
.text C:\Windows\Explorer.EXE[6912] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000007fdb9a32e80 6 bytes [48, B8, 89, 1A, BA, 5A]
.text C:\Windows\Explorer.EXE[6912] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 000007fdb9a32e88 4 bytes [00, 00, 50, C3]
.text C:\Windows\Explorer.EXE[6912] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fdb9a32ea0 6 bytes [48, B8, C9, 50, BA, 5A]
.text C:\Windows\Explorer.EXE[6912] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 000007fdb9a32ea8 4 bytes [00, 00, 50, C3]
.text C:\Windows\Explorer.EXE[6912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fdb9a32f50 6 bytes [48, B8, C9, 65, BA, 5A]
.text C:\Windows\Explorer.EXE[6912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 000007fdb9a32f58 4 bytes [00, 00, 50, C3]
.text C:\Windows\Explorer.EXE[6912] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fdb9a32f80 6 bytes [48, B8, 49, 2A, BA, 5A]
.text C:\Windows\Explorer.EXE[6912] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 000007fdb9a32f88 4 bytes [00, 00, 50, C3]
.text C:\Windows\Explorer.EXE[6912] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fdb9a32fa0 6 bytes [48, B8, 49, 31, BA, 5A]
.text C:\Windows\Explorer.EXE[6912] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 000007fdb9a32fa8 4 bytes [00, 00, 50, C3]
.text C:\Windows\Explorer.EXE[6912] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000007fdb9a33030 6 bytes [48, B8, 89, 2F, BA, 5A]
.text C:\Windows\Explorer.EXE[6912] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 000007fdb9a33038 4 bytes [00, 00, 50, C3]
.text C:\Windows\Explorer.EXE[6912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fdb9a33080 6 bytes [48, B8, 89, 67, BA, 5A]
.text C:\Windows\Explorer.EXE[6912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 000007fdb9a33088 4 bytes [00, 00, 50, C3]
.text C:\Windows\Explorer.EXE[6912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 000007fdb9a330b0 6 bytes [48, B8, C9, 26, BA, 5A]
.text C:\Windows\Explorer.EXE[6912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 000007fdb9a330b8 4 bytes [00, 00, 50, C3]
.text C:\Windows\Explorer.EXE[6912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fdb9a330c0 6 bytes [48, B8, 49, 23, BA, 5A]
.text C:\Windows\Explorer.EXE[6912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 000007fdb9a330c8 4 bytes [00, 00, 50, C3]
.text C:\Windows\Explorer.EXE[6912] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000007fdb9a331e1 6 bytes [48, B8, 09, 6B, BA, 5A]
.text C:\Windows\Explorer.EXE[6912] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 000007fdb9a331e9 4 bytes [00, 00, 50, C3]
.text C:\Windows\Explorer.EXE[6912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fdb9a33641 6 bytes [48, B8, 09, 64, BA, 5A]
.text C:\Windows\Explorer.EXE[6912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 000007fdb9a33649 4 bytes [00, 00, 50, C3]
.text C:\Windows\Explorer.EXE[6912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 000007fdb9a33691 6 bytes [48, B8, 09, 25, BA, 5A]
.text C:\Windows\Explorer.EXE[6912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 000007fdb9a33699 4 bytes [00, 00, 50, C3]
.text C:\Windows\Explorer.EXE[6912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fdb9a336f1 6 bytes [48, B8, 89, 21, BA, 5A]
.text C:\Windows\Explorer.EXE[6912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 000007fdb9a336f9 4 bytes [00, 00, 50, C3]
.text C:\Windows\Explorer.EXE[6912] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fdb9a33ae1 6 bytes [48, B8, 49, 54, BA, 5A]
.text C:\Windows\Explorer.EXE[6912] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 000007fdb9a33ae9 4 bytes [00, 00, 50, C3]
.text C:\Windows\Explorer.EXE[6912] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fdb9a34251 6 bytes [48, B8, 09, 2C, BA, 5A]
