flummy1978 | 15.09.2013 16:29 | Hmmm manchmal sieht man vor lauter Bäumen den Wald nicht :(
Ok aller guten Dinge sind 3 :) Code:
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-09-15 14:27:35
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000072 NVIDIA__ rev. 596,18GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Andreas\AppData\Local\Temp\uxlorpob.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\BUFFALO\NASNAVI\NasNavi.exe[3196] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000759e1465 2 bytes [9E, 75]
.text C:\Program Files (x86)\BUFFALO\NASNAVI\NasNavi.exe[3196] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000759e14bb 2 bytes [9E, 75]
.text ... * 2
.text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[3844] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000759e1465 2 bytes [9E, 75]
.text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[3844] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000759e14bb 2 bytes [9E, 75]
.text ... * 2
.text C:\Windows\system32\svchost.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!RtlExitUserProcess + 1 0000000077804121 11 bytes [B8, 59, 74, 27, 6F, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll + 1 0000000077807ac1 11 bytes [B8, F7, 75, 27, 6F, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 00000000778192d1 5 bytes [B8, E3, 74, 27, 6F]
.text C:\Windows\system32\svchost.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7 00000000778192d7 5 bytes [00, 00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParameters + 1 000000007782de21 8 bytes [B8, 2B, 74, 27, 6F, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParameters + 10 000000007782de2a 2 bytes [50, C3]
.text C:\Windows\system32\svchost.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!NtReadFile 0000000077831310 6 bytes [48, B8, 81, 76, 27, 6F]
.text C:\Windows\system32\svchost.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!NtReadFile + 8 0000000077831318 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 0000000077831330 6 bytes [48, B8, C9, 75, 27, 6F]
.text C:\Windows\system32\svchost.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 0000000077831338 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000778313a0 6 bytes [48, B8, 00, 73, 27, 6F]
.text C:\Windows\system32\svchost.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 00000000778313a8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKey 00000000778313d0 6 bytes [48, B8, C3, 77, 27, 6F]
.text C:\Windows\system32\svchost.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKey + 8 00000000778313d8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077831470 6 bytes [48, B8, 11, 75, 27, 6F]
.text C:\Windows\system32\svchost.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 0000000077831478 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey 0000000077831480 6 bytes [48, B8, AC, 77, 27, 6F]
.text C:\Windows\system32\svchost.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey + 8 0000000077831488 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077831510 6 bytes [48, B8, 50, 77, 27, 6F]
.text C:\Windows\system32\svchost.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000077831518 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 0000000077831520 6 bytes [48, B8, 6A, 76, 27, 6F]
.text C:\Windows\system32\svchost.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 0000000077831528 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077831530 6 bytes [48, B8, 45, 73, 27, 6F]
.text C:\Windows\system32\svchost.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000077831538 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000077831550 4 bytes [48, B8, 5C, 73]
.text C:\Windows\system32\svchost.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 5 0000000077831555 1 byte [6F]
.text ... * 2
.text C:\Windows\system32\svchost.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077831570 6 bytes [48, B8, 53, 76, 27, 6F]
.text C:\Windows\system32\svchost.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 0000000077831578 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000778315e0 6 bytes [48, B8, C6, 76, 27, 6F]
.text C:\Windows\system32\svchost.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 00000000778315e8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077831620 6 bytes [48, B8, 2E, 73, 27, 6F]
.text C:\Windows\system32\svchost.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 0000000077831628 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077831650 6 bytes [48, B8, 22, 77, 27, 6F]
.text C:\Windows\system32\svchost.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 0000000077831658 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077831670 6 bytes [48, B8, E0, 75, 27, 6F]
.text C:\Windows\system32\svchost.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 0000000077831678 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077831700 6 bytes [48, B8, 7E, 77, 27, 6F]
.text C:\Windows\system32\svchost.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 0000000077831708 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077831730 6 bytes [48, B8, 9E, 74, 27, 6F]
.text C:\Windows\system32\svchost.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 8 0000000077831738 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077831750 6 bytes [48, B8, 17, 73, 27, 6F]
.text C:\Windows\system32\svchost.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 0000000077831758 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000077831780 6 bytes [48, B8, CF, 73, 27, 6F]
.text C:\Windows\system32\svchost.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 0000000077831788 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077831790 6 bytes [48, B8, DD, 76, 27, 6F]
.text C:\Windows\system32\svchost.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 0000000077831798 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077831800 6 bytes [48, B8, 73, 73, 27, 6F]
.text C:\Windows\system32\svchost.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000077831808 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 00000000778318b0 6 bytes [48, B8, E6, 73, 27, 6F]
.text C:\Windows\system32\svchost.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 00000000778318b8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077831c80 6 bytes [48, B8, B5, 74, 27, 6F]
.text C:\Windows\system32\svchost.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 0000000077831c88 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000077831cd0 6 bytes [48, B8, 67, 77, 27, 6F]
.text C:\Windows\system32\svchost.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 0000000077831cd8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077831d30 6 bytes [48, B8, F4, 76, 27, 6F]
.text C:\Windows\system32\svchost.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 0000000077831d38 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteKey 0000000077831e10 6 bytes [48, B8, AF, 76, 27, 6F]
.text C:\Windows\system32\svchost.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteKey + 8 0000000077831e18 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 0000000077831e40 6 bytes [48, B8, 98, 76, 27, 6F]
.text C:\Windows\system32\svchost.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey + 8 0000000077831e48 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778320a0 6 bytes [48, B8, 87, 74, 27, 6F]
.text C:\Windows\system32\svchost.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 00000000778320a8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778329a0 6 bytes [48, B8, 92, 78, 27, 6F]
.text C:\Windows\system32\svchost.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 00000000778329a8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077832a80 6 bytes [48, B8, 1F, 78, 27, 6F]
.text C:\Windows\system32\svchost.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8 0000000077832a88 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077832aa0 6 bytes [48, B8, A9, 78, 27, 6F]
.text C:\Windows\system32\svchost.exe[4940] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 0000000077832aa8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[4940] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 00000000775c21e0 12 bytes [48, B8, 95, 77, 27, 6F, 00, ...]
.text C:\Windows\system32\svchost.exe[4940] C:\Windows\system32\kernel32.dll!SetThreadContext + 1 00000000775c2f11 8 bytes [B8, 39, 77, 27, 6F, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[4940] C:\Windows\system32\kernel32.dll!SetThreadContext + 10 00000000775c2f1a 2 bytes [50, C3]
.text C:\Windows\system32\svchost.exe[4940] C:\Windows\system32\kernel32.dll!AssignProcessToJobObject + 1 00000000775ca4a1 8 bytes [B8, 7B, 78, 27, 6F, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[4940] C:\Windows\system32\kernel32.dll!AssignProcessToJobObject + 10 00000000775ca4aa 2 bytes [50, C3]
.text C:\Windows\system32\svchost.exe[4940] C:\Windows\system32\kernel32.dll!CreateFileW + 1 00000000775d1871 11 bytes [B8, 70, 74, 27, 6F, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[4940] C:\Windows\system32\kernel32.dll!CopyFileExW + 1 00000000775d23d1 11 bytes [B8, A1, 73, 27, 6F, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[4940] C:\Windows\system32\kernel32.dll!CreateThread + 1 00000000775d6581 11 bytes [B8, F1, 77, 27, 6F, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[4940] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 00000000775de750 12 bytes [48, B8, FA, 74, 27, 6F, 00, ...]
