Teil 2 GMER Code:
.text C:\Windows\system32\svchost.exe[1960] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefd396484 12 bytes [48, B8, F9, 55, 65, 73, 00, ...]
.text C:\Windows\system32\svchost.exe[1960] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefd396519 11 bytes [B8, 39, 62, 65, 73, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[1960] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefd396c34 12 bytes [48, B8, 39, 54, 65, 73, 00, ...]
.text C:\Windows\system32\svchost.exe[1960] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefd397ab5 11 bytes [B8, F9, 5C, 65, 73, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[1960] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefd398b01 11 bytes [B8, B9, 57, 65, 73, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[1960] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefd398c39 11 bytes [B8, 79, 59, 65, 73, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[1960] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49 000007fefedc4ea1 11 bytes [B8, 79, F3, 65, 73, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[1960] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fefedc55c8 12 bytes [48, B8, B9, 6C, 65, 73, 00, ...]
.text C:\Windows\system32\svchost.exe[1960] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fefeddb85c 12 bytes [48, B8, F9, 6A, 65, 73, 00, ...]
.text C:\Windows\system32\svchost.exe[1960] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW 000007fefeddb9d0 12 bytes [48, B8, 79, 60, 65, 73, 00, ...]
.text C:\Windows\system32\svchost.exe[1960] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007fefeddba3c 12 bytes [48, B8, B9, 5E, 65, 73, 00, ...]
.text C:\Windows\system32\svchost.exe[1960] C:\Windows\system32\WS2_32.dll!WSASend + 1 000007fefd9213b1 11 bytes [B8, 79, A6, 65, 73, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[1960] C:\Windows\system32\WS2_32.dll!closesocket 000007fefd9218e0 12 bytes [48, B8, B9, A4, 65, 73, 00, ...]
.text C:\Windows\system32\svchost.exe[1960] C:\Windows\system32\WS2_32.dll!WSASocketW + 1 000007fefd921bd1 11 bytes [B8, F9, A2, 65, 73, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[1960] C:\Windows\system32\WS2_32.dll!WSARecv + 1 000007fefd922201 11 bytes [B8, 39, E0, 65, 73, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[1960] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 000007fefd9223c0 12 bytes [48, B8, 39, 8C, 65, 73, 00, ...]
.text C:\Windows\system32\svchost.exe[1960] C:\Windows\system32\WS2_32.dll!connect 000007fefd9245c0 12 bytes [48, B8, 79, 67, 65, 73, 00, ...]
.text C:\Windows\system32\svchost.exe[1960] C:\Windows\system32\WS2_32.dll!send + 1 000007fefd928001 11 bytes [B8, 39, A1, 65, 73, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[1960] C:\Windows\system32\WS2_32.dll!gethostbyname 000007fefd928df0 7 bytes [48, B8, B9, 8F, 65, 73, 00]
.text C:\Windows\system32\svchost.exe[1960] C:\Windows\system32\WS2_32.dll!gethostbyname + 9 000007fefd928df9 3 bytes [00, 50, C3]
.text C:\Windows\system32\svchost.exe[1960] C:\Windows\system32\WS2_32.dll!GetAddrInfoExW 000007fefd92c090 12 bytes [48, B8, F9, 8D, 65, 73, 00, ...]
.text C:\Windows\system32\svchost.exe[1960] C:\Windows\system32\WS2_32.dll!socket + 1 000007fefd92de91 11 bytes [B8, 39, D9, 65, 73, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[1960] C:\Windows\system32\WS2_32.dll!recv + 1 000007fefd92df41 11 bytes [B8, 79, DE, 65, 73, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[1960] C:\Windows\system32\WS2_32.dll!WSAConnect + 1 000007fefd94e0f1 11 bytes [B8, B9, DC, 65, 73, 00, 00, ...]