.text C:\Windows\Explorer.EXE[6912] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 000007fdb9a34259 4 bytes [00, 00, 50, C3]
.text C:\Windows\Explorer.EXE[6912] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fdb9a34431 6 bytes [48, B8, 09, 56, BA, 5A]
.text C:\Windows\Explorer.EXE[6912] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 000007fdb9a34439 4 bytes [00, 00, 50, C3]
.text C:\Windows\Explorer.EXE[6912] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fdb9a34541 6 bytes [48, B8, 49, 69, BA, 5A]
.text C:\Windows\Explorer.EXE[6912] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 000007fdb9a34549 4 bytes [00, 00, 50, C3]
.text C:\Windows\Explorer.EXE[6912] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fdb9a34651 6 bytes [48, B8, 49, 5B, BA, 5A]
.text C:\Windows\Explorer.EXE[6912] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 000007fdb9a34659 4 bytes [00, 00, 50, C3]
.text C:\Windows\Explorer.EXE[6912] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 000007fdb9a55bd1 11 bytes [b8, 89, 4B, BA, 5A, 00, 00, ...]
.text C:\Windows\Explorer.EXE[6912] C:\Windows\system32\KERNEL32.DLL!GetStartupInfoA + 1 000007fdb8a1d9bd 11 bytes [b8, 89, 59, BA, 5A, 00, 00, ...]
.text C:\Windows\Explorer.EXE[6912] C:\Windows\system32\KERNEL32.DLL!CreateToolhelp32Snapshot 000007fdb8a24260 12 bytes [48, B8, C9, 34, BA, 5A, 00, ...]
.text C:\Windows\Explorer.EXE[6912] C:\Windows\system32\KERNELBASE.dll!CreateProcessInternalW 000007fdb6b9b970 12 bytes [48, B8, 89, 28, BA, 5A, 00, ...]
.text C:\Windows\Explorer.EXE[6912] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory + 1 000007fdb6bf5c01 11 bytes [b8, 49, 38, BA, 5A, 00, 00, ...]
.text C:\Windows\Explorer.EXE[6912] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread 000007fdb6c3720c 12 bytes [48, B8, C9, 1F, BA, 5A, 00, ...]
.text C:\Windows\Explorer.EXE[6912] C:\Windows\system32\KERNELBASE.dll!CreateThread 000007fdb6c37250 12 bytes [48, B8, 89, 36, BA, 5A, 00, ...]
.text C:\Windows\Explorer.EXE[6912] C:\Windows\SYSTEM32\advapi32.dll!CreateServiceW 000007fdb73ad138 12 bytes [48, B8, 09, 4F, BA, 5A, 00, ...]
.text C:\Windows\Explorer.EXE[6912] C:\Windows\SYSTEM32\advapi32.dll!CreateServiceA 000007fdb73ad1c0 12 bytes [48, B8, 49, 4D, BA, 5A, 00, ...]
.text C:\Windows\Explorer.EXE[6912] C:\Windows\SYSTEM32\advapi32.dll!ChangeServiceConfigW 000007fdb73ad350 12 bytes [48, B8, 49, 46, BA, 5A, 00, ...]
.text C:\Windows\Explorer.EXE[6912] C:\Windows\SYSTEM32\advapi32.dll!ChangeServiceConfigA 000007fdb73ad3e8 12 bytes [48, B8, 89, 44, BA, 5A, 00, ...]
.text C:\Windows\Explorer.EXE[6912] C:\Windows\system32\USER32.dll!GetMessageW 000007fdb8b51ed0 12 bytes [48, B8, C9, 5E, BA, 5A, 00, ...]
.text C:\Windows\Explorer.EXE[6912] C:\Windows\system32\USER32.dll!PostMessageW + 1 000007fdb8b524a1 11 bytes [b8, 49, 62, BA, 5A, 00, 00, ...]
.text C:\Windows\Explorer.EXE[6912] C:\Windows\system32\USER32.dll!GetMessageA 000007fdb8b55720 12 bytes [48, B8, 09, 5D, BA, 5A, 00, ...]
.text C:\Windows\Explorer.EXE[6912] C:\Windows\system32\USER32.dll!UserClientDllInitialize + 1 000007fdb8b557b1 11 bytes [b8, 89, 6E, BA, 5A, 00, 00, ...]
.text C:\Windows\Explorer.EXE[6912] C:\Windows\system32\USER32.dll!SetWindowsHookExW 000007fdb8b5bee0 12 bytes [48, B8, 09, 1E, BA, 5A, 00, ...]
.text C:\Windows\Explorer.EXE[6912] C:\Windows\system32\USER32.dll!PostMessageA + 1 000007fdb8b65061 11 bytes [b8, 89, 60, BA, 5A, 00, 00, ...]
.text C:\Windows\Explorer.EXE[6912] C:\Windows\system32\USER32.dll!SetWindowsHookExA + 1 000007fdb8b81851 8 bytes [b8, 49, 1C, BA, 5A, 00, 00, ...]
.text C:\Windows\Explorer.EXE[6912] C:\Windows\system32\USER32.dll!SetWindowsHookExA + 10 000007fdb8b8185a 2 bytes [50, C3]
.text C:\Windows\Explorer.EXE[6912] C:\Windows\system32\WS2_32.dll!connect 000007fdb8ce4940 12 bytes [48, B8, C9, 49, BA, 5A, 00, ...]

