Kreuzheber | 19.01.2015 17:02 | Gmer Teil 4 Code:
.text C:\Windows\system32\svchost.exe[3480] C:\Windows\system32\kernel32.dll!MoveFileExW + 10 0000000077232b6a 2 bytes [50, C3]
.text C:\Windows\system32\svchost.exe[3480] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007724db80 12 bytes [48, B8, B9, 2D, BF, 75, 00, ...]
.text C:\Windows\system32\svchost.exe[3480] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 0000000077250931 11 bytes [B8, B9, E3, BF, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[3480] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 00000000772852f1 11 bytes [B8, B9, 7A, BF, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[3480] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000077285311 11 bytes [B8, 39, 77, BF, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[3480] C:\Windows\system32\kernel32.dll!ReadConsoleW 000000007729a5e0 12 bytes [48, B8, B9, 81, BF, 75, 00, ...]
.text C:\Windows\system32\svchost.exe[3480] C:\Windows\system32\kernel32.dll!ReadConsoleA 000000007729a6f0 12 bytes [48, B8, 39, 7E, BF, 75, 00, ...]
.text C:\Windows\system32\svchost.exe[3480] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1 00000000772bf491 11 bytes [B8, 79, D7, BF, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[3480] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1 00000000772bf691 11 bytes [B8, F9, D3, BF, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[3480] C:\Windows\system32\kernel32.dll!MoveFileExA + 1 00000000772bf6c1 8 bytes [B8, F9, CC, BF, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[3480] C:\Windows\system32\kernel32.dll!MoveFileExA + 10 00000000772bf6ca 2 bytes [50, C3]
.text C:\Windows\system32\svchost.exe[3480] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd151861 11 bytes [B8, 79, 52, BF, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[3480] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd152db1 11 bytes [B8, 39, AF, BF, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[3480] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd153461 11 bytes [B8, F9, B0, BF, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[3480] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd158ef0 12 bytes [48, B8, 79, AD, BF, 75, 00, ...]
.text C:\Windows\system32\svchost.exe[3480] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd1594c0 12 bytes [48, B8, B9, 50, BF, 75, 00, ...]
.text C:\Windows\system32\svchost.exe[3480] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd15bfd1 11 bytes [B8, B9, AB, BF, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[3480] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd162af1 11 bytes [B8, F9, 4E, BF, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[3480] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd184350 12 bytes [48, B8, B9, 42, BF, 75, 00, ...]
.text C:\Windows\system32\svchost.exe[3480] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 000007fefd190c11 11 bytes [B8, 79, C9, BF, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[3480] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd192871 8 bytes [B8, 39, 23, BF, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[3480] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd19287a 2 bytes [50, C3]
.text C:\Windows\system32\svchost.exe[3480] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd1928b1 11 bytes [B8, F9, 40, BF, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[3480] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefda9642d 11 bytes [B8, 39, 5B, BF, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[3480] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefda96484 12 bytes [48, B8, F9, 55, BF, 75, 00, ...]
.text C:\Windows\system32\svchost.exe[3480] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefda96519 11 bytes [B8, 39, 62, BF, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[3480] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefda96c34 12 bytes [48, B8, 39, 54, BF, 75, 00, ...]
.text C:\Windows\system32\svchost.exe[3480] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefda97ab5 11 bytes [B8, F9, 5C, BF, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[3480] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefda98b01 11 bytes [B8, B9, 57, BF, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[3480] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefda98c39 11 bytes [B8, 79, 59, BF, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[3480] C:\Windows\system32\WS2_32.dll!WSASend + 1 000007fefdd813b1 11 bytes [B8, 79, A6, BF, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[3480] C:\Windows\system32\WS2_32.dll!closesocket 000007fefdd818e0 12 bytes [48, B8, B9, A4, BF, 75, 00, ...]
.text C:\Windows\system32\svchost.exe[3480] C:\Windows\system32\WS2_32.dll!WSASocketW + 1 000007fefdd81bd1 11 bytes [B8, F9, A2, BF, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[3480] C:\Windows\system32\WS2_32.dll!WSARecv + 1 000007fefdd82201 11 bytes [B8, 39, E0, BF, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[3480] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 000007fefdd823c0 12 bytes [48, B8, 39, 8C, BF, 75, 00, ...]
.text C:\Windows\system32\svchost.exe[3480] C:\Windows\system32\WS2_32.dll!connect 000007fefdd845c0 12 bytes [48, B8, 79, 67, BF, 75, 00, ...]
.text C:\Windows\system32\svchost.exe[3480] C:\Windows\system32\WS2_32.dll!send + 1 000007fefdd88001 11 bytes [B8, 39, A1, BF, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[3480] C:\Windows\system32\WS2_32.dll!gethostbyname 000007fefdd88df0 7 bytes [48, B8, B9, 8F, BF, 75, 00]
.text C:\Windows\system32\svchost.exe[3480] C:\Windows\system32\WS2_32.dll!gethostbyname + 9 000007fefdd88df9 3 bytes [00, 50, C3]
.text C:\Windows\system32\svchost.exe[3480] C:\Windows\system32\WS2_32.dll!GetAddrInfoExW 000007fefdd8c090 12 bytes [48, B8, F9, 8D, BF, 75, 00, ...]
.text C:\Windows\system32\svchost.exe[3480] C:\Windows\system32\WS2_32.dll!socket + 1 000007fefdd8de91 11 bytes [B8, 39, D9, BF, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[3480] C:\Windows\system32\WS2_32.dll!recv + 1 000007fefdd8df41 11 bytes [B8, 79, DE, BF, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[3480] C:\Windows\system32\WS2_32.dll!WSAConnect + 1 000007fefddae0f1 11 bytes [B8, B9, DC, BF, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[3480] C:\Windows\system32\DNSAPI.dll!DnsQuery_UTF8 000007fefc7756e0 12 bytes [48, B8, F9, C5, BF, 75, 00, ...]
.text C:\Windows\system32\svchost.exe[3480] C:\Windows\system32\DNSAPI.dll!DnsQuery_W 000007fefc78010c 12 bytes [48, B8, 39, C4, BF, 75, 00, ...]
.text C:\Windows\system32\svchost.exe[3480] C:\Windows\system32\DNSAPI.dll!DnsQuery_A 000007fefc79daa0 12 bytes [48, B8, 79, C2, BF, 75, 00, ...]