.text C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 00000000771792d1 5 bytes [B8, 39, 69, 65, 73]
.text C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7 00000000771792d7 5 bytes [00, 00, 00, 50, C3]
.text C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 0000000077191330 6 bytes [48, B8, F9, EF, 65, 73]
.text C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 0000000077191338 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000771913a0 6 bytes [48, B8, 39, BD, 65, 73]
.text C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 00000000771913a8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077191470 6 bytes [48, B8, F9, A9, 65, 73]
.text C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 0000000077191478 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077191510 6 bytes [48, B8, F9, 32, 65, 73]
.text C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000077191518 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077191530 6 bytes [48, B8, 39, 1C, 65, 73]
.text C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000077191538 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000077191550 6 bytes [48, B8, F9, 1D, 65, 73]
.text C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000077191558 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077191570 6 bytes [48, B8, 39, A8, 65, 73]
.text C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 0000000077191578 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077191620 6 bytes [48, B8, 79, EC, 65, 73]
.text C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 0000000077191628 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077191650 6 bytes [48, B8, 79, 2F, 65, 73]
.text C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 0000000077191658 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077191670 6 bytes [48, B8, 79, 36, 65, 73]
.text C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 0000000077191678 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077191700 6 bytes [48, B8, B9, 34, 65, 73]
.text C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 0000000077191708 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077191750 6 bytes [48, B8, B9, F1, 65, 73]
.text C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 0000000077191758 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000077191780 6 bytes [48, B8, 39, 2A, 65, 73]
.text C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 0000000077191788 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077191790 6 bytes [48, B8, B9, 26, 65, 73]
.text C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 0000000077191798 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077191800 6 bytes [48, B8, 39, EE, 65, 73]
.text C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000077191808 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 00000000771918b0 6 bytes [48, B8, 39, F5, 65, 73]
.text C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 00000000771918b8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077191c80 6 bytes [48, B8, B9, EA, 65, 73]
.text C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 0000000077191c88 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000077191cd0 6 bytes [48, B8, 79, 28, 65, 73]
.text C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 0000000077191cd8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077191d30 6 bytes [48, B8, F9, 24, 65, 73]
.text C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 0000000077191d38 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000771920a0 6 bytes [48, B8, F9, BE, 65, 73]
.text C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 00000000771920a8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 00000000771925e0 6 bytes [48, B8, 79, 83, 65, 73]
.text C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 00000000771925e8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771927e0 6 bytes [48, B8, 39, 31, 65, 73]
.text C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 00000000771927e8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771929a0 6 bytes [48, B8, B9, C0, 65, 73]
.text C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 00000000771929a8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077192a80 6 bytes [48, B8, 79, 3D, 65, 73]
.text C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8 0000000077192a88 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077192a90 6 bytes [48, B8, B9, 3B, 65, 73]
.text C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8 0000000077192a98 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077192aa0 6 bytes [48, B8, 79, F3, 65, 73]
.text C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 0000000077192aa8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077192b80 6 bytes [48, B8, 79, E5, 65, 73]
.text C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 0000000077192b88 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 0000000077203201 11 bytes [B8, 39, 85, 65, 73, 00, 00, ...]
.text C:\Windows\system32\taskhost.exe[1844] C:\Windows\system32\kernel32.dll!Process32NextW + 1 0000000076f21b21 11 bytes [B8, 79, BB, 65, 73, 00, 00, ...]
.text C:\Windows\system32\taskhost.exe[1844] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 0000000076f21c10 5 bytes [48, B8, F9, 39, 65]
.text C:\Windows\system32\taskhost.exe[1844] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot + 6 0000000076f21c16 6 bytes [00, 00, 00, 00, 50, C3]
.text C:\Windows\system32\taskhost.exe[1844] C:\Windows\system32\kernel32.dll!MoveFileExW + 1 0000000076f22b61 8 bytes [B8, 79, D0, 65, 73, 00, 00, ...]
.text C:\Windows\system32\taskhost.exe[1844] C:\Windows\system32\kernel32.dll!MoveFileExW + 10 0000000076f22b6a 2 bytes [50, C3]
.text C:\Windows\system32\taskhost.exe[1844] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076f3db80 12 bytes [48, B8, B9, 2D, 65, 73, 00, ...]
.text C:\Windows\system32\taskhost.exe[1844] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 0000000076f40931 11 bytes [B8, B9, E3, 65, 73, 00, 00, ...]
.text C:\Windows\system32\taskhost.exe[1844] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 0000000076f752f1 11 bytes [B8, B9, 7A, 65, 73, 00, 00, ...]
.text C:\Windows\system32\taskhost.exe[1844] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000076f75311 11 bytes [B8, 39, 77, 65, 73, 00, 00, ...]
.text C:\Windows\system32\taskhost.exe[1844] C:\Windows\system32\kernel32.dll!ReadConsoleW 0000000076f8a5e0 12 bytes [48, B8, B9, 81, 65, 73, 00, ...]
.text C:\Windows\system32\taskhost.exe[1844] C:\Windows\system32\kernel32.dll!ReadConsoleA 0000000076f8a6f0 12 bytes [48, B8, 39, 7E, 65, 73, 00, ...]