 

...

 

Y a une suite.... au prochain post...

fbe66 Junior Member

fbe66

Posté(e)
  • Auteur
Posté(e)

Voici la suite de l'analyse GMER postée précédemment :

 

.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 000007fdb9a32c60 6 bytes [48, B8, 49, E0, BA, 5A]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 000007fdb9a32c68 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000007fdb9a32cd0 6 bytes [48, B8, 49, C4, BA, 5A]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 000007fdb9a32cd8 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000007fdb9a32da0 6 bytes [48, B8, 09, B1, BA, 5A]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 000007fdb9a32da8 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fdb9a32e40 6 bytes [48, B8, C9, 2D, BA, 5A]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 000007fdb9a32e48 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000007fdb9a32e60 6 bytes [48, B8, C9, 18, BA, 5A]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000007fdb9a32e68 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000007fdb9a32e80 6 bytes [48, B8, 89, 1A, BA, 5A]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 000007fdb9a32e88 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fdb9a32ea0 6 bytes [48, B8, 49, AF, BA, 5A]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 000007fdb9a32ea8 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fdb9a32f50 6 bytes [48, B8, C9, DC, BA, 5A]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 000007fdb9a32f58 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fdb9a32f80 6 bytes [48, B8, 49, 2A, BA, 5A]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 000007fdb9a32f88 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fdb9a32fa0 6 bytes [48, B8, 49, 31, BA, 5A]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 000007fdb9a32fa8 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000007fdb9a33030 6 bytes [48, B8, 89, 2F, BA, 5A]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 000007fdb9a33038 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fdb9a33080 6 bytes [48, B8, 09, E2, BA, 5A]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 000007fdb9a33088 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 000007fdb9a330b0 6 bytes [48, B8, C9, 26, BA, 5A]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 000007fdb9a330b8 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fdb9a330c0 6 bytes [48, B8, 49, 23, BA, 5A]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 000007fdb9a330c8 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000007fdb9a33130 6 bytes [48, B8, 89, DE, BA, 5A]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000007fdb9a33138 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000007fdb9a331e1 6 bytes [48, B8, 89, E5, BA, 5A]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 000007fdb9a331e9 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fdb9a33641 6 bytes [48, B8, 09, DB, BA, 5A]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 000007fdb9a33649 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 000007fdb9a33691 6 bytes [48, B8, 09, 25, BA, 5A]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 000007fdb9a33699 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fdb9a336f1 6 bytes [48, B8, 89, 21, BA, 5A]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 000007fdb9a336f9 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fdb9a33ae1 6 bytes [48, B8, 09, C6, BA, 5A]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 000007fdb9a33ae9 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 000007fdb9a34041 6 bytes [48, B8, 09, 72, BA, 5A]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 000007fdb9a34049 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fdb9a34251 6 bytes [48, B8, 09, 2C, BA, 5A]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 000007fdb9a34259 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fdb9a34431 6 bytes [48, B8, C9, C7, BA, 5A]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 000007fdb9a34439 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fdb9a34541 6 bytes [48, B8, C9, E3, BA, 5A]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 000007fdb9a34549 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fdb9a34651 6 bytes [48, B8, C9, D5, BA, 5A]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 000007fdb9a34659 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 000007fdb9a55bd1 11 bytes [b8, C9, 5E, BA, 5A, 00, 00, ...]