.text C:\Windows\system32\svchost.exe[4940] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 00000000775e1e31 11 bytes [B8, FD, 73, 27, 6F, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[4940] C:\Windows\system32\kernel32.dll!CloseHandle 00000000775e2f10 7 bytes [48, B8, 8A, 73, 27, 6F, 00]
.text C:\Windows\system32\svchost.exe[4940] C:\Windows\system32\kernel32.dll!CloseHandle + 9 00000000775e2f19 3 bytes [00, 50, C3]
.text C:\Windows\system32\svchost.exe[4940] C:\Windows\system32\kernel32.dll!WriteProcessMemory + 1 000000007760bad1 11 bytes [B8, DA, 77, 27, 6F, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[4940] C:\Windows\system32\kernel32.dll!VirtualProtectEx + 1 000000007760bb71 11 bytes [B8, 36, 78, 27, 6F, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[4940] C:\Windows\system32\kernel32.dll!VirtualAllocEx + 1 000000007760bbd1 11 bytes [B8, 4D, 78, 27, 6F, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[4940] C:\Windows\system32\kernel32.dll!CreateRemoteThread + 1 000000007760c511 8 bytes [B8, 0B, 77, 27, 6F, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[4940] C:\Windows\system32\kernel32.dll!CreateRemoteThread + 10 000000007760c51a 2 bytes [50, C3]
.text C:\Windows\system32\svchost.exe[4940] C:\Windows\system32\kernel32.dll!CheckRemoteDebuggerPresent + 1 0000000077610e11 11 bytes [B8, CC, 74, 27, 6F, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[4940] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 0000000077615011 11 bytes [B8, 3F, 75, 27, 6F, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[4940] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000077615031 11 bytes [B8, 28, 75, 27, 6F, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[4940] C:\Windows\system32\kernel32.dll!ReadConsoleW 000000007762a560 12 bytes [48, B8, 6D, 75, 27, 6F, 00, ...]
.text C:\Windows\system32\svchost.exe[4940] C:\Windows\system32\kernel32.dll!ReadConsoleA 000000007762a670 12 bytes [48, B8, 56, 75, 27, 6F, 00, ...]
.text C:\Windows\system32\svchost.exe[4940] C:\Windows\system32\kernel32.dll!CreateDirectoryExW 0000000077649150 12 bytes [48, B8, 3C, 76, 27, 6F, 00, ...]
.text C:\Windows\system32\svchost.exe[4940] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1 000000007764f6c1 11 bytes [B8, B8, 73, 27, 6F, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[4940] C:\Windows\system32\KERNELBASE.dll!SleepEx 000007fefd8f1150 12 bytes [48, B8, 42, 74, 27, 6F, 00, ...]
.text C:\Windows\system32\svchost.exe[4940] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd8f2db1 11 bytes [B8, C0, 78, 27, 6F, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[4940] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW + 1 000007fefd8f37d1 11 bytes [B8, 84, 75, 27, 6F, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[4940] C:\Windows\system32\KERNELBASE.dll!QueueUserAPC 000007fefd8f3d40 12 bytes [48, B8, 64, 78, 27, 6F, 00, ...]
.text C:\Windows\system32\svchost.exe[4940] C:\Windows\system32\KERNELBASE.dll!SuspendThread + 1 000007fefd8f68c1 11 bytes [B8, 08, 78, 27, 6F, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[4940] C:\Windows\system32\KERNELBASE.dll!CreateDirectoryW + 1 000007fefd8f8101 11 bytes [B8, 25, 76, 27, 6F, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[4940] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd8f8ef0 12 bytes [48, B8, B2, 75, 27, 6F, 00, ...]
.text C:\Windows\system32\svchost.exe[4940] C:\Windows\system32\KERNELBASE.dll!GetStartupInfoW 000007fefd8fde80 6 bytes [48, B8, 14, 74, 27, 6F]
.text C:\Windows\system32\svchost.exe[4940] C:\Windows\system32\KERNELBASE.dll!GetStartupInfoW + 9 000007fefd8fde89 3 bytes [00, 50, C3]
.text C:\Windows\system32\svchost.exe[4940] C:\Windows\system32\KERNELBASE.dll!DeleteFileW + 1 000007fefd905131 5 bytes [B8, 0E, 76, 27, 6F]
.text C:\Windows\system32\svchost.exe[4940] C:\Windows\system32\KERNELBASE.dll!DeleteFileW + 7 000007fefd905137 5 bytes [00, 00, 00, 50, C3]
.text C:\Windows\system32\svchost.exe[4940] C:\Windows\system32\KERNELBASE.dll!SetFileAttributesW 000007fefd907640 6 bytes [48, B8, 9B, 75, 27, 6F]
.text C:\Windows\system32\svchost.exe[4940] C:\Windows\system32\KERNELBASE.dll!SetFileAttributesW + 9 000007fefd907649 3 bytes [00, 50, C3]
.text C:\Windows\system32\svchost.exe[4940] C:\Windows\system32\KERNELBASE.dll!PulseEvent + 1 000007fefd923cb1 11 bytes [B8, D7, 78, 27, 6F, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[4940] C:\Windows\system32\msvcrt.dll!calloc + 333 000007fefdb71b21 11 bytes [B8, EE, 78, 27, 6F, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[4940] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007feff61642d 11 bytes [B8, BD, 79, 27, 6F, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[4940] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007feff616484 12 bytes [48, B8, 4A, 79, 27, 6F, 00, ...]
.text C:\Windows\system32\svchost.exe[4940] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007feff616c34 12 bytes [48, B8, 61, 79, 27, 6F, 00, ...]
.text C:\Windows\system32\svchost.exe[4940] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007feff617ab5 11 bytes [B8, 78, 79, 27, 6F, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[4940] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007feff618b01 11 bytes [B8, 8F, 79, 27, 6F, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[4940] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007feff618c39 11 bytes [B8, A6, 79, 27, 6F, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[4940] C:\Windows\system32\ole32.dll!CoCreateInstanceEx + 1 000007feff63de91 11 bytes [B8, 2A, 7C, 27, 6F, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[4940] C:\Windows\system32\ole32.dll!CLSIDFromProgID + 1 000007feff649981 11 bytes [B8, 13, 7C, 27, 6F, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[4940] C:\Windows\system32\WS2_32.dll!WSASend + 1 000007feff8413b1 11 bytes [B8, 6F, 7C, 27, 6F, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[4940] C:\Windows\system32\WS2_32.dll!closesocket 000007feff8418e0 12 bytes [48, B8, CB, 7C, 27, 6F, 00, ...]
.text C:\Windows\system32\svchost.exe[4940] C:\Windows\system32\WS2_32.dll!WSASocketW + 1 000007feff841bd1 11 bytes [B8, B4, 7C, 27, 6F, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[4940] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 000007feff8423c0 12 bytes [48, B8, 86, 7C, 27, 6F, 00, ...]
.text C:\Windows\system32\svchost.exe[4940] C:\Windows\system32\WS2_32.dll!connect 000007feff8445c0 12 bytes [48, B8, E2, 7C, 27, 6F, 00, ...]