.text C:\Windows\system32\taskhost.exe[1844] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1 0000000076faf491 11 bytes [B8, 79, D7, 65, 73, 00, 00, ...]
.text C:\Windows\system32\taskhost.exe[1844] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1 0000000076faf691 11 bytes [B8, F9, D3, 65, 73, 00, 00, ...]
.text C:\Windows\system32\taskhost.exe[1844] C:\Windows\system32\kernel32.dll!MoveFileExA + 1 0000000076faf6c1 8 bytes [B8, F9, CC, 65, 73, 00, 00, ...]
.text C:\Windows\system32\taskhost.exe[1844] C:\Windows\system32\kernel32.dll!MoveFileExA + 10 0000000076faf6ca 2 bytes [50, C3]
.text C:\Windows\system32\taskhost.exe[1844] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd061861 11 bytes [B8, 79, 52, 65, 73, 00, 00, ...]
.text C:\Windows\system32\taskhost.exe[1844] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd062db1 11 bytes [B8, 39, AF, 65, 73, 00, 00, ...]
.text C:\Windows\system32\taskhost.exe[1844] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd063461 11 bytes [B8, F9, B0, 65, 73, 00, 00, ...]
.text C:\Windows\system32\taskhost.exe[1844] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd068ef0 12 bytes [48, B8, 79, AD, 65, 73, 00, ...]
.text C:\Windows\system32\taskhost.exe[1844] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd0694c0 12 bytes [48, B8, B9, 50, 65, 73, 00, ...]
.text C:\Windows\system32\taskhost.exe[1844] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd06bfd1 11 bytes [B8, B9, AB, 65, 73, 00, 00, ...]
.text C:\Windows\system32\taskhost.exe[1844] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd072af1 11 bytes [B8, F9, 4E, 65, 73, 00, 00, ...]
.text C:\Windows\system32\taskhost.exe[1844] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd094350 12 bytes [48, B8, B9, 42, 65, 73, 00, ...]
.text C:\Windows\system32\taskhost.exe[1844] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 000007fefd0a0c11 11 bytes [B8, 79, C9, 65, 73, 00, 00, ...]
.text C:\Windows\system32\taskhost.exe[1844] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd0a2871 8 bytes [B8, 39, 23, 65, 73, 00, 00, ...]
.text C:\Windows\system32\taskhost.exe[1844] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd0a287a 2 bytes [50, C3]
.text C:\Windows\system32\taskhost.exe[1844] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd0a28b1 11 bytes [B8, F9, 40, 65, 73, 00, 00, ...]
.text C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefd39642d 11 bytes [B8, 39, 5B, 65, 73, 00, 00, ...]
.text C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefd396484 12 bytes [48, B8, F9, 55, 65, 73, 00, ...]
.text C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefd396519 11 bytes [B8, 39, 62, 65, 73, 00, 00, ...]
.text C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefd396c34 12 bytes [48, B8, 39, 54, 65, 73, 00, ...]
.text C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefd397ab5 11 bytes [B8, F9, 5C, 65, 73, 00, 00, ...]
.text C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefd398b01 11 bytes [B8, B9, 57, 65, 73, 00, 00, ...]
.text C:\Windows\system32\taskhost.exe[1844] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefd398c39 11 bytes [B8, 79, 59, 65, 73, 00, 00, ...]
.text C:\Windows\system32\taskhost.exe[1844] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49 000007fefedc4ea1 11 bytes [B8, B9, F8, 65, 73, 00, 00, ...]
.text C:\Windows\system32\taskhost.exe[1844] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fefedc55c8 12 bytes [48, B8, B9, 6C, 65, 73, 00, ...]
.text C:\Windows\system32\taskhost.exe[1844] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fefeddb85c 12 bytes [48, B8, F9, 6A, 65, 73, 00, ...]
.text C:\Windows\system32\taskhost.exe[1844] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW 000007fefeddb9d0 12 bytes [48, B8, 79, 60, 65, 73, 00, ...]
.text C:\Windows\system32\taskhost.exe[1844] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007fefeddba3c 12 bytes [48, B8, B9, 5E, 65, 73, 00, ...]