.text C:\Windows\System32\svchost.exe[3584] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 00000000773892d1 5 bytes [B8, 39, 69, BF, 75]
.text C:\Windows\System32\svchost.exe[3584] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7 00000000773892d7 5 bytes [00, 00, 00, 50, C3]
.text C:\Windows\System32\svchost.exe[3584] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000773a13a0 6 bytes [48, B8, 39, BD, BF, 75]
.text C:\Windows\System32\svchost.exe[3584] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 00000000773a13a8 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\svchost.exe[3584] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000773a1470 6 bytes [48, B8, F9, A9, BF, 75]
.text C:\Windows\System32\svchost.exe[3584] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 00000000773a1478 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\svchost.exe[3584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000773a1510 6 bytes [48, B8, F9, 32, BF, 75]
.text C:\Windows\System32\svchost.exe[3584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 00000000773a1518 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\svchost.exe[3584] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000773a1530 6 bytes [48, B8, 39, 1C, BF, 75]
.text C:\Windows\System32\svchost.exe[3584] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 00000000773a1538 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\svchost.exe[3584] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00000000773a1550 6 bytes [48, B8, F9, 1D, BF, 75]
.text C:\Windows\System32\svchost.exe[3584] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 00000000773a1558 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\svchost.exe[3584] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000773a1570 6 bytes [48, B8, 39, A8, BF, 75]
.text C:\Windows\System32\svchost.exe[3584] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 00000000773a1578 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\svchost.exe[3584] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000773a1650 6 bytes [48, B8, 79, 2F, BF, 75]
.text C:\Windows\System32\svchost.exe[3584] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 00000000773a1658 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\svchost.exe[3584] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000773a1670 6 bytes [48, B8, 79, 36, BF, 75]
.text C:\Windows\System32\svchost.exe[3584] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 00000000773a1678 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\svchost.exe[3584] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000773a1700 6 bytes [48, B8, B9, 34, BF, 75]
.text C:\Windows\System32\svchost.exe[3584] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 00000000773a1708 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\svchost.exe[3584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 00000000773a1780 6 bytes [48, B8, 39, 2A, BF, 75]
.text C:\Windows\System32\svchost.exe[3584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 00000000773a1788 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\svchost.exe[3584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000773a1790 6 bytes [48, B8, B9, 26, BF, 75]
.text C:\Windows\System32\svchost.exe[3584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 00000000773a1798 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\svchost.exe[3584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 00000000773a1cd0 6 bytes [48, B8, 79, 28, BF, 75]
.text C:\Windows\System32\svchost.exe[3584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 00000000773a1cd8 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\svchost.exe[3584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000773a1d30 6 bytes [48, B8, F9, 24, BF, 75]
.text C:\Windows\System32\svchost.exe[3584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 00000000773a1d38 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\svchost.exe[3584] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773a20a0 6 bytes [48, B8, F9, BE, BF, 75]
.text C:\Windows\System32\svchost.exe[3584] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 00000000773a20a8 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\svchost.exe[3584] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 00000000773a25e0 6 bytes [48, B8, 79, 83, BF, 75]
.text C:\Windows\System32\svchost.exe[3584] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 00000000773a25e8 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\svchost.exe[3584] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773a27e0 6 bytes [48, B8, 39, 31, BF, 75]
.text C:\Windows\System32\svchost.exe[3584] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 00000000773a27e8 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\svchost.exe[3584] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773a29a0 6 bytes [48, B8, B9, C0, BF, 75]
.text C:\Windows\System32\svchost.exe[3584] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 00000000773a29a8 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\svchost.exe[3584] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000773a2a80 6 bytes [48, B8, 79, 3D, BF, 75]
.text C:\Windows\System32\svchost.exe[3584] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8 00000000773a2a88 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\svchost.exe[3584] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000773a2a90 6 bytes [48, B8, B9, 3B, BF, 75]
.text C:\Windows\System32\svchost.exe[3584] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8 00000000773a2a98 4 bytes [00, 00, 50, C3]
.text C:\Windows\System32\svchost.exe[3584] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 0000000077413201 11 bytes [B8, 39, 85, BF, 75, 00, 00, ...]
.text C:\Windows\System32\svchost.exe[3584] C:\Windows\system32\kernel32.dll!Process32NextW + 1 0000000077231b21 11 bytes [B8, 79, BB, BF, 75, 00, 00, ...]
.text C:\Windows\System32\svchost.exe[3584] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 0000000077231c10 12 bytes [48, B8, F9, 39, BF, 75, 00, ...]
.text C:\Windows\System32\svchost.exe[3584] C:\Windows\system32\kernel32.dll!MoveFileExW + 1 0000000077232b61 8 bytes [B8, 79, D0, BF, 75, 00, 00, ...]
.text C:\Windows\System32\svchost.exe[3584] C:\Windows\system32\kernel32.dll!MoveFileExW + 10 0000000077232b6a 2 bytes [50, C3]
.text C:\Windows\System32\svchost.exe[3584] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007724db80 12 bytes [48, B8, B9, 2D, BF, 75, 00, ...]
.text C:\Windows\System32\svchost.exe[3584] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 0000000077250931 11 bytes [B8, B9, E3, BF, 75, 00, 00, ...]
.text C:\Windows\System32\svchost.exe[3584] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 00000000772852f1 11 bytes [B8, B9, 7A, BF, 75, 00, 00, ...]
.text C:\Windows\System32\svchost.exe[3584] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000077285311 11 bytes [B8, 39, 77, BF, 75, 00, 00, ...]
.text C:\Windows\System32\svchost.exe[3584] C:\Windows\system32\kernel32.dll!ReadConsoleW 000000007729a5e0 12 bytes [48, B8, B9, 81, BF, 75, 00, ...]
.text C:\Windows\System32\svchost.exe[3584] C:\Windows\system32\kernel32.dll!ReadConsoleA 000000007729a6f0 12 bytes [48, B8, 39, 7E, BF, 75, 00, ...]
.text C:\Windows\System32\svchost.exe[3584] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1 00000000772bf491 11 bytes [B8, 79, D7, BF, 75, 00, 00, ...]
.text C:\Windows\System32\svchost.exe[3584] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1 00000000772bf691 11 bytes [B8, F9, D3, BF, 75, 00, 00, ...]
.text C:\Windows\System32\svchost.exe[3584] C:\Windows\system32\kernel32.dll!MoveFileExA + 1 00000000772bf6c1 8 bytes [B8, F9, CC, BF, 75, 00, 00, ...]
.text C:\Windows\System32\svchost.exe[3584] C:\Windows\system32\kernel32.dll!MoveFileExA + 10 00000000772bf6ca 2 bytes [50, C3]
.text C:\Windows\System32\svchost.exe[3584] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd151861 11 bytes [B8, 79, 52, BF, 75, 00, 00, ...]
.text C:\Windows\System32\svchost.exe[3584] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd152db1 11 bytes [B8, 39, AF, BF, 75, 00, 00, ...]
.text C:\Windows\System32\svchost.exe[3584] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd153461 11 bytes [B8, F9, B0, BF, 75, 00, 00, ...]
.text C:\Windows\System32\svchost.exe[3584] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd158ef0 12 bytes [48, B8, 79, AD, BF, 75, 00, ...]