.text C:\Windows\system32\svchost.exe[4940] C:\Windows\system32\WS2_32.dll!WSAStartup + 1 000007feff844981 11 bytes [B8, F9, 7C, 27, 6F, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[4940] C:\Windows\system32\WS2_32.dll!send + 1 000007feff848001 11 bytes [B8, 58, 7C, 27, 6F, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[4940] C:\Windows\system32\WS2_32.dll!gethostbyname 000007feff848df0 7 bytes [48, B8, 9D, 7C, 27, 6F, 00]
.text C:\Windows\system32\svchost.exe[4940] C:\Windows\system32\WS2_32.dll!gethostbyname + 9 000007feff848df9 3 bytes [00, 50, C3]
.text C:\Windows\system32\svchost.exe[4940] C:\Windows\system32\WS2_32.dll!WSAIoctl + 1 000007feff84d621 11 bytes [B8, 10, 7D, 27, 6F, 00, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!RtlExitUserProcess + 1 0000000077804121 11 bytes [B8, 59, 74, 27, 6F, 00, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll + 1 0000000077807ac1 11 bytes [B8, F7, 75, 27, 6F, 00, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 00000000778192d1 5 bytes [B8, E3, 74, 27, 6F]
.text C:\Windows\System32\WUDFHost.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7 00000000778192d7 5 bytes [00, 00, 00, 50, C3]
.text C:\Windows\System32\WUDFHost.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParameters + 1 000000007782de21 8 bytes [B8, 2B, 74, 27, 6F, 00, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParameters + 10 000000007782de2a 2 bytes [50, C3]
.text C:\Windows\System32\WUDFHost.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!NtReadFile 0000000077831310 6 bytes [48, B8, 81, 76, 27, 6F]
.text C:\Windows\System32\WUDFHost.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!NtReadFile + 8 0000000077831318 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\WUDFHost.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 0000000077831330 6 bytes [48, B8, C9, 75, 27, 6F]
.text C:\Windows\System32\WUDFHost.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 0000000077831338 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\WUDFHost.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000778313a0 6 bytes [48, B8, 00, 73, 27, 6F]
.text C:\Windows\System32\WUDFHost.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 00000000778313a8 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\WUDFHost.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKey 00000000778313d0 6 bytes [48, B8, C3, 77, 27, 6F]
.text C:\Windows\System32\WUDFHost.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKey + 8 00000000778313d8 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\WUDFHost.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077831470 6 bytes [48, B8, 11, 75, 27, 6F]
.text C:\Windows\System32\WUDFHost.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 0000000077831478 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\WUDFHost.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey 0000000077831480 6 bytes [48, B8, AC, 77, 27, 6F]
.text C:\Windows\System32\WUDFHost.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey + 8 0000000077831488 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\WUDFHost.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077831510 6 bytes [48, B8, 50, 77, 27, 6F]
.text C:\Windows\System32\WUDFHost.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000077831518 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\WUDFHost.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 0000000077831520 6 bytes [48, B8, 6A, 76, 27, 6F]
.text C:\Windows\System32\WUDFHost.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 0000000077831528 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\WUDFHost.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077831530 6 bytes [48, B8, 45, 73, 27, 6F]
.text C:\Windows\System32\WUDFHost.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000077831538 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\WUDFHost.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000077831550 4 bytes [48, B8, 5C, 73]
.text C:\Windows\System32\WUDFHost.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 5 0000000077831555 1 byte [6F]
.text ... * 2
.text C:\Windows\System32\WUDFHost.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077831570 6 bytes [48, B8, 53, 76, 27, 6F]
.text C:\Windows\System32\WUDFHost.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 0000000077831578 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\WUDFHost.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000778315e0 6 bytes [48, B8, C6, 76, 27, 6F]
.text C:\Windows\System32\WUDFHost.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 00000000778315e8 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\WUDFHost.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077831620 6 bytes [48, B8, 2E, 73, 27, 6F]
.text C:\Windows\System32\WUDFHost.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 0000000077831628 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\WUDFHost.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077831650 6 bytes [48, B8, 22, 77, 27, 6F]
.text C:\Windows\System32\WUDFHost.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 0000000077831658 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\WUDFHost.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077831670 6 bytes [48, B8, E0, 75, 27, 6F]
.text C:\Windows\System32\WUDFHost.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 0000000077831678 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\WUDFHost.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077831700 6 bytes [48, B8, 7E, 77, 27, 6F]
.text C:\Windows\System32\WUDFHost.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 0000000077831708 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\WUDFHost.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077831730 6 bytes [48, B8, 9E, 74, 27, 6F]
.text C:\Windows\System32\WUDFHost.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 8 0000000077831738 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\WUDFHost.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077831750 6 bytes [48, B8, 17, 73, 27, 6F]
.text C:\Windows\System32\WUDFHost.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 0000000077831758 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\WUDFHost.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000077831780 6 bytes [48, B8, CF, 73, 27, 6F]
.text C:\Windows\System32\WUDFHost.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 0000000077831788 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\WUDFHost.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077831790 6 bytes [48, B8, DD, 76, 27, 6F]
.text C:\Windows\System32\WUDFHost.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 0000000077831798 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\WUDFHost.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077831800 6 bytes [48, B8, 73, 73, 27, 6F]
.text C:\Windows\System32\WUDFHost.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000077831808 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\WUDFHost.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 00000000778318b0 6 bytes [48, B8, E6, 73, 27, 6F]
.text C:\Windows\System32\WUDFHost.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 00000000778318b8 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\WUDFHost.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077831c80 6 bytes [48, B8, B5, 74, 27, 6F]
.text C:\Windows\System32\WUDFHost.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 0000000077831c88 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\WUDFHost.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000077831cd0 6 bytes [48, B8, 67, 77, 27, 6F]
.text C:\Windows\System32\WUDFHost.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 0000000077831cd8 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\WUDFHost.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077831d30 6 bytes [48, B8, F4, 76, 27, 6F]
.text C:\Windows\System32\WUDFHost.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 0000000077831d38 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\WUDFHost.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteKey 0000000077831e10 6 bytes [48, B8, AF, 76, 27, 6F]
.text C:\Windows\System32\WUDFHost.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteKey + 8 0000000077831e18 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\WUDFHost.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 0000000077831e40 6 bytes [48, B8, 98, 76, 27, 6F]
.text C:\Windows\System32\WUDFHost.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey + 8 0000000077831e48 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\WUDFHost.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778320a0 6 bytes [48, B8, 87, 74, 27, 6F]
.text C:\Windows\System32\WUDFHost.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 00000000778320a8 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\WUDFHost.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778329a0 6 bytes [48, B8, 92, 78, 27, 6F]
.text C:\Windows\System32\WUDFHost.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 00000000778329a8 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\WUDFHost.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077832a80 6 bytes [48, B8, 1F, 78, 27, 6F]
.text C:\Windows\System32\WUDFHost.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8 0000000077832a88 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\WUDFHost.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077832aa0 6 bytes [48, B8, A9, 78, 27, 6F]