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 000007fdb9af3be1 11 bytes [b8, C9, 73, BA, 5A, 00, 00, ...]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\system32\KERNEL32.DLL!GetStartupInfoA + 1 000007fdb8a1d9bd 11 bytes [b8, 09, D4, BA, 5A, 00, 00, ...]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\system32\KERNEL32.DLL!CreateToolhelp32Snapshot 000007fdb8a24260 12 bytes [48, B8, C9, 34, BA, 5A, 00, ...]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\system32\KERNEL32.DLL!Process32NextW 000007fdb8a24814 12 bytes [48, B8, 89, C2, BA, 5A, 00, ...]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\system32\KERNELBASE.dll!CloseHandle 000007fdb6b91580 12 bytes [48, B8, 09, 48, BA, 5A, 00, ...]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fdb6b928e9 11 bytes [b8, 49, B6, BA, 5A, 00, 00, ...]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\system32\KERNELBASE.dll!CreateMutexW + 1 000007fdb6b93411 11 bytes [b8, 49, 46, BA, 5A, 00, 00, ...]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fdb6b94541 11 bytes [b8, 09, B8, BA, 5A, 00, 00, ...]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\system32\KERNELBASE.dll!CreateProcessInternalW 000007fdb6b9b970 12 bytes [48, B8, 89, 28, BA, 5A, 00, ...]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fdb6baf590 12 bytes [48, B8, 89, B4, BA, 5A, 00, ...]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fdb6baf679 11 bytes [b8, C9, B2, BA, 5A, 00, 00, ...]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fdb6bbb6dd 11 bytes [b8, 89, 44, BA, 5A, 00, 00, ...]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory + 1 000007fdb6bf5c01 11 bytes [b8, 49, 38, BA, 5A, 00, 00, ...]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputW + 1 000007fdb6c2b2ed 11 bytes [b8, C9, 6C, BA, 5A, 00, 00, ...]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputA + 1 000007fdb6c2b30d 11 bytes [b8, 09, 6B, BA, 5A, 00, 00, ...]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\system32\KERNELBASE.dll!ReadConsoleW 000007fdb6c2bcc0 12 bytes [48, B8, 49, 70, BA, 5A, 00, ...]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\system32\KERNELBASE.dll!ReadConsoleA 000007fdb6c2bd08 12 bytes [48, B8, 89, 6E, BA, 5A, 00, ...]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread 000007fdb6c3720c 12 bytes [48, B8, C9, 1F, BA, 5A, 00, ...]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\system32\KERNELBASE.dll!CreateThread 000007fdb6c37250 12 bytes [48, B8, 89, 36, BA, 5A, 00, ...]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\system32\USER32.dll!PeekMessageW + 1 000007fdb8b510c1 11 bytes [b8, 49, 69, BA, 5A, 00, 00, ...]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\system32\USER32.dll!CallNextHookEx + 1 000007fdb8b51881 11 bytes [b8, 89, 75, BA, 5A, 00, 00, ...]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\system32\USER32.dll!GetMessageW 000007fdb8b51ed0 12 bytes [48, B8, C9, 65, BA, 5A, 00, ...]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx 000007fdb8b52120 6 bytes [48, B8, 49, 77, BA, 5A]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx + 8 000007fdb8b52128 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\system32\USER32.dll!PostMessageW + 1 000007fdb8b524a1 11 bytes [b8, 49, D9, BA, 5A, 00, 00, ...]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\system32\USER32.dll!PeekMessageA + 1 000007fdb8b55571 11 bytes [b8, 89, 67, BA, 5A, 00, 00, ...]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\system32\USER32.dll!GetMessageA 000007fdb8b55720 12 bytes [48, B8, 09, 64, BA, 5A, 00, ...]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\system32\USER32.dll!UserClientDllInitialize + 1 000007fdb8b557b1 11 bytes [b8, 49, E7, BA, 5A, 00, 00, ...]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\system32\USER32.dll!SetWindowTextW 000007fdb8b57430 12 bytes [48, B8, 89, A6, BA, 5A, 00, ...]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\system32\USER32.dll!FindWindowW 000007fdb8b5b160 12 bytes [48, B8, 49, BD, BA, 5A, 00, ...]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\system32\USER32.dll!SetWindowsHookExW 000007fdb8b5bee0 12 bytes [48, B8, 09, 1E, BA, 5A, 00, ...]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\system32\USER32.dll!CreateWindowExW + 1 000007fdb8b5c5b1 5 bytes [b8, 89, 98, BA, 5A]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\system32\USER32.dll!CreateWindowExW + 7 000007fdb8b5c5b7 5 bytes [00, 00, 00, 50, C3]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\system32\USER32.dll!PostMessageA + 1 000007fdb8b65061 11 bytes [b8, 89, D7, BA, 5A, 00, 00, ...]