.text C:\Windows\System32\svchost.exe[3584] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd1594c0 12 bytes [48, B8, B9, 50, BF, 75, 00, ...]
.text C:\Windows\System32\svchost.exe[3584] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd15bfd1 11 bytes [B8, B9, AB, BF, 75, 00, 00, ...]
.text C:\Windows\System32\svchost.exe[3584] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd162af1 11 bytes [B8, F9, 4E, BF, 75, 00, 00, ...]
.text C:\Windows\System32\svchost.exe[3584] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd184350 12 bytes [48, B8, B9, 42, BF, 75, 00, ...]
.text C:\Windows\System32\svchost.exe[3584] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 000007fefd190c11 11 bytes [B8, 79, C9, BF, 75, 00, 00, ...]
.text C:\Windows\System32\svchost.exe[3584] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd192871 8 bytes [B8, 39, 23, BF, 75, 00, 00, ...]
.text C:\Windows\System32\svchost.exe[3584] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd19287a 2 bytes [50, C3]
.text C:\Windows\System32\svchost.exe[3584] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd1928b1 11 bytes [B8, F9, 40, BF, 75, 00, 00, ...]
.text C:\Windows\System32\svchost.exe[3584] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefda9642d 11 bytes [B8, 39, 5B, BF, 75, 00, 00, ...]
.text C:\Windows\System32\svchost.exe[3584] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefda96484 12 bytes [48, B8, F9, 55, BF, 75, 00, ...]
.text C:\Windows\System32\svchost.exe[3584] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefda96519 11 bytes [B8, 39, 62, BF, 75, 00, 00, ...]
.text C:\Windows\System32\svchost.exe[3584] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefda96c34 12 bytes [48, B8, 39, 54, BF, 75, 00, ...]
.text C:\Windows\System32\svchost.exe[3584] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefda97ab5 11 bytes [B8, F9, 5C, BF, 75, 00, 00, ...]
.text C:\Windows\System32\svchost.exe[3584] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefda98b01 11 bytes [B8, B9, 57, BF, 75, 00, 00, ...]
.text C:\Windows\System32\svchost.exe[3584] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefda98c39 11 bytes [B8, 79, 59, BF, 75, 00, 00, ...]
.text C:\Windows\System32\svchost.exe[3584] C:\Windows\system32\WS2_32.dll!WSASend + 1 000007fefdd813b1 11 bytes [B8, 79, A6, BF, 75, 00, 00, ...]
.text C:\Windows\System32\svchost.exe[3584] C:\Windows\system32\WS2_32.dll!closesocket 000007fefdd818e0 12 bytes [48, B8, B9, A4, BF, 75, 00, ...]
.text C:\Windows\System32\svchost.exe[3584] C:\Windows\system32\WS2_32.dll!WSASocketW + 1 000007fefdd81bd1 11 bytes [B8, F9, A2, BF, 75, 00, 00, ...]
.text C:\Windows\System32\svchost.exe[3584] C:\Windows\system32\WS2_32.dll!WSARecv + 1 000007fefdd82201 11 bytes [B8, 39, E0, BF, 75, 00, 00, ...]
.text C:\Windows\System32\svchost.exe[3584] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 000007fefdd823c0 12 bytes [48, B8, 39, 8C, BF, 75, 00, ...]
.text C:\Windows\System32\svchost.exe[3584] C:\Windows\system32\WS2_32.dll!connect 000007fefdd845c0 12 bytes [48, B8, 79, 67, BF, 75, 00, ...]
.text C:\Windows\System32\svchost.exe[3584] C:\Windows\system32\WS2_32.dll!send + 1 000007fefdd88001 11 bytes [B8, 39, A1, BF, 75, 00, 00, ...]
.text C:\Windows\System32\svchost.exe[3584] C:\Windows\system32\WS2_32.dll!gethostbyname 000007fefdd88df0 7 bytes [48, B8, B9, 8F, BF, 75, 00]
.text C:\Windows\System32\svchost.exe[3584] C:\Windows\system32\WS2_32.dll!gethostbyname + 9 000007fefdd88df9 3 bytes [00, 50, C3]
.text C:\Windows\System32\svchost.exe[3584] C:\Windows\system32\WS2_32.dll!GetAddrInfoExW 000007fefdd8c090 12 bytes [48, B8, F9, 8D, BF, 75, 00, ...]
.text C:\Windows\System32\svchost.exe[3584] C:\Windows\system32\WS2_32.dll!socket + 1 000007fefdd8de91 11 bytes [B8, 39, D9, BF, 75, 00, 00, ...]
.text C:\Windows\System32\svchost.exe[3584] C:\Windows\system32\WS2_32.dll!recv + 1 000007fefdd8df41 11 bytes [B8, 79, DE, BF, 75, 00, 00, ...]
.text C:\Windows\System32\svchost.exe[3584] C:\Windows\system32\WS2_32.dll!WSAConnect + 1 000007fefddae0f1 11 bytes [B8, B9, DC, BF, 75, 00, 00, ...]
.text C:\Windows\System32\svchost.exe[3584] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49 000007fefde14ea1 11 bytes [B8, F9, E8, BF, 75, 00, 00, ...]
.text C:\Windows\System32\svchost.exe[3584] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fefde155c8 12 bytes [48, B8, B9, 6C, BF, 75, 00, ...]
.text C:\Windows\System32\svchost.exe[3584] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fefde2b85c 12 bytes [48, B8, F9, 6A, BF, 75, 00, ...]
.text C:\Windows\System32\svchost.exe[3584] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW 000007fefde2b9d0 12 bytes [48, B8, 79, 60, BF, 75, 00, ...]
.text C:\Windows\System32\svchost.exe[3584] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007fefde2ba3c 12 bytes [48, B8, B9, 5E, BF, 75, 00, ...]