.text C:\Windows\System32\WUDFHost.exe[5108] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 0000000077832aa8 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\WUDFHost.exe[5108] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 00000000775c21e0 12 bytes [48, B8, 95, 77, 27, 6F, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[5108] C:\Windows\system32\kernel32.dll!SetThreadContext + 1 00000000775c2f11 8 bytes [B8, 39, 77, 27, 6F, 00, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[5108] C:\Windows\system32\kernel32.dll!SetThreadContext + 10 00000000775c2f1a 2 bytes [50, C3]
.text C:\Windows\System32\WUDFHost.exe[5108] C:\Windows\system32\kernel32.dll!AssignProcessToJobObject + 1 00000000775ca4a1 8 bytes [B8, 7B, 78, 27, 6F, 00, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[5108] C:\Windows\system32\kernel32.dll!AssignProcessToJobObject + 10 00000000775ca4aa 2 bytes [50, C3]
.text C:\Windows\System32\WUDFHost.exe[5108] C:\Windows\system32\kernel32.dll!CreateFileW + 1 00000000775d1871 11 bytes [B8, 70, 74, 27, 6F, 00, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[5108] C:\Windows\system32\kernel32.dll!CopyFileExW + 1 00000000775d23d1 11 bytes [B8, A1, 73, 27, 6F, 00, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[5108] C:\Windows\system32\kernel32.dll!CreateThread + 1 00000000775d6581 11 bytes [B8, F1, 77, 27, 6F, 00, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[5108] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 00000000775de750 12 bytes [48, B8, FA, 74, 27, 6F, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[5108] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 00000000775e1e31 11 bytes [B8, FD, 73, 27, 6F, 00, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[5108] C:\Windows\system32\kernel32.dll!CloseHandle 00000000775e2f10 7 bytes [48, B8, 8A, 73, 27, 6F, 00]
.text C:\Windows\System32\WUDFHost.exe[5108] C:\Windows\system32\kernel32.dll!CloseHandle + 9 00000000775e2f19 3 bytes [00, 50, C3]
.text C:\Windows\System32\WUDFHost.exe[5108] C:\Windows\system32\kernel32.dll!WriteProcessMemory + 1 000000007760bad1 11 bytes [B8, DA, 77, 27, 6F, 00, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[5108] C:\Windows\system32\kernel32.dll!VirtualProtectEx + 1 000000007760bb71 11 bytes [B8, 36, 78, 27, 6F, 00, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[5108] C:\Windows\system32\kernel32.dll!VirtualAllocEx + 1 000000007760bbd1 11 bytes [B8, 4D, 78, 27, 6F, 00, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[5108] C:\Windows\system32\kernel32.dll!CreateRemoteThread + 1 000000007760c511 8 bytes [B8, 0B, 77, 27, 6F, 00, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[5108] C:\Windows\system32\kernel32.dll!CreateRemoteThread + 10 000000007760c51a 2 bytes [50, C3]
.text C:\Windows\System32\WUDFHost.exe[5108] C:\Windows\system32\kernel32.dll!CheckRemoteDebuggerPresent + 1 0000000077610e11 11 bytes [B8, CC, 74, 27, 6F, 00, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[5108] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 0000000077615011 11 bytes [B8, 3F, 75, 27, 6F, 00, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[5108] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000077615031 11 bytes [B8, 28, 75, 27, 6F, 00, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[5108] C:\Windows\system32\kernel32.dll!ReadConsoleW 000000007762a560 12 bytes [48, B8, 6D, 75, 27, 6F, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[5108] C:\Windows\system32\kernel32.dll!ReadConsoleA 000000007762a670 12 bytes [48, B8, 56, 75, 27, 6F, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[5108] C:\Windows\system32\kernel32.dll!CreateDirectoryExW 0000000077649150 12 bytes [48, B8, 3C, 76, 27, 6F, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[5108] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1 000000007764f6c1 11 bytes [B8, B8, 73, 27, 6F, 00, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[5108] C:\Windows\system32\KERNELBASE.dll!SleepEx 000007fefd8f1150 12 bytes [48, B8, 42, 74, 27, 6F, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[5108] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd8f2db1 11 bytes [B8, C0, 78, 27, 6F, 00, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[5108] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW + 1 000007fefd8f37d1 11 bytes [B8, 84, 75, 27, 6F, 00, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[5108] C:\Windows\system32\KERNELBASE.dll!QueueUserAPC 000007fefd8f3d40 12 bytes [48, B8, 64, 78, 27, 6F, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[5108] C:\Windows\system32\KERNELBASE.dll!SuspendThread + 1 000007fefd8f68c1 11 bytes [B8, 08, 78, 27, 6F, 00, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[5108] C:\Windows\system32\KERNELBASE.dll!CreateDirectoryW + 1 000007fefd8f8101 11 bytes [B8, 25, 76, 27, 6F, 00, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[5108] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd8f8ef0 12 bytes [48, B8, B2, 75, 27, 6F, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[5108] C:\Windows\system32\KERNELBASE.dll!GetStartupInfoW 000007fefd8fde80 6 bytes [48, B8, 14, 74, 27, 6F]
.text C:\Windows\System32\WUDFHost.exe[5108] C:\Windows\system32\KERNELBASE.dll!GetStartupInfoW + 9 000007fefd8fde89 3 bytes [00, 50, C3]
.text C:\Windows\System32\WUDFHost.exe[5108] C:\Windows\system32\KERNELBASE.dll!DeleteFileW + 1 000007fefd905131 5 bytes [B8, 0E, 76, 27, 6F]
.text C:\Windows\System32\WUDFHost.exe[5108] C:\Windows\system32\KERNELBASE.dll!DeleteFileW + 7 000007fefd905137 5 bytes [00, 00, 00, 50, C3]
.text C:\Windows\System32\WUDFHost.exe[5108] C:\Windows\system32\KERNELBASE.dll!SetFileAttributesW 000007fefd907640 6 bytes [48, B8, 9B, 75, 27, 6F]
.text C:\Windows\System32\WUDFHost.exe[5108] C:\Windows\system32\KERNELBASE.dll!SetFileAttributesW + 9 000007fefd907649 3 bytes [00, 50, C3]
.text C:\Windows\System32\WUDFHost.exe[5108] C:\Windows\system32\KERNELBASE.dll!PulseEvent + 1 000007fefd923cb1 11 bytes [B8, D7, 78, 27, 6F, 00, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[5108] C:\Windows\system32\msvcrt.dll!calloc + 333 000007fefdb71b21 11 bytes [B8, 05, 79, 27, 6F, 00, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[5108] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007feff61642d 11 bytes [B8, EB, 79, 27, 6F, 00, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[5108] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007feff616484 12 bytes [48, B8, 78, 79, 27, 6F, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[5108] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007feff616c34 12 bytes [48, B8, 8F, 79, 27, 6F, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[5108] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007feff617ab5 11 bytes [B8, A6, 79, 27, 6F, 00, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[5108] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007feff618b01 11 bytes [B8, BD, 79, 27, 6F, 00, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[5108] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007feff618c39 11 bytes [B8, D4, 79, 27, 6F, 00, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[5108] C:\Windows\system32\ole32.dll!CoCreateInstanceEx + 1 000007feff63de91 11 bytes [B8, 2A, 7C, 27, 6F, 00, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[5108] C:\Windows\system32\ole32.dll!CLSIDFromProgID + 1 000007feff649981 11 bytes [B8, 13, 7C, 27, 6F, 00, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[3904] C:\Windows\SYSTEM32\ntdll.dll!RtlExitUserProcess + 1 0000000077804121 11 bytes [B8, 59, 74, 27, 6F, 00, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[3904] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll + 1 0000000077807ac1 11 bytes [B8, F7, 75, 27, 6F, 00, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[3904] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 00000000778192d1 5 bytes [B8, E3, 74, 27, 6F]
.text C:\Windows\system32\wbem\wmiprvse.exe[3904] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7 00000000778192d7 5 bytes [00, 00, 00, 50, C3]
.text C:\Windows\system32\wbem\wmiprvse.exe[3904] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParameters + 1 000000007782de21 8 bytes [B8, 2B, 74, 27, 6F, 00, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[3904] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParameters + 10 000000007782de2a 2 bytes [50, C3]
.text C:\Windows\system32\wbem\wmiprvse.exe[3904] C:\Windows\SYSTEM32\ntdll.dll!NtReadFile 0000000077831310 6 bytes [48, B8, 81, 76, 27, 6F]
.text C:\Windows\system32\wbem\wmiprvse.exe[3904] C:\Windows\SYSTEM32\ntdll.dll!NtReadFile + 8 0000000077831318 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\wbem\wmiprvse.exe[3904] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 0000000077831330 6 bytes [48, B8, C9, 75, 27, 6F]
.text C:\Windows\system32\wbem\wmiprvse.exe[3904] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 0000000077831338 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\wbem\wmiprvse.exe[3904] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000778313a0 6 bytes [48, B8, 00, 73, 27, 6F]
.text C:\Windows\system32\wbem\wmiprvse.exe[3904] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 00000000778313a8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\wbem\wmiprvse.exe[3904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKey 00000000778313d0 6 bytes [48, B8, C3, 77, 27, 6F]