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\system32\USER32.dll!CreateWindowExA + 1 000007fdb8b66261 5 bytes [b8, 49, 9A, BA, 5A]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\system32\USER32.dll!CreateWindowExA + 7 000007fdb8b66267 5 bytes [00, 00, 00, 50, C3]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\system32\USER32.dll!FindWindowExW 000007fdb8b685c0 12 bytes [48, B8, 09, BF, BA, 5A, 00, ...]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\system32\USER32.dll!FindWindowExA + 1 000007fdb8b68aa1 11 bytes [b8, 89, BB, BA, 5A, 00, 00, ...]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\system32\USER32.dll!CreateDialogIndirectParamAorW + 1 000007fdb8b6da61 11 bytes [b8, C9, 9D, BA, 5A, 00, 00, ...]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\system32\USER32.dll!DialogBoxIndirectParamAorW + 1 000007fdb8b7b8e1 11 bytes [b8, 89, 9F, BA, 5A, 00, 00, ...]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\system32\USER32.dll!SetWindowsHookExA + 1 000007fdb8b81851 8 bytes [b8, 49, 1C, BA, 5A, 00, 00, ...]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\system32\USER32.dll!SetWindowsHookExA + 10 000007fdb8b8185a 2 bytes [50, C3]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\system32\USER32.dll!MessageBoxExW + 1 000007fdb8bc02ed 11 bytes [b8, 09, A3, BA, 5A, 00, 00, ...]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\system32\USER32.dll!MessageBoxExA + 1 000007fdb8bc0311 11 bytes [b8, 49, A1, BA, 5A, 00, 00, ...]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\system32\USER32.dll!SetWindowTextA + 1 000007fdb8bc8211 11 bytes [b8, C9, A4, BA, 5A, 00, 00, ...]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fdb13d1532 4 bytes [3D, B1, FD, 07]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fdb13d153a 4 bytes [3D, B1, FD, 07]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fdb13d165a 4 bytes [3D, B1, FD, 07]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fdb73ad138 12 bytes [48, B8, 49, 62, BA, 5A, 00, ...]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fdb73ad1c0 12 bytes [48, B8, 89, 60, BA, 5A, 00, ...]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW 000007fdb73ad350 12 bytes [48, B8, 09, 56, BA, 5A, 00, ...]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007fdb73ad3e8 12 bytes [48, B8, 49, 54, BA, 5A, 00, ...]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[7388] C:\Windows\system32\SHELL32.dll!Shell_NotifyIconW + 1 000007fdb75dd181 11 bytes [b8, 09, 79, BA, 5A, 00, 00, ...]
.text C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe[3800] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fdb9a32ea0 6 bytes [48, B8, 30, 08, 12, 03]
.text C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe[3800] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 000007fdb9a32ea8 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe[3800] C:\Windows\system32\KERNEL32.DLL!UnhandledExceptionFilter + 1 000007fdb8ad4695 5 bytes [b8, 30, 08, 35, 03]
.text C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe[3800] C:\Windows\system32\KERNEL32.DLL!UnhandledExceptionFilter + 7 000007fdb8ad469b 5 bytes [00, 00, 00, 50, C3]
.text C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe[3800] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fdb91d177a 4 bytes [1D, B9, FD, 07]
.text C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe[3800] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fdb91d1782 4 bytes [1D, B9, FD, 07]
.text C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe[4024] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fdb9a32ea0 6 bytes [48, B8, 30, 08, FF, 02]
.text C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe[4024] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 000007fdb9a32ea8 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe[4024] C:\Windows\system32\KERNEL32.DLL!UnhandledExceptionFilter + 1 000007fdb8ad4695 5 bytes [b8, 30, 08, EF, 02]
.text C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe[4024] C:\Windows\system32\KERNEL32.DLL!UnhandledExceptionFilter + 7 000007fdb8ad469b 5 bytes [00, 00, 00, 50, C3]
.text C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe[4024] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fdb91d177a 4 bytes [1D, B9, FD, 07]
.text C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe[4024] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fdb91d1782 4 bytes [1D, B9, FD, 07]