.text C:\Windows\Explorer.EXE[2064] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 00000000771792d1 5 bytes [B8, F9, 55, 65, 73]
.text C:\Windows\Explorer.EXE[2064] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7 00000000771792d7 5 bytes [00, 00, 00, 50, C3]
.text C:\Windows\Explorer.EXE[2064] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077191470 6 bytes [48, B8, F9, 5C, 65, 73]
.text C:\Windows\Explorer.EXE[2064] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 0000000077191478 4 bytes [00, 00, 50, C3]
.text C:\Windows\Explorer.EXE[2064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077191510 6 bytes [48, B8, F9, 32, 65, 73]
.text C:\Windows\Explorer.EXE[2064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000077191518 4 bytes [00, 00, 50, C3]
.text C:\Windows\Explorer.EXE[2064] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077191530 6 bytes [48, B8, 39, 1C, 65, 73]
.text C:\Windows\Explorer.EXE[2064] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000077191538 4 bytes [00, 00, 50, C3]
.text C:\Windows\Explorer.EXE[2064] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000077191550 6 bytes [48, B8, F9, 1D, 65, 73]
.text C:\Windows\Explorer.EXE[2064] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000077191558 4 bytes [00, 00, 50, C3]
.text C:\Windows\Explorer.EXE[2064] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077191570 6 bytes [48, B8, 39, 5B, 65, 73]
.text C:\Windows\Explorer.EXE[2064] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 0000000077191578 4 bytes [00, 00, 50, C3]
.text C:\Windows\Explorer.EXE[2064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077191620 6 bytes [48, B8, F9, 7F, 65, 73]
.text C:\Windows\Explorer.EXE[2064] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 0000000077191628 4 bytes [00, 00, 50, C3]
.text C:\Windows\Explorer.EXE[2064] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077191650 6 bytes [48, B8, 79, 2F, 65, 73]
.text C:\Windows\Explorer.EXE[2064] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 0000000077191658 4 bytes [00, 00, 50, C3]
.text C:\Windows\Explorer.EXE[2064] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077191670 6 bytes [48, B8, 79, 36, 65, 73]
.text C:\Windows\Explorer.EXE[2064] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 0000000077191678 4 bytes [00, 00, 50, C3]
.text C:\Windows\Explorer.EXE[2064] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077191700 6 bytes [48, B8, B9, 34, 65, 73]
.text C:\Windows\Explorer.EXE[2064] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 0000000077191708 4 bytes [00, 00, 50, C3]
.text C:\Windows\Explorer.EXE[2064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077191750 6 bytes [48, B8, B9, 81, 65, 73]
.text C:\Windows\Explorer.EXE[2064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 0000000077191758 4 bytes [00, 00, 50, C3]
.text C:\Windows\Explorer.EXE[2064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000077191780 6 bytes [48, B8, 39, 2A, 65, 73]
.text C:\Windows\Explorer.EXE[2064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 0000000077191788 4 bytes [00, 00, 50, C3]
.text C:\Windows\Explorer.EXE[2064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077191790 6 bytes [48, B8, B9, 26, 65, 73]
.text C:\Windows\Explorer.EXE[2064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 0000000077191798 4 bytes [00, 00, 50, C3]
.text C:\Windows\Explorer.EXE[2064] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 00000000771918b0 6 bytes [48, B8, 39, 85, 65, 73]
.text C:\Windows\Explorer.EXE[2064] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 00000000771918b8 4 bytes [00, 00, 50, C3]
.text C:\Windows\Explorer.EXE[2064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077191c80 6 bytes [48, B8, 39, 7E, 65, 73]
.text C:\Windows\Explorer.EXE[2064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 0000000077191c88 4 bytes [00, 00, 50, C3]
.text C:\Windows\Explorer.EXE[2064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000077191cd0 6 bytes [48, B8, 79, 28, 65, 73]
.text C:\Windows\Explorer.EXE[2064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 0000000077191cd8 4 bytes [00, 00, 50, C3]
.text C:\Windows\Explorer.EXE[2064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077191d30 6 bytes [48, B8, F9, 24, 65, 73]
.text C:\Windows\Explorer.EXE[2064] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 0000000077191d38 4 bytes [00, 00, 50, C3]
.text C:\Windows\Explorer.EXE[2064] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000771920a0 6 bytes [48, B8, B9, 5E, 65, 73]