.text C:\Windows\system32\wbem\wmiprvse.exe[3904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKey + 8 00000000778313d8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\wbem\wmiprvse.exe[3904] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077831470 6 bytes [48, B8, 11, 75, 27, 6F]
.text C:\Windows\system32\wbem\wmiprvse.exe[3904] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 0000000077831478 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\wbem\wmiprvse.exe[3904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey 0000000077831480 6 bytes [48, B8, AC, 77, 27, 6F]
.text C:\Windows\system32\wbem\wmiprvse.exe[3904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey + 8 0000000077831488 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\wbem\wmiprvse.exe[3904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077831510 6 bytes [48, B8, 50, 77, 27, 6F]
.text C:\Windows\system32\wbem\wmiprvse.exe[3904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000077831518 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\wbem\wmiprvse.exe[3904] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 0000000077831520 6 bytes [48, B8, 6A, 76, 27, 6F]
.text C:\Windows\system32\wbem\wmiprvse.exe[3904] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 0000000077831528 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\wbem\wmiprvse.exe[3904] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077831530 6 bytes [48, B8, 45, 73, 27, 6F]
.text C:\Windows\system32\wbem\wmiprvse.exe[3904] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000077831538 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\wbem\wmiprvse.exe[3904] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000077831550 4 bytes [48, B8, 5C, 73]
.text C:\Windows\system32\wbem\wmiprvse.exe[3904] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 5 0000000077831555 1 byte [6F]
.text ... * 2
.text C:\Windows\system32\wbem\wmiprvse.exe[3904] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077831570 6 bytes [48, B8, 53, 76, 27, 6F]
.text C:\Windows\system32\wbem\wmiprvse.exe[3904] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 0000000077831578 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\wbem\wmiprvse.exe[3904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000778315e0 6 bytes [48, B8, C6, 76, 27, 6F]
.text C:\Windows\system32\wbem\wmiprvse.exe[3904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 00000000778315e8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\wbem\wmiprvse.exe[3904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077831620 6 bytes [48, B8, 2E, 73, 27, 6F]
.text C:\Windows\system32\wbem\wmiprvse.exe[3904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 0000000077831628 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\wbem\wmiprvse.exe[3904] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077831650 6 bytes [48, B8, 22, 77, 27, 6F]
.text C:\Windows\system32\wbem\wmiprvse.exe[3904] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 0000000077831658 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\wbem\wmiprvse.exe[3904] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077831670 6 bytes [48, B8, E0, 75, 27, 6F]
.text C:\Windows\system32\wbem\wmiprvse.exe[3904] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 0000000077831678 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\wbem\wmiprvse.exe[3904] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077831700 6 bytes [48, B8, 7E, 77, 27, 6F]
.text C:\Windows\system32\wbem\wmiprvse.exe[3904] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 0000000077831708 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\wbem\wmiprvse.exe[3904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077831730 6 bytes [48, B8, 9E, 74, 27, 6F]
.text C:\Windows\system32\wbem\wmiprvse.exe[3904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 8 0000000077831738 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\wbem\wmiprvse.exe[3904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077831750 6 bytes [48, B8, 17, 73, 27, 6F]
.text C:\Windows\system32\wbem\wmiprvse.exe[3904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 0000000077831758 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\wbem\wmiprvse.exe[3904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000077831780 6 bytes [48, B8, CF, 73, 27, 6F]
.text C:\Windows\system32\wbem\wmiprvse.exe[3904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 0000000077831788 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\wbem\wmiprvse.exe[3904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077831790 6 bytes [48, B8, DD, 76, 27, 6F]
.text C:\Windows\system32\wbem\wmiprvse.exe[3904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 0000000077831798 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\wbem\wmiprvse.exe[3904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077831800 6 bytes [48, B8, 73, 73, 27, 6F]
.text C:\Windows\system32\wbem\wmiprvse.exe[3904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000077831808 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\wbem\wmiprvse.exe[3904] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 00000000778318b0 6 bytes [48, B8, E6, 73, 27, 6F]
.text C:\Windows\system32\wbem\wmiprvse.exe[3904] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 00000000778318b8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\wbem\wmiprvse.exe[3904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077831c80 6 bytes [48, B8, B5, 74, 27, 6F]
.text C:\Windows\system32\wbem\wmiprvse.exe[3904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 0000000077831c88 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\wbem\wmiprvse.exe[3904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000077831cd0 6 bytes [48, B8, 67, 77, 27, 6F]
.text C:\Windows\system32\wbem\wmiprvse.exe[3904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 0000000077831cd8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\wbem\wmiprvse.exe[3904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077831d30 6 bytes [48, B8, F4, 76, 27, 6F]
.text C:\Windows\system32\wbem\wmiprvse.exe[3904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 0000000077831d38 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\wbem\wmiprvse.exe[3904] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteKey 0000000077831e10 6 bytes [48, B8, AF, 76, 27, 6F]
.text C:\Windows\system32\wbem\wmiprvse.exe[3904] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteKey + 8 0000000077831e18 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\wbem\wmiprvse.exe[3904] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 0000000077831e40 6 bytes [48, B8, 98, 76, 27, 6F]
.text C:\Windows\system32\wbem\wmiprvse.exe[3904] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey + 8 0000000077831e48 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\wbem\wmiprvse.exe[3904] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778320a0 6 bytes [48, B8, 87, 74, 27, 6F]
.text C:\Windows\system32\wbem\wmiprvse.exe[3904] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 00000000778320a8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\wbem\wmiprvse.exe[3904] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778329a0 6 bytes [48, B8, 92, 78, 27, 6F]
.text C:\Windows\system32\wbem\wmiprvse.exe[3904] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 00000000778329a8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\wbem\wmiprvse.exe[3904] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077832a80 6 bytes [48, B8, 1F, 78, 27, 6F]
.text C:\Windows\system32\wbem\wmiprvse.exe[3904] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8 0000000077832a88 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\wbem\wmiprvse.exe[3904] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077832aa0 6 bytes [48, B8, A9, 78, 27, 6F]
.text C:\Windows\system32\wbem\wmiprvse.exe[3904] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 0000000077832aa8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\wbem\wmiprvse.exe[3904] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 00000000775c21e0 12 bytes [48, B8, 95, 77, 27, 6F, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[3904] C:\Windows\system32\kernel32.dll!SetThreadContext + 1 00000000775c2f11 8 bytes [B8, 39, 77, 27, 6F, 00, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[3904] C:\Windows\system32\kernel32.dll!SetThreadContext + 10 00000000775c2f1a 2 bytes [50, C3]
.text C:\Windows\system32\wbem\wmiprvse.exe[3904] C:\Windows\system32\kernel32.dll!AssignProcessToJobObject + 1 00000000775ca4a1 8 bytes [B8, 7B, 78, 27, 6F, 00, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[3904] C:\Windows\system32\kernel32.dll!AssignProcessToJobObject + 10 00000000775ca4aa 2 bytes [50, C3]
.text C:\Windows\system32\wbem\wmiprvse.exe[3904] C:\Windows\system32\kernel32.dll!CreateFileW + 1 00000000775d1871 11 bytes [B8, 70, 74, 27, 6F, 00, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[3904] C:\Windows\system32\kernel32.dll!CopyFileExW + 1 00000000775d23d1 11 bytes [B8, A1, 73, 27, 6F, 00, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[3904] C:\Windows\system32\kernel32.dll!CreateThread + 1 00000000775d6581 11 bytes [B8, F1, 77, 27, 6F, 00, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[3904] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 00000000775de750 12 bytes [48, B8, FA, 74, 27, 6F, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[3904] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 00000000775e1e31 11 bytes [B8, FD, 73, 27, 6F, 00, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[3904] C:\Windows\system32\kernel32.dll!CloseHandle 00000000775e2f10 7 bytes [48, B8, 8A, 73, 27, 6F, 00]