.text C:\PROGRA~2\Raptr\raptr_im.exe[3944] C:\Windows\SysWOW64\ntdll.dll!NtClose 000000007754f9e0 5 bytes JMP 000000007ef35c99
.text C:\PROGRA~2\Raptr\raptr_im.exe[3944] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 000000007754fb28 5 bytes JMP 000000007ef356a9
.text C:\PROGRA~2\Raptr\raptr_im.exe[3944] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 000000007754fc20 5 bytes JMP 000000007ef331d9
.text C:\PROGRA~2\Raptr\raptr_im.exe[3944] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 000000007754fc50 5 bytes JMP 000000007ef315f1
.text C:\PROGRA~2\Raptr\raptr_im.exe[3944] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 000000007754fc80 5 bytes JMP 000000007ef31689
.text C:\PROGRA~2\Raptr\raptr_im.exe[3944] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007754fcb0 5 bytes JMP 000000007ef35611
.text C:\PROGRA~2\Raptr\raptr_im.exe[3944] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007754fe14 5 bytes JMP 000000007ef330a9
.text C:\PROGRA~2\Raptr\raptr_im.exe[3944] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 000000007754fe44 5 bytes JMP 000000007ef33309
.text C:\PROGRA~2\Raptr\raptr_im.exe[3944] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 000000007754ff24 5 bytes JMP 000000007ef33271
.text C:\PROGRA~2\Raptr\raptr_im.exe[3944] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 000000007754ffec 5 bytes JMP 000000007ef32ee1
.text C:\PROGRA~2\Raptr\raptr_im.exe[3944] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077550004 5 bytes JMP 000000007ef32db1
.text C:\PROGRA~2\Raptr\raptr_im.exe[3944] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000775500b4 5 bytes JMP 000000007ef31ed9
.text C:\PROGRA~2\Raptr\raptr_im.exe[3944] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000775501c4 5 bytes JMP 000000007ef32301
.text C:\PROGRA~2\Raptr\raptr_im.exe[3944] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 0000000077550814 5 bytes JMP 000000007ef32e49
.text C:\PROGRA~2\Raptr\raptr_im.exe[3944] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000775508a4 5 bytes JMP 000000007ef32d19
.text C:\PROGRA~2\Raptr\raptr_im.exe[3944] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077550df4 5 bytes JMP 000000007ef35d31
.text C:\PROGRA~2\Raptr\raptr_im.exe[3944] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError 0000000077551604 5 bytes JMP 000000007ef34ac9
.text C:\PROGRA~2\Raptr\raptr_im.exe[3944] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077551920 5 bytes JMP 000000007ef33141
.text C:\PROGRA~2\Raptr\raptr_im.exe[3944] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077551be4 5 bytes JMP 000000007ef35dc9
.text C:\PROGRA~2\Raptr\raptr_im.exe[3944] C:\Windows\SysWOW64\ntdll.dll!NtSuspendProcess 0000000077551d54 5 bytes JMP 000000007ef33439
.text C:\PROGRA~2\Raptr\raptr_im.exe[3944] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077551d70 5 bytes JMP 000000007ef333a1
.text C:\PROGRA~2\Raptr\raptr_im.exe[3944] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl 0000000077551ee8 5 bytes JMP 000000007ef36911
.text C:\PROGRA~2\Raptr\raptr_im.exe[3944] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter 00000000775688c4 5 bytes JMP 000000007ef31ab1
.text C:\PROGRA~2\Raptr\raptr_im.exe[3944] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx 0000000077590d3b 5 bytes JMP 000000007ef32009
.text C:\PROGRA~2\Raptr\raptr_im.exe[3944] C:\Windows\SysWOW64\ntdll.dll!RtlReportException 00000000775d860f 5 bytes JMP 000000007ef34b61
.text C:\PROGRA~2\Raptr\raptr_im.exe[3944] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters 00000000775de8ab 5 bytes JMP 000000007ef31f71
.text C:\PROGRA~2\Raptr\raptr_im.exe[3944] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA 00000000752c0e00 5 bytes JMP 000000007ef31da9
.text C:\PROGRA~2\Raptr\raptr_im.exe[3944] C:\Windows\syswow64\kernel32.dll!CreateProcessA 00000000752c1072 5 bytes JMP 000000007ef32a21
.text C:\PROGRA~2\Raptr\raptr_im.exe[3944] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 00000000752c499f 5 bytes JMP 000000007ef325f9
.text C:\PROGRA~2\Raptr\raptr_im.exe[3944] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 00000000752d3bbb 5 bytes JMP 000000007ef33011
.text C:\PROGRA~2\Raptr\raptr_im.exe[3944] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 00000000752d9aa4 5 bytes JMP 000000007ef36581
.text C:\PROGRA~2\Raptr\raptr_im.exe[3944] C:\Windows\syswow64\kernel32.dll!MoveFileExW 00000000752d9b05 5 bytes JMP 000000007ef36321
.text C:\PROGRA~2\Raptr\raptr_im.exe[3944] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot 00000000752e7327 5 bytes JMP 000000007ef32729
.text C:\PROGRA~2\Raptr\raptr_im.exe[3944] C:\Windows\syswow64\kernel32.dll!Process32NextW 00000000752e88da 5 bytes JMP 000000007ef35c01
.text C:\PROGRA~2\Raptr\raptr_im.exe[3944] C:\Windows\syswow64\kernel32.dll!MoveFileExA 00000000752eccb1 5 bytes JMP 000000007ef361f1
.text C:\PROGRA~2\Raptr\raptr_im.exe[3944] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 00000000752eccd1 5 bytes JMP 000000007ef36451
.text C:\PROGRA~2\Raptr\raptr_im.exe[3944] C:\Windows\syswow64\kernel32.dll!WinExec 0000000075342ff1 5 bytes JMP 000000007ef328f1
.text C:\PROGRA~2\Raptr\raptr_im.exe[3944] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA 000000007536748b 5 bytes JMP 000000007ef346a1
.text C:\PROGRA~2\Raptr\raptr_im.exe[3944] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW 00000000753674ae 5 bytes JMP 000000007ef347d1
.text C:\PROGRA~2\Raptr\raptr_im.exe[3944] C:\Windows\syswow64\kernel32.dll!ReadConsoleA 0000000075367859 5 bytes JMP 000000007ef34901
.text C:\PROGRA~2\Raptr\raptr_im.exe[3944] C:\Windows\syswow64\kernel32.dll!ReadConsoleW 00000000753678d2 5 bytes JMP 000000007ef34a31
.text C:\PROGRA~2\Raptr\raptr_im.exe[3944] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime 00000000757f8f8d 5 bytes JMP 000000007ef31a19
.text C:\PROGRA~2\Raptr\raptr_im.exe[3944] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle 00000000757fc436 5 bytes JMP 000000007ef33b59
.text C:\PROGRA~2\Raptr\raptr_im.exe[3944] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 00000000757feca6 5 bytes JMP 000000007ef33601
.text C:\PROGRA~2\Raptr\raptr_im.exe[3944] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess 00000000757ff206 5 bytes JMP 000000007ef32399
.text C:\PROGRA~2\Raptr\raptr_im.exe[3944] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW 00000000757ffa89 5 bytes JMP 000000007ef31e41
.text C:\PROGRA~2\Raptr\raptr_im.exe[3944] C:\Windows\syswow64\KERNELBASE.dll!DefineDosDeviceW 00000000757ffbb7 5 bytes JMP 000000007ef360c1
.text C:\PROGRA~2\Raptr\raptr_im.exe[3944] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW 0000000075801358 5 bytes JMP 000000007ef33ac1
.text C:\PROGRA~2\Raptr\raptr_im.exe[3944] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 000000007580137f 5 bytes JMP 000000007ef33a29
.text C:\PROGRA~2\Raptr\raptr_im.exe[3944] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075801d29 5 bytes JMP 000000007ef31981
.text C:\PROGRA~2\Raptr\raptr_im.exe[3944] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress 0000000075801e15 5 bytes JMP 000000007ef324c9
.text C:\PROGRA~2\Raptr\raptr_im.exe[3944] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075802ab1 5 bytes JMP 000000007ef357d9
.text C:\PROGRA~2\Raptr\raptr_im.exe[3944] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA 0000000075802cd9 5 bytes JMP 000000007ef35741
.text C:\PROGRA~2\Raptr\raptr_im.exe[3944] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075802d17 5 bytes JMP 000000007ef35871
.text C:\PROGRA~2\Raptr\raptr_im.exe[3944] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA 0000000075802e7a 5 bytes JMP 000000007ef318e9
.text C:\PROGRA~2\Raptr\raptr_im.exe[3944] C:\Windows\syswow64\KERNELBASE.dll!SleepEx 0000000075803b70 5 bytes JMP 000000007ef32269
.text C:\PROGRA~2\Raptr\raptr_im.exe[3944] C:\Windows\syswow64\KERNELBASE.dll!Sleep 0000000075804496 5 bytes JMP 000000007ef32431
.text C:\PROGRA~2\Raptr\raptr_im.exe[3944] C:\Windows\syswow64\KERNELBASE.dll!CreateThread 0000000075804608 5 bytes JMP 000000007ef33569
.text C:\PROGRA~2\Raptr\raptr_im.exe[3944] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread 0000000075804631 5 bytes JMP 000000007ef32c81