.text C:\Windows\Explorer.EXE[2064] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 00000000771920a8 4 bytes [00, 00, 50, C3]
.text C:\Windows\Explorer.EXE[2064] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771927e0 6 bytes [48, B8, 39, 31, 65, 73]
.text C:\Windows\Explorer.EXE[2064] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 00000000771927e8 4 bytes [00, 00, 50, C3]
.text C:\Windows\Explorer.EXE[2064] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771929a0 6 bytes [48, B8, 79, 60, 65, 73]
.text C:\Windows\Explorer.EXE[2064] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 00000000771929a8 4 bytes [00, 00, 50, C3]
.text C:\Windows\Explorer.EXE[2064] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077192a80 6 bytes [48, B8, 79, 3D, 65, 73]
.text C:\Windows\Explorer.EXE[2064] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8 0000000077192a88 4 bytes [00, 00, 50, C3]
.text C:\Windows\Explorer.EXE[2064] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077192a90 6 bytes [48, B8, B9, 3B, 65, 73]
.text C:\Windows\Explorer.EXE[2064] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8 0000000077192a98 4 bytes [00, 00, 50, C3]
.text C:\Windows\Explorer.EXE[2064] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077192aa0 6 bytes [48, B8, 79, 83, 65, 73]
.text C:\Windows\Explorer.EXE[2064] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 0000000077192aa8 4 bytes [00, 00, 50, C3]
.text C:\Windows\Explorer.EXE[2064] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077192b80 6 bytes [48, B8, 79, 75, 65, 73]
.text C:\Windows\Explorer.EXE[2064] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 0000000077192b88 4 bytes [00, 00, 50, C3]
.text C:\Windows\Explorer.EXE[2064] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 0000000076f21c10 5 bytes [48, B8, F9, 39, 65]
.text C:\Windows\Explorer.EXE[2064] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot + 6 0000000076f21c16 6 bytes [00, 00, 00, 00, 50, C3]
.text C:\Windows\Explorer.EXE[2064] C:\Windows\system32\kernel32.dll!MoveFileExW + 1 0000000076f22b61 8 bytes [B8, 39, 69, 65, 73, 00, 00, ...]
.text C:\Windows\Explorer.EXE[2064] C:\Windows\system32\kernel32.dll!MoveFileExW + 10 0000000076f22b6a 2 bytes [50, C3]
.text C:\Windows\Explorer.EXE[2064] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076f3db80 12 bytes [48, B8, B9, 2D, 65, 73, 00, ...]
.text C:\Windows\Explorer.EXE[2064] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 0000000076f40931 11 bytes [B8, B9, 73, 65, 73, 00, 00, ...]
.text C:\Windows\Explorer.EXE[2064] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1 0000000076faf491 11 bytes [B8, 39, 70, 65, 73, 00, 00, ...]
.text C:\Windows\Explorer.EXE[2064] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1 0000000076faf691 11 bytes [B8, B9, 6C, 65, 73, 00, 00, ...]
.text C:\Windows\Explorer.EXE[2064] C:\Windows\system32\kernel32.dll!MoveFileExA + 1 0000000076faf6c1 8 bytes [B8, B9, 65, 65, 73, 00, 00, ...]
.text C:\Windows\Explorer.EXE[2064] C:\Windows\system32\kernel32.dll!MoveFileExA + 10 0000000076faf6ca 2 bytes [50, C3]
.text C:\Windows\Explorer.EXE[2064] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd094350 12 bytes [48, B8, B9, 42, 65, 73, 00, ...]
.text C:\Windows\Explorer.EXE[2064] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 000007fefd0a0c11 11 bytes [B8, 39, 62, 65, 73, 00, 00, ...]
.text C:\Windows\Explorer.EXE[2064] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd0a2871 8 bytes [B8, 39, 23, 65, 73, 00, 00, ...]
.text C:\Windows\Explorer.EXE[2064] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd0a287a 2 bytes [50, C3]
.text C:\Windows\Explorer.EXE[2064] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd0a28b1 11 bytes [B8, F9, 40, 65, 73, 00, 00, ...]
.text C:\Windows\Explorer.EXE[2064] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefd39642d 11 bytes [B8, 79, 4B, 65, 73, 00, 00, ...]
.text C:\Windows\Explorer.EXE[2064] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefd396484 12 bytes [48, B8, 39, 46, 65, 73, 00, ...]
.text C:\Windows\Explorer.EXE[2064] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefd396519 11 bytes [B8, 79, 52, 65, 73, 00, 00, ...]
.text C:\Windows\Explorer.EXE[2064] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefd396c34 12 bytes [48, B8, 79, 44, 65, 73, 00, ...]
.text C:\Windows\Explorer.EXE[2064] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefd397ab5 11 bytes [B8, 39, 4D, 65, 73, 00, 00, ...]
