| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Win7: Fehler 5 u.a. / "Kaputtoptimiert"Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
05.12.2015, 17:10
| #1 |
| /// TB-Schüler  |  Win7: Fehler 5 u.a. / "Kaputtoptimiert" Hallo zusammen  Ich habe bereits längere Zeit probleme mit meinem eigentlich ziemlich neuen und auch recht guten Laptop. Das sind immer wieder Kleinigkeiten, die in der Gesamtsummer aber auffallen und nerven. So bleibt er beispielsweise oft hängen, wird grundlos laut, stürzt ab... Da ich mit Bitdefender eigentlich eine ziemlich gute Anti-Virensoftware habe ging ich gestern/vorgestern dazu über mit Advanced SystemCare 9 und Driver Booster 3 mein System zu optimieren. Seitdem geht so ziemlich gar nichts mehr. Noch öfteres hängen bleiben, Windows updatet nicht mehr, eben ist der Laptop von alleine 3x hintereinander runter und wieder hoch gefahren und jedes Mal wenn ich ein Programm installieren möchte bekomme ich die Meldung "Das Setup konnte den Ordner 'C:\Programm Files\XCZ' nicht erstellen. Fehler 5: Zugriff verweigert" Keine der Tipps aus dem Internet helfen. Gerade durch die Vorgeschichte glaube ich jetzt langsam aber sicher doch an Malware... Hier die geforderten Logs, leider passen hier nicht alle rein, daher hänge ich die letzten an. defogger_disable Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 15:58 on 05/12/2015 (David)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:05-12-2015
durchgeführt von David (Administrator) auf DAVID-PC (05-12-2015 16:00:40)
Gestartet von C:\Users\David\Desktop
Geladene Profile: David (Verfügbare Profile: David)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe
(Validity Sensors, Inc.) C:\Program Files\Lenovo Fingerprint Reader\ValBioService.exe
(Synaptics Incorporated) C:\Windows\System32\valWBFPolicyService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Validity Sensors, Inc.) C:\Program Files\Lenovo Fingerprint Reader\SwipeMonitor.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Vimicro) C:\Program Files (x86)\USB Camera\VM331STI.EXE
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFTips.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
() C:\Program Files (x86)\IObit\Advanced SystemCare\RealTimeProtector.exe
(Spotify Ltd) C:\Users\David\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\David\AppData\Roaming\Spotify\SpotifyCrashService.exe
(Spotify Ltd) C:\Users\David\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Spotify Ltd) C:\Users\David\AppData\Roaming\Spotify\Spotify.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2822896 2014-11-11] (Synaptics Incorporated)
HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe [1691112 2015-03-12] (Bitdefender)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation)
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331STI.EXE [552960 2013-05-14] (Vimicro)
HKLM-x32\...\Run: [IObit Malware Fighter] => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [5893920 2015-11-12] (IObit)
HKU\S-1-5-21-1911313962-1889918886-1752542047-1000\...\Run: [Bitdefender-Geldb�rse-Agent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe [790880 2015-01-15] (Bitdefender)
HKU\S-1-5-21-1911313962-1889918886-1752542047-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50137728 2015-11-17] (Skype Technologies S.A.)
HKU\S-1-5-21-1911313962-1889918886-1752542047-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-1911313962-1889918886-1752542047-1000\...\Run: [Advanced SystemCare 9] => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe [2010912 2015-11-06] (IObit)
HKU\S-1-5-21-1911313962-1889918886-1752542047-1000\...\Run: [Spotify Web Helper] => C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2345584 2015-12-01] (Spotify Ltd)
HKU\S-1-5-21-1911313962-1889918886-1752542047-1000\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
IFEO\BugReporter.exe: [Debugger] C:\Program Files (x86)\IObit\Advanced SystemCare\AutoReactivator.exe
IFEO\CyberGhost.exe: [Debugger] C:\Program Files (x86)\IObit\Advanced SystemCare\AutoReactivator.exe
IFEO\InstallHelper.exe: [Debugger] C:\Program Files (x86)\IObit\Advanced SystemCare\AutoReactivator.exe
IFEO\InstallHelper64.exe: [Debugger] C:\Program Files (x86)\IObit\Advanced SystemCare\AutoReactivator.exe
IFEO\maintenanceservice.exe: [Debugger] C:\Program Files (x86)\IObit\Advanced SystemCare\AutoReactivator.exe
IFEO\makecert.exe: [Debugger] C:\Program Files (x86)\IObit\Advanced SystemCare\AutoReactivator.exe
IFEO\ManifestTool.exe: [Debugger] C:\Program Files (x86)\IObit\Advanced SystemCare\AutoReactivator.exe
IFEO\Service.exe: [Debugger] C:\Program Files (x86)\IObit\Advanced SystemCare\AutoReactivator.exe
IFEO\VACon64.exe: [Debugger] C:\Program Files (x86)\IObit\Advanced SystemCare\AutoReactivator.exe
IFEO\vpnagent.exe: [Debugger] C:\Program Files (x86)\IObit\Advanced SystemCare\AutoReactivator.exe
IFEO\vpncli.exe: [Debugger] C:\Program Files (x86)\IObit\Advanced SystemCare\AutoReactivator.exe
IFEO\vpndownloader.exe: [Debugger] C:\Program Files (x86)\IObit\Advanced SystemCare\AutoReactivator.exe
IFEO\vpnui.exe: [Debugger] C:\Program Files (x86)\IObit\Advanced SystemCare\AutoReactivator.exe
IFEO\wyUpdate.exe: [Debugger] C:\Program Files (x86)\IObit\Advanced SystemCare\AutoReactivator.exe
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-10-13] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-10-13] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-10-13] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [__SafeBox1] -> {152C96EB-288E-4EDC-B7C6-D21F8250ADF3} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [2014-07-04] (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox2] -> {342DAA0B-D796-460D-8566-901E08A1CCAD} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [2014-07-04] (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox3] -> {57595DAE-1AE1-4D97-A49E-67CBB53B52DF} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [2014-07-04] (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox4] -> {33816773-98AE-4723-ADE0-EBE54C8B5A67} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [2014-07-04] (Bitdefender)
Startup: C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BdBkpFolder [2015-12-05] ()
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{2817433B-2456-44EE-9A7E-29889112B518}: [DhcpNameServer] 192.168.2.1
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG
HKU\S-1-5-21-1911313962-1889918886-1752542047-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2015-11-12] (IObit)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> Keine Datei
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-10-13] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-10-13] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> Keine Datei
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\URLREDIR.DLL [2015-10-13] (Microsoft Corporation)
BHO-x32: Advanced SystemCare Surfing Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll [2015-07-09] (IObit)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL [2015-10-13] (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-1911313962-1889918886-1752542047-1000 -> Bitdefender-Geldbörse - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll [2015-01-28] (Bitdefender)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-03-14] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL [2015-03-14] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\8umi2l9n.default
FF DefaultSearchEngine: DuckDuckGo
FF SelectedSearchEngine: DuckDuckGo
FF Homepage: hxxp://duckduckgo.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-29] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [Keine Datei]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-03-14] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-29] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-07-30] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-07-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-07-16] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Keine Datei]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-02-17] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL [2015-03-14] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\8umi2l9n.default\user.js [2015-12-04]
FF Extension: BetterPrivacy - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\8umi2l9n.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2015-11-29]
FF Extension: Advanced SystemCare Surfing Protection - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\8umi2l9n.default\extensions\ascsurfingprotection@iobit.com [2015-12-04] [ist nicht signiert]
FF Extension: Kein Name - C:\Program Files (x86)\IObit Apps Toolbar\FF [nicht gefunden]
FF Extension: Ghostery - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\8umi2l9n.default\Extensions\firefox@ghostery.com.xpi [2015-11-05]
FF Extension: Private Tab - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\8umi2l9n.default\Extensions\privateTab@infocatcher.xpi [2015-10-26]
FF Extension: Adblock Edge - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\8umi2l9n.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2015-12-05]
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext
FF Extension: Bitdefender Antispam Toolbar - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext [2015-04-01] [ist nicht signiert]
FF HKLM-x32\...\Firefox\Extensions: [bdwteff@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff
FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff [2015-04-01] [ist nicht signiert]
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext
Chrome:
=======
CHR Profile: C:\Users\David\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-12-02]
CHR Extension: (Google Docs) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-02]
CHR Extension: (Google Drive) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-02]
CHR Extension: (YouTube) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-02]
CHR Extension: (Google-Suche) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-02]
CHR Extension: (Bitdefender Wallet) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\fabcmochhfpldjekobfaaggijgohadih [2015-12-02]
CHR Extension: (Google Tabellen) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-12-02]
CHR Extension: (Google Docs Offline) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-12-03]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-12-02]
CHR Extension: (Google Mail) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-02]
CHR HKLM-x32\...\Chrome\Extension: [fabcmochhfpldjekobfaaggijgohadih] - hxxps://clients2.google.com/service/update2/crx
Opera:
=======
StartMenuInternet: (HKLM) Opera - C:\Program Files\Opera x64\Opera.exe
==================== Dienste (Nicht auf der Ausnahmeliste) ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 AdvancedSystemCareService9; C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe [827680 2015-11-04] (IObit)
S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
S3 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender 2015\bdparentalservice.exe [78144 2014-12-09] (Bitdefender)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2797752 2015-10-13] (Microsoft Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2015-12-02] (Intel Corporation)
R2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [882464 2015-11-04] (IObit)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [Datei ist nicht signiert]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-07-16] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-07-16] (Intel Corporation)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2934048 2015-11-10] (IObit)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272440 2015-03-09] (Lenovo)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2014-12-04] ()
S4 SafeBox; C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [94624 2013-07-08] (Bitdefender)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe [67320 2014-10-27] (Bitdefender)
R2 ValBioService; C:\Program Files\Lenovo Fingerprint Reader\ValBioService.exe [22872 2014-07-21] (Validity Sensors, Inc.)
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [49040 2014-07-21] (Synaptics Incorporated)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe [1547936 2015-03-16] (Bitdefender)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3820960 2014-12-04] (Intel® Corporation)
===================== Treiber (Nicht auf der Ausnahmeliste) ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1306464 2015-01-14] (BitDefender)
R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [262544 2015-01-23] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [677104 2015-01-14] (BitDefender)
R1 BdfNdisf; c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [93600 2014-12-15] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [107080 2012-10-29] (BitDefender LLC)
S3 bdfwfpf_pc; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [121928 2013-07-02] (Bitdefender SRL)
S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [82824 2015-01-09] (BitDefender SRL)
R1 BDVEDISK; C:\Windows\System32\DRIVERS\bdvedisk.sys [76944 2012-04-17] (BitDefender)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [502256 2015-12-02] (Intel Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 FileMonitor; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [23048 2015-03-25] (IObit)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [160544 2015-02-24] (BitDefender LLC)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-12-02] (REALiX(tm))
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [31144 2015-12-02] (Intel Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [179456 2015-12-02] (Intel Corporation)
R3 NETwNs64; C:\Windows\System32\DRIVERS\Netwsw02.sys [4011760 2015-12-02] (Intel Corporation)
R3 RegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [34848 2015-03-25] (IObit.com)
S3 RtlvVga; C:\Windows\System32\DRIVERS\RtlvVga.sys [11920 2014-03-18] (Realtek Semiconductor Corporation )
R3 RTSPER; C:\Windows\System32\DRIVERS\RtsPer.sys [752856 2015-12-02] (Realsil Semiconductor Corporation)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2014-06-04] (IObit)
S3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [32936 2015-12-02] (Synaptics Incorporated)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [452040 2014-10-15] (BitDefender S.R.L.)
R3 UrlFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [23016 2015-03-25] (IObit.com)
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [1070080 2013-12-31] (Vimicro Corporation)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52592 2015-02-19] (Cisco Systems, Inc.)
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-12-05 16:00 - 2015-12-05 16:01 - 00024058 _____ C:\Users\David\Desktop\FRST.txt
2015-12-05 16:00 - 2015-12-05 16:00 - 00000000 ____D C:\FRST
2015-12-05 15:59 - 2015-12-05 15:59 - 02369024 _____ (Farbar) C:\Users\David\Desktop\FRST64.exe
2015-12-05 15:57 - 2015-12-05 15:57 - 00000000 _____ C:\Users\David\defogger_reenable
2015-12-05 15:56 - 2015-12-05 15:56 - 00050477 _____ C:\Users\David\Desktop\Defogger.exe
2015-12-05 14:57 - 2015-12-05 14:59 - 00000000 ___RD C:\Temp1
2015-12-05 14:30 - 2015-12-05 14:30 - 00001177 _____ C:\Users\Public\Desktop\IObit Malware Fighter.lnk
2015-12-05 14:30 - 2015-12-05 14:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter
2015-12-05 14:15 - 2015-12-05 14:15 - 00003328 ____N C:\bootsqm.dat
2015-12-04 10:39 - 2015-12-04 10:39 - 00000000 ____D C:\Users\David\AppData\Local\Daedalic Entertainment
2015-12-04 10:35 - 2015-12-04 10:35 - 00000202 _____ C:\Users\David\Desktop\Deponia Demo.url
2015-12-04 01:33 - 2015-12-04 01:33 - 00000000 ___HD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo ThinkVantage Tools
2015-12-04 01:33 - 2015-12-04 01:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo ThinkVantage
2015-12-03 23:55 - 2015-12-03 23:55 - 03170304 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-12-03 23:55 - 2015-12-03 23:55 - 02609152 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-12-03 23:55 - 2015-12-03 23:55 - 00709632 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-12-03 23:55 - 2015-12-03 23:55 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-12-03 23:55 - 2015-12-03 23:55 - 00419928 _____ C:\Windows\SysWOW64\locale.nls
2015-12-03 23:55 - 2015-12-03 23:55 - 00419928 _____ C:\Windows\system32\locale.nls
2015-12-03 23:55 - 2015-12-03 23:55 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-12-03 23:55 - 2015-12-03 23:55 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-12-03 23:55 - 2015-12-03 23:55 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-12-03 23:55 - 2015-12-03 23:55 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-12-03 23:55 - 2015-12-03 23:55 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-12-03 23:55 - 2015-12-03 23:55 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-12-03 23:55 - 2015-12-03 23:55 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlsbres.dll
2015-12-03 23:55 - 2015-12-03 23:55 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\nlsbres.dll
2015-12-03 23:55 - 2015-12-03 23:55 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-12-03 23:55 - 2015-12-03 23:55 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-12-03 23:55 - 2015-12-03 23:55 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-12-03 23:55 - 2015-12-03 23:55 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-12-03 23:55 - 2015-12-03 23:55 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-12-03 23:55 - 2015-12-03 23:55 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-12-03 23:55 - 2015-12-03 23:55 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZE.DLL
2015-12-03 23:55 - 2015-12-03 23:55 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\kbdgeoqw.dll
2015-12-03 23:55 - 2015-12-03 23:55 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZEL.DLL
2015-12-03 23:55 - 2015-12-03 23:55 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZE.DLL
2015-12-03 23:55 - 2015-12-03 23:55 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kbdgeoqw.dll
2015-12-03 23:55 - 2015-12-03 23:55 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZEL.DLL
2015-12-03 23:54 - 2015-12-03 23:54 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-12-03 23:52 - 2015-12-03 23:52 - 25818624 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-12-03 23:52 - 2015-12-03 23:52 - 20331520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-12-03 23:52 - 2015-12-03 23:52 - 14457856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-12-03 23:52 - 2015-12-03 23:52 - 12854272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-12-03 23:52 - 2015-12-03 23:52 - 05990912 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-12-03 23:52 - 2015-12-03 23:52 - 04527616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-12-03 23:52 - 2015-12-03 23:52 - 02886656 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-12-03 23:52 - 2015-12-03 23:52 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-12-03 23:52 - 2015-12-03 23:52 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-12-03 23:52 - 2015-12-03 23:52 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-12-03 23:52 - 2015-12-03 23:52 - 02279936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-12-03 23:52 - 2015-12-03 23:52 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-12-03 23:52 - 2015-12-03 23:52 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-12-03 23:52 - 2015-12-03 23:52 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-12-03 23:52 - 2015-12-03 23:52 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-12-03 23:52 - 2015-12-03 23:52 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-12-03 23:52 - 2015-12-03 23:52 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-12-03 23:52 - 2015-12-03 23:52 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-12-03 23:52 - 2015-12-03 23:52 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-12-03 23:52 - 2015-12-03 23:52 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-12-03 23:52 - 2015-12-03 23:52 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-12-03 23:52 - 2015-12-03 23:52 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-12-03 23:52 - 2015-12-03 23:52 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-12-03 23:52 - 2015-12-03 23:52 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-12-03 23:52 - 2015-12-03 23:52 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-12-03 23:52 - 2015-12-03 23:52 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-12-03 23:52 - 2015-12-03 23:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-12-03 23:52 - 2015-12-03 23:52 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-12-03 23:52 - 2015-12-03 23:52 - 00616960 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-12-03 23:52 - 2015-12-03 23:52 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-12-03 23:52 - 2015-12-03 23:52 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-12-03 23:52 - 2015-12-03 23:52 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-12-03 23:52 - 2015-12-03 23:52 - 00480256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-12-03 23:52 - 2015-12-03 23:52 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-12-03 23:52 - 2015-12-03 23:52 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-12-03 23:52 - 2015-12-03 23:52 - 00390344 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-12-03 23:52 - 2015-12-03 23:52 - 00342728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-12-03 23:52 - 2015-12-03 23:52 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-12-03 23:52 - 2015-12-03 23:52 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-12-03 23:52 - 2015-12-03 23:52 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-12-03 23:52 - 2015-12-03 23:52 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-12-03 23:52 - 2015-12-03 23:52 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-12-03 23:52 - 2015-12-03 23:52 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-12-03 23:52 - 2015-12-03 23:52 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-12-03 23:52 - 2015-12-03 23:52 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-12-03 23:52 - 2015-12-03 23:52 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-12-03 23:52 - 2015-12-03 23:52 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-12-03 23:52 - 2015-12-03 23:52 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-12-03 23:52 - 2015-12-03 23:52 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-12-03 23:52 - 2015-12-03 23:52 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-12-03 23:52 - 2015-12-03 23:52 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-12-03 23:52 - 2015-12-03 23:52 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-12-03 23:52 - 2015-12-03 23:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-12-03 23:52 - 2015-12-03 23:52 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-12-03 23:52 - 2015-12-03 23:52 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-12-03 23:52 - 2015-12-03 23:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-12-03 23:52 - 2015-12-03 23:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-12-03 23:52 - 2015-12-03 23:52 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-12-03 23:52 - 2015-12-03 23:52 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-12-03 23:52 - 2015-12-03 23:52 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-12-03 23:52 - 2015-12-03 23:52 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-12-03 23:52 - 2015-12-03 23:52 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-12-03 23:52 - 2015-12-03 23:52 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-12-03 23:52 - 2015-12-03 23:52 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-12-03 23:51 - 2015-12-03 23:51 - 05570496 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-12-03 23:51 - 2015-12-03 23:51 - 03991488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-12-03 23:51 - 2015-12-03 23:51 - 03935680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-12-03 23:51 - 2015-12-03 23:51 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-12-03 23:51 - 2015-12-03 23:51 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-12-03 23:51 - 2015-12-03 23:51 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-12-03 23:51 - 2015-12-03 23:51 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-12-03 23:51 - 2015-12-03 23:51 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-12-03 23:51 - 2015-12-03 23:51 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-12-03 23:51 - 2015-12-03 23:51 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-12-03 23:51 - 2015-12-03 23:51 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-12-03 23:51 - 2015-12-03 23:51 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-12-03 23:51 - 2015-12-03 23:51 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-12-03 23:51 - 2015-12-03 23:51 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-12-03 23:51 - 2015-12-03 23:51 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-12-03 23:51 - 2015-12-03 23:51 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-12-03 23:51 - 2015-12-03 23:51 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-12-03 23:51 - 2015-12-03 23:51 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-12-03 23:51 - 2015-12-03 23:51 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-12-03 23:51 - 2015-12-03 23:51 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-12-03 23:51 - 2015-12-03 23:51 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-12-03 23:51 - 2015-12-03 23:51 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-12-03 23:51 - 2015-12-03 23:51 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-12-03 23:51 - 2015-12-03 23:51 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-12-03 23:51 - 2015-12-03 23:51 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-12-03 23:51 - 2015-12-03 23:51 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-12-03 23:51 - 2015-12-03 23:51 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-12-03 23:51 - 2015-12-03 23:51 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-12-03 23:51 - 2015-12-03 23:51 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-12-03 23:51 - 2015-12-03 23:51 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-12-03 23:51 - 2015-12-03 23:51 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-12-03 23:51 - 2015-12-03 23:51 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-12-03 23:51 - 2015-12-03 23:51 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-12-03 23:51 - 2015-12-03 23:51 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-12-03 23:51 - 2015-12-03 23:51 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-12-03 23:51 - 2015-12-03 23:51 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-12-03 23:51 - 2015-12-03 23:51 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-12-03 23:51 - 2015-12-03 23:51 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-12-03 23:51 - 2015-12-03 23:51 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-12-03 23:51 - 2015-12-03 23:51 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-12-03 23:51 - 2015-12-03 23:51 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-12-03 23:51 - 2015-12-03 23:51 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-12-03 23:51 - 2015-12-03 23:51 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-12-03 23:51 - 2015-12-03 23:51 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-12-03 23:51 - 2015-12-03 23:51 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-12-03 23:51 - 2015-12-03 23:51 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-12-03 23:51 - 2015-12-03 23:51 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-12-03 23:51 - 2015-12-03 23:51 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-12-03 23:51 - 2015-12-03 23:51 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-12-03 23:51 - 2015-12-03 23:51 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-12-03 23:51 - 2015-12-03 23:51 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-12-03 23:51 - 2015-12-03 23:51 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-12-03 23:51 - 2015-12-03 23:51 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-12-03 23:51 - 2015-12-03 23:51 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-12-03 23:51 - 2015-12-03 23:51 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-12-03 23:51 - 2015-12-03 23:51 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-12-03 23:51 - 2015-12-03 23:51 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-12-03 23:51 - 2015-12-03 23:51 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-12-03 23:51 - 2015-12-03 23:51 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-12-03 23:51 - 2015-12-03 23:51 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-12-03 23:51 - 2015-12-03 23:51 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-12-03 23:51 - 2015-12-03 23:51 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-12-03 23:51 - 2015-12-03 23:51 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-12-03 23:51 - 2015-12-03 23:51 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-12-03 23:51 - 2015-12-03 23:51 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-12-03 23:51 - 2015-12-03 23:51 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-12-03 23:51 - 2015-12-03 23:51 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-12-03 23:51 - 2015-12-03 23:51 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-12-03 23:51 - 2015-12-03 23:51 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-12-03 23:51 - 2015-12-03 23:51 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-12-03 23:51 - 2015-12-03 23:51 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-12-03 23:51 - 2015-12-03 23:51 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-12-03 23:51 - 2015-12-03 23:51 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-12-03 23:51 - 2015-12-03 23:51 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-12-03 23:51 - 2015-12-03 23:51 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-12-03 23:51 - 2015-12-03 23:51 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-12-03 23:51 - 2015-12-03 23:51 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-12-03 23:51 - 2015-12-03 23:51 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-12-03 23:51 - 2015-12-03 23:51 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-12-03 23:51 - 2015-12-03 23:51 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-12-03 23:51 - 2015-12-03 23:51 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-12-03 23:51 - 2015-12-03 23:51 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-12-03 23:51 - 2015-12-03 23:51 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-12-03 23:51 - 2015-12-03 23:51 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-12-03 23:51 - 2015-12-03 23:51 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-12-03 23:51 - 2015-12-03 23:51 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-12-03 23:51 - 2015-12-03 23:51 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-12-03 23:51 - 2015-12-03 23:51 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-12-03 23:51 - 2015-12-03 23:51 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-12-03 23:51 - 2015-12-03 23:51 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-12-03 23:51 - 2015-12-03 23:51 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-12-03 23:51 - 2015-12-03 23:51 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-12-03 23:51 - 2015-12-03 23:51 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-12-03 23:51 - 2015-12-03 23:51 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-12-03 23:51 - 2015-12-03 23:51 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-12-03 23:51 - 2015-12-03 23:51 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-12-03 23:51 - 2015-12-03 23:51 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-12-03 23:51 - 2015-12-03 23:51 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-12-03 23:51 - 2015-12-03 23:51 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-12-03 23:51 - 2015-12-03 23:51 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-12-03 23:51 - 2015-12-03 23:51 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-12-03 23:51 - 2015-12-03 23:51 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-12-03 23:51 - 2015-12-03 23:51 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-12-03 23:51 - 2015-12-03 23:51 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-12-03 23:51 - 2015-12-03 23:51 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-12-03 23:51 - 2015-12-03 23:51 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-12-03 23:51 - 2015-12-03 23:51 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-12-03 23:51 - 2015-12-03 23:51 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-12-03 23:51 - 2015-12-03 23:51 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-12-03 23:51 - 2015-12-03 23:51 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-12-03 23:51 - 2015-12-03 23:51 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-12-03 23:51 - 2015-12-03 23:51 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-12-03 23:51 - 2015-12-03 23:51 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-12-03 23:51 - 2015-12-03 23:51 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-12-03 23:51 - 2015-12-03 23:51 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-12-03 23:51 - 2015-12-03 23:51 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-12-03 23:51 - 2015-12-03 23:51 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-12-03 23:51 - 2015-12-03 23:51 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-12-03 23:51 - 2015-12-03 23:51 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-12-03 23:51 - 2015-12-03 23:51 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-12-03 23:51 - 2015-12-03 23:51 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-12-03 23:51 - 2015-12-03 23:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-12-03 23:50 - 2015-12-03 23:50 - 00950720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2015-12-03 23:50 - 2015-12-03 23:50 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2015-12-03 23:50 - 2015-12-03 23:50 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-12-03 23:48 - 2015-12-03 23:48 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-12-03 23:48 - 2015-12-03 23:48 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-12-03 23:48 - 2015-12-03 23:48 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-12-03 23:47 - 2015-12-03 23:47 - 00460776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-12-03 23:47 - 2015-12-03 23:47 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-12-03 23:47 - 2015-12-03 23:47 - 00299632 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2015-12-03 23:47 - 2015-12-03 23:47 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-12-03 23:47 - 2015-12-03 23:47 - 00251000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2015-12-03 23:47 - 2015-12-03 23:47 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-12-03 23:47 - 2015-12-03 23:47 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-12-03 23:47 - 2015-12-03 23:47 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-12-03 23:47 - 2015-12-03 23:47 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-12-03 23:47 - 2015-12-03 23:47 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-12-03 23:46 - 2015-12-03 23:46 - 00984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2015-12-03 23:46 - 2015-12-03 23:46 - 00901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2015-12-03 23:46 - 2015-12-03 23:46 - 00692672 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-12-03 23:46 - 2015-12-03 23:46 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-12-03 23:46 - 2015-12-03 23:46 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-12-03 23:46 - 2015-12-03 23:46 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2015-12-03 23:46 - 2015-12-03 23:46 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2015-12-03 23:46 - 2015-12-03 23:46 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-12-03 23:46 - 2015-12-03 23:46 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-12-03 23:46 - 2015-12-03 23:46 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-12-03 23:46 - 2015-12-03 23:46 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-12-03 23:46 - 2015-12-03 23:46 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-12-03 23:46 - 2015-12-03 23:46 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2015-12-03 23:46 - 2015-12-03 23:46 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2015-12-03 23:46 - 2015-12-03 23:46 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2015-12-03 23:46 - 2015-12-03 23:46 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2015-12-03 23:46 - 2015-12-03 23:46 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-12-03 23:46 - 2015-12-03 23:46 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2015-12-03 23:46 - 2015-12-03 23:46 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2015-12-03 23:46 - 2015-12-03 23:46 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2015-12-03 23:46 - 2015-12-03 23:46 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2015-12-03 23:46 - 2015-12-03 23:46 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2015-12-03 23:46 - 2015-12-03 23:46 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2015-12-03 23:46 - 2015-12-03 23:46 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2015-12-03 23:46 - 2015-12-03 23:46 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2015-12-03 23:46 - 2015-12-03 23:46 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2015-12-03 23:46 - 2015-12-03 23:46 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2015-12-03 23:46 - 2015-12-03 23:46 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2015-12-03 23:46 - 2015-12-03 23:46 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2015-12-03 23:46 - 2015-12-03 23:46 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2015-12-03 23:46 - 2015-12-03 23:46 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2015-12-03 23:46 - 2015-12-03 23:46 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2015-12-03 23:46 - 2015-12-03 23:46 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2015-12-03 23:46 - 2015-12-03 23:46 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2015-12-03 23:46 - 2015-12-03 23:46 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2015-12-03 23:46 - 2015-12-03 23:46 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2015-12-03 23:46 - 2015-12-03 23:46 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2015-12-03 23:46 - 2015-12-03 23:46 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2015-12-03 23:46 - 2015-12-03 23:46 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2015-12-03 23:46 - 2015-12-03 23:46 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2015-12-03 23:46 - 2015-12-03 23:46 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2015-12-03 23:46 - 2015-12-03 23:46 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2015-12-03 23:46 - 2015-12-03 23:46 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2015-12-03 23:46 - 2015-12-03 23:46 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2015-12-03 23:46 - 2015-12-03 23:46 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2015-12-03 23:46 - 2015-12-03 23:46 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2015-12-03 23:46 - 2015-12-03 23:46 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2015-12-03 23:46 - 2015-12-03 23:46 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll
2015-12-03 23:46 - 2015-12-03 23:46 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2015-12-03 23:46 - 2015-12-03 23:46 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2015-12-03 23:46 - 2015-12-03 23:46 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2015-12-03 23:46 - 2015-12-03 23:46 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2015-12-03 23:46 - 2015-12-03 23:46 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2015-12-03 23:46 - 2015-12-03 23:46 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2015-12-03 23:46 - 2015-12-03 23:46 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2015-12-03 23:46 - 2015-12-03 23:46 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2015-12-03 23:46 - 2015-12-03 23:46 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2015-12-03 23:45 - 2015-12-03 23:45 - 14176768 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-12-03 23:45 - 2015-12-03 23:45 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-12-03 23:45 - 2015-12-03 23:45 - 01866752 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2015-12-03 23:45 - 2015-12-03 23:45 - 01498624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2015-12-03 23:44 - 2015-12-03 23:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2015-12-03 23:44 - 2015-12-03 23:44 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll
2015-12-02 15:49 - 2015-12-02 15:49 - 00003184 _____ C:\Windows\System32\Tasks\SmartDefrag4_Startup
2015-12-02 15:49 - 2015-12-02 15:49 - 00003182 _____ C:\Windows\System32\Tasks\SmartDefrag4_Update
2015-12-02 15:49 - 2015-12-02 15:49 - 00001174 _____ C:\Users\Public\Desktop\Smart Defrag 4.lnk
2015-12-02 15:49 - 2015-12-02 15:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag 4
2015-12-02 15:49 - 2015-01-10 15:32 - 00128288 _____ (IObit) C:\Windows\SysWOW64\IObitSmartDefragExtension.dll
2015-12-02 15:49 - 2015-01-10 15:32 - 00128288 _____ (IObit) C:\Windows\system32\IObitSmartDefragExtension.dll
2015-12-02 15:49 - 2014-06-04 15:17 - 00034080 _____ (IObit) C:\Windows\system32\SmartDefragBootTime.exe
2015-12-02 15:49 - 2014-06-04 15:17 - 00021184 _____ (IObit) C:\Windows\system32\Drivers\SmartDefragDriver.sys
2015-12-02 15:47 - 2015-12-02 15:47 - 44236800 _____ C:\Windows\system32\config\COMPONENTS.iobit
2015-12-02 15:36 - 2015-12-02 15:36 - 87769088 _____ C:\Windows\system32\config\SOFTWARE.iobit
2015-12-02 15:36 - 2015-12-02 15:36 - 00258048 _____ C:\Windows\system32\config\DEFAULT.iobit
2015-12-02 15:36 - 2015-12-02 15:36 - 00028672 _____ C:\Windows\system32\config\SECURITY.iobit
2015-12-02 15:36 - 2015-12-02 15:36 - 00024576 _____ C:\Windows\system32\config\SAM.iobit
2015-12-02 15:30 - 2015-12-02 15:30 - 10129672 _____ C:\Windows\system32\Drivers\Netwfw02.dat
2015-12-02 15:30 - 2015-12-02 15:30 - 09890008 _____ (Realtek Semiconductor Corp.) C:\Windows\SysWOW64\RsCRIcon.dll
2015-12-02 15:30 - 2015-12-02 15:30 - 04011760 _____ (Intel Corporation) C:\Windows\system32\Drivers\Netwsw02.sys
2015-12-02 15:30 - 2015-12-02 15:30 - 00752856 _____ (Realsil Semiconductor Corporation) C:\Windows\system32\Drivers\RtsPer.sys
2015-12-02 15:30 - 2015-12-02 15:30 - 00502256 _____ (Intel Corporation) C:\Windows\system32\Drivers\e1d62x64.sys
2015-12-02 15:30 - 2015-12-02 15:30 - 00125728 _____ (Intel Corporation) C:\Windows\system32\NicCo4.dll
2015-12-02 15:30 - 2015-12-02 15:30 - 00090608 _____ (Intel Corporation) C:\Windows\system32\NicInstD.dll
2015-12-02 15:30 - 2015-12-02 15:30 - 00083160 _____ (Realtek Semiconductor.) C:\Windows\system32\RtCRX64.dll
2015-12-02 15:30 - 2015-12-02 15:30 - 00073512 _____ (Intel Corporation) C:\Windows\system32\e1dmsg.dll
2015-12-02 15:30 - 2015-12-02 15:30 - 00003130 _____ C:\Windows\system32\e1d62x64.din
2015-12-02 15:30 - 2015-12-02 15:30 - 00000000 ____D C:\Windows\SysWOW64\sda
2015-12-02 15:29 - 2015-12-02 15:29 - 01455552 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorA.sys
2015-12-02 15:29 - 2015-12-02 15:29 - 00031144 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorF.sys
2015-12-02 15:28 - 2015-12-02 15:28 - 27022520 _____ (Intel Corporation) C:\Windows\SysWOW64\igd10iumd32.dll
2015-12-02 15:28 - 2015-12-02 15:28 - 26190816 _____ (Intel Corporation) C:\Windows\system32\igdumdim64.dll
2015-12-02 15:28 - 2015-12-02 15:28 - 25730400 _____ (Intel Corporation) C:\Windows\SysWOW64\igdumdim32.dll
2015-12-02 15:28 - 2015-12-02 15:28 - 23048704 _____ (Intel Corporation) C:\Windows\system32\igdfcl64.dll
2015-12-02 15:28 - 2015-12-02 15:28 - 18032640 _____ (Intel Corporation) C:\Windows\SysWOW64\igdfcl32.dll
2015-12-02 15:28 - 2015-12-02 15:28 - 08176128 _____ (Intel Corporation) C:\Windows\system32\ig75icd64.dll
2015-12-02 15:28 - 2015-12-02 15:28 - 06434816 _____ (Intel Corporation) C:\Windows\SysWOW64\ig75icd32.dll
2015-12-02 15:28 - 2015-12-02 15:28 - 04342600 _____ (Intel Corporation) C:\Windows\system32\Gfxv4_0.exe
2015-12-02 15:28 - 2015-12-02 15:28 - 04339016 _____ (Intel Corporation) C:\Windows\system32\Gfxv2_0.exe
2015-12-02 15:28 - 2015-12-02 15:28 - 03789824 _____ (Intel Corporation) C:\Windows\system32\Drivers\igdkmd64.sys
2015-12-02 15:28 - 2015-12-02 15:28 - 03657984 _____ (Intel Corporation) C:\Windows\SysWOW64\igdusc32.dll
2015-12-02 15:28 - 2015-12-02 15:28 - 02019840 _____ (Intel Corporation) C:\Windows\system32\igfxcmjit64.dll
2015-12-02 15:28 - 2015-12-02 15:28 - 01753088 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxcmjit32.dll
2015-12-02 15:28 - 2015-12-02 15:28 - 01675264 _____ (Intel Corporation) C:\Windows\system32\igdrcl64.dll
2015-12-02 15:28 - 2015-12-02 15:28 - 01554944 _____ (Intel Corporation) C:\Windows\SysWOW64\igdrcl32.dll
2015-12-02 15:28 - 2015-12-02 15:28 - 01137080 _____ (Intel Corporation) C:\Windows\system32\iglhsip64.dll
2015-12-02 15:28 - 2015-12-02 15:28 - 01132960 _____ (Intel Corporation) C:\Windows\SysWOW64\iglhsip32.dll
2015-12-02 15:28 - 2015-12-02 15:28 - 00929608 _____ (Intel Corporation) C:\Windows\system32\GfxUIEx.exe
2015-12-02 15:28 - 2015-12-02 15:28 - 00734208 _____ (Intel Corporation) C:\Windows\system32\MetroIntelGenericUIFramework.dll
2015-12-02 15:28 - 2015-12-02 15:28 - 00543560 _____ (Intel Corporation) C:\Windows\system32\DPTopologyApp.exe
2015-12-02 15:28 - 2015-12-02 15:28 - 00543048 _____ (Intel Corporation) C:\Windows\system32\DPTopologyAppv2_0.exe
2015-12-02 15:28 - 2015-12-02 15:28 - 00433560 _____ C:\Windows\system32\igdmd64.dll
2015-12-02 15:28 - 2015-12-02 15:28 - 00392520 _____ (Intel Corporation) C:\Windows\system32\CustomModeApp.exe
2015-12-02 15:28 - 2015-12-02 15:28 - 00392008 _____ (Intel Corporation) C:\Windows\system32\CustomModeAppv2_0.exe
2015-12-02 15:28 - 2015-12-02 15:28 - 00373248 _____ (Intel Corporation) C:\Windows\system32\igfxOSP.dll
2015-12-02 15:28 - 2015-12-02 15:28 - 00348088 _____ C:\Windows\SysWOW64\igdmd32.dll
2015-12-02 15:28 - 2015-12-02 15:28 - 00330240 _____ (Intel Corporation) C:\Windows\system32\igdbcl64.dll
2015-12-02 15:28 - 2015-12-02 15:28 - 00320512 _____ (Intel Corporation) C:\Windows\system32\IntelOpenCL64.dll
2015-12-02 15:28 - 2015-12-02 15:28 - 00291328 _____ (Intel Corporation) C:\Windows\SysWOW64\igdbcl32.dll
2015-12-02 15:28 - 2015-12-02 15:28 - 00278344 _____ (Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
2015-12-02 15:28 - 2015-12-02 15:28 - 00265216 _____ (Intel Corporation) C:\Windows\SysWOW64\IntelOpenCL32.dll
2015-12-02 15:28 - 2015-12-02 15:28 - 00254976 _____ C:\Windows\system32\igfxCPL.cpl
2015-12-02 15:28 - 2015-12-02 15:28 - 00223744 _____ C:\Windows\system32\igdde64.dll
2015-12-02 15:28 - 2015-12-02 15:28 - 00218808 _____ (Intel Corporation) C:\Windows\system32\iglhcp64.dll
2015-12-02 15:28 - 2015-12-02 15:28 - 00212992 _____ (Intel Corporation) C:\Windows\system32\igfxDTCM.dll
2015-12-02 15:28 - 2015-12-02 15:28 - 00190792 _____ (Intel Corporation) C:\Windows\system32\igfxext.exe
2015-12-02 15:28 - 2015-12-02 15:28 - 00187408 _____ (Intel Corporation) C:\Windows\system32\igfxcmrt64.dll
2015-12-02 15:28 - 2015-12-02 15:28 - 00187348 _____ C:\Windows\system32\resTHA.cui
2015-12-02 15:28 - 2015-12-02 15:28 - 00183808 _____ C:\Windows\SysWOW64\igdde32.dll
2015-12-02 15:28 - 2015-12-02 15:28 - 00183800 _____ (Intel Corporation) C:\Windows\SysWOW64\iglhcp32.dll
2015-12-02 15:28 - 2015-12-02 15:28 - 00182784 _____ (Intel Corporation) C:\Windows\system32\igfxCoIn_v3574.dll
2015-12-02 15:28 - 2015-12-02 15:28 - 00182784 _____ (Intel Corporation) C:\Windows\system32\igfx11cmrt64.dll
2015-12-02 15:28 - 2015-12-02 15:28 - 00180164 _____ C:\Windows\system32\resELL.cui
2015-12-02 15:28 - 2015-12-02 15:28 - 00176020 _____ C:\Windows\system32\resRUS.cui
2015-12-02 15:28 - 2015-12-02 15:28 - 00161876 _____ C:\Windows\system32\resARA.cui
2015-12-02 15:28 - 2015-12-02 15:28 - 00161332 _____ C:\Windows\system32\resHEB.cui
2015-12-02 15:28 - 2015-12-02 15:28 - 00161268 _____ C:\Windows\system32\resJPN.cui
2015-12-02 15:28 - 2015-12-02 15:28 - 00160256 _____ C:\Windows\system32\igdail64.dll
2015-12-02 15:28 - 2015-12-02 15:28 - 00158032 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxcmrt32.dll
2015-12-02 15:28 - 2015-12-02 15:28 - 00156692 _____ C:\Windows\system32\resFRA.cui
2015-12-02 15:28 - 2015-12-02 15:28 - 00156676 _____ C:\Windows\system32\resHUN.cui
2015-12-02 15:28 - 2015-12-02 15:28 - 00155136 _____ (Intel Corporation) C:\Windows\SysWOW64\igfx11cmrt32.dll
2015-12-02 15:28 - 2015-12-02 15:28 - 00154980 _____ C:\Windows\system32\resKOR.cui
2015-12-02 15:28 - 2015-12-02 15:28 - 00154884 _____ C:\Windows\system32\resITA.cui
2015-12-02 15:28 - 2015-12-02 15:28 - 00154884 _____ C:\Windows\system32\resDEU.cui
2015-12-02 15:28 - 2015-12-02 15:28 - 00154724 _____ C:\Windows\system32\resROM.cui
2015-12-02 15:28 - 2015-12-02 15:28 - 00154612 _____ C:\Windows\system32\resESN.cui
2015-12-02 15:28 - 2015-12-02 15:28 - 00154180 _____ C:\Windows\system32\resPLK.cui
2015-12-02 15:28 - 2015-12-02 15:28 - 00154036 _____ C:\Windows\system32\resSKY.cui
2015-12-02 15:28 - 2015-12-02 15:28 - 00153844 _____ C:\Windows\system32\resNLD.cui
2015-12-02 15:28 - 2015-12-02 15:28 - 00153284 _____ C:\Windows\system32\resPTB.cui
2015-12-02 15:28 - 2015-12-02 15:28 - 00153140 _____ C:\Windows\system32\resTRK.cui
2015-12-02 15:28 - 2015-12-02 15:28 - 00153108 _____ C:\Windows\system32\resCSY.cui
2015-12-02 15:28 - 2015-12-02 15:28 - 00152980 _____ C:\Windows\system32\resPTG.cui
2015-12-02 15:28 - 2015-12-02 15:28 - 00152564 _____ C:\Windows\system32\resFIN.cui
2015-12-02 15:28 - 2015-12-02 15:28 - 00152392 _____ (Intel Corporation) C:\Windows\system32\difx64.exe
2015-12-02 15:28 - 2015-12-02 15:28 - 00152132 _____ C:\Windows\system32\resHRV.cui
2015-12-02 15:28 - 2015-12-02 15:28 - 00151684 _____ C:\Windows\system32\resSVE.cui
2015-12-02 15:28 - 2015-12-02 15:28 - 00151508 _____ C:\Windows\system32\resSLV.cui
2015-12-02 15:28 - 2015-12-02 15:28 - 00150580 _____ C:\Windows\system32\resNOR.cui
2015-12-02 15:28 - 2015-12-02 15:28 - 00150068 _____ C:\Windows\system32\resDAN.cui
2015-12-02 15:28 - 2015-12-02 15:28 - 00148756 _____ C:\Windows\system32\resENU.cui
2015-12-02 15:28 - 2015-12-02 15:28 - 00146980 _____ C:\Windows\system32\resCHT.cui
2015-12-02 15:28 - 2015-12-02 15:28 - 00146148 _____ C:\Windows\system32\resCHS.cui
2015-12-02 15:28 - 2015-12-02 15:28 - 00142848 _____ C:\Windows\SysWOW64\igdail32.dll
2015-12-02 15:28 - 2015-12-02 15:28 - 00070144 _____ C:\Windows\system32\igfxCUIServicePS.dll
2015-12-02 15:28 - 2015-12-02 15:28 - 00069632 _____ ( ) C:\Windows\system32\igfxDHLibv2_0.dll
2015-12-02 15:28 - 2015-12-02 15:28 - 00057856 _____ ( ) C:\Windows\system32\igfxDHLib.dll
2015-12-02 15:28 - 2015-12-02 15:28 - 00031408 _____ (Intel Corporation) C:\Windows\system32\igfxexps.dll
2015-12-02 15:28 - 2015-12-02 15:28 - 00030720 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxexps32.dll
2015-12-02 15:28 - 2015-12-02 15:28 - 00010752 _____ ( ) C:\Windows\system32\igfxDILib.dll
2015-12-02 15:28 - 2015-12-02 15:28 - 00010240 _____ ( ) C:\Windows\system32\igfxEMLibv2_0.dll
2015-12-02 15:28 - 2015-12-02 15:28 - 00010240 _____ ( ) C:\Windows\system32\igfxEMLib.dll
2015-12-02 15:28 - 2015-12-02 15:28 - 00010240 _____ ( ) C:\Windows\system32\igfxDILibv2_0.dll
2015-12-02 15:28 - 2015-12-02 15:28 - 00005120 _____ ( ) C:\Windows\system32\igfxLHMLibv2_0.dll
2015-12-02 15:28 - 2015-12-02 15:28 - 00005120 _____ ( ) C:\Windows\system32\igfxLHMLib.dll
2015-12-02 15:28 - 2015-12-02 15:28 - 00002568 _____ C:\Windows\system32\iglhxs64.vp
2015-12-02 15:27 - 2015-12-02 15:27 - 00179456 _____ (Intel Corporation) C:\Windows\system32\Drivers\TeeDriverx64.sys
2015-12-02 15:27 - 2015-12-02 15:27 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_TeeDriverx64_01011.Wdf
2015-12-02 15:26 - 2015-12-02 15:26 - 00032936 _____ (Synaptics Incorporated) C:\Windows\system32\Drivers\Smb_driver_Intel.sys
2015-12-02 15:21 - 2015-12-05 14:30 - 00000000 ____D C:\ProgramData\ProductData
2015-12-02 15:21 - 2015-12-04 00:13 - 00002904 _____ C:\Windows\System32\Tasks\Uninstaller_SkipUac_David
2015-12-02 15:21 - 2015-12-04 00:06 - 00003180 _____ C:\Windows\System32\Tasks\ASC9_PerformanceMonitor
2015-12-02 15:21 - 2015-12-04 00:06 - 00002868 _____ C:\Windows\System32\Tasks\ASC9_SkipUac_David
2015-12-02 15:21 - 2015-12-04 00:06 - 00002260 _____ C:\Users\Public\Desktop\Advanced SystemCare 9.lnk
2015-12-02 15:21 - 2015-12-04 00:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare
2015-12-02 15:21 - 2015-12-02 15:22 - 00000000 ____D C:\Users\David\AppData\Roaming\ProductData
2015-12-02 15:21 - 2015-12-02 15:21 - 00001370 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller.lnk
2015-12-02 15:21 - 2015-12-02 15:21 - 00001358 _____ C:\Users\Public\Desktop\IObit Uninstaller.lnk
2015-12-02 15:21 - 2015-12-02 15:21 - 00000000 ____D C:\Windows\Tasks\ImCleanDisabled
2015-12-02 15:21 - 2015-12-02 15:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller
2015-12-02 15:21 - 2015-12-02 15:21 - 00000000 ____D C:\ProgramData\{FD6F83C0-EC70-4581-8361-C70CD1AA4B98}
2015-12-02 15:20 - 2015-12-05 14:30 - 00000000 ____D C:\Users\David\AppData\Roaming\IObit
2015-12-02 15:20 - 2015-12-05 14:30 - 00000000 ____D C:\ProgramData\IObit
2015-12-02 15:20 - 2015-12-05 14:30 - 00000000 ____D C:\Program Files (x86)\IObit
2015-12-02 15:20 - 2015-12-03 23:42 - 00002168 _____ C:\Users\Public\Desktop\Driver Booster 3.lnk
2015-12-02 15:20 - 2015-12-03 23:41 - 00003242 _____ C:\Windows\System32\Tasks\Driver Booster Scheduler
2015-12-02 15:20 - 2015-12-03 23:41 - 00002874 _____ C:\Windows\System32\Tasks\Driver Booster SkipUAC (David)
2015-12-02 15:20 - 2015-12-02 15:21 - 00000000 ____D C:\Users\David\AppData\LocalLow\IObit
2015-12-02 15:20 - 2015-12-02 15:20 - 00026528 _____ (REALiX(tm)) C:\Windows\SysWOW64\Drivers\HWiNFO64A.SYS
2015-12-02 15:20 - 2015-12-02 15:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 3
2015-12-02 15:16 - 2015-12-05 14:16 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-02 15:16 - 2015-12-05 14:16 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-02 15:16 - 2015-12-04 00:49 - 00004118 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-02 15:16 - 2015-12-04 00:49 - 00003866 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-12-02 15:16 - 2015-12-03 20:03 - 00000000 ____D C:\Users\David\AppData\Local\Google
2015-12-02 15:16 - 2015-12-02 15:16 - 00002251 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-12-02 15:16 - 2015-12-02 15:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-12-02 15:16 - 2015-12-02 15:16 - 00000000 ____D C:\Program Files (x86)\Google
2015-12-01 22:49 - 2015-12-01 22:58 - 00005285 _____ C:\Users\David\Desktop\smileys_in.rar
2015-12-01 22:48 - 2015-12-01 22:57 - 00000000 ____D C:\Users\David\Desktop\smileys_in
2015-12-01 21:43 - 2015-12-01 21:43 - 00000000 ____D C:\Users\David\Desktop\ö
2015-12-01 13:52 - 2015-12-01 13:52 - 00000000 ____D C:\Users\David\AppData\Local\TempTaskUpdateDetectionF86EDC80-F68E-4C42-9F6B-A3E81CD6AAAD
2015-11-30 16:00 - 2015-11-30 16:01 - 00000000 ____D C:\Users\David\AppData\Roaming\Trillian
2015-11-30 16:00 - 2015-11-30 16:00 - 00001113 _____ C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trillian.lnk
2015-11-30 16:00 - 2015-11-30 16:00 - 00001083 _____ C:\Users\David\Desktop\Trillian.lnk
2015-11-30 15:59 - 2015-11-30 16:00 - 00000000 ____D C:\Program Files (x86)\Trillian
2015-11-30 15:15 - 2015-11-30 16:06 - 00000000 ____D C:\Users\David\AppData\Roaming\ICQM
2015-11-30 15:15 - 2015-11-30 15:17 - 00000000 ____D C:\Users\David\AppData\Roaming\ICQ-Profile
2015-11-30 15:15 - 2015-11-30 15:15 - 00001802 _____ C:\Users\David\Desktop\ICQ.lnk
2015-11-30 15:15 - 2015-11-30 15:15 - 00001660 _____ C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\ICQ.lnk
2015-11-30 15:15 - 2015-11-30 15:15 - 00000000 ____D C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ICQ
2015-11-29 23:19 - 2015-11-29 23:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-11-29 23:19 - 2015-11-29 23:19 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-11-29 23:19 - 2015-11-29 23:19 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-11-29 16:20 - 2015-11-29 16:23 - 00000000 ____D C:\Users\David\AppData\Roaming\PhotoFiltre 7
2015-11-29 16:20 - 2015-11-29 16:23 - 00000000 ____D C:\Program Files (x86)\PhotoFiltre 7
2015-11-29 16:20 - 2015-11-29 16:20 - 00001066 _____ C:\Users\David\Desktop\PhotoFiltre 7.lnk
2015-11-29 16:20 - 2015-11-29 16:20 - 00000000 ____D C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PhotoFiltre 7
2015-11-29 16:20 - 2015-11-29 16:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoFiltre 7
2015-11-29 16:18 - 2015-11-29 16:18 - 00001360 _____ C:\Users\David\AppData\Local\recently-used.xbel
2015-11-24 23:07 - 2015-11-24 23:07 - 00010820 _____ C:\Users\David\Desktop\Jobseiten.xlsx
2015-11-23 02:54 - 2015-11-23 02:54 - 00080700 _____ C:\Users\David\Desktop\Hausklausur **** ****.pdf
2015-11-17 16:28 - 2015-11-17 16:28 - 00041436 _____ C:\Users\David\Desktop\Immatrikulationsnachweis.pdf
2015-11-17 16:25 - 2015-11-17 16:25 - 00798821 _____ C:\Users\David\Desktop\Immatrikulationsbescheinigung-2015WS.pdf
2015-11-15 21:34 - 2015-11-26 02:22 - 00000000 ____D C:\Users\David\Documents\Die Kunst des Mordens – Der Marionettenspieler DE
2015-11-15 21:31 - 2015-11-15 21:31 - 00002447 _____ C:\Users\David\Desktop\Die Kunst des Mordens – Der Marionettenspieler.lnk
2015-11-15 21:31 - 2015-11-15 21:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\City Interactive
2015-11-15 21:21 - 2015-11-15 21:21 - 00000000 ____D C:\Program Files (x86)\City Interactive
2015-11-10 16:03 - 2015-11-10 16:04 - 00000000 ____D C:\Users\David\Documents\My Digital Editions
2015-11-10 16:03 - 2015-11-10 16:03 - 00002188 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Digital Editions 3.0.lnk
2015-11-10 16:03 - 2015-11-10 16:03 - 00002176 _____ C:\Users\Public\Desktop\Adobe Digital Editions 3.0.lnk
2015-11-10 16:03 - 2015-11-10 16:03 - 00000000 ____D C:\Users\David\AppData\Local\Adobe_Systems_Incorporate
2015-11-10 16:03 - 2015-11-10 16:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
2015-11-10 15:05 - 2015-11-10 15:06 - 00000911 _____ C:\Users\Public\Desktop\MPU.lnk
2015-11-10 15:05 - 2015-11-10 15:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPU
2015-11-10 15:05 - 2015-11-10 15:06 - 00000000 ____D C:\Program Files (x86)\MPU
2015-11-08 17:50 - 2015-11-14 13:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-11-05 22:03 - 2015-11-05 22:03 - 00000000 ____D C:\Users\David\AppData\Roaming\WinRAR
2015-11-05 22:03 - 2015-11-05 22:03 - 00000000 ____D C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-11-05 22:03 - 2015-11-05 22:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-11-05 22:03 - 2015-11-05 22:03 - 00000000 ____D C:\Program Files (x86)\WinRAR
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-12-05 16:00 - 2015-02-17 13:29 - 00000000 ____D C:\Users\David\AppData\Roaming\Spotify
2015-12-05 16:00 - 2009-07-14 04:20 - 00000000 ____D C:\Windows
2015-12-05 15:57 - 2015-02-13 15:20 - 00000000 ____D C:\Users\David
2015-12-05 15:51 - 2015-10-26 00:56 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-12-05 15:50 - 2015-02-17 13:29 - 00000000 ____D C:\Users\David\AppData\Local\Spotify
2015-12-05 15:50 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2015-12-05 14:27 - 2015-10-25 12:42 - 00000000 ____D C:\Users\David\Desktop\ESS
2015-12-05 14:26 - 2015-02-15 18:11 - 00000000 ____D C:\Program Files\CyberGhost 5
2015-12-05 14:26 - 2009-07-14 05:45 - 00022064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-05 14:26 - 2009-07-14 05:45 - 00022064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-05 14:22 - 2011-04-12 08:43 - 00699238 _____ C:\Windows\system32\perfh007.dat
2015-12-05 14:22 - 2011-04-12 08:43 - 00149346 _____ C:\Windows\system32\perfc007.dat
2015-12-05 14:22 - 2009-07-14 06:13 - 01618856 _____ C:\Windows\system32\PerfStringBackup.INI
2015-12-05 14:19 - 2015-02-15 18:45 - 00000000 ____D C:\Users\David\AppData\Roaming\Skype
2015-12-05 14:18 - 2015-02-15 15:16 - 00000000 ____D C:\ProgramData\Validity
2015-12-05 14:18 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-05 14:17 - 2015-02-13 19:24 - 00106029 _____ C:\bdlog.txt
2015-12-05 14:16 - 2009-07-14 05:45 - 00436784 _____ C:\Windows\system32\FNTCACHE.DAT
2015-12-05 14:13 - 2011-04-12 08:55 - 00000000 ____D C:\Program Files\Windows Journal
2015-12-04 10:35 - 2015-02-15 20:41 - 00000000 ____D C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-12-04 01:33 - 2015-02-15 15:20 - 00000000 ____D C:\Windows\System32\Tasks\Lenovo
2015-12-04 01:33 - 2015-02-15 15:00 - 00000000 ____D C:\Program Files (x86)\Lenovo
2015-12-04 01:32 - 2015-02-15 15:20 - 00000000 ____D C:\Windows\Downloaded Installations
2015-12-04 00:58 - 2015-04-14 15:25 - 00000000 ____D C:\Users\David\AppData\OICE_15_974FA576_32C1D314_34A
2015-12-04 00:20 - 2009-07-14 05:54 - 00000749 ___RH C:\Windows\WindowsShell.Manifest
2015-12-04 00:20 - 2009-07-14 04:20 - 00000000 __RHD C:\Users\Public\Libraries
2015-12-03 23:53 - 2015-02-13 18:45 - 01592784 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-12-03 23:36 - 2015-02-13 15:40 - 00000000 ____D C:\ProgramData\Package Cache
2015-12-02 15:42 - 2015-02-13 23:06 - 00000000 ____D C:\Windows\Panther
2015-12-02 15:32 - 2015-02-15 15:26 - 00000451 _____ C:\Windows\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2015-12-02 15:32 - 2015-02-15 15:26 - 00000000 __SHD C:\Users\David\IntelGraphicsProfiles
2015-12-02 15:31 - 2015-10-26 00:56 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-12-02 15:31 - 2015-02-15 18:28 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-12-02 15:31 - 2015-02-15 18:28 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-12-02 15:28 - 2015-02-15 15:07 - 27392320 _____ (Intel Corporation) C:\Windows\system32\igd10iumd64.dll
2015-12-02 15:28 - 2015-02-15 15:07 - 04589640 _____ (Intel Corporation) C:\Windows\system32\igdusc64.dll
2015-12-02 15:28 - 2015-02-15 15:07 - 00655360 _____ (Intel Corporation) C:\Windows\system32\igfxDH.dll
2015-12-02 15:28 - 2015-02-15 15:07 - 00501064 _____ (Intel Corporation) C:\Windows\system32\igfxEM.exe
2015-12-02 15:28 - 2015-02-15 15:07 - 00443208 _____ (Intel Corporation) C:\Windows\system32\igfxTray.exe
2015-12-02 15:28 - 2015-02-15 15:07 - 00314696 _____ (Intel Corporation) C:\Windows\system32\igfxCUIService.exe
2015-12-02 15:28 - 2015-02-15 15:07 - 00267264 _____ (Intel Corporation) C:\Windows\system32\igfxDI.dll
2015-12-02 15:28 - 2015-02-15 15:07 - 00249856 _____ (Intel Corporation) C:\Windows\system32\igfxLHM.dll
2015-12-02 15:28 - 2015-02-15 15:07 - 00243528 _____ (Intel Corporation) C:\Windows\system32\igfxHK.exe
2015-12-02 15:21 - 2015-02-23 01:18 - 00000000 ____D C:\Users\David\AppData\Roaming\Apple Computer
2015-12-02 12:14 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2015-12-01 18:07 - 2015-02-19 21:13 - 00000000 ____D C:\Users\David\AppData\Local\ElevatedDiagnostics
2015-11-29 21:41 - 2015-02-15 15:20 - 00000000 ____D C:\Users\David\AppData\Local\Adobe
2015-11-29 16:38 - 2015-08-07 15:40 - 00000000 ____D C:\Users\David\.gimp-2.8
2015-11-29 16:18 - 2015-08-07 15:54 - 00000000 ____D C:\Users\David\AppData\Local\gtk-2.0
2015-11-27 07:42 - 2015-03-14 14:33 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2015-11-27 07:42 - 2015-03-14 14:30 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-11-26 00:00 - 2015-05-13 13:30 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-11-25 16:07 - 2015-02-15 18:45 - 00000000 ____D C:\ProgramData\Skype
2015-11-21 09:06 - 2009-07-14 06:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-11-15 21:26 - 2015-04-01 01:51 - 00000000 ____D C:\Users\David\AppData\Roaming\vlc
2015-11-14 13:36 - 2015-02-15 14:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-11-12 15:57 - 2015-02-15 21:27 - 00000000 ____D C:\Users\David\Documents\My Games
2015-11-10 16:03 - 2015-02-15 15:20 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-11-05 22:04 - 2015-09-29 19:42 - 00000000 ____D C:\Users\David\Desktop\BAFÖG
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2015-11-29 16:18 - 2015-11-29 16:18 - 0001360 _____ () C:\Users\David\AppData\Local\recently-used.xbel
2015-08-06 21:08 - 2015-08-06 21:08 - 0723695 _____ () C:\ProgramData\1438891236.bdinstall.bin
2015-02-15 14:48 - 2015-02-15 14:48 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
==================== Bamital & volsnap =================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2015-11-30 00:58
==================== Ende von FRST.txt ============================
Grüße, Tseet |
|
05.12.2015, 18:48
| #2 |
| /// the machine /// TB-Ausbilder    | Win7: Fehler 5 u.a. / "Kaputtoptimiert" Hi,
__________________Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen. Ich kann auf Arbeit keine Anhänge öffnen, danke.  So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
05.12.2015, 18:57
| #3 |
| /// TB-Schüler | Win7: Fehler 5 u.a. / "Kaputtoptimiert" Okay, entschuldige bitte!
__________________Addition Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:05-12-2015
durchgeführt von David (2015-12-05 16:01:37)
Gestartet von C:\Users\David\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2015-02-13 14:20:20)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-1911313962-1889918886-1752542047-500 - Administrator - Disabled)
David (S-1-5-21-1911313962-1889918886-1752542047-1000 - Administrator - Enabled) => C:\Users\David
Gast (S-1-5-21-1911313962-1889918886-1752542047-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1911313962-1889918886-1752542047-1004 - Limited - Enabled)
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Bitdefender Antivirus (Enabled - Up to date) {9A0813D8-CED6-F86B-072E-28D2AF25A83D}
AS: Bitdefender Spyware-Schutz (Enabled - Up to date) {2169F23C-E8EC-F7E5-3D9E-13A0D4A2E280}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: IObit Malware Fighter (Enabled - Up to date) {A751AC20-3B48-5237-898A-78C4436BB78D}
FW: Bitdefender Firewall (Enabled) {A23392FD-84B9-F933-2C71-81E751F6EF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.009.20079 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 19.0.0.213 - Adobe Systems Incorporated)
Adobe Digital Editions 3.0 (HKLM-x32\...\Adobe Digital Editions 3.0) (Version: 3.0.1 - Adobe Systems Incorporated)
Adobe Flash Player 19 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Advanced SystemCare 9 (HKLM-x32\...\Advanced SystemCare_is1) (Version: 9.0.3 - IObit)
Alcor Micro Smart Card Reader Driver (HKLM-x32\...\SZCCID) (Version: 1.7.34.0 - Alcor Micro Corp.)
Alcor Micro Smart Card Reader Driver (x32 Version: 1.7.34.0 - Alcor Micro Corp.) Hidden
Anzeige am Bildschirm (HKLM\...\OnScreenDisplay) (Version: 8.42.20 - )
Apple Application Support (32-Bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bitdefender Total Security 2015 (HKLM\...\Bitdefender) (Version: 18.22.0.1521 - Bitdefender)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.07021 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.07021 - Cisco Systems, Inc.) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Deponia Demo (HKLM-x32\...\Steam App 217830) (Version: - Daedalic Entertainment)
Die Kunst des Mordens – Der Marionettenspieler (0.2.15.9637) (HKLM-x32\...\Die Kunst des Mordens – Der Marionettenspieler_is1) (Version: - City Interactive)
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
Driver Booster 3.1 (HKLM-x32\...\Driver Booster_is1) (Version: 3.1 - IObit)
Free Video to JPG Converter version 5.0.58.324 (HKLM-x32\...\Free Video to JPG Converter_is1) (Version: 5.0.58.324 - DVDVideoSoft Ltd.)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.73 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
ICQ 8.4 (build 7786) (HKU\S-1-5-21-1911313962-1889918886-1752542047-1000\...\ICQ) (Version: 8.4.7786.0 - ICQ)
Integrated Camera (HKLM-x32\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}) (Version: 5.14.225.3 - Vimicro)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.13.1402 - Intel Corporation)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 19.0 - Intel)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3574 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{a9888f41-68ae-43df-bd7d-d93405a44106}) (Version: 17.13.11 - Intel Corporation)
IObit Malware Fighter 3 (HKLM-x32\...\IObit Malware Fighter_is1) (Version: 3.4 - IObit)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 5.1.0.20 - IObit)
iTunes (HKLM\...\{BFEAB774-C7DC-4032-B05A-DA5F7CB7B365}) (Version: 12.2.2.25 - Apple Inc.)
Lenovo Fingerprint Manager (HKLM\...\{1E36FF16-8B0B-4399-99D6-A33EE7D48EDC}) (Version: 4.5.266.0 - Synaptics)
Lenovo Fingerprint Manager (HKLM\...\{F7AB2C19-6A27-4C75-A92A-8CC7C59E5FA2}) (Version: 4.5.266.0 - )
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.09.03 - )
Lenovo Solution Center (HKLM\...\{1CA74803-5CB2-4C03-BDBE-061EDC81CC7F}) (Version: 2.8.004.00 - Lenovo Group Limited)
Message Center Plus (HKLM\...\{C2C2DB64-1BCE-4FA7-962D-457795ECCEC0}) (Version: 3.3.0004.00 - Lenovo Group Limited)
Message Center Plus (HKLM\...\{EE4D9822-C7F3-4386-8703-889CDDA22FAA}) (Version: 3.4.0001.00 - Lenovo Group Limited)
Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 365 ProPlus - de-de (HKLM\...\O365ProPlusRetail - de-de) (Version: 15.0.4771.1004 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Mozilla Firefox 42.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 de)) (Version: 42.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 42.0.0.5780 - Mozilla)
MPU (HKLM-x32\...\{3A556984-06AF-4BBC-A515-EECC1AD19890}) (Version: 1.0.1 - eifel-online GbR)
Office 15 Click-to-Run Extensibility Component (Version: 15.0.4771.1004 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4771.1004 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (Version: 15.0.4771.1004 - Microsoft Corporation) Hidden
Opera 12.17 (HKLM\...\Opera 12.17.1863) (Version: 12.17.1863 - Opera Software ASA)
Passbild-Generator v4.0b (HKLM-x32\...\Passbild-Generator_is1) (Version: - Passbild-Generator)
PDF24 Creator 7.4.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
PhotoFiltre 7 (HKU\S-1-5-21-1911313962-1889918886-1752542047-1000\...\PhotoFiltre 7) (Version: - )
QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7272 - Realtek Semiconductor Corp.)
SimCity 4 Deluxe (HKLM-x32\...\Steam App 24780) (Version: - EA - Maxis)
Skype™ 7.14 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.14.106 - Skype Technologies S.A.)
Smart Defrag 4 (HKLM-x32\...\Smart Defrag 4_is1) (Version: 4.3 - IObit)
South Park™: The Stick of Truth™ (HKLM-x32\...\Steam App 213670) (Version: - Obsidian Entertainment)
Spotify (HKU\S-1-5-21-1911313962-1889918886-1752542047-1000\...\Spotify) (Version: 1.0.19.106.gb8a7150f - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.3 - IObit)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.0.7.99 - Synaptics Incorporated)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
Trillian (HKLM-x32\...\Trillian) (Version: - Cerulean Studios, LLC)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.0 - VideoLAN)
WinRAR 5.21 (32-Bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-1911313962-1889918886-1752542047-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
==================== Wiederherstellungspunkte =========================
02-12-2015 15:24:51 Driver Booster : Canon MG2500 series
03-12-2015 23:35:51 Driver Booster : Adobe AIR
03-12-2015 23:36:01 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
03-12-2015 23:43:44 Windows Modules Installer
04-12-2015 01:33:05 Installed Message Center Plus.
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2009-07-14 03:34 - 2015-12-04 00:28 - 00000872 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {0E2D2F00-931E-438D-A27D-6D2D11C7C372} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2015-03-09] (Lenovo)
Task: {142E750E-C5F8-4904-BBCD-12BE8AECAA96} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx64\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-10-13] (Microsoft Corporation)
Task: {2F64B6BA-7CC7-4FF0-B390-9EA4F8BACB31} - System32\Tasks\Lenovo\Message Center Plus Launcher => C:\Program Files (x86)\Lenovo\message center plus\mcplaunch.exe [2015-03-23] (Lenovo)
Task: {3D24724C-2100-4241-9069-559F36BCFCA5} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-28] (Microsoft Corporation)
Task: {511A163A-8342-49FE-9A98-C59475899EB3} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {663FE581-8A48-4746-976F-5A2C69631B7D} - System32\Tasks\SmartDefrag4_Update => C:\Program Files (x86)\IObit\Smart Defrag 4\AutoUpdate.exe [2015-08-21] (IObit)
Task: {7353F5BA-7261-44C0-ABDF-6C9B370E0733} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2015-03-09] ()
Task: {740C0101-1656-415F-B967-589A5A554483} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-10-13] (Microsoft Corporation)
Task: {793201B7-7437-4604-A3F2-301F7F1F1144} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-10-13] (Microsoft Corporation)
Task: {7C6EE934-FFB3-4D8B-9704-5BD0A2AEC225} - System32\Tasks\Uninstaller_SkipUac_David => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2015-11-18] (IObit)
Task: {82527A0D-77F2-47EC-A425-440D3C123CBB} - System32\Tasks\Driver Booster Scheduler => C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe [2015-11-23] (IObit)
Task: {8D518F64-EBF5-4110-A5E2-AFA715EA6C78} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-02] (Adobe Systems Incorporated)
Task: {94D9A2D8-E1B7-492C-8C7E-67A3B542B892} - System32\Tasks\Driver Booster SkipUAC (David) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe [2015-11-27] (IObit)
Task: {96EC8AA8-232E-4F30-8568-43F499AE0E11} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2015-03-09] ()
Task: {991D8E1C-1BCB-437A-9458-0BE6BA177AF9} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2015-03-09] (Lenovo)
Task: {A420E151-E9B0-4378-9783-00ACB6C9BE74} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2015-03-09] (Lenovo)
Task: {ADC32BD3-F136-45DC-8456-143A76A0E101} - System32\Tasks\ASC9_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe [2015-12-04] (IObit)
Task: {AE1BD5D4-9BA0-4B78-9CFB-39F719ABA90D} - System32\Tasks\SmartDefrag4_Startup => C:\Program Files (x86)\IObit\Smart Defrag 4\SmartDefrag.exe [2015-10-27] (IObit)
Task: {C647AEDC-7470-49B8-BE18-C05267B6DB45} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {C8777898-A62C-4D3F-9385-9F0250903369} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-28] (Microsoft Corporation)
Task: {E2A57FC4-2A93-475D-9717-115CFB7C26A4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-02] (Google Inc.)
Task: {E36F0E30-774F-4A0E-BACB-4CC2E523CA90} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-02] (Google Inc.)