.text C:\Windows\system32\wbem\wmiprvse.exe[3904] C:\Windows\system32\kernel32.dll!CloseHandle + 9 00000000775e2f19 3 bytes [00, 50, C3]
.text C:\Windows\system32\wbem\wmiprvse.exe[3904] C:\Windows\system32\kernel32.dll!WriteProcessMemory + 1 000000007760bad1 11 bytes [B8, DA, 77, 27, 6F, 00, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[3904] C:\Windows\system32\kernel32.dll!VirtualProtectEx + 1 000000007760bb71 11 bytes [B8, 36, 78, 27, 6F, 00, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[3904] C:\Windows\system32\kernel32.dll!VirtualAllocEx + 1 000000007760bbd1 11 bytes [B8, 4D, 78, 27, 6F, 00, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[3904] C:\Windows\system32\kernel32.dll!CreateRemoteThread + 1 000000007760c511 8 bytes [B8, 0B, 77, 27, 6F, 00, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[3904] C:\Windows\system32\kernel32.dll!CreateRemoteThread + 10 000000007760c51a 2 bytes [50, C3]
.text C:\Windows\system32\wbem\wmiprvse.exe[3904] C:\Windows\system32\kernel32.dll!CheckRemoteDebuggerPresent + 1 0000000077610e11 11 bytes [B8, CC, 74, 27, 6F, 00, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[3904] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 0000000077615011 11 bytes [B8, 3F, 75, 27, 6F, 00, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[3904] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000077615031 11 bytes [B8, 28, 75, 27, 6F, 00, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[3904] C:\Windows\system32\kernel32.dll!ReadConsoleW 000000007762a560 12 bytes [48, B8, 6D, 75, 27, 6F, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[3904] C:\Windows\system32\kernel32.dll!ReadConsoleA 000000007762a670 12 bytes [48, B8, 56, 75, 27, 6F, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[3904] C:\Windows\system32\kernel32.dll!CreateDirectoryExW 0000000077649150 12 bytes [48, B8, 3C, 76, 27, 6F, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[3904] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1 000000007764f6c1 11 bytes [B8, B8, 73, 27, 6F, 00, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[3904] C:\Windows\system32\KERNELBASE.dll!SleepEx 000007fefd8f1150 12 bytes [48, B8, 42, 74, 27, 6F, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[3904] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd8f2db1 11 bytes [B8, C0, 78, 27, 6F, 00, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[3904] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW + 1 000007fefd8f37d1 11 bytes [B8, 84, 75, 27, 6F, 00, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[3904] C:\Windows\system32\KERNELBASE.dll!QueueUserAPC 000007fefd8f3d40 12 bytes [48, B8, 64, 78, 27, 6F, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[3904] C:\Windows\system32\KERNELBASE.dll!SuspendThread + 1 000007fefd8f68c1 11 bytes [B8, 08, 78, 27, 6F, 00, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[3904] C:\Windows\system32\KERNELBASE.dll!CreateDirectoryW + 1 000007fefd8f8101 11 bytes [B8, 25, 76, 27, 6F, 00, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[3904] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd8f8ef0 12 bytes [48, B8, B2, 75, 27, 6F, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[3904] C:\Windows\system32\KERNELBASE.dll!GetStartupInfoW 000007fefd8fde80 6 bytes [48, B8, 14, 74, 27, 6F]
.text C:\Windows\system32\wbem\wmiprvse.exe[3904] C:\Windows\system32\KERNELBASE.dll!GetStartupInfoW + 9 000007fefd8fde89 3 bytes [00, 50, C3]
.text C:\Windows\system32\wbem\wmiprvse.exe[3904] C:\Windows\system32\KERNELBASE.dll!DeleteFileW + 1 000007fefd905131 5 bytes [B8, 0E, 76, 27, 6F]
.text C:\Windows\system32\wbem\wmiprvse.exe[3904] C:\Windows\system32\KERNELBASE.dll!DeleteFileW + 7 000007fefd905137 5 bytes [00, 00, 00, 50, C3]
.text C:\Windows\system32\wbem\wmiprvse.exe[3904] C:\Windows\system32\KERNELBASE.dll!SetFileAttributesW 000007fefd907640 6 bytes [48, B8, 9B, 75, 27, 6F]
.text C:\Windows\system32\wbem\wmiprvse.exe[3904] C:\Windows\system32\KERNELBASE.dll!SetFileAttributesW + 9 000007fefd907649 3 bytes [00, 50, C3]
.text C:\Windows\system32\wbem\wmiprvse.exe[3904] C:\Windows\system32\KERNELBASE.dll!PulseEvent + 1 000007fefd923cb1 11 bytes [B8, D7, 78, 27, 6F, 00, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[3904] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 65 000007feff8b0761 11 bytes [B8, EE, 78, 27, 6F, 00, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[3904] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007feff8b3b44 12 bytes [48, B8, 78, 79, 27, 6F, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[3904] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007feff8cb704 12 bytes [48, B8, 61, 79, 27, 6F, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[3904] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW 000007feff8cb870 12 bytes [48, B8, 19, 7A, 27, 6F, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[3904] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007feff8cb8dc 12 bytes [48, B8, 30, 7A, 27, 6F, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[3904] C:\Windows\system32\msvcrt.dll!calloc + 333 000007fefdb71b21 11 bytes [B8, 05, 79, 27, 6F, 00, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[3904] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007feff61642d 11 bytes [B8, 02, 7A, 27, 6F, 00, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[3904] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007feff616484 12 bytes [48, B8, 8F, 79, 27, 6F, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[3904] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007feff616c34 12 bytes [48, B8, A6, 79, 27, 6F, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[3904] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007feff617ab5 11 bytes [B8, BD, 79, 27, 6F, 00, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[3904] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007feff618b01 11 bytes [B8, D4, 79, 27, 6F, 00, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[3904] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007feff618c39 11 bytes [B8, EB, 79, 27, 6F, 00, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[3904] C:\Windows\system32\ole32.dll!CoCreateInstanceEx + 1 000007feff63de91 11 bytes [B8, 41, 7C, 27, 6F, 00, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[3904] C:\Windows\system32\ole32.dll!CLSIDFromProgID + 1 000007feff649981 11 bytes [B8, 2A, 7C, 27, 6F, 00, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[3904] C:\Windows\system32\WS2_32.dll!WSASend + 1 000007feff8413b1 11 bytes [B8, 6F, 7C, 27, 6F, 00, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[3904] C:\Windows\system32\WS2_32.dll!closesocket 000007feff8418e0 12 bytes [48, B8, CB, 7C, 27, 6F, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[3904] C:\Windows\system32\WS2_32.dll!WSASocketW + 1 000007feff841bd1 11 bytes [B8, B4, 7C, 27, 6F, 00, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[3904] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 000007feff8423c0 12 bytes [48, B8, 86, 7C, 27, 6F, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[3904] C:\Windows\system32\WS2_32.dll!connect 000007feff8445c0 12 bytes [48, B8, E2, 7C, 27, 6F, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[3904] C:\Windows\system32\WS2_32.dll!WSAStartup + 1 000007feff844981 11 bytes [B8, F9, 7C, 27, 6F, 00, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[3904] C:\Windows\system32\WS2_32.dll!send + 1 000007feff848001 11 bytes [B8, 58, 7C, 27, 6F, 00, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[3904] C:\Windows\system32\WS2_32.dll!gethostbyname 000007feff848df0 7 bytes [48, B8, 9D, 7C, 27, 6F, 00]
.text C:\Windows\system32\wbem\wmiprvse.exe[3904] C:\Windows\system32\WS2_32.dll!gethostbyname + 9 000007feff848df9 3 bytes [00, 50, C3]
.text C:\Windows\system32\wbem\wmiprvse.exe[3904] C:\Windows\system32\WS2_32.dll!WSAIoctl + 1 000007feff84d621 11 bytes [B8, 10, 7D, 27, 6F, 00, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!RtlExitUserProcess + 1 0000000077804121 11 bytes [B8, 59, 74, 27, 6F, 00, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll + 1 0000000077807ac1 11 bytes [B8, F7, 75, 27, 6F, 00, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 00000000778192d1 5 bytes [B8, E3, 74, 27, 6F]
.text C:\Windows\System32\WUDFHost.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7 00000000778192d7 5 bytes [00, 00, 00, 50, C3]
.text C:\Windows\System32\WUDFHost.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParameters + 1 000000007782de21 8 bytes [B8, 2B, 74, 27, 6F, 00, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParameters + 10 000000007782de2a 2 bytes [50, C3]
.text C:\Windows\System32\WUDFHost.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!NtReadFile 0000000077831310 6 bytes [48, B8, 81, 76, 27, 6F]
.text C:\Windows\System32\WUDFHost.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!NtReadFile + 8 0000000077831318 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\WUDFHost.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 0000000077831330 6 bytes [48, B8, C9, 75, 27, 6F]