.text C:\Windows\Explorer.EXE[2064] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefd398b01 11 bytes [B8, F9, 47, 65, 73, 00, 00, ...]
.text C:\Windows\Explorer.EXE[2064] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefd398c39 11 bytes [B8, B9, 49, 65, 73, 00, 00, ...]
.text C:\Windows\Explorer.EXE[2064] C:\Windows\system32\WS2_32.dll!connect 000007fefd9245c0 12 bytes [48, B8, 39, 54, 65, 73, 00, ...]
.text C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe[2400] C:\Windows\system32\kernel32.dll!Process32NextW + 1 0000000076f21b21 11 bytes [B8, 79, BB, 65, 73, 00, 00, ...]
.text C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe[2400] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 0000000076f21c10 5 bytes [48, B8, F9, 39, 65]
.text C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe[2400] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot + 6 0000000076f21c16 6 bytes [00, 00, 00, 00, 50, C3]
.text C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe[2400] C:\Windows\system32\kernel32.dll!MoveFileExW + 1 0000000076f22b61 8 bytes [B8, 79, D0, 65, 73, 00, 00, ...]
.text C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe[2400] C:\Windows\system32\kernel32.dll!MoveFileExW + 10 0000000076f22b6a 2 bytes [50, C3]
.text C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe[2400] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076f3db80 12 bytes [48, B8, B9, 2D, 65, 73, 00, ...]
.text C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe[2400] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 0000000076f40931 11 bytes [B8, B9, E3, 65, 73, 00, 00, ...]
.text C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe[2400] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 0000000076f752f1 11 bytes [B8, B9, 7A, 65, 73, 00, 00, ...]
.text C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe[2400] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000076f75311 11 bytes [B8, 39, 77, 65, 73, 00, 00, ...]
.text C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe[2400] C:\Windows\system32\kernel32.dll!ReadConsoleW 0000000076f8a5e0 12 bytes [48, B8, B9, 81, 65, 73, 00, ...]
.text C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe[2400] C:\Windows\system32\kernel32.dll!ReadConsoleA 0000000076f8a6f0 12 bytes [48, B8, 39, 7E, 65, 73, 00, ...]
.text C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe[2400] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1 0000000076faf491 11 bytes [B8, 79, D7, 65, 73, 00, 00, ...]
.text C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe[2400] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1 0000000076faf691 11 bytes [B8, F9, D3, 65, 73, 00, 00, ...]
.text C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe[2400] C:\Windows\system32\kernel32.dll!MoveFileExA + 1 0000000076faf6c1 8 bytes [B8, F9, CC, 65, 73, 00, 00, ...]
.text C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe[2400] C:\Windows\system32\kernel32.dll!MoveFileExA + 10 0000000076faf6ca 2 bytes [50, C3]
.text C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe[2400] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd061861 11 bytes [B8, 79, 52, 65, 73, 00, 00, ...]
.text C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe[2400] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd062db1 11 bytes [B8, 39, AF, 65, 73, 00, 00, ...]
.text C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe[2400] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd063461 11 bytes [B8, F9, B0, 65, 73, 00, 00, ...]
.text C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe[2400] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd068ef0 12 bytes [48, B8, 79, AD, 65, 73, 00, ...]
.text C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe[2400] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd0694c0 12 bytes [48, B8, B9, 50, 65, 73, 00, ...]
.text C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe[2400] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd06bfd1 11 bytes [B8, B9, AB, 65, 73, 00, 00, ...]
.text C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe[2400] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd072af1 11 bytes [B8, F9, 4E, 65, 73, 00, 00, ...]
.text C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe[2400] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd094350 12 bytes [48, B8, B9, 42, 65, 73, 00, ...]
.text C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe[2400] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 000007fefd0a0c11 11 bytes [B8, 79, C9, 65, 73, 00, 00, ...]
.text C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe[2400] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd0a2871 8 bytes [B8, 39, 23, 65, 73, 00, 00, ...]
.text C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe[2400] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd0a287a 2 bytes [50, C3]
.text C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe[2400] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd0a28b1 11 bytes [B8, F9, 40, 65, 73, 00, 00, ...]
.text C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe[2400] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefd39642d 11 bytes [B8, 39, 5B, 65, 73, 00, 00, ...]
.text C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe[2400] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefd396484 12 bytes [48, B8, F9, 55, 65, 73, 00, ...]
.text C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe[2400] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefd396519 11 bytes [B8, 39, 62, 65, 73, 00, 00, ...]