.text C:\PROGRA~2\Raptr\raptr_im.exe[3944] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA 000000007580c734 5 bytes JMP 000000007ef327c1
.text C:\PROGRA~2\Raptr\raptr_im.exe[3944] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceW 00000000755bc9ec 5 bytes JMP 000000007ef33c89
.text C:\PROGRA~2\Raptr\raptr_im.exe[3944] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceA 00000000755c2b70 5 bytes JMP 000000007ef33bf1
.text C:\PROGRA~2\Raptr\raptr_im.exe[3944] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle 00000000755c361c 5 bytes JMP 000000007ef340b1
.text C:\PROGRA~2\Raptr\raptr_im.exe[3944] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA + 222 00000000755c4965 5 bytes JMP 000000007ef36c09
.text C:\PROGRA~2\Raptr\raptr_im.exe[3944] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 00000000755d70c4 5 bytes JMP 000000007ef34311
.text C:\PROGRA~2\Raptr\raptr_im.exe[3944] C:\Windows\syswow64\ADVAPI32.dll!ControlService 00000000755d70dc 5 bytes JMP 000000007ef33e51
.text C:\PROGRA~2\Raptr\raptr_im.exe[3944] C:\Windows\syswow64\ADVAPI32.dll!DeleteService 00000000755d70f4 5 bytes JMP 000000007ef33ee9
.text C:\PROGRA~2\Raptr\raptr_im.exe[3944] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA 00000000755f31f4 5 bytes JMP 000000007ef33f81
.text C:\PROGRA~2\Raptr\raptr_im.exe[3944] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW 00000000755f3204 5 bytes JMP 000000007ef34019
.text C:\PROGRA~2\Raptr\raptr_im.exe[3944] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA 00000000755f3214 5 bytes JMP 000000007ef33d21
.text C:\PROGRA~2\Raptr\raptr_im.exe[3944] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExW 00000000755f3224 5 bytes JMP 000000007ef33db9
.text C:\PROGRA~2\Raptr\raptr_im.exe[3944] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 00000000755f3264 5 bytes JMP 000000007ef34279
.text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4644] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 00000000773892d1 5 bytes [B8, 39, 69, BF, 75]
.text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4644] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7 00000000773892d7 5 bytes [00, 00, 00, 50, C3]
.text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4644] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000773a13a0 6 bytes [48, B8, 39, BD, BF, 75]
.text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4644] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 00000000773a13a8 4 bytes [00, 00, 50, C3]
.text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4644] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000773a1470 6 bytes [48, B8, F9, A9, BF, 75]
.text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4644] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 00000000773a1478 4 bytes [00, 00, 50, C3]
.text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000773a1510 6 bytes [48, B8, F9, 32, BF, 75]
.text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 00000000773a1518 4 bytes [00, 00, 50, C3]
.text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4644] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000773a1530 6 bytes [48, B8, 39, 1C, BF, 75]
.text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4644] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 00000000773a1538 4 bytes [00, 00, 50, C3]
.text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4644] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00000000773a1550 6 bytes [48, B8, F9, 1D, BF, 75]
.text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4644] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 00000000773a1558 4 bytes [00, 00, 50, C3]
.text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4644] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000773a1570 6 bytes [48, B8, 39, A8, BF, 75]
.text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4644] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 00000000773a1578 4 bytes [00, 00, 50, C3]
.text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4644] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000773a1650 6 bytes [48, B8, 79, 2F, BF, 75]
.text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4644] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 00000000773a1658 4 bytes [00, 00, 50, C3]
.text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4644] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000773a1670 6 bytes [48, B8, 79, 36, BF, 75]
.text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4644] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 00000000773a1678 4 bytes [00, 00, 50, C3]
.text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4644] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000773a1700 6 bytes [48, B8, B9, 34, BF, 75]
.text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4644] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 00000000773a1708 4 bytes [00, 00, 50, C3]
.text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 00000000773a1780 6 bytes [48, B8, 39, 2A, BF, 75]
.text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 00000000773a1788 4 bytes [00, 00, 50, C3]
.text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000773a1790 6 bytes [48, B8, B9, 26, BF, 75]
.text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 00000000773a1798 4 bytes [00, 00, 50, C3]
.text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 00000000773a1cd0 6 bytes [48, B8, 79, 28, BF, 75]
.text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 00000000773a1cd8 4 bytes [00, 00, 50, C3]
.text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000773a1d30 6 bytes [48, B8, F9, 24, BF, 75]
.text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 00000000773a1d38 4 bytes [00, 00, 50, C3]
.text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4644] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773a20a0 6 bytes [48, B8, F9, BE, BF, 75]
.text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4644] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 00000000773a20a8 4 bytes [00, 00, 50, C3]
.text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4644] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 00000000773a25e0 6 bytes [48, B8, 79, 83, BF, 75]
.text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4644] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 00000000773a25e8 4 bytes [00, 00, 50, C3]
.text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4644] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773a27e0 6 bytes [48, B8, 39, 31, BF, 75]
.text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4644] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 00000000773a27e8 4 bytes [00, 00, 50, C3]
.text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4644] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773a29a0 6 bytes [48, B8, B9, C0, BF, 75]
.text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4644] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 00000000773a29a8 4 bytes [00, 00, 50, C3]
.text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4644] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000773a2a80 6 bytes [48, B8, 79, 3D, BF, 75]
.text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4644] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8 00000000773a2a88 4 bytes [00, 00, 50, C3]
.text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4644] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000773a2a90 6 bytes [48, B8, B9, 3B, BF, 75]
.text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4644] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8 00000000773a2a98 4 bytes [00, 00, 50, C3]
.text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4644] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000773a2b80 6 bytes [48, B8, 79, E5, BF, 75]
.text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4644] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 00000000773a2b88 4 bytes [00, 00, 50, C3]
.text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4644] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 0000000077413201 11 bytes [B8, 39, 85, BF, 75, 00, 00, ...]