.text C:\Windows\System32\WUDFHost.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 0000000077831338 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\WUDFHost.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000778313a0 6 bytes [48, B8, 00, 73, 27, 6F]
.text C:\Windows\System32\WUDFHost.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 00000000778313a8 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\WUDFHost.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKey 00000000778313d0 6 bytes [48, B8, C3, 77, 27, 6F]
.text C:\Windows\System32\WUDFHost.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKey + 8 00000000778313d8 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\WUDFHost.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077831470 6 bytes [48, B8, 11, 75, 27, 6F]
.text C:\Windows\System32\WUDFHost.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 0000000077831478 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\WUDFHost.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey 0000000077831480 6 bytes [48, B8, AC, 77, 27, 6F]
.text C:\Windows\System32\WUDFHost.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey + 8 0000000077831488 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\WUDFHost.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077831510 6 bytes [48, B8, 50, 77, 27, 6F]
.text C:\Windows\System32\WUDFHost.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000077831518 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\WUDFHost.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 0000000077831520 6 bytes [48, B8, 6A, 76, 27, 6F]
.text C:\Windows\System32\WUDFHost.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 0000000077831528 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\WUDFHost.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077831530 6 bytes [48, B8, 45, 73, 27, 6F]
.text C:\Windows\System32\WUDFHost.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000077831538 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\WUDFHost.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000077831550 4 bytes [48, B8, 5C, 73]
.text C:\Windows\System32\WUDFHost.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 5 0000000077831555 1 byte [6F]
.text ... * 2
.text C:\Windows\System32\WUDFHost.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077831570 6 bytes [48, B8, 53, 76, 27, 6F]
.text C:\Windows\System32\WUDFHost.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 0000000077831578 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\WUDFHost.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000778315e0 6 bytes [48, B8, C6, 76, 27, 6F]
.text C:\Windows\System32\WUDFHost.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile + 8 00000000778315e8 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\WUDFHost.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077831620 6 bytes [48, B8, 2E, 73, 27, 6F]
.text C:\Windows\System32\WUDFHost.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 0000000077831628 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\WUDFHost.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077831650 6 bytes [48, B8, 22, 77, 27, 6F]
.text C:\Windows\System32\WUDFHost.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 0000000077831658 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\WUDFHost.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077831670 6 bytes [48, B8, E0, 75, 27, 6F]
.text C:\Windows\System32\WUDFHost.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 0000000077831678 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\WUDFHost.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077831700 6 bytes [48, B8, 7E, 77, 27, 6F]
.text C:\Windows\System32\WUDFHost.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 0000000077831708 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\WUDFHost.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077831730 6 bytes [48, B8, 9E, 74, 27, 6F]
.text C:\Windows\System32\WUDFHost.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent + 8 0000000077831738 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\WUDFHost.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077831750 6 bytes [48, B8, 17, 73, 27, 6F]
.text C:\Windows\System32\WUDFHost.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 0000000077831758 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\WUDFHost.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000077831780 6 bytes [48, B8, CF, 73, 27, 6F]
.text C:\Windows\System32\WUDFHost.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 0000000077831788 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\WUDFHost.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077831790 6 bytes [48, B8, DD, 76, 27, 6F]
.text C:\Windows\System32\WUDFHost.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 0000000077831798 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\WUDFHost.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077831800 6 bytes [48, B8, 73, 73, 27, 6F]
.text C:\Windows\System32\WUDFHost.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000077831808 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\WUDFHost.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 00000000778318b0 6 bytes [48, B8, E6, 73, 27, 6F]
.text C:\Windows\System32\WUDFHost.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 00000000778318b8 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\WUDFHost.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077831c80 6 bytes [48, B8, B5, 74, 27, 6F]
.text C:\Windows\System32\WUDFHost.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 0000000077831c88 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\WUDFHost.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000077831cd0 6 bytes [48, B8, 67, 77, 27, 6F]
.text C:\Windows\System32\WUDFHost.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 0000000077831cd8 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\WUDFHost.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077831d30 6 bytes [48, B8, F4, 76, 27, 6F]
.text C:\Windows\System32\WUDFHost.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 0000000077831d38 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\WUDFHost.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteKey 0000000077831e10 6 bytes [48, B8, AF, 76, 27, 6F]
.text C:\Windows\System32\WUDFHost.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteKey + 8 0000000077831e18 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\WUDFHost.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 0000000077831e40 6 bytes [48, B8, 98, 76, 27, 6F]
.text C:\Windows\System32\WUDFHost.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey + 8 0000000077831e48 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\WUDFHost.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000778320a0 6 bytes [48, B8, 87, 74, 27, 6F]
.text C:\Windows\System32\WUDFHost.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 00000000778320a8 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\WUDFHost.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000778329a0 6 bytes [48, B8, 92, 78, 27, 6F]
.text C:\Windows\System32\WUDFHost.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 00000000778329a8 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\WUDFHost.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077832a80 6 bytes [48, B8, 1F, 78, 27, 6F]
.text C:\Windows\System32\WUDFHost.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8 0000000077832a88 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\WUDFHost.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077832aa0 6 bytes [48, B8, A9, 78, 27, 6F]
.text C:\Windows\System32\WUDFHost.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 0000000077832aa8 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\WUDFHost.exe[4892] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 00000000775c21e0 12 bytes [48, B8, 95, 77, 27, 6F, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[4892] C:\Windows\system32\kernel32.dll!SetThreadContext + 1 00000000775c2f11 8 bytes [B8, 39, 77, 27, 6F, 00, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[4892] C:\Windows\system32\kernel32.dll!SetThreadContext + 10 00000000775c2f1a 2 bytes [50, C3]
.text C:\Windows\System32\WUDFHost.exe[4892] C:\Windows\system32\kernel32.dll!AssignProcessToJobObject + 1 00000000775ca4a1 8 bytes [B8, 7B, 78, 27, 6F, 00, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[4892] C:\Windows\system32\kernel32.dll!AssignProcessToJobObject + 10 00000000775ca4aa 2 bytes [50, C3]
.text C:\Windows\System32\WUDFHost.exe[4892] C:\Windows\system32\kernel32.dll!CreateFileW + 1 00000000775d1871 11 bytes [B8, 70, 74, 27, 6F, 00, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[4892] C:\Windows\system32\kernel32.dll!CopyFileExW + 1 00000000775d23d1 11 bytes [B8, A1, 73, 27, 6F, 00, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[4892] C:\Windows\system32\kernel32.dll!CreateThread + 1 00000000775d6581 11 bytes [B8, F1, 77, 27, 6F, 00, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[4892] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 00000000775de750 12 bytes [48, B8, FA, 74, 27, 6F, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[4892] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 00000000775e1e31 11 bytes [B8, FD, 73, 27, 6F, 00, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[4892] C:\Windows\system32\kernel32.dll!CloseHandle 00000000775e2f10 7 bytes [48, B8, 8A, 73, 27, 6F, 00]