.text C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe[2400] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefd396c34 12 bytes [48, B8, 39, 54, 65, 73, 00, ...]
.text C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe[2400] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefd397ab5 11 bytes [B8, F9, 5C, 65, 73, 00, 00, ...]
.text C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe[2400] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefd398b01 11 bytes [B8, B9, 57, 65, 73, 00, 00, ...]
.text C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe[2400] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefd398c39 11 bytes [B8, 79, 59, 65, 73, 00, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 00000000771792d1 5 bytes [B8, 39, 69, 65, 73]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7 00000000771792d7 5 bytes [00, 00, 00, 50, C3]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 0000000077191330 6 bytes [48, B8, F9, EF, 65, 73]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 0000000077191338 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtClose 00000000771913a0 6 bytes [48, B8, 39, BD, 65, 73]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 00000000771913a8 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000077191470 6 bytes [48, B8, F9, A9, 65, 73]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 0000000077191478 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077191510 6 bytes [48, B8, F9, 32, 65, 73]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000077191518 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077191530 6 bytes [48, B8, 39, 1C, 65, 73]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000077191538 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000077191550 6 bytes [48, B8, F9, 1D, 65, 73]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000077191558 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077191570 6 bytes [48, B8, 39, A8, 65, 73]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 0000000077191578 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077191620 6 bytes [48, B8, 79, EC, 65, 73]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 0000000077191628 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077191650 6 bytes [48, B8, 79, 2F, 65, 73]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 0000000077191658 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077191670 6 bytes [48, B8, 79, 36, 65, 73]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 0000000077191678 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077191700 6 bytes [48, B8, B9, 34, 65, 73]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 0000000077191708 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077191750 6 bytes [48, B8, B9, F1, 65, 73]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 0000000077191758 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000077191780 6 bytes [48, B8, 39, 2A, 65, 73]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 0000000077191788 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077191790 6 bytes [48, B8, B9, 26, 65, 73]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 0000000077191798 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077191800 6 bytes [48, B8, 39, EE, 65, 73]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000077191808 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 00000000771918b0 6 bytes [48, B8, 39, F5, 65, 73]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 00000000771918b8 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077191c80 6 bytes [48, B8, B9, EA, 65, 73]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 0000000077191c88 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000077191cd0 6 bytes [48, B8, 79, 28, 65, 73]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 0000000077191cd8 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077191d30 6 bytes [48, B8, F9, 24, 65, 73]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 0000000077191d38 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000771920a0 6 bytes [48, B8, F9, BE, 65, 73]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 00000000771920a8 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 00000000771925e0 6 bytes [48, B8, 79, 83, 65, 73]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 00000000771925e8 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771927e0 6 bytes [48, B8, 39, 31, 65, 73]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 00000000771927e8 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000771929a0 6 bytes [48, B8, B9, C0, 65, 73]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 00000000771929a8 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077192a80 6 bytes [48, B8, 79, 3D, 65, 73]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8 0000000077192a88 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077192a90 6 bytes [48, B8, B9, 3B, 65, 73]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8 0000000077192a98 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077192aa0 6 bytes [48, B8, 79, F3, 65, 73]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 0000000077192aa8 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077192b80 6 bytes [48, B8, 79, E5, 65, 73]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 0000000077192b88 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 0000000077203201 11 bytes [B8, 39, 85, 65, 73, 00, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\system32\kernel32.dll!Process32NextW + 1 0000000076f21b21 11 bytes [B8, 79, BB, 65, 73, 00, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 0000000076f21c10 5 bytes [48, B8, F9, 39, 65]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot + 6 0000000076f21c16 6 bytes [00, 00, 00, 00, 