Task: {E78601DE-6541-48AF-9FC6-AF00ABAD3E83} - System32\Tasks\ASC9_SkipUac_David => C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe [2015-11-10] (IObit)
Task: {EA161798-CBE0-436E-9A7B-26C8CA4BFA7E} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe
Task: {F4CDD8CC-C7A1-456B-BBDF-635F9B9561F2} - System32\Tasks\Bitdefender Update Product Data_A17FD818A96743FAB28AC221BEB4B2C8 => C:\Program Files\Bitdefender\Bitdefender 2015\bdproductdata.exe [2015-08-06] (Bitdefender)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Verknüpfungen =============================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2015-08-06 21:07 - 2014-08-27 15:31 - 00265080 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\txmlutil.dll
2015-08-06 21:07 - 2013-09-03 13:29 - 00101328 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\bdmetrics.dll
2015-08-06 21:07 - 2015-04-01 17:05 - 00003072 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\UI\accessl.ui
2015-08-06 21:07 - 2012-10-29 13:22 - 00152816 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\bdfwcore.dll
2015-12-03 19:47 - 2015-12-03 19:47 - 00876888 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_01250_007\ashttpbr.mdl
2015-12-03 19:47 - 2015-12-03 19:47 - 00742976 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_01250_007\ashttpdsp.mdl
2015-12-03 19:47 - 2015-12-03 19:47 - 02803536 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_01250_007\ashttpph.mdl
2015-12-03 19:47 - 2015-12-03 19:47 - 01415584 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_01250_007\ashttprbl.mdl
2015-03-14 14:30 - 2015-10-13 04:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-12-02 15:21 - 2015-08-19 10:57 - 00712992 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\RealTimeProtector.exe
2015-02-15 15:05 - 2013-07-16 15:39 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2015-12-02 15:21 - 2013-01-15 18:47 - 00893248 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\webres.dll
2015-12-02 15:21 - 2015-07-14 15:28 - 01286432 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\Scan.dll
2015-12-02 15:21 - 2014-10-16 10:26 - 00622880 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\ProductStatistics.dll
2015-12-05 14:30 - 2015-01-09 18:46 - 00517408 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\sqlite3.dll
2015-12-05 14:30 - 2015-03-27 15:39 - 00182080 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\unrar.dll
2015-12-05 14:30 - 2015-01-09 18:46 - 00145184 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\zlibwapi.dll
2015-12-05 14:30 - 2014-10-16 10:26 - 00622880 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\ProductStatistics.dll
2015-12-02 15:21 - 2013-01-15 18:48 - 00348992 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madExcept_.bpl
2015-12-02 15:21 - 2013-01-15 18:48 - 00183616 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madBasic_.bpl
2015-12-02 15:21 - 2013-01-15 18:48 - 00051008 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madDisAsm_.bpl
2015-12-02 15:21 - 2013-01-15 18:48 - 00348992 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\madExcept_.bpl
2015-12-02 15:21 - 2013-01-15 18:48 - 00183616 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\madBasic_.bpl
2015-12-02 15:21 - 2013-01-15 18:48 - 00051008 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\madDisAsm_.bpl
2015-03-14 10:03 - 2015-12-01 04:51 - 50679920 _____ () C:\Users\David\AppData\Roaming\Spotify\libcef.dll
2015-03-14 10:03 - 2015-12-01 04:51 - 01882224 _____ () C:\Users\David\AppData\Roaming\Spotify\libglesv2.dll
2015-03-14 10:03 - 2015-12-01 04:51 - 00082544 _____ () C:\Users\David\AppData\Roaming\Spotify\libegl.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
AlternateDataStreams: C:\Users\David\Desktop\Defogger.exe:BDU
AlternateDataStreams: C:\Users\David\Desktop\FRST64.exe:BDU
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => ""="Service"
==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
IE restricted site: HKU\S-1-5-21-1911313962-1889918886-1752542047-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1911313962-1889918886-1752542047-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-1911313962-1889918886-1752542047-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-1911313962-1889918886-1752542047-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-1911313962-1889918886-1752542047-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-1911313962-1889918886-1752542047-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-1911313962-1889918886-1752542047-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-1911313962-1889918886-1752542047-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-1911313962-1889918886-1752542047-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-1911313962-1889918886-1752542047-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-1911313962-1889918886-1752542047-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-1911313962-1889918886-1752542047-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-1911313962-1889918886-1752542047-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-1911313962-1889918886-1752542047-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-1911313962-1889918886-1752542047-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1911313962-1889918886-1752542047-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-1911313962-1889918886-1752542047-1000\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-1911313962-1889918886-1752542047-1000\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-1911313962-1889918886-1752542047-1000\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-1911313962-1889918886-1752542047-1000\...\100sexlinks.com -> 100sexlinks.com
Da befinden sich 4788 mehr Seiten.
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-1911313962-1889918886-1752542047-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\David\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist deaktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [{A81BE579-917C-4F53-9B73-2EC0802E70F2}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{23ECF992-EC21-4EF9-8CC3-EA17C36A2BFF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{CCBA4B60-5245-4752-B41B-48E2A9DD8683}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{ECC14478-3354-4003-B2C8-39A865AA4C1E}] => (Allow) E:\Steam\Steam.exe
FirewallRules: [{0B2FC994-78A5-4338-B02C-6E1BD65B14E6}] => (Allow) E:\Steam\Steam.exe
FirewallRules: [{E688EE0F-F8EB-4035-8E83-F416C81116AB}] => (Allow) E:\Steam\bin\steamwebhelper.exe
FirewallRules: [{14C24A9B-CC58-4CE2-83C5-66EEBDC602A0}] => (Allow) E:\Steam\bin\steamwebhelper.exe
FirewallRules: [{DBA39093-E51A-4DAA-9F34-A729C5D2D2F0}] => (Allow) E:\Steam\steamapps\common\South Park - The Stick of Truth\South Park - The Stick of Truth.exe
FirewallRules: [{0791420D-1E85-47F9-B670-B61AAA8A1230}] => (Allow) E:\Steam\steamapps\common\South Park - The Stick of Truth\South Park - The Stick of Truth.exe
FirewallRules: [{8EBBFA6F-2873-4FA5-9F24-18B469378781}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{96FA9E35-89A7-4B2D-804E-A10ECE2C6265}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{04637997-44F9-486A-9B1E-E6A3C85A8DCB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{FBF8E981-F0BF-4609-8730-62B65BD1B805}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{4FFEF555-8BDC-4AD9-B2ED-845FA753B981}] => (Allow) E:\Steam\steamapps\common\SimCity 4 Deluxe\Apps\SimCity 4.exe
FirewallRules: [{31141118-1D6C-4088-A140-5C203F852911}] => (Allow) E:\Steam\steamapps\common\SimCity 4 Deluxe\Apps\SimCity 4.exe
FirewallRules: [{5D59E60C-07B9-4720-8FF8-422C4DDB28F8}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{F42DE304-8C0B-418F-997F-F3DF52BAA8D6}] => (Allow) C:\Program Files\Opera x64\pluginwrapper\opera_plugin_wrapper.exe
FirewallRules: [{F53DB53B-3222-4683-99F6-821BB56FA667}] => (Allow) C:\Program Files\Opera x64\pluginwrapper\opera_plugin_wrapper.exe
FirewallRules: [{0DB5168C-E8C0-4F2F-864A-AB6C167A6BCB}] => (Allow) C:\Program Files\Opera x64\pluginwrapper\opera_plugin_wrapper_32.exe
FirewallRules: [{41B7E842-3B53-4AA1-A686-1C4D9CC1AD4D}] => (Allow) C:\Program Files\Opera x64\pluginwrapper\opera_plugin_wrapper_32.exe
FirewallRules: [{CDD6FCFB-5F42-4FBB-BE7D-FD6323D1AE06}] => (Allow) C:\Program Files\Opera x64\opera.exe
FirewallRules: [{A90F0252-1129-4111-9F47-BDD4CE8F1660}] => (Allow) C:\Program Files\Opera x64\opera.exe
FirewallRules: [TCP Query User{F1AC011D-8BF7-4810-B999-4B5491D4DAC0}C:\users\david\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\david\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{61B53ACA-5241-44C1-AB4E-4B2559D35C44}C:\users\david\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\david\appdata\roaming\spotify\spotify.exe
FirewallRules: [{39F1EA44-A8F2-4BAE-8DF5-97C6991DCFBE}] => (Allow) E:\iTunes.exe
FirewallRules: [{DEDCAC26-2DFB-47DD-85F1-296D9B10C8CB}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{69E293F6-9CFF-414C-B761-0133113A8A69}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D55C48D0-F880-4E88-92DC-046E2A895D31}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{AF0FE2FA-F2C1-4F81-A50C-7EB3DBAAE077}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{E76F758A-FC76-400B-8FA3-8E977597996B}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{9232D5AD-D978-451C-B063-F362CF72C249}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{F440F129-66D1-4FC7-A64B-FCEBB62B05C2}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{B867A863-CE69-422C-961B-5A2BED38FB6D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{FF36B559-E3D3-43B7-BA28-09E1E9A3565E}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
FirewallRules: [{09F2872F-FAF4-4DAF-9EEE-043EB8FB08E6}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
FirewallRules: [{B97FABCC-CABD-4A37-94CC-D6CCC710969F}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DBDownloader.exe
FirewallRules: [{44D21CC4-6131-4F74-999F-A6D22BCD5CBC}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DBDownloader.exe
FirewallRules: [{42C6A893-A31B-4D2B-8679-8F9BFD75FB01}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe
FirewallRules: [{FEFED02C-7A23-49D2-8226-F7F1C583AA89}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe
FirewallRules: [{0D5E4D5F-E5E7-45CE-A75E-BC6F66C1C5D1}] => (Allow) E:\Steam\steamapps\common\Deponia Demo\deponia.exe
FirewallRules: [{A8D01D9A-AB09-43BB-8C8E-04478FE91CFF}] => (Allow) E:\Steam\steamapps\common\Deponia Demo\deponia.exe
FirewallRules: [{7528F2D0-2931-4818-9EE2-824674F35048}] => (Allow) E:\Steam\steamapps\common\Deponia Demo\VisionaireConfigurationTool.exe
FirewallRules: [{3E42754C-10FB-4540-87FD-E422B4B51FEB}] => (Allow) E:\Steam\steamapps\common\Deponia Demo\VisionaireConfigurationTool.exe
==================== Fehlerhafte Geräte im Gerätemanager =============
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (12/05/2015 02:19:03 PM) (Source: ESENT) (EventID: 455) (User: )
Description: taskhost (1860) WebCacheLocal: Fehler -1811 (0xfffff8ed) beim Öffnen von Protokolldatei C:\Users\David\AppData\Local\Microsoft\Windows\WebCache\V01.log.
Error: (12/05/2015 02:18:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/05/2015 02:17:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/05/2015 02:16:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/05/2015 09:39:55 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7082
Error: (12/05/2015 09:39:55 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7082
Error: (12/05/2015 09:39:55 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (12/05/2015 09:39:54 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6084
Error: (12/05/2015 09:39:54 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6084
Error: (12/05/2015 09:39:54 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Systemfehler:
=============
Error: (12/05/2015 02:21:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "CyberGhost 5 Client Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (12/05/2015 02:21:12 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst CyberGhost 5 Client Service erreicht.
Error: (12/05/2015 02:21:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "CyberGhost 5 Client Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (12/05/2015 02:21:03 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst CyberGhost 5 Client Service erreicht.
Error: (12/05/2015 02:14:09 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
Error: (12/05/2015 01:26:18 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{2817433B-2456-44EE-9A7E-29889112B518}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
Error: (12/05/2015 03:51:33 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "CyberGhost 5 Client Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (12/05/2015 03:51:33 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst CyberGhost 5 Client Service erreicht.
Error: (12/05/2015 01:59:35 AM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{2817433B-2456-44EE-9A7E-29889112B518}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
Error: (12/05/2015 01:55:04 AM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{2817433B-2456-44EE-9A7E-29889112B518}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
==================== Speicherinformationen ===========================
Prozessor: Intel(R) Core(TM) i3-4100M CPU @ 2.50GHz
Prozentuale Nutzung des RAM: 37%
Installierter physikalischer RAM: 7912.56 MB
Verfügbarer physikalischer RAM: 4983.87 MB
Summe virtueller Speicher: 15823.33 MB
Verfügbarer virtueller Speicher: 12413.43 MB
==================== Laufwerke ================================
Drive c: () (Fixed) (Total:119.14 GB) (Free:52.59 GB) NTFS
Drive e: (Volume) (Fixed) (Total:465.63 GB) (Free:131.52 GB) NTFS
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 00000000)
Partition: GPT.
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: 97C713DD)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=119.1 GB) - (Type=07 NTFS)
==================== Ende von Addition.txt ============================
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-12-05 16:21:18
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk1\DR1 -> \Device\00000071 TS128GMT rev.N081 119,24GB
Running: Gmer-19357.exe; Driver: C:\Users\David\AppData\Local\Temp\pgloapod.sys
---- Kernel code sections - GMER 2.1 ----
.text C:\Windows\System32\win32k.sys!W32pServiceTable fffff96000135400 7 bytes [00, 5C, F3, FF, 41, 66, F0]
.text C:\Windows\System32\win32k.sys!W32pServiceTable + 8 fffff96000135408 3 bytes [C0, 06, 02]
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe[856] C:\Windows\syswow64\PSAPI.dll!GetModuleFileNameExW + 17 00000000754a1401 2 bytes JMP 76deb21b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe[856] C:\Windows\syswow64\PSAPI.dll!EnumProcessModules + 17 00000000754a1419 2 bytes JMP 76deb346 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe[856] C:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 17 00000000754a1431 2 bytes JMP 76e68fd1 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe[856] C:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 42 00000000754a144a 2 bytes CALL 76dc489d C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe[856] C:\Windows\syswow64\PSAPI.dll!EnumDeviceDrivers + 17 00000000754a14dd 2 bytes JMP 76e688c4 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe[856] C:\Windows\syswow64\PSAPI.dll!GetDeviceDriverBaseNameA + 17 00000000754a14f5 2 bytes JMP 76e68aa0 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe[856] C:\Windows\syswow64\PSAPI.dll!QueryWorkingSetEx + 17 00000000754a150d 2 bytes JMP 76e687ba C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe[856] C:\Windows\syswow64\PSAPI.dll!GetDeviceDriverBaseNameW + 17 00000000754a1525 2 bytes JMP 76e68b8a C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe[856] C:\Windows\syswow64\PSAPI.dll!GetModuleBaseNameW + 17 00000000754a153d 2 bytes JMP 76ddfca8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe[856] C:\Windows\syswow64\PSAPI.dll!EnumProcesses + 17 00000000754a1555 2 bytes JMP 76de68ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe[856] C:\Windows\syswow64\PSAPI.dll!GetProcessMemoryInfo + 17 00000000754a156d 2 bytes JMP 76e69089 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe[856] C:\Windows\syswow64\PSAPI.dll!GetPerformanceInfo + 17 00000000754a1585 2 bytes JMP 76e68bea C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe[856] C:\Windows\syswow64\PSAPI.dll!QueryWorkingSet + 17 00000000754a159d 2 bytes JMP 76e6877e C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe[856] C:\Windows\syswow64\PSAPI.dll!GetModuleBaseNameA + 17 00000000754a15b5 2 bytes JMP 76ddfd41 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe[856] C:\Windows\syswow64\PSAPI.dll!GetModuleFileNameExA + 17 00000000754a15cd 2 bytes JMP 76deb2dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe[856] C:\Windows\syswow64\PSAPI.dll!GetProcessImageFileNameW + 20 00000000754a16b2 2 bytes JMP 76e68f4c C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe[856] C:\Windows\syswow64\PSAPI.dll!GetProcessImageFileNameW + 31 00000000754a16bd 2 bytes JMP 76e68713 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007760dc70 5 bytes [48, B8, F0, 12, FB]
.text C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe[924] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 000000007760dc78 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe[924] C:\Windows\system32\kernel32.dll!UnhandledExceptionFilter + 1 000000007743b831 11 bytes [B8, F0, 12, A4, 01, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[1616] C:\Windows\system32\kernel32.dll!Process32NextW + 1 00000000773a1b21 11 bytes [B8, B9, C0, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[1616] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 00000000773a1c10 12 bytes [48, B8, F9, 39, 5C, 75, 00, ...]
.text C:\Windows\system32\svchost.exe[1616] C:\Windows\system32\kernel32.dll!MoveFileExW + 1 00000000773a2b61 8 bytes [B8, B9, D5, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[1616] C:\Windows\system32\kernel32.dll!MoveFileExW + 10 00000000773a2b6a 2 bytes [50, C3]
.text C:\Windows\system32\svchost.exe[1616] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 00000000773bdb10 12 bytes [48, B8, B9, 2D, 5C, 75, 00, ...]
.text C:\Windows\system32\svchost.exe[1616] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 00000000773c0951 11 bytes [B8, 79, 39, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[1616] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 00000000773f52c1 11 bytes [B8, B9, 7A, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[1616] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 00000000773f52e1 11 bytes [B8, 39, 77, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[1616] C:\Windows\system32\kernel32.dll!ReadConsoleW 000000007740a630 12 bytes [48, B8, B9, 81, 5C, 75, 00, ...]
.text C:\Windows\system32\svchost.exe[1616] C:\Windows\system32\kernel32.dll!ReadConsoleA 000000007740a740 12 bytes [48, B8, 39, 7E, 5C, 75, 00, ...]
.text C:\Windows\system32\svchost.exe[1616] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1 000000007742f4e1 11 bytes [B8, B9, DC, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[1616] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1 000000007742f6e1 11 bytes [B8, 39, D9, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[1616] C:\Windows\system32\kernel32.dll!MoveFileExA + 1 000000007742f711 8 bytes [B8, 39, D2, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[1616] C:\Windows\system32\kernel32.dll!MoveFileExA + 10 000000007742f71a 2 bytes [50, C3]
.text C:\Windows\system32\svchost.exe[1616] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd681861 11 bytes [B8, 79, 52, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[1616] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd682db1 11 bytes [B8, 79, B4, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[1616] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd683461 11 bytes [B8, 39, B6, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[1616] C:\Windows\system32\KERNELBASE.dll!FindClose + 1 000007fefd6850d1 11 bytes [B8, 79, 0F, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[1616] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 000007fefd685370 12 bytes [48, B8, F9, 0B, 5D, 75, 00, ...]
.text C:\Windows\system32\svchost.exe[1616] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 000007fefd685eb1 11 bytes [B8, B9, 0D, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[1616] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd688f20 12 bytes [48, B8, B9, 50, 5C, 75, 00, ...]
.text C:\Windows\system32\svchost.exe[1616] C:\Windows\system32\KERNELBASE.dll!CreateWellKnownSid + 1 000007fefd6897a1 11 bytes [B8, B9, 30, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[1616] C:\Windows\system32\KERNELBASE.dll!DeviceIoControl + 1 000007fefd68a0e1 11 bytes [B8, 39, E0, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[1616] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd68aec0 12 bytes [48, B8, B9, B2, 5C, 75, 00, ...]
.text C:\Windows\system32\svchost.exe[1616] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd68ca31 11 bytes [B8, F9, B0, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[1616] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd6937d1 11 bytes [B8, F9, 4E, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[1616] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd6b4310 12 bytes [48, B8, B9, 42, 5C, 75, 00, ...]
.text C:\Windows\system32\svchost.exe[1616] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 000007fefd6c0bd1 11 bytes [B8, B9, CE, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[1616] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd6c2831 8 bytes [B8, 39, 23, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[1616] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd6c283a 2 bytes [50, C3]
.text C:\Windows\system32\svchost.exe[1616] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd6c2871 11 bytes [B8, F9, 40, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[1616] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefdd3642d 11 bytes [B8, 39, 5B, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[1616] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefdd36484 12 bytes [48, B8, F9, 55, 5C, 75, 00, ...]
.text C:\Windows\system32\svchost.exe[1616] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefdd36519 11 bytes [B8, 39, 62, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[1616] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefdd36c34 12 bytes [48, B8, 39, 54, 5C, 75, 00, ...]
.text C:\Windows\system32\svchost.exe[1616] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefdd37ab5 11 bytes [B8, F9, 5C, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[1616] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefdd38b01 11 bytes [B8, B9, 57, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[1616] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefdd38c39 11 bytes [B8, 79, 59, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[1616] C:\Windows\system32\GDI32.dll!GdiDllInitialize + 349 000007fefe10b031 11 bytes [B8, B9, 45, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[1616] C:\Windows\system32\GDI32.dll!SetBrushAttributes + 1 000007fefe124991 11 bytes [B8, F9, 20, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[1616] C:\Windows\system32\GDI32.dll!ClearBrushAttributes + 1 000007fefe1249b1 11 bytes [B8, B9, 22, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[1616] C:\Windows\system32\GDI32.dll!NamedEscape + 1 000007fefe139209 11 bytes [B8, 39, 26, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[1616] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 1 000007feff07ae81 11 bytes [B8, B9, 29, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[1616] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 1 000007feff07aee1 11 bytes [B8, 39, 11, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[1616] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 1 000007feff07e6e9 11 bytes [B8, F9, 2E, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[1616] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 1 000007feff08048d 11 bytes [B8, F9, 12, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[1616] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 1 000007feff080579 11 bytes [B8, F9, 27, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[1616] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 1 000007feff0805b1 11 bytes [B8, 79, 2B, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[1616] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 73 000007feff0805f9 5 bytes [B8, 39, 2D, 5D, 75]
.text ... * 2
.text C:\Windows\system32\svchost.exe[1616] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49 000007feff094e21 11 bytes [B8, 39, 49, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[1616] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007feff095538 12 bytes [48, B8, B9, 6C, 5C, 75, 00, ...]
.text C:\Windows\system32\svchost.exe[1616] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 1 000007feff0ab9c1 7 bytes [B8, 79, 16, 5D, 75, 00, 00]
.text C:\Windows\system32\svchost.exe[1616] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 10 000007feff0ab9ca 2 bytes [50, C3]
.text C:\Windows\system32\svchost.exe[1616] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007feff0aba4c 12 bytes [48, B8, F9, 6A, 5C, 75, 00, ...]
.text C:\Windows\system32\svchost.exe[1616] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW 000007feff0abbc0 12 bytes [48, B8, 79, 60, 5C, 75, 00, ...]
.text C:\Windows\system32\svchost.exe[1616] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007feff0abc2c 12 bytes [48, B8, B9, 5E, 5C, 75, 00, ...]
.text C:\Windows\system32\igfxCUIService.exe[1720] C:\Windows\system32\kernel32.dll!Process32NextW + 1 00000000773a1b21 11 bytes [B8, B9, C0, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\igfxCUIService.exe[1720] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 00000000773a1c10 12 bytes [48, B8, F9, 39, 5C, 75, 00, ...]
.text C:\Windows\system32\igfxCUIService.exe[1720] C:\Windows\system32\kernel32.dll!MoveFileExW + 1 00000000773a2b61 8 bytes [B8, B9, D5, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\igfxCUIService.exe[1720] C:\Windows\system32\kernel32.dll!MoveFileExW + 10 00000000773a2b6a 2 bytes [50, C3]
.text C:\Windows\system32\igfxCUIService.exe[1720] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 00000000773bdb10 12 bytes [48, B8, B9, 2D, 5C, 75, 00, ...]
.text C:\Windows\system32\igfxCUIService.exe[1720] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 00000000773c0951 11 bytes [B8, 39, 3B, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\igfxCUIService.exe[1720] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 00000000773f52c1 11 bytes [B8, B9, 7A, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\igfxCUIService.exe[1720] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 00000000773f52e1 11 bytes [B8, 39, 77, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\igfxCUIService.exe[1720] C:\Windows\system32\kernel32.dll!ReadConsoleW 000000007740a630 12 bytes [48, B8, B9, 81, 5C, 75, 00, ...]
.text C:\Windows\system32\igfxCUIService.exe[1720] C:\Windows\system32\kernel32.dll!ReadConsoleA 000000007740a740 12 bytes [48, B8, 39, 7E, 5C, 75, 00, ...]
.text C:\Windows\system32\igfxCUIService.exe[1720] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1 000000007742f4e1 11 bytes [B8, B9, DC, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\igfxCUIService.exe[1720] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1 000000007742f6e1 11 bytes [B8, 39, D9, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\igfxCUIService.exe[1720] C:\Windows\system32\kernel32.dll!MoveFileExA + 1 000000007742f711 8 bytes [B8, 39, D2, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\igfxCUIService.exe[1720] C:\Windows\system32\kernel32.dll!MoveFileExA + 10 000000007742f71a 2 bytes [50, C3]
.text C:\Windows\system32\igfxCUIService.exe[1720] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd681861 11 bytes [B8, 79, 52, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\igfxCUIService.exe[1720] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd682db1 11 bytes [B8, 79, B4, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\igfxCUIService.exe[1720] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd683461 11 bytes [B8, 39, B6, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\igfxCUIService.exe[1720] C:\Windows\system32\KERNELBASE.dll!FindClose + 1 000007fefd6850d1 11 bytes [B8, 39, 11, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\igfxCUIService.exe[1720] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 000007fefd685370 12 bytes [48, B8, B9, 0D, 5D, 75, 00, ...]
.text C:\Windows\system32\igfxCUIService.exe[1720] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 000007fefd685eb1 11 bytes [B8, 79, 0F, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\igfxCUIService.exe[1720] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd688f20 12 bytes [48, B8, B9, 50, 5C, 75, 00, ...]
.text C:\Windows\system32\igfxCUIService.exe[1720] C:\Windows\system32\KERNELBASE.dll!CreateWellKnownSid + 1 000007fefd6897a1 11 bytes [B8, 79, 32, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\igfxCUIService.exe[1720] C:\Windows\system32\KERNELBASE.dll!DeviceIoControl + 1 000007fefd68a0e1 11 bytes [B8, F9, E1, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\igfxCUIService.exe[1720] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd68aec0 12 bytes [48, B8, B9, B2, 5C, 75, 00, ...]
.text C:\Windows\system32\igfxCUIService.exe[1720] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd68ca31 11 bytes [B8, F9, B0, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\igfxCUIService.exe[1720] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd6937d1 11 bytes [B8, F9, 4E, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\igfxCUIService.exe[1720] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd6b4310 12 bytes [48, B8, B9, 42, 5C, 75, 00, ...]
.text C:\Windows\system32\igfxCUIService.exe[1720] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 000007fefd6c0bd1 11 bytes [B8, B9, CE, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\igfxCUIService.exe[1720] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd6c2831 8 bytes [B8, 39, 23, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\igfxCUIService.exe[1720] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd6c283a 2 bytes [50, C3]
.text C:\Windows\system32\igfxCUIService.exe[1720] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd6c2871 11 bytes [B8, F9, 40, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\igfxCUIService.exe[1720] C:\Windows\system32\GDI32.dll!GdiDllInitialize + 349 000007fefe10b031 11 bytes [B8, 79, 4E, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\igfxCUIService.exe[1720] C:\Windows\system32\GDI32.dll!SetBrushAttributes + 1 000007fefe124991 11 bytes [B8, B9, 22, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\igfxCUIService.exe[1720] C:\Windows\system32\GDI32.dll!ClearBrushAttributes + 1 000007fefe1249b1 11 bytes [B8, 79, 24, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\igfxCUIService.exe[1720] C:\Windows\system32\GDI32.dll!NamedEscape + 1 000007fefe139209 11 bytes [B8, F9, 27, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\igfxCUIService.exe[1720] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 1 000007feff07ae81 11 bytes [B8, 79, 2B, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\igfxCUIService.exe[1720] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 1 000007feff07aee1 11 bytes [B8, F9, 12, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\igfxCUIService.exe[1720] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 1 000007feff07e6e9 11 bytes [B8, B9, 30, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\igfxCUIService.exe[1720] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 1 000007feff08048d 11 bytes [B8, B9, 14, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\igfxCUIService.exe[1720] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 1 000007feff080579 11 bytes [B8, B9, 29, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\igfxCUIService.exe[1720] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 1 000007feff0805b1 11 bytes [B8, 39, 2D, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\igfxCUIService.exe[1720] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 73 000007feff0805f9 5 bytes [B8, F9, 2E, 5D, 75]
.text ...
Code:
ATTFilter .text C:\Windows\system32\igfxCUIService.exe[1720] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49 000007feff094e21 11 bytes [B8, 39, 50, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\igfxCUIService.exe[1720] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007feff095538 12 bytes [48, B8, B9, 6C, 5C, 75, 00, ...]
.text C:\Windows\system32\igfxCUIService.exe[1720] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 1 000007feff0ab9c1 7 bytes [B8, 39, 18, 5D, 75, 00, 00]
.text C:\Windows\system32\igfxCUIService.exe[1720] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 10 000007feff0ab9ca 2 bytes [50, C3]
.text C:\Windows\system32\igfxCUIService.exe[1720] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007feff0aba4c 12 bytes [48, B8, F9, 6A, 5C, 75, 00, ...]
.text C:\Windows\system32\igfxCUIService.exe[1720] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW 000007feff0abbc0 12 bytes [48, B8, 79, 60, 5C, 75, 00, ...]
.text C:\Windows\system32\igfxCUIService.exe[1720] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007feff0abc2c 12 bytes [48, B8, B9, 5E, 5C, 75, 00, ...]
.text C:\Windows\system32\igfxCUIService.exe[1720] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefdd3642d 11 bytes [B8, 39, 5B, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\igfxCUIService.exe[1720] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefdd36484 12 bytes [48, B8, F9, 55, 5C, 75, 00, ...]
.text C:\Windows\system32\igfxCUIService.exe[1720] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefdd36519 11 bytes [B8, 39, 62, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\igfxCUIService.exe[1720] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefdd36c34 12 bytes [48, B8, 39, 54, 5C, 75, 00, ...]
.text C:\Windows\system32\igfxCUIService.exe[1720] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefdd37ab5 11 bytes [B8, F9, 5C, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\igfxCUIService.exe[1720] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefdd38b01 11 bytes [B8, B9, 57, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\igfxCUIService.exe[1720] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefdd38c39 11 bytes [B8, 79, 59, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\igfxCUIService.exe[1720] C:\Windows\system32\WS2_32.dll!WSASend + 1 000007fefdd513b1 11 bytes [B8, B9, AB, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\igfxCUIService.exe[1720] C:\Windows\system32\WS2_32.dll!closesocket 000007fefdd518e0 12 bytes [48, B8, F9, A9, 5C, 75, 00, ...]
.text C:\Windows\system32\igfxCUIService.exe[1720] C:\Windows\system32\WS2_32.dll!WSASocketW + 1 000007fefdd51bd1 11 bytes [B8, 39, A8, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\igfxCUIService.exe[1720] C:\Windows\system32\WS2_32.dll!WSARecv + 1 000007fefdd52201 11 bytes [B8, F9, 20, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\igfxCUIService.exe[1720] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 000007fefdd523c0 12 bytes [48, B8, 39, 8C, 5C, 75, 00, ...]
.text C:\Windows\system32\igfxCUIService.exe[1720] C:\Windows\system32\WS2_32.dll!connect 000007fefdd545c0 12 bytes [48, B8, 79, 67, 5C, 75, 00, ...]
.text C:\Windows\system32\igfxCUIService.exe[1720] C:\Windows\system32\WS2_32.dll!send + 1 000007fefdd58001 11 bytes [B8, 79, A6, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\igfxCUIService.exe[1720] C:\Windows\system32\WS2_32.dll!gethostbyname 000007fefdd58df0 7 bytes [48, B8, B9, 8F, 5C, 75, 00]
.text C:\Windows\system32\igfxCUIService.exe[1720] C:\Windows\system32\WS2_32.dll!gethostbyname + 9 000007fefdd58df9 3 bytes [00, 50, C3]
.text C:\Windows\system32\igfxCUIService.exe[1720] C:\Windows\system32\WS2_32.dll!GetAddrInfoExW 000007fefdd5c090 12 bytes [48, B8, F9, 8D, 5C, 75, 00, ...]
.text C:\Windows\system32\igfxCUIService.exe[1720] C:\Windows\system32\WS2_32.dll!socket + 1 000007fefdd5de91 11 bytes [B8, F9, 19, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\igfxCUIService.exe[1720] C:\Windows\system32\WS2_32.dll!recv + 1 000007fefdd5df41 11 bytes [B8, 39, 1F, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\igfxCUIService.exe[1720] C:\Windows\system32\WS2_32.dll!WSAConnect + 1 000007fefdd7e0f1 11 bytes [B8, 79, 1D, 5D, 75, 00, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!RtlEqualSid + 1 00000000775e85e1 11 bytes [B8, B9, 37, 5D, 75, 00, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 00000000775f6921 7 bytes [B8, 39, 69, 5C, 75, 00, 00]
.text C:\Windows\System32\WUDFHost.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 10 00000000775f692a 2 bytes [50, C3]
.text C:\Windows\System32\WUDFHost.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 000000007760da30 6 bytes [48, B8, B9, 45, 5D, 75]
.text C:\Windows\System32\WUDFHost.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 000000007760da38 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\WUDFHost.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007760daa0 6 bytes [48, B8, 79, C2, 5C, 75]
.text C:\Windows\System32\WUDFHost.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 000000007760daa8 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\WUDFHost.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007760db70 6 bytes [48, B8, 39, AF, 5C, 75]
.text C:\Windows\System32\WUDFHost.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 000000007760db78 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\WUDFHost.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken 000000007760dbc0 6 bytes [48, B8, F9, 35, 5D, 75]
.text C:\Windows\System32\WUDFHost.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken + 8 000000007760dbc8 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\WUDFHost.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007760dc10 6 bytes [48, B8, F9, 32, 5C, 75]
.text C:\Windows\System32\WUDFHost.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 000000007760dc18 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\WUDFHost.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007760dc30 6 bytes [48, B8, 39, 1C, 5C, 75]
.text C:\Windows\System32\WUDFHost.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000000007760dc38 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\WUDFHost.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007760dc50 6 bytes [48, B8, F9, 1D, 5C, 75]
.text C:\Windows\System32\WUDFHost.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 000000007760dc58 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\WUDFHost.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007760dc70 6 bytes [48, B8, 79, AD, 5C, 75]
.text C:\Windows\System32\WUDFHost.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 000000007760dc78 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\WUDFHost.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007760dd20 6 bytes [48, B8, F9, 43, 5D, 75]
.text C:\Windows\System32\WUDFHost.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 000000007760dd28 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\WUDFHost.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007760dd50 6 bytes [48, B8, 79, 2F, 5C, 75]
.text C:\Windows\System32\WUDFHost.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 000000007760dd58 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\WUDFHost.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007760dd70 6 bytes [48, B8, 79, 36, 5C, 75]
.text C:\Windows\System32\WUDFHost.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 000000007760dd78 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\WUDFHost.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007760ddc0 6 bytes [48, B8, 79, DE, 5C, 75]
.text C:\Windows\System32\WUDFHost.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken + 8 000000007760ddc8 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\WUDFHost.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007760de00 6 bytes [48, B8, B9, 34, 5C, 75]
.text C:\Windows\System32\WUDFHost.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 000000007760de08 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\WUDFHost.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007760de30 6 bytes [48, B8, F9, 0B, 5D, 75]
.text C:\Windows\System32\WUDFHost.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 8 000000007760de38 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\WUDFHost.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007760de50 6 bytes [48, B8, 79, 47, 5D, 75]
.text C:\Windows\System32\WUDFHost.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 000000007760de58 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\WUDFHost.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 000000007760de80 6 bytes [48, B8, 39, 2A, 5C, 75]
.text C:\Windows\System32\WUDFHost.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 000000007760de88 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\WUDFHost.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007760de90 6 bytes [48, B8, B9, 26, 5C, 75]
.text C:\Windows\System32\WUDFHost.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 000000007760de98 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\WUDFHost.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007760df00 6 bytes [48, B8, 39, E0, 5C, 75]
.text C:\Windows\System32\WUDFHost.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000000007760df08 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\WUDFHost.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000000007760dfb0 4 bytes [48, B8, F9, 4A]
.text C:\Windows\System32\WUDFHost.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 5 000000007760dfb5 1 byte [75]
.text ... * 2
.text C:\Windows\System32\WUDFHost.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007760e380 6 bytes [48, B8, 39, 42, 5D, 75]
.text C:\Windows\System32\WUDFHost.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 000000007760e388 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\WUDFHost.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 000000007760e3d0 6 bytes [48, B8, 79, 28, 5C, 75]
.text C:\Windows\System32\WUDFHost.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 000000007760e3d8 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\WUDFHost.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007760e430 6 bytes [48, B8, F9, 24, 5C, 75]
.text C:\Windows\System32\WUDFHost.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 000000007760e438 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\WUDFHost.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007760e7a0 6 bytes [48, B8, 39, C4, 5C, 75]
.text C:\Windows\System32\WUDFHost.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 000000007760e7a8 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\WUDFHost.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 000000007760e970 6 bytes [48, B8, 39, 34, 5D, 75]
.text C:\Windows\System32\WUDFHost.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 000000007760e978 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\WUDFHost.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 000000007760ece0 6 bytes [48, B8, 79, 83, 5C, 75]
.text C:\Windows\System32\WUDFHost.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 000000007760ece8 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\WUDFHost.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007760eee0 6 bytes [48, B8, 39, 31, 5C, 75]
.text C:\Windows\System32\WUDFHost.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 000000007760eee8 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\WUDFHost.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007760f0a0 6 bytes [48, B8, F9, C5, 5C, 75]
.text C:\Windows\System32\WUDFHost.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 000000007760f0a8 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\WUDFHost.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007760f180 6 bytes [48, B8, 79, 3D, 5C, 75]
.text C:\Windows\System32\WUDFHost.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8 000000007760f188 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\WUDFHost.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007760f190 6 bytes [48, B8, B9, 3B, 5C, 75]
.text C:\Windows\System32\WUDFHost.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8 000000007760f198 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\WUDFHost.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007760f1a0 6 bytes [48, B8, 39, 49, 5D, 75]
.text C:\Windows\System32\WUDFHost.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 000000007760f1a8 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\WUDFHost.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007760f280 6 bytes [48, B8, F9, 3C, 5D, 75]
.text C:\Windows\System32\WUDFHost.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 000000007760f288 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\WUDFHost.exe[1820] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 000000007767f0c1 11 bytes [B8, 39, 85, 5C, 75, 00, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[1820] C:\Windows\system32\kernel32.dll!Process32NextW + 1 00000000773a1b21 11 bytes [B8, B9, C0, 5C, 75, 00, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[1820] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 00000000773a1c10 12 bytes [48, B8, F9, 39, 5C, 75, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[1820] C:\Windows\system32\kernel32.dll!MoveFileExW + 1 00000000773a2b61 8 bytes [B8, B9, D5, 5C, 75, 00, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[1820] C:\Windows\system32\kernel32.dll!MoveFileExW + 10 00000000773a2b6a 2 bytes [50, C3]
.text C:\Windows\System32\WUDFHost.exe[1820] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 00000000773bdb10 12 bytes [48, B8, B9, 2D, 5C, 75, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[1820] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 00000000773c0951 11 bytes [B8, 39, 3B, 5D, 75, 00, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[1820] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 00000000773f52c1 11 bytes [B8, B9, 7A, 5C, 75, 00, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[1820] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 00000000773f52e1 11 bytes [B8, 39, 77, 5C, 75, 00, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[1820] C:\Windows\system32\kernel32.dll!ReadConsoleW 000000007740a630 12 bytes [48, B8, B9, 81, 5C, 75, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[1820] C:\Windows\system32\kernel32.dll!ReadConsoleA 000000007740a740 12 bytes [48, B8, 39, 7E, 5C, 75, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[1820] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1 000000007742f4e1 11 bytes [B8, B9, DC, 5C, 75, 00, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[1820] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1 000000007742f6e1 11 bytes [B8, 39, D9, 5C, 75, 00, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[1820] C:\Windows\system32\kernel32.dll!MoveFileExA + 1 000000007742f711 8 bytes [B8, 39, D2, 5C, 75, 00, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[1820] C:\Windows\system32\kernel32.dll!MoveFileExA + 10 000000007742f71a 2 bytes [50, C3]
.text C:\Windows\System32\WUDFHost.exe[1820] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd681861 11 bytes [B8, 79, 52, 5C, 75, 00, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[1820] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd682db1 11 bytes [B8, 79, B4, 5C, 75, 00, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[1820] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd683461 11 bytes [B8, 39, B6, 5C, 75, 00, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[1820] C:\Windows\system32\KERNELBASE.dll!FindClose + 1 000007fefd6850d1 11 bytes [B8, 39, 11, 5D, 75, 00, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[1820] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 000007fefd685370 12 bytes [48, B8, B9, 0D, 5D, 75, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[1820] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 000007fefd685eb1 11 bytes [B8, 79, 0F, 5D, 75, 00, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[1820] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd688f20 12 bytes [48, B8, B9, 50, 5C, 75, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[1820] C:\Windows\system32\KERNELBASE.dll!CreateWellKnownSid + 1 000007fefd6897a1 11 bytes [B8, 79, 32, 5D, 75, 00, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[1820] C:\Windows\system32\KERNELBASE.dll!DeviceIoControl + 1 000007fefd68a0e1 11 bytes [B8, F9, E1, 5C, 75, 00, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[1820] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd68aec0 12 bytes [48, B8, B9, B2, 5C, 75, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[1820] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd68ca31 11 bytes [B8, F9, B0, 5C, 75, 00, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[1820] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd6937d1 11 bytes [B8, F9, 4E, 5C, 75, 00, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[1820] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd6b4310 12 bytes [48, B8, B9, 42, 5C, 75, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[1820] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 000007fefd6c0bd1 11 bytes [B8, B9, CE, 5C, 75, 00, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[1820] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd6c2831 8 bytes [B8, 39, 23, 5C, 75, 00, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[1820] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd6c283a 2 bytes [50, C3]
.text C:\Windows\System32\WUDFHost.exe[1820] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd6c2871 11 bytes [B8, F9, 40, 5C, 75, 00, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[1820] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 1 000007feff07ae81 11 bytes [B8, 79, 2B, 5D, 75, 00, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[1820] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 1 000007feff07aee1 11 bytes [B8, F9, 12, 5D, 75, 00, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[1820] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 1 000007feff07e6e9 11 bytes [B8, B9, 30, 5D, 75, 00, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[1820] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 1 000007feff08048d 11 bytes [B8, B9, 14, 5D, 75, 00, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[1820] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 1 000007feff080579 11 bytes [B8, B9, 29, 5D, 75, 00, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[1820] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 1 000007feff0805b1 11 bytes [B8, 39, 2D, 5D, 75, 00, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[1820] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 73 000007feff0805f9 5 bytes [B8, F9, 2E, 5D, 75]
.text ...
|
|
05.12.2015, 19:02
| #4 |
| /// TB-Schüler | Win7: Fehler 5 u.a. / "Kaputtoptimiert" Gmer Teil 3: Code:
ATTFilter .text C:\Windows\System32\WUDFHost.exe[1820] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49 000007feff094e21 11 bytes [B8, B9, 4C, 5D, 75, 00, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[1820] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007feff095538 12 bytes [48, B8, B9, 6C, 5C, 75, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[1820] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 1 000007feff0ab9c1 7 bytes [B8, 39, 18, 5D, 75, 00, 00]
.text C:\Windows\System32\WUDFHost.exe[1820] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 10 000007feff0ab9ca 2 bytes [50, C3]
.text C:\Windows\System32\WUDFHost.exe[1820] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007feff0aba4c 12 bytes [48, B8, F9, 6A, 5C, 75, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[1820] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW 000007feff0abbc0 12 bytes [48, B8, 79, 60, 5C, 75, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[1820] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007feff0abc2c 12 bytes [48, B8, B9, 5E, 5C, 75, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[1820] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefdd3642d 11 bytes [B8, 39, 5B, 5C, 75, 00, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[1820] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefdd36484 12 bytes [48, B8, F9, 55, 5C, 75, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[1820] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefdd36519 11 bytes [B8, 39, 62, 5C, 75, 00, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[1820] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefdd36c34 12 bytes [48, B8, 39, 54, 5C, 75, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[1820] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefdd37ab5 11 bytes [B8, F9, 5C, 5C, 75, 00, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[1820] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefdd38b01 11 bytes [B8, B9, 57, 5C, 75, 00, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[1820] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefdd38c39 11 bytes [B8, 79, 59, 5C, 75, 00, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[1820] C:\Windows\system32\GDI32.dll!GdiDllInitialize + 349 000007fefe10b031 11 bytes [B8, 39, 50, 5D, 75, 00, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[1820] C:\Windows\system32\GDI32.dll!SetBrushAttributes + 1 000007fefe124991 11 bytes [B8, B9, 22, 5D, 75, 00, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[1820] C:\Windows\system32\GDI32.dll!ClearBrushAttributes + 1 000007fefe1249b1 11 bytes [B8, 79, 24, 5D, 75, 00, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[1820] C:\Windows\system32\GDI32.dll!NamedEscape + 1 000007fefe139209 11 bytes [B8, F9, 27, 5D, 75, 00, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[1820] C:\Windows\system32\WS2_32.dll!WSASend + 1 000007fefdd513b1 11 bytes [B8, B9, AB, 5C, 75, 00, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[1820] C:\Windows\system32\WS2_32.dll!closesocket 000007fefdd518e0 12 bytes [48, B8, F9, A9, 5C, 75, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[1820] C:\Windows\system32\WS2_32.dll!WSASocketW + 1 000007fefdd51bd1 11 bytes [B8, 39, A8, 5C, 75, 00, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[1820] C:\Windows\system32\WS2_32.dll!WSARecv + 1 000007fefdd52201 11 bytes [B8, F9, 20, 5D, 75, 00, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[1820] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 000007fefdd523c0 12 bytes [48, B8, 39, 8C, 5C, 75, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[1820] C:\Windows\system32\WS2_32.dll!connect 000007fefdd545c0 12 bytes [48, B8, 79, 67, 5C, 75, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[1820] C:\Windows\system32\WS2_32.dll!send + 1 000007fefdd58001 11 bytes [B8, 79, A6, 5C, 75, 00, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[1820] C:\Windows\system32\WS2_32.dll!gethostbyname 000007fefdd58df0 7 bytes [48, B8, B9, 8F, 5C, 75, 00]
.text C:\Windows\System32\WUDFHost.exe[1820] C:\Windows\system32\WS2_32.dll!gethostbyname + 9 000007fefdd58df9 3 bytes [00, 50, C3]
.text C:\Windows\System32\WUDFHost.exe[1820] C:\Windows\system32\WS2_32.dll!GetAddrInfoExW 000007fefdd5c090 12 bytes [48, B8, F9, 8D, 5C, 75, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[1820] C:\Windows\system32\WS2_32.dll!socket + 1 000007fefdd5de91 11 bytes [B8, F9, 19, 5D, 75, 00, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[1820] C:\Windows\system32\WS2_32.dll!recv + 1 000007fefdd5df41 11 bytes [B8, 39, 1F, 5D, 75, 00, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[1820] C:\Windows\system32\WS2_32.dll!WSAConnect + 1 000007fefdd7e0f1 11 bytes [B8, 79, 1D, 5D, 75, 00, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[1820] C:\Windows\system32\WININET.dll!InternetCloseHandle + 1 000007feff3bb1c1 11 bytes [B8, 39, 0A, 5D, 75, 00, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[1820] C:\Windows\system32\WININET.dll!HttpOpenRequestW + 1 000007feff3bc6d1 11 bytes [B8, F9, F6, 5C, 75, 00, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[1820] C:\Windows\system32\WININET.dll!InternetConnectW + 1 000007feff3c29b1 11 bytes [B8, 79, F3, 5C, 75, 00, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[1820] C:\Windows\system32\WININET.dll!HttpSendRequestW + 1 000007feff3c3ba1 11 bytes [B8, 79, FA, 5C, 75, 00, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[1820] C:\Windows\system32\WININET.dll!InternetReadFile + 1 000007feff3c4c81 11 bytes [B8, 79, E5, 5C, 75, 00, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[1820] C:\Windows\system32\WININET.dll!InternetOpenW + 1 000007feff3fddc1 11 bytes [B8, F9, E8, 5C, 75, 00, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[1820] C:\Windows\system32\WININET.dll!InternetOpenA 000007feff3fdf60 12 bytes [48, B8, 39, E7, 5C, 75, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[1820] C:\Windows\system32\WININET.dll!HttpSendRequestExW + 1 000007feff40c461 11 bytes [B8, F9, FD, 5C, 75, 00, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[1820] C:\Windows\system32\WININET.dll!InternetWriteFile + 1 000007feff40c921 11 bytes [B8, B9, E3, 5C, 75, 00, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[1820] C:\Windows\system32\WININET.dll!HttpSendRequestA + 1 000007feff44f691 11 bytes [B8, B9, F8, 5C, 75, 00, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[1820] C:\Windows\system32\WININET.dll!InternetConnectA + 1 000007feff4ae9b1 11 bytes [B8, B9, F1, 5C, 75, 00, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[1820] C:\Windows\system32\WININET.dll!InternetOpenUrlA + 1 000007feff4aeda1 11 bytes [B8, B9, EA, 5C, 75, 00, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[1820] C:\Windows\system32\WININET.dll!InternetOpenUrlW + 1 000007feff4afa51 11 bytes [B8, 79, EC, 5C, 75, 00, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[1820] C:\Windows\system32\WININET.dll!FtpGetFileA 000007feff4c0360 12 bytes [48, B8, 39, 03, 5D, 75, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[1820] C:\Windows\system32\WININET.dll!FtpOpenFileA + 1 000007feff4c0811 11 bytes [B8, 39, EE, 5C, 75, 00, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[1820] C:\Windows\system32\WININET.dll!FtpPutFileA 000007feff4c08f0 12 bytes [48, B8, B9, 06, 5D, 75, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[1820] C:\Windows\system32\WININET.dll!FtpGetFileW + 1 000007feff4c4261 11 bytes [B8, F9, 04, 5D, 75, 00, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[1820] C:\Windows\system32\WININET.dll!FtpOpenFileW + 1 000007feff4c4371 11 bytes [B8, F9, EF, 5C, 75, 00, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[1820] C:\Windows\system32\WININET.dll!FtpPutFileW + 1 000007feff4c4571 11 bytes [B8, 79, 08, 5D, 75, 00, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[1820] C:\Windows\system32\WININET.dll!HttpSendRequestExA + 1 000007feff4d8751 11 bytes [B8, 39, FC, 5C, 75, 00, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[1820] C:\Windows\system32\WININET.dll!HttpOpenRequestA + 1 000007feff4db221 11 bytes [B8, 39, F5, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!RtlEqualSid + 1 00000000775e85e1 11 bytes [B8, F9, 35, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 00000000775f6921 7 bytes [B8, 39, 69, 5C, 75, 00, 00]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 10 00000000775f692a 2 bytes [50, C3]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 000000007760da30 6 bytes [48, B8, B9, 3E, 5D, 75]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 000000007760da38 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007760daa0 6 bytes [48, B8, 79, C2, 5C, 75]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 000000007760daa8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007760db70 6 bytes [48, B8, 39, AF, 5C, 75]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 000000007760db78 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken 000000007760dbc0 6 bytes [48, B8, 39, 34, 5D, 75]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken + 8 000000007760dbc8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007760dc10 6 bytes [48, B8, F9, 32, 5C, 75]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 000000007760dc18 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007760dc30 6 bytes [48, B8, 39, 1C, 5C, 75]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000000007760dc38 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007760dc50 6 bytes [48, B8, F9, 1D, 5C, 75]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 000000007760dc58 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007760dc70 6 bytes [48, B8, 79, AD, 5C, 75]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 000000007760dc78 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007760dd20 6 bytes [48, B8, F9, 3C, 5D, 75]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 000000007760dd28 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007760dd50 6 bytes [48, B8, 79, 2F, 5C, 75]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 000000007760dd58 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007760dd70 6 bytes [48, B8, 79, 36, 5C, 75]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 000000007760dd78 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007760de00 6 bytes [48, B8, B9, 34, 5C, 75]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 000000007760de08 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007760de30 6 bytes [48, B8, 39, 0A, 5D, 75]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 8 000000007760de38 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007760de50 6 bytes [48, B8, 79, 40, 5D, 75]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 000000007760de58 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 000000007760de80 6 bytes [48, B8, 39, 2A, 5C, 75]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 000000007760de88 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007760de90 6 bytes [48, B8, B9, 26, 5C, 75]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 000000007760de98 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007760df00 6 bytes [48, B8, 79, DE, 5C, 75]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000000007760df08 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000000007760dfb0 4 bytes [48, B8, F9, 43]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 5 000000007760dfb5 1 byte [75]
.text ... * 2
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007760e380 6 bytes [48, B8, 39, 3B, 5D, 75]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 000000007760e388 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 000000007760e3d0 6 bytes [48, B8, 79, 28, 5C, 75]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 000000007760e3d8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007760e430 6 bytes [48, B8, F9, 24, 5C, 75]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 000000007760e438 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007760e7a0 6 bytes [48, B8, 39, C4, 5C, 75]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 000000007760e7a8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 000000007760e970 6 bytes [48, B8, 79, 32, 5D, 75]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 000000007760e978 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 000000007760ece0 6 bytes [48, B8, 79, 83, 5C, 75]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 000000007760ece8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007760eee0 6 bytes [48, B8, 39, 31, 5C, 75]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 000000007760eee8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007760f0a0 6 bytes [48, B8, F9, C5, 5C, 75]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 000000007760f0a8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007760f180 6 bytes [48, B8, 79, 3D, 5C, 75]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8 000000007760f188 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007760f190 6 bytes [48, B8, B9, 3B, 5C, 75]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8 000000007760f198 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007760f1a0 6 bytes [48, B8, 39, 42, 5D, 75]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 000000007760f1a8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 000000007767f0c1 11 bytes [B8, 39, 85, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\system32\kernel32.dll!Process32NextW + 1 00000000773a1b21 11 bytes [B8, B9, C0, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 00000000773a1c10 12 bytes [48, B8, F9, 39, 5C, 75, 00, ...]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\system32\kernel32.dll!MoveFileExW + 1 00000000773a2b61 8 bytes [B8, B9, D5, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\system32\kernel32.dll!MoveFileExW + 10 00000000773a2b6a 2 bytes [50, C3]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 00000000773bdb10 12 bytes [48, B8, B9, 2D, 5C, 75, 00, ...]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 00000000773c0951 11 bytes [B8, 79, 39, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 00000000773f52c1 11 bytes [B8, B9, 7A, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 00000000773f52e1 11 bytes [B8, 39, 77, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\system32\kernel32.dll!ReadConsoleW 000000007740a630 12 bytes [48, B8, B9, 81, 5C, 75, 00, ...]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\system32\kernel32.dll!ReadConsoleA 000000007740a740 12 bytes [48, B8, 39, 7E, 5C, 75, 00, ...]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1 000000007742f4e1 11 bytes [B8, B9, DC, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1 000000007742f6e1 11 bytes [B8, 39, D9, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\system32\kernel32.dll!MoveFileExA + 1 000000007742f711 8 bytes [B8, 39, D2, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\system32\kernel32.dll!MoveFileExA + 10 000000007742f71a 2 bytes [50, C3]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd681861 11 bytes [B8, 79, 52, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd682db1 11 bytes [B8, 79, B4, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd683461 11 bytes [B8, 39, B6, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\system32\KERNELBASE.dll!FindClose + 1 000007fefd6850d1 11 bytes [B8, 79, 0F, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 000007fefd685370 12 bytes [48, B8, F9, 0B, 5D, 75, 00, ...]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 000007fefd685eb1 11 bytes [B8, B9, 0D, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd688f20 12 bytes [48, B8, B9, 50, 5C, 75, 00, ...]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\system32\KERNELBASE.dll!CreateWellKnownSid + 1 000007fefd6897a1 11 bytes [B8, B9, 30, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\system32\KERNELBASE.dll!DeviceIoControl + 1 000007fefd68a0e1 11 bytes [B8, 39, E0, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd68aec0 12 bytes [48, B8, B9, B2, 5C, 75, 00, ...]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd68ca31 11 bytes [B8, F9, B0, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd6937d1 11 bytes [B8, F9, 4E, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd6b4310 12 bytes [48, B8, B9, 42, 5C, 75, 00, ...]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 000007fefd6c0bd1 11 bytes [B8, B9, CE, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd6c2831 8 bytes [B8, 39, 23, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd6c283a 2 bytes [50, C3]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd6c2871 11 bytes [B8, F9, 40, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefdd3642d 11 bytes [B8, 39, 5B, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefdd36484 12 bytes [48, B8, F9, 55, 5C, 75, 00, ...]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefdd36519 11 bytes [B8, 39, 62, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefdd36c34 12 bytes [48, B8, 39, 54, 5C, 75, 00, ...]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefdd37ab5 11 bytes [B8, F9, 5C, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefdd38b01 11 bytes [B8, B9, 57, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefdd38c39 11 bytes [B8, 79, 59, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\system32\GDI32.dll!GdiDllInitialize + 349 000007fefe10b031 11 bytes [B8, B9, 45, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\system32\GDI32.dll!SetBrushAttributes + 1 000007fefe124991 11 bytes [B8, F9, 20, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\system32\GDI32.dll!ClearBrushAttributes + 1 000007fefe1249b1 11 bytes [B8, B9, 22, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\system32\GDI32.dll!NamedEscape + 1 000007fefe139209 11 bytes [B8, 39, 26, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 1 000007feff07ae81 11 bytes [B8, B9, 29, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 1 000007feff07aee1 11 bytes [B8, 39, 11, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 1 000007feff07e6e9 11 bytes [B8, F9, 2E, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 1 000007feff08048d 11 bytes [B8, F9, 12, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 1 000007feff080579 11 bytes [B8, F9, 27, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 1 000007feff0805b1 11 bytes [B8, 79, 2B, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 73 000007feff0805f9 5 bytes [B8, 39, 2D, 5D, 75]
.text ... * 2
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49 000007feff094e21 11 bytes [B8, 39, 49, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007feff095538 12 bytes [48, B8, B9, 6C, 5C, 75, 00, ...]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 1 000007feff0ab9c1 7 bytes [B8, 79, 16, 5D, 75, 00, 00]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 10 000007feff0ab9ca 2 bytes [50, C3]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007feff0aba4c 12 bytes [48, B8, F9, 6A, 5C, 75, 00, ...]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW 000007feff0abbc0 12 bytes [48, B8, 79, 60, 5C, 75, 00, ...]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007feff0abc2c 12 bytes [48, B8, B9, 5E, 5C, 75, 00, ...]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\system32\WS2_32.dll!WSASend + 1 000007fefdd513b1 11 bytes [B8, B9, AB, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\system32\WS2_32.dll!closesocket 000007fefdd518e0 12 bytes [48, B8, F9, A9, 5C, 75, 00, ...]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\system32\WS2_32.dll!WSASocketW + 1 000007fefdd51bd1 11 bytes [B8, 39, A8, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\system32\WS2_32.dll!WSARecv + 1 000007fefdd52201 11 bytes [B8, 39, 1F, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 000007fefdd523c0 12 bytes [48, B8, 39, 8C, 5C, 75, 00, ...]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\system32\WS2_32.dll!connect 000007fefdd545c0 12 bytes [48, B8, 79, 67, 5C, 75, 00, ...]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\system32\WS2_32.dll!send + 1 000007fefdd58001 11 bytes [B8, 79, A6, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\system32\WS2_32.dll!gethostbyname 000007fefdd58df0 7 bytes [48, B8, B9, 8F, 5C, 75, 00]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\system32\WS2_32.dll!gethostbyname + 9 000007fefdd58df9 3 bytes [00, 50, C3]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\system32\WS2_32.dll!GetAddrInfoExW 000007fefdd5c090 12 bytes [48, B8, F9, 8D, 5C, 75, 00, ...]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\system32\WS2_32.dll!socket + 1 000007fefdd5de91 11 bytes [B8, 39, 18, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\system32\WS2_32.dll!recv + 1 000007fefdd5df41 11 bytes [B8, 79, 1D, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[1980] C:\Windows\system32\WS2_32.dll!WSAConnect + 1 000007fefdd7e0f1 11 bytes [B8, B9, 1B, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[1980] c:\windows\system32\DNSAPI.dll!DnsQuery_UTF8 000007fefc9c56e0 12 bytes [48, B8, 39, CB, 5C, 75, 00, ...]
.text C:\Windows\system32\svchost.exe[1980] c:\windows\system32\DNSAPI.dll!DnsQuery_W 000007fefc9d010c 12 bytes [48, B8, 79, C9, 5C, 75, 00, ...]
.text C:\Windows\system32\svchost.exe[1980] c:\windows\system32\DNSAPI.dll!DnsQuery_A 000007fefc9edaa0 12 bytes [48, B8, B9, C7, 5C, 75, 00, ...]
.text C:\Windows\system32\svchost.exe[1980] c:\windows\system32\WINHTTP.dll!WinHttpCloseHandle 000007fefb5322e0 12 bytes [48, B8, F9, A2, 5C, 75, 00, ...]
.text C:\Windows\system32\svchost.exe[1980] c:\windows\system32\WINHTTP.dll!WinHttpOpenRequest 000007fefb5345f8 12 bytes [48, B8, 39, A1, 5C, 75, 00, ...]
.text C:\Windows\system32\svchost.exe[1980] c:\windows\system32\WINHTTP.dll!WinHttpConnect 000007fefb543e3c 12 bytes [48, B8, B9, A4, 5C, 75, 00, ...]
.text C:\Windows\system32\WLANExt.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!RtlEqualSid + 1 00000000775e85e1 11 bytes [B8, B9, 37, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\WLANExt.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 00000000775f6921 7 bytes [B8, 39, 69, 5C, 75, 00, 00]
.text C:\Windows\system32\WLANExt.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 10 00000000775f692a 2 bytes [50, C3]
.text C:\Windows\system32\WLANExt.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 000000007760da30 6 bytes [48, B8, B9, 45, 5D, 75]
.text C:\Windows\system32\WLANExt.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 000000007760da38 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\WLANExt.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007760daa0 6 bytes [48, B8, 79, C2, 5C, 75]
.text C:\Windows\system32\WLANExt.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 000000007760daa8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\WLANExt.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007760db70 6 bytes [48, B8, 39, AF, 5C, 75]
.text C:\Windows\system32\WLANExt.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 000000007760db78 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\WLANExt.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken 000000007760dbc0 6 bytes [48, B8, F9, 35, 5D, 75]
.text C:\Windows\system32\WLANExt.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken + 8 000000007760dbc8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\WLANExt.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007760dc10 6 bytes [48, B8, F9, 32, 5C, 75]
.text C:\Windows\system32\WLANExt.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 000000007760dc18 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\WLANExt.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007760dc30 6 bytes [48, B8, 39, 1C, 5C, 75]
.text C:\Windows\system32\WLANExt.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000000007760dc38 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\WLANExt.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007760dc50 6 bytes [48, B8, F9, 1D, 5C, 75]
.text C:\Windows\system32\WLANExt.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 000000007760dc58 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\WLANExt.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007760dc70 6 bytes [48, B8, 79, AD, 5C, 75]
.text C:\Windows\system32\WLANExt.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 000000007760dc78 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\WLANExt.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007760dd20 6 bytes [48, B8, F9, 43, 5D, 75]
.text C:\Windows\system32\WLANExt.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 000000007760dd28 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\WLANExt.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007760dd50 6 bytes [48, B8, 79, 2F, 5C, 75]
.text C:\Windows\system32\WLANExt.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 000000007760dd58 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\WLANExt.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007760dd70 6 bytes [48, B8, 79, 36, 5C, 75]
.text C:\Windows\system32\WLANExt.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 000000007760dd78 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\WLANExt.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007760ddc0 6 bytes [48, B8, 79, DE, 5C, 75]
.text C:\Windows\system32\WLANExt.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken + 8 000000007760ddc8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\WLANExt.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007760de00 6 bytes [48, B8, B9, 34, 5C, 75]
.text C:\Windows\system32\WLANExt.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 000000007760de08 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\WLANExt.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007760de30 6 bytes [48, B8, F9, 0B, 5D, 75]
.text C:\Windows\system32\WLANExt.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 8 000000007760de38 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\WLANExt.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007760de50 6 bytes [48, B8, 79, 47, 5D, 75]
.text C:\Windows\system32\WLANExt.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 000000007760de58 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\WLANExt.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 000000007760de80 6 bytes [48, B8, 39, 2A, 5C, 75]
.text C:\Windows\system32\WLANExt.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 000000007760de88 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\WLANExt.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007760de90 6 bytes [48, B8, B9, 26, 5C, 75]
.text C:\Windows\system32\WLANExt.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 000000007760de98 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\WLANExt.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007760df00 6 bytes [48, B8, 39, E0, 5C, 75]
.text C:\Windows\system32\WLANExt.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000000007760df08 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\WLANExt.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000000007760dfb0 4 bytes [48, B8, F9, 4A]
.text C:\Windows\system32\WLANExt.exe[1424] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 5 000000007760dfb5 1 byte [75]
.text ...
Code:
ATTFilter * 2
.text C:\Windows\system32\WLANExt.exe[1424] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49 000007feff094e21 11 bytes [B8, B9, 4C, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\WLANExt.exe[1424] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007feff095538 12 bytes [48, B8, B9, 6C, 5C, 75, 00, ...]
.text C:\Windows\system32\WLANExt.exe[1424] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 1 000007feff0ab9c1 7 bytes [B8, 39, 18, 5D, 75, 00, 00]
.text C:\Windows\system32\WLANExt.exe[1424] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 10 000007feff0ab9ca 2 bytes [50, C3]
.text C:\Windows\system32\WLANExt.exe[1424] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007feff0aba4c 12 bytes [48, B8, F9, 6A, 5C, 75, 00, ...]
.text C:\Windows\system32\WLANExt.exe[1424] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW 000007feff0abbc0 12 bytes [48, B8, 79, 60, 5C, 75, 00, ...]
.text C:\Windows\system32\WLANExt.exe[1424] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007feff0abc2c 12 bytes [48, B8, B9, 5E, 5C, 75, 00, ...]
.text C:\Windows\system32\WLANExt.exe[1424] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefdd3642d 11 bytes [B8, 39, 5B, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\WLANExt.exe[1424] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefdd36484 12 bytes [48, B8, F9, 55, 5C, 75, 00, ...]
.text C:\Windows\system32\WLANExt.exe[1424] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefdd36519 11 bytes [B8, 39, 62, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\WLANExt.exe[1424] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefdd36c34 12 bytes [48, B8, 39, 54, 5C, 75, 00, ...]
.text C:\Windows\system32\WLANExt.exe[1424] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefdd37ab5 11 bytes [B8, F9, 5C, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\WLANExt.exe[1424] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefdd38b01 11 bytes [B8, B9, 57, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\WLANExt.exe[1424] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefdd38c39 11 bytes [B8, 79, 59, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\WLANExt.exe[1424] C:\Windows\system32\GDI32.dll!GdiDllInitialize + 349 000007fefe10b031 11 bytes [B8, 39, 50, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\WLANExt.exe[1424] C:\Windows\system32\GDI32.dll!SetBrushAttributes + 1 000007fefe124991 11 bytes [B8, B9, 22, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\WLANExt.exe[1424] C:\Windows\system32\GDI32.dll!ClearBrushAttributes + 1 000007fefe1249b1 11 bytes [B8, 79, 24, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\WLANExt.exe[1424] C:\Windows\system32\GDI32.dll!NamedEscape + 1 000007fefe139209 11 bytes [B8, F9, 27, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\WLANExt.exe[1424] C:\Windows\system32\WS2_32.dll!WSASend + 1 000007fefdd513b1 11 bytes [B8, B9, AB, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\WLANExt.exe[1424] C:\Windows\system32\WS2_32.dll!closesocket 000007fefdd518e0 12 bytes [48, B8, F9, A9, 5C, 75, 00, ...]
.text C:\Windows\system32\WLANExt.exe[1424] C:\Windows\system32\WS2_32.dll!WSASocketW + 1 000007fefdd51bd1 11 bytes [B8, 39, A8, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\WLANExt.exe[1424] C:\Windows\system32\WS2_32.dll!WSARecv + 1 000007fefdd52201 11 bytes [B8, F9, 20, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\WLANExt.exe[1424] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 000007fefdd523c0 12 bytes [48, B8, 39, 8C, 5C, 75, 00, ...]
.text C:\Windows\system32\WLANExt.exe[1424] C:\Windows\system32\WS2_32.dll!connect 000007fefdd545c0 12 bytes [48, B8, 79, 67, 5C, 75, 00, ...]
.text C:\Windows\system32\WLANExt.exe[1424] C:\Windows\system32\WS2_32.dll!send + 1 000007fefdd58001 11 bytes [B8, 79, A6, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\WLANExt.exe[1424] C:\Windows\system32\WS2_32.dll!gethostbyname 000007fefdd58df0 7 bytes [48, B8, B9, 8F, 5C, 75, 00]
.text C:\Windows\system32\WLANExt.exe[1424] C:\Windows\system32\WS2_32.dll!gethostbyname + 9 000007fefdd58df9 3 bytes [00, 50, C3]
.text C:\Windows\system32\WLANExt.exe[1424] C:\Windows\system32\WS2_32.dll!GetAddrInfoExW 000007fefdd5c090 12 bytes [48, B8, F9, 8D, 5C, 75, 00, ...]
.text C:\Windows\system32\WLANExt.exe[1424] C:\Windows\system32\WS2_32.dll!socket + 1 000007fefdd5de91 11 bytes [B8, F9, 19, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\WLANExt.exe[1424] C:\Windows\system32\WS2_32.dll!recv + 1 000007fefdd5df41 11 bytes [B8, 39, 1F, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\WLANExt.exe[1424] C:\Windows\system32\WS2_32.dll!WSAConnect + 1 000007fefdd7e0f1 11 bytes [B8, 79, 1D, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\WLANExt.exe[1424] C:\Windows\system32\DNSAPI.dll!DnsQuery_UTF8 000007fefc9c56e0 12 bytes [48, B8, 39, CB, 5C, 75, 00, ...]
.text C:\Windows\system32\WLANExt.exe[1424] C:\Windows\system32\DNSAPI.dll!DnsQuery_W 000007fefc9d010c 12 bytes [48, B8, 79, C9, 5C, 75, 00, ...]
.text C:\Windows\system32\WLANExt.exe[1424] C:\Windows\system32\DNSAPI.dll!DnsQuery_A 000007fefc9edaa0 12 bytes [48, B8, B9, C7, 5C, 75, 00, ...]
.text C:\Windows\System32\spoolsv.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!RtlEqualSid + 1 00000000775e85e1 11 bytes [B8, B9, 37, 5D, 75, 00, 00, ...]