.text C:\Windows\System32\WUDFHost.exe[4892] C:\Windows\system32\kernel32.dll!CloseHandle + 9 00000000775e2f19 3 bytes [00, 50, C3]
.text C:\Windows\System32\WUDFHost.exe[4892] C:\Windows\system32\kernel32.dll!WriteProcessMemory + 1 000000007760bad1 11 bytes [B8, DA, 77, 27, 6F, 00, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[4892] C:\Windows\system32\kernel32.dll!VirtualProtectEx + 1 000000007760bb71 11 bytes [B8, 36, 78, 27, 6F, 00, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[4892] C:\Windows\system32\kernel32.dll!VirtualAllocEx + 1 000000007760bbd1 11 bytes [B8, 4D, 78, 27, 6F, 00, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[4892] C:\Windows\system32\kernel32.dll!CreateRemoteThread + 1 000000007760c511 8 bytes [B8, 0B, 77, 27, 6F, 00, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[4892] C:\Windows\system32\kernel32.dll!CreateRemoteThread + 10 000000007760c51a 2 bytes [50, C3]
.text C:\Windows\System32\WUDFHost.exe[4892] C:\Windows\system32\kernel32.dll!CheckRemoteDebuggerPresent + 1 0000000077610e11 11 bytes [B8, CC, 74, 27, 6F, 00, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[4892] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 0000000077615011 11 bytes [B8, 3F, 75, 27, 6F, 00, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[4892] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000077615031 11 bytes [B8, 28, 75, 27, 6F, 00, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[4892] C:\Windows\system32\kernel32.dll!ReadConsoleW 000000007762a560 12 bytes [48, B8, 6D, 75, 27, 6F, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[4892] C:\Windows\system32\kernel32.dll!ReadConsoleA 000000007762a670 12 bytes [48, B8, 56, 75, 27, 6F, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[4892] C:\Windows\system32\kernel32.dll!CreateDirectoryExW 0000000077649150 12 bytes [48, B8, 3C, 76, 27, 6F, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[4892] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1 000000007764f6c1 11 bytes [B8, B8, 73, 27, 6F, 00, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[4892] C:\Windows\system32\KERNELBASE.dll!SleepEx 000007fefd8f1150 12 bytes [48, B8, 42, 74, 27, 6F, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[4892] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd8f2db1 11 bytes [B8, C0, 78, 27, 6F, 00, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[4892] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW + 1 000007fefd8f37d1 11 bytes [B8, 84, 75, 27, 6F, 00, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[4892] C:\Windows\system32\KERNELBASE.dll!QueueUserAPC 000007fefd8f3d40 12 bytes [48, B8, 64, 78, 27, 6F, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[4892] C:\Windows\system32\KERNELBASE.dll!SuspendThread + 1 000007fefd8f68c1 11 bytes [B8, 08, 78, 27, 6F, 00, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[4892] C:\Windows\system32\KERNELBASE.dll!CreateDirectoryW + 1 000007fefd8f8101 11 bytes [B8, 25, 76, 27, 6F, 00, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[4892] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd8f8ef0 12 bytes [48, B8, B2, 75, 27, 6F, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[4892] C:\Windows\system32\KERNELBASE.dll!GetStartupInfoW 000007fefd8fde80 6 bytes [48, B8, 14, 74, 27, 6F]
.text C:\Windows\System32\WUDFHost.exe[4892] C:\Windows\system32\KERNELBASE.dll!GetStartupInfoW + 9 000007fefd8fde89 3 bytes [00, 50, C3]
.text C:\Windows\System32\WUDFHost.exe[4892] C:\Windows\system32\KERNELBASE.dll!DeleteFileW + 1 000007fefd905131 5 bytes [B8, 0E, 76, 27, 6F]
.text C:\Windows\System32\WUDFHost.exe[4892] C:\Windows\system32\KERNELBASE.dll!DeleteFileW + 7 000007fefd905137 5 bytes [00, 00, 00, 50, C3]
.text C:\Windows\System32\WUDFHost.exe[4892] C:\Windows\system32\KERNELBASE.dll!SetFileAttributesW 000007fefd907640 6 bytes [48, B8, 9B, 75, 27, 6F]
.text C:\Windows\System32\WUDFHost.exe[4892] C:\Windows\system32\KERNELBASE.dll!SetFileAttributesW + 9 000007fefd907649 3 bytes [00, 50, C3]
.text C:\Windows\System32\WUDFHost.exe[4892] C:\Windows\system32\KERNELBASE.dll!PulseEvent + 1 000007fefd923cb1 11 bytes [B8, D7, 78, 27, 6F, 00, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[4892] C:\Windows\system32\msvcrt.dll!calloc + 333 000007fefdb71b21 11 bytes [B8, 05, 79, 27, 6F, 00, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[4892] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007feff61642d 11 bytes [B8, EB, 79, 27, 6F, 00, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[4892] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007feff616484 12 bytes [48, B8, 78, 79, 27, 6F, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[4892] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007feff616c34 12 bytes [48, B8, 8F, 79, 27, 6F, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[4892] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007feff617ab5 11 bytes [B8, A6, 79, 27, 6F, 00, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[4892] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007feff618b01 11 bytes [B8, BD, 79, 27, 6F, 00, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[4892] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007feff618c39 11 bytes [B8, D4, 79, 27, 6F, 00, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[4892] C:\Windows\system32\ole32.dll!CoCreateInstanceEx + 1 000007feff63de91 11 bytes [B8, 2A, 7C, 27, 6F, 00, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[4892] C:\Windows\system32\ole32.dll!CLSIDFromProgID + 1 000007feff649981 11 bytes [B8, 13, 7C, 27, 6F, 00, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[5256] C:\Windows\SYSTEM32\ntdll.dll!RtlExitUserProcess + 1 0000000077804121 11 bytes [B8, 59, 74, 27, 6F, 00, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[5256] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll + 1 0000000077807ac1 11 bytes [B8, F7, 75, 27, 6F, 00, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[5256] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 00000000778192d1 5 bytes [B8, E3, 74, 27, 6F]
.text C:\Windows\System32\WUDFHost.exe[5256] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7 00000000778192d7 5 bytes [00, 00, 00, 50, C3]
.text C:\Windows\System32\WUDFHost.exe[5256] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParameters + 1 000000007782de21 8 bytes [B8, 2B, 74, 27, 6F, 00, 00, ...]
.text C:\Windows\System32\WUDFHost.exe[5256] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParameters + 10 000000007782de2a 2 bytes [50, C3]
.text C:\Windows\System32\WUDFHost.exe[5256] C:\Windows\SYSTEM32\ntdll.dll!NtReadFile 0000000077831310 6 bytes [48, B8, 81, 76, 27, 6F]
.text C:\Windows\System32\WUDFHost.exe[5256] C:\Windows\SYSTEM32\ntdll.dll!NtReadFile + 8 0000000077831318 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\WUDFHost.exe[5256] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 0000000077831330 6 bytes [48, B8, C9, 75, 27, 6F]
.text C:\Windows\System32\WUDFHost.exe[5256] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 0000000077831338 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\WUDFHost.exe[5256] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000778313a0 6 bytes [48, B8, 00, 73, 27, 6F]
.text C:\Windows\System32\WUDFHost.exe[5256] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 00000000778313a8 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\WUDFHost.exe[5256] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKey 00000000778313d0 6 bytes [48, B8, C3, 77, 27, 6F]
.text C:\Windows\System32\WUDFHost.exe[5256] C:\Windows\SYSTEM32\ntdll.dll!NtOpenKey + 8 00000000778313d8 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\WUDFHost.exe[5256] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077831470 6 bytes [48, B8, 11, 75, 27, 6F]
.text C:\Windows\System32\WUDFHost.exe[5256] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 0000000077831478 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\WUDFHost.exe[5256] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey 0000000077831480 6 bytes [48, B8, AC, 77, 27, 6F]
.text C:\Windows\System32\WUDFHost.exe[5256] C:\Windows\SYSTEM32\ntdll.dll!NtCreateKey + 8 0000000077831488 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\WUDFHost.exe[5256] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077831510 6 bytes [48, B8, 50, 77, 27, 6F]
.text C:\Windows\System32\WUDFHost.exe[5256] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000077831518 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\WUDFHost.exe[5256] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 0000000077831520 6 bytes [48, B8, 6A, 76, 27, 6F]
.text C:\Windows\System32\WUDFHost.exe[5256] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile + 8 0000000077831528 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\WUDFHost.exe[5256] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077831530 6 bytes [48, B8, 45, 73, 27, 6F]
.text C:\Windows\System32\WUDFHost.exe[5256] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000077831538 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\WUDFHost.exe[5256] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000077831550 4 bytes [48, B8, 5C, 73]
.text C:\Windows\System32\WUDFHost.exe[5256] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 5 0000000077831555 1 byte [6F]
.text ... |