.text C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe[3304] C:\Windows\system32\USER32.dll!PeekMessageW + 1 000007fdb8b510c1 11 bytes [b8, 49, 69, BA, 5A, 00, 00, ...]
.text C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe[3304] C:\Windows\system32\USER32.dll!CallNextHookEx + 1 000007fdb8b51881 11 bytes [b8, 89, 75, BA, 5A, 00, 00, ...]
.text C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe[3304] C:\Windows\system32\USER32.dll!GetMessageW 000007fdb8b51ed0 12 bytes [48, B8, C9, 65, BA, 5A, 00, ...]
.text C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe[3304] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx 000007fdb8b52120 6 bytes [48, B8, 49, 77, BA, 5A]
.text C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe[3304] C:\Windows\system32\USER32.dll!UnhookWindowsHookEx + 8 000007fdb8b52128 4 bytes [00, 00, 50, C3]
.text C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe[3304] C:\Windows\system32\USER32.dll!PostMessageW + 1 000007fdb8b524a1 11 bytes [b8, 49, D9, BA, 5A, 00, 00, ...]
.text C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe[3304] C:\Windows\system32\USER32.dll!PeekMessageA + 1 000007fdb8b55571 11 bytes [b8, 89, 67, BA, 5A, 00, 00, ...]
.text C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe[3304] C:\Windows\system32\USER32.dll!GetMessageA 000007fdb8b55720 12 bytes [48, B8, 09, 64, BA, 5A, 00, ...]
.text C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe[3304] C:\Windows\system32\USER32.dll!UserClientDllInitialize + 1 000007fdb8b557b1 11 bytes [b8, 49, E7, BA, 5A, 00, 00, ...]
.text C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe[3304] C:\Windows\system32\USER32.dll!SetWindowTextW 000007fdb8b57430 12 bytes [48, B8, 89, A6, BA, 5A, 00, ...]
.text C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe[3304] C:\Windows\system32\USER32.dll!FindWindowW 000007fdb8b5b160 12 bytes [48, B8, 49, BD, BA, 5A, 00, ...]
.text C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe[3304] C:\Windows\system32\USER32.dll!SetWindowsHookExW 000007fdb8b5bee0 12 bytes [48, B8, 09, 1E, BA, 5A, 00, ...]
.text C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe[3304] C:\Windows\system32\USER32.dll!CreateWindowExW + 1 000007fdb8b5c5b1 5 bytes [b8, 89, 98, BA, 5A]
.text C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe[3304] C:\Windows\system32\USER32.dll!CreateWindowExW + 7 000007fdb8b5c5b7 5 bytes [00, 00, 00, 50, C3]
.text C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe[3304] C:\Windows\system32\USER32.dll!PostMessageA + 1 000007fdb8b65061 11 bytes [b8, 89, D7, BA, 5A, 00, 00, ...]
.text C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe[3304] C:\Windows\system32\USER32.dll!CreateWindowExA + 1 000007fdb8b66261 5 bytes [b8, 49, 9A, BA, 5A]
.text C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe[3304] C:\Windows\system32\USER32.dll!CreateWindowExA + 7 000007fdb8b66267 5 bytes [00, 00, 00, 50, C3]
.text C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe[3304] C:\Windows\system32\USER32.dll!FindWindowExW 000007fdb8b685c0 12 bytes [48, B8, 09, BF, BA, 5A, 00, ...]
.text C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe[3304] C:\Windows\system32\USER32.dll!FindWindowExA + 1 000007fdb8b68aa1 11 bytes [b8, 89, BB, BA, 5A, 00, 00, ...]
.text C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe[3304] C:\Windows\system32\USER32.dll!CreateDialogIndirectParamAorW + 1 000007fdb8b6da61 11 bytes [b8, C9, 9D, BA, 5A, 00, 00, ...]
.text C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe[3304] C:\Windows\system32\USER32.dll!DialogBoxIndirectParamAorW + 1 000007fdb8b7b8e1 11 bytes [b8, 89, 9F, BA, 5A, 00, 00, ...]
.text C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe[3304] C:\Windows\system32\USER32.dll!SetWindowsHookExA + 1 000007fdb8b81851 8 bytes [b8, 49, 1C, BA, 5A, 00, 00, ...]
.text C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe[3304] C:\Windows\system32\USER32.dll!SetWindowsHookExA + 10 000007fdb8b8185a 2 bytes [50, C3]
.text C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe[3304] C:\Windows\system32\USER32.dll!MessageBoxExW + 1 000007fdb8bc02ed 11 bytes [b8, 09, A3, BA, 5A, 00, 00, ...]
.text C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe[3304] C:\Windows\system32\USER32.dll!MessageBoxExA + 1 000007fdb8bc0311 11 bytes [b8, 49, A1, BA, 5A, 00, 00, ...]
.text C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe[3304] C:\Windows\system32\USER32.dll!SetWindowTextA + 1 000007fdb8bc8211 11 bytes [b8, C9, A4, BA, 5A, 00, 00, ...]