.text C:\Windows\System32\spoolsv.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 00000000775f6921 7 bytes [B8, 39, 69, 5C, 75, 00, 00]
.text C:\Windows\System32\spoolsv.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 10 00000000775f692a 2 bytes [50, C3]
.text C:\Windows\System32\spoolsv.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 000000007760da30 6 bytes [48, B8, B9, 45, 5D, 75]
.text C:\Windows\System32\spoolsv.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 000000007760da38 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\spoolsv.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007760daa0 6 bytes [48, B8, 79, C2, 5C, 75]
.text C:\Windows\System32\spoolsv.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 000000007760daa8 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\spoolsv.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007760db70 6 bytes [48, B8, 39, AF, 5C, 75]
.text C:\Windows\System32\spoolsv.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 000000007760db78 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\spoolsv.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken 000000007760dbc0 6 bytes [48, B8, F9, 35, 5D, 75]
.text C:\Windows\System32\spoolsv.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken + 8 000000007760dbc8 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\spoolsv.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007760dc10 6 bytes [48, B8, F9, 32, 5C, 75]
.text C:\Windows\System32\spoolsv.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 000000007760dc18 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\spoolsv.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007760dc30 6 bytes [48, B8, 39, 1C, 5C, 75]
.text C:\Windows\System32\spoolsv.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000000007760dc38 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\spoolsv.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007760dc50 6 bytes [48, B8, F9, 1D, 5C, 75]
.text C:\Windows\System32\spoolsv.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 000000007760dc58 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\spoolsv.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007760dc70 6 bytes [48, B8, 79, AD, 5C, 75]
.text C:\Windows\System32\spoolsv.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 000000007760dc78 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\spoolsv.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007760dd20 6 bytes [48, B8, F9, 43, 5D, 75]
.text C:\Windows\System32\spoolsv.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 000000007760dd28 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\spoolsv.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007760dd50 6 bytes [48, B8, 79, 2F, 5C, 75]
.text C:\Windows\System32\spoolsv.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 000000007760dd58 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\spoolsv.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007760dd70 6 bytes [48, B8, 79, 36, 5C, 75]
.text C:\Windows\System32\spoolsv.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 000000007760dd78 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\spoolsv.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007760ddc0 6 bytes [48, B8, 79, DE, 5C, 75]
.text C:\Windows\System32\spoolsv.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken + 8 000000007760ddc8 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\spoolsv.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007760de00 6 bytes [48, B8, B9, 34, 5C, 75]
.text C:\Windows\System32\spoolsv.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 000000007760de08 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\spoolsv.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007760de30 6 bytes [48, B8, F9, 0B, 5D, 75]
.text C:\Windows\System32\spoolsv.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 8 000000007760de38 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\spoolsv.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007760de50 6 bytes [48, B8, 79, 47, 5D, 75]
.text C:\Windows\System32\spoolsv.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 000000007760de58 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\spoolsv.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 000000007760de80 6 bytes [48, B8, 39, 2A, 5C, 75]
.text C:\Windows\System32\spoolsv.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 000000007760de88 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\spoolsv.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007760de90 6 bytes [48, B8, B9, 26, 5C, 75]
.text C:\Windows\System32\spoolsv.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 000000007760de98 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\spoolsv.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007760df00 6 bytes [48, B8, 39, E0, 5C, 75]
.text C:\Windows\System32\spoolsv.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000000007760df08 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\spoolsv.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000000007760dfb0 4 bytes [48, B8, F9, 4A]
.text C:\Windows\System32\spoolsv.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 5 000000007760dfb5 1 byte [75]
.text ... * 2
.text C:\Windows\System32\spoolsv.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007760e380 6 bytes [48, B8, 39, 42, 5D, 75]
.text C:\Windows\System32\spoolsv.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 000000007760e388 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\spoolsv.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 000000007760e3d0 6 bytes [48, B8, 79, 28, 5C, 75]
.text C:\Windows\System32\spoolsv.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 000000007760e3d8 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\spoolsv.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007760e430 6 bytes [48, B8, F9, 24, 5C, 75]
.text C:\Windows\System32\spoolsv.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 000000007760e438 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\spoolsv.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007760e7a0 6 bytes [48, B8, 39, C4, 5C, 75]
.text C:\Windows\System32\spoolsv.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 000000007760e7a8 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\spoolsv.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 000000007760e970 6 bytes [48, B8, 39, 34, 5D, 75]
.text C:\Windows\System32\spoolsv.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 000000007760e978 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\spoolsv.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 000000007760ece0 6 bytes [48, B8, 79, 83, 5C, 75]
.text C:\Windows\System32\spoolsv.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 000000007760ece8 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\spoolsv.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007760eee0 6 bytes [48, B8, 39, 31, 5C, 75]
.text C:\Windows\System32\spoolsv.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 000000007760eee8 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\spoolsv.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007760f0a0 6 bytes [48, B8, F9, C5, 5C, 75]
.text C:\Windows\System32\spoolsv.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 000000007760f0a8 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\spoolsv.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007760f180 6 bytes [48, B8, 79, 3D, 5C, 75]
.text C:\Windows\System32\spoolsv.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8 000000007760f188 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\spoolsv.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007760f190 6 bytes [48, B8, B9, 3B, 5C, 75]
.text C:\Windows\System32\spoolsv.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8 000000007760f198 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\spoolsv.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007760f1a0 6 bytes [48, B8, 39, 49, 5D, 75]
.text C:\Windows\System32\spoolsv.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 000000007760f1a8 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\spoolsv.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007760f280 6 bytes [48, B8, F9, 3C, 5D, 75]
.text C:\Windows\System32\spoolsv.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 000000007760f288 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\spoolsv.exe[2052] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 000000007767f0c1 11 bytes [B8, 39, 85, 5C, 75, 00, 00, ...]
.text C:\Windows\System32\spoolsv.exe[2052] C:\Windows\system32\kernel32.dll!Process32NextW + 1 00000000773a1b21 11 bytes [B8, B9, C0, 5C, 75, 00, 00, ...]
.text C:\Windows\System32\spoolsv.exe[2052] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 00000000773a1c10 12 bytes [48, B8, F9, 39, 5C, 75, 00, ...]
.text C:\Windows\System32\spoolsv.exe[2052] C:\Windows\system32\kernel32.dll!MoveFileExW + 1 00000000773a2b61 8 bytes [B8, B9, D5, 5C, 75, 00, 00, ...]
.text C:\Windows\System32\spoolsv.exe[2052] C:\Windows\system32\kernel32.dll!MoveFileExW + 10 00000000773a2b6a 2 bytes [50, C3]
.text C:\Windows\System32\spoolsv.exe[2052] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 00000000773bdb10 12 bytes [48, B8, B9, 2D, 5C, 75, 00, ...]
.text C:\Windows\System32\spoolsv.exe[2052] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 00000000773c0951 11 bytes [B8, 39, 3B, 5D, 75, 00, 00, ...]
.text C:\Windows\System32\spoolsv.exe[2052] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 00000000773f52c1 11 bytes [B8, B9, 7A, 5C, 75, 00, 00, ...]
.text C:\Windows\System32\spoolsv.exe[2052] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 00000000773f52e1 11 bytes [B8, 39, 77, 5C, 75, 00, 00, ...]
.text C:\Windows\System32\spoolsv.exe[2052] C:\Windows\system32\kernel32.dll!ReadConsoleW 000000007740a630 12 bytes [48, B8, B9, 81, 5C, 75, 00, ...]
.text C:\Windows\System32\spoolsv.exe[2052] C:\Windows\system32\kernel32.dll!ReadConsoleA 000000007740a740 12 bytes [48, B8, 39, 7E, 5C, 75, 00, ...]
.text C:\Windows\System32\spoolsv.exe[2052] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1 000000007742f4e1 11 bytes [B8, B9, DC, 5C, 75, 00, 00, ...]
.text C:\Windows\System32\spoolsv.exe[2052] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1 000000007742f6e1 11 bytes [B8, 39, D9, 5C, 75, 00, 00, ...]
.text C:\Windows\System32\spoolsv.exe[2052] C:\Windows\system32\kernel32.dll!MoveFileExA + 1 000000007742f711 8 bytes [B8, 39, D2, 5C, 75, 00, 00, ...]
.text C:\Windows\System32\spoolsv.exe[2052] C:\Windows\system32\kernel32.dll!MoveFileExA + 10 000000007742f71a 2 bytes [50, C3]
.text C:\Windows\System32\spoolsv.exe[2052] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd681861 11 bytes [B8, 79, 52, 5C, 75, 00, 00, ...]
.text C:\Windows\System32\spoolsv.exe[2052] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd682db1 11 bytes [B8, 79, B4, 5C, 75, 00, 00, ...]
.text C:\Windows\System32\spoolsv.exe[2052] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd683461 11 bytes [B8, 39, B6, 5C, 75, 00, 00, ...]
.text C:\Windows\System32\spoolsv.exe[2052] C:\Windows\system32\KERNELBASE.dll!FindClose + 1 000007fefd6850d1 11 bytes [B8, 39, 11, 5D, 75, 00, 00, ...]
.text C:\Windows\System32\spoolsv.exe[2052] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 000007fefd685370 12 bytes [48, B8, B9, 0D, 5D, 75, 00, ...]
.text C:\Windows\System32\spoolsv.exe[2052] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 000007fefd685eb1 11 bytes [B8, 79, 0F, 5D, 75, 00, 00, ...]
.text C:\Windows\System32\spoolsv.exe[2052] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd688f20 12 bytes [48, B8, B9, 50, 5C, 75, 00, ...]
.text C:\Windows\System32\spoolsv.exe[2052] C:\Windows\system32\KERNELBASE.dll!CreateWellKnownSid + 1 000007fefd6897a1 11 bytes [B8, 79, 32, 5D, 75, 00, 00, ...]
.text C:\Windows\System32\spoolsv.exe[2052] C:\Windows\system32\KERNELBASE.dll!DeviceIoControl + 1 000007fefd68a0e1 11 bytes [B8, F9, E1, 5C, 75, 00, 00, ...]
.text C:\Windows\System32\spoolsv.exe[2052] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd68aec0 12 bytes [48, B8, B9, B2, 5C, 75, 00, ...]
.text C:\Windows\System32\spoolsv.exe[2052] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd68ca31 11 bytes [B8, F9, B0, 5C, 75, 00, 00, ...]
.text C:\Windows\System32\spoolsv.exe[2052] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd6937d1 11 bytes [B8, F9, 4E, 5C, 75, 00, 00, ...]
.text C:\Windows\System32\spoolsv.exe[2052] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd6b4310 12 bytes [48, B8, B9, 42, 5C, 75, 00, ...]
.text C:\Windows\System32\spoolsv.exe[2052] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 000007fefd6c0bd1 11 bytes [B8, B9, CE, 5C, 75, 00, 00, ...]
.text C:\Windows\System32\spoolsv.exe[2052] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd6c2831 8 bytes [B8, 39, 23, 5C, 75, 00, 00, ...]
.text C:\Windows\System32\spoolsv.exe[2052] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd6c283a 2 bytes [50, C3]
.text C:\Windows\System32\spoolsv.exe[2052] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd6c2871 11 bytes [B8, F9, 40, 5C, 75, 00, 00, ...]
.text C:\Windows\System32\spoolsv.exe[2052] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefdd3642d 11 bytes [B8, 39, 5B, 5C, 75, 00, 00, ...]
.text C:\Windows\System32\spoolsv.exe[2052] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefdd36484 12 bytes [48, B8, F9, 55, 5C, 75, 00, ...]
.text C:\Windows\System32\spoolsv.exe[2052] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefdd36519 11 bytes [B8, 39, 62, 5C, 75, 00, 00, ...]
.text C:\Windows\System32\spoolsv.exe[2052] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefdd36c34 12 bytes [48, B8, 39, 54, 5C, 75, 00, ...]
.text C:\Windows\System32\spoolsv.exe[2052] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefdd37ab5 11 bytes [B8, F9, 5C, 5C, 75, 00, 00, ...]
.text C:\Windows\System32\spoolsv.exe[2052] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefdd38b01 11 bytes [B8, B9, 57, 5C, 75, 00, 00, ...]
.text C:\Windows\System32\spoolsv.exe[2052] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefdd38c39 11 bytes [B8, 79, 59, 5C, 75, 00, 00, ...]
.text C:\Windows\System32\spoolsv.exe[2052] C:\Windows\system32\GDI32.dll!GdiDllInitialize + 349 000007fefe10b031 11 bytes [B8, 79, 4E, 5D, 75, 00, 00, ...]
.text C:\Windows\System32\spoolsv.exe[2052] C:\Windows\system32\GDI32.dll!SetBrushAttributes + 1 000007fefe124991 11 bytes [B8, B9, 22, 5D, 75, 00, 00, ...]
.text C:\Windows\System32\spoolsv.exe[2052] C:\Windows\system32\GDI32.dll!ClearBrushAttributes + 1 000007fefe1249b1 11 bytes [B8, 79, 24, 5D, 75, 00, 00, ...]
.text C:\Windows\System32\spoolsv.exe[2052] C:\Windows\system32\GDI32.dll!NamedEscape + 1 000007fefe139209 11 bytes [B8, F9, 27, 5D, 75, 00, 00, ...]
.text C:\Windows\System32\spoolsv.exe[2052] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 1 000007feff07ae81 11 bytes [B8, 79, 2B, 5D, 75, 00, 00, ...]
.text C:\Windows\System32\spoolsv.exe[2052] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 1 000007feff07aee1 11 bytes [B8, F9, 12, 5D, 75, 00, 00, ...]
.text C:\Windows\System32\spoolsv.exe[2052] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 1 000007feff07e6e9 11 bytes [B8, B9, 30, 5D, 75, 00, 00, ...]
.text C:\Windows\System32\spoolsv.exe[2052] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 1 000007feff08048d 11 bytes [B8, B9, 14, 5D, 75, 00, 00, ...]
.text C:\Windows\System32\spoolsv.exe[2052] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 1 000007feff080579 11 bytes [B8, B9, 29, 5D, 75, 00, 00, ...]
.text C:\Windows\System32\spoolsv.exe[2052] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 1 000007feff0805b1 11 bytes [B8, 39, 2D, 5D, 75, 00, 00, ...]
.text C:\Windows\System32\spoolsv.exe[2052] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 73 000007feff0805f9 5 bytes [B8, F9, 2E, 5D, 75]
.text ... * 2
.text C:\Windows\System32\spoolsv.exe[2052] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49 000007feff094e21 11 bytes [B8, 39, 50, 5D, 75, 00, 00, ...]
.text C:\Windows\System32\spoolsv.exe[2052] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007feff095538 12 bytes [48, B8, B9, 6C, 5C, 75, 00, ...]
.text C:\Windows\System32\spoolsv.exe[2052] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 1 000007feff0ab9c1 7 bytes [B8, 39, 18, 5D, 75, 00, 00]
.text C:\Windows\System32\spoolsv.exe[2052] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 10 000007feff0ab9ca 2 bytes [50, C3]
.text C:\Windows\System32\spoolsv.exe[2052] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007feff0aba4c 12 bytes [48, B8, F9, 6A, 5C, 75, 00, ...]
.text C:\Windows\System32\spoolsv.exe[2052] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW 000007feff0abbc0 12 bytes [48, B8, 79, 60, 5C, 75, 00, ...]
.text C:\Windows\System32\spoolsv.exe[2052] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007feff0abc2c 12 bytes [48, B8, B9, 5E, 5C, 75, 00, ...]
.text C:\Windows\System32\spoolsv.exe[2052] C:\Windows\System32\DNSAPI.dll!DnsQuery_UTF8 000007fefc9c56e0 12 bytes [48, B8, 39, CB, 5C, 75, 00, ...]
.text C:\Windows\System32\spoolsv.exe[2052] C:\Windows\System32\DNSAPI.dll!DnsQuery_W 000007fefc9d010c 12 bytes [48, B8, 79, C9, 5C, 75, 00, ...]
.text C:\Windows\System32\spoolsv.exe[2052] C:\Windows\System32\DNSAPI.dll!DnsQuery_A 000007fefc9edaa0 12 bytes [48, B8, B9, C7, 5C, 75, 00, ...]
.text C:\Windows\System32\spoolsv.exe[2052] C:\Windows\system32\WS2_32.dll!WSASend + 1 000007fefdd513b1 11 bytes [B8, B9, AB, 5C, 75, 00, 00, ...]
.text C:\Windows\System32\spoolsv.exe[2052] C:\Windows\system32\WS2_32.dll!closesocket 000007fefdd518e0 12 bytes [48, B8, F9, A9, 5C, 75, 00, ...]
.text C:\Windows\System32\spoolsv.exe[2052] C:\Windows\system32\WS2_32.dll!WSASocketW + 1 000007fefdd51bd1 11 bytes [B8, 39, A8, 5C, 75, 00, 00, ...]
.text C:\Windows\System32\spoolsv.exe[2052] C:\Windows\system32\WS2_32.dll!WSARecv + 1 000007fefdd52201 11 bytes [B8, F9, 20, 5D, 75, 00, 00, ...]
.text C:\Windows\System32\spoolsv.exe[2052] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 000007fefdd523c0 12 bytes [48, B8, 39, 8C, 5C, 75, 00, ...]
.text C:\Windows\System32\spoolsv.exe[2052] C:\Windows\system32\WS2_32.dll!connect 000007fefdd545c0 12 bytes [48, B8, 79, 67, 5C, 75, 00, ...]
.text C:\Windows\System32\spoolsv.exe[2052] C:\Windows\system32\WS2_32.dll!send + 1 000007fefdd58001 11 bytes [B8, 79, A6, 5C, 75, 00, 00, ...]
.text C:\Windows\System32\spoolsv.exe[2052] C:\Windows\system32\WS2_32.dll!gethostbyname 000007fefdd58df0 7 bytes [48, B8, B9, 8F, 5C, 75, 00]
.text C:\Windows\System32\spoolsv.exe[2052] C:\Windows\system32\WS2_32.dll!gethostbyname + 9 000007fefdd58df9 3 bytes [00, 50, C3]
.text C:\Windows\System32\spoolsv.exe[2052] C:\Windows\system32\WS2_32.dll!GetAddrInfoExW 000007fefdd5c090 12 bytes [48, B8, F9, 8D, 5C, 75, 00, ...]
.text C:\Windows\System32\spoolsv.exe[2052] C:\Windows\system32\WS2_32.dll!socket + 1 000007fefdd5de91 11 bytes [B8, F9, 19, 5D, 75, 00, 00, ...]
.text C:\Windows\System32\spoolsv.exe[2052] C:\Windows\system32\WS2_32.dll!recv + 1 000007fefdd5df41 11 bytes [B8, 39, 1F, 5D, 75, 00, 00, ...]
.text C:\Windows\System32\spoolsv.exe[2052] C:\Windows\system32\WS2_32.dll!WSAConnect + 1 000007fefdd7e0f1 11 bytes [B8, 79, 1D, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!RtlEqualSid + 1 00000000775e85e1 11 bytes [B8, F9, 35, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 00000000775f6921 7 bytes [B8, 39, 69, 5C, 75, 00, 00]
.text C:\Windows\system32\svchost.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 10 00000000775f692a 2 bytes [50, C3]
.text C:\Windows\system32\svchost.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 000000007760da30 6 bytes [48, B8, B9, 3E, 5D, 75]
.text C:\Windows\system32\svchost.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 000000007760da38 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007760daa0 6 bytes [48, B8, 79, C2, 5C, 75]
.text C:\Windows\system32\svchost.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 000000007760daa8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007760db70 6 bytes [48, B8, 39, AF, 5C, 75]
.text C:\Windows\system32\svchost.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 000000007760db78 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken 000000007760dbc0 6 bytes [48, B8, 39, 34, 5D, 75]
.text C:\Windows\system32\svchost.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken + 8 000000007760dbc8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007760dc10 6 bytes [48, B8, F9, 32, 5C, 75]
.text C:\Windows\system32\svchost.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 000000007760dc18 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007760dc30 6 bytes [48, B8, 39, 1C, 5C, 75]
.text C:\Windows\system32\svchost.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000000007760dc38 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007760dc50 6 bytes [48, B8, F9, 1D, 5C, 75]
.text C:\Windows\system32\svchost.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 000000007760dc58 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007760dc70 6 bytes [48, B8, 79, AD, 5C, 75]
.text C:\Windows\system32\svchost.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 000000007760dc78 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007760dd20 6 bytes [48, B8, F9, 3C, 5D, 75]
.text C:\Windows\system32\svchost.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 000000007760dd28 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007760dd50 6 bytes [48, B8, 79, 2F, 5C, 75]
.text C:\Windows\system32\svchost.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 000000007760dd58 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007760dd70 6 bytes [48, B8, 79, 36, 5C, 75]
.text C:\Windows\system32\svchost.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 000000007760dd78 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007760de00 6 bytes [48, B8, B9, 34, 5C, 75]
.text C:\Windows\system32\svchost.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 000000007760de08 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007760de30 6 bytes [48, B8, 39, 0A, 5D, 75]
.text C:\Windows\system32\svchost.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 8 000000007760de38 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007760de50 6 bytes [48, B8, 79, 40, 5D, 75]
.text C:\Windows\system32\svchost.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 000000007760de58 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 000000007760de80 6 bytes [48, B8, 39, 2A, 5C, 75]
.text C:\Windows\system32\svchost.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 000000007760de88 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007760de90 6 bytes [48, B8, B9, 26, 5C, 75]
.text C:\Windows\system32\svchost.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 000000007760de98 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007760df00 6 bytes [48, B8, 79, DE, 5C, 75]
.text C:\Windows\system32\svchost.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000000007760df08 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000000007760dfb0 4 bytes [48, B8, F9, 43]
.text C:\Windows\system32\svchost.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 5 000000007760dfb5 1 byte [75]
.text ...
|
|
05.12.2015, 19:03
| #5 |
| /// TB-Schüler | Win7: Fehler 5 u.a. / "Kaputtoptimiert" Teil 5: Code:
ATTFilter * 2
.text C:\Windows\system32\svchost.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007760e380 6 bytes [48, B8, 39, 3B, 5D, 75]
.text C:\Windows\system32\svchost.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 000000007760e388 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 000000007760e3d0 6 bytes [48, B8, 79, 28, 5C, 75]
.text C:\Windows\system32\svchost.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 000000007760e3d8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007760e430 6 bytes [48, B8, F9, 24, 5C, 75]
.text C:\Windows\system32\svchost.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 000000007760e438 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007760e7a0 6 bytes [48, B8, 39, C4, 5C, 75]
.text C:\Windows\system32\svchost.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 000000007760e7a8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 000000007760e970 6 bytes [48, B8, 79, 32, 5D, 75]
.text C:\Windows\system32\svchost.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 000000007760e978 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 000000007760ece0 6 bytes [48, B8, 79, 83, 5C, 75]
.text C:\Windows\system32\svchost.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 000000007760ece8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007760eee0 6 bytes [48, B8, 39, 31, 5C, 75]
.text C:\Windows\system32\svchost.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 000000007760eee8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007760f0a0 6 bytes [48, B8, F9, C5, 5C, 75]
.text C:\Windows\system32\svchost.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 000000007760f0a8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007760f180 6 bytes [48, B8, 79, 3D, 5C, 75]
.text C:\Windows\system32\svchost.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8 000000007760f188 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007760f190 6 bytes [48, B8, B9, 3B, 5C, 75]
.text C:\Windows\system32\svchost.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8 000000007760f198 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007760f1a0 6 bytes [48, B8, 39, 42, 5D, 75]
.text C:\Windows\system32\svchost.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 000000007760f1a8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[2128] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 000000007767f0c1 11 bytes [B8, 39, 85, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[2128] C:\Windows\system32\kernel32.dll!Process32NextW + 1 00000000773a1b21 11 bytes [B8, B9, C0, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[2128] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 00000000773a1c10 12 bytes [48, B8, F9, 39, 5C, 75, 00, ...]
.text C:\Windows\system32\svchost.exe[2128] C:\Windows\system32\kernel32.dll!MoveFileExW + 1 00000000773a2b61 8 bytes [B8, B9, D5, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[2128] C:\Windows\system32\kernel32.dll!MoveFileExW + 10 00000000773a2b6a 2 bytes [50, C3]
.text C:\Windows\system32\svchost.exe[2128] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 00000000773bdb10 12 bytes [48, B8, B9, 2D, 5C, 75, 00, ...]
.text C:\Windows\system32\svchost.exe[2128] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 00000000773c0951 11 bytes [B8, 79, 39, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[2128] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 00000000773f52c1 11 bytes [B8, B9, 7A, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[2128] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 00000000773f52e1 11 bytes [B8, 39, 77, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[2128] C:\Windows\system32\kernel32.dll!ReadConsoleW 000000007740a630 12 bytes [48, B8, B9, 81, 5C, 75, 00, ...]
.text C:\Windows\system32\svchost.exe[2128] C:\Windows\system32\kernel32.dll!ReadConsoleA 000000007740a740 12 bytes [48, B8, 39, 7E, 5C, 75, 00, ...]
.text C:\Windows\system32\svchost.exe[2128] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1 000000007742f4e1 11 bytes [B8, B9, DC, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[2128] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1 000000007742f6e1 11 bytes [B8, 39, D9, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[2128] C:\Windows\system32\kernel32.dll!MoveFileExA + 1 000000007742f711 8 bytes [B8, 39, D2, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[2128] C:\Windows\system32\kernel32.dll!MoveFileExA + 10 000000007742f71a 2 bytes [50, C3]
.text C:\Windows\system32\svchost.exe[2128] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd681861 11 bytes [B8, 79, 52, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[2128] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd682db1 11 bytes [B8, 79, B4, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[2128] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd683461 11 bytes [B8, 39, B6, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[2128] C:\Windows\system32\KERNELBASE.dll!FindClose + 1 000007fefd6850d1 11 bytes [B8, 79, 0F, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[2128] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 000007fefd685370 12 bytes [48, B8, F9, 0B, 5D, 75, 00, ...]
.text C:\Windows\system32\svchost.exe[2128] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 000007fefd685eb1 11 bytes [B8, B9, 0D, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[2128] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd688f20 12 bytes [48, B8, B9, 50, 5C, 75, 00, ...]
.text C:\Windows\system32\svchost.exe[2128] C:\Windows\system32\KERNELBASE.dll!CreateWellKnownSid + 1 000007fefd6897a1 11 bytes [B8, B9, 30, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[2128] C:\Windows\system32\KERNELBASE.dll!DeviceIoControl + 1 000007fefd68a0e1 11 bytes [B8, 39, E0, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[2128] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd68aec0 12 bytes [48, B8, B9, B2, 5C, 75, 00, ...]
.text C:\Windows\system32\svchost.exe[2128] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd68ca31 11 bytes [B8, F9, B0, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[2128] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd6937d1 11 bytes [B8, F9, 4E, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[2128] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd6b4310 12 bytes [48, B8, B9, 42, 5C, 75, 00, ...]
.text C:\Windows\system32\svchost.exe[2128] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 000007fefd6c0bd1 11 bytes [B8, B9, CE, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[2128] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd6c2831 8 bytes [B8, 39, 23, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[2128] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd6c283a 2 bytes [50, C3]
.text C:\Windows\system32\svchost.exe[2128] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd6c2871 11 bytes [B8, F9, 40, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[2128] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefdd3642d 11 bytes [B8, 39, 5B, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[2128] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefdd36484 12 bytes [48, B8, F9, 55, 5C, 75, 00, ...]
.text C:\Windows\system32\svchost.exe[2128] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefdd36519 11 bytes [B8, 39, 62, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[2128] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefdd36c34 12 bytes [48, B8, 39, 54, 5C, 75, 00, ...]
.text C:\Windows\system32\svchost.exe[2128] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefdd37ab5 11 bytes [B8, F9, 5C, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[2128] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefdd38b01 11 bytes [B8, B9, 57, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[2128] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefdd38c39 11 bytes [B8, 79, 59, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[2128] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 1 000007feff07ae81 11 bytes [B8, B9, 29, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[2128] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 1 000007feff07aee1 11 bytes [B8, 39, 11, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[2128] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 1 000007feff07e6e9 11 bytes [B8, F9, 2E, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[2128] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 1 000007feff08048d 11 bytes [B8, F9, 12, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[2128] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 1 000007feff080579 11 bytes [B8, F9, 27, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[2128] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 1 000007feff0805b1 11 bytes [B8, 79, 2B, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[2128] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 73 000007feff0805f9 5 bytes [B8, 39, 2D, 5D, 75]
.text ... * 2
.text C:\Windows\system32\svchost.exe[2128] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49 000007feff094e21 11 bytes [B8, B9, 45, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[2128] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007feff095538 12 bytes [48, B8, B9, 6C, 5C, 75, 00, ...]
.text C:\Windows\system32\svchost.exe[2128] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 1 000007feff0ab9c1 7 bytes [B8, 79, 16, 5D, 75, 00, 00]
.text C:\Windows\system32\svchost.exe[2128] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 10 000007feff0ab9ca 2 bytes [50, C3]
.text C:\Windows\system32\svchost.exe[2128] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007feff0aba4c 12 bytes [48, B8, F9, 6A, 5C, 75, 00, ...]
.text C:\Windows\system32\svchost.exe[2128] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW 000007feff0abbc0 12 bytes [48, B8, 79, 60, 5C, 75, 00, ...]
.text C:\Windows\system32\svchost.exe[2128] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007feff0abc2c 12 bytes [48, B8, B9, 5E, 5C, 75, 00, ...]
.text C:\Windows\system32\svchost.exe[2128] C:\Windows\system32\GDI32.dll!GdiDllInitialize + 349 000007fefe10b031 11 bytes [B8, 39, 49, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[2128] C:\Windows\system32\GDI32.dll!SetBrushAttributes + 1 000007fefe124991 11 bytes [B8, F9, 20, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[2128] C:\Windows\system32\GDI32.dll!ClearBrushAttributes + 1 000007fefe1249b1 11 bytes [B8, B9, 22, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[2128] C:\Windows\system32\GDI32.dll!NamedEscape + 1 000007fefe139209 11 bytes [B8, 39, 26, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!RtlEqualSid + 1 00000000775e85e1 11 bytes [B8, F9, 35, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 00000000775f6921 7 bytes [B8, 39, 69, 5C, 75, 00, 00]
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 10 00000000775f692a 2 bytes [50, C3]
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 000000007760da30 6 bytes [48, B8, B9, 3E, 5D, 75]
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 000000007760da38 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007760daa0 6 bytes [48, B8, 79, C2, 5C, 75]
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 000000007760daa8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007760db70 6 bytes [48, B8, 39, AF, 5C, 75]
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 000000007760db78 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken 000000007760dbc0 6 bytes [48, B8, 39, 34, 5D, 75]
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken + 8 000000007760dbc8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007760dc10 6 bytes [48, B8, F9, 32, 5C, 75]
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 000000007760dc18 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007760dc30 6 bytes [48, B8, 39, 1C, 5C, 75]
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000000007760dc38 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007760dc50 6 bytes [48, B8, F9, 1D, 5C, 75]
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 000000007760dc58 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007760dc70 6 bytes [48, B8, 79, AD, 5C, 75]
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 000000007760dc78 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007760dd20 6 bytes [48, B8, F9, 3C, 5D, 75]
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 000000007760dd28 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007760dd50 6 bytes [48, B8, 79, 2F, 5C, 75]
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 000000007760dd58 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007760dd70 6 bytes [48, B8, 79, 36, 5C, 75]
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 000000007760dd78 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007760de00 6 bytes [48, B8, B9, 34, 5C, 75]
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 000000007760de08 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007760de30 6 bytes [48, B8, 39, 0A, 5D, 75]
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 8 000000007760de38 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007760de50 6 bytes [48, B8, 79, 40, 5D, 75]
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 000000007760de58 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 000000007760de80 6 bytes [48, B8, 39, 2A, 5C, 75]
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 000000007760de88 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007760de90 6 bytes [48, B8, B9, 26, 5C, 75]
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 000000007760de98 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007760df00 6 bytes [48, B8, 79, DE, 5C, 75]
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000000007760df08 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000000007760dfb0 4 bytes [48, B8, F9, 43]
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 5 000000007760dfb5 1 byte [75]
.text ... * 2
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007760e380 6 bytes [48, B8, 39, 3B, 5D, 75]
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 000000007760e388 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 000000007760e3d0 6 bytes [48, B8, 79, 28, 5C, 75]
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 000000007760e3d8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007760e430 6 bytes [48, B8, F9, 24, 5C, 75]
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 000000007760e438 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007760e7a0 6 bytes [48, B8, 39, C4, 5C, 75]
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 000000007760e7a8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 000000007760e970 6 bytes [48, B8, 79, 32, 5D, 75]
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 000000007760e978 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 000000007760ece0 6 bytes [48, B8, 79, 83, 5C, 75]
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 000000007760ece8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007760eee0 6 bytes [48, B8, 39, 31, 5C, 75]
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 000000007760eee8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007760f0a0 6 bytes [48, B8, F9, C5, 5C, 75]
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 000000007760f0a8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007760f180 6 bytes [48, B8, 79, 3D, 5C, 75]
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8 000000007760f188 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007760f190 6 bytes [48, B8, B9, 3B, 5C, 75]
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8 000000007760f198 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007760f1a0 6 bytes [48, B8, 39, 42, 5D, 75]
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 000000007760f1a8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 000000007767f0c1 11 bytes [B8, 39, 85, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\system32\kernel32.dll!Process32NextW + 1 00000000773a1b21 11 bytes [B8, B9, C0, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 00000000773a1c10 12 bytes [48, B8, F9, 39, 5C, 75, 00, ...]
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\system32\kernel32.dll!MoveFileExW + 1 00000000773a2b61 8 bytes [B8, B9, D5, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\system32\kernel32.dll!MoveFileExW + 10 00000000773a2b6a 2 bytes [50, C3]
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 00000000773bdb10 12 bytes [48, B8, B9, 2D, 5C, 75, 00, ...]
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 00000000773c0951 11 bytes [B8, 79, 39, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 00000000773f52c1 11 bytes [B8, B9, 7A, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 00000000773f52e1 11 bytes [B8, 39, 77, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\system32\kernel32.dll!ReadConsoleW 000000007740a630 12 bytes [48, B8, B9, 81, 5C, 75, 00, ...]
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\system32\kernel32.dll!ReadConsoleA 000000007740a740 12 bytes [48, B8, 39, 7E, 5C, 75, 00, ...]
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1 000000007742f4e1 11 bytes [B8, B9, DC, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1 000000007742f6e1 11 bytes [B8, 39, D9, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\system32\kernel32.dll!MoveFileExA + 1 000000007742f711 8 bytes [B8, 39, D2, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\system32\kernel32.dll!MoveFileExA + 10 000000007742f71a 2 bytes [50, C3]
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd681861 11 bytes [B8, 79, 52, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd682db1 11 bytes [B8, 79, B4, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd683461 11 bytes [B8, 39, B6, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\system32\KERNELBASE.dll!FindClose + 1 000007fefd6850d1 11 bytes [B8, 79, 0F, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 000007fefd685370 12 bytes [48, B8, F9, 0B, 5D, 75, 00, ...]
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 000007fefd685eb1 11 bytes [B8, B9, 0D, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd688f20 12 bytes [48, B8, B9, 50, 5C, 75, 00, ...]
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\system32\KERNELBASE.dll!CreateWellKnownSid + 1 000007fefd6897a1 11 bytes [B8, B9, 30, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\system32\KERNELBASE.dll!DeviceIoControl + 1 000007fefd68a0e1 11 bytes [B8, 39, E0, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd68aec0 12 bytes [48, B8, B9, B2, 5C, 75, 00, ...]
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd68ca31 11 bytes [B8, F9, B0, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd6937d1 11 bytes [B8, F9, 4E, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd6b4310 12 bytes [48, B8, B9, 42, 5C, 75, 00, ...]
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 000007fefd6c0bd1 11 bytes [B8, B9, CE, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd6c2831 8 bytes [B8, 39, 23, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd6c283a 2 bytes [50, C3]
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd6c2871 11 bytes [B8, F9, 40, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefdd3642d 11 bytes [B8, 39, 5B, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefdd36484 12 bytes [48, B8, F9, 55, 5C, 75, 00, ...]
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefdd36519 11 bytes [B8, 39, 62, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefdd36c34 12 bytes [48, B8, 39, 54, 5C, 75, 00, ...]
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefdd37ab5 11 bytes [B8, F9, 5C, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefdd38b01 11 bytes [B8, B9, 57, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefdd38c39 11 bytes [B8, 79, 59, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\system32\GDI32.dll!GdiDllInitialize + 349 000007fefe10b031 11 bytes [B8, B9, 45, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\system32\GDI32.dll!SetBrushAttributes + 1 000007fefe124991 11 bytes [B8, F9, 20, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\system32\GDI32.dll!ClearBrushAttributes + 1 000007fefe1249b1 11 bytes [B8, B9, 22, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\system32\GDI32.dll!NamedEscape + 1 000007fefe139209 11 bytes [B8, 39, 26, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 1 000007feff07ae81 11 bytes [B8, B9, 29, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 1 000007feff07aee1 11 bytes [B8, 39, 11, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 1 000007feff07e6e9 11 bytes [B8, F9, 2E, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 1 000007feff08048d 11 bytes [B8, F9, 12, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 1 000007feff080579 11 bytes [B8, F9, 27, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 1 000007feff0805b1 11 bytes [B8, 79, 2B, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 73 000007feff0805f9 5 bytes [B8, 39, 2D, 5D, 75]
.text ...
Code:
ATTFilter * 2
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49 000007feff094e21 11 bytes [B8, 39, 49, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007feff095538 12 bytes [48, B8, B9, 6C, 5C, 75, 00, ...]
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 1 000007feff0ab9c1 7 bytes [B8, 79, 16, 5D, 75, 00, 00]
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 10 000007feff0ab9ca 2 bytes [50, C3]
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007feff0aba4c 12 bytes [48, B8, F9, 6A, 5C, 75, 00, ...]
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW 000007feff0abbc0 12 bytes [48, B8, 79, 60, 5C, 75, 00, ...]
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007feff0abc2c 12 bytes [48, B8, B9, 5E, 5C, 75, 00, ...]
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\system32\WS2_32.dll!WSASend + 1 000007fefdd513b1 11 bytes [B8, B9, AB, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\system32\WS2_32.dll!closesocket 000007fefdd518e0 12 bytes [48, B8, F9, A9, 5C, 75, 00, ...]
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\system32\WS2_32.dll!WSASocketW + 1 000007fefdd51bd1 11 bytes [B8, 39, A8, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\system32\WS2_32.dll!WSARecv + 1 000007fefdd52201 11 bytes [B8, 39, 1F, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 000007fefdd523c0 12 bytes [48, B8, 39, 8C, 5C, 75, 00, ...]
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\system32\WS2_32.dll!connect 000007fefdd545c0 12 bytes [48, B8, 79, 67, 5C, 75, 00, ...]
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\system32\WS2_32.dll!send + 1 000007fefdd58001 11 bytes [B8, 79, A6, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\system32\WS2_32.dll!gethostbyname 000007fefdd58df0 7 bytes [48, B8, B9, 8F, 5C, 75, 00]
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\system32\WS2_32.dll!gethostbyname + 9 000007fefdd58df9 3 bytes [00, 50, C3]
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\system32\WS2_32.dll!GetAddrInfoExW 000007fefdd5c090 12 bytes [48, B8, F9, 8D, 5C, 75, 00, ...]
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\system32\WS2_32.dll!socket + 1 000007fefdd5de91 11 bytes [B8, 39, 18, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\system32\WS2_32.dll!recv + 1 000007fefdd5df41 11 bytes [B8, 79, 1D, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[2164] C:\Windows\system32\WS2_32.dll!WSAConnect + 1 000007fefdd7e0f1 11 bytes [B8, B9, 1B, 5D, 75, 00, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!RtlEqualSid + 1 00000000775e85e1 11 bytes [B8, B9, 37, 5D, 75, 00, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 00000000775f6921 7 bytes [B8, 39, 69, 5C, 75, 00, 00]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 10 00000000775f692a 2 bytes [50, C3]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 000000007760da30 6 bytes [48, B8, B9, 45, 5D, 75]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 000000007760da38 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007760daa0 6 bytes [48, B8, 79, C2, 5C, 75]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 000000007760daa8 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007760db70 6 bytes [48, B8, 39, AF, 5C, 75]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 000000007760db78 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken 000000007760dbc0 6 bytes [48, B8, F9, 35, 5D, 75]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken + 8 000000007760dbc8 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007760dc10 6 bytes [48, B8, F9, 32, 5C, 75]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 000000007760dc18 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007760dc30 6 bytes [48, B8, 39, 1C, 5C, 75]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000000007760dc38 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007760dc50 6 bytes [48, B8, F9, 1D, 5C, 75]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 000000007760dc58 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007760dc70 6 bytes [48, B8, 79, AD, 5C, 75]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 000000007760dc78 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007760dd20 6 bytes [48, B8, F9, 43, 5D, 75]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 000000007760dd28 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007760dd50 6 bytes [48, B8, 79, 2F, 5C, 75]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 000000007760dd58 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007760dd70 6 bytes [48, B8, 79, 36, 5C, 75]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 000000007760dd78 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007760ddc0 6 bytes [48, B8, 79, DE, 5C, 75]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken + 8 000000007760ddc8 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007760de00 6 bytes [48, B8, B9, 34, 5C, 75]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 000000007760de08 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007760de30 6 bytes [48, B8, F9, 0B, 5D, 75]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 8 000000007760de38 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007760de50 6 bytes [48, B8, 79, 47, 5D, 75]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 000000007760de58 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 000000007760de80 6 bytes [48, B8, 39, 2A, 5C, 75]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 000000007760de88 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007760de90 6 bytes [48, B8, B9, 26, 5C, 75]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 000000007760de98 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007760df00 6 bytes [48, B8, 39, E0, 5C, 75]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000000007760df08 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000000007760dfb0 4 bytes [48, B8, F9, 4A]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 5 000000007760dfb5 1 byte [75]
.text ... * 2
.text C:\Program Files\Bonjour\mDNSResponder.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007760e380 6 bytes [48, B8, 39, 42, 5D, 75]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 000000007760e388 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 000000007760e3d0 6 bytes [48, B8, 79, 28, 5C, 75]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 000000007760e3d8 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007760e430 6 bytes [48, B8, F9, 24, 5C, 75]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 000000007760e438 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007760e7a0 6 bytes [48, B8, 39, C4, 5C, 75]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 000000007760e7a8 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 000000007760e970 6 bytes [48, B8, 39, 34, 5D, 75]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 000000007760e978 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 000000007760ece0 6 bytes [48, B8, 79, 83, 5C, 75]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 000000007760ece8 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007760eee0 6 bytes [48, B8, 39, 31, 5C, 75]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 000000007760eee8 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007760f0a0 6 bytes [48, B8, F9, C5, 5C, 75]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 000000007760f0a8 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007760f180 6 bytes [48, B8, 79, 3D, 5C, 75]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8 000000007760f188 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007760f190 6 bytes [48, B8, B9, 3B, 5C, 75]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8 000000007760f198 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007760f1a0 6 bytes [48, B8, 39, 49, 5D, 75]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 000000007760f1a8 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007760f280 6 bytes [48, B8, F9, 3C, 5D, 75]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 000000007760f288 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 000000007767f0c1 11 bytes [B8, 39, 85, 5C, 75, 00, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2260] C:\Windows\system32\kernel32.dll!Process32NextW + 1 00000000773a1b21 11 bytes [B8, B9, C0, 5C, 75, 00, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2260] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 00000000773a1c10 12 bytes [48, B8, F9, 39, 5C, 75, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2260] C:\Windows\system32\kernel32.dll!MoveFileExW + 1 00000000773a2b61 8 bytes [B8, B9, D5, 5C, 75, 00, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2260] C:\Windows\system32\kernel32.dll!MoveFileExW + 10 00000000773a2b6a 2 bytes [50, C3]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2260] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 00000000773bdb10 12 bytes [48, B8, B9, 2D, 5C, 75, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2260] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 00000000773c0951 11 bytes [B8, 39, 3B, 5D, 75, 00, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2260] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 00000000773f52c1 11 bytes [B8, B9, 7A, 5C, 75, 00, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2260] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 00000000773f52e1 11 bytes [B8, 39, 77, 5C, 75, 00, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2260] C:\Windows\system32\kernel32.dll!ReadConsoleW 000000007740a630 12 bytes [48, B8, B9, 81, 5C, 75, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2260] C:\Windows\system32\kernel32.dll!ReadConsoleA 000000007740a740 12 bytes [48, B8, 39, 7E, 5C, 75, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2260] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1 000000007742f4e1 11 bytes [B8, B9, DC, 5C, 75, 00, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2260] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1 000000007742f6e1 11 bytes [B8, 39, D9, 5C, 75, 00, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2260] C:\Windows\system32\kernel32.dll!MoveFileExA + 1 000000007742f711 8 bytes [B8, 39, D2, 5C, 75, 00, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2260] C:\Windows\system32\kernel32.dll!MoveFileExA + 10 000000007742f71a 2 bytes [50, C3]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2260] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd681861 11 bytes [B8, 79, 52, 5C, 75, 00, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2260] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd682db1 11 bytes [B8, 79, B4, 5C, 75, 00, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2260] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd683461 11 bytes [B8, 39, B6, 5C, 75, 00, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2260] C:\Windows\system32\KERNELBASE.dll!FindClose + 1 000007fefd6850d1 11 bytes [B8, 39, 11, 5D, 75, 00, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2260] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 000007fefd685370 12 bytes [48, B8, B9, 0D, 5D, 75, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2260] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 000007fefd685eb1 11 bytes [B8, 79, 0F, 5D, 75, 00, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2260] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd688f20 12 bytes [48, B8, B9, 50, 5C, 75, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2260] C:\Windows\system32\KERNELBASE.dll!CreateWellKnownSid + 1 000007fefd6897a1 11 bytes [B8, 79, 32, 5D, 75, 00, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2260] C:\Windows\system32\KERNELBASE.dll!DeviceIoControl + 1 000007fefd68a0e1 11 bytes [B8, F9, E1, 5C, 75, 00, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2260] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd68aec0 12 bytes [48, B8, B9, B2, 5C, 75, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2260] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd68ca31 11 bytes [B8, F9, B0, 5C, 75, 00, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2260] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd6937d1 11 bytes [B8, F9, 4E, 5C, 75, 00, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2260] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd6b4310 12 bytes [48, B8, B9, 42, 5C, 75, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2260] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 000007fefd6c0bd1 11 bytes [B8, B9, CE, 5C, 75, 00, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2260] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd6c2831 8 bytes [B8, 39, 23, 5C, 75, 00, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2260] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd6c283a 2 bytes [50, C3]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2260] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd6c2871 11 bytes [B8, F9, 40, 5C, 75, 00, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2260] C:\Windows\system32\WS2_32.dll!WSASend + 1 000007fefdd513b1 11 bytes [B8, B9, AB, 5C, 75, 00, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2260] C:\Windows\system32\WS2_32.dll!closesocket 000007fefdd518e0 12 bytes [48, B8, F9, A9, 5C, 75, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2260] C:\Windows\system32\WS2_32.dll!WSASocketW + 1 000007fefdd51bd1 11 bytes [B8, 39, A8, 5C, 75, 00, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2260] C:\Windows\system32\WS2_32.dll!WSARecv + 1 000007fefdd52201 11 bytes [B8, F9, 20, 5D, 75, 00, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2260] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 000007fefdd523c0 12 bytes [48, B8, 39, 8C, 5C, 75, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2260] C:\Windows\system32\WS2_32.dll!connect 000007fefdd545c0 12 bytes [48, B8, 79, 67, 5C, 75, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2260] C:\Windows\system32\WS2_32.dll!send + 1 000007fefdd58001 11 bytes [B8, 79, A6, 5C, 75, 00, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2260] C:\Windows\system32\WS2_32.dll!gethostbyname 000007fefdd58df0 7 bytes [48, B8, B9, 8F, 5C, 75, 00]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2260] C:\Windows\system32\WS2_32.dll!gethostbyname + 9 000007fefdd58df9 3 bytes [00, 50, C3]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2260] C:\Windows\system32\WS2_32.dll!GetAddrInfoExW 000007fefdd5c090 12 bytes [48, B8, F9, 8D, 5C, 75, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2260] C:\Windows\system32\WS2_32.dll!socket + 1 000007fefdd5de91 11 bytes [B8, F9, 19, 5D, 75, 00, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2260] C:\Windows\system32\WS2_32.dll!recv + 1 000007fefdd5df41 11 bytes [B8, 39, 1F, 5D, 75, 00, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2260] C:\Windows\system32\WS2_32.dll!WSAConnect + 1 000007fefdd7e0f1 11 bytes [B8, 79, 1D, 5D, 75, 00, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2260] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 1 000007feff07ae81 11 bytes [B8, 79, 2B, 5D, 75, 00, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2260] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 1 000007feff07aee1 11 bytes [B8, F9, 12, 5D, 75, 00, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2260] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 1 000007feff07e6e9 11 bytes [B8, B9, 30, 5D, 75, 00, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2260] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 1 000007feff08048d 11 bytes [B8, B9, 14, 5D, 75, 00, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2260] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 1 000007feff080579 11 bytes [B8, B9, 29, 5D, 75, 00, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2260] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 1 000007feff0805b1 11 bytes [B8, 39, 2D, 5D, 75, 00, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2260] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 73 000007feff0805f9 5 bytes [B8, F9, 2E, 5D, 75]
.text ... * 2
.text C:\Program Files\Bonjour\mDNSResponder.exe[2260] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49 000007feff094e21 11 bytes [B8, 79, 4E, 5D, 75, 00, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2260] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007feff095538 12 bytes [48, B8, B9, 6C, 5C, 75, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2260] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 1 000007feff0ab9c1 7 bytes [B8, 39, 18, 5D, 75, 00, 00]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2260] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 10 000007feff0ab9ca 2 bytes [50, C3]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2260] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007feff0aba4c 12 bytes [48, B8, F9, 6A, 5C, 75, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2260] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW 000007feff0abbc0 12 bytes [48, B8, 79, 60, 5C, 75, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2260] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007feff0abc2c 12 bytes [48, B8, B9, 5E, 5C, 75, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2260] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefdd3642d 11 bytes [B8, 39, 5B, 5C, 75, 00, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2260] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefdd36484 12 bytes [48, B8, F9, 55, 5C, 75, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2260] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefdd36519 11 bytes [B8, 39, 62, 5C, 75, 00, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2260] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefdd36c34 12 bytes [48, B8, 39, 54, 5C, 75, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2260] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefdd37ab5 11 bytes [B8, F9, 5C, 5C, 75, 00, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2260] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefdd38b01 11 bytes [B8, B9, 57, 5C, 75, 00, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2260] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefdd38c39 11 bytes [B8, 79, 59, 5C, 75, 00, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2260] C:\Windows\system32\GDI32.dll!GdiDllInitialize + 349 000007fefe10b031 11 bytes [B8, 39, 50, 5D, 75, 00, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2260] C:\Windows\system32\GDI32.dll!SetBrushAttributes + 1 000007fefe124991 11 bytes [B8, B9, 22, 5D, 75, 00, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2260] C:\Windows\system32\GDI32.dll!ClearBrushAttributes + 1 000007fefe1249b1 11 bytes [B8, 79, 24, 5D, 75, 00, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2260] C:\Windows\system32\GDI32.dll!NamedEscape + 1 000007fefe139209 11 bytes [B8, F9, 27, 5D, 75, 00, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2260] C:\Windows\system32\DNSAPI.dll!DnsQuery_UTF8 000007fefc9c56e0 12 bytes [48, B8, 39, CB, 5C, 75, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2260] C:\Windows\system32\DNSAPI.dll!DnsQuery_W 000007fefc9d010c 12 bytes [48, B8, 79, C9, 5C, 75, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2260] C:\Windows\system32\DNSAPI.dll!DnsQuery_A 000007fefc9edaa0 12 bytes [48, B8, B9, C7, 5C, 75, 00, ...]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\SYSTEM32\ntdll.dll!RtlEqualSid + 1 00000000775e85e1 11 bytes [B8, B9, 37, 5D, 75, 00, 00, ...]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 00000000775f6921 7 bytes [B8, 39, 69, 5C, 75, 00, 00]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 10 00000000775f692a 2 bytes [50, C3]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 000000007760da30 6 bytes [48, B8, B9, 45, 5D, 75]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 000000007760da38 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007760daa0 6 bytes [48, B8, 79, C2, 5C, 75]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 000000007760daa8 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007760db70 6 bytes [48, B8, 39, AF, 5C, 75]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 000000007760db78 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken 000000007760dbc0 6 bytes [48, B8, F9, 35, 5D, 75]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken + 8 000000007760dbc8 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007760dc10 6 bytes [48, B8, F9, 32, 5C, 75]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 000000007760dc18 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007760dc30 6 bytes [48, B8, 39, 1C, 5C, 75]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000000007760dc38 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007760dc50 6 bytes [48, B8, F9, 1D, 5C, 75]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 000000007760dc58 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007760dc70 6 bytes [48, B8, 79, AD, 5C, 75]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 000000007760dc78 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007760dd20 6 bytes [48, B8, F9, 43, 5D, 75]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 000000007760dd28 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007760dd50 6 bytes [48, B8, 79, 2F, 5C, 75]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 000000007760dd58 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007760dd70 6 bytes [48, B8, 79, 36, 5C, 75]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 000000007760dd78 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007760ddc0 6 bytes [48, B8, 79, DE, 5C, 75]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken + 8 000000007760ddc8 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007760de00 6 bytes [48, B8, B9, 34, 5C, 75]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 000000007760de08 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007760de30 6 bytes [48, B8, F9, 0B, 5D, 75]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 8 000000007760de38 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007760de50 6 bytes [48, B8, 79, 47, 5D, 75]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 000000007760de58 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 000000007760de80 6 bytes [48, B8, 39, 2A, 5C, 75]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 000000007760de88 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007760de90 6 bytes [48, B8, B9, 26, 5C, 75]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 000000007760de98 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007760df00 6 bytes [48, B8, 39, E0, 5C, 75]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000000007760df08 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000000007760dfb0 4 bytes [48, B8, F9, 4A]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 5 000000007760dfb5 1 byte [75]
.text ...
|
|
05.12.2015, 19:04
| #6 |
| /// TB-Schüler | Win7: Fehler 5 u.a. / "Kaputtoptimiert" Teil 7: Code:
ATTFilter * 2
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007760e380 6 bytes [48, B8, 39, 42, 5D, 75]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 000000007760e388 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 000000007760e3d0 6 bytes [48, B8, 79, 28, 5C, 75]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 000000007760e3d8 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007760e430 6 bytes [48, B8, F9, 24, 5C, 75]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 000000007760e438 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007760e7a0 6 bytes [48, B8, 39, C4, 5C, 75]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 000000007760e7a8 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 000000007760e970 6 bytes [48, B8, 39, 34, 5D, 75]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 000000007760e978 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 000000007760ece0 6 bytes [48, B8, 79, 83, 5C, 75]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 000000007760ece8 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007760eee0 6 bytes [48, B8, 39, 31, 5C, 75]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 000000007760eee8 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007760f0a0 6 bytes [48, B8, F9, C5, 5C, 75]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 000000007760f0a8 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007760f180 6 bytes [48, B8, 79, 3D, 5C, 75]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8 000000007760f188 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007760f190 6 bytes [48, B8, B9, 3B, 5C, 75]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8 000000007760f198 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007760f1a0 6 bytes [48, B8, 39, 49, 5D, 75]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 000000007760f1a8 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007760f280 6 bytes [48, B8, F9, 3C, 5D, 75]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 000000007760f288 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 000000007767f0c1 11 bytes [B8, 39, 85, 5C, 75, 00, 00, ...]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\system32\kernel32.dll!Process32NextW + 1 00000000773a1b21 11 bytes [B8, B9, C0, 5C, 75, 00, 00, ...]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 00000000773a1c10 12 bytes [48, B8, F9, 39, 5C, 75, 00, ...]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\system32\kernel32.dll!MoveFileExW + 1 00000000773a2b61 8 bytes [B8, B9, D5, 5C, 75, 00, 00, ...]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\system32\kernel32.dll!MoveFileExW + 10 00000000773a2b6a 2 bytes [50, C3]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 00000000773bdb10 12 bytes [48, B8, B9, 2D, 5C, 75, 00, ...]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 00000000773c0951 11 bytes [B8, 39, 3B, 5D, 75, 00, 00, ...]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 00000000773f52c1 11 bytes [B8, B9, 7A, 5C, 75, 00, 00, ...]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 00000000773f52e1 11 bytes [B8, 39, 77, 5C, 75, 00, 00, ...]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\system32\kernel32.dll!ReadConsoleW 000000007740a630 12 bytes [48, B8, B9, 81, 5C, 75, 00, ...]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\system32\kernel32.dll!ReadConsoleA 000000007740a740 12 bytes [48, B8, 39, 7E, 5C, 75, 00, ...]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1 000000007742f4e1 11 bytes [B8, B9, DC, 5C, 75, 00, 00, ...]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1 000000007742f6e1 11 bytes [B8, 39, D9, 5C, 75, 00, 00, ...]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\system32\kernel32.dll!MoveFileExA + 1 000000007742f711 8 bytes [B8, 39, D2, 5C, 75, 00, 00, ...]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\system32\kernel32.dll!MoveFileExA + 10 000000007742f71a 2 bytes [50, C3]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd681861 11 bytes [B8, 79, 52, 5C, 75, 00, 00, ...]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd682db1 11 bytes [B8, 79, B4, 5C, 75, 00, 00, ...]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd683461 11 bytes [B8, 39, B6, 5C, 75, 00, 00, ...]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\system32\KERNELBASE.dll!FindClose + 1 000007fefd6850d1 11 bytes [B8, 39, 11, 5D, 75, 00, 00, ...]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 000007fefd685370 12 bytes [48, B8, B9, 0D, 5D, 75, 00, ...]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 000007fefd685eb1 11 bytes [B8, 79, 0F, 5D, 75, 00, 00, ...]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd688f20 12 bytes [48, B8, B9, 50, 5C, 75, 00, ...]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\system32\KERNELBASE.dll!CreateWellKnownSid + 1 000007fefd6897a1 11 bytes [B8, 79, 32, 5D, 75, 00, 00, ...]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\system32\KERNELBASE.dll!DeviceIoControl + 1 000007fefd68a0e1 11 bytes [B8, F9, E1, 5C, 75, 00, 00, ...]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd68aec0 12 bytes [48, B8, B9, B2, 5C, 75, 00, ...]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd68ca31 11 bytes [B8, F9, B0, 5C, 75, 00, 00, ...]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd6937d1 11 bytes [B8, F9, 4E, 5C, 75, 00, 00, ...]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd6b4310 12 bytes [48, B8, B9, 42, 5C, 75, 00, ...]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 000007fefd6c0bd1 11 bytes [B8, B9, CE, 5C, 75, 00, 00, ...]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd6c2831 8 bytes [B8, 39, 23, 5C, 75, 00, 00, ...]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd6c283a 2 bytes [50, C3]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd6c2871 11 bytes [B8, F9, 40, 5C, 75, 00, 00, ...]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 1 000007feff07ae81 11 bytes [B8, 79, 2B, 5D, 75, 00, 00, ...]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 1 000007feff07aee1 11 bytes [B8, F9, 12, 5D, 75, 00, 00, ...]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 1 000007feff07e6e9 11 bytes [B8, B9, 30, 5D, 75, 00, 00, ...]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 1 000007feff08048d 11 bytes [B8, B9, 14, 5D, 75, 00, 00, ...]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 1 000007feff080579 11 bytes [B8, B9, 29, 5D, 75, 00, 00, ...]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 1 000007feff0805b1 11 bytes [B8, 39, 2D, 5D, 75, 00, 00, ...]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 73 000007feff0805f9 5 bytes [B8, F9, 2E, 5D, 75]
.text ... * 2
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49 000007feff094e21 11 bytes [B8, B9, 4C, 5D, 75, 00, 00, ...]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007feff095538 12 bytes [48, B8, B9, 6C, 5C, 75, 00, ...]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 1 000007feff0ab9c1 7 bytes [B8, 39, 18, 5D, 75, 00, 00]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 10 000007feff0ab9ca 2 bytes [50, C3]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007feff0aba4c 12 bytes [48, B8, F9, 6A, 5C, 75, 00, ...]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW 000007feff0abbc0 12 bytes [48, B8, 79, 60, 5C, 75, 00, ...]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007feff0abc2c 12 bytes [48, B8, B9, 5E, 5C, 75, 00, ...]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefdd3642d 11 bytes [B8, 39, 5B, 5C, 75, 00, 00, ...]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefdd36484 12 bytes [48, B8, F9, 55, 5C, 75, 00, ...]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefdd36519 11 bytes [B8, 39, 62, 5C, 75, 00, 00, ...]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefdd36c34 12 bytes [48, B8, 39, 54, 5C, 75, 00, ...]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefdd37ab5 11 bytes [B8, F9, 5C, 5C, 75, 00, 00, ...]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefdd38b01 11 bytes [B8, B9, 57, 5C, 75, 00, 00, ...]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefdd38c39 11 bytes [B8, 79, 59, 5C, 75, 00, 00, ...]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\system32\GDI32.dll!GdiDllInitialize + 349 000007fefe10b031 11 bytes [B8, 79, 4E, 5D, 75, 00, 00, ...]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\system32\GDI32.dll!SetBrushAttributes + 1 000007fefe124991 11 bytes [B8, B9, 22, 5D, 75, 00, 00, ...]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\system32\GDI32.dll!ClearBrushAttributes + 1 000007fefe1249b1 11 bytes [B8, 79, 24, 5D, 75, 00, 00, ...]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\system32\GDI32.dll!NamedEscape + 1 000007fefe139209 11 bytes [B8, F9, 27, 5D, 75, 00, 00, ...]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\system32\WS2_32.dll!WSASend + 1 000007fefdd513b1 11 bytes [B8, B9, AB, 5C, 75, 00, 00, ...]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\system32\WS2_32.dll!closesocket 000007fefdd518e0 12 bytes [48, B8, F9, A9, 5C, 75, 00, ...]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\system32\WS2_32.dll!WSASocketW + 1 000007fefdd51bd1 11 bytes [B8, 39, A8, 5C, 75, 00, 00, ...]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\system32\WS2_32.dll!WSARecv + 1 000007fefdd52201 11 bytes [B8, F9, 20, 5D, 75, 00, 00, ...]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 000007fefdd523c0 12 bytes [48, B8, 39, 8C, 5C, 75, 00, ...]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\system32\WS2_32.dll!connect 000007fefdd545c0 12 bytes [48, B8, 79, 67, 5C, 75, 00, ...]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\system32\WS2_32.dll!send + 1 000007fefdd58001 11 bytes [B8, 79, A6, 5C, 75, 00, 00, ...]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\system32\WS2_32.dll!gethostbyname 000007fefdd58df0 7 bytes [48, B8, B9, 8F, 5C, 75, 00]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\system32\WS2_32.dll!gethostbyname + 9 000007fefdd58df9 3 bytes [00, 50, C3]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\system32\WS2_32.dll!GetAddrInfoExW 000007fefdd5c090 12 bytes [48, B8, F9, 8D, 5C, 75, 00, ...]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\system32\WS2_32.dll!socket + 1 000007fefdd5de91 11 bytes [B8, F9, 19, 5D, 75, 00, 00, ...]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\system32\WS2_32.dll!recv + 1 000007fefdd5df41 11 bytes [B8, 39, 1F, 5D, 75, 00, 00, ...]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\system32\WS2_32.dll!WSAConnect + 1 000007fefdd7e0f1 11 bytes [B8, 79, 1D, 5D, 75, 00, 00, ...]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\system32\WININET.dll!InternetCloseHandle + 1 000007feff3bb1c1 11 bytes [B8, 39, 0A, 5D, 75, 00, 00, ...]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\system32\WININET.dll!HttpOpenRequestW + 1 000007feff3bc6d1 11 bytes [B8, F9, F6, 5C, 75, 00, 00, ...]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\system32\WININET.dll!InternetConnectW + 1 000007feff3c29b1 11 bytes [B8, 79, F3, 5C, 75, 00, 00, ...]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\system32\WININET.dll!HttpSendRequestW + 1 000007feff3c3ba1 11 bytes [B8, 79, FA, 5C, 75, 00, 00, ...]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\system32\WININET.dll!InternetReadFile + 1 000007feff3c4c81 11 bytes [B8, 79, E5, 5C, 75, 00, 00, ...]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\system32\WININET.dll!InternetOpenW + 1 000007feff3fddc1 11 bytes [B8, F9, E8, 5C, 75, 00, 00, ...]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\system32\WININET.dll!InternetOpenA 000007feff3fdf60 12 bytes [48, B8, 39, E7, 5C, 75, 00, ...]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\system32\WININET.dll!HttpSendRequestExW + 1 000007feff40c461 11 bytes [B8, F9, FD, 5C, 75, 00, 00, ...]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\system32\WININET.dll!InternetWriteFile + 1 000007feff40c921 11 bytes [B8, B9, E3, 5C, 75, 00, 00, ...]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\system32\WININET.dll!HttpSendRequestA + 1 000007feff44f691 11 bytes [B8, B9, F8, 5C, 75, 00, 00, ...]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\system32\WININET.dll!InternetConnectA + 1 000007feff4ae9b1 11 bytes [B8, B9, F1, 5C, 75, 00, 00, ...]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\system32\WININET.dll!InternetOpenUrlA + 1 000007feff4aeda1 11 bytes [B8, B9, EA, 5C, 75, 00, 00, ...]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\system32\WININET.dll!InternetOpenUrlW + 1 000007feff4afa51 11 bytes [B8, 79, EC, 5C, 75, 00, 00, ...]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\system32\WININET.dll!FtpGetFileA 000007feff4c0360 12 bytes [48, B8, 39, 03, 5D, 75, 00, ...]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\system32\WININET.dll!FtpOpenFileA + 1 000007feff4c0811 11 bytes [B8, 39, EE, 5C, 75, 00, 00, ...]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\system32\WININET.dll!FtpPutFileA 000007feff4c08f0 12 bytes [48, B8, B9, 06, 5D, 75, 00, ...]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\system32\WININET.dll!FtpGetFileW + 1 000007feff4c4261 11 bytes [B8, F9, 04, 5D, 75, 00, 00, ...]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\system32\WININET.dll!FtpOpenFileW + 1 000007feff4c4371 11 bytes [B8, F9, EF, 5C, 75, 00, 00, ...]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\system32\WININET.dll!FtpPutFileW + 1 000007feff4c4571 11 bytes [B8, 79, 08, 5D, 75, 00, 00, ...]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\system32\WININET.dll!HttpSendRequestExA + 1 000007feff4d8751 11 bytes [B8, 39, FC, 5C, 75, 00, 00, ...]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\system32\WININET.dll!HttpOpenRequestA + 1 000007feff4db221 11 bytes [B8, 39, F5, 5C, 75, 00, 00, ...]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\system32\WINHTTP.dll!WinHttpCloseHandle 000007fefb5322e0 12 bytes [48, B8, F9, A2, 5C, 75, 00, ...]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\system32\WINHTTP.dll!WinHttpOpenRequest 000007fefb5345f8 12 bytes [48, B8, 39, A1, 5C, 75, 00, ...]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\system32\WINHTTP.dll!WinHttpConnect 000007fefb543e3c 12 bytes [48, B8, B9, A4, 5C, 75, 00, ...]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\system32\DNSAPI.dll!DnsQuery_UTF8 000007fefc9c56e0 12 bytes [48, B8, 39, CB, 5C, 75, 00, ...]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\system32\DNSAPI.dll!DnsQuery_W 000007fefc9d010c 12 bytes [48, B8, 79, C9, 5C, 75, 00, ...]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\system32\DNSAPI.dll!DnsQuery_A 000007fefc9edaa0 12 bytes [48, B8, B9, C7, 5C, 75, 00, ...]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\system32\urlmon.dll!URLDownloadToCacheFileW 000007feff634460 12 bytes [48, B8, B9, 65, 5C, 75, 00, ...]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\system32\urlmon.dll!URLDownloadToFileW + 1 000007feff65ede1 11 bytes [B8, F9, 63, 5C, 75, 00, 00, ...]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\system32\urlmon.dll!URLDownloadToCacheFileA 000007feff6e1170 12 bytes [48, B8, 79, 01, 5D, 75, 00, ...]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[2280] C:\Windows\system32\urlmon.dll!URLDownloadToFileA 000007feff6e12f0 12 bytes [48, B8, B9, FF, 5C, 75, 00, ...]
.text C:\Windows\System32\svchost.exe[2320] C:\Windows\SYSTEM32\ntdll.dll!RtlEqualSid + 1 00000000775e85e1 11 bytes [B8, F9, 35, 5D, 75, 00, 00, ...]
.text C:\Windows\System32\svchost.exe[2320] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 00000000775f6921 7 bytes [B8, 39, 69, 5C, 75, 00, 00]
.text C:\Windows\System32\svchost.exe[2320] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 10 00000000775f692a 2 bytes [50, C3]
.text C:\Windows\System32\svchost.exe[2320] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 000000007760da30 6 bytes [48, B8, B9, 3E, 5D, 75]
.text C:\Windows\System32\svchost.exe[2320] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 000000007760da38 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\svchost.exe[2320] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007760daa0 6 bytes [48, B8, 79, C2, 5C, 75]
.text C:\Windows\System32\svchost.exe[2320] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 000000007760daa8 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\svchost.exe[2320] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007760db70 6 bytes [48, B8, 39, AF, 5C, 75]
.text C:\Windows\System32\svchost.exe[2320] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 000000007760db78 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\svchost.exe[2320] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken 000000007760dbc0 6 bytes [48, B8, 39, 34, 5D, 75]
.text C:\Windows\System32\svchost.exe[2320] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken + 8 000000007760dbc8 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\svchost.exe[2320] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007760dc10 6 bytes [48, B8, F9, 32, 5C, 75]
.text C:\Windows\System32\svchost.exe[2320] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 000000007760dc18 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\svchost.exe[2320] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007760dc30 6 bytes [48, B8, 39, 1C, 5C, 75]
.text C:\Windows\System32\svchost.exe[2320] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000000007760dc38 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\svchost.exe[2320] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007760dc50 6 bytes [48, B8, F9, 1D, 5C, 75]
.text C:\Windows\System32\svchost.exe[2320] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 000000007760dc58 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\svchost.exe[2320] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007760dc70 6 bytes [48, B8, 79, AD, 5C, 75]
.text C:\Windows\System32\svchost.exe[2320] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 000000007760dc78 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\svchost.exe[2320] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007760dd20 6 bytes [48, B8, F9, 3C, 5D, 75]
.text C:\Windows\System32\svchost.exe[2320] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 000000007760dd28 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\svchost.exe[2320] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007760dd50 6 bytes [48, B8, 79, 2F, 5C, 75]
.text C:\Windows\System32\svchost.exe[2320] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 000000007760dd58 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\svchost.exe[2320] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007760dd70 6 bytes [48, B8, 79, 36, 5C, 75]
.text C:\Windows\System32\svchost.exe[2320] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 000000007760dd78 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\svchost.exe[2320] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007760de00 6 bytes [48, B8, B9, 34, 5C, 75]
.text C:\Windows\System32\svchost.exe[2320] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 000000007760de08 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\svchost.exe[2320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007760de30 6 bytes [48, B8, 39, 0A, 5D, 75]
.text C:\Windows\System32\svchost.exe[2320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 8 000000007760de38 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\svchost.exe[2320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007760de50 6 bytes [48, B8, 79, 40, 5D, 75]
.text C:\Windows\System32\svchost.exe[2320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 000000007760de58 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\svchost.exe[2320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 000000007760de80 6 bytes [48, B8, 39, 2A, 5C, 75]
.text C:\Windows\System32\svchost.exe[2320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 000000007760de88 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\svchost.exe[2320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007760de90 6 bytes [48, B8, B9, 26, 5C, 75]
.text C:\Windows\System32\svchost.exe[2320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 000000007760de98 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\svchost.exe[2320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007760df00 6 bytes [48, B8, 79, DE, 5C, 75]
.text C:\Windows\System32\svchost.exe[2320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000000007760df08 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\svchost.exe[2320] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000000007760dfb0 4 bytes [48, B8, F9, 43]
.text C:\Windows\System32\svchost.exe[2320] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 5 000000007760dfb5 1 byte [75]
.text ... * 2
.text C:\Windows\System32\svchost.exe[2320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007760e380 6 bytes [48, B8, 39, 3B, 5D, 75]
.text C:\Windows\System32\svchost.exe[2320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 000000007760e388 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\svchost.exe[2320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 000000007760e3d0 6 bytes [48, B8, 79, 28, 5C, 75]
.text C:\Windows\System32\svchost.exe[2320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 000000007760e3d8 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\svchost.exe[2320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007760e430 6 bytes [48, B8, F9, 24, 5C, 75]
.text C:\Windows\System32\svchost.exe[2320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 000000007760e438 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\svchost.exe[2320] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007760e7a0 6 bytes [48, B8, 39, C4, 5C, 75]
.text C:\Windows\System32\svchost.exe[2320] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 000000007760e7a8 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\svchost.exe[2320] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 000000007760e970 6 bytes [48, B8, 79, 32, 5D, 75]
.text C:\Windows\System32\svchost.exe[2320] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 000000007760e978 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\svchost.exe[2320] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 000000007760ece0 6 bytes [48, B8, 79, 83, 5C, 75]
.text C:\Windows\System32\svchost.exe[2320] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 000000007760ece8 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\svchost.exe[2320] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007760eee0 6 bytes [48, B8, 39, 31, 5C, 75]
.text C:\Windows\System32\svchost.exe[2320] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 000000007760eee8 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\svchost.exe[2320] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007760f0a0 6 bytes [48, B8, F9, C5, 5C, 75]
.text C:\Windows\System32\svchost.exe[2320] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 000000007760f0a8 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\svchost.exe[2320] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007760f180 6 bytes [48, B8, 79, 3D, 5C, 75]
.text C:\Windows\System32\svchost.exe[2320] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8 000000007760f188 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\svchost.exe[2320] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007760f190 6 bytes [48, B8, B9, 3B, 5C, 75]
.text C:\Windows\System32\svchost.exe[2320] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8 000000007760f198 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\svchost.exe[2320] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007760f1a0 6 bytes [48, B8, 39, 42, 5D, 75]
.text C:\Windows\System32\svchost.exe[2320] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 000000007760f1a8 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\svchost.exe[2320] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 000000007767f0c1 11 bytes [B8, 39, 85, 5C, 75, 00, 00, ...]
.text C:\Windows\System32\svchost.exe[2320] C:\Windows\system32\kernel32.dll!Process32NextW + 1 00000000773a1b21 11 bytes [B8, B9, C0, 5C, 75, 00, 00, ...]
.text C:\Windows\System32\svchost.exe[2320] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 00000000773a1c10 12 bytes [48, B8, F9, 39, 5C, 75, 00, ...]
.text C:\Windows\System32\svchost.exe[2320] C:\Windows\system32\kernel32.dll!MoveFileExW + 1 00000000773a2b61 8 bytes [B8, B9, D5, 5C, 75, 00, 00, ...]