50, C3]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\system32\kernel32.dll!MoveFileExW + 1 0000000076f22b61 8 bytes [B8, 79, D0, 65, 73, 00, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\system32\kernel32.dll!MoveFileExW + 10 0000000076f22b6a 2 bytes [50, C3]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076f3db80 12 bytes [48, B8, B9, 2D, 65, 73, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 0000000076f40931 11 bytes [B8, B9, E3, 65, 73, 00, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 0000000076f752f1 11 bytes [B8, B9, 7A, 65, 73, 00, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000076f75311 11 bytes [B8, 39, 77, 65, 73, 00, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\system32\kernel32.dll!ReadConsoleW 0000000076f8a5e0 12 bytes [48, B8, B9, 81, 65, 73, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\system32\kernel32.dll!ReadConsoleA 0000000076f8a6f0 12 bytes [48, B8, 39, 7E, 65, 73, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1 0000000076faf491 11 bytes [B8, 79, D7, 65, 73, 00, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1 0000000076faf691 11 bytes [B8, F9, D3, 65, 73, 00, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\system32\kernel32.dll!MoveFileExA + 1 0000000076faf6c1 8 bytes [B8, F9, CC, 65, 73, 00, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\system32\kernel32.dll!MoveFileExA + 10 0000000076faf6ca 2 bytes [50, C3]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd061861 11 bytes [B8, 79, 52, 65, 73, 00, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd062db1 11 bytes [B8, 39, AF, 65, 73, 00, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd063461 11 bytes [B8, F9, B0, 65, 73, 00, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd068ef0 12 bytes [48, B8, 79, AD, 65, 73, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd0694c0 12 bytes [48, B8, B9, 50, 65, 73, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd06bfd1 11 bytes [B8, B9, AB, 65, 73, 00, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd072af1 11 bytes [B8, F9, 4E, 65, 73, 00, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd094350 12 bytes [48, B8, B9, 42, 65, 73, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 000007fefd0a0c11 11 bytes [B8, 79, C9, 65, 73, 00, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd0a2871 8 bytes [B8, 39, 23, 65, 73, 00, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd0a287a 2 bytes [50, C3]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd0a28b1 11 bytes [B8, F9, 40, 65, 73, 00, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\system32\WS2_32.dll!WSASend + 1 000007fefd9213b1 11 bytes [B8, 79, A6, 65, 73, 00, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\system32\WS2_32.dll!closesocket 000007fefd9218e0 12 bytes [48, B8, B9, A4, 65, 73, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\system32\WS2_32.dll!WSASocketW + 1 000007fefd921bd1 11 bytes [B8, F9, A2, 65, 73, 00, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\system32\WS2_32.dll!WSARecv + 1 000007fefd922201 11 bytes [B8, 39, E0, 65, 73, 00, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 000007fefd9223c0 12 bytes [48, B8, 39, 8C, 65, 73, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\system32\WS2_32.dll!connect 000007fefd9245c0 12 bytes [48, B8, 79, 67, 65, 73, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\system32\WS2_32.dll!send + 1 000007fefd928001 11 bytes [B8, 39, A1, 65, 73, 00, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\system32\WS2_32.dll!gethostbyname 000007fefd928df0 7 bytes [48, B8, B9, 8F, 65, 73, 00]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\system32\WS2_32.dll!gethostbyname + 9 000007fefd928df9 3 bytes [00, 50, C3]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\system32\WS2_32.dll!GetAddrInfoExW 000007fefd92c090 12 bytes [48, B8, F9, 8D, 65, 73, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\system32\WS2_32.dll!socket + 1 000007fefd92de91 11 bytes [B8, 39, D9, 65, 73, 00, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\system32\WS2_32.dll!recv + 1 000007fefd92df41 11 bytes [B8, 79, DE, 65, 73, 00, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\system32\WS2_32.dll!WSAConnect + 1 000007fefd94e0f1 11 bytes [B8, B9, DC, 65, 73, 00, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49 000007fefedc4ea1 11 bytes [B8, B9, F8, 65, 73, 00, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fefedc55c8 12 bytes [48, B8, B9, 6C, 65, 73, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fefeddb85c 12 bytes [48, B8, F9, 6A, 65, 73, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW 000007fefeddb9d0 12 bytes [48, B8, 79, 60, 65, 73, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007fefeddba3c 12 bytes [48, B8, B9, 5E, 65, 73, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefd39642d 11 bytes [B8, 39, 5B, 65, 73, 00, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefd396484 12 bytes [48, B8, F9, 55, 65, 73, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefd396519 11 bytes [B8, 39, 62, 65, 73, 00, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefd396c34 12 bytes [48, B8, 39, 54, 65, 73, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefd397ab5 11 bytes [B8, F9, 5C, 65, 73, 00, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefd398b01 11 bytes [B8, B9, 57, 65, 73, 00, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefd398c39 11 bytes [B8, 79, 59, 65, 73, 00, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\system32\DNSAPI.dll!DnsQuery_UTF8 000007fefc5656e0 12 bytes [48, B8, F9, C5, 65, 73, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\system32\DNSAPI.dll!DnsQuery_W 000007fefc57010c 12 bytes [48, B8, 39, C4, 65, 73, 00, ...]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2428] C:\Windows\system32\DNSAPI.dll!DnsQuery_A |