.text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4644] C:\Windows\system32\kernel32.dll!Process32NextW + 1 0000000077231b21 11 bytes [B8, 79, BB, BF, 75, 00, 00, ...]
.text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4644] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 0000000077231c10 12 bytes [48, B8, F9, 39, BF, 75, 00, ...]
.text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4644] C:\Windows\system32\kernel32.dll!MoveFileExW + 1 0000000077232b61 8 bytes [B8, 79, D0, BF, 75, 00, 00, ...]
.text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4644] C:\Windows\system32\kernel32.dll!MoveFileExW + 10 0000000077232b6a 2 bytes [50, C3]
.text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4644] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007724db80 12 bytes [48, B8, B9, 2D, BF, 75, 00, ...]
.text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4644] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 0000000077250931 11 bytes [B8, B9, E3, BF, 75, 00, 00, ...]
.text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4644] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 00000000772852f1 11 bytes [B8, B9, 7A, BF, 75, 00, 00, ...]
.text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4644] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000077285311 11 bytes [B8, 39, 77, BF, 75, 00, 00, ...]
.text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4644] C:\Windows\system32\kernel32.dll!ReadConsoleW 000000007729a5e0 12 bytes [48, B8, B9, 81, BF, 75, 00, ...]
.text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4644] C:\Windows\system32\kernel32.dll!ReadConsoleA 000000007729a6f0 12 bytes [48, B8, 39, 7E, BF, 75, 00, ...]
.text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4644] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1 00000000772bf491 11 bytes [B8, 79, D7, BF, 75, 00, 00, ...]
.text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4644] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1 00000000772bf691 11 bytes [B8, F9, D3, BF, 75, 00, 00, ...]
.text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4644] C:\Windows\system32\kernel32.dll!MoveFileExA + 1 00000000772bf6c1 8 bytes [B8, F9, CC, BF, 75, 00, 00, ...]
.text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4644] C:\Windows\system32\kernel32.dll!MoveFileExA + 10 00000000772bf6ca 2 bytes [50, C3]
.text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4644] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd151861 11 bytes [B8, 79, 52, BF, 75, 00, 00, ...]
.text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4644] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd152db1 11 bytes [B8, 39, AF, BF, 75, 00, 00, ...]
.text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4644] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd153461 11 bytes [B8, F9, B0, BF, 75, 00, 00, ...]
.text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4644] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd158ef0 12 bytes [48, B8, 79, AD, BF, 75, 00, ...]
.text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4644] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd1594c0 12 bytes [48, B8, B9, 50, BF, 75, 00, ...]
.text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4644] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd15bfd1 11 bytes [B8, B9, AB, BF, 75, 00, 00, ...]
.text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4644] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd162af1 11 bytes [B8, F9, 4E, BF, 75, 00, 00, ...]
.text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4644] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd184350 12 bytes [48, B8, B9, 42, BF, 75, 00, ...]
.text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4644] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 000007fefd190c11 11 bytes [B8, 79, C9, BF, 75, 00, 00, ...]
.text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4644] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd192871 8 bytes [B8, 39, 23, BF, 75, 00, 00, ...]
.text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4644] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd19287a 2 bytes [50, C3]
.text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4644] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd1928b1 11 bytes [B8, F9, 40, BF, 75, 00, 00, ...]
.text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4644] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefda9642d 11 bytes [B8, 39, 5B, BF, 75, 00, 00, ...]
.text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4644] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefda96484 12 bytes [48, B8, F9, 55, BF, 75, 00, ...]
.text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4644] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefda96519 11 bytes [B8, 39, 62, BF, 75, 00, 00, ...]
.text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4644] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefda96c34 12 bytes [48, B8, 39, 54, BF, 75, 00, ...]
.text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4644] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefda97ab5 11 bytes [B8, F9, 5C, BF, 75, 00, 00, ...]
.text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4644] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefda98b01 11 bytes [B8, B9, 57, BF, 75, 00, 00, ...]
.text C:\Program Files (x86)\Raptr\raptr_ep64.exe[4644] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefda98c39 11 bytes [B8, 79, 59, BF, 75, 00, 00, ...]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2120] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 00000000773892d1 5 bytes [B8, 39, 54, BF, 75]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2120] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7 00000000773892d7 5 bytes [00, 00, 00, 50, C3]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2120] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000773a1470 6 bytes [48, B8, 39, 5B, BF, 75]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2120] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 00000000773a1478 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000773a1510 6 bytes [48, B8, F9, 32, BF, 75]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2120] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 00000000773a1518 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2120] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000773a1530 6 bytes [48, B8, 39, 1C, BF, 75]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2120] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 00000000773a1538 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2120] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00000000773a1550 6 bytes [48, B8, F9, 1D, BF, 75]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2120] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 00000000773a1558 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2120] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000773a1570 6 bytes [48, B8, 79, 59, BF, 75]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2120] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 00000000773a1578 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2120] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000773a1650 6 bytes [48, B8, 79, 2F, BF, 75]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2120] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 00000000773a1658 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2120] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000773a1670 6 bytes [48, B8, 79, 36, BF, 75]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2120] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 00000000773a1678 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2120] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000773a1700 6 bytes [48, B8, B9, 34, BF, 75]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2120] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 00000000773a1708 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 00000000773a1780 6 bytes [48, B8, 39, 2A, BF, 75]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 00000000773a1788 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000773a1790 6 bytes [48, B8, B9, 26, BF, 75]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 00000000773a1798 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000773a1800 6 bytes [48, B8, 79, 60, BF, 75]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 00000000773a1808 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 00000000773a1cd0 6 bytes [48, B8, 79, 28, BF, 75]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 00000000773a1cd8 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000773a1d30 6 bytes [48, B8, F9, 24, BF, 75]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2120] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 00000000773a1d38 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2120] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773a20a0 6 bytes [48, B8, F9, 5C, BF, 75]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2120] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 00000000773a20a8 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2120] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773a27e0 6 bytes [48, B8, 39, 31, BF, 75]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2120] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 00000000773a27e8 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2120] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773a29a0 6 bytes [48, B8, B9, 5E, BF, 75]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2120] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 00000000773a29a8 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2120] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000773a2a80 6 bytes [48, B8, 79, 3D, BF, 75]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2120] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8 00000000773a2a88 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2120] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000773a2a90 6 bytes [48, B8, B9, 3B, BF, 75]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2120] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8 00000000773a2a98 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2120] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000773a2b80 6 bytes [48, B8, 79, 75, BF, 75]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2120] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 00000000773a2b88 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2120] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 0000000077231c10 12 bytes [48, B8, F9, 39, BF, 75, 00, ...]