---- Modules - GMER 2.1 ----

Module \??\C:\Users\UTILIS~1\AppData\Local\Temp\fwldypob.sys (GMER) fffff8800ae00000-fffff8800ae10000 (65536 bytes)

---- Threads - GMER 2.1 ----

Thread C:\Windows\system32\svchost.exe [1200:5952] 000007fdaff65c38
Thread C:\Windows\system32\svchost.exe [1200:4920] 000007fdad4110f0
Thread C:\Windows\system32\svchost.exe [1980:3340] 000007fda86d1544
Thread C:\Windows\system32\svchost.exe [1980:3348] 000007fda86b55dc
Thread C:\Windows\system32\svchost.exe [1980:3988] 000007fda3224910
Thread C:\Windows\system32\svchost.exe [1980:5388] 000007fda3221044
Thread C:\Windows\system32\csrss.exe [4008:4612] fffff960009bf5e8
---- Processes - GMER 2.1 ----

Library C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\mso.dll (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE [2024] 000000006c640000
Library C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\csi.dll (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE [2024] 0000000066af0000
Library C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\ACEOLEDB.DLL (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE [2024] 0000000060ee0000

---- Disk sectors - GMER 2.1 ----

Disk \Device\Harddisk0\DR0 unknown MBR code

---- EOF - GMER 2.1 ----

 

Merci encore à tous

Franck

pear Devil Member !

pear

Posté(e)
Posté(e)

Bonjour,

 

C'est risqué d'utiliser un outil qu'on ne maitrise pas.