.text C:\Windows\System32\svchost.exe[2320] C:\Windows\system32\kernel32.dll!MoveFileExW + 10 00000000773a2b6a 2 bytes [50, C3]
.text C:\Windows\System32\svchost.exe[2320] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 00000000773bdb10 12 bytes [48, B8, B9, 2D, 5C, 75, 00, ...]
.text C:\Windows\System32\svchost.exe[2320] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 00000000773c0951 11 bytes [B8, 79, 39, 5D, 75, 00, 00, ...]
.text C:\Windows\System32\svchost.exe[2320] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 00000000773f52c1 11 bytes [B8, B9, 7A, 5C, 75, 00, 00, ...]
.text C:\Windows\System32\svchost.exe[2320] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 00000000773f52e1 11 bytes [B8, 39, 77, 5C, 75, 00, 00, ...]
.text C:\Windows\System32\svchost.exe[2320] C:\Windows\system32\kernel32.dll!ReadConsoleW 000000007740a630 12 bytes [48, B8, B9, 81, 5C, 75, 00, ...]
.text C:\Windows\System32\svchost.exe[2320] C:\Windows\system32\kernel32.dll!ReadConsoleA 000000007740a740 12 bytes [48, B8, 39, 7E, 5C, 75, 00, ...]
.text C:\Windows\System32\svchost.exe[2320] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1 000000007742f4e1 11 bytes [B8, B9, DC, 5C, 75, 00, 00, ...]
.text C:\Windows\System32\svchost.exe[2320] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1 000000007742f6e1 11 bytes [B8, 39, D9, 5C, 75, 00, 00, ...]
.text C:\Windows\System32\svchost.exe[2320] C:\Windows\system32\kernel32.dll!MoveFileExA + 1 000000007742f711 8 bytes [B8, 39, D2, 5C, 75, 00, 00, ...]
.text C:\Windows\System32\svchost.exe[2320] C:\Windows\system32\kernel32.dll!MoveFileExA + 10 000000007742f71a 2 bytes [50, C3]
.text C:\Windows\System32\svchost.exe[2320] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd681861 11 bytes [B8, 79, 52, 5C, 75, 00, 00, ...]
.text C:\Windows\System32\svchost.exe[2320] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd682db1 11 bytes [B8, 79, B4, 5C, 75, 00, 00, ...]
.text C:\Windows\System32\svchost.exe[2320] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd683461 11 bytes [B8, 39, B6, 5C, 75, 00, 00, ...]
.text C:\Windows\System32\svchost.exe[2320] C:\Windows\system32\KERNELBASE.dll!FindClose + 1 000007fefd6850d1 11 bytes [B8, 79, 0F, 5D, 75, 00, 00, ...]
.text C:\Windows\System32\svchost.exe[2320] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 000007fefd685370 12 bytes [48, B8, F9, 0B, 5D, 75, 00, ...]
.text C:\Windows\System32\svchost.exe[2320] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 000007fefd685eb1 11 bytes [B8, B9, 0D, 5D, 75, 00, 00, ...]
.text C:\Windows\System32\svchost.exe[2320] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd688f20 12 bytes [48, B8, B9, 50, 5C, 75, 00, ...]
.text C:\Windows\System32\svchost.exe[2320] C:\Windows\system32\KERNELBASE.dll!CreateWellKnownSid + 1 000007fefd6897a1 11 bytes [B8, B9, 30, 5D, 75, 00, 00, ...]
.text C:\Windows\System32\svchost.exe[2320] C:\Windows\system32\KERNELBASE.dll!DeviceIoControl + 1 000007fefd68a0e1 11 bytes [B8, 39, E0, 5C, 75, 00, 00, ...]
.text C:\Windows\System32\svchost.exe[2320] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd68aec0 12 bytes [48, B8, B9, B2, 5C, 75, 00, ...]
.text C:\Windows\System32\svchost.exe[2320] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd68ca31 11 bytes [B8, F9, B0, 5C, 75, 00, 00, ...]
.text C:\Windows\System32\svchost.exe[2320] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd6937d1 11 bytes [B8, F9, 4E, 5C, 75, 00, 00, ...]
.text C:\Windows\System32\svchost.exe[2320] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd6b4310 12 bytes [48, B8, B9, 42, 5C, 75, 00, ...]
.text C:\Windows\System32\svchost.exe[2320] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 000007fefd6c0bd1 11 bytes [B8, B9, CE, 5C, 75, 00, 00, ...]
.text C:\Windows\System32\svchost.exe[2320] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd6c2831 8 bytes [B8, 39, 23, 5C, 75, 00, 00, ...]
.text C:\Windows\System32\svchost.exe[2320] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd6c283a 2 bytes [50, C3]
.text C:\Windows\System32\svchost.exe[2320] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd6c2871 11 bytes [B8, F9, 40, 5C, 75, 00, 00, ...]
.text C:\Windows\System32\svchost.exe[2320] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefdd3642d 11 bytes [B8, 39, 5B, 5C, 75, 00, 00, ...]
.text C:\Windows\System32\svchost.exe[2320] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefdd36484 12 bytes [48, B8, F9, 55, 5C, 75, 00, ...]
.text C:\Windows\System32\svchost.exe[2320] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefdd36519 11 bytes [B8, 39, 62, 5C, 75, 00, 00, ...]
.text C:\Windows\System32\svchost.exe[2320] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefdd36c34 12 bytes [48, B8, 39, 54, 5C, 75, 00, ...]
.text C:\Windows\System32\svchost.exe[2320] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefdd37ab5 11 bytes [B8, F9, 5C, 5C, 75, 00, 00, ...]
.text C:\Windows\System32\svchost.exe[2320] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefdd38b01 11 bytes [B8, B9, 57, 5C, 75, 00, 00, ...]
.text C:\Windows\System32\svchost.exe[2320] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefdd38c39 11 bytes [B8, 79, 59, 5C, 75, 00, 00, ...]
.text C:\Windows\System32\svchost.exe[2320] C:\Windows\system32\GDI32.dll!GdiDllInitialize + 349 000007fefe10b031 11 bytes [B8, B9, 45, 5D, 75, 00, 00, ...]
.text C:\Windows\System32\svchost.exe[2320] C:\Windows\system32\GDI32.dll!SetBrushAttributes + 1 000007fefe124991 11 bytes [B8, F9, 20, 5D, 75, 00, 00, ...]
.text C:\Windows\System32\svchost.exe[2320] C:\Windows\system32\GDI32.dll!ClearBrushAttributes + 1 000007fefe1249b1 11 bytes [B8, B9, 22, 5D, 75, 00, 00, ...]
.text C:\Windows\System32\svchost.exe[2320] C:\Windows\system32\GDI32.dll!NamedEscape + 1 000007fefe139209 11 bytes [B8, 39, 26, 5D, 75, 00, 00, ...]
.text C:\Windows\System32\svchost.exe[2320] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 1 000007feff07ae81 11 bytes [B8, B9, 29, 5D, 75, 00, 00, ...]
.text C:\Windows\System32\svchost.exe[2320] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 1 000007feff07aee1 11 bytes [B8, 39, 11, 5D, 75, 00, 00, ...]
.text C:\Windows\System32\svchost.exe[2320] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 1 000007feff07e6e9 11 bytes [B8, F9, 2E, 5D, 75, 00, 00, ...]
.text C:\Windows\System32\svchost.exe[2320] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 1 000007feff08048d 11 bytes [B8, F9, 12, 5D, 75, 00, 00, ...]
.text C:\Windows\System32\svchost.exe[2320] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 1 000007feff080579 11 bytes [B8, F9, 27, 5D, 75, 00, 00, ...]
.text C:\Windows\System32\svchost.exe[2320] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 1 000007feff0805b1 11 bytes [B8, 79, 2B, 5D, 75, 00, 00, ...]
.text C:\Windows\System32\svchost.exe[2320] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 73 000007feff0805f9 5 bytes [B8, 39, 2D, 5D, 75]
.text ... * 2
.text C:\Windows\System32\svchost.exe[2320] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49 000007feff094e21 11 bytes [B8, 39, 49, 5D, 75, 00, 00, ...]
.text C:\Windows\System32\svchost.exe[2320] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007feff095538 12 bytes [48, B8, B9, 6C, 5C, 75, 00, ...]
.text C:\Windows\System32\svchost.exe[2320] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 1 000007feff0ab9c1 7 bytes [B8, 79, 16, 5D, 75, 00, 00]
.text C:\Windows\System32\svchost.exe[2320] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 10 000007feff0ab9ca 2 bytes [50, C3]
.text C:\Windows\System32\svchost.exe[2320] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007feff0aba4c 12 bytes [48, B8, F9, 6A, 5C, 75, 00, ...]
.text C:\Windows\System32\svchost.exe[2320] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW 000007feff0abbc0 12 bytes [48, B8, 79, 60, 5C, 75, 00, ...]
.text C:\Windows\System32\svchost.exe[2320] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007feff0abc2c 12 bytes [48, B8, B9, 5E, 5C, 75, 00, ...]
.text C:\Windows\System32\svchost.exe[2320] C:\Windows\system32\WS2_32.dll!WSASend + 1 000007fefdd513b1 11 bytes [B8, B9, AB, 5C, 75, 00, 00, ...]
.text C:\Windows\System32\svchost.exe[2320] C:\Windows\system32\WS2_32.dll!closesocket 000007fefdd518e0 12 bytes [48, B8, F9, A9, 5C, 75, 00, ...]
.text C:\Windows\System32\svchost.exe[2320] C:\Windows\system32\WS2_32.dll!WSASocketW + 1 000007fefdd51bd1 11 bytes [B8, 39, A8, 5C, 75, 00, 00, ...]
.text C:\Windows\System32\svchost.exe[2320] C:\Windows\system32\WS2_32.dll!WSARecv + 1 000007fefdd52201 11 bytes [B8, 39, 1F, 5D, 75, 00, 00, ...]
.text C:\Windows\System32\svchost.exe[2320] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 000007fefdd523c0 12 bytes [48, B8, 39, 8C, 5C, 75, 00, ...]
.text C:\Windows\System32\svchost.exe[2320] C:\Windows\system32\WS2_32.dll!connect 000007fefdd545c0 12 bytes [48, B8, 79, 67, 5C, 75, 00, ...]
.text C:\Windows\System32\svchost.exe[2320] C:\Windows\system32\WS2_32.dll!send + 1 000007fefdd58001 11 bytes [B8, 79, A6, 5C, 75, 00, 00, ...]
.text C:\Windows\System32\svchost.exe[2320] C:\Windows\system32\WS2_32.dll!gethostbyname 000007fefdd58df0 7 bytes [48, B8, B9, 8F, 5C, 75, 00]
.text C:\Windows\System32\svchost.exe[2320] C:\Windows\system32\WS2_32.dll!gethostbyname + 9 000007fefdd58df9 3 bytes [00, 50, C3]
.text C:\Windows\System32\svchost.exe[2320] C:\Windows\system32\WS2_32.dll!GetAddrInfoExW 000007fefdd5c090 12 bytes [48, B8, F9, 8D, 5C, 75, 00, ...]
.text C:\Windows\System32\svchost.exe[2320] C:\Windows\system32\WS2_32.dll!socket + 1 000007fefdd5de91 11 bytes [B8, 39, 18, 5D, 75, 00, 00, ...]
.text C:\Windows\System32\svchost.exe[2320] C:\Windows\system32\WS2_32.dll!recv + 1 000007fefdd5df41 11 bytes [B8, 79, 1D, 5D, 75, 00, 00, ...]
.text C:\Windows\System32\svchost.exe[2320] C:\Windows\system32\WS2_32.dll!WSAConnect + 1 000007fefdd7e0f1 11 bytes [B8, B9, 1B, 5D, 75, 00, 00, ...]
.text C:\Windows\System32\svchost.exe[2320] c:\windows\system32\WINHTTP.dll!WinHttpCloseHandle 000007fefb5322e0 12 bytes [48, B8, F9, A2, 5C, 75, 00, ...]
.text C:\Windows\System32\svchost.exe[2320] c:\windows\system32\WINHTTP.dll!WinHttpOpenRequest 000007fefb5345f8 12 bytes [48, B8, 39, A1, 5C, 75, 00, ...]
.text C:\Windows\System32\svchost.exe[2320] c:\windows\system32\WINHTTP.dll!WinHttpConnect 000007fefb543e3c 12 bytes [48, B8, B9, A4, 5C, 75, 00, ...]
.text C:\Windows\System32\svchost.exe[2320] C:\Windows\System32\DNSAPI.dll!DnsQuery_UTF8 000007fefc9c56e0 12 bytes [48, B8, 39, CB, 5C, 75, 00, ...]
.text C:\Windows\System32\svchost.exe[2320] C:\Windows\System32\DNSAPI.dll!DnsQuery_W 000007fefc9d010c 12 bytes [48, B8, 79, C9, 5C, 75, 00, ...]
.text C:\Windows\System32\svchost.exe[2320] C:\Windows\System32\DNSAPI.dll!DnsQuery_A 000007fefc9edaa0 12 bytes [48, B8, B9, C7, 5C, 75, 00, ...]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2360] C:\Windows\SYSTEM32\ntdll.dll!RtlEqualSid + 1 00000000775e85e1 11 bytes [B8, B9, 53, 5D, 75, 00, 00, ...]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2360] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 00000000775f6921 7 bytes [B8, 39, 69, 5C, 75, 00, 00]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2360] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 10 00000000775f692a 2 bytes [50, C3]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2360] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 000000007760da30 6 bytes [48, B8, B9, 61, 5D, 75]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2360] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 000000007760da38 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2360] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007760daa0 6 bytes [48, B8, 79, DE, 5C, 75]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2360] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 000000007760daa8 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2360] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007760db70 6 bytes [48, B8, 39, CB, 5C, 75]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2360] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 000000007760db78 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2360] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken 000000007760dbc0 6 bytes [48, B8, F9, 51, 5D, 75]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2360] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken + 8 000000007760dbc8 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007760dc10 6 bytes [48, B8, F9, 32, 5C, 75]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 000000007760dc18 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2360] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007760dc30 6 bytes [48, B8, 39, 1C, 5C, 75]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2360] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000000007760dc38 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2360] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007760dc50 6 bytes [48, B8, F9, 1D, 5C, 75]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2360] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 000000007760dc58 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2360] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007760dc70 6 bytes [48, B8, 79, C9, 5C, 75]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2360] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 000000007760dc78 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007760dd20 6 bytes [48, B8, F9, 5F, 5D, 75]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 000000007760dd28 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2360] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007760dd50 6 bytes [48, B8, 79, 2F, 5C, 75]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2360] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 000000007760dd58 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2360] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007760dd70 6 bytes [48, B8, 79, 36, 5C, 75]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2360] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 000000007760dd78 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2360] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007760ddc0 6 bytes [48, B8, 79, FA, 5C, 75]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2360] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken + 8 000000007760ddc8 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2360] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007760de00 6 bytes [48, B8, B9, 34, 5C, 75]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2360] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 000000007760de08 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007760de30 6 bytes [48, B8, F9, 27, 5D, 75]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 8 000000007760de38 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007760de50 6 bytes [48, B8, 79, 63, 5D, 75]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 000000007760de58 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 000000007760de80 6 bytes [48, B8, 39, 2A, 5C, 75]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 000000007760de88 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007760de90 6 bytes [48, B8, B9, 26, 5C, 75]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 000000007760de98 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007760df00 6 bytes [48, B8, 39, FC, 5C, 75]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000000007760df08 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2360] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000000007760dfb0 4 bytes [48, B8, F9, 66]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2360] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 5 000000007760dfb5 1 byte [75]
.text ...
|
|
05.12.2015, 19:06
| #7 |
| /// TB-Schüler | Win7: Fehler 5 u.a. / "Kaputtoptimiert" Teil 8: Code:
ATTFilter * 2
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007760e380 6 bytes [48, B8, 39, 5E, 5D, 75]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 000000007760e388 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 000000007760e3d0 6 bytes [48, B8, 79, 28, 5C, 75]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 000000007760e3d8 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007760e430 6 bytes [48, B8, F9, 24, 5C, 75]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 000000007760e438 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3060] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007760e7a0 6 bytes [48, B8, 39, E0, 5C, 75]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3060] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 000000007760e7a8 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 000000007760e970 6 bytes [48, B8, 39, 50, 5D, 75]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 000000007760e978 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3060] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 000000007760ece0 6 bytes [48, B8, 79, 83, 5C, 75]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3060] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 000000007760ece8 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3060] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007760eee0 6 bytes [48, B8, 39, 31, 5C, 75]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3060] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 000000007760eee8 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3060] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007760f0a0 6 bytes [48, B8, F9, E1, 5C, 75]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3060] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 000000007760f0a8 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3060] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007760f180 6 bytes [48, B8, 79, 3D, 5C, 75]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3060] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8 000000007760f188 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3060] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007760f190 6 bytes [48, B8, B9, 3B, 5C, 75]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3060] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8 000000007760f198 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3060] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007760f1a0 6 bytes [48, B8, 39, 65, 5D, 75]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3060] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 000000007760f1a8 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3060] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007760f280 6 bytes [48, B8, F9, 58, 5D, 75]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3060] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 000000007760f288 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3060] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 000000007767f0c1 11 bytes [B8, 39, 85, 5C, 75, 00, 00, ...]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3060] C:\Windows\system32\kernel32.dll!Process32NextW + 1 00000000773a1b21 11 bytes [B8, B9, DC, 5C, 75, 00, 00, ...]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3060] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 00000000773a1c10 12 bytes [48, B8, F9, 39, 5C, 75, 00, ...]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3060] C:\Windows\system32\kernel32.dll!MoveFileExW + 1 00000000773a2b61 8 bytes [B8, B9, F1, 5C, 75, 00, 00, ...]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3060] C:\Windows\system32\kernel32.dll!MoveFileExW + 10 00000000773a2b6a 2 bytes [50, C3]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3060] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 00000000773bdb10 12 bytes [48, B8, B9, 2D, 5C, 75, 00, ...]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3060] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 00000000773c0951 11 bytes [B8, 39, 57, 5D, 75, 00, 00, ...]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3060] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 00000000773f52c1 11 bytes [B8, B9, 7A, 5C, 75, 00, 00, ...]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3060] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 00000000773f52e1 11 bytes [B8, 39, 77, 5C, 75, 00, 00, ...]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3060] C:\Windows\system32\kernel32.dll!ReadConsoleW 000000007740a630 12 bytes [48, B8, B9, 81, 5C, 75, 00, ...]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3060] C:\Windows\system32\kernel32.dll!ReadConsoleA 000000007740a740 12 bytes [48, B8, 39, 7E, 5C, 75, 00, ...]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3060] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1 000000007742f4e1 11 bytes [B8, B9, F8, 5C, 75, 00, 00, ...]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3060] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1 000000007742f6e1 11 bytes [B8, 39, F5, 5C, 75, 00, 00, ...]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3060] C:\Windows\system32\kernel32.dll!MoveFileExA + 1 000000007742f711 8 bytes [B8, 39, EE, 5C, 75, 00, 00, ...]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3060] C:\Windows\system32\kernel32.dll!MoveFileExA + 10 000000007742f71a 2 bytes [50, C3]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3060] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd681861 11 bytes [B8, 79, 52, 5C, 75, 00, 00, ...]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3060] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd682db1 11 bytes [B8, 79, D0, 5C, 75, 00, 00, ...]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3060] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd683461 11 bytes [B8, 39, D2, 5C, 75, 00, 00, ...]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3060] C:\Windows\system32\KERNELBASE.dll!FindClose + 1 000007fefd6850d1 11 bytes [B8, 39, 2D, 5D, 75, 00, 00, ...]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3060] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 000007fefd685370 12 bytes [48, B8, B9, 29, 5D, 75, 00, ...]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3060] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 000007fefd685eb1 11 bytes [B8, 79, 2B, 5D, 75, 00, 00, ...]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3060] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd688f20 12 bytes [48, B8, B9, 50, 5C, 75, 00, ...]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3060] C:\Windows\system32\KERNELBASE.dll!CreateWellKnownSid + 1 000007fefd6897a1 11 bytes [B8, 79, 4E, 5D, 75, 00, 00, ...]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3060] C:\Windows\system32\KERNELBASE.dll!DeviceIoControl + 1 000007fefd68a0e1 11 bytes [B8, F9, FD, 5C, 75, 00, 00, ...]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3060] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd68aec0 12 bytes [48, B8, B9, CE, 5C, 75, 00, ...]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3060] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd68ca31 11 bytes [B8, F9, CC, 5C, 75, 00, 00, ...]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3060] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd6937d1 11 bytes [B8, F9, 4E, 5C, 75, 00, 00, ...]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3060] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd6b4310 12 bytes [48, B8, B9, 42, 5C, 75, 00, ...]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3060] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 000007fefd6c0bd1 11 bytes [B8, B9, EA, 5C, 75, 00, 00, ...]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3060] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd6c2831 8 bytes [B8, 39, 23, 5C, 75, 00, 00, ...]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3060] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd6c283a 2 bytes [50, C3]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3060] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd6c2871 11 bytes [B8, F9, 40, 5C, 75, 00, 00, ...]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3060] C:\Windows\system32\GDI32.dll!GdiDllInitialize + 349 000007fefe10b031 11 bytes [B8, 79, 6A, 5D, 75, 00, 00, ...]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3060] C:\Windows\system32\GDI32.dll!SetBrushAttributes + 1 000007fefe124991 11 bytes [B8, B9, 3E, 5D, 75, 00, 00, ...]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3060] C:\Windows\system32\GDI32.dll!ClearBrushAttributes + 1 000007fefe1249b1 11 bytes [B8, 79, 40, 5D, 75, 00, 00, ...]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3060] C:\Windows\system32\GDI32.dll!NamedEscape + 1 000007fefe139209 11 bytes [B8, F9, 43, 5D, 75, 00, 00, ...]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3060] C:\Windows\system32\DNSAPI.dll!DnsQuery_UTF8 000007fefc9c56e0 12 bytes [48, B8, 39, E7, 5C, 75, 00, ...]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3060] C:\Windows\system32\DNSAPI.dll!DnsQuery_W 000007fefc9d010c 12 bytes [48, B8, 79, E5, 5C, 75, 00, ...]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3060] C:\Windows\system32\DNSAPI.dll!DnsQuery_A 000007fefc9edaa0 12 bytes [48, B8, B9, E3, 5C, 75, 00, ...]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3060] C:\Windows\system32\WS2_32.dll!WSASend + 1 000007fefdd513b1 11 bytes [B8, B9, C7, 5C, 75, 00, 00, ...]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3060] C:\Windows\system32\WS2_32.dll!closesocket 000007fefdd518e0 12 bytes [48, B8, F9, C5, 5C, 75, 00, ...]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3060] C:\Windows\system32\WS2_32.dll!WSASocketW + 1 000007fefdd51bd1 11 bytes [B8, 39, C4, 5C, 75, 00, 00, ...]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3060] C:\Windows\system32\WS2_32.dll!WSARecv + 1 000007fefdd52201 11 bytes [B8, F9, 3C, 5D, 75, 00, 00, ...]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3060] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 000007fefdd523c0 12 bytes [48, B8, 39, A8, 5C, 75, 00, ...]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3060] C:\Windows\system32\WS2_32.dll!connect 000007fefdd545c0 12 bytes [48, B8, 79, 67, 5C, 75, 00, ...]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3060] C:\Windows\system32\WS2_32.dll!send + 1 000007fefdd58001 11 bytes [B8, 79, C2, 5C, 75, 00, 00, ...]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3060] C:\Windows\system32\WS2_32.dll!gethostbyname 000007fefdd58df0 7 bytes [48, B8, B9, AB, 5C, 75, 00]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3060] C:\Windows\system32\WS2_32.dll!gethostbyname + 9 000007fefdd58df9 3 bytes [00, 50, C3]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3060] C:\Windows\system32\WS2_32.dll!GetAddrInfoExW 000007fefdd5c090 12 bytes [48, B8, F9, A9, 5C, 75, 00, ...]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3060] C:\Windows\system32\WS2_32.dll!socket + 1 000007fefdd5de91 11 bytes [B8, F9, 35, 5D, 75, 00, 00, ...]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3060] C:\Windows\system32\WS2_32.dll!recv + 1 000007fefdd5df41 11 bytes [B8, 39, 3B, 5D, 75, 00, 00, ...]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3060] C:\Windows\system32\WS2_32.dll!WSAConnect + 1 000007fefdd7e0f1 11 bytes [B8, 79, 39, 5D, 75, 00, 00, ...]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3060] C:\Windows\system32\WININET.dll!InternetCloseHandle + 1 000007feff3bb1c1 11 bytes [B8, 39, 26, 5D, 75, 00, 00, ...]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3060] C:\Windows\system32\WININET.dll!HttpOpenRequestW + 1 000007feff3bc6d1 11 bytes [B8, F9, 12, 5D, 75, 00, 00, ...]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3060] C:\Windows\system32\WININET.dll!InternetConnectW + 1 000007feff3c29b1 11 bytes [B8, 79, 0F, 5D, 75, 00, 00, ...]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3060] C:\Windows\system32\WININET.dll!HttpSendRequestW + 1 000007feff3c3ba1 11 bytes [B8, 79, 16, 5D, 75, 00, 00, ...]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3060] C:\Windows\system32\WININET.dll!InternetReadFile + 1 000007feff3c4c81 11 bytes [B8, 79, 01, 5D, 75, 00, 00, ...]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3060] C:\Windows\system32\WININET.dll!InternetOpenW + 1 000007feff3fddc1 11 bytes [B8, F9, 04, 5D, 75, 00, 00, ...]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3060] C:\Windows\system32\WININET.dll!InternetOpenA 000007feff3fdf60 12 bytes [48, B8, 39, 03, 5D, 75, 00, ...]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3060] C:\Windows\system32\WININET.dll!HttpSendRequestExW + 1 000007feff40c461 11 bytes [B8, F9, 19, 5D, 75, 00, 00, ...]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3060] C:\Windows\system32\WININET.dll!InternetWriteFile + 1 000007feff40c921 11 bytes [B8, B9, FF, 5C, 75, 00, 00, ...]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3060] C:\Windows\system32\WININET.dll!HttpSendRequestA + 1 000007feff44f691 11 bytes [B8, B9, 14, 5D, 75, 00, 00, ...]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3060] C:\Windows\system32\WININET.dll!InternetConnectA + 1 000007feff4ae9b1 11 bytes [B8, B9, 0D, 5D, 75, 00, 00, ...]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3060] C:\Windows\system32\WININET.dll!InternetOpenUrlA + 1 000007feff4aeda1 11 bytes [B8, B9, 06, 5D, 75, 00, 00, ...]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3060] C:\Windows\system32\WININET.dll!InternetOpenUrlW + 1 000007feff4afa51 11 bytes [B8, 79, 08, 5D, 75, 00, 00, ...]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3060] C:\Windows\system32\WININET.dll!FtpGetFileA 000007feff4c0360 12 bytes [48, B8, 39, 1F, 5D, 75, 00, ...]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3060] C:\Windows\system32\WININET.dll!FtpOpenFileA + 1 000007feff4c0811 11 bytes [B8, 39, 0A, 5D, 75, 00, 00, ...]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3060] C:\Windows\system32\WININET.dll!FtpPutFileA 000007feff4c08f0 12 bytes [48, B8, B9, 22, 5D, 75, 00, ...]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3060] C:\Windows\system32\WININET.dll!FtpGetFileW + 1 000007feff4c4261 11 bytes [B8, F9, 20, 5D, 75, 00, 00, ...]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3060] C:\Windows\system32\WININET.dll!FtpOpenFileW + 1 000007feff4c4371 11 bytes [B8, F9, 0B, 5D, 75, 00, 00, ...]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3060] C:\Windows\system32\WININET.dll!FtpPutFileW + 1 000007feff4c4571 11 bytes [B8, 79, 24, 5D, 75, 00, 00, ...]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3060] C:\Windows\system32\WININET.dll!HttpSendRequestExA + 1 000007feff4d8751 11 bytes [B8, 39, 18, 5D, 75, 00, 00, ...]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3060] C:\Windows\system32\WININET.dll!HttpOpenRequestA + 1 000007feff4db221 11 bytes [B8, 39, 11, 5D, 75, 00, 00, ...]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3060] C:\Windows\system32\advapi32.DLL!CryptExportKey + 1 000007feff07ae81 11 bytes [B8, 79, 47, 5D, 75, 00, 00, ...]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3060] C:\Windows\system32\advapi32.DLL!CryptAcquireContextA + 1 000007feff07aee1 11 bytes [B8, F9, 2E, 5D, 75, 00, 00, ...]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3060] C:\Windows\system32\advapi32.DLL!CryptImportKey + 1 000007feff07e6e9 11 bytes [B8, B9, 4C, 5D, 75, 00, 00, ...]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3060] C:\Windows\system32\advapi32.DLL!CryptAcquireContextW + 1 000007feff08048d 11 bytes [B8, B9, 30, 5D, 75, 00, 00, ...]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3060] C:\Windows\system32\advapi32.DLL!CryptCreateHash + 1 000007feff080579 11 bytes [B8, B9, 45, 5D, 75, 00, 00, ...]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3060] C:\Windows\system32\advapi32.DLL!CryptGetHashParam + 1 000007feff0805b1 11 bytes [B8, 39, 49, 5D, 75, 00, 00, ...]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3060] C:\Windows\system32\advapi32.DLL!CryptGetHashParam + 73 000007feff0805f9 5 bytes [B8, F9, 4A, 5D, 75]
.text ... * 2
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3060] C:\Windows\system32\advapi32.DLL!IsTextUnicode + 49 000007feff094e21 11 bytes [B8, 39, 73, 5D, 75, 00, 00, ...]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3060] C:\Windows\system32\advapi32.DLL!CreateServiceW 000007feff095538 12 bytes [48, B8, B9, 6C, 5C, 75, 00, ...]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3060] C:\Windows\system32\advapi32.DLL!CryptEncrypt + 1 000007feff0ab9c1 7 bytes [B8, 39, 34, 5D, 75, 00, 00]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3060] C:\Windows\system32\advapi32.DLL!CryptEncrypt + 10 000007feff0ab9ca 2 bytes [50, C3]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3060] C:\Windows\system32\advapi32.DLL!CreateServiceA 000007feff0aba4c 12 bytes [48, B8, F9, 6A, 5C, 75, 00, ...]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3060] C:\Windows\system32\advapi32.DLL!ChangeServiceConfigW 000007feff0abbc0 12 bytes [48, B8, 79, 60, 5C, 75, 00, ...]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3060] C:\Windows\system32\advapi32.DLL!ChangeServiceConfigA 000007feff0abc2c 12 bytes [48, B8, B9, 5E, 5C, 75, 00, ...]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3060] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefdd3642d 11 bytes [B8, 39, 5B, 5C, 75, 00, 00, ...]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3060] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefdd36484 12 bytes [48, B8, F9, 55, 5C, 75, 00, ...]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3060] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefdd36519 11 bytes [B8, 39, 62, 5C, 75, 00, 00, ...]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3060] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefdd36c34 12 bytes [48, B8, 39, 54, 5C, 75, 00, ...]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3060] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefdd37ab5 11 bytes [B8, F9, 5C, 5C, 75, 00, 00, ...]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3060] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefdd38b01 11 bytes [B8, B9, 57, 5C, 75, 00, 00, ...]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3060] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefdd38c39 11 bytes [B8, 79, 59, 5C, 75, 00, 00, ...]
.text C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[188] C:\Windows\SysWOW64\ntdll.dll!NtWriteFile 00000000777bf968 5 bytes JMP 00000001749e8889
.text C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[188] C:\Windows\SysWOW64\ntdll.dll!NtClose 00000000777bfa20 5 bytes JMP 00000001749e5e61
.text C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[188] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 00000000777bfb68 5 bytes JMP 00000001749e5871
.text C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[188] C:\Windows\SysWOW64\ntdll.dll!NtQueryInformationToken 00000000777bfbe8 5 bytes JMP 00000001749e8461
.text C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[188] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 00000000777bfc60 5 bytes JMP 00000001749e31d9
.text C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[188] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 00000000777bfc90 5 bytes JMP 00000001749e15f1
.text C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[188] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 00000000777bfcc0 5 bytes JMP 00000001749e1689
.text C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[188] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000777bfcf0 5 bytes JMP 00000001749e57d9
.text C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[188] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 00000000777bfe08 5 bytes JMP 00000001749e87f1
.text C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[188] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000777bfe54 5 bytes JMP 00000001749e30a9
.text C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[188] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 00000000777bfe84 5 bytes JMP 00000001749e3309
.text C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[188] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 00000000777bff00 5 bytes JMP 00000001749e67e1
.text C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[188] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 00000000777bff64 5 bytes JMP 00000001749e3271
.text C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[188] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 00000000777bffb4 5 bytes JMP 00000001749e7621
.text C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[188] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 00000000777bffe4 5 bytes JMP 00000001749e8921
.text C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[188] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 00000000777c002c 5 bytes JMP 00000001749e2ee1
.text C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[188] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000777c0044 5 bytes JMP 00000001749e2db1
.text C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[188] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000777c00f4 5 bytes JMP 00000001749e1ed9
.text C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[188] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000777c0204 5 bytes JMP 00000001749e2301
.text C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[188] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000777c07dc 5 bytes JMP 00000001749e8759
.text C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[188] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 00000000777c0854 5 bytes JMP 00000001749e2e49
.text C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[188] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000777c08e4 5 bytes JMP 00000001749e2d19
.text C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[188] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000777c0e34 5 bytes JMP 00000001749e5ef9
.text C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[188] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken 00000000777c1100 5 bytes JMP 00000001749e83c9
.text C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[188] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError 00000000777c1644 5 bytes JMP 00000001749e4ac9
.text C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[188] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000777c1960 5 bytes JMP 00000001749e3141
.text C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[188] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000777c1c24 5 bytes JMP 00000001749e5f91
.text C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[188] C:\Windows\SysWOW64\ntdll.dll!NtSuspendProcess 00000000777c1d94 5 bytes JMP 00000001749e3439
.text C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[188] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 00000000777c1db0 5 bytes JMP 00000001749e33a1
.text C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[188] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 00000000777c1dcc 5 bytes JMP 00000001749e89b9
.text C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[188] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl 00000000777c1f28 5 bytes JMP 00000001749e8591
.text C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[188] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter 00000000777d28e4 5 bytes JMP 00000001749e1ab1
.text C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[188] C:\Windows\SysWOW64\ntdll.dll!RtlEqualSid 00000000777d8e61 5 bytes JMP 00000001749e84f9
.text C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[188] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx 0000000077800eab 5 bytes JMP 00000001749e2009
.text C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[188] C:\Windows\SysWOW64\ntdll.dll!RtlReportException 0000000077848b7f 5 bytes JMP 00000001749e4b61
.text C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[188] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters 000000007784ee1b 5 bytes JMP 00000001749e1f71
.text C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[188] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA 0000000076dc0e00 5 bytes JMP 00000001749e1da9
.text C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[188] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000076dc1072 5 bytes JMP 00000001749e2a21
.text C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[188] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 0000000076dc498f 5 bytes JMP 00000001749e25f9
.text C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[188] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000076dd3bab 5 bytes JMP 00000001749e3011
.text C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[188] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000076dd9aa4 5 bytes JMP 00000001749e6749
.text C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[188] C:\Windows\syswow64\kernel32.dll!MoveFileExW 0000000076dd9b05 5 bytes JMP 00000001749e64e9
.text C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[188] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot 0000000076de7327 5 bytes JMP 00000001749e2729
.text C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[188] C:\Windows\syswow64\kernel32.dll!Process32NextW 0000000076de88da 5 bytes JMP 00000001749e5dc9
.text C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[188] C:\Windows\syswow64\kernel32.dll!MoveFileExA 0000000076deccb1 5 bytes JMP 00000001749e63b9
.text C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[188] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 0000000076deccd1 5 bytes JMP 00000001749e6619
.text C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[188] C:\Windows\syswow64\kernel32.dll!WinExec 0000000076e43161 5 bytes JMP 00000001749e28f1
.text C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[188] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA 0000000076e6759b 5 bytes JMP 00000001749e46a1
.text C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[188] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW 0000000076e675be 5 bytes JMP 00000001749e47d1
.text C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[188] C:\Windows\syswow64\kernel32.dll!ReadConsoleA 0000000076e67969 5 bytes JMP 00000001749e4901
.text C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[188] C:\Windows\syswow64\kernel32.dll!ReadConsoleW 0000000076e679e2 5 bytes JMP 00000001749e4a31
.text C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[188] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime 0000000076908f8d 5 bytes JMP 00000001749e1a19
.text C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[188] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle 000000007690c436 5 bytes JMP 00000001749e3b59
.text C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[188] C:\Windows\syswow64\KERNELBASE.dll!DeviceIoControl 000000007690d0af 5 bytes JMP 00000001749e6879
.text C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[188] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 000000007690eca6 5 bytes JMP 00000001749e3601
.text C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[188] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess 000000007690f206 5 bytes JMP 00000001749e2399
.text C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[188] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW 000000007690fa89 5 bytes JMP 00000001749e1e41
.text C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[188] C:\Windows\syswow64\KERNELBASE.dll!DefineDosDeviceW 000000007690fbb7 5 bytes JMP 00000001749e6289
.text C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[188] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW 0000000076911358 5 bytes JMP 00000001749e3ac1
.text C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[188] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 000000007691137f 5 bytes JMP 00000001749e3a29
.text C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[188] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076911d29 5 bytes JMP 00000001749e1981
.text C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[188] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress 0000000076911e15 5 bytes JMP 00000001749e24c9
.text C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[188] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076912ab1 5 bytes JMP 00000001749e59a1
.text C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[188] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA 0000000076912cdf 5 bytes JMP 00000001749e5909
.text C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[188] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076912d1d 5 bytes JMP 00000001749e5a39
.text C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[188] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA 0000000076912e80 5 bytes JMP 00000001749e18e9
.text C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[188] C:\Windows\syswow64\KERNELBASE.dll!SleepEx 0000000076913b76 5 bytes JMP 00000001749e2269
.text C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[188] C:\Windows\syswow64\KERNELBASE.dll!Sleep 000000007691449c 5 bytes JMP 00000001749e2431
.text C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[188] C:\Windows\syswow64\KERNELBASE.dll!CreateThread 000000007691460e 5 bytes JMP 00000001749e3569
.text C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[188] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread 0000000076914637 5 bytes JMP 00000001749e2c81
.text C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[188] C:\Windows\syswow64\KERNELBASE.dll!FindNextFileW 000000007691a217 5 bytes JMP 00000001749e7751
.text C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[188] C:\Windows\syswow64\KERNELBASE.dll!FindClose 000000007691a426 5 bytes JMP 00000001749e77e9
.text C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[188] C:\Windows\syswow64\KERNELBASE.dll!FindFirstFileExW 000000007691a500 5 bytes JMP 00000001749e76b9
.text C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[188] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA 000000007691c73a 5 bytes JMP 00000001749e27c1
.text C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[188] C:\Windows\syswow64\KERNELBASE.dll!CreateWellKnownSid 000000007691e2a4 5 bytes JMP 00000001749e8331
.text C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[188] C:\Windows\syswow64\ADVAPI32.dll!CryptGenKey 00000000767f8e89 5 bytes JMP 00000001749e79b1
.text C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[188] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextA 00000000767f9179 5 bytes JMP 00000001749e7881
.text C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[188] C:\Windows\syswow64\ADVAPI32.dll!CryptExportKey 00000000767f9186 5 bytes JMP 00000001749e80d1
.text C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[188] C:\Windows\syswow64\ADVAPI32.dll!CryptImportKey 00000000767fc4d2 5 bytes JMP 00000001749e8299
.text C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[188] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceW 00000000767fc9ec 5 bytes JMP 00000001749e3c89
.text C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[188] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextW 00000000767fdeb4 5 bytes JMP 00000001749e7919
.text C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[188] C:\Windows\syswow64\ADVAPI32.dll!CryptHashData 00000000767fded6 5 bytes JMP 00000001749e8201
.text C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[188] C:\Windows\syswow64\ADVAPI32.dll!CryptCreateHash 00000000767fdeee 5 bytes JMP 00000001749e8039
.text C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[188] C:\Windows\syswow64\ADVAPI32.dll!CryptGetHashParam 00000000767fdf1e 5 bytes JMP 00000001749e8169
.text C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[188] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceA 0000000076802b50 5 bytes JMP 00000001749e3bf1
.text C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[188] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle 00000000768035fc 5 bytes JMP 00000001749e40b1
.text C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[188] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA + 222 000000007680494d 1 byte JMP 00000001749e8a51
.text C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[188] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA + 224 000000007680494f 3 bytes {JMP 0xfffffffffe1e4104}
.text C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[188] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 000000007681714c 5 bytes JMP 00000001749e4311
.text C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[188] C:\Windows\syswow64\ADVAPI32.dll!ControlService 0000000076817164 5 bytes JMP 00000001749e3e51
.text C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[188] C:\Windows\syswow64\ADVAPI32.dll!DeleteService 000000007681717c 5 bytes JMP 00000001749e3ee9
.text C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[188] C:\Windows\syswow64\ADVAPI32.dll!CryptEncrypt 00000000768177c3 5 bytes JMP 00000001749e7a49
.text C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[188] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA 0000000076833384 5 bytes JMP 00000001749e3f81
.text C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[188] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW 0000000076833394 5 bytes JMP 00000001749e4019
.text C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[188] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA 00000000768333a4 5 bytes JMP 00000001749e3d21
.text C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[188] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExW 00000000768333b4 5 bytes JMP 00000001749e3db9
.text C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[188] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 00000000768333f4 5 bytes JMP 00000001749e4279
.text C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[188] C:\Windows\syswow64\msvcrt.dll!_lock + 41 0000000076a4a472 5 bytes JMP 00000001749e8ae9
.text C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[188] C:\Windows\syswow64\msvcrt.dll!__p__fmode 0000000076a527ce 5 bytes JMP 00000001749e1be1
.text C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[188] C:\Windows\syswow64\msvcrt.dll!__p__environ 0000000076a5e6cf 5 bytes JMP 00000001749e1b49
.text C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[188] C:\Windows\syswow64\GDI32.dll!TranslateCharsetInfo + 505 000000007632633b 5 bytes JMP 00000001749e8b81
.text C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[188] C:\Windows\syswow64\GDI32.dll!SetBrushAttributes 000000007634868d 5 bytes JMP 00000001749e7dd9
.text C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[188] C:\Windows\syswow64\GDI32.dll!ClearBrushAttributes 00000000763486ac 5 bytes JMP 00000001749e7e71
.text C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[188] C:\Windows\syswow64\GDI32.dll!NamedEscape 00000000763540e9 5 bytes JMP 00000001749e7fa1
.text C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[188] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000076b078e2 5 bytes JMP 00000001749e4441
.text C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[188] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000076b07bd3 5 bytes JMP 00000001749e43a9
.text C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[188] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076b08a29 5 bytes JMP 00000001749e4f89
.text C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[188] C:\Windows\syswow64\USER32.dll!FindWindowW 0000000076b098fd 1 byte JMP 00000001749e5c01
.text C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[188] C:\Windows\syswow64\USER32.dll!FindWindowW + 2 0000000076b098ff 3 bytes {JMP 0xfffffffffdedc304}
.text C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[188] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize 0000000076b0b6ed 5 bytes JMP 00000001749e8c19
.text C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[188] C:\Windows\syswow64\USER32.dll!CreateWindowExA 0000000076b0d22e 5 bytes JMP 00000001749e5021
.text C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[188] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076b0ee09 5 bytes JMP 00000001749e34d1
.text C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[188] C:\Windows\syswow64\USER32.dll!FindWindowA 0000000076b0ffe6 5 bytes JMP 00000001749e5ad1
.text C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[188] C:\Windows\syswow64\USER32.dll!FindWindowExA 0000000076b100d9 5 bytes JMP 00000001749e5b69
.text C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[188] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000076b105ba 5 bytes JMP 00000001749e4571
.text C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[188] C:\Windows\syswow64\USER32.dll!ShowWindow 0000000076b10dfb 5 bytes JMP 00000001749e50b9
.text C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[188] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000076b112a5 5 bytes JMP 00000001749e86c1
.text C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[188] C:\Windows\syswow64\USER32.dll!SetWindowTextW 0000000076b120ec 5 bytes JMP 00000001749e5449
.text C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[188] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000076b13baa 5 bytes JMP 00000001749e8629
.text C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[188] C:\Windows\syswow64\USER32.dll!SetWindowPlacement 0000000076b14ab6 5 bytes JMP 00000001749e7f09
.text C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[188] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000076b15f74 5 bytes JMP 00000001749e44d9
.text C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[188] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000076b16285 5 bytes JMP 00000001749e4bf9
.text C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[188] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076b17603 5 bytes JMP 00000001749e2be9
.text C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[188] C:\Windows\syswow64\USER32.dll!SetWindowTextA 0000000076b17aee 5 bytes JMP 00000001749e53b1
.text C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[188] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076b1835c 5 bytes JMP 00000001749e2b51
.text C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[188] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamAorW 0000000076b2ce54 5 bytes JMP 00000001749e51e9
.text C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[188] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000076b2f52b 5 bytes JMP 00000001749e4c91
.text C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[188] C:\Windows\syswow64\USER32.dll!FindWindowExW 0000000076b2f588 5 bytes JMP 00000001749e5c99
.text C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[188] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamAorW 0000000076b310a0 5 bytes JMP 00000001749e5151
.text C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[188] C:\Windows\syswow64\USER32.dll!MessageBoxExA 0000000076b5fcd6 2 bytes JMP 00000001749e5281
.text C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[188] C:\Windows\syswow64\USER32.dll!MessageBoxExA + 3 0000000076b5fcd9 2 bytes [E8, FD]
.text C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[188] C:\Windows\syswow64\USER32.dll!MessageBoxExW 0000000076b5fcfa 5 bytes JMP 00000001749e5319
.text C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[188] C:\Windows\syswow64\SHELL32.dll!Shell_NotifyIconW 00000000756e0199 5 bytes JMP 00000001749e4d29
.text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[2556] C:\Windows\SYSTEM32\ntdll.dll!RtlEqualSid + 1 00000000775e85e1 11 bytes [B8, F9, 35, 5D, 75, 00, 00, ...]
.text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[2556] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 00000000775f6921 7 bytes [B8, 39, 69, 5C, 75, 00, 00]
.text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[2556] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 10 00000000775f692a 2 bytes [50, C3]
.text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[2556] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 000000007760da30 6 bytes [48, B8, F9, 43, 5D, 75]
.text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[2556] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 000000007760da38 4 bytes [00, 00, 50, C3]
.text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[2556] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007760daa0 6 bytes [48, B8, 79, C2, 5C, 75]
.text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[2556] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 000000007760daa8 4 bytes [00, 00, 50, C3]
.text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[2556] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007760db70 6 bytes [48, B8, 39, AF, 5C, 75]
.text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[2556] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 000000007760db78 4 bytes [00, 00, 50, C3]
.text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[2556] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken 000000007760dbc0 6 bytes [48, B8, 39, 34, 5D, 75]
.text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[2556] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken + 8 000000007760dbc8 4 bytes [00, 00, 50, C3]
.text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[2556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007760dc10 6 bytes [48, B8, F9, 32, 5C, 75]
.text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[2556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 000000007760dc18 4 bytes [00, 00, 50, C3]
.text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[2556] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007760dc30 6 bytes [48, B8, 39, 1C, 5C, 75]
.text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[2556] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000000007760dc38 4 bytes [00, 00, 50, C3]
.text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[2556] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007760dc50 6 bytes [48, B8, F9, 1D, 5C, 75]
.text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[2556] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 000000007760dc58 4 bytes [00, 00, 50, C3]
.text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[2556] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007760dc70 6 bytes [48, B8, 79, AD, 5C, 75]
.text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[2556] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 000000007760dc78 4 bytes [00, 00, 50, C3]
.text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[2556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007760dd20 6 bytes [48, B8, 39, 42, 5D, 75]
.text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[2556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 000000007760dd28 4 bytes [00, 00, 50, C3]
.text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[2556] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007760dd50 6 bytes [48, B8, 79, 2F, 5C, 75]
.text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[2556] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 000000007760dd58 4 bytes [00, 00, 50, C3]
.text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[2556] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007760dd70 6 bytes [48, B8, 79, 36, 5C, 75]
.text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[2556] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 000000007760dd78 4 bytes [00, 00, 50, C3]
.text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[2556] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007760de00 6 bytes [48, B8, B9, 34, 5C, 75]
.text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[2556] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 000000007760de08 4 bytes [00, 00, 50, C3]
.text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[2556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007760de30 6 bytes [48, B8, 39, 0A, 5D, 75]
.text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[2556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 8 000000007760de38 4 bytes [00, 00, 50, C3]
.text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[2556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007760de50 6 bytes [48, B8, B9, 45, 5D, 75]
.text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[2556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 000000007760de58 4 bytes [00, 00, 50, C3]
.text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[2556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 000000007760de80 6 bytes [48, B8, 39, 2A, 5C, 75]
.text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[2556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 000000007760de88 4 bytes [00, 00, 50, C3]
.text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[2556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007760de90 6 bytes [48, B8, B9, 26, 5C, 75]
.text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[2556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 000000007760de98 4 bytes [00, 00, 50, C3]
.text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[2556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007760df00 6 bytes [48, B8, 79, DE, 5C, 75]
.text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[2556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000000007760df08 4 bytes [00, 00, 50, C3]
.text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[2556] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000000007760dfb0 4 bytes [48, B8, 39, 49]
.text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[2556] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 5 000000007760dfb5 1 byte [75]
.text ... * 2
.text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[2556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007760e380 6 bytes [48, B8, 79, 40, 5D, 75]
.text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[2556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 000000007760e388 4 bytes [00, 00, 50, C3]
.text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[2556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 000000007760e3d0 6 bytes [48, B8, 79, 28, 5C, 75]
.text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[2556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 000000007760e3d8 4 bytes [00, 00, 50, C3]
.text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[2556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007760e430 6 bytes [48, B8, F9, 24, 5C, 75]
.text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[2556] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 000000007760e438 4 bytes [00, 00, 50, C3]
.text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[2556] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007760e7a0 6 bytes [48, B8, 39, C4, 5C, 75]
.text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[2556] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 000000007760e7a8 4 bytes [00, 00, 50, C3]
.text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[2556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 000000007760e970 6 bytes [48, B8, 79, 32, 5D, 75]
.text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[2556] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 000000007760e978 4 bytes [00, 00, 50, C3]
.text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[2556] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 000000007760ece0 6 bytes [48, B8, 79, 83, 5C, 75]
.text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[2556] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 000000007760ece8 4 bytes [00, 00, 50, C3]
.text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[2556] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007760eee0 6 bytes [48, B8, 39, 31, 5C, 75]
.text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[2556] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 000000007760eee8 4 bytes [00, 00, 50, C3]
.text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[2556] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007760f0a0 6 bytes [48, B8, F9, C5, 5C, 75]
.text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[2556] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 000000007760f0a8 4 bytes [00, 00, 50, C3]
.text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[2556] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007760f180 6 bytes [48, B8, 79, 3D, 5C, 75]
.text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[2556] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8 000000007760f188 4 bytes [00, 00, 50, C3]
.text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[2556] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007760f190 6 bytes [48, B8, B9, 3B, 5C, 75]
.text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[2556] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8 000000007760f198 4 bytes [00, 00, 50, C3]
.text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[2556] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007760f1a0 6 bytes [48, B8, 79, 47, 5D, 75]
.text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[2556] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 000000007760f1a8 4 bytes [00, 00, 50, C3]
.text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[2556] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007760f280 6 bytes [48, B8, 39, 3B, 5D, 75]
.text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[2556] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 000000007760f288 4 bytes [00, 00, 50, C3]
.text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[2556] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 000000007767f0c1 11 bytes [B8, 39, 85, 5C, 75, 00, 00, ...]
.text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[2556] C:\Windows\system32\kernel32.dll!Process32NextW + 1 00000000773a1b21 11 bytes [B8, B9, C0, 5C, 75, 00, 00, ...]
.text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[2556] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 00000000773a1c10 12 bytes [48, B8, F9, 39, 5C, 75, 00, ...]
.text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[2556] C:\Windows\system32\kernel32.dll!MoveFileExW + 1 00000000773a2b61 8 bytes [B8, B9, D5, 5C, 75, 00, 00, ...]
.text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[2556] C:\Windows\system32\kernel32.dll!MoveFileExW + 10 00000000773a2b6a 2 bytes [50, C3]
.text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[2556] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 00000000773bdb10 12 bytes [48, B8, B9, 2D, 5C, 75, 00, ...]
.text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[2556] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 00000000773c0951 11 bytes [B8, 79, 39, 5D, 75, 00, 00, ...]
.text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[2556] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 00000000773f52c1 11 bytes [B8, B9, 7A, 5C, 75, 00, 00, ...]
.text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[2556] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 00000000773f52e1 11 bytes [B8, 39, 77, 5C, 75, 00, 00, ...]
.text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[2556] C:\Windows\system32\kernel32.dll!ReadConsoleW 000000007740a630 12 bytes [48, B8, B9, 81, 5C, 75, 00, ...]
.text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[2556] C:\Windows\system32\kernel32.dll!ReadConsoleA 000000007740a740 12 bytes [48, B8, 39, 7E, 5C, 75, 00, ...]
.text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[2556] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1 000000007742f4e1 11 bytes [B8, B9, DC, 5C, 75, 00, 00, ...]
.text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[2556] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1 000000007742f6e1 11 bytes [B8, 39, D9, 5C, 75, 00, 00, ...]
.text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[2556] C:\Windows\system32\kernel32.dll!MoveFileExA + 1 000000007742f711 8 bytes [B8, 39, D2, 5C, 75, 00, 00, ...]
.text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[2556] C:\Windows\system32\kernel32.dll!MoveFileExA + 10 000000007742f71a 2 bytes [50, C3]
.text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[2556] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd681861 11 bytes [B8, 79, 52, 5C, 75, 00, 00, ...]
.text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[2556] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd682db1 11 bytes [B8, 79, B4, 5C, 75, 00, 00, ...]
.text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[2556] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd683461 11 bytes [B8, 39, B6, 5C, 75, 00, 00, ...]
.text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[2556] C:\Windows\system32\KERNELBASE.dll!FindClose + 1 000007fefd6850d1 11 bytes [B8, 79, 0F, 5D, 75, 00, 00, ...]
.text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[2556] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 000007fefd685370 12 bytes [48, B8, F9, 0B, 5D, 75, 00, ...]
.text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[2556] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 000007fefd685eb1 11 bytes [B8, B9, 0D, 5D, 75, 00, 00, ...]
.text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[2556] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd688f20 12 bytes [48, B8, B9, 50, 5C, 75, 00, ...]
.text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[2556] C:\Windows\system32\KERNELBASE.dll!CreateWellKnownSid + 1 000007fefd6897a1 11 bytes [B8, B9, 30, 5D, 75, 00, 00, ...]
.text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[2556] C:\Windows\system32\KERNELBASE.dll!DeviceIoControl + 1 000007fefd68a0e1 11 bytes [B8, 39, E0, 5C, 75, 00, 00, ...]
.text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[2556] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd68aec0 12 bytes [48, B8, B9, B2, 5C, 75, 00, ...]
.text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[2556] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd68ca31 11 bytes [B8, F9, B0, 5C, 75, 00, 00, ...]
.text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[2556] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd6937d1 11 bytes [B8, F9, 4E, 5C, 75, 00, 00, ...]
.text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[2556] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd6b4310 12 bytes [48, B8, B9, 42, 5C, 75, 00, ...]
.text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[2556] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 000007fefd6c0bd1 11 bytes [B8, B9, CE, 5C, 75, 00, 00, ...]
.text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[2556] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd6c2831 8 bytes [B8, 39, 23, 5C, 75, 00, 00, ...]
.text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[2556] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd6c283a 2 bytes [50, C3]
.text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[2556] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd6c2871 11 bytes [B8, F9, 40, 5C, 75, 00, 00, ...]
.text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[2556] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 1 000007feff07ae81 11 bytes [B8, B9, 29, 5D, 75, 00, 00, ...]
.text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[2556] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 1 000007feff07aee1 11 bytes [B8, 39, 11, 5D, 75, 00, 00, ...]
.text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[2556] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 1 000007feff07e6e9 11 bytes [B8, F9, 2E, 5D, 75, 00, 00, ...]
.text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[2556] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 1 000007feff08048d 11 bytes [B8, F9, 12, 5D, 75, 00, 00, ...]
.text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[2556] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 1 000007feff080579 11 bytes [B8, F9, 27, 5D, 75, 00, 00, ...]
.text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[2556] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 1 000007feff0805b1 11 bytes [B8, 79, 2B, 5D, 75, 00, 00, ...]
.text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[2556] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 73 000007feff0805f9 5 bytes [B8, 39, 2D, 5D, 75]
.text ... * 2
.text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[2556] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49 000007feff094e21 11 bytes [B8, F9, 4A, 5D, 75, 00, 00, ...]
.text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[2556] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007feff095538 12 bytes [48, B8, B9, 6C, 5C, 75, 00, ...]
.text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[2556] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 1 000007feff0ab9c1 7 bytes [B8, 79, 16, 5D, 75, 00, 00]
.text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[2556] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 10 000007feff0ab9ca 2 bytes [50, C3]
.text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[2556] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007feff0aba4c 12 bytes [48, B8, F9, 6A, 5C, 75, 00, ...]
.text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[2556] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW 000007feff0abbc0 12 bytes [48, B8, 79, 60, 5C, 75, 00, ...]
.text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[2556] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007feff0abc2c 12 bytes [48, B8, B9, 5E, 5C, 75, 00, ...]
.text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[2556] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefdd3642d 11 bytes [B8, 39, 5B, 5C, 75, 00, 00, ...]
.text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[2556] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefdd36484 12 bytes [48, B8, F9, 55, 5C, 75, 00, ...]
.text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[2556] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefdd36519 11 bytes [B8, 39, 62, 5C, 75, 00, 00, ...]
.text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[2556] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefdd36c34 12 bytes [48, B8, 39, 54, 5C, 75, 00, ...]
.text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[2556] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefdd37ab5 11 bytes [B8, F9, 5C, 5C, 75, 00, 00, ...]
.text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[2556] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefdd38b01 11 bytes [B8, B9, 57, 5C, 75, 00, 00, ...]
.text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[2556] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefdd38c39 11 bytes [B8, 79, 59, 5C, 75, 00, 00, ...]
.text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[2556] C:\Windows\system32\GDI32.dll!GdiDllInitialize + 349 000007fefe10b031 11 bytes [B8, B9, 4C, 5D, 75, 00, 00, ...]
.text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[2556] C:\Windows\system32\GDI32.dll!SetBrushAttributes + 1 000007fefe124991 11 bytes [B8, F9, 20, 5D, 75, 00, 00, ...]
.text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[2556] C:\Windows\system32\GDI32.dll!ClearBrushAttributes + 1 000007fefe1249b1 11 bytes [B8, B9, 22, 5D, 75, 00, 00, ...]
.text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[2556] C:\Windows\system32\GDI32.dll!NamedEscape + 1 000007fefe139209 11 bytes [B8, 39, 26, 5D, 75, 00, 00, ...]
.text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[2556] C:\Windows\system32\WS2_32.dll!WSASend + 1 000007fefdd513b1 11 bytes [B8, B9, AB, 5C, 75, 00, 00, ...]
.text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[2556] C:\Windows\system32\WS2_32.dll!closesocket 000007fefdd518e0 12 bytes [48, B8, F9, A9, 5C, 75, 00, ...]
.text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[2556] C:\Windows\system32\WS2_32.dll!WSASocketW + 1 000007fefdd51bd1 11 bytes [B8, 39, A8, 5C, 75, 00, 00, ...]
.text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[2556] C:\Windows\system32\WS2_32.dll!WSARecv + 1 000007fefdd52201 11 bytes [B8, 39, 1F, 5D, 75, 00, 00, ...]
.text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[2556] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 000007fefdd523c0 12 bytes [48, B8, 39, 8C, 5C, 75, 00, ...]
.text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[2556] C:\Windows\system32\WS2_32.dll!connect 000007fefdd545c0 12 bytes [48, B8, 79, 67, 5C, 75, 00, ...]
.text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[2556] C:\Windows\system32\WS2_32.dll!send + 1 000007fefdd58001 11 bytes [B8, 79, A6, 5C, 75, 00, 00, ...]
.text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[2556] C:\Windows\system32\WS2_32.dll!gethostbyname 000007fefdd58df0 7 bytes [48, B8, B9, 8F, 5C, 75, 00]
.text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[2556] C:\Windows\system32\WS2_32.dll!gethostbyname + 9 000007fefdd58df9 3 bytes [00, 50, C3]
.text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[2556] C:\Windows\system32\WS2_32.dll!GetAddrInfoExW 000007fefdd5c090 12 bytes [48, B8, F9, 8D, 5C, 75, 00, ...]
.text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[2556] C:\Windows\system32\WS2_32.dll!socket + 1 000007fefdd5de91 11 bytes [B8, 39, 18, 5D, 75, 00, 00, ...]
.text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[2556] C:\Windows\system32\WS2_32.dll!recv + 1 000007fefdd5df41 11 bytes [B8, 79, 1D, 5D, 75, 00, 00, ...]
.text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[2556] C:\Windows\system32\WS2_32.dll!WSAConnect + 1 000007fefdd7e0f1 11 bytes [B8, B9, 1B, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\wbem\unsecapp.exe[2972] C:\Windows\system32\kernel32.dll!Process32NextW + 1 00000000773a1b21 11 bytes [B8, B9, C0, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\wbem\unsecapp.exe[2972] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 00000000773a1c10 12 bytes [48, B8, F9, 39, 5C, 75, 00, ...]
.text C:\Windows\system32\wbem\unsecapp.exe[2972] C:\Windows\system32\kernel32.dll!MoveFileExW + 1 00000000773a2b61 8 bytes [B8, B9, D5, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\wbem\unsecapp.exe[2972] C:\Windows\system32\kernel32.dll!MoveFileExW + 10 00000000773a2b6a 2 bytes [50, C3]
.text C:\Windows\system32\wbem\unsecapp.exe[2972] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 00000000773bdb10 12 bytes [48, B8, B9, 2D, 5C, 75, 00, ...]
.text C:\Windows\system32\wbem\unsecapp.exe[2972] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 00000000773c0951 11 bytes [B8, 39, 3B, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\wbem\unsecapp.exe[2972] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 00000000773f52c1 11 bytes [B8, B9, 7A, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\wbem\unsecapp.exe[2972] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 00000000773f52e1 11 bytes [B8, 39, 77, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\wbem\unsecapp.exe[2972] C:\Windows\system32\kernel32.dll!ReadConsoleW 000000007740a630 12 bytes [48, B8, B9, 81, 5C, 75, 00, ...]
.text C:\Windows\system32\wbem\unsecapp.exe[2972] C:\Windows\system32\kernel32.dll!ReadConsoleA 000000007740a740 12 bytes [48, B8, 39, 7E, 5C, 75, 00, ...]
.text C:\Windows\system32\wbem\unsecapp.exe[2972] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1 000000007742f4e1 11 bytes [B8, B9, DC, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\wbem\unsecapp.exe[2972] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1 000000007742f6e1 11 bytes [B8, 39, D9, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\wbem\unsecapp.exe[2972] C:\Windows\system32\kernel32.dll!MoveFileExA + 1 000000007742f711 8 bytes [B8, 39, D2, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\wbem\unsecapp.exe[2972] C:\Windows\system32\kernel32.dll!MoveFileExA + 10 000000007742f71a 2 bytes [50, C3]
.text C:\Windows\system32\wbem\unsecapp.exe[2972] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd681861 11 bytes [B8, 79, 52, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\wbem\unsecapp.exe[2972] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd682db1 11 bytes [B8, 79, B4, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\wbem\unsecapp.exe[2972] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd683461 11 bytes [B8, 39, B6, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\wbem\unsecapp.exe[2972] C:\Windows\system32\KERNELBASE.dll!FindClose + 1 000007fefd6850d1 11 bytes [B8, 39, 11, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\wbem\unsecapp.exe[2972] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 000007fefd685370 12 bytes [48, B8, B9, 0D, 5D, 75, 00, ...]
.text C:\Windows\system32\wbem\unsecapp.exe[2972] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 000007fefd685eb1 11 bytes [B8, 79, 0F, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\wbem\unsecapp.exe[2972] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd688f20 12 bytes [48, B8, B9, 50, 5C, 75, 00, ...]
.text C:\Windows\system32\wbem\unsecapp.exe[2972] C:\Windows\system32\KERNELBASE.dll!CreateWellKnownSid + 1 000007fefd6897a1 11 bytes [B8, 79, 32, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\wbem\unsecapp.exe[2972] C:\Windows\system32\KERNELBASE.dll!DeviceIoControl + 1 000007fefd68a0e1 11 bytes [B8, F9, E1, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\wbem\unsecapp.exe[2972] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd68aec0 12 bytes [48, B8, B9, B2, 5C, 75, 00, ...]
.text C:\Windows\system32\wbem\unsecapp.exe[2972] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd68ca31 11 bytes [B8, F9, B0, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\wbem\unsecapp.exe[2972] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd6937d1 11 bytes [B8, F9, 4E, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\wbem\unsecapp.exe[2972] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd6b4310 12 bytes [48, B8, B9, 42, 5C, 75, 00, ...]
.text C:\Windows\system32\wbem\unsecapp.exe[2972] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 000007fefd6c0bd1 11 bytes [B8, B9, CE, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\wbem\unsecapp.exe[2972] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd6c2831 8 bytes [B8, 39, 23, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\wbem\unsecapp.exe[2972] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd6c283a 2 bytes [50, C3]
.text C:\Windows\system32\wbem\unsecapp.exe[2972] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd6c2871 11 bytes [B8, F9, 40, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\wbem\unsecapp.exe[2972] C:\Windows\system32\GDI32.dll!GdiDllInitialize + 349 000007fefe10b031 11 bytes [B8, B9, 4C, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\wbem\unsecapp.exe[2972] C:\Windows\system32\GDI32.dll!SetBrushAttributes + 1 000007fefe124991 11 bytes [B8, B9, 22, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\wbem\unsecapp.exe[2972] C:\Windows\system32\GDI32.dll!ClearBrushAttributes + 1 000007fefe1249b1 11 bytes [B8, 79, 24, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\wbem\unsecapp.exe[2972] C:\Windows\system32\GDI32.dll!NamedEscape + 1 000007fefe139209 11 bytes [B8, F9, 27, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\wbem\unsecapp.exe[2972] C:\Windows\system32\WS2_32.dll!WSASend + 1 000007fefdd513b1 11 bytes [B8, B9, AB, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\wbem\unsecapp.exe[2972] C:\Windows\system32\WS2_32.dll!closesocket 000007fefdd518e0 12 bytes [48, B8, F9, A9, 5C, 75, 00, ...]
.text C:\Windows\system32\wbem\unsecapp.exe[2972] C:\Windows\system32\WS2_32.dll!WSASocketW + 1 000007fefdd51bd1 11 bytes [B8, 39, A8, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\wbem\unsecapp.exe[2972] C:\Windows\system32\WS2_32.dll!WSARecv + 1 000007fefdd52201 11 bytes [B8, F9, 20, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\wbem\unsecapp.exe[2972] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 000007fefdd523c0 12 bytes [48, B8, 39, 8C, 5C, 75, 00, ...]
.text C:\Windows\system32\wbem\unsecapp.exe[2972] C:\Windows\system32\WS2_32.dll!connect 000007fefdd545c0 12 bytes [48, B8, 79, 67, 5C, 75, 00, ...]
.text C:\Windows\system32\wbem\unsecapp.exe[2972] C:\Windows\system32\WS2_32.dll!send + 1 000007fefdd58001 11 bytes [B8, 79, A6, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\wbem\unsecapp.exe[2972] C:\Windows\system32\WS2_32.dll!gethostbyname 000007fefdd58df0 7 bytes [48, B8, B9, 8F, 5C, 75, 00]
.text C:\Windows\system32\wbem\unsecapp.exe[2972] C:\Windows\system32\WS2_32.dll!gethostbyname + 9 000007fefdd58df9 3 bytes [00, 50, C3]
.text C:\Windows\system32\wbem\unsecapp.exe[2972] C:\Windows\system32\WS2_32.dll!GetAddrInfoExW 000007fefdd5c090 12 bytes [48, B8, F9, 8D, 5C, 75, 00, ...]
.text C:\Windows\system32\wbem\unsecapp.exe[2972] C:\Windows\system32\WS2_32.dll!socket + 1 000007fefdd5de91 11 bytes [B8, F9, 19, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\wbem\unsecapp.exe[2972] C:\Windows\system32\WS2_32.dll!recv + 1 000007fefdd5df41 11 bytes [B8, 39, 1F, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\wbem\unsecapp.exe[2972] C:\Windows\system32\WS2_32.dll!WSAConnect + 1 000007fefdd7e0f1 11 bytes [B8, 79, 1D, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\wbem\unsecapp.exe[2972] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefdd3642d 11 bytes [B8, 39, 5B, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\wbem\unsecapp.exe[2972] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefdd36484 12 bytes [48, B8, F9, 55, 5C, 75, 00, ...]
.text C:\Windows\system32\wbem\unsecapp.exe[2972] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefdd36519 11 bytes [B8, 39, 62, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\wbem\unsecapp.exe[2972] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefdd36c34 12 bytes [48, B8, 39, 54, 5C, 75, 00, ...]
.text C:\Windows\system32\wbem\unsecapp.exe[2972] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefdd37ab5 11 bytes [B8, F9, 5C, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\wbem\unsecapp.exe[2972] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefdd38b01 11 bytes [B8, B9, 57, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\wbem\unsecapp.exe[2972] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefdd38c39 11 bytes [B8, 79, 59, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\wbem\unsecapp.exe[2972] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 1 000007feff07ae81 11 bytes [B8, 79, 2B, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\wbem\unsecapp.exe[2972] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 1 000007feff07aee1 11 bytes [B8, F9, 12, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\wbem\unsecapp.exe[2972] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 1 000007feff07e6e9 11 bytes [B8, B9, 30, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\wbem\unsecapp.exe[2972] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 1 000007feff08048d 11 bytes [B8, B9, 14, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\wbem\unsecapp.exe[2972] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 1 000007feff080579 11 bytes [B8, B9, 29, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\wbem\unsecapp.exe[2972] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 1 000007feff0805b1 11 bytes [B8, 39, 2D, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\wbem\unsecapp.exe[2972] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 73 000007feff0805f9 5 bytes [B8, F9, 2E, 5D, 75]
.text ...
|
|
05.12.2015, 19:07
| #8 |
| /// TB-Schüler | Win7: Fehler 5 u.a. / "Kaputtoptimiert" Teil 9: Code:
ATTFilter * 2
.text C:\Windows\system32\wbem\unsecapp.exe[2972] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49 000007feff094e21 11 bytes [B8, F9, 51, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\wbem\unsecapp.exe[2972] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007feff095538 12 bytes [48, B8, B9, 6C, 5C, 75, 00, ...]
.text C:\Windows\system32\wbem\unsecapp.exe[2972] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 1 000007feff0ab9c1 7 bytes [B8, 39, 18, 5D, 75, 00, 00]
.text C:\Windows\system32\wbem\unsecapp.exe[2972] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 10 000007feff0ab9ca 2 bytes [50, C3]
.text C:\Windows\system32\wbem\unsecapp.exe[2972] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007feff0aba4c 12 bytes [48, B8, F9, 6A, 5C, 75, 00, ...]
.text C:\Windows\system32\wbem\unsecapp.exe[2972] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW 000007feff0abbc0 12 bytes [48, B8, 79, 60, 5C, 75, 00, ...]