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2120] C:\Windows\system32\kernel32.dll!MoveFileExW + 1 0000000077232b61 8 bytes [B8, 39, 69, BF, 75, 00, 00, ...]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2120] C:\Windows\system32\kernel32.dll!MoveFileExW + 10 0000000077232b6a 2 bytes [50, C3]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2120] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007724db80 12 bytes [48, B8, B9, 2D, BF, 75, 00, ...]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2120] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 0000000077250931 11 bytes [B8, B9, 73, BF, 75, 00, 00, ...]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2120] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1 00000000772bf491 11 bytes [B8, 39, 70, BF, 75, 00, 00, ...]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2120] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1 00000000772bf691 11 bytes [B8, B9, 6C, BF, 75, 00, 00, ...]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2120] C:\Windows\system32\kernel32.dll!MoveFileExA + 1 00000000772bf6c1 8 bytes [B8, B9, 65, BF, 75, 00, 00, ...]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2120] C:\Windows\system32\kernel32.dll!MoveFileExA + 10 00000000772bf6ca 2 bytes [50, C3]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2120] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd184350 12 bytes [48, B8, B9, 42, BF, 75, 00, ...]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2120] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 000007fefd190c11 11 bytes [B8, 39, 62, BF, 75, 00, 00, ...]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2120] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd192871 8 bytes [B8, 39, 23, BF, 75, 00, 00, ...]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2120] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd19287a 2 bytes [50, C3]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2120] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd1928b1 11 bytes [B8, F9, 40, BF, 75, 00, 00, ...]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2120] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefda9642d 11 bytes [B8, 79, 4B, BF, 75, 00, 00, ...]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2120] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefda96484 12 bytes [48, B8, 39, 46, BF, 75, 00, ...]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2120] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefda96519 11 bytes [B8, 79, 52, BF, 75, 00, 00, ...]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2120] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefda96c34 12 bytes [48, B8, 79, 44, BF, 75, 00, ...]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2120] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefda97ab5 11 bytes [B8, 39, 4D, BF, 75, 00, 00, ...]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2120] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefda98b01 11 bytes [B8, F9, 47, BF, 75, 00, 00, ...]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2120] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefda98c39 11 bytes [B8, B9, 49, BF, 75, 00, 00, ...]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2120] C:\Windows\system32\urlmon.dll!URLDownloadToFileW + 1 000007fefd5c3681 11 bytes [B8, 39, 77, BF, 75, 00, 00, ...]
.text C:\Windows\system32\ctfmon.exe[4848] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 00000000773892d1 5 bytes [B8, 39, 69, BF, 75]
.text C:\Windows\system32\ctfmon.exe[4848] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7 00000000773892d7 5 bytes [00, 00, 00, 50, C3]
.text C:\Windows\system32\ctfmon.exe[4848] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000773a13a0 6 bytes [48, B8, 39, BD, BF, 75]
.text C:\Windows\system32\ctfmon.exe[4848] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 00000000773a13a8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\ctfmon.exe[4848] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 00000000773a1470 6 bytes [48, B8, F9, A9, BF, 75]
.text C:\Windows\system32\ctfmon.exe[4848] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 00000000773a1478 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\ctfmon.exe[4848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000773a1510 6 bytes [48, B8, F9, 32, BF, 75]
.text C:\Windows\system32\ctfmon.exe[4848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 00000000773a1518 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\ctfmon.exe[4848] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000773a1530 6 bytes [48, B8, 39, 1C, BF, 75]
.text C:\Windows\system32\ctfmon.exe[4848] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 00000000773a1538 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\ctfmon.exe[4848] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00000000773a1550 6 bytes [48, B8, F9, 1D, BF, 75]
.text C:\Windows\system32\ctfmon.exe[4848] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 00000000773a1558 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\ctfmon.exe[4848] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000773a1570 6 bytes [48, B8, 39, A8, BF, 75]
.text C:\Windows\system32\ctfmon.exe[4848] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 00000000773a1578 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\ctfmon.exe[4848] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000773a1650 6 bytes [48, B8, 79, 2F, BF, 75]
.text C:\Windows\system32\ctfmon.exe[4848] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 00000000773a1658 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\ctfmon.exe[4848] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000773a1670 6 bytes [48, B8, 79, 36, BF, 75]
.text C:\Windows\system32\ctfmon.exe[4848] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 00000000773a1678 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\ctfmon.exe[4848] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000773a1700 6 bytes [48, B8, B9, 34, BF, 75]
.text C:\Windows\system32\ctfmon.exe[4848] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 00000000773a1708 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\ctfmon.exe[4848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 00000000773a1780 6 bytes [48, B8, 39, 2A, BF, 75]
.text C:\Windows\system32\ctfmon.exe[4848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 00000000773a1788 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\ctfmon.exe[4848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000773a1790 6 bytes [48, B8, B9, 26, BF, 75]
.text C:\Windows\system32\ctfmon.exe[4848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 00000000773a1798 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\ctfmon.exe[4848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 00000000773a1cd0 6 bytes [48, B8, 79, 28, BF, 75]
.text C:\Windows\system32\ctfmon.exe[4848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 00000000773a1cd8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\ctfmon.exe[4848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000773a1d30 6 bytes [48, B8, F9, 24, BF, 75]
.text C:\Windows\system32\ctfmon.exe[4848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 00000000773a1d38 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\ctfmon.exe[4848] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773a20a0 6 bytes [48, B8, F9, BE, BF, 75]
.text C:\Windows\system32\ctfmon.exe[4848] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 00000000773a20a8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\ctfmon.exe[4848] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 00000000773a25e0 6 bytes [48, B8, 79, 83, BF, 75]
.text C:\Windows\system32\ctfmon.exe[4848] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 00000000773a25e8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\ctfmon.exe[4848] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773a27e0 6 bytes [48, B8, 39, 31, BF, 75]
.text C:\Windows\system32\ctfmon.exe[4848] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 00000000773a27e8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\ctfmon.exe[4848] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773a29a0 6 bytes [48, B8, B9, C0, BF, 75]
.text C:\Windows\system32\ctfmon.exe[4848] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 00000000773a29a8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\ctfmon.exe[4848] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000773a2a80 6 bytes [48, B8, 79, 3D, BF, 75]
.text C:\Windows\system32\ctfmon.exe[4848] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8 00000000773a2a88 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\ctfmon.exe[4848] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000773a2a90 6 bytes [48, B8, B9, 3B, BF, 75]
.text C:\Windows\system32\ctfmon.exe[4848] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8 00000000773a2a98 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\ctfmon.exe[4848] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000773a2b80 6 bytes [48, B8, 79, E5, BF, 75]
.text C:\Windows\system32\ctfmon.exe[4848] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 00000000773a2b88 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\ctfmon.exe[4848] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 0000000077413201 11 bytes [B8, 39, 85, BF, 75, 00, 00, ...]