 


comment-utiliser-malwarebytes-anti-rootkit


La première étape avant tout processus de suppression de rootkit doit être une sauvegarde de toutes vos données.
Selon l'infection , Malwarebytes peut faire des modifications dans le Master Boot Record et la Table des partitions de votre disque dur lors du nettoyage de votre ordinateur.
Comme une modification incorrecte de ces emplacements peut empêcher votre ordinateur de démarrer correctement, il est toujours sage d'effectuer une sauvegarde complète de toutes vos données avant d'effectuer une suppression de rootkit.

Télécharger Malwarebytes Anti-Rootkit

Décompresser sur le bureau
Ouvrir le dossier et clic droit mbar.exe pour Exécuter avec droits Administrateur
Mettre à jour la base de définition virale.
en cliquant sur le bouton Update.
Suivez les instructions de l'assistant
Vérifier que les éléments à analyser Drivers (Pilotes), Sectors (Secteurs), et System (Système) sont sélectionnés puis cliquer sur le bouton Scan (Analyser).
scan-system.png
Patientez le temps de la recherche.
ceci apparait:
scan-results.png
Assurez vous que tout soit bien coché
Cliquez sur le bouton Cleanup(Nettoyage)pour supprimer toutes les menaces et redémarrez si vous êtes invité à le faire.
Attendez que le système s'arrête et que le processus de nettoyage soit effectué.
Relancez une analyse avec Malwarebytes Anti-Rootkit pour vérifier qu'il ne reste aucune menace .
S'il en restait, cliquez sur Cleanup(Nettoyage) une fois de plus et répétez le processus.
S'il n'y a pas d'autres menaces trouvées, vérifier que le système fonctionne maintenant normalement, en s'assurant que les éléments suivants sont fonctionnels:
Accès Internet
Windows Update
Pare-feu Windows
S'il ya des problèmes supplémentaires avec votre système, comme l'un des processus ci-dessus ou autre ,
Cliquez mbar->plugin->"fixdamage '
appuyer sur la touche Y du clavier et le programme va effectuer toutes les corrections nécessaires.
A la fin, un message dira d'appuyer sur n'importe quelle touche pour quitter.
Pour que les modifications prennent effet, redémarrer l'ordinateur.
Vérifier ensuite que le système fonctionne normalement.
Envoyer en réponse les deux rapports d'exécution créés par l'outil,
mbar-log-AAAA-MM-JJ (hh-mn-ss).txt et system-log.txt, qui se trouvent dans le dossier mbar.

Comment poster les rapports

Aller sur le site :Ci-Jointicne2cjoint.png
Appuyez sur Parcourir et chercher les rapports sur le disque,
Cliquer sur Ouvrir
Cliquer sur Créer le lien CJoint,
>> dans la page suivante --> ,,
une adresse http//.. sera créée
Copier /coller cette adresse dans votre prochain message.

  • Modérateurs
Dylav Devil Member !

Dylav

Posté(e)
  • Modérateurs
Posté(e)

Bonjour fbe, et bienvenue sur Zébulon icon_wink.gif

 

Voilà un rapport qu'il n'est pas raisonnable de poster par copier/coller dans un message de Zébulon. Comme te le suggère pear, il faut faire héberger de tels rapports...

Zébulon n'héberge pas de documents. Ainsi, les documents que tu désires joindre à ton message doivent être confiés à un hébergeur.

Si ce n'est déjà fait, tu enregistres ton document sur ton disque dur.
Ensuite, tu te rends sur le site d'un hébergeur, comme par exemple Cjoint

zzcj1.jpg

Tu cliques sur le bouton « Parcourir » pour localiser ton document, puis sur zzcj2.jpg.
Enfin, tu récupères l'adresse de ton document,

zzcj3.jpg

que tu copies/colles dans ton message sur le forum.
131120083259303713.jpg

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...