.text C:\Windows\system32\wbem\unsecapp.exe[2972] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007feff0abc2c 12 bytes [48, B8, B9, 5E, 5C, 75, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!RtlEqualSid + 1 00000000775e85e1 11 bytes [B8, F9, 35, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 00000000775f6921 7 bytes [B8, 39, 69, 5C, 75, 00, 00]
.text C:\Windows\system32\wbem\wmiprvse.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 10 00000000775f692a 2 bytes [50, C3]
.text C:\Windows\system32\wbem\wmiprvse.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 000000007760da30 6 bytes [48, B8, F9, 43, 5D, 75]
.text C:\Windows\system32\wbem\wmiprvse.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 000000007760da38 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\wbem\wmiprvse.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007760daa0 6 bytes [48, B8, 79, C2, 5C, 75]
.text C:\Windows\system32\wbem\wmiprvse.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 000000007760daa8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\wbem\wmiprvse.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007760db70 6 bytes [48, B8, 39, AF, 5C, 75]
.text C:\Windows\system32\wbem\wmiprvse.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 000000007760db78 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\wbem\wmiprvse.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken 000000007760dbc0 6 bytes [48, B8, 39, 34, 5D, 75]
.text C:\Windows\system32\wbem\wmiprvse.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken + 8 000000007760dbc8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\wbem\wmiprvse.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007760dc10 6 bytes [48, B8, F9, 32, 5C, 75]
.text C:\Windows\system32\wbem\wmiprvse.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 000000007760dc18 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\wbem\wmiprvse.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007760dc30 6 bytes [48, B8, 39, 1C, 5C, 75]
.text C:\Windows\system32\wbem\wmiprvse.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000000007760dc38 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\wbem\wmiprvse.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007760dc50 6 bytes [48, B8, F9, 1D, 5C, 75]
.text C:\Windows\system32\wbem\wmiprvse.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 000000007760dc58 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\wbem\wmiprvse.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007760dc70 6 bytes [48, B8, 79, AD, 5C, 75]
.text C:\Windows\system32\wbem\wmiprvse.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 000000007760dc78 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\wbem\wmiprvse.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007760dd20 6 bytes [48, B8, 39, 42, 5D, 75]
.text C:\Windows\system32\wbem\wmiprvse.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 000000007760dd28 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\wbem\wmiprvse.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007760dd50 6 bytes [48, B8, 79, 2F, 5C, 75]
.text C:\Windows\system32\wbem\wmiprvse.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 000000007760dd58 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\wbem\wmiprvse.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007760dd70 6 bytes [48, B8, 79, 36, 5C, 75]
.text C:\Windows\system32\wbem\wmiprvse.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 000000007760dd78 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\wbem\wmiprvse.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007760de00 6 bytes [48, B8, B9, 34, 5C, 75]
.text C:\Windows\system32\wbem\wmiprvse.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 000000007760de08 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\wbem\wmiprvse.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007760de30 6 bytes [48, B8, 39, 0A, 5D, 75]
.text C:\Windows\system32\wbem\wmiprvse.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 8 000000007760de38 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\wbem\wmiprvse.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007760de50 6 bytes [48, B8, B9, 45, 5D, 75]
.text C:\Windows\system32\wbem\wmiprvse.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 000000007760de58 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\wbem\wmiprvse.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 000000007760de80 6 bytes [48, B8, 39, 2A, 5C, 75]
.text C:\Windows\system32\wbem\wmiprvse.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 000000007760de88 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\wbem\wmiprvse.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007760de90 6 bytes [48, B8, B9, 26, 5C, 75]
.text C:\Windows\system32\wbem\wmiprvse.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 000000007760de98 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\wbem\wmiprvse.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007760df00 6 bytes [48, B8, 79, DE, 5C, 75]
.text C:\Windows\system32\wbem\wmiprvse.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000000007760df08 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\wbem\wmiprvse.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000000007760dfb0 4 bytes [48, B8, 39, 49]
.text C:\Windows\system32\wbem\wmiprvse.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 5 000000007760dfb5 1 byte [75]
.text ... * 2
.text C:\Windows\system32\wbem\wmiprvse.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007760e380 6 bytes [48, B8, 79, 40, 5D, 75]
.text C:\Windows\system32\wbem\wmiprvse.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 000000007760e388 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\wbem\wmiprvse.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 000000007760e3d0 6 bytes [48, B8, 79, 28, 5C, 75]
.text C:\Windows\system32\wbem\wmiprvse.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 000000007760e3d8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\wbem\wmiprvse.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007760e430 6 bytes [48, B8, F9, 24, 5C, 75]
.text C:\Windows\system32\wbem\wmiprvse.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 000000007760e438 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\wbem\wmiprvse.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007760e7a0 6 bytes [48, B8, 39, C4, 5C, 75]
.text C:\Windows\system32\wbem\wmiprvse.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 000000007760e7a8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\wbem\wmiprvse.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 000000007760e970 6 bytes [48, B8, 79, 32, 5D, 75]
.text C:\Windows\system32\wbem\wmiprvse.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 000000007760e978 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\wbem\wmiprvse.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 000000007760ece0 6 bytes [48, B8, 79, 83, 5C, 75]
.text C:\Windows\system32\wbem\wmiprvse.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 000000007760ece8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\wbem\wmiprvse.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007760eee0 6 bytes [48, B8, 39, 31, 5C, 75]
.text C:\Windows\system32\wbem\wmiprvse.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 000000007760eee8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\wbem\wmiprvse.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007760f0a0 6 bytes [48, B8, F9, C5, 5C, 75]
.text C:\Windows\system32\wbem\wmiprvse.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 000000007760f0a8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\wbem\wmiprvse.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007760f180 6 bytes [48, B8, 79, 3D, 5C, 75]
.text C:\Windows\system32\wbem\wmiprvse.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8 000000007760f188 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\wbem\wmiprvse.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007760f190 6 bytes [48, B8, B9, 3B, 5C, 75]
.text C:\Windows\system32\wbem\wmiprvse.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8 000000007760f198 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\wbem\wmiprvse.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007760f1a0 6 bytes [48, B8, 79, 47, 5D, 75]
.text C:\Windows\system32\wbem\wmiprvse.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 000000007760f1a8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\wbem\wmiprvse.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007760f280 6 bytes [48, B8, 39, 3B, 5D, 75]
.text C:\Windows\system32\wbem\wmiprvse.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 000000007760f288 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\wbem\wmiprvse.exe[3252] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 000000007767f0c1 11 bytes [B8, 39, 85, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[3252] C:\Windows\system32\kernel32.dll!Process32NextW + 1 00000000773a1b21 11 bytes [B8, B9, C0, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[3252] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 00000000773a1c10 12 bytes [48, B8, F9, 39, 5C, 75, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[3252] C:\Windows\system32\kernel32.dll!MoveFileExW + 1 00000000773a2b61 8 bytes [B8, B9, D5, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[3252] C:\Windows\system32\kernel32.dll!MoveFileExW + 10 00000000773a2b6a 2 bytes [50, C3]
.text C:\Windows\system32\wbem\wmiprvse.exe[3252] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 00000000773bdb10 12 bytes [48, B8, B9, 2D, 5C, 75, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[3252] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 00000000773c0951 11 bytes [B8, 79, 39, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[3252] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 00000000773f52c1 11 bytes [B8, B9, 7A, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[3252] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 00000000773f52e1 11 bytes [B8, 39, 77, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[3252] C:\Windows\system32\kernel32.dll!ReadConsoleW 000000007740a630 12 bytes [48, B8, B9, 81, 5C, 75, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[3252] C:\Windows\system32\kernel32.dll!ReadConsoleA 000000007740a740 12 bytes [48, B8, 39, 7E, 5C, 75, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[3252] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1 000000007742f4e1 11 bytes [B8, B9, DC, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[3252] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1 000000007742f6e1 11 bytes [B8, 39, D9, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[3252] C:\Windows\system32\kernel32.dll!MoveFileExA + 1 000000007742f711 8 bytes [B8, 39, D2, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[3252] C:\Windows\system32\kernel32.dll!MoveFileExA + 10 000000007742f71a 2 bytes [50, C3]
.text C:\Windows\system32\wbem\wmiprvse.exe[3252] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd681861 11 bytes [B8, 79, 52, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[3252] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd682db1 11 bytes [B8, 79, B4, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[3252] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd683461 11 bytes [B8, 39, B6, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[3252] C:\Windows\system32\KERNELBASE.dll!FindClose + 1 000007fefd6850d1 11 bytes [B8, 79, 0F, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[3252] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 000007fefd685370 12 bytes [48, B8, F9, 0B, 5D, 75, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[3252] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 000007fefd685eb1 11 bytes [B8, B9, 0D, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[3252] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd688f20 12 bytes [48, B8, B9, 50, 5C, 75, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[3252] C:\Windows\system32\KERNELBASE.dll!CreateWellKnownSid + 1 000007fefd6897a1 11 bytes [B8, B9, 30, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[3252] C:\Windows\system32\KERNELBASE.dll!DeviceIoControl + 1 000007fefd68a0e1 11 bytes [B8, 39, E0, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[3252] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd68aec0 12 bytes [48, B8, B9, B2, 5C, 75, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[3252] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd68ca31 11 bytes [B8, F9, B0, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[3252] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd6937d1 11 bytes [B8, F9, 4E, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[3252] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd6b4310 12 bytes [48, B8, B9, 42, 5C, 75, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[3252] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 000007fefd6c0bd1 11 bytes [B8, B9, CE, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[3252] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd6c2831 8 bytes [B8, 39, 23, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[3252] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd6c283a 2 bytes [50, C3]
.text C:\Windows\system32\wbem\wmiprvse.exe[3252] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd6c2871 11 bytes [B8, F9, 40, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[3252] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 1 000007feff07ae81 11 bytes [B8, B9, 29, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[3252] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 1 000007feff07aee1 11 bytes [B8, 39, 11, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[3252] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 1 000007feff07e6e9 11 bytes [B8, F9, 2E, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[3252] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 1 000007feff08048d 11 bytes [B8, F9, 12, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[3252] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 1 000007feff080579 11 bytes [B8, F9, 27, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[3252] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 1 000007feff0805b1 11 bytes [B8, 79, 2B, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[3252] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 73 000007feff0805f9 5 bytes [B8, 39, 2D, 5D, 75]
.text ... * 2
.text C:\Windows\system32\wbem\wmiprvse.exe[3252] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49 000007feff094e21 11 bytes [B8, F9, 4A, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[3252] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007feff095538 12 bytes [48, B8, B9, 6C, 5C, 75, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[3252] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 1 000007feff0ab9c1 7 bytes [B8, 79, 16, 5D, 75, 00, 00]
.text C:\Windows\system32\wbem\wmiprvse.exe[3252] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 10 000007feff0ab9ca 2 bytes [50, C3]
.text C:\Windows\system32\wbem\wmiprvse.exe[3252] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007feff0aba4c 12 bytes [48, B8, F9, 6A, 5C, 75, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[3252] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW 000007feff0abbc0 12 bytes [48, B8, 79, 60, 5C, 75, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[3252] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007feff0abc2c 12 bytes [48, B8, B9, 5E, 5C, 75, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[3252] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefdd3642d 11 bytes [B8, 39, 5B, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[3252] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefdd36484 12 bytes [48, B8, F9, 55, 5C, 75, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[3252] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefdd36519 11 bytes [B8, 39, 62, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[3252] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefdd36c34 12 bytes [48, B8, 39, 54, 5C, 75, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[3252] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefdd37ab5 11 bytes [B8, F9, 5C, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[3252] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefdd38b01 11 bytes [B8, B9, 57, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[3252] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefdd38c39 11 bytes [B8, 79, 59, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[3252] C:\Windows\system32\GDI32.dll!GdiDllInitialize + 349 000007fefe10b031 11 bytes [B8, 79, 4E, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[3252] C:\Windows\system32\GDI32.dll!SetBrushAttributes + 1 000007fefe124991 11 bytes [B8, F9, 20, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[3252] C:\Windows\system32\GDI32.dll!ClearBrushAttributes + 1 000007fefe1249b1 11 bytes [B8, B9, 22, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[3252] C:\Windows\system32\GDI32.dll!NamedEscape + 1 000007fefe139209 11 bytes [B8, 39, 26, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[3252] C:\Windows\system32\WS2_32.dll!WSASend + 1 000007fefdd513b1 11 bytes [B8, B9, AB, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[3252] C:\Windows\system32\WS2_32.dll!closesocket 000007fefdd518e0 12 bytes [48, B8, F9, A9, 5C, 75, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[3252] C:\Windows\system32\WS2_32.dll!WSASocketW + 1 000007fefdd51bd1 11 bytes [B8, 39, A8, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[3252] C:\Windows\system32\WS2_32.dll!WSARecv + 1 000007fefdd52201 11 bytes [B8, 39, 1F, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[3252] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 000007fefdd523c0 12 bytes [48, B8, 39, 8C, 5C, 75, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[3252] C:\Windows\system32\WS2_32.dll!connect 000007fefdd545c0 12 bytes [48, B8, 79, 67, 5C, 75, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[3252] C:\Windows\system32\WS2_32.dll!send + 1 000007fefdd58001 11 bytes [B8, 79, A6, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[3252] C:\Windows\system32\WS2_32.dll!gethostbyname 000007fefdd58df0 7 bytes [48, B8, B9, 8F, 5C, 75, 00]
.text C:\Windows\system32\wbem\wmiprvse.exe[3252] C:\Windows\system32\WS2_32.dll!gethostbyname + 9 000007fefdd58df9 3 bytes [00, 50, C3]
.text C:\Windows\system32\wbem\wmiprvse.exe[3252] C:\Windows\system32\WS2_32.dll!GetAddrInfoExW 000007fefdd5c090 12 bytes [48, B8, F9, 8D, 5C, 75, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[3252] C:\Windows\system32\WS2_32.dll!socket + 1 000007fefdd5de91 11 bytes [B8, 39, 18, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[3252] C:\Windows\system32\WS2_32.dll!recv + 1 000007fefdd5df41 11 bytes [B8, 79, 1D, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[3252] C:\Windows\system32\WS2_32.dll!WSAConnect + 1 000007fefdd7e0f1 11 bytes [B8, B9, 1B, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[3592] C:\Windows\system32\kernel32.dll!Process32NextW + 1 00000000773a1b21 11 bytes [B8, B9, C0, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[3592] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 00000000773a1c10 12 bytes [48, B8, F9, 39, 5C, 75, 00, ...]
.text C:\Windows\system32\svchost.exe[3592] C:\Windows\system32\kernel32.dll!MoveFileExW + 1 00000000773a2b61 8 bytes [B8, B9, D5, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[3592] C:\Windows\system32\kernel32.dll!MoveFileExW + 10 00000000773a2b6a 2 bytes [50, C3]
.text C:\Windows\system32\svchost.exe[3592] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 00000000773bdb10 12 bytes [48, B8, B9, 2D, 5C, 75, 00, ...]
.text C:\Windows\system32\svchost.exe[3592] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 00000000773c0951 11 bytes [B8, 79, 39, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[3592] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 00000000773f52c1 11 bytes [B8, B9, 7A, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[3592] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 00000000773f52e1 11 bytes [B8, 39, 77, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[3592] C:\Windows\system32\kernel32.dll!ReadConsoleW 000000007740a630 12 bytes [48, B8, B9, 81, 5C, 75, 00, ...]
.text C:\Windows\system32\svchost.exe[3592] C:\Windows\system32\kernel32.dll!ReadConsoleA 000000007740a740 12 bytes [48, B8, 39, 7E, 5C, 75, 00, ...]
.text C:\Windows\system32\svchost.exe[3592] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1 000000007742f4e1 11 bytes [B8, B9, DC, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[3592] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1 000000007742f6e1 11 bytes [B8, 39, D9, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[3592] C:\Windows\system32\kernel32.dll!MoveFileExA + 1 000000007742f711 8 bytes [B8, 39, D2, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[3592] C:\Windows\system32\kernel32.dll!MoveFileExA + 10 000000007742f71a 2 bytes [50, C3]
.text C:\Windows\system32\svchost.exe[3592] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd681861 11 bytes [B8, 79, 52, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[3592] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd682db1 11 bytes [B8, 79, B4, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[3592] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd683461 11 bytes [B8, 39, B6, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[3592] C:\Windows\system32\KERNELBASE.dll!FindClose + 1 000007fefd6850d1 11 bytes [B8, 79, 0F, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[3592] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 000007fefd685370 12 bytes [48, B8, F9, 0B, 5D, 75, 00, ...]
.text C:\Windows\system32\svchost.exe[3592] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 000007fefd685eb1 11 bytes [B8, B9, 0D, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[3592] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd688f20 12 bytes [48, B8, B9, 50, 5C, 75, 00, ...]
.text C:\Windows\system32\svchost.exe[3592] C:\Windows\system32\KERNELBASE.dll!CreateWellKnownSid + 1 000007fefd6897a1 11 bytes [B8, B9, 30, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[3592] C:\Windows\system32\KERNELBASE.dll!DeviceIoControl + 1 000007fefd68a0e1 11 bytes [B8, 39, E0, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[3592] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd68aec0 12 bytes [48, B8, B9, B2, 5C, 75, 00, ...]
.text C:\Windows\system32\svchost.exe[3592] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd68ca31 11 bytes [B8, F9, B0, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[3592] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd6937d1 11 bytes [B8, F9, 4E, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[3592] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd6b4310 12 bytes [48, B8, B9, 42, 5C, 75, 00, ...]
.text C:\Windows\system32\svchost.exe[3592] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 000007fefd6c0bd1 11 bytes [B8, B9, CE, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[3592] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd6c2831 8 bytes [B8, 39, 23, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[3592] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd6c283a 2 bytes [50, C3]
.text C:\Windows\system32\svchost.exe[3592] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd6c2871 11 bytes [B8, F9, 40, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[3592] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefdd3642d 11 bytes [B8, 39, 5B, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[3592] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefdd36484 12 bytes [48, B8, F9, 55, 5C, 75, 00, ...]
.text C:\Windows\system32\svchost.exe[3592] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefdd36519 11 bytes [B8, 39, 62, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[3592] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefdd36c34 12 bytes [48, B8, 39, 54, 5C, 75, 00, ...]
.text C:\Windows\system32\svchost.exe[3592] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefdd37ab5 11 bytes [B8, F9, 5C, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[3592] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefdd38b01 11 bytes [B8, B9, 57, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[3592] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefdd38c39 11 bytes [B8, 79, 59, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[3592] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 1 000007feff07ae81 11 bytes [B8, B9, 29, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[3592] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 1 000007feff07aee1 11 bytes [B8, 39, 11, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[3592] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 1 000007feff07e6e9 11 bytes [B8, F9, 2E, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[3592] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 1 000007feff08048d 11 bytes [B8, F9, 12, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[3592] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 1 000007feff080579 11 bytes [B8, F9, 27, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[3592] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 1 000007feff0805b1 11 bytes [B8, 79, 2B, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[3592] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 73 000007feff0805f9 5 bytes [B8, 39, 2D, 5D, 75]
.text ... * 2
.text C:\Windows\system32\svchost.exe[3592] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49 000007feff094e21 11 bytes [B8, B9, 45, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[3592] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007feff095538 12 bytes [48, B8, B9, 6C, 5C, 75, 00, ...]
.text C:\Windows\system32\svchost.exe[3592] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 1 000007feff0ab9c1 7 bytes [B8, 79, 16, 5D, 75, 00, 00]
.text C:\Windows\system32\svchost.exe[3592] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 10 000007feff0ab9ca 2 bytes [50, C3]
.text C:\Windows\system32\svchost.exe[3592] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007feff0aba4c 12 bytes [48, B8, F9, 6A, 5C, 75, 00, ...]
.text C:\Windows\system32\svchost.exe[3592] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW 000007feff0abbc0 12 bytes [48, B8, 79, 60, 5C, 75, 00, ...]
.text C:\Windows\system32\svchost.exe[3592] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007feff0abc2c 12 bytes [48, B8, B9, 5E, 5C, 75, 00, ...]
.text C:\Windows\system32\svchost.exe[3592] C:\Windows\system32\GDI32.dll!GdiDllInitialize + 349 000007fefe10b031 11 bytes [B8, 79, 47, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[3592] C:\Windows\system32\GDI32.dll!SetBrushAttributes + 1 000007fefe124991 11 bytes [B8, F9, 20, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[3592] C:\Windows\system32\GDI32.dll!ClearBrushAttributes + 1 000007fefe1249b1 11 bytes [B8, B9, 22, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[3592] C:\Windows\system32\GDI32.dll!NamedEscape + 1 000007fefe139209 11 bytes [B8, 39, 26, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[3592] C:\Windows\system32\WS2_32.dll!WSASend + 1 000007fefdd513b1 11 bytes [B8, B9, AB, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[3592] C:\Windows\system32\WS2_32.dll!closesocket 000007fefdd518e0 12 bytes [48, B8, F9, A9, 5C, 75, 00, ...]
.text C:\Windows\system32\svchost.exe[3592] C:\Windows\system32\WS2_32.dll!WSASocketW + 1 000007fefdd51bd1 11 bytes [B8, 39, A8, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[3592] C:\Windows\system32\WS2_32.dll!WSARecv + 1 000007fefdd52201 11 bytes [B8, 39, 1F, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[3592] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 000007fefdd523c0 12 bytes [48, B8, 39, 8C, 5C, 75, 00, ...]
.text C:\Windows\system32\svchost.exe[3592] C:\Windows\system32\WS2_32.dll!connect 000007fefdd545c0 12 bytes [48, B8, 79, 67, 5C, 75, 00, ...]
.text C:\Windows\system32\svchost.exe[3592] C:\Windows\system32\WS2_32.dll!send + 1 000007fefdd58001 11 bytes [B8, 79, A6, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[3592] C:\Windows\system32\WS2_32.dll!gethostbyname 000007fefdd58df0 7 bytes [48, B8, B9, 8F, 5C, 75, 00]
.text C:\Windows\system32\svchost.exe[3592] C:\Windows\system32\WS2_32.dll!gethostbyname + 9 000007fefdd58df9 3 bytes [00, 50, C3]
.text C:\Windows\system32\svchost.exe[3592] C:\Windows\system32\WS2_32.dll!GetAddrInfoExW 000007fefdd5c090 12 bytes [48, B8, F9, 8D, 5C, 75, 00, ...]
.text C:\Windows\system32\svchost.exe[3592] C:\Windows\system32\WS2_32.dll!socket + 1 000007fefdd5de91 11 bytes [B8, 39, 18, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[3592] C:\Windows\system32\WS2_32.dll!recv + 1 000007fefdd5df41 11 bytes [B8, 79, 1D, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[3592] C:\Windows\system32\WS2_32.dll!WSAConnect + 1 000007fefdd7e0f1 11 bytes [B8, B9, 1B, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\taskhost.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!RtlEqualSid + 1 00000000775e85e1 11 bytes [B8, B9, 37, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\taskhost.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 00000000775f6921 7 bytes [B8, 39, 69, 5C, 75, 00, 00]
.text C:\Windows\system32\taskhost.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 10 00000000775f692a 2 bytes [50, C3]
.text C:\Windows\system32\taskhost.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 000000007760da30 6 bytes [48, B8, B9, 45, 5D, 75]
.text C:\Windows\system32\taskhost.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 000000007760da38 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskhost.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007760daa0 6 bytes [48, B8, 79, C2, 5C, 75]
.text C:\Windows\system32\taskhost.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 000000007760daa8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskhost.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007760db70 6 bytes [48, B8, 39, AF, 5C, 75]
.text C:\Windows\system32\taskhost.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 000000007760db78 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskhost.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken 000000007760dbc0 6 bytes [48, B8, F9, 35, 5D, 75]
.text C:\Windows\system32\taskhost.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken + 8 000000007760dbc8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskhost.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007760dc10 6 bytes [48, B8, F9, 32, 5C, 75]
.text C:\Windows\system32\taskhost.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 000000007760dc18 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskhost.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007760dc30 6 bytes [48, B8, 39, 1C, 5C, 75]
.text C:\Windows\system32\taskhost.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000000007760dc38 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskhost.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007760dc50 6 bytes [48, B8, F9, 1D, 5C, 75]
.text C:\Windows\system32\taskhost.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 000000007760dc58 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskhost.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007760dc70 6 bytes [48, B8, 79, AD, 5C, 75]
.text C:\Windows\system32\taskhost.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 000000007760dc78 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskhost.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007760dd20 6 bytes [48, B8, F9, 43, 5D, 75]
.text C:\Windows\system32\taskhost.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 000000007760dd28 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskhost.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007760dd50 6 bytes [48, B8, 79, 2F, 5C, 75]
.text C:\Windows\system32\taskhost.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 000000007760dd58 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskhost.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007760dd70 6 bytes [48, B8, 79, 36, 5C, 75]
.text C:\Windows\system32\taskhost.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 000000007760dd78 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskhost.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007760ddc0 6 bytes [48, B8, 79, DE, 5C, 75]
.text C:\Windows\system32\taskhost.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken + 8 000000007760ddc8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskhost.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007760de00 6 bytes [48, B8, B9, 34, 5C, 75]
.text C:\Windows\system32\taskhost.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 000000007760de08 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskhost.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007760de30 6 bytes [48, B8, F9, 0B, 5D, 75]
.text C:\Windows\system32\taskhost.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 8 000000007760de38 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskhost.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007760de50 6 bytes [48, B8, 79, 47, 5D, 75]
.text C:\Windows\system32\taskhost.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 000000007760de58 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskhost.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 000000007760de80 6 bytes [48, B8, 39, 2A, 5C, 75]
.text C:\Windows\system32\taskhost.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 000000007760de88 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskhost.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007760de90 6 bytes [48, B8, B9, 26, 5C, 75]
.text C:\Windows\system32\taskhost.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 000000007760de98 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskhost.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007760df00 6 bytes [48, B8, 39, E0, 5C, 75]
.text C:\Windows\system32\taskhost.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000000007760df08 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskhost.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000000007760dfb0 4 bytes [48, B8, F9, 4A]
.text C:\Windows\system32\taskhost.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 5 000000007760dfb5 1 byte [75]
.text ... * 2
.text C:\Windows\system32\taskhost.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007760e380 6 bytes [48, B8, 39, 42, 5D, 75]
.text C:\Windows\system32\taskhost.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 000000007760e388 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskhost.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 000000007760e3d0 6 bytes [48, B8, 79, 28, 5C, 75]
.text C:\Windows\system32\taskhost.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 000000007760e3d8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskhost.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007760e430 6 bytes [48, B8, F9, 24, 5C, 75]
.text C:\Windows\system32\taskhost.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 000000007760e438 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskhost.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007760e7a0 6 bytes [48, B8, 39, C4, 5C, 75]
.text C:\Windows\system32\taskhost.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 000000007760e7a8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskhost.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 000000007760e970 6 bytes [48, B8, 39, 34, 5D, 75]
.text C:\Windows\system32\taskhost.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 000000007760e978 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskhost.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 000000007760ece0 6 bytes [48, B8, 79, 83, 5C, 75]
.text C:\Windows\system32\taskhost.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 000000007760ece8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskhost.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007760eee0 6 bytes [48, B8, 39, 31, 5C, 75]
.text C:\Windows\system32\taskhost.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 000000007760eee8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskhost.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007760f0a0 6 bytes [48, B8, F9, C5, 5C, 75]
.text C:\Windows\system32\taskhost.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 000000007760f0a8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskhost.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007760f180 6 bytes [48, B8, 79, 3D, 5C, 75]
.text C:\Windows\system32\taskhost.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8 000000007760f188 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskhost.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007760f190 6 bytes [48, B8, B9, 3B, 5C, 75]
.text C:\Windows\system32\taskhost.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8 000000007760f198 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskhost.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007760f1a0 6 bytes [48, B8, 39, 49, 5D, 75]
.text C:\Windows\system32\taskhost.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 000000007760f1a8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskhost.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007760f280 6 bytes [48, B8, F9, 3C, 5D, 75]
.text C:\Windows\system32\taskhost.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 000000007760f288 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskhost.exe[1860] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 000000007767f0c1 11 bytes [B8, 39, 85, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\taskhost.exe[1860] C:\Windows\system32\kernel32.dll!Process32NextW + 1 00000000773a1b21 11 bytes [B8, B9, C0, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\taskhost.exe[1860] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 00000000773a1c10 12 bytes [48, B8, F9, 39, 5C, 75, 00, ...]
.text C:\Windows\system32\taskhost.exe[1860] C:\Windows\system32\kernel32.dll!MoveFileExW + 1 00000000773a2b61 8 bytes [B8, B9, D5, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\taskhost.exe[1860] C:\Windows\system32\kernel32.dll!MoveFileExW + 10 00000000773a2b6a 2 bytes [50, C3]
.text C:\Windows\system32\taskhost.exe[1860] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 00000000773bdb10 12 bytes [48, B8, B9, 2D, 5C, 75, 00, ...]
.text C:\Windows\system32\taskhost.exe[1860] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 00000000773c0951 11 bytes [B8, 39, 3B, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\taskhost.exe[1860] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 00000000773f52c1 11 bytes [B8, B9, 7A, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\taskhost.exe[1860] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 00000000773f52e1 11 bytes [B8, 39, 77, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\taskhost.exe[1860] C:\Windows\system32\kernel32.dll!ReadConsoleW 000000007740a630 12 bytes [48, B8, B9, 81, 5C, 75, 00, ...]
.text C:\Windows\system32\taskhost.exe[1860] C:\Windows\system32\kernel32.dll!ReadConsoleA 000000007740a740 12 bytes [48, B8, 39, 7E, 5C, 75, 00, ...]
.text C:\Windows\system32\taskhost.exe[1860] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1 000000007742f4e1 11 bytes [B8, B9, DC, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\taskhost.exe[1860] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1 000000007742f6e1 11 bytes [B8, 39, D9, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\taskhost.exe[1860] C:\Windows\system32\kernel32.dll!MoveFileExA + 1 000000007742f711 8 bytes [B8, 39, D2, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\taskhost.exe[1860] C:\Windows\system32\kernel32.dll!MoveFileExA + 10 000000007742f71a 2 bytes [50, C3]
.text C:\Windows\system32\taskhost.exe[1860] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd681861 11 bytes [B8, 79, 52, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\taskhost.exe[1860] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd682db1 11 bytes [B8, 79, B4, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\taskhost.exe[1860] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd683461 11 bytes [B8, 39, B6, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\taskhost.exe[1860] C:\Windows\system32\KERNELBASE.dll!FindClose + 1 000007fefd6850d1 11 bytes [B8, 39, 11, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\taskhost.exe[1860] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 000007fefd685370 12 bytes [48, B8, B9, 0D, 5D, 75, 00, ...]
.text C:\Windows\system32\taskhost.exe[1860] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 000007fefd685eb1 11 bytes [B8, 79, 0F, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\taskhost.exe[1860] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd688f20 12 bytes [48, B8, B9, 50, 5C, 75, 00, ...]
.text C:\Windows\system32\taskhost.exe[1860] C:\Windows\system32\KERNELBASE.dll!CreateWellKnownSid + 1 000007fefd6897a1 11 bytes [B8, 79, 32, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\taskhost.exe[1860] C:\Windows\system32\KERNELBASE.dll!DeviceIoControl + 1 000007fefd68a0e1 11 bytes [B8, F9, E1, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\taskhost.exe[1860] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd68aec0 12 bytes [48, B8, B9, B2, 5C, 75, 00, ...]
.text C:\Windows\system32\taskhost.exe[1860] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd68ca31 11 bytes [B8, F9, B0, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\taskhost.exe[1860] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd6937d1 11 bytes [B8, F9, 4E, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\taskhost.exe[1860] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd6b4310 12 bytes [48, B8, B9, 42, 5C, 75, 00, ...]
.text C:\Windows\system32\taskhost.exe[1860] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 000007fefd6c0bd1 11 bytes [B8, B9, CE, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\taskhost.exe[1860] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd6c2831 8 bytes [B8, 39, 23, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\taskhost.exe[1860] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd6c283a 2 bytes [50, C3]
.text C:\Windows\system32\taskhost.exe[1860] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd6c2871 11 bytes [B8, F9, 40, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\taskhost.exe[1860] C:\Windows\system32\GDI32.dll!GdiDllInitialize + 349 000007fefe10b031 11 bytes [B8, B9, 4C, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\taskhost.exe[1860] C:\Windows\system32\GDI32.dll!SetBrushAttributes + 1 000007fefe124991 11 bytes [B8, B9, 22, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\taskhost.exe[1860] C:\Windows\system32\GDI32.dll!ClearBrushAttributes + 1 000007fefe1249b1 11 bytes [B8, 79, 24, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\taskhost.exe[1860] C:\Windows\system32\GDI32.dll!NamedEscape + 1 000007fefe139209 11 bytes [B8, F9, 27, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\taskhost.exe[1860] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefdd3642d 11 bytes [B8, 39, 5B, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\taskhost.exe[1860] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefdd36484 12 bytes [48, B8, F9, 55, 5C, 75, 00, ...]
.text C:\Windows\system32\taskhost.exe[1860] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefdd36519 11 bytes [B8, 39, 62, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\taskhost.exe[1860] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefdd36c34 12 bytes [48, B8, 39, 54, 5C, 75, 00, ...]
.text C:\Windows\system32\taskhost.exe[1860] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefdd37ab5 11 bytes [B8, F9, 5C, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\taskhost.exe[1860] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefdd38b01 11 bytes [B8, B9, 57, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\taskhost.exe[1860] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefdd38c39 11 bytes [B8, 79, 59, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\taskhost.exe[1860] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 1 000007feff07ae81 11 bytes [B8, 79, 2B, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\taskhost.exe[1860] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 1 000007feff07aee1 11 bytes [B8, F9, 12, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\taskhost.exe[1860] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 1 000007feff07e6e9 11 bytes [B8, B9, 30, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\taskhost.exe[1860] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 1 000007feff08048d 11 bytes [B8, B9, 14, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\taskhost.exe[1860] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 1 000007feff080579 11 bytes [B8, B9, 29, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\taskhost.exe[1860] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 1 000007feff0805b1 11 bytes [B8, 39, 2D, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\taskhost.exe[1860] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 73 000007feff0805f9 5 bytes [B8, F9, 2E, 5D, 75]
.text ...
|
|
05.12.2015, 19:07
| #9 |
| /// TB-Schüler | Win7: Fehler 5 u.a. / "Kaputtoptimiert" Teil 10: Code:
ATTFilter * 2
.text C:\Windows\system32\taskhost.exe[1860] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49 000007feff094e21 11 bytes [B8, 39, 50, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\taskhost.exe[1860] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007feff095538 12 bytes [48, B8, B9, 6C, 5C, 75, 00, ...]
.text C:\Windows\system32\taskhost.exe[1860] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 1 000007feff0ab9c1 7 bytes [B8, 39, 18, 5D, 75, 00, 00]
.text C:\Windows\system32\taskhost.exe[1860] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 10 000007feff0ab9ca 2 bytes [50, C3]
.text C:\Windows\system32\taskhost.exe[1860] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007feff0aba4c 12 bytes [48, B8, F9, 6A, 5C, 75, 00, ...]
.text C:\Windows\system32\taskhost.exe[1860] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW 000007feff0abbc0 12 bytes [48, B8, 79, 60, 5C, 75, 00, ...]
.text C:\Windows\system32\taskhost.exe[1860] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007feff0abc2c 12 bytes [48, B8, B9, 5E, 5C, 75, 00, ...]
.text C:\Windows\system32\taskhost.exe[1860] C:\Windows\system32\wininet.dll!InternetCloseHandle + 1 000007feff3bb1c1 11 bytes [B8, 39, 0A, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\taskhost.exe[1860] C:\Windows\system32\wininet.dll!HttpOpenRequestW + 1 000007feff3bc6d1 11 bytes [B8, F9, F6, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\taskhost.exe[1860] C:\Windows\system32\wininet.dll!InternetConnectW + 1 000007feff3c29b1 11 bytes [B8, 79, F3, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\taskhost.exe[1860] C:\Windows\system32\wininet.dll!HttpSendRequestW + 1 000007feff3c3ba1 11 bytes [B8, 79, FA, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\taskhost.exe[1860] C:\Windows\system32\wininet.dll!InternetReadFile + 1 000007feff3c4c81 11 bytes [B8, 79, E5, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\taskhost.exe[1860] C:\Windows\system32\wininet.dll!InternetOpenW + 1 000007feff3fddc1 11 bytes [B8, F9, E8, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\taskhost.exe[1860] C:\Windows\system32\wininet.dll!InternetOpenA 000007feff3fdf60 12 bytes [48, B8, 39, E7, 5C, 75, 00, ...]
.text C:\Windows\system32\taskhost.exe[1860] C:\Windows\system32\wininet.dll!HttpSendRequestExW + 1 000007feff40c461 11 bytes [B8, F9, FD, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\taskhost.exe[1860] C:\Windows\system32\wininet.dll!InternetWriteFile + 1 000007feff40c921 11 bytes [B8, B9, E3, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\taskhost.exe[1860] C:\Windows\system32\wininet.dll!HttpSendRequestA + 1 000007feff44f691 11 bytes [B8, B9, F8, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\taskhost.exe[1860] C:\Windows\system32\wininet.dll!InternetConnectA + 1 000007feff4ae9b1 11 bytes [B8, B9, F1, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\taskhost.exe[1860] C:\Windows\system32\wininet.dll!InternetOpenUrlA + 1 000007feff4aeda1 11 bytes [B8, B9, EA, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\taskhost.exe[1860] C:\Windows\system32\wininet.dll!InternetOpenUrlW + 1 000007feff4afa51 11 bytes [B8, 79, EC, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\taskhost.exe[1860] C:\Windows\system32\wininet.dll!FtpGetFileA 000007feff4c0360 12 bytes [48, B8, 39, 03, 5D, 75, 00, ...]
.text C:\Windows\system32\taskhost.exe[1860] C:\Windows\system32\wininet.dll!FtpOpenFileA + 1 000007feff4c0811 11 bytes [B8, 39, EE, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\taskhost.exe[1860] C:\Windows\system32\wininet.dll!FtpPutFileA 000007feff4c08f0 12 bytes [48, B8, B9, 06, 5D, 75, 00, ...]
.text C:\Windows\system32\taskhost.exe[1860] C:\Windows\system32\wininet.dll!FtpGetFileW + 1 000007feff4c4261 11 bytes [B8, F9, 04, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\taskhost.exe[1860] C:\Windows\system32\wininet.dll!FtpOpenFileW + 1 000007feff4c4371 11 bytes [B8, F9, EF, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\taskhost.exe[1860] C:\Windows\system32\wininet.dll!FtpPutFileW + 1 000007feff4c4571 11 bytes [B8, 79, 08, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\taskhost.exe[1860] C:\Windows\system32\wininet.dll!HttpSendRequestExA + 1 000007feff4d8751 11 bytes [B8, 39, FC, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\taskhost.exe[1860] C:\Windows\system32\wininet.dll!HttpOpenRequestA + 1 000007feff4db221 11 bytes [B8, 39, F5, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\rundll32.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!RtlEqualSid + 1 00000000775e85e1 11 bytes [B8, B9, 37, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\rundll32.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 00000000775f6921 7 bytes [B8, F9, 6A, 5C, 75, 00, 00]
.text C:\Windows\system32\rundll32.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 10 00000000775f692a 2 bytes [50, C3]
.text C:\Windows\system32\rundll32.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 000000007760da30 6 bytes [48, B8, B9, 45, 5D, 75]
.text C:\Windows\system32\rundll32.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 000000007760da38 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\rundll32.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007760daa0 6 bytes [48, B8, 79, C2, 5C, 75]
.text C:\Windows\system32\rundll32.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 000000007760daa8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\rundll32.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007760db70 6 bytes [48, B8, F9, B0, 5C, 75]
.text C:\Windows\system32\rundll32.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 000000007760db78 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\rundll32.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken 000000007760dbc0 6 bytes [48, B8, F9, 35, 5D, 75]
.text C:\Windows\system32\rundll32.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken + 8 000000007760dbc8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\rundll32.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007760dc10 6 bytes [48, B8, B9, 34, 5C, 75]
.text C:\Windows\system32\rundll32.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 000000007760dc18 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\rundll32.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007760dc30 6 bytes [48, B8, 39, 1C, 5C, 75]
.text C:\Windows\system32\rundll32.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000000007760dc38 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\rundll32.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007760dc50 6 bytes [48, B8, F9, 1D, 5C, 75]
.text C:\Windows\system32\rundll32.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 000000007760dc58 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\rundll32.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007760dc70 6 bytes [48, B8, 39, AF, 5C, 75]
.text C:\Windows\system32\rundll32.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 000000007760dc78 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\rundll32.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007760dd20 6 bytes [48, B8, F9, 43, 5D, 75]
.text C:\Windows\system32\rundll32.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 000000007760dd28 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\rundll32.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007760dd50 6 bytes [48, B8, 39, 31, 5C, 75]
.text C:\Windows\system32\rundll32.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 000000007760dd58 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\rundll32.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007760dd70 6 bytes [48, B8, 39, 38, 5C, 75]
.text C:\Windows\system32\rundll32.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 000000007760dd78 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\rundll32.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007760ddc0 6 bytes [48, B8, 79, DE, 5C, 75]
.text C:\Windows\system32\rundll32.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken + 8 000000007760ddc8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\rundll32.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007760de00 6 bytes [48, B8, 79, 36, 5C, 75]
.text C:\Windows\system32\rundll32.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 000000007760de08 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\rundll32.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007760de30 6 bytes [48, B8, F9, 0B, 5D, 75]
.text C:\Windows\system32\rundll32.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 8 000000007760de38 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\rundll32.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007760de50 6 bytes [48, B8, 79, 47, 5D, 75]
.text C:\Windows\system32\rundll32.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 000000007760de58 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\rundll32.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 000000007760de80 6 bytes [48, B8, F9, 2B, 5C, 75]
.text C:\Windows\system32\rundll32.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 000000007760de88 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\rundll32.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007760de90 6 bytes [48, B8, 79, 28, 5C, 75]
.text C:\Windows\system32\rundll32.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 000000007760de98 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\rundll32.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007760df00 6 bytes [48, B8, 39, E0, 5C, 75]
.text C:\Windows\system32\rundll32.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000000007760df08 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\rundll32.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000000007760dfb0 4 bytes [48, B8, F9, 4A]
.text C:\Windows\system32\rundll32.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 5 000000007760dfb5 1 byte [75]
.text ... * 2
.text C:\Windows\system32\rundll32.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007760e380 6 bytes [48, B8, 39, 42, 5D, 75]
.text C:\Windows\system32\rundll32.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 000000007760e388 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\rundll32.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 000000007760e3d0 6 bytes [48, B8, 39, 2A, 5C, 75]
.text C:\Windows\system32\rundll32.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 000000007760e3d8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\rundll32.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007760e430 6 bytes [48, B8, B9, 26, 5C, 75]
.text C:\Windows\system32\rundll32.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 000000007760e438 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\rundll32.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007760e7a0 6 bytes [48, B8, 39, C4, 5C, 75]
.text C:\Windows\system32\rundll32.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 000000007760e7a8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\rundll32.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 000000007760e970 6 bytes [48, B8, 39, 34, 5D, 75]
.text C:\Windows\system32\rundll32.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 000000007760e978 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\rundll32.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 000000007760ece0 6 bytes [48, B8, 39, 85, 5C, 75]
.text C:\Windows\system32\rundll32.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 000000007760ece8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\rundll32.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007760eee0 6 bytes [48, B8, F9, 32, 5C, 75]
.text C:\Windows\system32\rundll32.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 000000007760eee8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\rundll32.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007760f0a0 6 bytes [48, B8, F9, C5, 5C, 75]
.text C:\Windows\system32\rundll32.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 000000007760f0a8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\rundll32.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007760f180 6 bytes [48, B8, 39, 3F, 5C, 75]
.text C:\Windows\system32\rundll32.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8 000000007760f188 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\rundll32.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007760f190 6 bytes [48, B8, 79, 3D, 5C, 75]
.text C:\Windows\system32\rundll32.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8 000000007760f198 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\rundll32.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007760f1a0 6 bytes [48, B8, 39, 49, 5D, 75]
.text C:\Windows\system32\rundll32.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 000000007760f1a8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\rundll32.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007760f280 6 bytes [48, B8, F9, 3C, 5D, 75]
.text C:\Windows\system32\rundll32.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 000000007760f288 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\rundll32.exe[1664] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 000000007767f0c1 11 bytes [B8, F9, 86, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\rundll32.exe[1664] C:\Windows\system32\kernel32.dll!Process32NextW + 1 00000000773a1b21 11 bytes [B8, B9, C0, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\rundll32.exe[1664] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 00000000773a1c10 12 bytes [48, B8, B9, 3B, 5C, 75, 00, ...]
.text C:\Windows\system32\rundll32.exe[1664] C:\Windows\system32\kernel32.dll!MoveFileExW + 1 00000000773a2b61 8 bytes [B8, B9, D5, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\rundll32.exe[1664] C:\Windows\system32\kernel32.dll!MoveFileExW + 10 00000000773a2b6a 2 bytes [50, C3]
.text C:\Windows\system32\rundll32.exe[1664] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 00000000773bdb10 12 bytes [48, B8, 79, 2F, 5C, 75, 00, ...]
.text C:\Windows\system32\rundll32.exe[1664] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 00000000773c0951 11 bytes [B8, 39, 3B, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\rundll32.exe[1664] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 00000000773f52c1 11 bytes [B8, 79, 7C, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\rundll32.exe[1664] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 00000000773f52e1 11 bytes [B8, F9, 78, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\rundll32.exe[1664] C:\Windows\system32\kernel32.dll!ReadConsoleW 000000007740a630 12 bytes [48, B8, 79, 83, 5C, 75, 00, ...]
.text C:\Windows\system32\rundll32.exe[1664] C:\Windows\system32\kernel32.dll!ReadConsoleA 000000007740a740 12 bytes [48, B8, F9, 7F, 5C, 75, 00, ...]
.text C:\Windows\system32\rundll32.exe[1664] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1 000000007742f4e1 11 bytes [B8, B9, DC, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\rundll32.exe[1664] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1 000000007742f6e1 11 bytes [B8, 39, D9, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\rundll32.exe[1664] C:\Windows\system32\kernel32.dll!MoveFileExA + 1 000000007742f711 8 bytes [B8, 39, D2, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\rundll32.exe[1664] C:\Windows\system32\kernel32.dll!MoveFileExA + 10 000000007742f71a 2 bytes [50, C3]
.text C:\Windows\system32\rundll32.exe[1664] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd681861 11 bytes [B8, 39, 54, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\rundll32.exe[1664] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd682db1 11 bytes [B8, 79, B4, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\rundll32.exe[1664] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd683461 11 bytes [B8, 39, B6, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\rundll32.exe[1664] C:\Windows\system32\KERNELBASE.dll!FindClose + 1 000007fefd6850d1 11 bytes [B8, 39, 11, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\rundll32.exe[1664] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 000007fefd685370 12 bytes [48, B8, B9, 0D, 5D, 75, 00, ...]
.text C:\Windows\system32\rundll32.exe[1664] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 000007fefd685eb1 11 bytes [B8, 79, 0F, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\rundll32.exe[1664] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd688f20 12 bytes [48, B8, 79, 52, 5C, 75, 00, ...]
.text C:\Windows\system32\rundll32.exe[1664] C:\Windows\system32\KERNELBASE.dll!CreateWellKnownSid + 1 000007fefd6897a1 11 bytes [B8, 79, 32, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\rundll32.exe[1664] C:\Windows\system32\KERNELBASE.dll!DeviceIoControl + 1 000007fefd68a0e1 11 bytes [B8, F9, E1, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\rundll32.exe[1664] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd68aec0 12 bytes [48, B8, B9, 1F, 5C, 75, 00, ...]
.text C:\Windows\system32\rundll32.exe[1664] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd68ca31 11 bytes [B8, B9, B2, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\rundll32.exe[1664] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd6937d1 11 bytes [B8, B9, 50, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\rundll32.exe[1664] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd6b4310 12 bytes [48, B8, 79, 44, 5C, 75, 00, ...]
.text C:\Windows\system32\rundll32.exe[1664] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 000007fefd6c0bd1 11 bytes [B8, B9, CE, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\rundll32.exe[1664] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd6c2831 8 bytes [B8, F9, 24, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\rundll32.exe[1664] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd6c283a 2 bytes [50, C3]
.text C:\Windows\system32\rundll32.exe[1664] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd6c2871 11 bytes [B8, B9, 42, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\rundll32.exe[1664] C:\Windows\system32\GDI32.dll!GdiDllInitialize + 349 000007fefe10b031 11 bytes [B8, 79, 4E, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\rundll32.exe[1664] C:\Windows\system32\GDI32.dll!SetBrushAttributes + 1 000007fefe124991 11 bytes [B8, B9, 22, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\rundll32.exe[1664] C:\Windows\system32\GDI32.dll!ClearBrushAttributes + 1 000007fefe1249b1 11 bytes [B8, 79, 24, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\rundll32.exe[1664] C:\Windows\system32\GDI32.dll!NamedEscape + 1 000007fefe139209 11 bytes [B8, F9, 27, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\rundll32.exe[1664] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 1 000007feff07ae81 11 bytes [B8, 79, 2B, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\rundll32.exe[1664] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 1 000007feff07aee1 11 bytes [B8, F9, 12, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\rundll32.exe[1664] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 1 000007feff07e6e9 11 bytes [B8, B9, 30, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\rundll32.exe[1664] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 1 000007feff08048d 11 bytes [B8, B9, 14, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\rundll32.exe[1664] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 1 000007feff080579 11 bytes [B8, B9, 29, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\rundll32.exe[1664] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 1 000007feff0805b1 11 bytes [B8, 39, 2D, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\rundll32.exe[1664] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 73 000007feff0805f9 5 bytes [B8, F9, 2E, 5D, 75]
.text ... * 2
.text C:\Windows\system32\rundll32.exe[1664] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49 000007feff094e21 11 bytes [B8, 39, 50, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\rundll32.exe[1664] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007feff095538 12 bytes [48, B8, 79, 6E, 5C, 75, 00, ...]
.text C:\Windows\system32\rundll32.exe[1664] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 1 000007feff0ab9c1 7 bytes [B8, 39, 18, 5D, 75, 00, 00]
.text C:\Windows\system32\rundll32.exe[1664] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 10 000007feff0ab9ca 2 bytes [50, C3]
.text C:\Windows\system32\rundll32.exe[1664] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007feff0aba4c 12 bytes [48, B8, B9, 6C, 5C, 75, 00, ...]
.text C:\Windows\system32\rundll32.exe[1664] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW 000007feff0abbc0 12 bytes [48, B8, 39, 62, 5C, 75, 00, ...]
.text C:\Windows\system32\rundll32.exe[1664] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007feff0abc2c 12 bytes [48, B8, 79, 60, 5C, 75, 00, ...]
.text C:\Windows\system32\rundll32.exe[1664] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefdd3642d 11 bytes [B8, F9, 5C, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\rundll32.exe[1664] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefdd36484 12 bytes [48, B8, B9, 57, 5C, 75, 00, ...]
.text C:\Windows\system32\rundll32.exe[1664] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefdd36519 11 bytes [B8, F9, 63, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\rundll32.exe[1664] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefdd36c34 12 bytes [48, B8, F9, 55, 5C, 75, 00, ...]
.text C:\Windows\system32\rundll32.exe[1664] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefdd37ab5 11 bytes [B8, B9, 5E, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\rundll32.exe[1664] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefdd38b01 11 bytes [B8, 79, 59, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\rundll32.exe[1664] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefdd38c39 11 bytes [B8, 39, 5B, 5C, 75, 00, 00, ...]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!RtlEqualSid + 1 00000000775e85e1 11 bytes [B8, B9, 37, 5D, 75, 00, 00, ...]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 00000000775f6921 7 bytes [B8, 39, 69, 5C, 75, 00, 00]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 10 00000000775f692a 2 bytes [50, C3]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 000000007760da30 6 bytes [48, B8, B9, 45, 5D, 75]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 000000007760da38 4 bytes [00, 00, 50, C3]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007760daa0 6 bytes [48, B8, 79, C2, 5C, 75]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 000000007760daa8 4 bytes [00, 00, 50, C3]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007760db70 6 bytes [48, B8, 39, AF, 5C, 75]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 000000007760db78 4 bytes [00, 00, 50, C3]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken 000000007760dbc0 6 bytes [48, B8, F9, 35, 5D, 75]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken + 8 000000007760dbc8 4 bytes [00, 00, 50, C3]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007760dc10 6 bytes [48, B8, F9, 32, 5C, 75]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 000000007760dc18 4 bytes [00, 00, 50, C3]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007760dc30 6 bytes [48, B8, 39, 1C, 5C, 75]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000000007760dc38 4 bytes [00, 00, 50, C3]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007760dc50 6 bytes [48, B8, F9, 1D, 5C, 75]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 000000007760dc58 4 bytes [00, 00, 50, C3]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007760dc70 6 bytes [48, B8, 79, AD, 5C, 75]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 000000007760dc78 4 bytes [00, 00, 50, C3]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007760dd20 6 bytes [48, B8, F9, 43, 5D, 75]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 000000007760dd28 4 bytes [00, 00, 50, C3]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007760dd50 6 bytes [48, B8, 79, 2F, 5C, 75]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 000000007760dd58 4 bytes [00, 00, 50, C3]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007760dd70 6 bytes [48, B8, 79, 36, 5C, 75]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 000000007760dd78 4 bytes [00, 00, 50, C3]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007760ddc0 6 bytes [48, B8, 79, DE, 5C, 75]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken + 8 000000007760ddc8 4 bytes [00, 00, 50, C3]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007760de00 6 bytes [48, B8, B9, 34, 5C, 75]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 000000007760de08 4 bytes [00, 00, 50, C3]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007760de30 6 bytes [48, B8, F9, 0B, 5D, 75]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 8 000000007760de38 4 bytes [00, 00, 50, C3]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007760de50 6 bytes [48, B8, 79, 47, 5D, 75]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 000000007760de58 4 bytes [00, 00, 50, C3]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 000000007760de80 6 bytes [48, B8, 39, 2A, 5C, 75]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 000000007760de88 4 bytes [00, 00, 50, C3]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007760de90 6 bytes [48, B8, B9, 26, 5C, 75]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 000000007760de98 4 bytes [00, 00, 50, C3]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007760df00 6 bytes [48, B8, 39, E0, 5C, 75]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000000007760df08 4 bytes [00, 00, 50, C3]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000000007760dfb0 4 bytes [48, B8, F9, 4A]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 5 000000007760dfb5 1 byte [75]
.text ... * 2
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007760e380 6 bytes [48, B8, 39, 42, 5D, 75]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 000000007760e388 4 bytes [00, 00, 50, C3]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 000000007760e3d0 6 bytes [48, B8, 79, 28, 5C, 75]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 000000007760e3d8 4 bytes [00, 00, 50, C3]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007760e430 6 bytes [48, B8, F9, 24, 5C, 75]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 000000007760e438 4 bytes [00, 00, 50, C3]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007760e7a0 6 bytes [48, B8, 39, C4, 5C, 75]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 000000007760e7a8 4 bytes [00, 00, 50, C3]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 000000007760e970 6 bytes [48, B8, 39, 34, 5D, 75]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 000000007760e978 4 bytes [00, 00, 50, C3]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 000000007760ece0 6 bytes [48, B8, 79, 83, 5C, 75]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 000000007760ece8 4 bytes [00, 00, 50, C3]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007760eee0 6 bytes [48, B8, 39, 31, 5C, 75]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 000000007760eee8 4 bytes [00, 00, 50, C3]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007760f0a0 6 bytes [48, B8, F9, C5, 5C, 75]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 000000007760f0a8 4 bytes [00, 00, 50, C3]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007760f180 6 bytes [48, B8, 79, 3D, 5C, 75]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8 000000007760f188 4 bytes [00, 00, 50, C3]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007760f190 6 bytes [48, B8, B9, 3B, 5C, 75]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8 000000007760f198 4 bytes [00, 00, 50, C3]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007760f1a0 6 bytes [48, B8, 39, 49, 5D, 75]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 000000007760f1a8 4 bytes [00, 00, 50, C3]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007760f280 6 bytes [48, B8, F9, 3C, 5D, 75]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 000000007760f288 4 bytes [00, 00, 50, C3]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 000000007767f0c1 11 bytes [B8, 39, 85, 5C, 75, 00, 00, ...]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\system32\KERNEL32.dll!Process32NextW + 1 00000000773a1b21 11 bytes [B8, B9, C0, 5C, 75, 00, 00, ...]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\system32\KERNEL32.dll!CreateToolhelp32Snapshot 00000000773a1c10 12 bytes [48, B8, F9, 39, 5C, 75, 00, ...]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\system32\KERNEL32.dll!MoveFileExW + 1 00000000773a2b61 8 bytes [B8, B9, D5, 5C, 75, 00, 00, ...]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\system32\KERNEL32.dll!MoveFileExW + 10 00000000773a2b6a 2 bytes [50, C3]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\system32\KERNEL32.dll!CreateProcessInternalW 00000000773bdb10 12 bytes [48, B8, B9, 2D, 5C, 75, 00, ...]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\system32\KERNEL32.dll!GetStartupInfoA + 1 00000000773c0951 11 bytes [B8, 39, 3B, 5D, 75, 00, 00, ...]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\system32\KERNEL32.dll!ReadConsoleInputW + 1 00000000773f52c1 11 bytes [B8, B9, 7A, 5C, 75, 00, 00, ...]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\system32\KERNEL32.dll!ReadConsoleInputA + 1 00000000773f52e1 11 bytes [B8, 39, 77, 5C, 75, 00, 00, ...]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\system32\KERNEL32.dll!ReadConsoleW 000000007740a630 12 bytes [48, B8, B9, 81, 5C, 75, 00, ...]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\system32\KERNEL32.dll!ReadConsoleA 000000007740a740 12 bytes [48, B8, 39, 7E, 5C, 75, 00, ...]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\system32\KERNEL32.dll!MoveFileWithProgressW + 1 000000007742f4e1 11 bytes [B8, B9, DC, 5C, 75, 00, 00, ...]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\system32\KERNEL32.dll!MoveFileWithProgressA + 1 000000007742f6e1 11 bytes [B8, 39, D9, 5C, 75, 00, 00, ...]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\system32\KERNEL32.dll!MoveFileExA + 1 000000007742f711 8 bytes [B8, 39, D2, 5C, 75, 00, 00, ...]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\system32\KERNEL32.dll!MoveFileExA + 10 000000007742f71a 2 bytes [50, C3]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd681861 11 bytes [B8, 79, 52, 5C, 75, 00, 00, ...]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd682db1 11 bytes [B8, 79, B4, 5C, 75, 00, 00, ...]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd683461 11 bytes [B8, 39, B6, 5C, 75, 00, 00, ...]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\system32\KERNELBASE.dll!FindClose + 1 000007fefd6850d1 11 bytes [B8, 39, 11, 5D, 75, 00, 00, ...]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 000007fefd685370 12 bytes [48, B8, B9, 0D, 5D, 75, 00, ...]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 000007fefd685eb1 11 bytes [B8, 79, 0F, 5D, 75, 00, 00, ...]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd688f20 12 bytes [48, B8, B9, 50, 5C, 75, 00, ...]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\system32\KERNELBASE.dll!CreateWellKnownSid + 1 000007fefd6897a1 11 bytes [B8, 79, 32, 5D, 75, 00, 00, ...]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\system32\KERNELBASE.dll!DeviceIoControl + 1 000007fefd68a0e1 11 bytes [B8, F9, E1, 5C, 75, 00, 00, ...]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd68aec0 12 bytes [48, B8, B9, B2, 5C, 75, 00, ...]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd68ca31 11 bytes [B8, F9, B0, 5C, 75, 00, 00, ...]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd6937d1 11 bytes [B8, F9, 4E, 5C, 75, 00, 00, ...]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd6b4310 12 bytes [48, B8, B9, 42, 5C, 75, 00, ...]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 000007fefd6c0bd1 11 bytes [B8, B9, CE, 5C, 75, 00, 00, ...]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd6c2831 8 bytes [B8, 39, 23, 5C, 75, 00, 00, ...]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd6c283a 2 bytes [50, C3]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd6c2871 11 bytes [B8, F9, 40, 5C, 75, 00, 00, ...]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 1 000007feff07ae81 11 bytes [B8, 79, 2B, 5D, 75, 00, 00, ...]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 1 000007feff07aee1 11 bytes [B8, F9, 12, 5D, 75, 00, 00, ...]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 1 000007feff07e6e9 11 bytes [B8, B9, 30, 5D, 75, 00, 00, ...]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 1 000007feff08048d 11 bytes [B8, B9, 14, 5D, 75, 00, 00, ...]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 1 000007feff080579 11 bytes [B8, B9, 29, 5D, 75, 00, 00, ...]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 1 000007feff0805b1 11 bytes [B8, 39, 2D, 5D, 75, 00, 00, ...]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 73 000007feff0805f9 5 bytes [B8, F9, 2E, 5D, 75]
.text ... * 2
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49 000007feff094e21 11 bytes [B8, B9, 4C, 5D, 75, 00, 00, ...]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007feff095538 12 bytes [48, B8, B9, 6C, 5C, 75, 00, ...]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 1 000007feff0ab9c1 7 bytes [B8, 39, 18, 5D, 75, 00, 00]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 10 000007feff0ab9ca 2 bytes [50, C3]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007feff0aba4c 12 bytes [48, B8, F9, 6A, 5C, 75, 00, ...]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW 000007feff0abbc0 12 bytes [48, B8, 79, 60, 5C, 75, 00, ...]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007feff0abc2c 12 bytes [48, B8, B9, 5E, 5C, 75, 00, ...]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefdd3642d 11 bytes [B8, 39, 5B, 5C, 75, 00, 00, ...]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefdd36484 12 bytes [48, B8, F9, 55, 5C, 75, 00, ...]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefdd36519 11 bytes [B8, 39, 62, 5C, 75, 00, 00, ...]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefdd36c34 12 bytes [48, B8, 39, 54, 5C, 75, 00, ...]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefdd37ab5 11 bytes [B8, F9, 5C, 5C, 75, 00, 00, ...]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefdd38b01 11 bytes [B8, B9, 57, 5C, 75, 00, 00, ...]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefdd38c39 11 bytes [B8, 79, 59, 5C, 75, 00, 00, ...]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\system32\GDI32.dll!GdiDllInitialize + 349 000007fefe10b031 11 bytes [B8, 79, 4E, 5D, 75, 00, 00, ...]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\system32\GDI32.dll!SetBrushAttributes + 1 000007fefe124991 11 bytes [B8, B9, 22, 5D, 75, 00, 00, ...]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\system32\GDI32.dll!ClearBrushAttributes + 1 000007fefe1249b1 11 bytes [B8, 79, 24, 5D, 75, 00, 00, ...]
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[3636] C:\Windows\system32\GDI32.dll!NamedEscape + 1 000007fefe139209 11 bytes [B8, F9, 27, 5D, 75, 00, 00, ...]
.text C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[3392] C:\Windows\system32\kernel32.dll!Process32NextW + 1 00000000773a1b21 11 bytes [B8, B9, C0, 5C, 75, 00, 00, ...]
.text C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[3392] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 00000000773a1c10 12 bytes [48, B8, F9, 39, 5C, 75, 00, ...]
.text C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[3392] C:\Windows\system32\kernel32.dll!MoveFileExW + 1 00000000773a2b61 8 bytes [B8, B9, D5, 5C, 75, 00, 00, ...]
.text C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[3392] C:\Windows\system32\kernel32.dll!MoveFileExW + 10 00000000773a2b6a 2 bytes [50, C3]
.text C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[3392] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 00000000773bdb10 12 bytes [48, B8, B9, 2D, 5C, 75, 00, ...]
.text C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[3392] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 00000000773c0951 11 bytes [B8, 39, 3B, 5D, 75, 00, 00, ...]
.text C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[3392] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 00000000773f52c1 11 bytes [B8, B9, 7A, 5C, 75, 00, 00, ...]
.text C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[3392] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 00000000773f52e1 11 bytes [B8, 39, 77, 5C, 75, 00, 00, ...]
.text C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[3392] C:\Windows\system32\kernel32.dll!ReadConsoleW 000000007740a630 12 bytes [48, B8, B9, 81, 5C, 75, 00, ...]
.text C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[3392] C:\Windows\system32\kernel32.dll!ReadConsoleA 000000007740a740 12 bytes [48, B8, 39, 7E, 5C, 75, 00, ...]
.text C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[3392] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1 000000007742f4e1 11 bytes [B8, B9, DC, 5C, 75, 00, 00, ...]
.text C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[3392] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1 000000007742f6e1 11 bytes [B8, 39, D9, 5C, 75, 00, 00, ...]
.text C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[3392] C:\Windows\system32\kernel32.dll!MoveFileExA + 1 000000007742f711 8 bytes [B8, 39, D2, 5C, 75, 00, 00, ...]
.text C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[3392] C:\Windows\system32\kernel32.dll!MoveFileExA + 10 000000007742f71a 2 bytes [50, C3]
.text C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[3392] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd681861 11 bytes [B8, 79, 52, 5C, 75, 00, 00, ...]
.text C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[3392] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd682db1 11 bytes [B8, 79, B4, 5C, 75, 00, 00, ...]
.text C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[3392] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd683461 11 bytes [B8, 39, B6, 5C, 75, 00, 00, ...]
.text C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[3392] C:\Windows\system32\KERNELBASE.dll!FindClose + 1 000007fefd6850d1 11 bytes [B8, 39, 11, 5D, 75, 00, 00, ...]
.text C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[3392] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 000007fefd685370 12 bytes [48, B8, B9, 0D, 5D, 75, 00, ...]
.text C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[3392] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 000007fefd685eb1 11 bytes [B8, 79, 0F, 5D, 75, 00, 00, ...]
.text C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[3392] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd688f20 12 bytes [48, B8, B9, 50, 5C, 75, 00, ...]
.text C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[3392] C:\Windows\system32\KERNELBASE.dll!CreateWellKnownSid + 1 000007fefd6897a1 11 bytes [B8, 79, 32, 5D, 75, 00, 00, ...]
.text C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[3392] C:\Windows\system32\KERNELBASE.dll!DeviceIoControl + 1 000007fefd68a0e1 11 bytes [B8, F9, E1, 5C, 75, 00, 00, ...]
.text C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[3392] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd68aec0 12 bytes [48, B8, B9, B2, 5C, 75, 00, ...]
.text C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[3392] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd68ca31 11 bytes [B8, F9, B0, 5C, 75, 00, 00, ...]
.text C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[3392] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd6937d1 11 bytes [B8, F9, 4E, 5C, 75, 00, 00, ...]
.text C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[3392] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd6b4310 12 bytes [48, B8, B9, 42, 5C, 75, 00, ...]
.text C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[3392] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 000007fefd6c0bd1 11 bytes [B8, B9, CE, 5C, 75, 00, 00, ...]
.text C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[3392] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd6c2831 8 bytes [B8, 39, 23, 5C, 75, 00, 00, ...]
.text C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[3392] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd6c283a 2 bytes [50, C3]
.text C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[3392] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd6c2871 11 bytes [B8, F9, 40, 5C, 75, 00, 00, ...]
.text C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[3392] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 1 000007feff07ae81 11 bytes [B8, 79, 2B, 5D, 75, 00, 00, ...]
.text C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[3392] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 1 000007feff07aee1 11 bytes [B8, F9, 12, 5D, 75, 00, 00, ...]
.text C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[3392] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 1 000007feff07e6e9 11 bytes [B8, B9, 30, 5D, 75, 00, 00, ...]
.text C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[3392] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 1 000007feff08048d 11 bytes [B8, B9, 14, 5D, 75, 00, 00, ...]
.text C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[3392] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 1 000007feff080579 11 bytes [B8, B9, 29, 5D, 75, 00, 00, ...]
.text C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[3392] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 1 000007feff0805b1 11 bytes [B8, 39, 2D, 5D, 75, 00, 00, ...]
.text C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[3392] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 73 000007feff0805f9 5 bytes [B8, F9, 2E, 5D, 75]
.text ... * 2
.text C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[3392] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49 000007feff094e21 11 bytes [B8, B9, 4C, 5D, 75, 00, 00, ...]
.text C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[3392] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007feff095538 12 bytes [48, B8, B9, 6C, 5C, 75, 00, ...]
.text C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[3392] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 1 000007feff0ab9c1 7 bytes [B8, 39, 18, 5D, 75, 00, 00]
.text C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[3392] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 10 000007feff0ab9ca 2 bytes [50, C3]
.text C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[3392] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007feff0aba4c 12 bytes [48, B8, F9, 6A, 5C, 75, 00, ...]
.text C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[3392] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW 000007feff0abbc0 12 bytes [48, B8, 79, 60, 5C, 75, 00, ...]
.text C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[3392] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007feff0abc2c 12 bytes [48, B8, B9, 5E, 5C, 75, 00, ...]
.text C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[3392] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefdd3642d 11 bytes [B8, 39, 5B, 5C, 75, 00, 00, ...]
.text C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[3392] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefdd36484 12 bytes [48, B8, F9, 55, 5C, 75, 00, ...]
.text C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[3392] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefdd36519 11 bytes [B8, 39, 62, 5C, 75, 00, 00, ...]
.text C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[3392] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefdd36c34 12 bytes [48, B8, 39, 54, 5C, 75, 00, ...]
.text C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[3392] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefdd37ab5 11 bytes [B8, F9, 5C, 5C, 75, 00, 00, ...]
.text C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[3392] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefdd38b01 11 bytes [B8, B9, 57, 5C, 75, 00, 00, ...]
.text C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[3392] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefdd38c39 11 bytes [B8, 79, 59, 5C, 75, 00, 00, ...]
.text C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[3392] C:\Windows\system32\GDI32.dll!GdiDllInitialize + 349 000007fefe10b031 11 bytes [B8, 39, 50, 5D, 75, 00, 00, ...]
.text C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[3392] C:\Windows\system32\GDI32.dll!SetBrushAttributes + 1 000007fefe124991 11 bytes [B8, B9, 22, 5D, 75, 00, 00, ...]
.text C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[3392] C:\Windows\system32\GDI32.dll!ClearBrushAttributes + 1 000007fefe1249b1 11 bytes [B8, 79, 24, 5D, 75, 00, 00, ...]
.text C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[3392] C:\Windows\system32\GDI32.dll!NamedEscape + 1 000007fefe139209 11 bytes [B8, F9, 27, 5D, 75, 00, 00, ...]
.text C:\Windows\Explorer.EXE[3788] C:\Windows\SYSTEM32\ntdll.dll!RtlEqualSid + 1 00000000775e85e1 11 bytes [B8, B9, C7, 5C, 75, 00, 00, ...]