.text C:\Windows\system32\ctfmon.exe[4848] C:\Windows\system32\kernel32.dll!Process32NextW + 1 0000000077231b21 11 bytes [B8, 79, BB, BF, 75, 00, 00, ...]
.text C:\Windows\system32\ctfmon.exe[4848] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 0000000077231c10 12 bytes [48, B8, F9, 39, BF, 75, 00, ...]
.text C:\Windows\system32\ctfmon.exe[4848] C:\Windows\system32\kernel32.dll!MoveFileExW + 1 0000000077232b61 8 bytes [B8, 79, D0, BF, 75, 00, 00, ...]
.text C:\Windows\system32\ctfmon.exe[4848] C:\Windows\system32\kernel32.dll!MoveFileExW + 10 0000000077232b6a 2 bytes [50, C3]
.text C:\Windows\system32\ctfmon.exe[4848] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007724db80 12 bytes [48, B8, B9, 2D, BF, 75, 00, ...]
.text C:\Windows\system32\ctfmon.exe[4848] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 0000000077250931 11 bytes [B8, B9, E3, BF, 75, 00, 00, ...]
.text C:\Windows\system32\ctfmon.exe[4848] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 00000000772852f1 11 bytes [B8, B9, 7A, BF, 75, 00, 00, ...]
.text C:\Windows\system32\ctfmon.exe[4848] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000077285311 11 bytes [B8, 39, 77, BF, 75, 00, 00, ...]
.text C:\Windows\system32\ctfmon.exe[4848] C:\Windows\system32\kernel32.dll!ReadConsoleW 000000007729a5e0 12 bytes [48, B8, B9, 81, BF, 75, 00, ...]
.text C:\Windows\system32\ctfmon.exe[4848] C:\Windows\system32\kernel32.dll!ReadConsoleA 000000007729a6f0 12 bytes [48, B8, 39, 7E, BF, 75, 00, ...]
.text C:\Windows\system32\ctfmon.exe[4848] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1 00000000772bf491 11 bytes [B8, 79, D7, BF, 75, 00, 00, ...]
.text C:\Windows\system32\ctfmon.exe[4848] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1 00000000772bf691 11 bytes [B8, F9, D3, BF, 75, 00, 00, ...]
.text C:\Windows\system32\ctfmon.exe[4848] C:\Windows\system32\kernel32.dll!MoveFileExA + 1 00000000772bf6c1 8 bytes [B8, F9, CC, BF, 75, 00, 00, ...]
.text C:\Windows\system32\ctfmon.exe[4848] C:\Windows\system32\kernel32.dll!MoveFileExA + 10 00000000772bf6ca 2 bytes [50, C3]
.text C:\Windows\system32\ctfmon.exe[4848] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd151861 11 bytes [B8, 79, 52, BF, 75, 00, 00, ...]
.text C:\Windows\system32\ctfmon.exe[4848] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd152db1 11 bytes [B8, 39, AF, BF, 75, 00, 00, ...]
.text C:\Windows\system32\ctfmon.exe[4848] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd153461 11 bytes [B8, F9, B0, BF, 75, 00, 00, ...]
.text C:\Windows\system32\ctfmon.exe[4848] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd158ef0 12 bytes [48, B8, 79, AD, BF, 75, 00, ...]
.text C:\Windows\system32\ctfmon.exe[4848] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd1594c0 12 bytes [48, B8, B9, 50, BF, 75, 00, ...]
.text C:\Windows\system32\ctfmon.exe[4848] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd15bfd1 11 bytes [B8, B9, AB, BF, 75, 00, 00, ...]
.text C:\Windows\system32\ctfmon.exe[4848] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd162af1 11 bytes [B8, F9, 4E, BF, 75, 00, 00, ...]
.text C:\Windows\system32\ctfmon.exe[4848] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd184350 12 bytes [48, B8, B9, 42, BF, 75, 00, ...]
.text C:\Windows\system32\ctfmon.exe[4848] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 000007fefd190c11 11 bytes [B8, 79, C9, BF, 75, 00, 00, ...]
.text C:\Windows\system32\ctfmon.exe[4848] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd192871 8 bytes [B8, 39, 23, BF, 75, 00, 00, ...]
.text C:\Windows\system32\ctfmon.exe[4848] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd19287a 2 bytes [50, C3]
.text C:\Windows\system32\ctfmon.exe[4848] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd1928b1 11 bytes [B8, F9, 40, BF, 75, 00, 00, ...]
.text C:\Windows\system32\ctfmon.exe[4848] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefda9642d 11 bytes [B8, 39, 5B, BF, 75, 00, 00, ...]
.text C:\Windows\system32\ctfmon.exe[4848] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefda96484 12 bytes [48, B8, F9, 55, BF, 75, 00, ...]
.text C:\Windows\system32\ctfmon.exe[4848] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefda96519 11 bytes [B8, 39, 62, BF, 75, 00, 00, ...]
.text C:\Windows\system32\ctfmon.exe[4848] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefda96c34 12 bytes [48, B8, 39, 54, BF, 75, 00, ...]
.text C:\Windows\system32\ctfmon.exe[4848] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefda97ab5 11 bytes [B8, F9, 5C, BF, 75, 00, 00, ...]
.text C:\Windows\system32\ctfmon.exe[4848] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefda98b01 11 bytes [B8, B9, 57, BF, 75, 00, 00, ...]
.text C:\Windows\system32\ctfmon.exe[4848] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefda98c39 11 bytes [B8, 79, 59, BF, 75, 00, 00, ...]
---- Processes - GMER 2.1 ----
Library \\?\C:\Program Files\Common Files\Bitdefender\Bitdefender Threat Scanner\trufos.dll (*** suspicious ***) @ C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe [832] (FILE NOT FOUND) 000007fefb5f0000
Process C:\Users\Gamestation 1\AppData\Roaming\InetStat\inetstat.exe (*** suspicious ***) @ C:\Users\Gamestation 1\AppData\Roaming\InetStat\inetstat.exe [3344](2015-01-11 08:11:22) 0000000000400000
---- EOF - GMER 2.1 ---- Mbar Code:
Malwarebytes Anti-Rootkit BETA 1.08.2.1001
www.malwarebytes.org
Database version: v2015.01.19.07
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17501
Gamestation 1 :: GAMESTATION1-PC [administrator]
19.01.2015 14:05:00
mbar-log-2015-01-19 (14-05-00).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 323615
Time elapsed: 9 minute(s), 8 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end) Ich hoffe, dass ich das alles richtig gemacht habe. |