.text C:\Windows\Explorer.EXE[3788] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 00000000775f6921 7 bytes [B8, F9, 55, 5C, 75, 00, 00]
.text C:\Windows\Explorer.EXE[3788] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 10 00000000775f692a 2 bytes [50, C3]
.text C:\Windows\Explorer.EXE[3788] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007760db70 6 bytes [48, B8, F9, 5C, 5C, 75]
.text C:\Windows\Explorer.EXE[3788] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 000000007760db78 4 bytes [00, 00, 50, C3]
.text C:\Windows\Explorer.EXE[3788] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken 000000007760dbc0 6 bytes [48, B8, F9, C5, 5C, 75]
.text C:\Windows\Explorer.EXE[3788] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken + 8 000000007760dbc8 4 bytes [00, 00, 50, C3]
.text C:\Windows\Explorer.EXE[3788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007760dc10 6 bytes [48, B8, F9, 32, 5C, 75]
.text C:\Windows\Explorer.EXE[3788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 000000007760dc18 4 bytes [00, 00, 50, C3]
.text C:\Windows\Explorer.EXE[3788] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007760dc30 6 bytes [48, B8, 39, 1C, 5C, 75]
.text C:\Windows\Explorer.EXE[3788] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000000007760dc38 4 bytes [00, 00, 50, C3]
.text C:\Windows\Explorer.EXE[3788] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007760dc50 6 bytes [48, B8, F9, 1D, 5C, 75]
.text C:\Windows\Explorer.EXE[3788] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 000000007760dc58 4 bytes [00, 00, 50, C3]
.text C:\Windows\Explorer.EXE[3788] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007760dc70 6 bytes [48, B8, 39, 5B, 5C, 75]
.text C:\Windows\Explorer.EXE[3788] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 000000007760dc78 4 bytes [00, 00, 50, C3]
.text C:\Windows\Explorer.EXE[3788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007760dd20 6 bytes [48, B8, 79, D7, 5C, 75]
.text C:\Windows\Explorer.EXE[3788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 000000007760dd28 4 bytes [00, 00, 50, C3]
.text C:\Windows\Explorer.EXE[3788] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007760dd50 6 bytes [48, B8, 79, 2F, 5C, 75]
.text C:\Windows\Explorer.EXE[3788] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 000000007760dd58 4 bytes [00, 00, 50, C3]
.text C:\Windows\Explorer.EXE[3788] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007760dd70 6 bytes [48, B8, 79, 36, 5C, 75]
.text C:\Windows\Explorer.EXE[3788] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 000000007760dd78 4 bytes [00, 00, 50, C3]
.text C:\Windows\Explorer.EXE[3788] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007760ddc0 6 bytes [48, B8, F9, 71, 5C, 75]
.text C:\Windows\Explorer.EXE[3788] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken + 8 000000007760ddc8 4 bytes [00, 00, 50, C3]
.text C:\Windows\Explorer.EXE[3788] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007760de00 6 bytes [48, B8, B9, 34, 5C, 75]
.text C:\Windows\Explorer.EXE[3788] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 000000007760de08 4 bytes [00, 00, 50, C3]
.text C:\Windows\Explorer.EXE[3788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007760de30 6 bytes [48, B8, B9, A4, 5C, 75]
.text C:\Windows\Explorer.EXE[3788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 8 000000007760de38 4 bytes [00, 00, 50, C3]
.text C:\Windows\Explorer.EXE[3788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007760de50 6 bytes [48, B8, 39, D9, 5C, 75]
.text C:\Windows\Explorer.EXE[3788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 000000007760de58 4 bytes [00, 00, 50, C3]
.text C:\Windows\Explorer.EXE[3788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 000000007760de80 6 bytes [48, B8, 39, 2A, 5C, 75]
.text C:\Windows\Explorer.EXE[3788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 000000007760de88 4 bytes [00, 00, 50, C3]
.text C:\Windows\Explorer.EXE[3788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007760de90 6 bytes [48, B8, B9, 26, 5C, 75]
.text C:\Windows\Explorer.EXE[3788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 000000007760de98 4 bytes [00, 00, 50, C3]
.text C:\Windows\Explorer.EXE[3788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007760df00 6 bytes [48, B8, B9, 73, 5C, 75]
.text C:\Windows\Explorer.EXE[3788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000000007760df08 4 bytes [00, 00, 50, C3]
.text C:\Windows\Explorer.EXE[3788] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000000007760dfb0 6 bytes [48, B8, B9, DC, 5C, 75]
.text C:\Windows\Explorer.EXE[3788] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 000000007760dfb8 4 bytes [00, 00, 50, C3]
.text C:\Windows\Explorer.EXE[3788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007760e380 6 bytes [48, B8, B9, D5, 5C, 75]
.text C:\Windows\Explorer.EXE[3788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 000000007760e388 4 bytes [00, 00, 50, C3]
.text C:\Windows\Explorer.EXE[3788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 000000007760e3d0 6 bytes [48, B8, 79, 28, 5C, 75]
.text C:\Windows\Explorer.EXE[3788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 000000007760e3d8 4 bytes [00, 00, 50, C3]
.text C:\Windows\Explorer.EXE[3788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007760e430 6 bytes [48, B8, F9, 24, 5C, 75]
.text C:\Windows\Explorer.EXE[3788] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 000000007760e438 4 bytes [00, 00, 50, C3]
.text C:\Windows\Explorer.EXE[3788] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007760e7a0 6 bytes [48, B8, B9, 5E, 5C, 75]
.text C:\Windows\Explorer.EXE[3788] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 000000007760e7a8 4 bytes [00, 00, 50, C3]
.text C:\Windows\Explorer.EXE[3788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 000000007760e970 6 bytes [48, B8, 39, C4, 5C, 75]
.text C:\Windows\Explorer.EXE[3788] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 000000007760e978 4 bytes [00, 00, 50, C3]
.text C:\Windows\Explorer.EXE[3788] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007760eee0 6 bytes [48, B8, 39, 31, 5C, 75]
.text C:\Windows\Explorer.EXE[3788] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 000000007760eee8 4 bytes [00, 00, 50, C3]
.text C:\Windows\Explorer.EXE[3788] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007760f0a0 6 bytes [48, B8, 79, 60, 5C, 75]
.text C:\Windows\Explorer.EXE[3788] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 000000007760f0a8 4 bytes [00, 00, 50, C3]
.text C:\Windows\Explorer.EXE[3788] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007760f180 6 bytes [48, B8, 79, 3D, 5C, 75]
.text C:\Windows\Explorer.EXE[3788] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8 000000007760f188 4 bytes [00, 00, 50, C3]
.text C:\Windows\Explorer.EXE[3788] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007760f190 6 bytes [48, B8, B9, 3B, 5C, 75]
.text C:\Windows\Explorer.EXE[3788] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8 000000007760f198 4 bytes [00, 00, 50, C3]
.text C:\Windows\Explorer.EXE[3788] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007760f1a0 6 bytes [48, B8, F9, DA, 5C, 75]
.text C:\Windows\Explorer.EXE[3788] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 000000007760f1a8 4 bytes [00, 00, 50, C3]
.text C:\Windows\Explorer.EXE[3788] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007760f280 6 bytes [48, B8, F9, CC, 5C, 75]
.text C:\Windows\Explorer.EXE[3788] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 000000007760f288 4 bytes [00, 00, 50, C3]
.text C:\Windows\Explorer.EXE[3788] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 00000000773a1c10 12 bytes [48, B8, F9, 39, 5C, 75, 00, ...]
.text C:\Windows\Explorer.EXE[3788] C:\Windows\system32\kernel32.dll!MoveFileExW + 1 00000000773a2b61 8 bytes [B8, 39, 69, 5C, 75, 00, 00, ...]
.text C:\Windows\Explorer.EXE[3788] C:\Windows\system32\kernel32.dll!MoveFileExW + 10 00000000773a2b6a 2 bytes [50, C3]
.text C:\Windows\Explorer.EXE[3788] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 00000000773bdb10 12 bytes [48, B8, B9, 2D, 5C, 75, 00, ...]
.text C:\Windows\Explorer.EXE[3788] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 00000000773c0951 11 bytes [B8, 39, CB, 5C, 75, 00, 00, ...]
.text C:\Windows\Explorer.EXE[3788] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1 000000007742f4e1 11 bytes [B8, 39, 70, 5C, 75, 00, 00, ...]
.text C:\Windows\Explorer.EXE[3788] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1 000000007742f6e1 11 bytes [B8, B9, 6C, 5C, 75, 00, 00, ...]
.text C:\Windows\Explorer.EXE[3788] C:\Windows\system32\kernel32.dll!MoveFileExA + 1 000000007742f711 8 bytes [B8, B9, 65, 5C, 75, 00, 00, ...]
.text C:\Windows\Explorer.EXE[3788] C:\Windows\system32\kernel32.dll!MoveFileExA + 10 000000007742f71a 2 bytes [50, C3]
.text C:\Windows\Explorer.EXE[3788] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd683461 11 bytes [B8, 39, 77, 5C, 75, 00, 00, ...]
.text C:\Windows\Explorer.EXE[3788] C:\Windows\system32\KERNELBASE.dll!FindClose + 1 000007fefd6850d1 11 bytes [B8, F9, A9, 5C, 75, 00, 00, ...]
.text C:\Windows\Explorer.EXE[3788] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 000007fefd685370 12 bytes [48, B8, 79, A6, 5C, 75, 00, ...]
.text C:\Windows\Explorer.EXE[3788] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 000007fefd685eb1 11 bytes [B8, 39, A8, 5C, 75, 00, 00, ...]
.text C:\Windows\Explorer.EXE[3788] C:\Windows\system32\KERNELBASE.dll!CreateWellKnownSid + 1 000007fefd6897a1 11 bytes [B8, 79, C2, 5C, 75, 00, 00, ...]
.text C:\Windows\Explorer.EXE[3788] C:\Windows\system32\KERNELBASE.dll!DeviceIoControl + 1 000007fefd68a0e1 11 bytes [B8, 79, 75, 5C, 75, 00, 00, ...]
.text C:\Windows\Explorer.EXE[3788] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd68aec0 12 bytes [48, B8, 39, B6, 5C, 75, 00, ...]
.text C:\Windows\Explorer.EXE[3788] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd6b4310 12 bytes [48, B8, B9, 42, 5C, 75, 00, ...]
.text C:\Windows\Explorer.EXE[3788] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 000007fefd6c0bd1 11 bytes [B8, 39, 62, 5C, 75, 00, 00, ...]
.text C:\Windows\Explorer.EXE[3788] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd6c2831 8 bytes [B8, 39, 23, 5C, 75, 00, 00, ...]
.text C:\Windows\Explorer.EXE[3788] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd6c283a 2 bytes [50, C3]
.text C:\Windows\Explorer.EXE[3788] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd6c2871 11 bytes [B8, F9, 40, 5C, 75, 00, 00, ...]
.text C:\Windows\Explorer.EXE[3788] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 1 000007feff07ae81 11 bytes [B8, 79, BB, 5C, 75, 00, 00, ...]
.text C:\Windows\Explorer.EXE[3788] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 1 000007feff07aee1 11 bytes [B8, B9, AB, 5C, 75, 00, 00, ...]
.text C:\Windows\Explorer.EXE[3788] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 1 000007feff07e6e9 11 bytes [B8, B9, C0, 5C, 75, 00, 00, ...]
.text C:\Windows\Explorer.EXE[3788] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 1 000007feff08048d 11 bytes [B8, 79, AD, 5C, 75, 00, 00, ...]
.text C:\Windows\Explorer.EXE[3788] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 1 000007feff080579 11 bytes [B8, B9, B9, 5C, 75, 00, 00, ...]
.text C:\Windows\Explorer.EXE[3788] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 1 000007feff0805b1 11 bytes [B8, 39, BD, 5C, 75, 00, 00, ...]
.text C:\Windows\Explorer.EXE[3788] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 73 000007feff0805f9 5 bytes [B8, F9, BE, 5C, 75]
.text ...
|
|
05.12.2015, 19:09
| #10 |
| /// TB-Schüler | Win7: Fehler 5 u.a. / "Kaputtoptimiert" Teil 11: Code:
ATTFilter * 2
.text C:\Windows\Explorer.EXE[3788] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49 000007feff094e21 11 bytes [B8, 79, DE, 5C, 75, 00, 00, ...]
.text C:\Windows\Explorer.EXE[3788] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007feff095538 12 bytes [48, B8, 79, 59, 5C, 75, 00, ...]
.text C:\Windows\Explorer.EXE[3788] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 1 000007feff0ab9c1 7 bytes [B8, F9, B0, 5C, 75, 00, 00]
.text C:\Windows\Explorer.EXE[3788] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 10 000007feff0ab9ca 2 bytes [50, C3]
.text C:\Windows\Explorer.EXE[3788] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007feff0aba4c 12 bytes [48, B8, B9, 57, 5C, 75, 00, ...]
.text C:\Windows\Explorer.EXE[3788] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW 000007feff0abbc0 12 bytes [48, B8, B9, 50, 5C, 75, 00, ...]
.text C:\Windows\Explorer.EXE[3788] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007feff0abc2c 12 bytes [48, B8, F9, 4E, 5C, 75, 00, ...]
.text C:\Windows\Explorer.EXE[3788] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefdd3642d 11 bytes [B8, 79, 4B, 5C, 75, 00, 00, ...]
.text C:\Windows\Explorer.EXE[3788] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefdd36484 12 bytes [48, B8, 39, 46, 5C, 75, 00, ...]
.text C:\Windows\Explorer.EXE[3788] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefdd36519 11 bytes [B8, 79, 52, 5C, 75, 00, 00, ...]
.text C:\Windows\Explorer.EXE[3788] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefdd36c34 12 bytes [48, B8, 79, 44, 5C, 75, 00, ...]
.text C:\Windows\Explorer.EXE[3788] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefdd37ab5 11 bytes [B8, 39, 4D, 5C, 75, 00, 00, ...]
.text C:\Windows\Explorer.EXE[3788] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefdd38b01 11 bytes [B8, F9, 47, 5C, 75, 00, 00, ...]
.text C:\Windows\Explorer.EXE[3788] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefdd38c39 11 bytes [B8, B9, 49, 5C, 75, 00, 00, ...]
.text C:\Windows\Explorer.EXE[3788] C:\Windows\system32\GDI32.dll!GdiDllInitialize + 349 000007fefe10b031 11 bytes [B8, 39, E0, 5C, 75, 00, 00, ...]
.text C:\Windows\Explorer.EXE[3788] C:\Windows\system32\GDI32.dll!SetBrushAttributes + 1 000007fefe124991 11 bytes [B8, B9, B2, 5C, 75, 00, 00, ...]
.text C:\Windows\Explorer.EXE[3788] C:\Windows\system32\GDI32.dll!ClearBrushAttributes + 1 000007fefe1249b1 11 bytes [B8, 79, B4, 5C, 75, 00, 00, ...]
.text C:\Windows\Explorer.EXE[3788] C:\Windows\system32\GDI32.dll!NamedEscape + 1 000007fefe139209 11 bytes [B8, F9, B7, 5C, 75, 00, 00, ...]
.text C:\Windows\Explorer.EXE[3788] C:\Windows\system32\urlmon.dll!URLDownloadToCacheFileW 000007feff634460 12 bytes [48, B8, 39, 9A, 5C, 75, 00, ...]
.text C:\Windows\Explorer.EXE[3788] C:\Windows\system32\urlmon.dll!URLDownloadToFileW + 1 000007feff65ede1 11 bytes [B8, B9, 96, 5C, 75, 00, 00, ...]
.text C:\Windows\Explorer.EXE[3788] C:\Windows\system32\urlmon.dll!URLDownloadToCacheFileA 000007feff6e1170 12 bytes [48, B8, 79, 98, 5C, 75, 00, ...]
.text C:\Windows\Explorer.EXE[3788] C:\Windows\system32\urlmon.dll!URLDownloadToFileA 000007feff6e12f0 12 bytes [48, B8, F9, 94, 5C, 75, 00, ...]
.text C:\Windows\Explorer.EXE[3788] C:\Windows\system32\WININET.dll!InternetCloseHandle + 1 000007feff3bb1c1 11 bytes [B8, F9, A2, 5C, 75, 00, 00, ...]
.text C:\Windows\Explorer.EXE[3788] C:\Windows\system32\WININET.dll!HttpOpenRequestW + 1 000007feff3bc6d1 11 bytes [B8, 39, 8C, 5C, 75, 00, 00, ...]
.text C:\Windows\Explorer.EXE[3788] C:\Windows\system32\WININET.dll!InternetConnectW + 1 000007feff3c29b1 11 bytes [B8, B9, 88, 5C, 75, 00, 00, ...]
.text C:\Windows\Explorer.EXE[3788] C:\Windows\system32\WININET.dll!HttpSendRequestW + 1 000007feff3c3ba1 11 bytes [B8, B9, 8F, 5C, 75, 00, 00, ...]
.text C:\Windows\Explorer.EXE[3788] C:\Windows\system32\WININET.dll!InternetReadFile + 1 000007feff3c4c81 11 bytes [B8, B9, 7A, 5C, 75, 00, 00, ...]
.text C:\Windows\Explorer.EXE[3788] C:\Windows\system32\WININET.dll!InternetOpenW + 1 000007feff3fddc1 11 bytes [B8, 39, 7E, 5C, 75, 00, 00, ...]
.text C:\Windows\Explorer.EXE[3788] C:\Windows\system32\WININET.dll!InternetOpenA 000007feff3fdf60 12 bytes [48, B8, 79, 7C, 5C, 75, 00, ...]
.text C:\Windows\Explorer.EXE[3788] C:\Windows\system32\WININET.dll!HttpSendRequestExW + 1 000007feff40c461 11 bytes [B8, 39, 93, 5C, 75, 00, 00, ...]
.text C:\Windows\Explorer.EXE[3788] C:\Windows\system32\WININET.dll!InternetWriteFile + 1 000007feff40c921 11 bytes [B8, F9, 78, 5C, 75, 00, 00, ...]
.text C:\Windows\Explorer.EXE[3788] C:\Windows\system32\WININET.dll!HttpSendRequestA + 1 000007feff44f691 11 bytes [B8, F9, 8D, 5C, 75, 00, 00, ...]
.text C:\Windows\Explorer.EXE[3788] C:\Windows\system32\WININET.dll!InternetConnectA + 1 000007feff4ae9b1 11 bytes [B8, F9, 86, 5C, 75, 00, 00, ...]
.text C:\Windows\Explorer.EXE[3788] C:\Windows\system32\WININET.dll!InternetOpenUrlA + 1 000007feff4aeda1 11 bytes [B8, F9, 7F, 5C, 75, 00, 00, ...]
.text C:\Windows\Explorer.EXE[3788] C:\Windows\system32\WININET.dll!InternetOpenUrlW + 1 000007feff4afa51 11 bytes [B8, B9, 81, 5C, 75, 00, 00, ...]
.text C:\Windows\Explorer.EXE[3788] C:\Windows\system32\WININET.dll!FtpGetFileA 000007feff4c0360 12 bytes [48, B8, F9, 9B, 5C, 75, 00, ...]
.text C:\Windows\Explorer.EXE[3788] C:\Windows\system32\WININET.dll!FtpOpenFileA + 1 000007feff4c0811 11 bytes [B8, 79, 83, 5C, 75, 00, 00, ...]
.text C:\Windows\Explorer.EXE[3788] C:\Windows\system32\WININET.dll!FtpPutFileA 000007feff4c08f0 12 bytes [48, B8, 79, 9F, 5C, 75, 00, ...]
.text C:\Windows\Explorer.EXE[3788] C:\Windows\system32\WININET.dll!FtpGetFileW + 1 000007feff4c4261 11 bytes [B8, B9, 9D, 5C, 75, 00, 00, ...]
.text C:\Windows\Explorer.EXE[3788] C:\Windows\system32\WININET.dll!FtpOpenFileW + 1 000007feff4c4371 11 bytes [B8, 39, 85, 5C, 75, 00, 00, ...]
.text C:\Windows\Explorer.EXE[3788] C:\Windows\system32\WININET.dll!FtpPutFileW + 1 000007feff4c4571 11 bytes [B8, 39, A1, 5C, 75, 00, 00, ...]
.text C:\Windows\Explorer.EXE[3788] C:\Windows\system32\WININET.dll!HttpSendRequestExA + 1 000007feff4d8751 11 bytes [B8, 79, 91, 5C, 75, 00, 00, ...]
.text C:\Windows\Explorer.EXE[3788] C:\Windows\system32\WININET.dll!HttpOpenRequestA + 1 000007feff4db221 11 bytes [B8, 79, 8A, 5C, 75, 00, 00, ...]
.text C:\Windows\Explorer.EXE[3788] C:\Windows\system32\WS2_32.dll!connect 000007fefdd545c0 12 bytes [48, B8, 39, 54, 5C, 75, 00, ...]
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!RtlEqualSid + 1 00000000775e85e1 11 bytes [B8, B9, 37, 5D, 75, 00, 00, ...]
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 00000000775f6921 7 bytes [B8, 39, 69, 5C, 75, 00, 00]
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 10 00000000775f692a 2 bytes [50, C3]
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 000000007760da30 6 bytes [48, B8, B9, 45, 5D, 75]
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 000000007760da38 4 bytes [00, 00, 50, C3]
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007760daa0 6 bytes [48, B8, 79, C2, 5C, 75]
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 000000007760daa8 4 bytes [00, 00, 50, C3]
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007760db70 6 bytes [48, B8, 39, AF, 5C, 75]
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 000000007760db78 4 bytes [00, 00, 50, C3]
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken 000000007760dbc0 6 bytes [48, B8, F9, 35, 5D, 75]
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken + 8 000000007760dbc8 4 bytes [00, 00, 50, C3]
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007760dc10 6 bytes [48, B8, F9, 32, 5C, 75]
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 000000007760dc18 4 bytes [00, 00, 50, C3]
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007760dc30 6 bytes [48, B8, 39, 1C, 5C, 75]
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000000007760dc38 4 bytes [00, 00, 50, C3]
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007760dc50 6 bytes [48, B8, F9, 1D, 5C, 75]
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 000000007760dc58 4 bytes [00, 00, 50, C3]
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007760dc70 6 bytes [48, B8, 79, AD, 5C, 75]
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 000000007760dc78 4 bytes [00, 00, 50, C3]
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007760dd20 6 bytes [48, B8, F9, 43, 5D, 75]
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 000000007760dd28 4 bytes [00, 00, 50, C3]
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007760dd50 6 bytes [48, B8, 79, 2F, 5C, 75]
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 000000007760dd58 4 bytes [00, 00, 50, C3]
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007760dd70 6 bytes [48, B8, 79, 36, 5C, 75]
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 000000007760dd78 4 bytes [00, 00, 50, C3]
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007760ddc0 6 bytes [48, B8, 79, DE, 5C, 75]
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken + 8 000000007760ddc8 4 bytes [00, 00, 50, C3]
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007760de00 6 bytes [48, B8, B9, 34, 5C, 75]
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 000000007760de08 4 bytes [00, 00, 50, C3]
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007760de30 6 bytes [48, B8, F9, 0B, 5D, 75]
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 8 000000007760de38 4 bytes [00, 00, 50, C3]
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007760de50 6 bytes [48, B8, 79, 47, 5D, 75]
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 000000007760de58 4 bytes [00, 00, 50, C3]
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 000000007760de80 6 bytes [48, B8, 39, 2A, 5C, 75]
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 000000007760de88 4 bytes [00, 00, 50, C3]
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007760de90 6 bytes [48, B8, B9, 26, 5C, 75]
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 000000007760de98 4 bytes [00, 00, 50, C3]
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007760df00 6 bytes [48, B8, 39, E0, 5C, 75]
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000000007760df08 4 bytes [00, 00, 50, C3]
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000000007760dfb0 4 bytes [48, B8, F9, 4A]
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 5 000000007760dfb5 1 byte [75]
.text ... * 2
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007760e380 6 bytes [48, B8, 39, 42, 5D, 75]
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 000000007760e388 4 bytes [00, 00, 50, C3]
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 000000007760e3d0 6 bytes [48, B8, 79, 28, 5C, 75]
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 000000007760e3d8 4 bytes [00, 00, 50, C3]
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007760e430 6 bytes [48, B8, F9, 24, 5C, 75]
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 000000007760e438 4 bytes [00, 00, 50, C3]
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007760e7a0 6 bytes [48, B8, 39, C4, 5C, 75]
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 000000007760e7a8 4 bytes [00, 00, 50, C3]
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 000000007760e970 6 bytes [48, B8, 39, 34, 5D, 75]
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 000000007760e978 4 bytes [00, 00, 50, C3]
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 000000007760ece0 6 bytes [48, B8, 79, 83, 5C, 75]
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 000000007760ece8 4 bytes [00, 00, 50, C3]
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007760eee0 6 bytes [48, B8, 39, 31, 5C, 75]
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 000000007760eee8 4 bytes [00, 00, 50, C3]
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007760f0a0 6 bytes [48, B8, F9, C5, 5C, 75]
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 000000007760f0a8 4 bytes [00, 00, 50, C3]
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007760f180 6 bytes [48, B8, 79, 3D, 5C, 75]
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8 000000007760f188 4 bytes [00, 00, 50, C3]
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007760f190 6 bytes [48, B8, B9, 3B, 5C, 75]
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8 000000007760f198 4 bytes [00, 00, 50, C3]
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007760f1a0 6 bytes [48, B8, 39, 49, 5D, 75]
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 000000007760f1a8 4 bytes [00, 00, 50, C3]
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007760f280 6 bytes [48, B8, F9, 3C, 5D, 75]
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 000000007760f288 4 bytes [00, 00, 50, C3]
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe[3972] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 000000007767f0c1 11 bytes [B8, 39, 85, 5C, 75, 00, 00, ...]
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe[3972] C:\Windows\system32\kernel32.dll!Process32NextW + 1 00000000773a1b21 11 bytes [B8, B9, C0, 5C, 75, 00, 00, ...]
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe[3972] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 00000000773a1c10 12 bytes [48, B8, F9, 39, 5C, 75, 00, ...]
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe[3972] C:\Windows\system32\kernel32.dll!MoveFileExW + 1 00000000773a2b61 8 bytes [B8, B9, D5, 5C, 75, 00, 00, ...]
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe[3972] C:\Windows\system32\kernel32.dll!MoveFileExW + 10 00000000773a2b6a 2 bytes [50, C3]
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe[3972] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 00000000773bdb10 12 bytes [48, B8, B9, 2D, 5C, 75, 00, ...]
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe[3972] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 00000000773c0951 11 bytes [B8, 39, 3B, 5D, 75, 00, 00, ...]
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe[3972] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 00000000773f52c1 11 bytes [B8, B9, 7A, 5C, 75, 00, 00, ...]
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe[3972] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 00000000773f52e1 11 bytes [B8, 39, 77, 5C, 75, 00, 00, ...]
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe[3972] C:\Windows\system32\kernel32.dll!ReadConsoleW 000000007740a630 12 bytes [48, B8, B9, 81, 5C, 75, 00, ...]
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe[3972] C:\Windows\system32\kernel32.dll!ReadConsoleA 000000007740a740 12 bytes [48, B8, 39, 7E, 5C, 75, 00, ...]
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe[3972] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1 000000007742f4e1 11 bytes [B8, B9, DC, 5C, 75, 00, 00, ...]
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe[3972] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1 000000007742f6e1 11 bytes [B8, 39, D9, 5C, 75, 00, 00, ...]
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe[3972] C:\Windows\system32\kernel32.dll!MoveFileExA + 1 000000007742f711 8 bytes [B8, 39, D2, 5C, 75, 00, 00, ...]
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe[3972] C:\Windows\system32\kernel32.dll!MoveFileExA + 10 000000007742f71a 2 bytes [50, C3]
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe[3972] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd681861 11 bytes [B8, 79, 52, 5C, 75, 00, 00, ...]
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe[3972] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd682db1 11 bytes [B8, 79, B4, 5C, 75, 00, 00, ...]
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe[3972] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd683461 11 bytes [B8, 39, B6, 5C, 75, 00, 00, ...]
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe[3972] C:\Windows\system32\KERNELBASE.dll!FindClose + 1 000007fefd6850d1 11 bytes [B8, 39, 11, 5D, 75, 00, 00, ...]
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe[3972] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 000007fefd685370 12 bytes [48, B8, B9, 0D, 5D, 75, 00, ...]
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe[3972] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 000007fefd685eb1 11 bytes [B8, 79, 0F, 5D, 75, 00, 00, ...]
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe[3972] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd688f20 12 bytes [48, B8, B9, 50, 5C, 75, 00, ...]
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe[3972] C:\Windows\system32\KERNELBASE.dll!CreateWellKnownSid + 1 000007fefd6897a1 11 bytes [B8, 79, 32, 5D, 75, 00, 00, ...]
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe[3972] C:\Windows\system32\KERNELBASE.dll!DeviceIoControl + 1 000007fefd68a0e1 11 bytes [B8, F9, E1, 5C, 75, 00, 00, ...]
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe[3972] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd68aec0 12 bytes [48, B8, B9, B2, 5C, 75, 00, ...]
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe[3972] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd68ca31 11 bytes [B8, F9, B0, 5C, 75, 00, 00, ...]
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe[3972] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd6937d1 11 bytes [B8, F9, 4E, 5C, 75, 00, 00, ...]
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe[3972] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd6b4310 12 bytes [48, B8, B9, 42, 5C, 75, 00, ...]
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe[3972] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 000007fefd6c0bd1 11 bytes [B8, B9, CE, 5C, 75, 00, 00, ...]
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe[3972] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd6c2831 8 bytes [B8, 39, 23, 5C, 75, 00, 00, ...]
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe[3972] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd6c283a 2 bytes [50, C3]
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe[3972] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd6c2871 11 bytes [B8, F9, 40, 5C, 75, 00, 00, ...]
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe[3972] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 1 000007feff07ae81 11 bytes [B8, 79, 2B, 5D, 75, 00, 00, ...]
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe[3972] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 1 000007feff07aee1 11 bytes [B8, F9, 12, 5D, 75, 00, 00, ...]
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe[3972] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 1 000007feff07e6e9 11 bytes [B8, B9, 30, 5D, 75, 00, 00, ...]
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe[3972] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 1 000007feff08048d 11 bytes [B8, B9, 14, 5D, 75, 00, 00, ...]
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe[3972] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 1 000007feff080579 11 bytes [B8, B9, 29, 5D, 75, 00, 00, ...]
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe[3972] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 1 000007feff0805b1 11 bytes [B8, 39, 2D, 5D, 75, 00, 00, ...]
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe[3972] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 73 000007feff0805f9 5 bytes [B8, F9, 2E, 5D, 75]
.text ... * 2
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe[3972] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49 000007feff094e21 11 bytes [B8, B9, 4C, 5D, 75, 00, 00, ...]
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe[3972] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007feff095538 12 bytes [48, B8, B9, 6C, 5C, 75, 00, ...]
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe[3972] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 1 000007feff0ab9c1 7 bytes [B8, 39, 18, 5D, 75, 00, 00]
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe[3972] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 10 000007feff0ab9ca 2 bytes [50, C3]
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe[3972] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007feff0aba4c 12 bytes [48, B8, F9, 6A, 5C, 75, 00, ...]
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe[3972] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW 000007feff0abbc0 12 bytes [48, B8, 79, 60, 5C, 75, 00, ...]
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe[3972] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007feff0abc2c 12 bytes [48, B8, B9, 5E, 5C, 75, 00, ...]
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe[3972] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefdd3642d 11 bytes [B8, 39, 5B, 5C, 75, 00, 00, ...]
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe[3972] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefdd36484 12 bytes [48, B8, F9, 55, 5C, 75, 00, ...]
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe[3972] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefdd36519 11 bytes [B8, 39, 62, 5C, 75, 00, 00, ...]
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe[3972] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefdd36c34 12 bytes [48, B8, 39, 54, 5C, 75, 00, ...]
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe[3972] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefdd37ab5 11 bytes [B8, F9, 5C, 5C, 75, 00, 00, ...]
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe[3972] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefdd38b01 11 bytes [B8, B9, 57, 5C, 75, 00, 00, ...]
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe[3972] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefdd38c39 11 bytes [B8, 79, 59, 5C, 75, 00, 00, ...]
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe[3972] C:\Windows\system32\GDI32.dll!GdiDllInitialize + 349 000007fefe10b031 11 bytes [B8, 39, 50, 5D, 75, 00, 00, ...]
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe[3972] C:\Windows\system32\GDI32.dll!SetBrushAttributes + 1 000007fefe124991 11 bytes [B8, B9, 22, 5D, 75, 00, 00, ...]
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe[3972] C:\Windows\system32\GDI32.dll!ClearBrushAttributes + 1 000007fefe1249b1 11 bytes [B8, 79, 24, 5D, 75, 00, 00, ...]
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe[3972] C:\Windows\system32\GDI32.dll!NamedEscape + 1 000007fefe139209 11 bytes [B8, F9, 27, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\SearchIndexer.exe[4492] C:\Windows\SYSTEM32\ntdll.dll!RtlEqualSid + 1 00000000775e85e1 11 bytes [B8, B9, 37, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\SearchIndexer.exe[4492] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 00000000775f6921 7 bytes [B8, 39, 69, 5C, 75, 00, 00]
.text C:\Windows\system32\SearchIndexer.exe[4492] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 10 00000000775f692a 2 bytes [50, C3]
.text C:\Windows\system32\SearchIndexer.exe[4492] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 000000007760da30 6 bytes [48, B8, B9, 45, 5D, 75]
.text C:\Windows\system32\SearchIndexer.exe[4492] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 000000007760da38 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\SearchIndexer.exe[4492] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007760daa0 6 bytes [48, B8, 79, C2, 5C, 75]
.text C:\Windows\system32\SearchIndexer.exe[4492] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 000000007760daa8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\SearchIndexer.exe[4492] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007760db70 6 bytes [48, B8, 39, AF, 5C, 75]
.text C:\Windows\system32\SearchIndexer.exe[4492] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 000000007760db78 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\SearchIndexer.exe[4492] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken 000000007760dbc0 6 bytes [48, B8, F9, 35, 5D, 75]
.text C:\Windows\system32\SearchIndexer.exe[4492] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken + 8 000000007760dbc8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\SearchIndexer.exe[4492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007760dc10 6 bytes [48, B8, F9, 32, 5C, 75]
.text C:\Windows\system32\SearchIndexer.exe[4492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 000000007760dc18 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\SearchIndexer.exe[4492] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007760dc30 6 bytes [48, B8, 39, 1C, 5C, 75]
.text C:\Windows\system32\SearchIndexer.exe[4492] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000000007760dc38 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\SearchIndexer.exe[4492] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007760dc50 6 bytes [48, B8, F9, 1D, 5C, 75]
.text C:\Windows\system32\SearchIndexer.exe[4492] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 000000007760dc58 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\SearchIndexer.exe[4492] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007760dc70 6 bytes [48, B8, 79, AD, 5C, 75]
.text C:\Windows\system32\SearchIndexer.exe[4492] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 000000007760dc78 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\SearchIndexer.exe[4492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007760dd20 6 bytes [48, B8, F9, 43, 5D, 75]
.text C:\Windows\system32\SearchIndexer.exe[4492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 000000007760dd28 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\SearchIndexer.exe[4492] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007760dd50 6 bytes [48, B8, 79, 2F, 5C, 75]
.text C:\Windows\system32\SearchIndexer.exe[4492] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 000000007760dd58 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\SearchIndexer.exe[4492] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007760dd70 6 bytes [48, B8, 79, 36, 5C, 75]
.text C:\Windows\system32\SearchIndexer.exe[4492] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 000000007760dd78 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\SearchIndexer.exe[4492] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007760ddc0 6 bytes [48, B8, 79, DE, 5C, 75]
.text C:\Windows\system32\SearchIndexer.exe[4492] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken + 8 000000007760ddc8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\SearchIndexer.exe[4492] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007760de00 6 bytes [48, B8, B9, 34, 5C, 75]
.text C:\Windows\system32\SearchIndexer.exe[4492] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 000000007760de08 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\SearchIndexer.exe[4492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007760de30 6 bytes [48, B8, F9, 0B, 5D, 75]
.text C:\Windows\system32\SearchIndexer.exe[4492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 8 000000007760de38 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\SearchIndexer.exe[4492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007760de50 6 bytes [48, B8, 79, 47, 5D, 75]
.text C:\Windows\system32\SearchIndexer.exe[4492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 000000007760de58 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\SearchIndexer.exe[4492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 000000007760de80 6 bytes [48, B8, 39, 2A, 5C, 75]
.text C:\Windows\system32\SearchIndexer.exe[4492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 000000007760de88 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\SearchIndexer.exe[4492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007760de90 6 bytes [48, B8, B9, 26, 5C, 75]
.text C:\Windows\system32\SearchIndexer.exe[4492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 000000007760de98 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\SearchIndexer.exe[4492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007760df00 6 bytes [48, B8, 39, E0, 5C, 75]
.text C:\Windows\system32\SearchIndexer.exe[4492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000000007760df08 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\SearchIndexer.exe[4492] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000000007760dfb0 4 bytes [48, B8, F9, 4A]
.text C:\Windows\system32\SearchIndexer.exe[4492] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 5 000000007760dfb5 1 byte [75]
.text ... * 2
.text C:\Windows\system32\SearchIndexer.exe[4492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007760e380 6 bytes [48, B8, 39, 42, 5D, 75]
.text C:\Windows\system32\SearchIndexer.exe[4492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 000000007760e388 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\SearchIndexer.exe[4492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 000000007760e3d0 6 bytes [48, B8, 79, 28, 5C, 75]
.text C:\Windows\system32\SearchIndexer.exe[4492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 000000007760e3d8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\SearchIndexer.exe[4492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007760e430 6 bytes [48, B8, F9, 24, 5C, 75]
.text C:\Windows\system32\SearchIndexer.exe[4492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 000000007760e438 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\SearchIndexer.exe[4492] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007760e7a0 6 bytes [48, B8, 39, C4, 5C, 75]
.text C:\Windows\system32\SearchIndexer.exe[4492] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 000000007760e7a8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\SearchIndexer.exe[4492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 000000007760e970 6 bytes [48, B8, 39, 34, 5D, 75]
.text C:\Windows\system32\SearchIndexer.exe[4492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 000000007760e978 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\SearchIndexer.exe[4492] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 000000007760ece0 6 bytes [48, B8, 79, 83, 5C, 75]
.text C:\Windows\system32\SearchIndexer.exe[4492] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 000000007760ece8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\SearchIndexer.exe[4492] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007760eee0 6 bytes [48, B8, 39, 31, 5C, 75]
.text C:\Windows\system32\SearchIndexer.exe[4492] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 000000007760eee8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\SearchIndexer.exe[4492] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007760f0a0 6 bytes [48, B8, F9, C5, 5C, 75]
.text C:\Windows\system32\SearchIndexer.exe[4492] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 000000007760f0a8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\SearchIndexer.exe[4492] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007760f180 6 bytes [48, B8, 79, 3D, 5C, 75]
.text C:\Windows\system32\SearchIndexer.exe[4492] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8 000000007760f188 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\SearchIndexer.exe[4492] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007760f190 6 bytes [48, B8, B9, 3B, 5C, 75]
.text C:\Windows\system32\SearchIndexer.exe[4492] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8 000000007760f198 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\SearchIndexer.exe[4492] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007760f1a0 6 bytes [48, B8, 39, 49, 5D, 75]
.text C:\Windows\system32\SearchIndexer.exe[4492] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 000000007760f1a8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\SearchIndexer.exe[4492] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007760f280 6 bytes [48, B8, F9, 3C, 5D, 75]
.text C:\Windows\system32\SearchIndexer.exe[4492] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 000000007760f288 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\SearchIndexer.exe[4492] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 000000007767f0c1 11 bytes [B8, 39, 85, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\SearchIndexer.exe[4492] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd681861 11 bytes [B8, 79, 52, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\SearchIndexer.exe[4492] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd682db1 11 bytes [B8, 79, B4, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\SearchIndexer.exe[4492] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd683461 11 bytes [B8, 39, B6, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\SearchIndexer.exe[4492] C:\Windows\system32\KERNELBASE.dll!FindClose + 1 000007fefd6850d1 11 bytes [B8, 39, 11, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\SearchIndexer.exe[4492] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 000007fefd685370 12 bytes [48, B8, B9, 0D, 5D, 75, 00, ...]
.text C:\Windows\system32\SearchIndexer.exe[4492] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 000007fefd685eb1 11 bytes [B8, 79, 0F, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\SearchIndexer.exe[4492] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd688f20 12 bytes [48, B8, B9, 50, 5C, 75, 00, ...]
.text C:\Windows\system32\SearchIndexer.exe[4492] C:\Windows\system32\KERNELBASE.dll!CreateWellKnownSid + 1 000007fefd6897a1 11 bytes [B8, 79, 32, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\SearchIndexer.exe[4492] C:\Windows\system32\KERNELBASE.dll!DeviceIoControl + 1 000007fefd68a0e1 11 bytes [B8, F9, E1, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\SearchIndexer.exe[4492] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd68aec0 12 bytes [48, B8, B9, B2, 5C, 75, 00, ...]
.text C:\Windows\system32\SearchIndexer.exe[4492] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd68ca31 11 bytes [B8, F9, B0, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\SearchIndexer.exe[4492] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd6937d1 11 bytes [B8, F9, 4E, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\SearchIndexer.exe[4492] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd6b4310 12 bytes [48, B8, B9, 42, 5C, 75, 00, ...]
.text C:\Windows\system32\SearchIndexer.exe[4492] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 000007fefd6c0bd1 11 bytes [B8, B9, CE, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\SearchIndexer.exe[4492] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd6c2831 8 bytes [B8, 39, 23, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\SearchIndexer.exe[4492] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd6c283a 2 bytes [50, C3]
.text C:\Windows\system32\SearchIndexer.exe[4492] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd6c2871 11 bytes [B8, F9, 40, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\SearchIndexer.exe[4492] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefdd3642d 11 bytes [B8, 39, 5B, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\SearchIndexer.exe[4492] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefdd36484 12 bytes [48, B8, F9, 55, 5C, 75, 00, ...]
.text C:\Windows\system32\SearchIndexer.exe[4492] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefdd36519 11 bytes [B8, 39, 62, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\SearchIndexer.exe[4492] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefdd36c34 12 bytes [48, B8, 39, 54, 5C, 75, 00, ...]
.text C:\Windows\system32\SearchIndexer.exe[4492] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefdd37ab5 11 bytes [B8, F9, 5C, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\SearchIndexer.exe[4492] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefdd38b01 11 bytes [B8, B9, 57, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\SearchIndexer.exe[4492] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefdd38c39 11 bytes [B8, 79, 59, 5C, 75, 00, 00, ...]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4648] C:\Windows\SYSTEM32\ntdll.dll!RtlEqualSid + 1 00000000775e85e1 11 bytes [B8, B9, 53, 5D, 75, 00, 00, ...]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4648] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 00000000775f6921 7 bytes [B8, 39, 69, 5C, 75, 00, 00]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4648] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 10 00000000775f692a 2 bytes [50, C3]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4648] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 000000007760da30 6 bytes [48, B8, B9, 61, 5D, 75]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4648] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 000000007760da38 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4648] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007760daa0 6 bytes [48, B8, 79, DE, 5C, 75]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4648] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 000000007760daa8 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4648] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007760db70 6 bytes [48, B8, 39, CB, 5C, 75]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4648] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 000000007760db78 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4648] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken 000000007760dbc0 6 bytes [48, B8, F9, 51, 5D, 75]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4648] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken + 8 000000007760dbc8 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007760dc10 6 bytes [48, B8, F9, 32, 5C, 75]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 000000007760dc18 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4648] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007760dc30 6 bytes [48, B8, 39, 1C, 5C, 75]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4648] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000000007760dc38 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4648] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007760dc50 6 bytes [48, B8, F9, 1D, 5C, 75]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4648] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 000000007760dc58 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4648] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007760dc70 6 bytes [48, B8, 79, C9, 5C, 75]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4648] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 000000007760dc78 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007760dd20 6 bytes [48, B8, F9, 5F, 5D, 75]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 000000007760dd28 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4648] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007760dd50 6 bytes [48, B8, 79, 2F, 5C, 75]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4648] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 000000007760dd58 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4648] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007760dd70 6 bytes [48, B8, 79, 36, 5C, 75]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4648] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 000000007760dd78 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4648] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007760ddc0 6 bytes [48, B8, 79, FA, 5C, 75]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4648] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken + 8 000000007760ddc8 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4648] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007760de00 6 bytes [48, B8, B9, 34, 5C, 75]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4648] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 000000007760de08 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007760de30 6 bytes [48, B8, F9, 27, 5D, 75]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 8 000000007760de38 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007760de50 6 bytes [48, B8, 79, 63, 5D, 75]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 000000007760de58 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 000000007760de80 6 bytes [48, B8, 39, 2A, 5C, 75]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 000000007760de88 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007760de90 6 bytes [48, B8, B9, 26, 5C, 75]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 000000007760de98 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007760df00 6 bytes [48, B8, 39, FC, 5C, 75]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000000007760df08 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4648] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000000007760dfb0 4 bytes [48, B8, F9, 66]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4648] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 5 000000007760dfb5 1 byte [75]
.text ... * 2
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007760e380 6 bytes [48, B8, 39, 5E, 5D, 75]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 000000007760e388 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 000000007760e3d0 6 bytes [48, B8, 79, 28, 5C, 75]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 000000007760e3d8 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007760e430 6 bytes [48, B8, F9, 24, 5C, 75]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 000000007760e438 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4648] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007760e7a0 6 bytes [48, B8, 39, E0, 5C, 75]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4648] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 000000007760e7a8 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 000000007760e970 6 bytes [48, B8, 39, 50, 5D, 75]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 000000007760e978 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4648] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 000000007760ece0 6 bytes [48, B8, 79, 83, 5C, 75]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4648] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 000000007760ece8 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4648] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007760eee0 6 bytes [48, B8, 39, 31, 5C, 75]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4648] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 000000007760eee8 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4648] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007760f0a0 6 bytes [48, B8, F9, E1, 5C, 75]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4648] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 000000007760f0a8 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4648] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007760f180 6 bytes [48, B8, 79, 3D, 5C, 75]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4648] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8 000000007760f188 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4648] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007760f190 6 bytes [48, B8, B9, 3B, 5C, 75]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4648] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8 000000007760f198 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4648] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007760f1a0 6 bytes [48, B8, 39, 65, 5D, 75]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4648] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 000000007760f1a8 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4648] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007760f280 6 bytes [48, B8, F9, 58, 5D, 75]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4648] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 000000007760f288 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4648] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 000000007767f0c1 11 bytes [B8, 39, 85, 5C, 75, 00, 00, ...]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4648] C:\Windows\system32\kernel32.dll!Process32NextW + 1 00000000773a1b21 11 bytes [B8, B9, DC, 5C, 75, 00, 00, ...]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4648] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 00000000773a1c10 12 bytes [48, B8, F9, 39, 5C, 75, 00, ...]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4648] C:\Windows\system32\kernel32.dll!MoveFileExW + 1 00000000773a2b61 8 bytes [B8, B9, F1, 5C, 75, 00, 00, ...]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4648] C:\Windows\system32\kernel32.dll!MoveFileExW + 10 00000000773a2b6a 2 bytes [50, C3]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4648] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 00000000773bdb10 12 bytes [48, B8, B9, 2D, 5C, 75, 00, ...]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4648] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 00000000773c0951 11 bytes [B8, 39, 57, 5D, 75, 00, 00, ...]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4648] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 00000000773f52c1 11 bytes [B8, B9, 7A, 5C, 75, 00, 00, ...]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4648] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 00000000773f52e1 11 bytes [B8, 39, 77, 5C, 75, 00, 00, ...]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4648] C:\Windows\system32\kernel32.dll!ReadConsoleW 000000007740a630 12 bytes [48, B8, B9, 81, 5C, 75, 00, ...]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4648] C:\Windows\system32\kernel32.dll!ReadConsoleA 000000007740a740 12 bytes [48, B8, 39, 7E, 5C, 75, 00, ...]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4648] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1 000000007742f4e1 11 bytes [B8, B9, F8, 5C, 75, 00, 00, ...]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4648] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1 000000007742f6e1 11 bytes [B8, 39, F5, 5C, 75, 00, 00, ...]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4648] C:\Windows\system32\kernel32.dll!MoveFileExA + 1 000000007742f711 8 bytes [B8, 39, EE, 5C, 75, 00, 00, ...]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4648] C:\Windows\system32\kernel32.dll!MoveFileExA + 10 000000007742f71a 2 bytes [50, C3]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4648] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd681861 11 bytes [B8, 79, 52, 5C, 75, 00, 00, ...]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4648] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd682db1 11 bytes [B8, 79, D0, 5C, 75, 00, 00, ...]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4648] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd683461 11 bytes [B8, 39, D2, 5C, 75, 00, 00, ...]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4648] C:\Windows\system32\KERNELBASE.dll!FindClose + 1 000007fefd6850d1 11 bytes [B8, 39, 2D, 5D, 75, 00, 00, ...]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4648] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 000007fefd685370 12 bytes [48, B8, B9, 29, 5D, 75, 00, ...]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4648] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 000007fefd685eb1 11 bytes [B8, 79, 2B, 5D, 75, 00, 00, ...]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4648] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd688f20 12 bytes [48, B8, B9, 50, 5C, 75, 00, ...]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4648] C:\Windows\system32\KERNELBASE.dll!CreateWellKnownSid + 1 000007fefd6897a1 11 bytes [B8, 79, 4E, 5D, 75, 00, 00, ...]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4648] C:\Windows\system32\KERNELBASE.dll!DeviceIoControl + 1 000007fefd68a0e1 11 bytes [B8, F9, FD, 5C, 75, 00, 00, ...]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4648] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd68aec0 12 bytes [48, B8, B9, CE, 5C, 75, 00, ...]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4648] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd68ca31 11 bytes [B8, F9, CC, 5C, 75, 00, 00, ...]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4648] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd6937d1 11 bytes [B8, F9, 4E, 5C, 75, 00, 00, ...]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4648] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd6b4310 12 bytes [48, B8, B9, 42, 5C, 75, 00, ...]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4648] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 000007fefd6c0bd1 11 bytes [B8, B9, EA, 5C, 75, 00, 00, ...]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4648] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd6c2831 8 bytes [B8, 39, 23, 5C, 75, 00, 00, ...]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4648] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd6c283a 2 bytes [50, C3]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4648] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd6c2871 11 bytes [B8, F9, 40, 5C, 75, 00, 00, ...]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4648] C:\Windows\system32\GDI32.dll!GdiDllInitialize + 349 000007fefe10b031 11 bytes [B8, 79, 6A, 5D, 75, 00, 00, ...]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4648] C:\Windows\system32\GDI32.dll!SetBrushAttributes + 1 000007fefe124991 11 bytes [B8, B9, 3E, 5D, 75, 00, 00, ...]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4648] C:\Windows\system32\GDI32.dll!ClearBrushAttributes + 1 000007fefe1249b1 11 bytes [B8, 79, 40, 5D, 75, 00, 00, ...]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4648] C:\Windows\system32\GDI32.dll!NamedEscape + 1 000007fefe139209 11 bytes [B8, F9, 43, 5D, 75, 00, 00, ...]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4648] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 1 000007feff07ae81 11 bytes [B8, 79, 47, 5D, 75, 00, 00, ...]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4648] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 1 000007feff07aee1 11 bytes [B8, F9, 2E, 5D, 75, 00, 00, ...]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4648] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 1 000007feff07e6e9 11 bytes [B8, B9, 4C, 5D, 75, 00, 00, ...]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4648] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 1 000007feff08048d 11 bytes [B8, B9, 30, 5D, 75, 00, 00, ...]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4648] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 1 000007feff080579 11 bytes [B8, B9, 45, 5D, 75, 00, 00, ...]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4648] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 1 000007feff0805b1 11 bytes [B8, 39, 49, 5D, 75, 00, 00, ...]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4648] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 73 000007feff0805f9 5 bytes [B8, F9, 4A, 5D, 75]
.text ...
|
|
05.12.2015, 19:10
| #11 |
| /// TB-Schüler | Win7: Fehler 5 u.a. / "Kaputtoptimiert" Teil 12: Code:
ATTFilter * 2
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4648] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49 000007feff094e21 11 bytes [B8, 39, 6C, 5D, 75, 00, 00, ...]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4648] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007feff095538 12 bytes [48, B8, B9, 6C, 5C, 75, 00, ...]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4648] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 1 000007feff0ab9c1 7 bytes [B8, 39, 34, 5D, 75, 00, 00]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4648] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 10 000007feff0ab9ca 2 bytes [50, C3]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4648] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007feff0aba4c 12 bytes [48, B8, F9, 6A, 5C, 75, 00, ...]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4648] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW 000007feff0abbc0 12 bytes [48, B8, 79, 60, 5C, 75, 00, ...]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4648] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007feff0abc2c 12 bytes [48, B8, B9, 5E, 5C, 75, 00, ...]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4648] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefdd3642d 11 bytes [B8, 39, 5B, 5C, 75, 00, 00, ...]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4648] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefdd36484 12 bytes [48, B8, F9, 55, 5C, 75, 00, ...]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4648] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefdd36519 11 bytes [B8, 39, 62, 5C, 75, 00, 00, ...]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4648] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefdd36c34 12 bytes [48, B8, 39, 54, 5C, 75, 00, ...]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4648] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefdd37ab5 11 bytes [B8, F9, 5C, 5C, 75, 00, 00, ...]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4648] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefdd38b01 11 bytes [B8, B9, 57, 5C, 75, 00, 00, ...]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4648] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefdd38c39 11 bytes [B8, 79, 59, 5C, 75, 00, 00, ...]
.text C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe[4680] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007760dc70 5 bytes [48, B8, F0, 12, 3E]
.text C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe[4680] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 000000007760dc78 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe[4680] C:\Windows\system32\kernel32.dll!UnhandledExceptionFilter + 1 000000007743b831 11 bytes [B8, F0, 12, 45, 02, 00, 00, ...]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[336] C:\Windows\system32\kernel32.dll!Process32NextW + 1 00000000773a1b21 11 bytes [B8, B9, C0, 5C, 75, 00, 00, ...]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[336] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 00000000773a1c10 12 bytes [48, B8, F9, 39, 5C, 75, 00, ...]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[336] C:\Windows\system32\kernel32.dll!MoveFileExW + 1 00000000773a2b61 8 bytes [B8, B9, D5, 5C, 75, 00, 00, ...]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[336] C:\Windows\system32\kernel32.dll!MoveFileExW + 10 00000000773a2b6a 2 bytes [50, C3]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[336] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 00000000773bdb10 12 bytes [48, B8, B9, 2D, 5C, 75, 00, ...]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[336] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 00000000773c0951 11 bytes [B8, 39, 3B, 5D, 75, 00, 00, ...]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[336] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 00000000773f52c1 11 bytes [B8, B9, 7A, 5C, 75, 00, 00, ...]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[336] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 00000000773f52e1 11 bytes [B8, 39, 77, 5C, 75, 00, 00, ...]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[336] C:\Windows\system32\kernel32.dll!ReadConsoleW 000000007740a630 12 bytes [48, B8, B9, 81, 5C, 75, 00, ...]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[336] C:\Windows\system32\kernel32.dll!ReadConsoleA 000000007740a740 12 bytes [48, B8, 39, 7E, 5C, 75, 00, ...]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[336] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1 000000007742f4e1 11 bytes [B8, B9, DC, 5C, 75, 00, 00, ...]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[336] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1 000000007742f6e1 11 bytes [B8, 39, D9, 5C, 75, 00, 00, ...]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[336] C:\Windows\system32\kernel32.dll!MoveFileExA + 1 000000007742f711 8 bytes [B8, 39, D2, 5C, 75, 00, 00, ...]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[336] C:\Windows\system32\kernel32.dll!MoveFileExA + 10 000000007742f71a 2 bytes [50, C3]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[336] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd681861 11 bytes [B8, 79, 52, 5C, 75, 00, 00, ...]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[336] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd682db1 11 bytes [B8, 79, B4, 5C, 75, 00, 00, ...]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[336] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd683461 11 bytes [B8, 39, B6, 5C, 75, 00, 00, ...]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[336] C:\Windows\system32\KERNELBASE.dll!FindClose + 1 000007fefd6850d1 11 bytes [B8, 39, 11, 5D, 75, 00, 00, ...]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[336] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 000007fefd685370 12 bytes [48, B8, B9, 0D, 5D, 75, 00, ...]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[336] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 000007fefd685eb1 11 bytes [B8, 79, 0F, 5D, 75, 00, 00, ...]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[336] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd688f20 12 bytes [48, B8, B9, 50, 5C, 75, 00, ...]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[336] C:\Windows\system32\KERNELBASE.dll!CreateWellKnownSid + 1 000007fefd6897a1 11 bytes [B8, 79, 32, 5D, 75, 00, 00, ...]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[336] C:\Windows\system32\KERNELBASE.dll!DeviceIoControl + 1 000007fefd68a0e1 11 bytes [B8, F9, E1, 5C, 75, 00, 00, ...]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[336] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd68aec0 12 bytes [48, B8, B9, B2, 5C, 75, 00, ...]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[336] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd68ca31 11 bytes [B8, F9, B0, 5C, 75, 00, 00, ...]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[336] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd6937d1 11 bytes [B8, F9, 4E, 5C, 75, 00, 00, ...]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[336] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd6b4310 12 bytes [48, B8, B9, 42, 5C, 75, 00, ...]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[336] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 000007fefd6c0bd1 11 bytes [B8, B9, CE, 5C, 75, 00, 00, ...]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[336] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd6c2831 8 bytes [B8, 39, 23, 5C, 75, 00, 00, ...]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[336] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd6c283a 2 bytes [50, C3]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[336] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd6c2871 11 bytes [B8, F9, 40, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!RtlEqualSid + 1 00000000775e85e1 11 bytes [B8, F9, 35, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 00000000775f6921 7 bytes [B8, 39, 69, 5C, 75, 00, 00]
.text C:\Windows\system32\svchost.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 10 00000000775f692a 2 bytes [50, C3]
.text C:\Windows\system32\svchost.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 000000007760da30 6 bytes [48, B8, B9, 3E, 5D, 75]
.text C:\Windows\system32\svchost.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 000000007760da38 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007760daa0 6 bytes [48, B8, 79, C2, 5C, 75]
.text C:\Windows\system32\svchost.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 000000007760daa8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007760db70 6 bytes [48, B8, 39, AF, 5C, 75]
.text C:\Windows\system32\svchost.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 000000007760db78 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken 000000007760dbc0 6 bytes [48, B8, 39, 34, 5D, 75]
.text C:\Windows\system32\svchost.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken + 8 000000007760dbc8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007760dc10 6 bytes [48, B8, F9, 32, 5C, 75]
.text C:\Windows\system32\svchost.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 000000007760dc18 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007760dc30 6 bytes [48, B8, 39, 1C, 5C, 75]
.text C:\Windows\system32\svchost.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000000007760dc38 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007760dc50 6 bytes [48, B8, F9, 1D, 5C, 75]
.text C:\Windows\system32\svchost.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 000000007760dc58 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007760dc70 6 bytes [48, B8, 79, AD, 5C, 75]
.text C:\Windows\system32\svchost.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 000000007760dc78 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007760dd20 6 bytes [48, B8, F9, 3C, 5D, 75]
.text C:\Windows\system32\svchost.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 000000007760dd28 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007760dd50 6 bytes [48, B8, 79, 2F, 5C, 75]
.text C:\Windows\system32\svchost.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 000000007760dd58 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007760dd70 6 bytes [48, B8, 79, 36, 5C, 75]
.text C:\Windows\system32\svchost.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 000000007760dd78 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007760de00 6 bytes [48, B8, B9, 34, 5C, 75]
.text C:\Windows\system32\svchost.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 000000007760de08 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007760de30 6 bytes [48, B8, 39, 0A, 5D, 75]
.text C:\Windows\system32\svchost.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 8 000000007760de38 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007760de50 6 bytes [48, B8, 79, 40, 5D, 75]
.text C:\Windows\system32\svchost.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 000000007760de58 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 000000007760de80 6 bytes [48, B8, 39, 2A, 5C, 75]
.text C:\Windows\system32\svchost.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 000000007760de88 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007760de90 6 bytes [48, B8, B9, 26, 5C, 75]
.text C:\Windows\system32\svchost.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 000000007760de98 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007760df00 6 bytes [48, B8, 79, DE, 5C, 75]
.text C:\Windows\system32\svchost.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000000007760df08 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000000007760dfb0 4 bytes [48, B8, F9, 43]
.text C:\Windows\system32\svchost.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 5 000000007760dfb5 1 byte [75]
.text ... * 2
.text C:\Windows\system32\svchost.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007760e380 6 bytes [48, B8, 39, 3B, 5D, 75]
.text C:\Windows\system32\svchost.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 000000007760e388 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 000000007760e3d0 6 bytes [48, B8, 79, 28, 5C, 75]
.text C:\Windows\system32\svchost.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 000000007760e3d8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007760e430 6 bytes [48, B8, F9, 24, 5C, 75]
.text C:\Windows\system32\svchost.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 000000007760e438 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007760e7a0 6 bytes [48, B8, 39, C4, 5C, 75]
.text C:\Windows\system32\svchost.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 000000007760e7a8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 000000007760e970 6 bytes [48, B8, 79, 32, 5D, 75]
.text C:\Windows\system32\svchost.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 000000007760e978 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 000000007760ece0 6 bytes [48, B8, 79, 83, 5C, 75]
.text C:\Windows\system32\svchost.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 000000007760ece8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007760eee0 6 bytes [48, B8, 39, 31, 5C, 75]
.text C:\Windows\system32\svchost.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 000000007760eee8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007760f0a0 6 bytes [48, B8, F9, C5, 5C, 75]
.text C:\Windows\system32\svchost.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 000000007760f0a8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007760f180 6 bytes [48, B8, 79, 3D, 5C, 75]
.text C:\Windows\system32\svchost.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8 000000007760f188 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007760f190 6 bytes [48, B8, B9, 3B, 5C, 75]
.text C:\Windows\system32\svchost.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8 000000007760f198 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007760f1a0 6 bytes [48, B8, 39, 42, 5D, 75]
.text C:\Windows\system32\svchost.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 000000007760f1a8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[4300] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 000000007767f0c1 11 bytes [B8, 39, 85, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[4300] C:\Windows\system32\kernel32.dll!Process32NextW + 1 00000000773a1b21 11 bytes [B8, B9, C0, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[4300] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 00000000773a1c10 12 bytes [48, B8, F9, 39, 5C, 75, 00, ...]
.text C:\Windows\system32\svchost.exe[4300] C:\Windows\system32\kernel32.dll!MoveFileExW + 1 00000000773a2b61 8 bytes [B8, B9, D5, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[4300] C:\Windows\system32\kernel32.dll!MoveFileExW + 10 00000000773a2b6a 2 bytes [50, C3]
.text C:\Windows\system32\svchost.exe[4300] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 00000000773bdb10 12 bytes [48, B8, B9, 2D, 5C, 75, 00, ...]
.text C:\Windows\system32\svchost.exe[4300] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 00000000773c0951 11 bytes [B8, 79, 39, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[4300] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 00000000773f52c1 11 bytes [B8, B9, 7A, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[4300] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 00000000773f52e1 11 bytes [B8, 39, 77, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[4300] C:\Windows\system32\kernel32.dll!ReadConsoleW 000000007740a630 12 bytes [48, B8, B9, 81, 5C, 75, 00, ...]
.text C:\Windows\system32\svchost.exe[4300] C:\Windows\system32\kernel32.dll!ReadConsoleA 000000007740a740 12 bytes [48, B8, 39, 7E, 5C, 75, 00, ...]
.text C:\Windows\system32\svchost.exe[4300] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1 000000007742f4e1 11 bytes [B8, B9, DC, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[4300] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1 000000007742f6e1 11 bytes [B8, 39, D9, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[4300] C:\Windows\system32\kernel32.dll!MoveFileExA + 1 000000007742f711 8 bytes [B8, 39, D2, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[4300] C:\Windows\system32\kernel32.dll!MoveFileExA + 10 000000007742f71a 2 bytes [50, C3]
.text C:\Windows\system32\svchost.exe[4300] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd681861 11 bytes [B8, 79, 52, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[4300] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd682db1 11 bytes [B8, 79, B4, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[4300] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd683461 11 bytes [B8, 39, B6, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[4300] C:\Windows\system32\KERNELBASE.dll!FindClose + 1 000007fefd6850d1 11 bytes [B8, 79, 0F, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[4300] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 000007fefd685370 12 bytes [48, B8, F9, 0B, 5D, 75, 00, ...]
.text C:\Windows\system32\svchost.exe[4300] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 000007fefd685eb1 11 bytes [B8, B9, 0D, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[4300] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd688f20 12 bytes [48, B8, B9, 50, 5C, 75, 00, ...]
.text C:\Windows\system32\svchost.exe[4300] C:\Windows\system32\KERNELBASE.dll!CreateWellKnownSid + 1 000007fefd6897a1 11 bytes [B8, B9, 30, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[4300] C:\Windows\system32\KERNELBASE.dll!DeviceIoControl + 1 000007fefd68a0e1 11 bytes [B8, 39, E0, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[4300] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd68aec0 12 bytes [48, B8, B9, B2, 5C, 75, 00, ...]
.text C:\Windows\system32\svchost.exe[4300] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd68ca31 11 bytes [B8, F9, B0, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[4300] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd6937d1 11 bytes [B8, F9, 4E, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[4300] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd6b4310 12 bytes [48, B8, B9, 42, 5C, 75, 00, ...]
.text C:\Windows\system32\svchost.exe[4300] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 000007fefd6c0bd1 11 bytes [B8, B9, CE, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[4300] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd6c2831 8 bytes [B8, 39, 23, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[4300] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd6c283a 2 bytes [50, C3]
.text C:\Windows\system32\svchost.exe[4300] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd6c2871 11 bytes [B8, F9, 40, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[4300] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefdd3642d 11 bytes [B8, 39, 5B, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[4300] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefdd36484 12 bytes [48, B8, F9, 55, 5C, 75, 00, ...]
.text C:\Windows\system32\svchost.exe[4300] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefdd36519 11 bytes [B8, 39, 62, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[4300] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefdd36c34 12 bytes [48, B8, 39, 54, 5C, 75, 00, ...]
.text C:\Windows\system32\svchost.exe[4300] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefdd37ab5 11 bytes [B8, F9, 5C, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[4300] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefdd38b01 11 bytes [B8, B9, 57, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[4300] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefdd38c39 11 bytes [B8, 79, 59, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[4300] C:\Windows\system32\GDI32.dll!GdiDllInitialize + 349 000007fefe10b031 11 bytes [B8, B9, 45, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[4300] C:\Windows\system32\GDI32.dll!SetBrushAttributes + 1 000007fefe124991 11 bytes [B8, F9, 20, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[4300] C:\Windows\system32\GDI32.dll!ClearBrushAttributes + 1 000007fefe1249b1 11 bytes [B8, B9, 22, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[4300] C:\Windows\system32\GDI32.dll!NamedEscape + 1 000007fefe139209 11 bytes [B8, 39, 26, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[4300] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 1 000007feff07ae81 11 bytes [B8, B9, 29, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[4300] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 1 000007feff07aee1 11 bytes [B8, 39, 11, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[4300] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 1 000007feff07e6e9 11 bytes [B8, F9, 2E, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[4300] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 1 000007feff08048d 11 bytes [B8, F9, 12, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[4300] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 1 000007feff080579 11 bytes [B8, F9, 27, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[4300] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 1 000007feff0805b1 11 bytes [B8, 79, 2B, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[4300] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 73 000007feff0805f9 5 bytes [B8, 39, 2D, 5D, 75]
.text ... * 2
.text C:\Windows\system32\svchost.exe[4300] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49 000007feff094e21 11 bytes [B8, 39, 49, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[4300] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007feff095538 12 bytes [48, B8, B9, 6C, 5C, 75, 00, ...]
.text C:\Windows\system32\svchost.exe[4300] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 1 000007feff0ab9c1 7 bytes [B8, 79, 16, 5D, 75, 00, 00]
.text C:\Windows\system32\svchost.exe[4300] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 10 000007feff0ab9ca 2 bytes [50, C3]
.text C:\Windows\system32\svchost.exe[4300] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007feff0aba4c 12 bytes [48, B8, F9, 6A, 5C, 75, 00, ...]
.text C:\Windows\system32\svchost.exe[4300] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW 000007feff0abbc0 12 bytes [48, B8, 79, 60, 5C, 75, 00, ...]
.text C:\Windows\system32\svchost.exe[4300] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007feff0abc2c 12 bytes [48, B8, B9, 5E, 5C, 75, 00, ...]
.text C:\Windows\system32\svchost.exe[4300] C:\Windows\system32\WS2_32.dll!WSASend + 1 000007fefdd513b1 11 bytes [B8, B9, AB, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[4300] C:\Windows\system32\WS2_32.dll!closesocket 000007fefdd518e0 12 bytes [48, B8, F9, A9, 5C, 75, 00, ...]
.text C:\Windows\system32\svchost.exe[4300] C:\Windows\system32\WS2_32.dll!WSASocketW + 1 000007fefdd51bd1 11 bytes [B8, 39, A8, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[4300] C:\Windows\system32\WS2_32.dll!WSARecv + 1 000007fefdd52201 11 bytes [B8, 39, 1F, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[4300] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 000007fefdd523c0 12 bytes [48, B8, 39, 8C, 5C, 75, 00, ...]
.text C:\Windows\system32\svchost.exe[4300] C:\Windows\system32\WS2_32.dll!connect 000007fefdd545c0 12 bytes [48, B8, 79, 67, 5C, 75, 00, ...]
.text C:\Windows\system32\svchost.exe[4300] C:\Windows\system32\WS2_32.dll!send + 1 000007fefdd58001 11 bytes [B8, 79, A6, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[4300] C:\Windows\system32\WS2_32.dll!gethostbyname 000007fefdd58df0 7 bytes [48, B8, B9, 8F, 5C, 75, 00]
.text C:\Windows\system32\svchost.exe[4300] C:\Windows\system32\WS2_32.dll!gethostbyname + 9 000007fefdd58df9 3 bytes [00, 50, C3]
.text C:\Windows\system32\svchost.exe[4300] C:\Windows\system32\WS2_32.dll!GetAddrInfoExW 000007fefdd5c090 12 bytes [48, B8, F9, 8D, 5C, 75, 00, ...]
.text C:\Windows\system32\svchost.exe[4300] C:\Windows\system32\WS2_32.dll!socket + 1 000007fefdd5de91 11 bytes [B8, 39, 18, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[4300] C:\Windows\system32\WS2_32.dll!recv + 1 000007fefdd5df41 11 bytes [B8, 79, 1D, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[4300] C:\Windows\system32\WS2_32.dll!WSAConnect + 1 000007fefdd7e0f1 11 bytes [B8, B9, 1B, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[4300] C:\Windows\system32\WINHTTP.dll!WinHttpCloseHandle 000007fefb5322e0 12 bytes [48, B8, F9, A2, 5C, 75, 00, ...]
.text C:\Windows\system32\svchost.exe[4300] C:\Windows\system32\WINHTTP.dll!WinHttpOpenRequest 000007fefb5345f8 12 bytes [48, B8, 39, A1, 5C, 75, 00, ...]
.text C:\Windows\system32\svchost.exe[4300] C:\Windows\system32\WINHTTP.dll!WinHttpConnect 000007fefb543e3c 12 bytes [48, B8, B9, A4, 5C, 75, 00, ...]
.text C:\Windows\System32\svchost.exe[4804] C:\Windows\SYSTEM32\ntdll.dll!RtlEqualSid + 1 00000000775e85e1 11 bytes [B8, F9, 35, 5D, 75, 00, 00, ...]
.text C:\Windows\System32\svchost.exe[4804] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 00000000775f6921 7 bytes [B8, 39, 69, 5C, 75, 00, 00]
.text C:\Windows\System32\svchost.exe[4804] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 10 00000000775f692a 2 bytes [50, C3]
.text C:\Windows\System32\svchost.exe[4804] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 000000007760da30 6 bytes [48, B8, B9, 3E, 5D, 75]
.text C:\Windows\System32\svchost.exe[4804] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 000000007760da38 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\svchost.exe[4804] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007760daa0 6 bytes [48, B8, 79, C2, 5C, 75]
.text C:\Windows\System32\svchost.exe[4804] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 000000007760daa8 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\svchost.exe[4804] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007760db70 6 bytes [48, B8, 39, AF, 5C, 75]
.text C:\Windows\System32\svchost.exe[4804] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 000000007760db78 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\svchost.exe[4804] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken 000000007760dbc0 6 bytes [48, B8, 39, 34, 5D, 75]
.text C:\Windows\System32\svchost.exe[4804] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken + 8 000000007760dbc8 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\svchost.exe[4804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007760dc10 6 bytes [48, B8, F9, 32, 5C, 75]
.text C:\Windows\System32\svchost.exe[4804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 000000007760dc18 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\svchost.exe[4804] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007760dc30 6 bytes [48, B8, 39, 1C, 5C, 75]
.text C:\Windows\System32\svchost.exe[4804] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000000007760dc38 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\svchost.exe[4804] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007760dc50 6 bytes [48, B8, F9, 1D, 5C, 75]
.text C:\Windows\System32\svchost.exe[4804] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 000000007760dc58 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\svchost.exe[4804] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007760dc70 6 bytes [48, B8, 79, AD, 5C, 75]
.text C:\Windows\System32\svchost.exe[4804] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 000000007760dc78 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\svchost.exe[4804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007760dd20 6 bytes [48, B8, F9, 3C, 5D, 75]
.text C:\Windows\System32\svchost.exe[4804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 000000007760dd28 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\svchost.exe[4804] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007760dd50 6 bytes [48, B8, 79, 2F, 5C, 75]
.text C:\Windows\System32\svchost.exe[4804] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 000000007760dd58 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\svchost.exe[4804] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007760dd70 6 bytes [48, B8, 79, 36, 5C, 75]
.text C:\Windows\System32\svchost.exe[4804] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 000000007760dd78 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\svchost.exe[4804] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007760de00 6 bytes [48, B8, B9, 34, 5C, 75]
.text C:\Windows\System32\svchost.exe[4804] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 000000007760de08 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\svchost.exe[4804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007760de30 6 bytes [48, B8, 39, 0A, 5D, 75]
.text C:\Windows\System32\svchost.exe[4804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 8 000000007760de38 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\svchost.exe[4804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007760de50 6 bytes [48, B8, 79, 40, 5D, 75]
.text C:\Windows\System32\svchost.exe[4804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 000000007760de58 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\svchost.exe[4804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 000000007760de80 6 bytes [48, B8, 39, 2A, 5C, 75]
.text C:\Windows\System32\svchost.exe[4804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 000000007760de88 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\svchost.exe[4804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007760de90 6 bytes [48, B8, B9, 26, 5C, 75]
.text C:\Windows\System32\svchost.exe[4804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 000000007760de98 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\svchost.exe[4804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007760df00 6 bytes [48, B8, 79, DE, 5C, 75]
.text C:\Windows\System32\svchost.exe[4804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000000007760df08 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\svchost.exe[4804] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000000007760dfb0 4 bytes [48, B8, F9, 43]
.text C:\Windows\System32\svchost.exe[4804] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 5 000000007760dfb5 1 byte [75]
.text ... * 2
.text C:\Windows\System32\svchost.exe[4804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007760e380 6 bytes [48, B8, 39, 3B, 5D, 75]
.text C:\Windows\System32\svchost.exe[4804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 000000007760e388 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\svchost.exe[4804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 000000007760e3d0 6 bytes [48, B8, 79, 28, 5C, 75]
.text C:\Windows\System32\svchost.exe[4804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 000000007760e3d8 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\svchost.exe[4804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007760e430 6 bytes [48, B8, F9, 24, 5C, 75]
.text C:\Windows\System32\svchost.exe[4804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 000000007760e438 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\svchost.exe[4804] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007760e7a0 6 bytes [48, B8, 39, C4, 5C, 75]
.text C:\Windows\System32\svchost.exe[4804] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 000000007760e7a8 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\svchost.exe[4804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 000000007760e970 6 bytes [48, B8, 79, 32, 5D, 75]
.text C:\Windows\System32\svchost.exe[4804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 000000007760e978 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\svchost.exe[4804] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 000000007760ece0 6 bytes [48, B8, 79, 83, 5C, 75]
.text C:\Windows\System32\svchost.exe[4804] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 000000007760ece8 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\svchost.exe[4804] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007760eee0 6 bytes [48, B8, 39, 31, 5C, 75]
.text C:\Windows\System32\svchost.exe[4804] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 000000007760eee8 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\svchost.exe[4804] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007760f0a0 6 bytes [48, B8, F9, C5, 5C, 75]
.text C:\Windows\System32\svchost.exe[4804] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 000000007760f0a8 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\svchost.exe[4804] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007760f180 6 bytes [48, B8, 79, 3D, 5C, 75]
.text C:\Windows\System32\svchost.exe[4804] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8 000000007760f188 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\svchost.exe[4804] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007760f190 6 bytes [48, B8, B9, 3B, 5C, 75]
.text C:\Windows\System32\svchost.exe[4804] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8 000000007760f198 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\svchost.exe[4804] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007760f1a0 6 bytes [48, B8, 39, 42, 5D, 75]
.text C:\Windows\System32\svchost.exe[4804] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 000000007760f1a8 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\svchost.exe[4804] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 000000007767f0c1 11 bytes [B8, 39, 85, 5C, 75, 00, 00, ...]
.text C:\Windows\System32\svchost.exe[4804] C:\Windows\system32\kernel32.dll!Process32NextW + 1 00000000773a1b21 11 bytes [B8, B9, C0, 5C, 75, 00, 00, ...]
.text C:\Windows\System32\svchost.exe[4804] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 00000000773a1c10 12 bytes [48, B8, F9, 39, 5C, 75, 00, ...]
.text C:\Windows\System32\svchost.exe[4804] C:\Windows\system32\kernel32.dll!MoveFileExW + 1 00000000773a2b61 8 bytes [B8, B9, D5, 5C, 75, 00, 00, ...]
.text C:\Windows\System32\svchost.exe[4804] C:\Windows\system32\kernel32.dll!MoveFileExW + 10 00000000773a2b6a 2 bytes [50, C3]
.text C:\Windows\System32\svchost.exe[4804] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 00000000773bdb10 12 bytes [48, B8, B9, 2D, 5C, 75, 00, ...]
.text C:\Windows\System32\svchost.exe[4804] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 00000000773c0951 11 bytes [B8, 79, 39, 5D, 75, 00, 00, ...]
.text C:\Windows\System32\svchost.exe[4804] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 00000000773f52c1 11 bytes [B8, B9, 7A, 5C, 75, 00, 00, ...]
.text C:\Windows\System32\svchost.exe[4804] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 00000000773f52e1 11 bytes [B8, 39, 77, 5C, 75, 00, 00, ...]
.text C:\Windows\System32\svchost.exe[4804] C:\Windows\system32\kernel32.dll!ReadConsoleW 000000007740a630 12 bytes [48, B8, B9, 81, 5C, 75, 00, ...]
.text C:\Windows\System32\svchost.exe[4804] C:\Windows\system32\kernel32.dll!ReadConsoleA 000000007740a740 12 bytes [48, B8, 39, 7E, 5C, 75, 00, ...]
.text C:\Windows\System32\svchost.exe[4804] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1 000000007742f4e1 11 bytes [B8, B9, DC, 5C, 75, 00, 00, ...]
.text C:\Windows\System32\svchost.exe[4804] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1 000000007742f6e1 11 bytes [B8, 39, D9, 5C, 75, 00, 00, ...]
.text C:\Windows\System32\svchost.exe[4804] C:\Windows\system32\kernel32.dll!MoveFileExA + 1 000000007742f711 8 bytes [B8, 39, D2, 5C, 75, 00, 00, ...]
.text C:\Windows\System32\svchost.exe[4804] C:\Windows\system32\kernel32.dll!MoveFileExA + 10 000000007742f71a 2 bytes [50, C3]
.text C:\Windows\System32\svchost.exe[4804] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd681861 11 bytes [B8, 79, 52, 5C, 75, 00, 00, ...]
.text C:\Windows\System32\svchost.exe[4804] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd682db1 11 bytes [B8, 79, B4, 5C, 75, 00, 00, ...]
.text C:\Windows\System32\svchost.exe[4804] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd683461 11 bytes [B8, 39, B6, 5C, 75, 00, 00, ...]
.text C:\Windows\System32\svchost.exe[4804] C:\Windows\system32\KERNELBASE.dll!FindClose + 1 000007fefd6850d1 11 bytes [B8, 79, 0F, 5D, 75, 00, 00, ...]
.text C:\Windows\System32\svchost.exe[4804] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 000007fefd685370 12 bytes [48, B8, F9, 0B, 5D, 75, 00, ...]
.text C:\Windows\System32\svchost.exe[4804] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 000007fefd685eb1 11 bytes [B8, B9, 0D, 5D, 75, 00, 00, ...]
.text C:\Windows\System32\svchost.exe[4804] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd688f20 12 bytes [48, B8, B9, 50, 5C, 75, 00, ...]
.text C:\Windows\System32\svchost.exe[4804] C:\Windows\system32\KERNELBASE.dll!CreateWellKnownSid + 1 000007fefd6897a1 11 bytes [B8, B9, 30, 5D, 75, 00, 00, ...]
.text C:\Windows\System32\svchost.exe[4804] C:\Windows\system32\KERNELBASE.dll!DeviceIoControl + 1 000007fefd68a0e1 11 bytes [B8, 39, E0, 5C, 75, 00, 00, ...]
.text C:\Windows\System32\svchost.exe[4804] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd68aec0 12 bytes [48, B8, B9, B2, 5C, 75, 00, ...]
.text C:\Windows\System32\svchost.exe[4804] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd68ca31 11 bytes [B8, F9, B0, 5C, 75, 00, 00, ...]
.text C:\Windows\System32\svchost.exe[4804] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd6937d1 11 bytes [B8, F9, 4E, 5C, 75, 00, 00, ...]
.text C:\Windows\System32\svchost.exe[4804] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd6b4310 12 bytes [48, B8, B9, 42, 5C, 75, 00, ...]
.text C:\Windows\System32\svchost.exe[4804] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 000007fefd6c0bd1 11 bytes [B8, B9, CE, 5C, 75, 00, 00, ...]
.text C:\Windows\System32\svchost.exe[4804] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd6c2831 8 bytes [B8, 39, 23, 5C, 75, 00, 00, ...]
.text C:\Windows\System32\svchost.exe[4804] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd6c283a 2 bytes [50, C3]
.text C:\Windows\System32\svchost.exe[4804] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd6c2871 11 bytes [B8, F9, 40, 5C, 75, 00, 00, ...]
.text C:\Windows\System32\svchost.exe[4804] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefdd3642d 11 bytes [B8, 39, 5B, 5C, 75, 00, 00, ...]
.text C:\Windows\System32\svchost.exe[4804] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefdd36484 12 bytes [48, B8, F9, 55, 5C, 75, 00, ...]
.text C:\Windows\System32\svchost.exe[4804] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefdd36519 11 bytes [B8, 39, 62, 5C, 75, 00, 00, ...]
.text C:\Windows\System32\svchost.exe[4804] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefdd36c34 12 bytes [48, B8, 39, 54, 5C, 75, 00, ...]
.text C:\Windows\System32\svchost.exe[4804] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefdd37ab5 11 bytes [B8, F9, 5C, 5C, 75, 00, 00, ...]
.text C:\Windows\System32\svchost.exe[4804] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefdd38b01 11 bytes [B8, B9, 57, 5C, 75, 00, 00, ...]
.text C:\Windows\System32\svchost.exe[4804] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefdd38c39 11 bytes [B8, 79, 59, 5C, 75, 00, 00, ...]
.text C:\Windows\System32\svchost.exe[4804] C:\Windows\system32\WS2_32.dll!WSASend + 1 000007fefdd513b1 11 bytes [B8, B9, AB, 5C, 75, 00, 00, ...]
.text C:\Windows\System32\svchost.exe[4804] C:\Windows\system32\WS2_32.dll!closesocket 000007fefdd518e0 12 bytes [48, B8, F9, A9, 5C, 75, 00, ...]
.text C:\Windows\System32\svchost.exe[4804] C:\Windows\system32\WS2_32.dll!WSASocketW + 1 000007fefdd51bd1 11 bytes [B8, 39, A8, 5C, 75, 00, 00, ...]
.text C:\Windows\System32\svchost.exe[4804] C:\Windows\system32\WS2_32.dll!WSARecv + 1 000007fefdd52201 11 bytes [B8, 39, 1F, 5D, 75, 00, 00, ...]
.text C:\Windows\System32\svchost.exe[4804] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 000007fefdd523c0 12 bytes [48, B8, 39, 8C, 5C, 75, 00, ...]
.text C:\Windows\System32\svchost.exe[4804] C:\Windows\system32\WS2_32.dll!connect 000007fefdd545c0 12 bytes [48, B8, 79, 67, 5C, 75, 00, ...]
.text C:\Windows\System32\svchost.exe[4804] C:\Windows\system32\WS2_32.dll!send + 1 000007fefdd58001 11 bytes [B8, 79, A6, 5C, 75, 00, 00, ...]
.text C:\Windows\System32\svchost.exe[4804] C:\Windows\system32\WS2_32.dll!gethostbyname 000007fefdd58df0 7 bytes [48, B8, B9, 8F, 5C, 75, 00]
.text C:\Windows\System32\svchost.exe[4804] C:\Windows\system32\WS2_32.dll!gethostbyname + 9 000007fefdd58df9 3 bytes [00, 50, C3]
.text C:\Windows\System32\svchost.exe[4804] C:\Windows\system32\WS2_32.dll!GetAddrInfoExW 000007fefdd5c090 12 bytes [48, B8, F9, 8D, 5C, 75, 00, ...]
.text C:\Windows\System32\svchost.exe[4804] C:\Windows\system32\WS2_32.dll!socket + 1 000007fefdd5de91 11 bytes [B8, 39, 18, 5D, 75, 00, 00, ...]
.text C:\Windows\System32\svchost.exe[4804] C:\Windows\system32\WS2_32.dll!recv + 1 000007fefdd5df41 11 bytes [B8, 79, 1D, 5D, 75, 00, 00, ...]
.text C:\Windows\System32\svchost.exe[4804] C:\Windows\system32\WS2_32.dll!WSAConnect + 1 000007fefdd7e0f1 11 bytes [B8, B9, 1B, 5D, 75, 00, 00, ...]
.text C:\Windows\System32\svchost.exe[4804] C:\Windows\system32\GDI32.dll!GdiDllInitialize + 349 000007fefe10b031 11 bytes [B8, 39, 49, 5D, 75, 00, 00, ...]
.text C:\Windows\System32\svchost.exe[4804] C:\Windows\system32\GDI32.dll!SetBrushAttributes + 1 000007fefe124991 11 bytes [B8, F9, 20, 5D, 75, 00, 00, ...]
.text C:\Windows\System32\svchost.exe[4804] C:\Windows\system32\GDI32.dll!ClearBrushAttributes + 1 000007fefe1249b1 11 bytes [B8, B9, 22, 5D, 75, 00, 00, ...]
.text C:\Windows\System32\svchost.exe[4804] C:\Windows\system32\GDI32.dll!NamedEscape + 1 000007fefe139209 11 bytes [B8, 39, 26, 5D, 75, 00, 00, ...]
.text C:\Windows\System32\svchost.exe[4804] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 1 000007feff07ae81 11 bytes [B8, B9, 29, 5D, 75, 00, 00, ...]
.text C:\Windows\System32\svchost.exe[4804] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 1 000007feff07aee1 11 bytes [B8, 39, 11, 5D, 75, 00, 00, ...]
.text C:\Windows\System32\svchost.exe[4804] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 1 000007feff07e6e9 11 bytes [B8, F9, 2E, 5D, 75, 00, 00, ...]
.text C:\Windows\System32\svchost.exe[4804] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 1 000007feff08048d 11 bytes [B8, F9, 12, 5D, 75, 00, 00, ...]
.text C:\Windows\System32\svchost.exe[4804] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 1 000007feff080579 11 bytes [B8, F9, 27, 5D, 75, 00, 00, ...]
.text C:\Windows\System32\svchost.exe[4804] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 1 000007feff0805b1 11 bytes [B8, 79, 2B, 5D, 75, 00, 00, ...]
.text C:\Windows\System32\svchost.exe[4804] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 73 000007feff0805f9 5 bytes [B8, 39, 2D, 5D, 75]
.text ... * 2
.text C:\Windows\System32\svchost.exe[4804] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49 000007feff094e21 11 bytes [B8, F9, 4A, 5D, 75, 00, 00, ...]
.text C:\Windows\System32\svchost.exe[4804] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007feff095538 12 bytes [48, B8, B9, 6C, 5C, 75, 00, ...]
.text C:\Windows\System32\svchost.exe[4804] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 1 000007feff0ab9c1 7 bytes [B8, 79, 16, 5D, 75, 00, 00]
.text C:\Windows\System32\svchost.exe[4804] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 10 000007feff0ab9ca 2 bytes [50, C3]
.text C:\Windows\System32\svchost.exe[4804] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007feff0aba4c 12 bytes [48, B8, F9, 6A, 5C, 75, 00, ...]
.text C:\Windows\System32\svchost.exe[4804] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW 000007feff0abbc0 12 bytes [48, B8, 79, 60, 5C, 75, 00, ...]
.text C:\Windows\System32\svchost.exe[4804] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007feff0abc2c 12 bytes [48, B8, B9, 5E, 5C, 75, 00, ...]
.text C:\Windows\system32\taskeng.exe[5964] C:\Windows\SYSTEM32\ntdll.dll!RtlEqualSid + 1 00000000775e85e1 11 bytes [B8, B9, 37, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\taskeng.exe[5964] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 00000000775f6921 7 bytes [B8, 39, 69, 5C, 75, 00, 00]
.text C:\Windows\system32\taskeng.exe[5964] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 10 00000000775f692a 2 bytes [50, C3]
.text C:\Windows\system32\taskeng.exe[5964] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 000000007760da30 6 bytes [48, B8, B9, 45, 5D, 75]
.text C:\Windows\system32\taskeng.exe[5964] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 000000007760da38 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskeng.exe[5964] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007760daa0 6 bytes [48, B8, 79, C2, 5C, 75]
.text C:\Windows\system32\taskeng.exe[5964] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 000000007760daa8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskeng.exe[5964] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007760db70 6 bytes [48, B8, 39, AF, 5C, 75]
.text C:\Windows\system32\taskeng.exe[5964] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 000000007760db78 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskeng.exe[5964] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken 000000007760dbc0 6 bytes [48, B8, F9, 35, 5D, 75]
.text C:\Windows\system32\taskeng.exe[5964] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken + 8 000000007760dbc8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskeng.exe[5964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007760dc10 6 bytes [48, B8, F9, 32, 5C, 75]
.text C:\Windows\system32\taskeng.exe[5964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 000000007760dc18 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskeng.exe[5964] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007760dc30 6 bytes [48, B8, 39, 1C, 5C, 75]
.text C:\Windows\system32\taskeng.exe[5964] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000000007760dc38 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskeng.exe[5964] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007760dc50 6 bytes [48, B8, F9, 1D, 5C, 75]
.text C:\Windows\system32\taskeng.exe[5964] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 000000007760dc58 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskeng.exe[5964] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007760dc70 6 bytes [48, B8, 79, AD, 5C, 75]
.text C:\Windows\system32\taskeng.exe[5964] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 000000007760dc78 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskeng.exe[5964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007760dd20 6 bytes [48, B8, F9, 43, 5D, 75]
.text C:\Windows\system32\taskeng.exe[5964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 000000007760dd28 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskeng.exe[5964] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007760dd50 6 bytes [48, B8, 79, 2F, 5C, 75]
.text C:\Windows\system32\taskeng.exe[5964] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 000000007760dd58 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskeng.exe[5964] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007760dd70 6 bytes [48, B8, 79, 36, 5C, 75]
.text C:\Windows\system32\taskeng.exe[5964] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 000000007760dd78 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskeng.exe[5964] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007760ddc0 6 bytes [48, B8, 79, DE, 5C, 75]
.text C:\Windows\system32\taskeng.exe[5964] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken + 8 000000007760ddc8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskeng.exe[5964] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007760de00 6 bytes [48, B8, B9, 34, 5C, 75]
.text C:\Windows\system32\taskeng.exe[5964] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 000000007760de08 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskeng.exe[5964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007760de30 6 bytes [48, B8, F9, 0B, 5D, 75]
.text C:\Windows\system32\taskeng.exe[5964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 8 000000007760de38 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskeng.exe[5964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007760de50 6 bytes [48, B8, 79, 47, 5D, 75]
.text C:\Windows\system32\taskeng.exe[5964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 000000007760de58 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskeng.exe[5964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 000000007760de80 6 bytes [48, B8, 39, 2A, 5C, 75]
.text C:\Windows\system32\taskeng.exe[5964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 000000007760de88 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskeng.exe[5964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007760de90 6 bytes [48, B8, B9, 26, 5C, 75]
.text C:\Windows\system32\taskeng.exe[5964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 000000007760de98 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskeng.exe[5964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007760df00 6 bytes [48, B8, 39, E0, 5C, 75]
.text C:\Windows\system32\taskeng.exe[5964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000000007760df08 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskeng.exe[5964] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000000007760dfb0 4 bytes [48, B8, F9, 4A]
.text C:\Windows\system32\taskeng.exe[5964] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 5 000000007760dfb5 1 byte [75]
.text ...
|
|
05.12.2015, 19:12
| #12 |
| /// TB-Schüler | Win7: Fehler 5 u.a. / "Kaputtoptimiert" Teil 13: Code:
ATTFilter * 2
.text C:\Windows\system32\taskeng.exe[5964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007760e380 6 bytes [48, B8, 39, 42, 5D, 75]
.text C:\Windows\system32\taskeng.exe[5964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 000000007760e388 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskeng.exe[5964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 000000007760e3d0 6 bytes [48, B8, 79, 28, 5C, 75]
.text C:\Windows\system32\taskeng.exe[5964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 000000007760e3d8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskeng.exe[5964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007760e430 6 bytes [48, B8, F9, 24, 5C, 75]
.text C:\Windows\system32\taskeng.exe[5964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 000000007760e438 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskeng.exe[5964] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007760e7a0 6 bytes [48, B8, 39, C4, 5C, 75]
.text C:\Windows\system32\taskeng.exe[5964] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 000000007760e7a8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskeng.exe[5964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 000000007760e970 6 bytes [48, B8, 39, 34, 5D, 75]
.text C:\Windows\system32\taskeng.exe[5964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 000000007760e978 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskeng.exe[5964] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 000000007760ece0 6 bytes [48, B8, 79, 83, 5C, 75]
.text C:\Windows\system32\taskeng.exe[5964] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 000000007760ece8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskeng.exe[5964] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007760eee0 6 bytes [48, B8, 39, 31, 5C, 75]
.text C:\Windows\system32\taskeng.exe[5964] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 000000007760eee8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskeng.exe[5964] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007760f0a0 6 bytes [48, B8, F9, C5, 5C, 75]
.text C:\Windows\system32\taskeng.exe[5964] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 000000007760f0a8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskeng.exe[5964] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007760f180 6 bytes [48, B8, 79, 3D, 5C, 75]
.text C:\Windows\system32\taskeng.exe[5964] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8 000000007760f188 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskeng.exe[5964] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007760f190 6 bytes [48, B8, B9, 3B, 5C, 75]
.text C:\Windows\system32\taskeng.exe[5964] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8 000000007760f198 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskeng.exe[5964] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007760f1a0 6 bytes [48, B8, 39, 49, 5D, 75]
.text C:\Windows\system32\taskeng.exe[5964] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 000000007760f1a8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskeng.exe[5964] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007760f280 6 bytes [48, B8, F9, 3C, 5D, 75]
.text C:\Windows\system32\taskeng.exe[5964] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 000000007760f288 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskeng.exe[5964] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 000000007767f0c1 11 bytes [B8, 39, 85, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\taskeng.exe[5964] C:\Windows\system32\kernel32.dll!Process32NextW + 1 00000000773a1b21 11 bytes [B8, B9, C0, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\taskeng.exe[5964] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 00000000773a1c10 12 bytes [48, B8, F9, 39, 5C, 75, 00, ...]
.text C:\Windows\system32\taskeng.exe[5964] C:\Windows\system32\kernel32.dll!MoveFileExW + 1 00000000773a2b61 8 bytes [B8, B9, D5, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\taskeng.exe[5964] C:\Windows\system32\kernel32.dll!MoveFileExW + 10 00000000773a2b6a 2 bytes [50, C3]
.text C:\Windows\system32\taskeng.exe[5964] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 00000000773bdb10 12 bytes [48, B8, B9, 2D, 5C, 75, 00, ...]
.text C:\Windows\system32\taskeng.exe[5964] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 00000000773c0951 11 bytes [B8, 39, 3B, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\taskeng.exe[5964] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 00000000773f52c1 11 bytes [B8, B9, 7A, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\taskeng.exe[5964] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 00000000773f52e1 11 bytes [B8, 39, 77, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\taskeng.exe[5964] C:\Windows\system32\kernel32.dll!ReadConsoleW 000000007740a630 12 bytes [48, B8, B9, 81, 5C, 75, 00, ...]
.text C:\Windows\system32\taskeng.exe[5964] C:\Windows\system32\kernel32.dll!ReadConsoleA 000000007740a740 12 bytes [48, B8, 39, 7E, 5C, 75, 00, ...]
.text C:\Windows\system32\taskeng.exe[5964] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1 000000007742f4e1 11 bytes [B8, B9, DC, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\taskeng.exe[5964] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1 000000007742f6e1 11 bytes [B8, 39, D9, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\taskeng.exe[5964] C:\Windows\system32\kernel32.dll!MoveFileExA + 1 000000007742f711 8 bytes [B8, 39, D2, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\taskeng.exe[5964] C:\Windows\system32\kernel32.dll!MoveFileExA + 10 000000007742f71a 2 bytes [50, C3]
.text C:\Windows\system32\taskeng.exe[5964] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd681861 11 bytes [B8, 79, 52, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\taskeng.exe[5964] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd682db1 11 bytes [B8, 79, B4, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\taskeng.exe[5964] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd683461 11 bytes [B8, 39, B6, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\taskeng.exe[5964] C:\Windows\system32\KERNELBASE.dll!FindClose + 1 000007fefd6850d1 11 bytes [B8, 39, 11, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\taskeng.exe[5964] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 000007fefd685370 12 bytes [48, B8, B9, 0D, 5D, 75, 00, ...]
.text C:\Windows\system32\taskeng.exe[5964] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 000007fefd685eb1 11 bytes [B8, 79, 0F, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\taskeng.exe[5964] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd688f20 12 bytes [48, B8, B9, 50, 5C, 75, 00, ...]
.text C:\Windows\system32\taskeng.exe[5964] C:\Windows\system32\KERNELBASE.dll!CreateWellKnownSid + 1 000007fefd6897a1 11 bytes [B8, 79, 32, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\taskeng.exe[5964] C:\Windows\system32\KERNELBASE.dll!DeviceIoControl + 1 000007fefd68a0e1 11 bytes [B8, F9, E1, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\taskeng.exe[5964] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd68aec0 12 bytes [48, B8, B9, B2, 5C, 75, 00, ...]
.text C:\Windows\system32\taskeng.exe[5964] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd68ca31 11 bytes [B8, F9, B0, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\taskeng.exe[5964] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd6937d1 11 bytes [B8, F9, 4E, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\taskeng.exe[5964] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd6b4310 12 bytes [48, B8, B9, 42, 5C, 75, 00, ...]
.text C:\Windows\system32\taskeng.exe[5964] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 000007fefd6c0bd1 11 bytes [B8, B9, CE, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\taskeng.exe[5964] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd6c2831 8 bytes [B8, 39, 23, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\taskeng.exe[5964] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd6c283a 2 bytes [50, C3]
.text C:\Windows\system32\taskeng.exe[5964] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd6c2871 11 bytes [B8, F9, 40, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\taskeng.exe[5964] C:\Windows\system32\GDI32.dll!GdiDllInitialize + 349 000007fefe10b031 11 bytes [B8, 79, 4E, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\taskeng.exe[5964] C:\Windows\system32\GDI32.dll!SetBrushAttributes + 1 000007fefe124991 11 bytes [B8, B9, 22, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\taskeng.exe[5964] C:\Windows\system32\GDI32.dll!ClearBrushAttributes + 1 000007fefe1249b1 11 bytes [B8, 79, 24, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\taskeng.exe[5964] C:\Windows\system32\GDI32.dll!NamedEscape + 1 000007fefe139209 11 bytes [B8, F9, 27, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\taskeng.exe[5964] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefdd3642d 11 bytes [B8, 39, 5B, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\taskeng.exe[5964] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefdd36484 12 bytes [48, B8, F9, 55, 5C, 75, 00, ...]
.text C:\Windows\system32\taskeng.exe[5964] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefdd36519 11 bytes [B8, 39, 62, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\taskeng.exe[5964] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefdd36c34 12 bytes [48, B8, 39, 54, 5C, 75, 00, ...]
.text C:\Windows\system32\taskeng.exe[5964] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefdd37ab5 11 bytes [B8, F9, 5C, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\taskeng.exe[5964] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefdd38b01 11 bytes [B8, B9, 57, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\taskeng.exe[5964] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefdd38c39 11 bytes [B8, 79, 59, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\taskeng.exe[5964] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 1 000007feff07ae81 11 bytes [B8, 79, 2B, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\taskeng.exe[5964] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 1 000007feff07aee1 11 bytes [B8, F9, 12, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\taskeng.exe[5964] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 1 000007feff07e6e9 11 bytes [B8, B9, 30, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\taskeng.exe[5964] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 1 000007feff08048d 11 bytes [B8, B9, 14, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\taskeng.exe[5964] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 1 000007feff080579 11 bytes [B8, B9, 29, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\taskeng.exe[5964] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 1 000007feff0805b1 11 bytes [B8, 39, 2D, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\taskeng.exe[5964] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 73 000007feff0805f9 5 bytes [B8, F9, 2E, 5D, 75]
.text ... * 2
.text C:\Windows\system32\taskeng.exe[5964] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49 000007feff094e21 11 bytes [B8, 39, 50, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\taskeng.exe[5964] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007feff095538 12 bytes [48, B8, B9, 6C, 5C, 75, 00, ...]
.text C:\Windows\system32\taskeng.exe[5964] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 1 000007feff0ab9c1 7 bytes [B8, 39, 18, 5D, 75, 00, 00]
.text C:\Windows\system32\taskeng.exe[5964] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 10 000007feff0ab9ca 2 bytes [50, C3]
.text C:\Windows\system32\taskeng.exe[5964] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007feff0aba4c 12 bytes [48, B8, F9, 6A, 5C, 75, 00, ...]
.text C:\Windows\system32\taskeng.exe[5964] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW 000007feff0abbc0 12 bytes [48, B8, 79, 60, 5C, 75, 00, ...]
.text C:\Windows\system32\taskeng.exe[5964] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007feff0abc2c 12 bytes [48, B8, B9, 5E, 5C, 75, 00, ...]
.text C:\Program Files (x86)\Google\Update\GoogleUpdate.exe[3892] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 00000000777bfb68 5 bytes JMP 00000001749e2be9
.text C:\Program Files (x86)\Google\Update\GoogleUpdate.exe[3892] C:\Windows\SysWOW64\ntdll.dll!NtQueryInformationToken 00000000777bfbe8 5 bytes JMP 00000001749e4f89
.text C:\Program Files (x86)\Google\Update\GoogleUpdate.exe[3892] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 00000000777bfc60 5 bytes JMP 00000001749e1da9
.text C:\Program Files (x86)\Google\Update\GoogleUpdate.exe[3892] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 00000000777bfc90 5 bytes JMP 00000001749e15f1
.text C:\Program Files (x86)\Google\Update\GoogleUpdate.exe[3892] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 00000000777bfcc0 5 bytes JMP 00000001749e1689
.text C:\Program Files (x86)\Google\Update\GoogleUpdate.exe[3892] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000777bfcf0 5 bytes JMP 00000001749e2b51
.text C:\Program Files (x86)\Google\Update\GoogleUpdate.exe[3892] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 00000000777bfe08 5 bytes JMP 00000001749e5579
.text C:\Program Files (x86)\Google\Update\GoogleUpdate.exe[3892] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000777bfe54 5 bytes JMP 00000001749e1c79
.text C:\Program Files (x86)\Google\Update\GoogleUpdate.exe[3892] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 00000000777bfe84 5 bytes JMP 00000001749e1ed9
.text C:\Program Files (x86)\Google\Update\GoogleUpdate.exe[3892] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 00000000777bff64 5 bytes JMP 00000001749e1e41
.text C:\Program Files (x86)\Google\Update\GoogleUpdate.exe[3892] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 00000000777bffb4 5 bytes JMP 00000001749e43a9
.text C:\Program Files (x86)\Google\Update\GoogleUpdate.exe[3892] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 00000000777bffe4 5 bytes JMP 00000001749e5611
.text C:\Program Files (x86)\Google\Update\GoogleUpdate.exe[3892] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 00000000777c002c 5 bytes JMP 00000001749e1ab1
.text C:\Program Files (x86)\Google\Update\GoogleUpdate.exe[3892] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000777c0044 5 bytes JMP 00000001749e1981
.text C:\Program Files (x86)\Google\Update\GoogleUpdate.exe[3892] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000777c00f4 5 bytes JMP 00000001749e3309
.text C:\Program Files (x86)\Google\Update\GoogleUpdate.exe[3892] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000777c0204 5 bytes JMP 00000001749e5741
.text C:\Program Files (x86)\Google\Update\GoogleUpdate.exe[3892] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000777c07dc 5 bytes JMP 00000001749e54e1
.text C:\Program Files (x86)\Google\Update\GoogleUpdate.exe[3892] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 00000000777c0854 5 bytes JMP 00000001749e1a19
.text C:\Program Files (x86)\Google\Update\GoogleUpdate.exe[3892] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000777c08e4 5 bytes JMP 00000001749e18e9
.text C:\Program Files (x86)\Google\Update\GoogleUpdate.exe[3892] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000777c0e34 5 bytes JMP 00000001749e2c81
.text C:\Program Files (x86)\Google\Update\GoogleUpdate.exe[3892] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken 00000000777c1100 5 bytes JMP 00000001749e4ef1
.text C:\Program Files (x86)\Google\Update\GoogleUpdate.exe[3892] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000777c1960 5 bytes JMP 00000001749e1d11
.text C:\Program Files (x86)\Google\Update\GoogleUpdate.exe[3892] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000777c1c24 5 bytes JMP 00000001749e2d19
.text C:\Program Files (x86)\Google\Update\GoogleUpdate.exe[3892] C:\Windows\SysWOW64\ntdll.dll!NtSuspendProcess 00000000777c1d94 5 bytes JMP 00000001749e2139
.text C:\Program Files (x86)\Google\Update\GoogleUpdate.exe[3892] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 00000000777c1db0 5 bytes JMP 00000001749e20a1
.text C:\Program Files (x86)\Google\Update\GoogleUpdate.exe[3892] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 00000000777c1dcc 5 bytes JMP 00000001749e56a9
.text C:\Program Files (x86)\Google\Update\GoogleUpdate.exe[3892] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl 00000000777c1f28 5 bytes JMP 00000001749e51e9
.text C:\Program Files (x86)\Google\Update\GoogleUpdate.exe[3892] C:\Windows\SysWOW64\ntdll.dll!RtlEqualSid 00000000777d8e61 5 bytes JMP 00000001749e5021
.text C:\Program Files (x86)\Google\Update\GoogleUpdate.exe[3892] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx 0000000077800eab 5 bytes JMP 00000001749e2989
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4476] C:\Windows\SysWOW64\ntdll.dll!NtWriteFile 00000000777bf968 5 bytes JMP 00000001749e9209
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4476] C:\Windows\SysWOW64\ntdll.dll!NtClose 00000000777bfa20 5 bytes JMP 00000001749e67e1
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4476] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 00000000777bfb68 5 bytes JMP 00000001749e61f1
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4476] C:\Windows\SysWOW64\ntdll.dll!NtQueryInformationToken 00000000777bfbe8 5 bytes JMP 00000001749e8de1
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4476] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 00000000777bfc60 5 bytes JMP 00000001749e31d9
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4476] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 00000000777bfc90 5 bytes JMP 00000001749e15f1
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4476] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 00000000777bfcc0 5 bytes JMP 00000001749e1689
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4476] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000777bfcf0 5 bytes JMP 00000001749e6159
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4476] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 00000000777bfe08 5 bytes JMP 00000001749e9171
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4476] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000777bfe54 5 bytes JMP 00000001749e30a9
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4476] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 00000000777bfe84 5 bytes JMP 00000001749e3309
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4476] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 00000000777bff00 5 bytes JMP 00000001749e7161
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4476] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 00000000777bff64 5 bytes JMP 00000001749e3271
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4476] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 00000000777bffb4 5 bytes JMP 00000001749e7fa1
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4476] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 00000000777bffe4 5 bytes JMP 00000001749e92a1
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4476] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 00000000777c002c 5 bytes JMP 00000001749e2ee1
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4476] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000777c0044 5 bytes JMP 00000001749e2db1
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4476] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000777c00f4 5 bytes JMP 00000001749e1ed9
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4476] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000777c0204 5 bytes JMP 00000001749e2301
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4476] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000777c07dc 5 bytes JMP 00000001749e90d9
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4476] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 00000000777c0854 5 bytes JMP 00000001749e2e49
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4476] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000777c08e4 5 bytes JMP 00000001749e2d19
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4476] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000777c0e34 5 bytes JMP 00000001749e6879
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4476] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken 00000000777c1100 5 bytes JMP 00000001749e8d49
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4476] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError 00000000777c1644 5 bytes JMP 00000001749e4ac9
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4476] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000777c1960 5 bytes JMP 00000001749e3141
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4476] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000777c1c24 5 bytes JMP 00000001749e6911
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4476] C:\Windows\SysWOW64\ntdll.dll!NtSuspendProcess 00000000777c1d94 5 bytes JMP 00000001749e3439
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4476] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 00000000777c1db0 5 bytes JMP 00000001749e33a1
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4476] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 00000000777c1dcc 5 bytes JMP 00000001749e9339
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4476] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl 00000000777c1f28 5 bytes JMP 00000001749e8f11
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4476] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter 00000000777d28e4 5 bytes JMP 00000001749e1ab1
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4476] C:\Windows\SysWOW64\ntdll.dll!RtlEqualSid 00000000777d8e61 5 bytes JMP 00000001749e8e79
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4476] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx 0000000077800eab 5 bytes JMP 00000001749e2009
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4476] C:\Windows\SysWOW64\ntdll.dll!RtlReportException 0000000077848b7f 5 bytes JMP 00000001749e4b61
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4476] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters 000000007784ee1b 5 bytes JMP 00000001749e1f71
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4476] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA 0000000076dc0e00 5 bytes JMP 00000001749e1da9
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4476] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000076dc1072 5 bytes JMP 00000001749e2a21
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4476] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 0000000076dc498f 5 bytes JMP 00000001749e25f9
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4476] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000076dd3bab 5 bytes JMP 00000001749e3011
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4476] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000076dd9aa4 5 bytes JMP 00000001749e70c9
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4476] C:\Windows\syswow64\kernel32.dll!MoveFileExW 0000000076dd9b05 5 bytes JMP 00000001749e6e69
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4476] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot 0000000076de7327 5 bytes JMP 00000001749e2729
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4476] C:\Windows\syswow64\kernel32.dll!Process32NextW 0000000076de88da 5 bytes JMP 00000001749e6749
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4476] C:\Windows\syswow64\kernel32.dll!MoveFileExA 0000000076deccb1 5 bytes JMP 00000001749e6d39
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4476] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 0000000076deccd1 5 bytes JMP 00000001749e6f99
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4476] C:\Windows\syswow64\kernel32.dll!WinExec 0000000076e43161 5 bytes JMP 00000001749e28f1
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4476] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA 0000000076e6759b 5 bytes JMP 00000001749e46a1
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4476] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW 0000000076e675be 5 bytes JMP 00000001749e47d1
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4476] C:\Windows\syswow64\kernel32.dll!ReadConsoleA 0000000076e67969 5 bytes JMP 00000001749e4901
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4476] C:\Windows\syswow64\kernel32.dll!ReadConsoleW 0000000076e679e2 5 bytes JMP 00000001749e4a31
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4476] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime 0000000076908f8d 5 bytes JMP 00000001749e1a19
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4476] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle 000000007690c436 5 bytes JMP 00000001749e3b59
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4476] C:\Windows\syswow64\KERNELBASE.dll!DeviceIoControl 000000007690d0af 5 bytes JMP 00000001749e71f9
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4476] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 000000007690eca6 5 bytes JMP 00000001749e3601
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4476] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess 000000007690f206 5 bytes JMP 00000001749e2399
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4476] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW 000000007690fa89 5 bytes JMP 00000001749e1e41
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4476] C:\Windows\syswow64\KERNELBASE.dll!DefineDosDeviceW 000000007690fbb7 5 bytes JMP 00000001749e6c09
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4476] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW 0000000076911358 5 bytes JMP 00000001749e3ac1
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4476] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 000000007691137f 5 bytes JMP 00000001749e3a29
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4476] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076911d29 5 bytes JMP 00000001749e1981
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4476] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress 0000000076911e15 5 bytes JMP 00000001749e24c9
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4476] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076912ab1 5 bytes JMP 00000001749e6321
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4476] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA 0000000076912cdf 5 bytes JMP 00000001749e6289
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4476] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076912d1d 5 bytes JMP 00000001749e63b9
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4476] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA 0000000076912e80 5 bytes JMP 00000001749e18e9
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4476] C:\Windows\syswow64\KERNELBASE.dll!SleepEx 0000000076913b76 5 bytes JMP 00000001749e2269
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4476] C:\Windows\syswow64\KERNELBASE.dll!Sleep 000000007691449c 5 bytes JMP 00000001749e2431
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4476] C:\Windows\syswow64\KERNELBASE.dll!CreateThread 000000007691460e 5 bytes JMP 00000001749e3569
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4476] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread 0000000076914637 5 bytes JMP 00000001749e2c81
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4476] C:\Windows\syswow64\KERNELBASE.dll!FindNextFileW 000000007691a217 5 bytes JMP 00000001749e80d1
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4476] C:\Windows\syswow64\KERNELBASE.dll!FindClose 000000007691a426 5 bytes JMP 00000001749e8169
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4476] C:\Windows\syswow64\KERNELBASE.dll!FindFirstFileExW 000000007691a500 5 bytes JMP 00000001749e8039
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4476] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA 000000007691c73a 5 bytes JMP 00000001749e27c1
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4476] C:\Windows\syswow64\KERNELBASE.dll!CreateWellKnownSid 000000007691e2a4 5 bytes JMP 00000001749e8cb1
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4476] C:\Windows\syswow64\msvcrt.dll!_lock + 41 0000000076a4a472 5 bytes JMP 00000001749e93d1
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4476] C:\Windows\syswow64\msvcrt.dll!__p__fmode 0000000076a527ce 5 bytes JMP 00000001749e1be1
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4476] C:\Windows\syswow64\msvcrt.dll!__p__environ 0000000076a5e6cf 5 bytes JMP 00000001749e1b49
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4476] C:\Windows\syswow64\ADVAPI32.dll!CryptGenKey 00000000767f8e89 5 bytes JMP 00000001749e8331
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4476] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextA 00000000767f9179 5 bytes JMP 00000001749e8201
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4476] C:\Windows\syswow64\ADVAPI32.dll!CryptExportKey 00000000767f9186 5 bytes JMP 00000001749e8a51
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4476] C:\Windows\syswow64\ADVAPI32.dll!CryptImportKey 00000000767fc4d2 5 bytes JMP 00000001749e8c19
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4476] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceW 00000000767fc9ec 5 bytes JMP 00000001749e3c89
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4476] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextW 00000000767fdeb4 5 bytes JMP 00000001749e8299
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4476] C:\Windows\syswow64\ADVAPI32.dll!CryptHashData 00000000767fded6 5 bytes JMP 00000001749e8b81
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4476] C:\Windows\syswow64\ADVAPI32.dll!CryptCreateHash 00000000767fdeee 5 bytes JMP 00000001749e89b9
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4476] C:\Windows\syswow64\ADVAPI32.dll!CryptGetHashParam 00000000767fdf1e 5 bytes JMP 00000001749e8ae9
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4476] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceA 0000000076802b50 5 bytes JMP 00000001749e3bf1
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4476] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle 00000000768035fc 5 bytes JMP 00000001749e40b1
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4476] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA + 222 000000007680494d 5 bytes JMP 00000001749e9469
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4476] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 000000007681714c 5 bytes JMP 00000001749e4311
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4476] C:\Windows\syswow64\ADVAPI32.dll!ControlService 0000000076817164 5 bytes JMP 00000001749e3e51
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4476] C:\Windows\syswow64\ADVAPI32.dll!DeleteService 000000007681717c 5 bytes JMP 00000001749e3ee9
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4476] C:\Windows\syswow64\ADVAPI32.dll!CryptEncrypt 00000000768177c3 5 bytes JMP 00000001749e83c9
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4476] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA 0000000076833384 5 bytes JMP 00000001749e3f81
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4476] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW 0000000076833394 5 bytes JMP 00000001749e4019
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4476] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA 00000000768333a4 5 bytes JMP 00000001749e3d21
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4476] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExW 00000000768333b4 5 bytes JMP 00000001749e3db9
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4476] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 00000000768333f4 5 bytes JMP 00000001749e4279
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4476] C:\Windows\syswow64\GDI32.dll!TranslateCharsetInfo + 505 000000007632633b 5 bytes JMP 00000001749e9501
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4476] C:\Windows\syswow64\GDI32.dll!SetBrushAttributes 000000007634868d 5 bytes JMP 00000001749e8759
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4476] C:\Windows\syswow64\GDI32.dll!ClearBrushAttributes 00000000763486ac 5 bytes JMP 00000001749e87f1
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4476] C:\Windows\syswow64\GDI32.dll!NamedEscape 00000000763540e9 5 bytes JMP 00000001749e8921
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4476] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000076b078e2 5 bytes JMP 00000001749e4441
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4476] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000076b07bd3 5 bytes JMP 00000001749e43a9
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4476] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076b08a29 5 bytes JMP 00000001749e5909
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4476] C:\Windows\syswow64\USER32.dll!FindWindowW 0000000076b098fd 5 bytes JMP 00000001749e6581
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4476] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize 0000000076b0b6ed 5 bytes JMP 00000001749e9599
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4476] C:\Windows\syswow64\USER32.dll!CreateWindowExA 0000000076b0d22e 5 bytes JMP 00000001749e59a1
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4476] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076b0ee09 5 bytes JMP 00000001749e34d1
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4476] C:\Windows\syswow64\USER32.dll!FindWindowA 0000000076b0ffe6 5 bytes JMP 00000001749e6451
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4476] C:\Windows\syswow64\USER32.dll!FindWindowExA 0000000076b100d9 5 bytes JMP 00000001749e64e9
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4476] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000076b105ba 5 bytes JMP 00000001749e4571
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4476] C:\Windows\syswow64\USER32.dll!ShowWindow 0000000076b10dfb 5 bytes JMP 00000001749e5a39
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4476] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000076b112a5 5 bytes JMP 00000001749e9041
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4476] C:\Windows\syswow64\USER32.dll!SetWindowTextW 0000000076b120ec 5 bytes JMP 00000001749e5dc9
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4476] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000076b13baa 5 bytes JMP 00000001749e8fa9
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4476] C:\Windows\syswow64\USER32.dll!SetWindowPlacement 0000000076b14ab6 5 bytes JMP 00000001749e8889
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4476] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000076b15f74 5 bytes JMP 00000001749e44d9
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4476] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000076b16285 5 bytes JMP 00000001749e4bf9
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4476] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076b17603 5 bytes JMP 00000001749e2be9
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4476] C:\Windows\syswow64\USER32.dll!SetWindowTextA 0000000076b17aee 5 bytes JMP 00000001749e5d31
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4476] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076b1835c 5 bytes JMP 00000001749e2b51
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4476] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamAorW 0000000076b2ce54 5 bytes JMP 00000001749e5b69
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4476] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000076b2f52b 5 bytes JMP 00000001749e4c91
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4476] C:\Windows\syswow64\USER32.dll!FindWindowExW 0000000076b2f588 5 bytes JMP 00000001749e6619
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4476] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamAorW 0000000076b310a0 5 bytes JMP 00000001749e5ad1
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4476] C:\Windows\syswow64\USER32.dll!MessageBoxExA 0000000076b5fcd6 5 bytes JMP 00000001749e5c01
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[4476] C:\Windows\syswow64\USER32.dll!MessageBoxExW 0000000076b5fcfa 5 bytes JMP 00000001749e5c99
|
|
05.12.2015, 19:13
| #13 |
| /// TB-Schüler | Win7: Fehler 5 u.a. / "Kaputtoptimiert" Teil 14: Code:
ATTFilter .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1100] C:\Windows\SysWOW64\ntdll.dll!NtWriteFile 00000000777bf968 5 bytes JMP 00000001749e9209
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1100] C:\Windows\SysWOW64\ntdll.dll!NtClose 00000000777bfa20 5 bytes JMP 00000001749e67e1
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1100] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 00000000777bfb68 5 bytes JMP 00000001749e61f1
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1100] C:\Windows\SysWOW64\ntdll.dll!NtQueryInformationToken 00000000777bfbe8 5 bytes JMP 00000001749e8de1
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1100] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 00000000777bfc60 5 bytes JMP 00000001749e31d9
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1100] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 00000000777bfc90 5 bytes JMP 00000001749e15f1
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1100] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 00000000777bfcc0 5 bytes JMP 00000001749e1689
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1100] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000777bfcf0 5 bytes JMP 00000001749e6159
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1100] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 00000000777bfe08 5 bytes JMP 00000001749e9171
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1100] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000777bfe54 5 bytes JMP 00000001749e30a9
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1100] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 00000000777bfe84 5 bytes JMP 00000001749e3309
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1100] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 00000000777bff00 5 bytes JMP 00000001749e7161
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1100] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 00000000777bff64 5 bytes JMP 00000001749e3271
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1100] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 00000000777bffb4 5 bytes JMP 00000001749e7fa1
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1100] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 00000000777bffe4 5 bytes JMP 00000001749e92a1
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1100] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 00000000777c002c 5 bytes JMP 00000001749e2ee1
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1100] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000777c0044 5 bytes JMP 00000001749e2db1
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1100] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000777c00f4 5 bytes JMP 00000001749e1ed9
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1100] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000777c0204 5 bytes JMP 00000001749e2301
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1100] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000777c07dc 5 bytes JMP 00000001749e90d9
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1100] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 00000000777c0854 5 bytes JMP 00000001749e2e49
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1100] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000777c08e4 5 bytes JMP 00000001749e2d19
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1100] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000777c0e34 5 bytes JMP 00000001749e6879
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1100] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken 00000000777c1100 5 bytes JMP 00000001749e8d49
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1100] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError 00000000777c1644 5 bytes JMP 00000001749e4ac9
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1100] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000777c1960 5 bytes JMP 00000001749e3141
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1100] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000777c1c24 5 bytes JMP 00000001749e6911
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1100] C:\Windows\SysWOW64\ntdll.dll!NtSuspendProcess 00000000777c1d94 5 bytes JMP 00000001749e3439
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1100] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 00000000777c1db0 5 bytes JMP 00000001749e33a1
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1100] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 00000000777c1dcc 5 bytes JMP 00000001749e9339
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1100] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl 00000000777c1f28 5 bytes JMP 00000001749e8f11
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1100] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter 00000000777d28e4 5 bytes JMP 00000001749e1ab1
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1100] C:\Windows\SysWOW64\ntdll.dll!RtlEqualSid 00000000777d8e61 5 bytes JMP 00000001749e8e79
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1100] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx 0000000077800eab 5 bytes JMP 00000001749e2009
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1100] C:\Windows\SysWOW64\ntdll.dll!RtlReportException 0000000077848b7f 5 bytes JMP 00000001749e4b61
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1100] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters 000000007784ee1b 5 bytes JMP 00000001749e1f71
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1100] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA 0000000076dc0e00 5 bytes JMP 00000001749e1da9
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1100] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000076dc1072 5 bytes JMP 00000001749e2a21
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1100] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 0000000076dc498f 5 bytes JMP 00000001749e25f9
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1100] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000076dd3bab 5 bytes JMP 00000001749e3011
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1100] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000076dd9aa4 5 bytes JMP 00000001749e70c9
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1100] C:\Windows\syswow64\kernel32.dll!MoveFileExW 0000000076dd9b05 5 bytes JMP 00000001749e6e69
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1100] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot 0000000076de7327 5 bytes JMP 00000001749e2729
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1100] C:\Windows\syswow64\kernel32.dll!Process32NextW 0000000076de88da 5 bytes JMP 00000001749e6749
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1100] C:\Windows\syswow64\kernel32.dll!MoveFileExA 0000000076deccb1 5 bytes JMP 00000001749e6d39
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1100] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 0000000076deccd1 5 bytes JMP 00000001749e6f99
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1100] C:\Windows\syswow64\kernel32.dll!WinExec 0000000076e43161 5 bytes JMP 00000001749e28f1
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1100] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA 0000000076e6759b 5 bytes JMP 00000001749e46a1
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1100] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW 0000000076e675be 5 bytes JMP 00000001749e47d1
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1100] C:\Windows\syswow64\kernel32.dll!ReadConsoleA 0000000076e67969 5 bytes JMP 00000001749e4901
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1100] C:\Windows\syswow64\kernel32.dll!ReadConsoleW 0000000076e679e2 5 bytes JMP 00000001749e4a31
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1100] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime 0000000076908f8d 5 bytes JMP 00000001749e1a19
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1100] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle 000000007690c436 5 bytes JMP 00000001749e3b59
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1100] C:\Windows\syswow64\KERNELBASE.dll!DeviceIoControl 000000007690d0af 5 bytes JMP 00000001749e71f9
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1100] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 000000007690eca6 5 bytes JMP 00000001749e3601
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1100] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess 000000007690f206 5 bytes JMP 00000001749e2399
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1100] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW 000000007690fa89 5 bytes JMP 00000001749e1e41
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1100] C:\Windows\syswow64\KERNELBASE.dll!DefineDosDeviceW 000000007690fbb7 5 bytes JMP 00000001749e6c09
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1100] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW 0000000076911358 5 bytes JMP 00000001749e3ac1
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1100] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 000000007691137f 5 bytes JMP 00000001749e3a29
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1100] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076911d29 5 bytes JMP 00000001749e1981
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1100] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress 0000000076911e15 5 bytes JMP 00000001749e24c9
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1100] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076912ab1 5 bytes JMP 00000001749e6321
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1100] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA 0000000076912cdf 5 bytes JMP 00000001749e6289
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1100] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076912d1d 5 bytes JMP 00000001749e63b9
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1100] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA 0000000076912e80 5 bytes JMP 00000001749e18e9
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1100] C:\Windows\syswow64\KERNELBASE.dll!SleepEx 0000000076913b76 5 bytes JMP 00000001749e2269
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1100] C:\Windows\syswow64\KERNELBASE.dll!Sleep 000000007691449c 5 bytes JMP 00000001749e2431
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1100] C:\Windows\syswow64\KERNELBASE.dll!CreateThread 000000007691460e 5 bytes JMP 00000001749e3569
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1100] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread 0000000076914637 5 bytes JMP 00000001749e2c81
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1100] C:\Windows\syswow64\KERNELBASE.dll!FindNextFileW 000000007691a217 5 bytes JMP 00000001749e80d1
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1100] C:\Windows\syswow64\KERNELBASE.dll!FindClose 000000007691a426 5 bytes JMP 00000001749e8169
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1100] C:\Windows\syswow64\KERNELBASE.dll!FindFirstFileExW 000000007691a500 5 bytes JMP 00000001749e8039
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1100] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA 000000007691c73a 5 bytes JMP 00000001749e27c1
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1100] C:\Windows\syswow64\KERNELBASE.dll!CreateWellKnownSid 000000007691e2a4 5 bytes JMP 00000001749e8cb1
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1100] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000076b078e2 5 bytes JMP 00000001749e4441
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1100] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000076b07bd3 5 bytes JMP 00000001749e43a9
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1100] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076b08a29 5 bytes JMP 00000001749e5909
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1100] C:\Windows\syswow64\USER32.dll!FindWindowW 0000000076b098fd 5 bytes JMP 00000001749e6581
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1100] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize 0000000076b0b6ed 5 bytes JMP 00000001749e93d1
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1100] C:\Windows\syswow64\USER32.dll!CreateWindowExA 0000000076b0d22e 5 bytes JMP 00000001749e59a1
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1100] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076b0ee09 5 bytes JMP 00000001749e34d1
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1100] C:\Windows\syswow64\USER32.dll!FindWindowA 0000000076b0ffe6 5 bytes JMP 00000001749e6451
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1100] C:\Windows\syswow64\USER32.dll!FindWindowExA 0000000076b100d9 5 bytes JMP 00000001749e64e9
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1100] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000076b105ba 5 bytes JMP 00000001749e4571
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1100] C:\Windows\syswow64\USER32.dll!ShowWindow 0000000076b10dfb 5 bytes JMP 00000001749e5a39
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1100] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000076b112a5 5 bytes JMP 00000001749e9041
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1100] C:\Windows\syswow64\USER32.dll!SetWindowTextW 0000000076b120ec 5 bytes JMP 00000001749e5dc9
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1100] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000076b13baa 5 bytes JMP 00000001749e8fa9
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1100] C:\Windows\syswow64\USER32.dll!SetWindowPlacement 0000000076b14ab6 5 bytes JMP 00000001749e8889
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1100] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000076b15f74 5 bytes JMP 00000001749e44d9
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1100] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000076b16285 5 bytes JMP 00000001749e4bf9
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1100] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076b17603 5 bytes JMP 00000001749e2be9
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1100] C:\Windows\syswow64\USER32.dll!SetWindowTextA 0000000076b17aee 5 bytes JMP 00000001749e5d31
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1100] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076b1835c 5 bytes JMP 00000001749e2b51
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1100] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamAorW 0000000076b2ce54 5 bytes JMP 00000001749e5b69
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1100] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000076b2f52b 5 bytes JMP 00000001749e4c91
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1100] C:\Windows\syswow64\USER32.dll!FindWindowExW 0000000076b2f588 5 bytes JMP 00000001749e6619
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1100] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamAorW 0000000076b310a0 5 bytes JMP 00000001749e5ad1
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1100] C:\Windows\syswow64\USER32.dll!MessageBoxExA 0000000076b5fcd6 5 bytes JMP 00000001749e5c01
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1100] C:\Windows\syswow64\USER32.dll!MessageBoxExW 0000000076b5fcfa 5 bytes JMP 00000001749e5c99
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1100] C:\Windows\syswow64\GDI32.dll!TranslateCharsetInfo + 505 000000007632633b 5 bytes JMP 00000001749e9469
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1100] C:\Windows\syswow64\GDI32.dll!SetBrushAttributes 000000007634868d 5 bytes JMP 00000001749e8759
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1100] C:\Windows\syswow64\GDI32.dll!ClearBrushAttributes 00000000763486ac 5 bytes JMP 00000001749e87f1
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1100] C:\Windows\syswow64\GDI32.dll!NamedEscape 00000000763540e9 5 bytes JMP 00000001749e8921
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1100] C:\Windows\syswow64\msvcrt.dll!_lock + 41 0000000076a4a472 5 bytes JMP 00000001749e9501
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1100] C:\Windows\syswow64\msvcrt.dll!__p__fmode 0000000076a527ce 5 bytes JMP 00000001749e1be1
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1100] C:\Windows\syswow64\msvcrt.dll!__p__environ 0000000076a5e6cf 5 bytes JMP 00000001749e1b49
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1100] C:\Windows\syswow64\ADVAPI32.dll!CryptGenKey 00000000767f8e89 5 bytes JMP 00000001749e8331
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1100] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextA 00000000767f9179 5 bytes JMP 00000001749e8201
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1100] C:\Windows\syswow64\ADVAPI32.dll!CryptExportKey 00000000767f9186 5 bytes JMP 00000001749e8a51
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1100] C:\Windows\syswow64\ADVAPI32.dll!CryptImportKey 00000000767fc4d2 5 bytes JMP 00000001749e8c19
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1100] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceW 00000000767fc9ec 5 bytes JMP 00000001749e3c89
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1100] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextW 00000000767fdeb4 5 bytes JMP 00000001749e8299
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1100] C:\Windows\syswow64\ADVAPI32.dll!CryptHashData 00000000767fded6 5 bytes JMP 00000001749e8b81
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1100] C:\Windows\syswow64\ADVAPI32.dll!CryptCreateHash 00000000767fdeee 5 bytes JMP 00000001749e89b9
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1100] C:\Windows\syswow64\ADVAPI32.dll!CryptGetHashParam 00000000767fdf1e 5 bytes JMP 00000001749e8ae9
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1100] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceA 0000000076802b50 5 bytes JMP 00000001749e3bf1
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1100] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle 00000000768035fc 5 bytes JMP 00000001749e40b1
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1100] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA + 222 000000007680494d 5 bytes JMP 00000001749e9599
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1100] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 000000007681714c 5 bytes JMP 00000001749e4311
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1100] C:\Windows\syswow64\ADVAPI32.dll!ControlService 0000000076817164 5 bytes JMP 00000001749e3e51
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1100] C:\Windows\syswow64\ADVAPI32.dll!DeleteService 000000007681717c 5 bytes JMP 00000001749e3ee9
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1100] C:\Windows\syswow64\ADVAPI32.dll!CryptEncrypt 00000000768177c3 5 bytes JMP 00000001749e83c9
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1100] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA 0000000076833384 5 bytes JMP 00000001749e3f81
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1100] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW 0000000076833394 5 bytes JMP 00000001749e4019
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1100] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA 00000000768333a4 5 bytes JMP 00000001749e3d21
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1100] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExW 00000000768333b4 5 bytes JMP 00000001749e3db9
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1100] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 00000000768333f4 5 bytes JMP 00000001749e4279
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1100] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000075683918 5 bytes JMP 00000001749e60c1
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1100] C:\Windows\syswow64\WS2_32.dll!WSASocketW 0000000075683cd3 5 bytes JMP 00000001749e6029
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1100] C:\Windows\syswow64\WS2_32.dll!socket 0000000075683eb8 5 bytes JMP 00000001749e8461
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1100] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000075684406 5 bytes JMP 00000001749e2139
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1100] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoW 0000000075684889 5 bytes JMP 00000001749e5741
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1100] C:\Windows\syswow64\WS2_32.dll!recv 0000000075686b0e 5 bytes JMP 00000001749e8629
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1100] C:\Windows\syswow64\WS2_32.dll!connect 0000000075686bdd 1 byte JMP 00000001749e41e1
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1100] C:\Windows\syswow64\WS2_32.dll!connect + 2 0000000075686bdf 3 bytes {CALL RBP}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1100] C:\Windows\syswow64\WS2_32.dll!send 0000000075686f01 5 bytes JMP 00000001749e20a1
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1100] C:\Windows\syswow64\WS2_32.dll!WSARecv 0000000075687089 5 bytes JMP 00000001749e86c1
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1100] C:\Windows\syswow64\WS2_32.dll!WSAConnect 000000007568cc3f 5 bytes JMP 00000001749e8591
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1100] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoExW 000000007568d1ea 5 bytes JMP 00000001749e57d9
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1100] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000075697673 5 bytes JMP 00000001749e5871
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5820] C:\Windows\SysWOW64\ntdll.dll!NtWriteFile 00000000777bf968 5 bytes JMP 00000001749e9209
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5820] C:\Windows\SysWOW64\ntdll.dll!NtClose 00000000777bfa20 5 bytes JMP 00000001749e67e1
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5820] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 00000000777bfb68 5 bytes JMP 00000001749e61f1
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5820] C:\Windows\SysWOW64\ntdll.dll!NtQueryInformationToken 00000000777bfbe8 5 bytes JMP 00000001749e8de1
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5820] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 00000000777bfc60 5 bytes JMP 00000001749e31d9
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5820] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 00000000777bfc90 5 bytes JMP 00000001749e15f1
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5820] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 00000000777bfcc0 5 bytes JMP 00000001749e1689
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5820] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000777bfcf0 5 bytes JMP 00000001749e6159
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5820] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 00000000777bfe08 5 bytes JMP 00000001749e9171
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5820] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000777bfe54 5 bytes JMP 00000001749e30a9
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5820] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 00000000777bfe84 5 bytes JMP 00000001749e3309
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5820] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 00000000777bff00 5 bytes JMP 00000001749e7161
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5820] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 00000000777bff64 5 bytes JMP 00000001749e3271
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5820] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 00000000777bffb4 5 bytes JMP 00000001749e7fa1
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5820] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 00000000777bffe4 5 bytes JMP 00000001749e92a1
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5820] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 00000000777c002c 5 bytes JMP 00000001749e2ee1
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5820] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000777c0044 5 bytes JMP 00000001749e2db1
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5820] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000777c00f4 5 bytes JMP 00000001749e1ed9
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5820] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000777c0204 5 bytes JMP 00000001749e2301
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5820] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000777c07dc 5 bytes JMP 00000001749e90d9
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5820] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 00000000777c0854 5 bytes JMP 00000001749e2e49
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5820] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000777c08e4 5 bytes JMP 00000001749e2d19
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5820] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000777c0e34 5 bytes JMP 00000001749e6879
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5820] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken 00000000777c1100 5 bytes JMP 00000001749e8d49
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5820] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError 00000000777c1644 5 bytes JMP 00000001749e4ac9
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5820] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000777c1960 5 bytes JMP 00000001749e3141
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5820] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000777c1c24 5 bytes JMP 00000001749e6911
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5820] C:\Windows\SysWOW64\ntdll.dll!NtSuspendProcess 00000000777c1d94 5 bytes JMP 00000001749e3439
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5820] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 00000000777c1db0 5 bytes JMP 00000001749e33a1
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5820] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 00000000777c1dcc 5 bytes JMP 00000001749e9339
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5820] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl 00000000777c1f28 5 bytes JMP 00000001749e8f11
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5820] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter 00000000777d28e4 5 bytes JMP 00000001749e1ab1
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5820] C:\Windows\SysWOW64\ntdll.dll!RtlEqualSid 00000000777d8e61 5 bytes JMP 00000001749e8e79
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5820] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx 0000000077800eab 5 bytes JMP 00000001749e2009
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5820] C:\Windows\SysWOW64\ntdll.dll!RtlReportException 0000000077848b7f 5 bytes JMP 00000001749e4b61
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5820] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters 000000007784ee1b 5 bytes JMP 00000001749e1f71
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5820] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA 0000000076dc0e00 5 bytes JMP 00000001749e1da9
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5820] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000076dc1072 5 bytes JMP 00000001749e2a21
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5820] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 0000000076dc498f 5 bytes JMP 00000001749e25f9
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5820] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000076dd3bab 5 bytes JMP 00000001749e3011
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5820] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000076dd9aa4 5 bytes JMP 00000001749e70c9
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5820] C:\Windows\syswow64\kernel32.dll!MoveFileExW 0000000076dd9b05 5 bytes JMP 00000001749e6e69
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5820] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot 0000000076de7327 5 bytes JMP 00000001749e2729
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5820] C:\Windows\syswow64\kernel32.dll!Process32NextW 0000000076de88da 5 bytes JMP 00000001749e6749
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5820] C:\Windows\syswow64\kernel32.dll!MoveFileExA 0000000076deccb1 5 bytes JMP 00000001749e6d39
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5820] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 0000000076deccd1 5 bytes JMP 00000001749e6f99
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5820] C:\Windows\syswow64\kernel32.dll!WinExec 0000000076e43161 5 bytes JMP 00000001749e28f1
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5820] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA 0000000076e6759b 5 bytes JMP 00000001749e46a1
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5820] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW 0000000076e675be 5 bytes JMP 00000001749e47d1
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5820] C:\Windows\syswow64\kernel32.dll!ReadConsoleA 0000000076e67969 5 bytes JMP 00000001749e4901
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5820] C:\Windows\syswow64\kernel32.dll!ReadConsoleW 0000000076e679e2 5 bytes JMP 00000001749e4a31
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5820] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime 0000000076908f8d 5 bytes JMP 00000001749e1a19
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5820] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle 000000007690c436 5 bytes JMP 00000001749e3b59
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5820] C:\Windows\syswow64\KERNELBASE.dll!DeviceIoControl 000000007690d0af 5 bytes JMP 00000001749e71f9
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5820] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 000000007690eca6 5 bytes JMP 00000001749e3601
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5820] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess 000000007690f206 5 bytes JMP 00000001749e2399
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5820] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW 000000007690fa89 5 bytes JMP 00000001749e1e41
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5820] C:\Windows\syswow64\KERNELBASE.dll!DefineDosDeviceW 000000007690fbb7 5 bytes JMP 00000001749e6c09
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5820] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW 0000000076911358 5 bytes JMP 00000001749e3ac1
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5820] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 000000007691137f 5 bytes JMP 00000001749e3a29
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5820] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076911d29 5 bytes JMP 00000001749e1981
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5820] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress 0000000076911e15 5 bytes JMP 00000001749e24c9
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5820] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076912ab1 5 bytes JMP 00000001749e6321
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5820] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA 0000000076912cdf 5 bytes JMP 00000001749e6289
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5820] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076912d1d 5 bytes JMP 00000001749e63b9
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5820] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA 0000000076912e80 5 bytes JMP 00000001749e18e9
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5820] C:\Windows\syswow64\KERNELBASE.dll!SleepEx 0000000076913b76 5 bytes JMP 00000001749e2269
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5820] C:\Windows\syswow64\KERNELBASE.dll!Sleep 000000007691449c 5 bytes JMP 00000001749e2431
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5820] C:\Windows\syswow64\KERNELBASE.dll!CreateThread 000000007691460e 5 bytes JMP 00000001749e3569
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5820] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread 0000000076914637 5 bytes JMP 00000001749e2c81
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5820] C:\Windows\syswow64\KERNELBASE.dll!FindNextFileW 000000007691a217 5 bytes JMP 00000001749e80d1
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5820] C:\Windows\syswow64\KERNELBASE.dll!FindClose 000000007691a426 5 bytes JMP 00000001749e8169
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5820] C:\Windows\syswow64\KERNELBASE.dll!FindFirstFileExW 000000007691a500 5 bytes JMP 00000001749e8039
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5820] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA 000000007691c73a 5 bytes JMP 00000001749e27c1
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5820] C:\Windows\syswow64\KERNELBASE.dll!CreateWellKnownSid 000000007691e2a4 5 bytes JMP 00000001749e8cb1
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5820] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000075683918 5 bytes JMP 00000001749e60c1
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5820] C:\Windows\syswow64\WS2_32.dll!WSASocketW 0000000075683cd3 5 bytes JMP 00000001749e6029
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5820] C:\Windows\syswow64\WS2_32.dll!socket 0000000075683eb8 5 bytes JMP 00000001749e8461
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5820] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000075684406 5 bytes JMP 00000001749e2139
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5820] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoW 0000000075684889 5 bytes JMP 00000001749e5741
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5820] C:\Windows\syswow64\WS2_32.dll!recv 0000000075686b0e 5 bytes JMP 00000001749e8629
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5820] C:\Windows\syswow64\WS2_32.dll!connect 0000000075686bdd 1 byte JMP 00000001749e41e1
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5820] C:\Windows\syswow64\WS2_32.dll!connect + 2 0000000075686bdf 3 bytes {CALL RBP}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5820] C:\Windows\syswow64\WS2_32.dll!send 0000000075686f01 5 bytes JMP 00000001749e20a1
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5820] C:\Windows\syswow64\WS2_32.dll!WSARecv 0000000075687089 5 bytes JMP 00000001749e86c1
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5820] C:\Windows\syswow64\WS2_32.dll!WSAConnect 000000007568cc3f 5 bytes JMP 00000001749e8591
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5820] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoExW 000000007568d1ea 5 bytes JMP 00000001749e57d9
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5820] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000075697673 5 bytes JMP 00000001749e5871
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5820] C:\Windows\syswow64\msvcrt.dll!_lock + 41 0000000076a4a472 5 bytes JMP 00000001749e9469
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5820] C:\Windows\syswow64\msvcrt.dll!__p__fmode 0000000076a527ce 5 bytes JMP 00000001749e1be1
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5820] C:\Windows\syswow64\msvcrt.dll!__p__environ 0000000076a5e6cf 5 bytes JMP 00000001749e1b49
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5820] C:\Windows\syswow64\ADVAPI32.dll!CryptGenKey 00000000767f8e89 5 bytes JMP 00000001749e8331
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5820] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextA 00000000767f9179 5 bytes JMP 00000001749e8201
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5820] C:\Windows\syswow64\ADVAPI32.dll!CryptExportKey 00000000767f9186 5 bytes JMP 00000001749e8a51
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5820] C:\Windows\syswow64\ADVAPI32.dll!CryptImportKey 00000000767fc4d2 5 bytes JMP 00000001749e8c19
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5820] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceW 00000000767fc9ec 5 bytes JMP 00000001749e3c89
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5820] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextW 00000000767fdeb4 5 bytes JMP 00000001749e8299
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5820] C:\Windows\syswow64\ADVAPI32.dll!CryptHashData 00000000767fded6 5 bytes JMP 00000001749e8b81
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5820] C:\Windows\syswow64\ADVAPI32.dll!CryptCreateHash 00000000767fdeee 5 bytes JMP 00000001749e89b9
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5820] C:\Windows\syswow64\ADVAPI32.dll!CryptGetHashParam 00000000767fdf1e 5 bytes JMP 00000001749e8ae9
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5820] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceA 0000000076802b50 5 bytes JMP 00000001749e3bf1
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5820] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle 00000000768035fc 5 bytes JMP 00000001749e40b1
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5820] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA + 222 000000007680494d 5 bytes JMP 00000001749e9501
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5820] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 000000007681714c 5 bytes JMP 00000001749e4311
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5820] C:\Windows\syswow64\ADVAPI32.dll!ControlService 0000000076817164 5 bytes JMP 00000001749e3e51
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5820] C:\Windows\syswow64\ADVAPI32.dll!DeleteService 000000007681717c 5 bytes JMP 00000001749e3ee9
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5820] C:\Windows\syswow64\ADVAPI32.dll!CryptEncrypt 00000000768177c3 5 bytes JMP 00000001749e83c9
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5820] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA 0000000076833384 5 bytes JMP 00000001749e3f81
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5820] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW 0000000076833394 5 bytes JMP 00000001749e4019
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5820] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA 00000000768333a4 5 bytes JMP 00000001749e3d21
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5820] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExW 00000000768333b4 5 bytes JMP 00000001749e3db9
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5820] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 00000000768333f4 5 bytes JMP 00000001749e4279
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5820] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000076b078e2 5 bytes JMP 00000001749e4441
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5820] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000076b07bd3 5 bytes JMP 00000001749e43a9
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5820] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076b08a29 5 bytes JMP 00000001749e5909
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5820] C:\Windows\syswow64\USER32.dll!FindWindowW 0000000076b098fd 5 bytes JMP 00000001749e6581
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5820] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize 0000000076b0b6ed 5 bytes JMP 00000001749e9599
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5820] C:\Windows\syswow64\USER32.dll!CreateWindowExA 0000000076b0d22e 5 bytes JMP 00000001749e59a1
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5820] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076b0ee09 5 bytes JMP 00000001749e34d1
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5820] C:\Windows\syswow64\USER32.dll!FindWindowA 0000000076b0ffe6 5 bytes JMP 00000001749e6451
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5820] C:\Windows\syswow64\USER32.dll!FindWindowExA 0000000076b100d9 5 bytes JMP 00000001749e64e9
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5820] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000076b105ba 5 bytes JMP 00000001749e4571
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5820] C:\Windows\syswow64\USER32.dll!ShowWindow 0000000076b10dfb 5 bytes JMP 00000001749e5a39
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5820] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000076b112a5 5 bytes JMP 00000001749e9041
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5820] C:\Windows\syswow64\USER32.dll!SetWindowTextW 0000000076b120ec 5 bytes JMP 00000001749e5dc9
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5820] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000076b13baa 5 bytes JMP 00000001749e8fa9
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5820] C:\Windows\syswow64\USER32.dll!SetWindowPlacement 0000000076b14ab6 5 bytes JMP 00000001749e8889
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5820] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000076b15f74 5 bytes JMP 00000001749e44d9
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5820] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000076b16285 5 bytes JMP 00000001749e4bf9
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5820] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076b17603 5 bytes JMP 00000001749e2be9
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5820] C:\Windows\syswow64\USER32.dll!SetWindowTextA 0000000076b17aee 5 bytes JMP 00000001749e5d31
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5820] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076b1835c 5 bytes JMP 00000001749e2b51
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5820] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamAorW 0000000076b2ce54 5 bytes JMP 00000001749e5b69
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5820] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000076b2f52b 5 bytes JMP 00000001749e4c91
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5820] C:\Windows\syswow64\USER32.dll!FindWindowExW 0000000076b2f588 5 bytes JMP 00000001749e6619
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5820] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamAorW 0000000076b310a0 5 bytes JMP 00000001749e5ad1
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5820] C:\Windows\syswow64\USER32.dll!MessageBoxExA 0000000076b5fcd6 5 bytes JMP 00000001749e5c01
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5820] C:\Windows\syswow64\USER32.dll!MessageBoxExW 0000000076b5fcfa 5 bytes JMP 00000001749e5c99
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5820] C:\Windows\syswow64\GDI32.dll!TranslateCharsetInfo + 505 000000007632633b 5 bytes JMP 00000001749e9631
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5820] C:\Windows\syswow64\GDI32.dll!SetBrushAttributes 000000007634868d 5 bytes JMP 00000001749e8759
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5820] C:\Windows\syswow64\GDI32.dll!ClearBrushAttributes 00000000763486ac 5 bytes JMP 00000001749e87f1
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5820] C:\Windows\syswow64\GDI32.dll!NamedEscape 00000000763540e9 5 bytes JMP 00000001749e8921
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5820] C:\Windows\syswow64\SHELL32.dll!Shell_NotifyIconW 00000000756e0199 5 bytes JMP 00000001749e4d29
|
|
05.12.2015, 19:13
| #14 |
| /// TB-Schüler | Win7: Fehler 5 u.a. / "Kaputtoptimiert" Teil 15: Code:
ATTFilter .text C:\Windows\system32\svchost.exe[3560] C:\Windows\system32\kernel32.dll!Process32NextW + 1 00000000773a1b21 11 bytes [B8, B9, C0, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[3560] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 00000000773a1c10 12 bytes [48, B8, F9, 39, 5C, 75, 00, ...]
.text C:\Windows\system32\svchost.exe[3560] C:\Windows\system32\kernel32.dll!MoveFileExW + 1 00000000773a2b61 8 bytes [B8, B9, D5, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[3560] C:\Windows\system32\kernel32.dll!MoveFileExW + 10 00000000773a2b6a 2 bytes [50, C3]
.text C:\Windows\system32\svchost.exe[3560] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 00000000773bdb10 12 bytes [48, B8, B9, 2D, 5C, 75, 00, ...]
.text C:\Windows\system32\svchost.exe[3560] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 00000000773c0951 11 bytes [B8, 79, 39, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[3560] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 00000000773f52c1 11 bytes [B8, B9, 7A, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[3560] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 00000000773f52e1 11 bytes [B8, 39, 77, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[3560] C:\Windows\system32\kernel32.dll!ReadConsoleW 000000007740a630 12 bytes [48, B8, B9, 81, 5C, 75, 00, ...]
.text C:\Windows\system32\svchost.exe[3560] C:\Windows\system32\kernel32.dll!ReadConsoleA 000000007740a740 12 bytes [48, B8, 39, 7E, 5C, 75, 00, ...]
.text C:\Windows\system32\svchost.exe[3560] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1 000000007742f4e1 11 bytes [B8, B9, DC, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[3560] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1 000000007742f6e1 11 bytes [B8, 39, D9, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[3560] C:\Windows\system32\kernel32.dll!MoveFileExA + 1 000000007742f711 8 bytes [B8, 39, D2, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[3560] C:\Windows\system32\kernel32.dll!MoveFileExA + 10 000000007742f71a 2 bytes [50, C3]
.text C:\Windows\system32\svchost.exe[3560] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd681861 11 bytes [B8, 79, 52, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[3560] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd682db1 11 bytes [B8, 79, B4, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[3560] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd683461 11 bytes [B8, 39, B6, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[3560] C:\Windows\system32\KERNELBASE.dll!FindClose + 1 000007fefd6850d1 11 bytes [B8, 79, 0F, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[3560] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 000007fefd685370 12 bytes [48, B8, F9, 0B, 5D, 75, 00, ...]
.text C:\Windows\system32\svchost.exe[3560] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 000007fefd685eb1 11 bytes [B8, B9, 0D, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[3560] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd688f20 12 bytes [48, B8, B9, 50, 5C, 75, 00, ...]
.text C:\Windows\system32\svchost.exe[3560] C:\Windows\system32\KERNELBASE.dll!CreateWellKnownSid + 1 000007fefd6897a1 11 bytes [B8, B9, 30, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[3560] C:\Windows\system32\KERNELBASE.dll!DeviceIoControl + 1 000007fefd68a0e1 11 bytes [B8, 39, E0, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[3560] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd68aec0 12 bytes [48, B8, B9, B2, 5C, 75, 00, ...]
.text C:\Windows\system32\svchost.exe[3560] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd68ca31 11 bytes [B8, F9, B0, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[3560] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd6937d1 11 bytes [B8, F9, 4E, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[3560] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd6b4310 12 bytes [48, B8, B9, 42, 5C, 75, 00, ...]
.text C:\Windows\system32\svchost.exe[3560] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 000007fefd6c0bd1 11 bytes [B8, B9, CE, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[3560] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd6c2831 8 bytes [B8, 39, 23, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[3560] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd6c283a 2 bytes [50, C3]
.text C:\Windows\system32\svchost.exe[3560] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd6c2871 11 bytes [B8, F9, 40, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[3560] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefdd3642d 11 bytes [B8, 39, 5B, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[3560] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefdd36484 12 bytes [48, B8, F9, 55, 5C, 75, 00, ...]
.text C:\Windows\system32\svchost.exe[3560] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefdd36519 11 bytes [B8, 39, 62, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[3560] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefdd36c34 12 bytes [48, B8, 39, 54, 5C, 75, 00, ...]
.text C:\Windows\system32\svchost.exe[3560] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefdd37ab5 11 bytes [B8, F9, 5C, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[3560] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefdd38b01 11 bytes [B8, B9, 57, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[3560] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefdd38c39 11 bytes [B8, 79, 59, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[3560] C:\Windows\system32\GDI32.dll!GdiDllInitialize + 349 000007fefe10b031 11 bytes [B8, B9, 45, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[3560] C:\Windows\system32\GDI32.dll!SetBrushAttributes + 1 000007fefe124991 11 bytes [B8, F9, 20, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[3560] C:\Windows\system32\GDI32.dll!ClearBrushAttributes + 1 000007fefe1249b1 11 bytes [B8, B9, 22, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[3560] C:\Windows\system32\GDI32.dll!NamedEscape + 1 000007fefe139209 11 bytes [B8, 39, 26, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[3560] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 1 000007feff07ae81 11 bytes [B8, B9, 29, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[3560] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 1 000007feff07aee1 11 bytes [B8, 39, 11, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[3560] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 1 000007feff07e6e9 11 bytes [B8, F9, 2E, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[3560] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 1 000007feff08048d 11 bytes [B8, F9, 12, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[3560] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 1 000007feff080579 11 bytes [B8, F9, 27, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[3560] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 1 000007feff0805b1 11 bytes [B8, 79, 2B, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[3560] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 73 000007feff0805f9 5 bytes [B8, 39, 2D, 5D, 75]
.text ... * 2
.text C:\Windows\system32\svchost.exe[3560] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49 000007feff094e21 11 bytes [B8, 39, 49, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[3560] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007feff095538 12 bytes [48, B8, B9, 6C, 5C, 75, 00, ...]
.text C:\Windows\system32\svchost.exe[3560] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 1 000007feff0ab9c1 7 bytes [B8, 79, 16, 5D, 75, 00, 00]
.text C:\Windows\system32\svchost.exe[3560] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 10 000007feff0ab9ca 2 bytes [50, C3]
.text C:\Windows\system32\svchost.exe[3560] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007feff0aba4c 12 bytes [48, B8, F9, 6A, 5C, 75, 00, ...]
.text C:\Windows\system32\svchost.exe[3560] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW 000007feff0abbc0 12 bytes [48, B8, 79, 60, 5C, 75, 00, ...]
.text C:\Windows\system32\svchost.exe[3560] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007feff0abc2c 12 bytes [48, B8, B9, 5E, 5C, 75, 00, ...]
.text C:\Windows\system32\taskeng.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!RtlEqualSid + 1 00000000775e85e1 11 bytes [B8, B9, 37, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\taskeng.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 00000000775f6921 7 bytes [B8, 39, 69, 5C, 75, 00, 00]
.text C:\Windows\system32\taskeng.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 10 00000000775f692a 2 bytes [50, C3]
.text C:\Windows\system32\taskeng.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 000000007760da30 6 bytes [48, B8, B9, 45, 5D, 75]
.text C:\Windows\system32\taskeng.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 000000007760da38 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskeng.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007760daa0 6 bytes [48, B8, 79, C2, 5C, 75]
.text C:\Windows\system32\taskeng.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 000000007760daa8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskeng.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007760db70 6 bytes [48, B8, 39, AF, 5C, 75]
.text C:\Windows\system32\taskeng.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 000000007760db78 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskeng.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken 000000007760dbc0 6 bytes [48, B8, F9, 35, 5D, 75]
.text C:\Windows\system32\taskeng.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken + 8 000000007760dbc8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskeng.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007760dc10 6 bytes [48, B8, F9, 32, 5C, 75]
.text C:\Windows\system32\taskeng.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 000000007760dc18 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskeng.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007760dc30 6 bytes [48, B8, 39, 1C, 5C, 75]
.text C:\Windows\system32\taskeng.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000000007760dc38 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskeng.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007760dc50 6 bytes [48, B8, F9, 1D, 5C, 75]
.text C:\Windows\system32\taskeng.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 000000007760dc58 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskeng.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007760dc70 6 bytes [48, B8, 79, AD, 5C, 75]
.text C:\Windows\system32\taskeng.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 000000007760dc78 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskeng.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007760dd20 6 bytes [48, B8, F9, 43, 5D, 75]
.text C:\Windows\system32\taskeng.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 000000007760dd28 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskeng.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007760dd50 6 bytes [48, B8, 79, 2F, 5C, 75]
.text C:\Windows\system32\taskeng.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 000000007760dd58 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskeng.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007760dd70 6 bytes [48, B8, 79, 36, 5C, 75]
.text C:\Windows\system32\taskeng.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 000000007760dd78 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskeng.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007760ddc0 6 bytes [48, B8, 79, DE, 5C, 75]
.text C:\Windows\system32\taskeng.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken + 8 000000007760ddc8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskeng.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007760de00 6 bytes [48, B8, B9, 34, 5C, 75]
.text C:\Windows\system32\taskeng.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 000000007760de08 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskeng.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007760de30 6 bytes [48, B8, F9, 0B, 5D, 75]
.text C:\Windows\system32\taskeng.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 8 000000007760de38 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskeng.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007760de50 6 bytes [48, B8, 79, 47, 5D, 75]
.text C:\Windows\system32\taskeng.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 000000007760de58 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskeng.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 000000007760de80 6 bytes [48, B8, 39, 2A, 5C, 75]
.text C:\Windows\system32\taskeng.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 000000007760de88 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskeng.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007760de90 6 bytes [48, B8, B9, 26, 5C, 75]
.text C:\Windows\system32\taskeng.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 000000007760de98 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskeng.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007760df00 6 bytes [48, B8, 39, E0, 5C, 75]
.text C:\Windows\system32\taskeng.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000000007760df08 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskeng.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000000007760dfb0 4 bytes [48, B8, F9, 4A]
.text C:\Windows\system32\taskeng.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 5 000000007760dfb5 1 byte [75]
.text ... * 2
.text C:\Windows\system32\taskeng.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007760e380 6 bytes [48, B8, 39, 42, 5D, 75]
.text C:\Windows\system32\taskeng.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 000000007760e388 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskeng.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 000000007760e3d0 6 bytes [48, B8, 79, 28, 5C, 75]
.text C:\Windows\system32\taskeng.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 000000007760e3d8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskeng.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007760e430 6 bytes [48, B8, F9, 24, 5C, 75]
.text C:\Windows\system32\taskeng.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 000000007760e438 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskeng.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007760e7a0 6 bytes [48, B8, 39, C4, 5C, 75]
.text C:\Windows\system32\taskeng.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 000000007760e7a8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskeng.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 000000007760e970 6 bytes [48, B8, 39, 34, 5D, 75]
.text C:\Windows\system32\taskeng.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 000000007760e978 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskeng.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 000000007760ece0 6 bytes [48, B8, 79, 83, 5C, 75]
.text C:\Windows\system32\taskeng.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 000000007760ece8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskeng.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007760eee0 6 bytes [48, B8, 39, 31, 5C, 75]
.text C:\Windows\system32\taskeng.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 000000007760eee8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskeng.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007760f0a0 6 bytes [48, B8, F9, C5, 5C, 75]
.text C:\Windows\system32\taskeng.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 000000007760f0a8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskeng.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007760f180 6 bytes [48, B8, 79, 3D, 5C, 75]
.text C:\Windows\system32\taskeng.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8 000000007760f188 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskeng.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007760f190 6 bytes [48, B8, B9, 3B, 5C, 75]
.text C:\Windows\system32\taskeng.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8 000000007760f198 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskeng.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007760f1a0 6 bytes [48, B8, 39, 49, 5D, 75]
.text C:\Windows\system32\taskeng.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 000000007760f1a8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskeng.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007760f280 6 bytes [48, B8, F9, 3C, 5D, 75]
.text C:\Windows\system32\taskeng.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 000000007760f288 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskeng.exe[5892] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 000000007767f0c1 11 bytes [B8, 39, 85, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\taskeng.exe[5892] C:\Windows\system32\kernel32.dll!Process32NextW + 1 00000000773a1b21 11 bytes [B8, B9, C0, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\taskeng.exe[5892] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 00000000773a1c10 12 bytes [48, B8, F9, 39, 5C, 75, 00, ...]
.text C:\Windows\system32\taskeng.exe[5892] C:\Windows\system32\kernel32.dll!MoveFileExW + 1 00000000773a2b61 8 bytes [B8, B9, D5, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\taskeng.exe[5892] C:\Windows\system32\kernel32.dll!MoveFileExW + 10 00000000773a2b6a 2 bytes [50, C3]
.text C:\Windows\system32\taskeng.exe[5892] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 00000000773bdb10 12 bytes [48, B8, B9, 2D, 5C, 75, 00, ...]
.text C:\Windows\system32\taskeng.exe[5892] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 00000000773c0951 11 bytes [B8, 39, 3B, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\taskeng.exe[5892] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 00000000773f52c1 11 bytes [B8, B9, 7A, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\taskeng.exe[5892] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 00000000773f52e1 11 bytes [B8, 39, 77, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\taskeng.exe[5892] C:\Windows\system32\kernel32.dll!ReadConsoleW 000000007740a630 12 bytes [48, B8, B9, 81, 5C, 75, 00, ...]
.text C:\Windows\system32\taskeng.exe[5892] C:\Windows\system32\kernel32.dll!ReadConsoleA 000000007740a740 12 bytes [48, B8, 39, 7E, 5C, 75, 00, ...]
.text C:\Windows\system32\taskeng.exe[5892] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1 000000007742f4e1 11 bytes [B8, B9, DC, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\taskeng.exe[5892] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1 000000007742f6e1 11 bytes [B8, 39, D9, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\taskeng.exe[5892] C:\Windows\system32\kernel32.dll!MoveFileExA + 1 000000007742f711 8 bytes [B8, 39, D2, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\taskeng.exe[5892] C:\Windows\system32\kernel32.dll!MoveFileExA + 10 000000007742f71a 2 bytes [50, C3]
.text C:\Windows\system32\taskeng.exe[5892] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd681861 11 bytes [B8, 79, 52, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\taskeng.exe[5892] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd682db1 11 bytes [B8, 79, B4, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\taskeng.exe[5892] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd683461 11 bytes [B8, 39, B6, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\taskeng.exe[5892] C:\Windows\system32\KERNELBASE.dll!FindClose + 1 000007fefd6850d1 11 bytes [B8, 39, 11, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\taskeng.exe[5892] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 000007fefd685370 12 bytes [48, B8, B9, 0D, 5D, 75, 00, ...]
.text C:\Windows\system32\taskeng.exe[5892] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 000007fefd685eb1 11 bytes [B8, 79, 0F, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\taskeng.exe[5892] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd688f20 12 bytes [48, B8, B9, 50, 5C, 75, 00, ...]
.text C:\Windows\system32\taskeng.exe[5892] C:\Windows\system32\KERNELBASE.dll!CreateWellKnownSid + 1 000007fefd6897a1 11 bytes [B8, 79, 32, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\taskeng.exe[5892] C:\Windows\system32\KERNELBASE.dll!DeviceIoControl + 1 000007fefd68a0e1 11 bytes [B8, F9, E1, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\taskeng.exe[5892] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd68aec0 12 bytes [48, B8, B9, B2, 5C, 75, 00, ...]
.text C:\Windows\system32\taskeng.exe[5892] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd68ca31 11 bytes [B8, F9, B0, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\taskeng.exe[5892] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd6937d1 11 bytes [B8, F9, 4E, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\taskeng.exe[5892] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd6b4310 12 bytes [48, B8, B9, 42, 5C, 75, 00, ...]
.text C:\Windows\system32\taskeng.exe[5892] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 000007fefd6c0bd1 11 bytes [B8, B9, CE, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\taskeng.exe[5892] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd6c2831 8 bytes [B8, 39, 23, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\taskeng.exe[5892] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd6c283a 2 bytes [50, C3]
.text C:\Windows\system32\taskeng.exe[5892] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd6c2871 11 bytes [B8, F9, 40, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\taskeng.exe[5892] C:\Windows\system32\GDI32.dll!GdiDllInitialize + 349 000007fefe10b031 11 bytes [B8, 79, 4E, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\taskeng.exe[5892] C:\Windows\system32\GDI32.dll!SetBrushAttributes + 1 000007fefe124991 11 bytes [B8, B9, 22, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\taskeng.exe[5892] C:\Windows\system32\GDI32.dll!ClearBrushAttributes + 1 000007fefe1249b1 11 bytes [B8, 79, 24, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\taskeng.exe[5892] C:\Windows\system32\GDI32.dll!NamedEscape + 1 000007fefe139209 11 bytes [B8, F9, 27, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\taskeng.exe[5892] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefdd3642d 11 bytes [B8, 39, 5B, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\taskeng.exe[5892] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefdd36484 12 bytes [48, B8, F9, 55, 5C, 75, 00, ...]
.text C:\Windows\system32\taskeng.exe[5892] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefdd36519 11 bytes [B8, 39, 62, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\taskeng.exe[5892] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefdd36c34 12 bytes [48, B8, 39, 54, 5C, 75, 00, ...]
.text C:\Windows\system32\taskeng.exe[5892] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefdd37ab5 11 bytes [B8, F9, 5C, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\taskeng.exe[5892] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefdd38b01 11 bytes [B8, B9, 57, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\taskeng.exe[5892] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefdd38c39 11 bytes [B8, 79, 59, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\taskeng.exe[5892] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 1 000007feff07ae81 11 bytes [B8, 79, 2B, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\taskeng.exe[5892] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 1 000007feff07aee1 11 bytes [B8, F9, 12, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\taskeng.exe[5892] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 1 000007feff07e6e9 11 bytes [B8, B9, 30, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\taskeng.exe[5892] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 1 000007feff08048d 11 bytes [B8, B9, 14, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\taskeng.exe[5892] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 1 000007feff080579 11 bytes [B8, B9, 29, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\taskeng.exe[5892] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 1 000007feff0805b1 11 bytes [B8, 39, 2D, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\taskeng.exe[5892] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 73 000007feff0805f9 5 bytes [B8, F9, 2E, 5D, 75]
.text ... * 2
.text C:\Windows\system32\taskeng.exe[5892] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49 000007feff094e21 11 bytes [B8, 39, 50, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\taskeng.exe[5892] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007feff095538 12 bytes [48, B8, B9, 6C, 5C, 75, 00, ...]
.text C:\Windows\system32\taskeng.exe[5892] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 1 000007feff0ab9c1 7 bytes [B8, 39, 18, 5D, 75, 00, 00]
.text C:\Windows\system32\taskeng.exe[5892] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 10 000007feff0ab9ca 2 bytes [50, C3]
.text C:\Windows\system32\taskeng.exe[5892] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007feff0aba4c 12 bytes [48, B8, F9, 6A, 5C, 75, 00, ...]
.text C:\Windows\system32\taskeng.exe[5892] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW 000007feff0abbc0 12 bytes [48, B8, 79, 60, 5C, 75, 00, ...]
.text C:\Windows\system32\taskeng.exe[5892] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007feff0abc2c 12 bytes [48, B8, B9, 5E, 5C, 75, 00, ...]
.text C:\Windows\system32\rundll32.exe[4552] C:\Windows\SYSTEM32\ntdll.dll!RtlEqualSid + 1 00000000775e85e1 11 bytes [B8, B9, 37, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\rundll32.exe[4552] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 00000000775f6921 7 bytes [B8, F9, 6A, 5C, 75, 00, 00]
.text C:\Windows\system32\rundll32.exe[4552] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 10 00000000775f692a 2 bytes [50, C3]
.text C:\Windows\system32\rundll32.exe[4552] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 000000007760da30 6 bytes [48, B8, B9, 45, 5D, 75]
.text C:\Windows\system32\rundll32.exe[4552] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 000000007760da38 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\rundll32.exe[4552] C:\Windows\SYSTEM32\ntdll.dll!NtClose 000000007760daa0 6 bytes [48, B8, 79, C2, 5C, 75]
.text C:\Windows\system32\rundll32.exe[4552] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 000000007760daa8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\rundll32.exe[4552] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 000000007760db70 6 bytes [48, B8, F9, B0, 5C, 75]
.text C:\Windows\system32\rundll32.exe[4552] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 000000007760db78 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\rundll32.exe[4552] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken 000000007760dbc0 6 bytes [48, B8, F9, 35, 5D, 75]
.text C:\Windows\system32\rundll32.exe[4552] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationToken + 8 000000007760dbc8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\rundll32.exe[4552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000000007760dc10 6 bytes [48, B8, B9, 34, 5C, 75]
.text C:\Windows\system32\rundll32.exe[4552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 000000007760dc18 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\rundll32.exe[4552] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007760dc30 6 bytes [48, B8, 39, 1C, 5C, 75]
.text C:\Windows\system32\rundll32.exe[4552] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 000000007760dc38 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\rundll32.exe[4552] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 000000007760dc50 6 bytes [48, B8, F9, 1D, 5C, 75]
.text C:\Windows\system32\rundll32.exe[4552] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 000000007760dc58 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\rundll32.exe[4552] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000000007760dc70 6 bytes [48, B8, 39, AF, 5C, 75]
.text C:\Windows\system32\rundll32.exe[4552] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 000000007760dc78 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\rundll32.exe[4552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000000007760dd20 6 bytes [48, B8, F9, 43, 5D, 75]
.text C:\Windows\system32\rundll32.exe[4552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 000000007760dd28 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\rundll32.exe[4552] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007760dd50 6 bytes [48, B8, 39, 31, 5C, 75]
.text C:\Windows\system32\rundll32.exe[4552] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 000000007760dd58 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\rundll32.exe[4552] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000000007760dd70 6 bytes [48, B8, 39, 38, 5C, 75]
.text C:\Windows\system32\rundll32.exe[4552] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 000000007760dd78 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\rundll32.exe[4552] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 000000007760ddc0 6 bytes [48, B8, 79, DE, 5C, 75]
.text C:\Windows\system32\rundll32.exe[4552] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken + 8 000000007760ddc8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\rundll32.exe[4552] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007760de00 6 bytes [48, B8, 79, 36, 5C, 75]
.text C:\Windows\system32\rundll32.exe[4552] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 000000007760de08 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\rundll32.exe[4552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000000007760de30 6 bytes [48, B8, F9, 0B, 5D, 75]
.text C:\Windows\system32\rundll32.exe[4552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 8 000000007760de38 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\rundll32.exe[4552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000000007760de50 6 bytes [48, B8, 79, 47, 5D, 75]
.text C:\Windows\system32\rundll32.exe[4552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 000000007760de58 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\rundll32.exe[4552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 000000007760de80 6 bytes [48, B8, F9, 2B, 5C, 75]
.text C:\Windows\system32\rundll32.exe[4552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 000000007760de88 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\rundll32.exe[4552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000000007760de90 6 bytes [48, B8, 79, 28, 5C, 75]
.text C:\Windows\system32\rundll32.exe[4552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 000000007760de98 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\rundll32.exe[4552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 000000007760df00 6 bytes [48, B8, 39, E0, 5C, 75]
.text C:\Windows\system32\rundll32.exe[4552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 000000007760df08 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\rundll32.exe[4552] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 000000007760dfb0 4 bytes [48, B8, F9, 4A]
.text C:\Windows\system32\rundll32.exe[4552] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 5 000000007760dfb5 1 byte [75]
.text ... * 2
.text C:\Windows\system32\rundll32.exe[4552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000000007760e380 6 bytes [48, B8, 39, 42, 5D, 75]
.text C:\Windows\system32\rundll32.exe[4552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 000000007760e388 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\rundll32.exe[4552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 000000007760e3d0 6 bytes [48, B8, 39, 2A, 5C, 75]
.text C:\Windows\system32\rundll32.exe[4552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 000000007760e3d8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\rundll32.exe[4552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007760e430 6 bytes [48, B8, B9, 26, 5C, 75]
.text C:\Windows\system32\rundll32.exe[4552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 000000007760e438 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\rundll32.exe[4552] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000000007760e7a0 6 bytes [48, B8, 39, C4, 5C, 75]
.text C:\Windows\system32\rundll32.exe[4552] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 000000007760e7a8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\rundll32.exe[4552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 000000007760e970 6 bytes [48, B8, 39, 34, 5D, 75]
.text C:\Windows\system32\rundll32.exe[4552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken + 8 000000007760e978 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\rundll32.exe[4552] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 000000007760ece0 6 bytes [48, B8, 39, 85, 5C, 75]
.text C:\Windows\system32\rundll32.exe[4552] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 000000007760ece8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\rundll32.exe[4552] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007760eee0 6 bytes [48, B8, F9, 32, 5C, 75]
.text C:\Windows\system32\rundll32.exe[4552] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 000000007760eee8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\rundll32.exe[4552] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000000007760f0a0 6 bytes [48, B8, F9, C5, 5C, 75]
.text C:\Windows\system32\rundll32.exe[4552] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 000000007760f0a8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\rundll32.exe[4552] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000000007760f180 6 bytes [48, B8, 39, 3F, 5C, 75]
.text C:\Windows\system32\rundll32.exe[4552] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8 000000007760f188 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\rundll32.exe[4552] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000000007760f190 6 bytes [48, B8, 79, 3D, 5C, 75]
.text C:\Windows\system32\rundll32.exe[4552] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8 000000007760f198 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\rundll32.exe[4552] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000000007760f1a0 6 bytes [48, B8, 39, 49, 5D, 75]
.text C:\Windows\system32\rundll32.exe[4552] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 000000007760f1a8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\rundll32.exe[4552] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000000007760f280 6 bytes [48, B8, F9, 3C, 5D, 75]
.text C:\Windows\system32\rundll32.exe[4552] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 000000007760f288 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\rundll32.exe[4552] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 000000007767f0c1 11 bytes [B8, F9, 86, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\rundll32.exe[4552] C:\Windows\system32\kernel32.dll!Process32NextW + 1 00000000773a1b21 11 bytes [B8, B9, C0, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\rundll32.exe[4552] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 00000000773a1c10 12 bytes [48, B8, B9, 3B, 5C, 75, 00, ...]
.text C:\Windows\system32\rundll32.exe[4552] C:\Windows\system32\kernel32.dll!MoveFileExW + 1 00000000773a2b61 8 bytes [B8, B9, D5, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\rundll32.exe[4552] C:\Windows\system32\kernel32.dll!MoveFileExW + 10 00000000773a2b6a 2 bytes [50, C3]
.text C:\Windows\system32\rundll32.exe[4552] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 00000000773bdb10 12 bytes [48, B8, 79, 2F, 5C, 75, 00, ...]
.text C:\Windows\system32\rundll32.exe[4552] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 00000000773c0951 11 bytes [B8, 39, 3B, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\rundll32.exe[4552] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 00000000773f52c1 11 bytes [B8, 79, 7C, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\rundll32.exe[4552] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 00000000773f52e1 11 bytes [B8, F9, 78, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\rundll32.exe[4552] C:\Windows\system32\kernel32.dll!ReadConsoleW 000000007740a630 12 bytes [48, B8, 79, 83, 5C, 75, 00, ...]
.text C:\Windows\system32\rundll32.exe[4552] C:\Windows\system32\kernel32.dll!ReadConsoleA 000000007740a740 12 bytes [48, B8, F9, 7F, 5C, 75, 00, ...]
.text C:\Windows\system32\rundll32.exe[4552] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1 000000007742f4e1 11 bytes [B8, B9, DC, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\rundll32.exe[4552] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1 000000007742f6e1 11 bytes [B8, 39, D9, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\rundll32.exe[4552] C:\Windows\system32\kernel32.dll!MoveFileExA + 1 000000007742f711 8 bytes [B8, 39, D2, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\rundll32.exe[4552] C:\Windows\system32\kernel32.dll!MoveFileExA + 10 000000007742f71a 2 bytes [50, C3]
.text C:\Windows\system32\rundll32.exe[4552] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd681861 11 bytes [B8, 39, 54, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\rundll32.exe[4552] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd682db1 11 bytes [B8, 79, B4, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\rundll32.exe[4552] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd683461 11 bytes [B8, 39, B6, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\rundll32.exe[4552] C:\Windows\system32\KERNELBASE.dll!FindClose + 1 000007fefd6850d1 11 bytes [B8, 39, 11, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\rundll32.exe[4552] C:\Windows\system32\KERNELBASE.dll!FindFirstFileExW 000007fefd685370 12 bytes [48, B8, B9, 0D, 5D, 75, 00, ...]
.text C:\Windows\system32\rundll32.exe[4552] C:\Windows\system32\KERNELBASE.dll!FindNextFileW + 1 000007fefd685eb1 11 bytes [B8, 79, 0F, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\rundll32.exe[4552] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd688f20 12 bytes [48, B8, 79, 52, 5C, 75, 00, ...]
.text C:\Windows\system32\rundll32.exe[4552] C:\Windows\system32\KERNELBASE.dll!CreateWellKnownSid + 1 000007fefd6897a1 11 bytes [B8, 79, 32, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\rundll32.exe[4552] C:\Windows\system32\KERNELBASE.dll!DeviceIoControl + 1 000007fefd68a0e1 11 bytes [B8, F9, E1, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\rundll32.exe[4552] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd68aec0 12 bytes [48, B8, B9, 1F, 5C, 75, 00, ...]
.text C:\Windows\system32\rundll32.exe[4552] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd68ca31 11 bytes [B8, B9, B2, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\rundll32.exe[4552] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd6937d1 11 bytes [B8, B9, 50, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\rundll32.exe[4552] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd6b4310 12 bytes [48, B8, 79, 44, 5C, 75, 00, ...]
.text C:\Windows\system32\rundll32.exe[4552] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 000007fefd6c0bd1 11 bytes [B8, B9, CE, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\rundll32.exe[4552] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd6c2831 8 bytes [B8, F9, 24, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\rundll32.exe[4552] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd6c283a 2 bytes [50, C3]
.text C:\Windows\system32\rundll32.exe[4552] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd6c2871 11 bytes [B8, B9, 42, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\rundll32.exe[4552] C:\Windows\system32\GDI32.dll!GdiDllInitialize + 349 000007fefe10b031 11 bytes [B8, 79, 4E, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\rundll32.exe[4552] C:\Windows\system32\GDI32.dll!SetBrushAttributes + 1 000007fefe124991 11 bytes [B8, B9, 22, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\rundll32.exe[4552] C:\Windows\system32\GDI32.dll!ClearBrushAttributes + 1 000007fefe1249b1 11 bytes [B8, 79, 24, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\rundll32.exe[4552] C:\Windows\system32\GDI32.dll!NamedEscape + 1 000007fefe139209 11 bytes [B8, F9, 27, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\rundll32.exe[4552] C:\Windows\system32\ADVAPI32.dll!CryptExportKey + 1 000007feff07ae81 11 bytes [B8, 79, 2B, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\rundll32.exe[4552] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextA + 1 000007feff07aee1 11 bytes [B8, F9, 12, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\rundll32.exe[4552] C:\Windows\system32\ADVAPI32.dll!CryptImportKey + 1 000007feff07e6e9 11 bytes [B8, B9, 30, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\rundll32.exe[4552] C:\Windows\system32\ADVAPI32.dll!CryptAcquireContextW + 1 000007feff08048d 11 bytes [B8, B9, 14, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\rundll32.exe[4552] C:\Windows\system32\ADVAPI32.dll!CryptCreateHash + 1 000007feff080579 11 bytes [B8, B9, 29, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\rundll32.exe[4552] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 1 000007feff0805b1 11 bytes [B8, 39, 2D, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\rundll32.exe[4552] C:\Windows\system32\ADVAPI32.dll!CryptGetHashParam + 73 000007feff0805f9 5 bytes [B8, F9, 2E, 5D, 75]
.text ...
|
|
06.12.2015, 02:28
| #15 |
| /// TB-Schüler | Win7: Fehler 5 u.a. / "Kaputtoptimiert" Teil 16: Code:
ATTFilter * 2
.text C:\Windows\system32\rundll32.exe[4552] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49 000007feff094e21 11 bytes [B8, 39, 50, 5D, 75, 00, 00, ...]
.text C:\Windows\system32\rundll32.exe[4552] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007feff095538 12 bytes [48, B8, 79, 6E, 5C, 75, 00, ...]
.text C:\Windows\system32\rundll32.exe[4552] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 1 000007feff0ab9c1 7 bytes [B8, 39, 18, 5D, 75, 00, 00]
.text C:\Windows\system32\rundll32.exe[4552] C:\Windows\system32\ADVAPI32.dll!CryptEncrypt + 10 000007feff0ab9ca 2 bytes [50, C3]
.text C:\Windows\system32\rundll32.exe[4552] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007feff0aba4c 12 bytes [48, B8, B9, 6C, 5C, 75, 00, ...]
.text C:\Windows\system32\rundll32.exe[4552] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW 000007feff0abbc0 12 bytes [48, B8, 39, 62, 5C, 75, 00, ...]
.text C:\Windows\system32\rundll32.exe[4552] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007feff0abc2c 12 bytes [48, B8, 79, 60, 5C, 75, 00, ...]
.text C:\Windows\system32\rundll32.exe[4552] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefdd3642d 11 bytes [B8, F9, 5C, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\rundll32.exe[4552] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefdd36484 12 bytes [48, B8, B9, 57, 5C, 75, 00, ...]
.text C:\Windows\system32\rundll32.exe[4552] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefdd36519 11 bytes [B8, F9, 63, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\rundll32.exe[4552] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefdd36c34 12 bytes [48, B8, F9, 55, 5C, 75, 00, ...]
.text C:\Windows\system32\rundll32.exe[4552] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefdd37ab5 11 bytes [B8, B9, 5E, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\rundll32.exe[4552] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefdd38b01 11 bytes [B8, 79, 59, 5C, 75, 00, 00, ...]
.text C:\Windows\system32\rundll32.exe[4552] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefdd38c39 11 bytes [B8, 39, 5B, 5C, 75, 00, 00, ...]
.text C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe[5508] C:\Windows\SysWOW64\ntdll.dll!NtWriteFile 00000000777bf968 5 bytes JMP 00000001749e8889
.text C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe[5508] C:\Windows\SysWOW64\ntdll.dll!NtClose 00000000777bfa20 5 bytes JMP 00000001749e5e61
.text C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe[5508] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 00000000777bfb68 5 bytes JMP 00000001749e5871
.text C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe[5508] C:\Windows\SysWOW64\ntdll.dll!NtQueryInformationToken 00000000777bfbe8 5 bytes JMP 00000001749e8461
.text C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe[5508] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 00000000777bfc60 5 bytes JMP 00000001749e31d9
.text C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe[5508] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 00000000777bfc90 5 bytes JMP 00000001749e15f1
.text C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe[5508] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 00000000777bfcc0 5 bytes JMP 00000001749e1689
.text C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe[5508] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000777bfcf0 5 bytes JMP 00000001749e57d9
.text C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe[5508] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 00000000777bfe08 5 bytes JMP 00000001749e87f1
.text C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe[5508] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000777bfe54 5 bytes JMP 00000001749e30a9
.text C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe[5508] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 00000000777bfe84 5 bytes JMP 00000001749e3309
.text C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe[5508] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 00000000777bff00 5 bytes JMP 00000001749e67e1
.text C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe[5508] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 00000000777bff64 5 bytes JMP 00000001749e3271
.text C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe[5508] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 00000000777bffb4 5 bytes JMP 00000001749e7621
.text C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe[5508] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 00000000777bffe4 5 bytes JMP 00000001749e8921
.text C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe[5508] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 00000000777c002c 5 bytes JMP 00000001749e2ee1
.text C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe[5508] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000777c0044 5 bytes JMP 00000001749e2db1
.text C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe[5508] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000777c00f4 5 bytes JMP 00000001749e1ed9
.text C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe[5508] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000777c0204 5 bytes JMP 00000001749e2301
.text C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe[5508] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000777c07dc 5 bytes JMP 00000001749e8759
.text C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe[5508] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 00000000777c0854 5 bytes JMP 00000001749e2e49
.text C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe[5508] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000777c08e4 5 bytes JMP 00000001749e2d19
.text C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe[5508] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000777c0e34 5 bytes JMP 00000001749e5ef9
.text C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe[5508] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken 00000000777c1100 5 bytes JMP 00000001749e83c9
.text C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe[5508] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError 00000000777c1644 5 bytes JMP 00000001749e4ac9
.text C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe[5508] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000777c1960 5 bytes JMP 00000001749e3141
.text C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe[5508] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000777c1c24 5 bytes JMP 00000001749e5f91
.text C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe[5508] C:\Windows\SysWOW64\ntdll.dll!NtSuspendProcess 00000000777c1d94 5 bytes JMP 00000001749e3439
.text C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe[5508] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 00000000777c1db0 5 bytes JMP 00000001749e33a1
.text C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe[5508] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 00000000777c1dcc 5 bytes JMP 00000001749e89b9
.text C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe[5508] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl 00000000777c1f28 5 bytes JMP 00000001749e8591
.text C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe[5508] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter 00000000777d28e4 5 bytes JMP 00000001749e1ab1
.text C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe[5508] C:\Windows\SysWOW64\ntdll.dll!RtlEqualSid 00000000777d8e61 5 bytes JMP 00000001749e84f9
.text C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe[5508] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx 0000000077800eab 5 bytes JMP 00000001749e2009
.text C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe[5508] C:\Windows\SysWOW64\ntdll.dll!RtlReportException 0000000077848b7f 5 bytes JMP 00000001749e4b61
.text C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe[5508] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters 000000007784ee1b 5 bytes JMP 00000001749e1f71
.text C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe[5508] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA 0000000076dc0e00 5 bytes JMP 00000001749e1da9
.text C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe[5508] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000076dc1072 5 bytes JMP 00000001749e2a21
.text C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe[5508] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 0000000076dc498f 5 bytes JMP 00000001749e25f9
.text C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe[5508] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000076dd3bab 5 bytes JMP 00000001749e3011
.text C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe[5508] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000076dd9aa4 5 bytes JMP 00000001749e6749
.text C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe[5508] C:\Windows\syswow64\kernel32.dll!MoveFileExW 0000000076dd9b05 5 bytes JMP 00000001749e64e9
.text C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe[5508] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot 0000000076de7327 5 bytes JMP 00000001749e2729
.text C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe[5508] C:\Windows\syswow64\kernel32.dll!Process32NextW 0000000076de88da 5 bytes JMP 00000001749e5dc9
.text C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe[5508] C:\Windows\syswow64\kernel32.dll!MoveFileExA 0000000076deccb1 5 bytes JMP 00000001749e63b9
.text C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe[5508] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 0000000076deccd1 5 bytes JMP 00000001749e6619
.text C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe[5508] C:\Windows\syswow64\kernel32.dll!WinExec 0000000076e43161 5 bytes JMP 00000001749e28f1
.text C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe[5508] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA 0000000076e6759b 5 bytes JMP 00000001749e46a1
.text C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe[5508] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW 0000000076e675be 5 bytes JMP 00000001749e47d1
.text C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe[5508] C:\Windows\syswow64\kernel32.dll!ReadConsoleA 0000000076e67969 5 bytes JMP 00000001749e4901
.text C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe[5508] C:\Windows\syswow64\kernel32.dll!ReadConsoleW 0000000076e679e2 5 bytes JMP 00000001749e4a31
.text C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe[5508] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime 0000000076908f8d 5 bytes JMP 00000001749e1a19
.text C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe[5508] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle 000000007690c436 5 bytes JMP 00000001749e3b59
.text C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe[5508] C:\Windows\syswow64\KERNELBASE.dll!DeviceIoControl 000000007690d0af 5 bytes JMP 00000001749e6879
.text C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe[5508] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 000000007690eca6 5 bytes JMP 00000001749e3601
.text C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe[5508] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess 000000007690f206 5 bytes JMP 00000001749e2399
.text C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe[5508] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW 000000007690fa89 5 bytes JMP 00000001749e1e41
.text C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe[5508] C:\Windows\syswow64\KERNELBASE.dll!DefineDosDeviceW 000000007690fbb7 5 bytes JMP 00000001749e6289
.text C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe[5508] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW 0000000076911358 5 bytes JMP 00000001749e3ac1
.text C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe[5508] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 000000007691137f 5 bytes JMP 00000001749e3a29
.text C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe[5508] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076911d29 5 bytes JMP 00000001749e1981
.text C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe[5508] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress 0000000076911e15 5 bytes JMP 00000001749e24c9
.text C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe[5508] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076912ab1 5 bytes JMP 00000001749e59a1
.text C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe[5508] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA 0000000076912cdf 5 bytes JMP 00000001749e5909
.text C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe[5508] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076912d1d 5 bytes JMP 00000001749e5a39
.text C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe[5508] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA 0000000076912e80 5 bytes JMP 00000001749e18e9
.text C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe[5508] C:\Windows\syswow64\KERNELBASE.dll!SleepEx 0000000076913b76 5 bytes JMP 00000001749e2269
.text C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe[5508] C:\Windows\syswow64\KERNELBASE.dll!Sleep 000000007691449c 5 bytes JMP 00000001749e2431
.text C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe[5508] C:\Windows\syswow64\KERNELBASE.dll!CreateThread 000000007691460e 5 bytes JMP 00000001749e3569
.text C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe[5508] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread 0000000076914637 5 bytes JMP 00000001749e2c81
.text C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe[5508] C:\Windows\syswow64\KERNELBASE.dll!FindNextFileW 000000007691a217 5 bytes JMP 00000001749e7751
.text C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe[5508] C:\Windows\syswow64\KERNELBASE.dll!FindClose 000000007691a426 5 bytes JMP 00000001749e77e9
.text C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe[5508] C:\Windows\syswow64\KERNELBASE.dll!FindFirstFileExW 000000007691a500 5 bytes JMP 00000001749e76b9
.text C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe[5508] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA 000000007691c73a 5 bytes JMP 00000001749e27c1
.text C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe[5508] C:\Windows\syswow64\KERNELBASE.dll!CreateWellKnownSid 000000007691e2a4 5 bytes JMP 00000001749e8331
.text C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe[5508] C:\Windows\syswow64\msvcrt.dll!_lock + 41 0000000076a4a472 5 bytes JMP 00000001749e8a51
.text C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe[5508] C:\Windows\syswow64\msvcrt.dll!__p__fmode 0000000076a527ce 5 bytes JMP 00000001749e1be1
.text C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe[5508] C:\Windows\syswow64\msvcrt.dll!__p__environ 0000000076a5e6cf 5 bytes JMP 00000001749e1b49
.text C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe[5508] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000076b078e2 5 bytes JMP 00000001749e4441
.text C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe[5508] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000076b07bd3 5 bytes JMP 00000001749e43a9
.text C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe[5508] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076b08a29 5 bytes JMP 00000001749e4f89
.text C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe[5508] C:\Windows\syswow64\USER32.dll!FindWindowW 0000000076b098fd 1 byte JMP 00000001749e5c01
.text C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe[5508] C:\Windows\syswow64\USER32.dll!FindWindowW + 2 0000000076b098ff 3 bytes {JMP 0xfffffffffdedc304}
.text C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe[5508] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize 0000000076b0b6ed 5 bytes JMP 00000001749e8b81
.text C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe[5508] C:\Windows\syswow64\USER32.dll!CreateWindowExA 0000000076b0d22e 5 bytes JMP 00000001749e5021
.text C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe[5508] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000076b0ee09 5 bytes JMP 00000001749e34d1
.text C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe[5508] C:\Windows\syswow64\USER32.dll!FindWindowA 0000000076b0ffe6 5 bytes JMP 00000001749e5ad1
.text C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe[5508] C:\Windows\syswow64\USER32.dll!FindWindowExA 0000000076b100d9 5 bytes JMP 00000001749e5b69
.text C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe[5508] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000076b105ba 5 bytes JMP 00000001749e4571
.text C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe[5508] C:\Windows\syswow64\USER32.dll!ShowWindow 0000000076b10dfb 5 bytes JMP 00000001749e50b9
.text C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe[5508] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000076b112a5 5 bytes JMP 00000001749e86c1
.text C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe[5508] C:\Windows\syswow64\USER32.dll!SetWindowTextW 0000000076b120ec 5 bytes JMP 00000001749e5449
.text C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe[5508] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000076b13baa 5 bytes JMP 00000001749e8629
.text C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe[5508] C:\Windows\syswow64\USER32.dll!SetWindowPlacement 0000000076b14ab6 5 bytes JMP 00000001749e7f09
.text C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe[5508] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000076b15f74 5 bytes JMP 00000001749e44d9
.text C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe[5508] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000076b16285 5 bytes JMP 00000001749e4bf9
.text C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe[5508] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076b17603 5 bytes JMP 00000001749e2be9
.text C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe[5508] C:\Windows\syswow64\USER32.dll!SetWindowTextA 0000000076b17aee 5 bytes JMP 00000001749e53b1
.text C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe[5508] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000076b1835c 5 bytes JMP 00000001749e2b51
.text C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe[5508] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamAorW 0000000076b2ce54 5 bytes JMP 00000001749e51e9
.text C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe[5508] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000076b2f52b 5 bytes JMP 00000001749e4c91
.text C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe[5508] C:\Windows\syswow64\USER32.dll!FindWindowExW 0000000076b2f588 5 bytes JMP 00000001749e5c99
.text C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe[5508] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamAorW 0000000076b310a0 5 bytes JMP 00000001749e5151
.text C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe[5508] C:\Windows\syswow64\USER32.dll!MessageBoxExA 0000000076b5fcd6 2 bytes JMP 00000001749e5281
.text C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe[5508] C:\Windows\syswow64\USER32.dll!MessageBoxExA + 3 0000000076b5fcd9 2 bytes [E8, FD]
.text C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe[5508] C:\Windows\syswow64\USER32.dll!MessageBoxExW 0000000076b5fcfa 5 bytes JMP 00000001749e5319
.text C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe[5508] C:\Windows\syswow64\ADVAPI32.dll!CryptGenKey 00000000767f8e89 5 bytes JMP 00000001749e79b1
.text C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe[5508] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextA 00000000767f9179 5 bytes JMP 00000001749e7881
.text C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe[5508] C:\Windows\syswow64\ADVAPI32.dll!CryptExportKey 00000000767f9186 5 bytes JMP 00000001749e80d1
.text C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe[5508] C:\Windows\syswow64\ADVAPI32.dll!CryptImportKey 00000000767fc4d2 5 bytes JMP 00000001749e8299
.text C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe[5508] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceW 00000000767fc9ec 5 bytes JMP 00000001749e3c89
.text C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe[5508] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextW 00000000767fdeb4 5 bytes JMP 00000001749e7919
.text C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe[5508] C:\Windows\syswow64\ADVAPI32.dll!CryptHashData 00000000767fded6 5 bytes JMP 00000001749e8201
.text C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe[5508] C:\Windows\syswow64\ADVAPI32.dll!CryptCreateHash 00000000767fdeee 5 bytes JMP 00000001749e8039
.text C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe[5508] C:\Windows\syswow64\ADVAPI32.dll!CryptGetHashParam 00000000767fdf1e 5 bytes JMP 00000001749e8169
.text C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe[5508] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceA 0000000076802b50 5 bytes JMP 00000001749e3bf1
.text C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe[5508] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle 00000000768035fc 5 bytes JMP 00000001749e40b1
.text C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe[5508] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA + 222 000000007680494d 5 bytes JMP 00000001749e8c19
.text C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe[5508] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 000000007681714c 5 bytes JMP 00000001749e4311
.text C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe[5508] C:\Windows\syswow64\ADVAPI32.dll!ControlService 0000000076817164 5 bytes JMP 00000001749e3e51
.text C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe[5508] C:\Windows\syswow64\ADVAPI32.dll!DeleteService 000000007681717c 5 bytes JMP 00000001749e3ee9
.text C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe[5508] C:\Windows\syswow64\ADVAPI32.dll!CryptEncrypt 00000000768177c3 5 bytes JMP 00000001749e7a49
.text C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe[5508] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA 0000000076833384 5 bytes JMP 00000001749e3f81
.text C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe[5508] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW 0000000076833394 5 bytes JMP 00000001749e4019
.text C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe[5508] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA 00000000768333a4 5 bytes JMP 00000001749e3d21
.text C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe[5508] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExW 00000000768333b4 5 bytes JMP 00000001749e3db9
.text C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe[5508] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 00000000768333f4 5 bytes JMP 00000001749e4279
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\SysWOW64\ntdll.dll!NtReadFile 00000000777bf930 5 bytes JMP 00000001749e76b9
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\SysWOW64\ntdll.dll!NtWriteFile 00000000777bf968 5 bytes JMP 00000001749e8921
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\SysWOW64\ntdll.dll!NtClose 00000000777bfa20 5 bytes JMP 00000001749e5e61
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 00000000777bfb68 5 bytes JMP 00000001749e5871
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\SysWOW64\ntdll.dll!NtQueryInformationToken 00000000777bfbe8 5 bytes JMP 00000001749e84f9
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 00000000777bfc60 5 bytes JMP 00000001749e31d9
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 00000000777bfc90 5 bytes JMP 00000001749e15f1
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 00000000777bfcc0 5 bytes JMP 00000001749e1689
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000777bfcf0 5 bytes JMP 00000001749e57d9
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 00000000777bfe08 5 bytes JMP 00000001749e8889
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000777bfe54 5 bytes JMP 00000001749e30a9
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 00000000777bfe84 5 bytes JMP 00000001749e3309
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 00000000777bff00 5 bytes JMP 00000001749e67e1
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 00000000777bff64 5 bytes JMP 00000001749e3271
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 00000000777bffb4 5 bytes JMP 00000001749e7621
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 00000000777bffe4 5 bytes JMP 00000001749e89b9
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 00000000777c002c 5 bytes JMP 00000001749e2ee1
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000777c0044 5 bytes JMP 00000001749e2db1
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000777c00f4 5 bytes JMP 00000001749e1ed9
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000777c0204 5 bytes JMP 00000001749e2301
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000777c07dc 5 bytes JMP 00000001749e87f1
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 00000000777c0854 5 bytes JMP 00000001749e2e49
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000777c08e4 5 bytes JMP 00000001749e2d19
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000777c0e34 5 bytes JMP 00000001749e5ef9
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken 00000000777c1100 5 bytes JMP 00000001749e8461
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError 00000000777c1644 5 bytes JMP 00000001749e4ac9
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000777c1960 5 bytes JMP 00000001749e3141
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000777c1c24 5 bytes JMP 00000001749e5f91
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\SysWOW64\ntdll.dll!NtSuspendProcess 00000000777c1d94 5 bytes JMP 00000001749e3439
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 00000000777c1db0 5 bytes JMP 00000001749e33a1
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 00000000777c1dcc 5 bytes JMP 00000001749e8a51
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl 00000000777c1f28 5 bytes JMP 00000001749e8629
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter 00000000777d28e4 5 bytes JMP 00000001749e1ab1
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\SysWOW64\ntdll.dll!RtlEqualSid 00000000777d8e61 5 bytes JMP 00000001749e8591
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx 0000000077800eab 5 bytes JMP 00000001749e2009
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\SysWOW64\ntdll.dll!RtlReportException 0000000077848b7f 5 bytes JMP 00000001749e4b61
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters 000000007784ee1b 5 bytes JMP 00000001749e1f71
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA 0000000076dc0e00 5 bytes JMP 00000001749e1da9
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000076dc1072 5 bytes JMP 00000001749e2a21
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 0000000076dc498f 5 bytes JMP 00000001749e25f9
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000076dd3bab 5 bytes JMP 00000001749e3011
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 0000000076dd9aa4 5 bytes JMP 00000001749e6749
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\syswow64\kernel32.dll!MoveFileExW 0000000076dd9b05 5 bytes JMP 00000001749e64e9
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot 0000000076de7327 5 bytes JMP 00000001749e2729
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\syswow64\kernel32.dll!Process32NextW 0000000076de88da 5 bytes JMP 00000001749e5dc9
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\syswow64\kernel32.dll!MoveFileExA 0000000076deccb1 5 bytes JMP 00000001749e63b9
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 0000000076deccd1 5 bytes JMP 00000001749e6619
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\syswow64\kernel32.dll!WinExec 0000000076e43161 5 bytes JMP 00000001749e28f1
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA 0000000076e6759b 5 bytes JMP 00000001749e46a1
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW 0000000076e675be 5 bytes JMP 00000001749e47d1
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\syswow64\kernel32.dll!ReadConsoleA 0000000076e67969 5 bytes JMP 00000001749e4901
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\syswow64\kernel32.dll!ReadConsoleW 0000000076e679e2 5 bytes JMP 00000001749e4a31
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime 0000000076908f8d 5 bytes JMP 00000001749e1a19
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle 000000007690c436 5 bytes JMP 00000001749e3b59
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\syswow64\KERNELBASE.dll!DeviceIoControl 000000007690d0af 5 bytes JMP 00000001749e6879
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 000000007690eca6 5 bytes JMP 00000001749e3601
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess 000000007690f206 5 bytes JMP 00000001749e2399
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW 000000007690fa89 5 bytes JMP 00000001749e1e41
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\syswow64\KERNELBASE.dll!DefineDosDeviceW 000000007690fbb7 5 bytes JMP 00000001749e6289
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW 0000000076911358 5 bytes JMP 00000001749e3ac1
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 000000007691137f 5 bytes JMP 00000001749e3a29
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076911d29 5 bytes JMP 00000001749e1981
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress 0000000076911e15 5 bytes JMP 00000001749e24c9
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076912ab1 5 bytes JMP 00000001749e59a1
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA 0000000076912cdf 5 bytes JMP 00000001749e5909
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076912d1d 5 bytes JMP 00000001749e5a39
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA 0000000076912e80 5 bytes JMP 00000001749e18e9
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\syswow64\KERNELBASE.dll!SleepEx 0000000076913b76 5 bytes JMP 00000001749e2269
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\syswow64\KERNELBASE.dll!Sleep 000000007691449c 5 bytes JMP 00000001749e2431
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\syswow64\KERNELBASE.dll!CreateThread 000000007691460e 5 bytes JMP 00000001749e3569
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread 0000000076914637 5 bytes JMP 00000001749e2c81
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\syswow64\KERNELBASE.dll!FindNextFileW 000000007691a217 5 bytes JMP 00000001749e77e9
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\syswow64\KERNELBASE.dll!FindClose 000000007691a426 5 bytes JMP 00000001749e7881
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\syswow64\KERNELBASE.dll!FindFirstFileExW 000000007691a500 5 bytes JMP 00000001749e7751
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA 000000007691c73a 5 bytes JMP 00000001749e27c1
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\syswow64\KERNELBASE.dll!CreateWellKnownSid 000000007691e2a4 5 bytes JMP 00000001749e83c9
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\syswow64\WININET.dll!HttpSendRequestExW 00000000752b5e10 5 bytes JMP 00000001749e71f9
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\syswow64\WININET.dll!InternetWriteFile 00000000752b5f90 5 bytes JMP 00000001749e6911
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\syswow64\WININET.dll!InternetCloseHandle 00000000752cd480 5 bytes JMP 00000001749e7589
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\syswow64\WININET.dll!HttpOpenRequestW 00000000752d1310 5 bytes JMP 00000001749e6f99
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\syswow64\WININET.dll!HttpSendRequestW 00000000752d4040 5 bytes JMP 00000001749e70c9
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\syswow64\WININET.dll!InternetConnectW 00000000752d4fa0 5 bytes JMP 00000001749e6e69
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\syswow64\WININET.dll!InternetReadFile 00000000752dd510 5 bytes JMP 00000001749e69a9
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\syswow64\WININET.dll!InternetOpenA 0000000075307440 5 bytes JMP 00000001749e6a41
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\syswow64\WININET.dll!InternetOpenW 00000000753079d0 5 bytes JMP 00000001749e6ad9
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\syswow64\WININET.dll!HttpSendRequestA 000000007532d780 5 bytes JMP 00000001749e7031
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\syswow64\WININET.dll!InternetConnectA 00000000753337a0 5 bytes JMP 00000001749e6dd1
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA 0000000075333830 5 bytes JMP 00000001749e6f01
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\syswow64\WININET.dll!InternetOpenUrlA 00000000753861e0 5 bytes JMP 00000001749e6b71
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\syswow64\WININET.dll!InternetOpenUrlW 0000000075386d20 5 bytes JMP 00000001749e6c09
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\syswow64\WININET.dll!FtpGetFileA 0000000075394c10 5 bytes JMP 00000001749e7329
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\syswow64\WININET.dll!FtpOpenFileA 0000000075394fd0 5 bytes JMP 00000001749e6ca1
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\syswow64\WININET.dll!FtpPutFileA 0000000075395060 5 bytes JMP 00000001749e7459
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\syswow64\WININET.dll!FtpGetFileW 0000000075398130 5 bytes JMP 00000001749e73c1
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\syswow64\WININET.dll!FtpOpenFileW 00000000753981d0 5 bytes JMP 00000001749e6d39
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\syswow64\WININET.dll!FtpPutFileW 0000000075398330 5 bytes JMP 00000001749e74f1
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\syswow64\WININET.dll!HttpSendRequestExA 00000000753aa7e0 5 bytes JMP 00000001749e7161
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\syswow64\msvcrt.dll!_lock + 41 0000000076a4a472 5 bytes JMP 00000001749e8b81
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\syswow64\msvcrt.dll!__p__fmode 0000000076a527ce 5 bytes JMP 00000001749e1be1
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\syswow64\msvcrt.dll!__p__environ 0000000076a5e6cf 5 bytes JMP 00000001749e1b49
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\syswow64\user32.DLL!GetMessageW 0000000076b078e2 5 bytes JMP 00000001749e4441
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\syswow64\user32.DLL!GetMessageA 0000000076b07bd3 5 bytes JMP 00000001749e43a9
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\syswow64\user32.DLL!CreateWindowExW 0000000076b08a29 5 bytes JMP 00000001749e4f89
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\syswow64\user32.DLL!FindWindowW 0000000076b098fd 1 byte JMP 00000001749e5c01
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\syswow64\user32.DLL!FindWindowW + 2 0000000076b098ff 3 bytes {JMP 0xfffffffffdedc304}
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\syswow64\user32.DLL!UserClientDllInitialize 0000000076b0b6ed 5 bytes JMP 00000001749e8c19
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\syswow64\user32.DLL!CreateWindowExA 0000000076b0d22e 5 bytes JMP 00000001749e5021
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\syswow64\user32.DLL!SetWinEventHook 0000000076b0ee09 5 bytes JMP 00000001749e34d1
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\syswow64\user32.DLL!FindWindowA 0000000076b0ffe6 5 bytes JMP 00000001749e5ad1
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\syswow64\user32.DLL!FindWindowExA 0000000076b100d9 5 bytes JMP 00000001749e5b69
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\syswow64\user32.DLL!PeekMessageW 0000000076b105ba 5 bytes JMP 00000001749e4571
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\syswow64\user32.DLL!ShowWindow 0000000076b10dfb 5 bytes JMP 00000001749e50b9
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\syswow64\user32.DLL!PostMessageW 0000000076b112a5 5 bytes JMP 00000001749e8759
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\syswow64\user32.DLL!SetWindowTextW 0000000076b120ec 5 bytes JMP 00000001749e5449
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\syswow64\user32.DLL!PostMessageA 0000000076b13baa 5 bytes JMP 00000001749e86c1
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\syswow64\user32.DLL!SetWindowPlacement 0000000076b14ab6 5 bytes JMP 00000001749e7fa1
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\syswow64\user32.DLL!PeekMessageA 0000000076b15f74 5 bytes JMP 00000001749e44d9
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\syswow64\user32.DLL!CallNextHookEx 0000000076b16285 5 bytes JMP 00000001749e4bf9
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\syswow64\user32.DLL!SetWindowsHookExW 0000000076b17603 5 bytes JMP 00000001749e2be9
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\syswow64\user32.DLL!SetWindowTextA 0000000076b17aee 5 bytes JMP 00000001749e53b1
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\syswow64\user32.DLL!SetWindowsHookExA 0000000076b1835c 5 bytes JMP 00000001749e2b51
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\syswow64\user32.DLL!DialogBoxIndirectParamAorW 0000000076b2ce54 5 bytes JMP 00000001749e51e9
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\syswow64\user32.DLL!UnhookWindowsHookEx 0000000076b2f52b 5 bytes JMP 00000001749e4c91
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\syswow64\user32.DLL!FindWindowExW 0000000076b2f588 5 bytes JMP 00000001749e5c99
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\syswow64\user32.DLL!CreateDialogIndirectParamAorW 0000000076b310a0 5 bytes JMP 00000001749e5151
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\syswow64\user32.DLL!MessageBoxExA 0000000076b5fcd6 2 bytes JMP 00000001749e5281
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\syswow64\user32.DLL!MessageBoxExA + 3 0000000076b5fcd9 2 bytes [E8, FD]
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\syswow64\user32.DLL!MessageBoxExW 0000000076b5fcfa 5 bytes JMP 00000001749e5319
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\syswow64\GDI32.dll!TranslateCharsetInfo + 505 000000007632633b 5 bytes JMP 00000001749e8cb1
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\syswow64\GDI32.dll!SetBrushAttributes 000000007634868d 5 bytes JMP 00000001749e7e71
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\syswow64\GDI32.dll!ClearBrushAttributes 00000000763486ac 5 bytes JMP 00000001749e7f09
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\syswow64\GDI32.dll!NamedEscape 00000000763540e9 5 bytes JMP 00000001749e8039
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\syswow64\ADVAPI32.dll!CryptGenKey 00000000767f8e89 5 bytes JMP 00000001749e7a49
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextA 00000000767f9179 5 bytes JMP 00000001749e7919
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\syswow64\ADVAPI32.dll!CryptExportKey 00000000767f9186 5 bytes JMP 00000001749e8169
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\syswow64\ADVAPI32.dll!CryptImportKey 00000000767fc4d2 5 bytes JMP 00000001749e8331
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceW 00000000767fc9ec 5 bytes JMP 00000001749e3c89
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\syswow64\ADVAPI32.dll!CryptAcquireContextW 00000000767fdeb4 5 bytes JMP 00000001749e79b1
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\syswow64\ADVAPI32.dll!CryptHashData 00000000767fded6 5 bytes JMP 00000001749e8299
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\syswow64\ADVAPI32.dll!CryptCreateHash 00000000767fdeee 5 bytes JMP 00000001749e80d1
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\syswow64\ADVAPI32.dll!CryptGetHashParam 00000000767fdf1e 5 bytes JMP 00000001749e8201
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceA 0000000076802b50 5 bytes JMP 00000001749e3bf1
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle 00000000768035fc 5 bytes JMP 00000001749e40b1
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA + 222 000000007680494d 5 bytes JMP 00000001749e8d49
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 000000007681714c 5 bytes JMP 00000001749e4311
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\syswow64\ADVAPI32.dll!ControlService 0000000076817164 5 bytes JMP 00000001749e3e51
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\syswow64\ADVAPI32.dll!DeleteService 000000007681717c 5 bytes JMP 00000001749e3ee9
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\syswow64\ADVAPI32.dll!CryptEncrypt 00000000768177c3 5 bytes JMP 00000001749e7ae1
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA 0000000076833384 5 bytes JMP 00000001749e3f81
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW 0000000076833394 5 bytes JMP 00000001749e4019
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA 00000000768333a4 5 bytes JMP 00000001749e3d21
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExW 00000000768333b4 5 bytes JMP 00000001749e3db9
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 00000000768333f4 5 bytes JMP 00000001749e4279
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\syswow64\SHELL32.dll!Shell_NotifyIconW 00000000756e0199 5 bytes JMP 00000001749e4d29
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000075683918 5 bytes JMP 00000001749e5741
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\syswow64\WS2_32.dll!WSASocketW 0000000075683cd3 5 bytes JMP 00000001749e56a9
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\syswow64\WS2_32.dll!socket 0000000075683eb8 5 bytes JMP 00000001749e7b79
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000075684406 5 bytes JMP 00000001749e2139
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoW 0000000075684889 5 bytes JMP 00000001749e4dc1
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\syswow64\WS2_32.dll!recv 0000000075686b0e 5 bytes JMP 00000001749e7d41
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\syswow64\WS2_32.dll!connect 0000000075686bdd 1 byte JMP 00000001749e41e1
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\syswow64\WS2_32.dll!connect + 2 0000000075686bdf 3 bytes {CALL RBP}
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\syswow64\WS2_32.dll!send 0000000075686f01 5 bytes JMP 00000001749e20a1
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\syswow64\WS2_32.dll!WSARecv 0000000075687089 5 bytes JMP 00000001749e7dd9
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\syswow64\WS2_32.dll!WSAConnect 000000007568cc3f 5 bytes JMP 00000001749e7ca9
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoExW 000000007568d1ea 5 bytes JMP 00000001749e4e59
.text C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe[6100] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000075697673 5 bytes JMP 00000001749e4ef1
 Code:
ATTFilter ---- Threads - GMER 2.1 ----
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [5084:5656] 00000000769b7587
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [5084:6076] 0000000071538aa6
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [5084:5124] 00000000777dc557
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [5084:4292] 00000000777f27c1
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [5084:5228] 00000000777f27c1
---- Processes - GMER 2.1 ----
Library \\?\C:\Program Files\Common Files\Bitdefender\Bitdefender Threat Scanner\trufos.dll (*** suspicious ***) @ C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe [924] (FILE NOT FOUND) 000007fefb7d0000
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\5cc5d41fe27f
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\5cc5d41fe27f@fc58fa8e8b51 0xC0 0xBD 0x0D 0xB5 ...
Reg HKLM\SYSTEM\ControlSet002\Control@PreshutdownOrder wuauserv?gpsvc?trustedinstaller?
Reg HKLM\SYSTEM\ControlSet002\Control@CurrentUser USERNAME
Reg HKLM\SYSTEM\ControlSet002\Control@BootDriverFlags 0
Reg HKLM\SYSTEM\ControlSet002\Control@ServiceControlManagerExtension %systemroot%\system32\scext.dll
Reg HKLM\SYSTEM\ControlSet002\Control@SystemStartOptions NOEXECUTE=OPTIN
Reg HKLM\SYSTEM\ControlSet002\Control@SystemBootDevice multi(0)disk(0)rdisk(0)partition(2)
Reg HKLM\SYSTEM\ControlSet002\Control@FirmwareBootDevice multi(0)disk(0)rdisk(0)partition(1)
Reg HKLM\SYSTEM\ControlSet002\Control@WaitToKillServiceTimeout 8000
Reg HKLM\SYSTEM\ControlSet002\Control\Session Manager@CriticalSectionTimeout 2592000
Reg HKLM\SYSTEM\ControlSet002\Control\Session Manager@GlobalFlag 0
Reg HKLM\SYSTEM\ControlSet002\Control\Session Manager@HeapDeCommitFreeBlockThreshold 0
Reg HKLM\SYSTEM\ControlSet002\Control\Session Manager@HeapDeCommitTotalFreeThreshold 0
Reg HKLM\SYSTEM\ControlSet002\Control\Session Manager@HeapSegmentCommit 0
Reg HKLM\SYSTEM\ControlSet002\Control\Session Manager@HeapSegmentReserve 0
Reg HKLM\SYSTEM\ControlSet002\Control\Session Manager@ProcessorControl 2
Reg HKLM\SYSTEM\ControlSet002\Control\Session Manager@ResourceTimeoutCount 648000
Reg HKLM\SYSTEM\ControlSet002\Control\Session Manager@BootExecute autocheck autochk *?
Reg HKLM\SYSTEM\ControlSet002\Control\Session Manager@ExcludeFromKnownDlls
Reg HKLM\SYSTEM\ControlSet002\Control\Session Manager@ObjectDirectories \Windows?\RPC Control?
Reg HKLM\SYSTEM\ControlSet002\Control\Session Manager@ProtectionMode 1
Reg HKLM\SYSTEM\ControlSet002\Control\Session Manager@NumberOfInitialSessions 2
Reg HKLM\SYSTEM\ControlSet002\Control\Session Manager@SetupExecute
Reg HKLM\SYSTEM\ControlSet002\Control\Session Manager@AutoChkTimeout 5
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\5cc5d41fe27f (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\5cc5d41fe27f@fc58fa8e8b51 0xC0 0xBD 0x0D 0xB5 ...
---- EOF - GMER 2.1 ----
Nachtrag um 02:30 Jetzt wollte ich meinen Laptop runterfahren, dachte auch er wäre aus (hatte ihn aber nicht zugeklappt), da gab es ca. 2 Minuten nachdem der Bildschirm ausgegangen war nen Bluescreen (irgendwas mit nem Treiber, glaube ich) und der PC hat sich selbst wieder hochgefahren und hat dabei behauptet er wäre abgestürzt und gefragt ob ich ihn im abgesicherten Modus starten möchte. Übrigens machen sich auch alle Änderungen an Programmen automatisch wieder von selbst rückgängig. So beispielsweise dass ich ein Programm so umgestellt habe, dass es meinen Browserverlauf nicht mehr automatisch leeren soll, oder ein anderes, dass es sich nicht mit Systemstart einschaltet. |
|
| Themen zu Win7: Fehler 5 u.a. / "Kaputtoptimiert" |
| bonjour, defender, dnsapi.dll, driver booster, fehler, firefox, flash player, home, homepage, hängen, internet, langsam, mozilla, programm, prozesse, realtek, registry, rundll, scan, secur, services.exe, software, svchost.exe, temp, usb, windows, zugriff verweigert |
Linear-Darstellung
