This topic is locked
.text C:\Program Files (x86)\Canon\CAL\CALMAIN.exe[2328] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000076ee1d8c 5 bytes JMP 0000000173b76dd1
.text C:\Program Files (x86)\Canon\CAL\CALMAIN.exe[2328] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl 0000000076ee1ee8 5 bytes JMP 0000000173b769a9
.text C:\Program Files (x86)\Canon\CAL\CALMAIN.exe[2328] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter 0000000076ef88c4 5 bytes JMP 0000000173b71ab1
.text C:\Program Files (x86)\Canon\CAL\CALMAIN.exe[2328] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx 0000000076f20d3b 5 bytes JMP 0000000173b72009
.text C:\Program Files (x86)\Canon\CAL\CALMAIN.exe[2328] C:\Windows\SysWOW64\ntdll.dll!RtlReportException 0000000076f6860f 5 bytes JMP 0000000173b74b61
.text C:\Program Files (x86)\Canon\CAL\CALMAIN.exe[2328] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters 0000000076f6e8ab 5 bytes JMP 0000000173b71f71
.text C:\Program Files (x86)\Canon\CAL\CALMAIN.exe[2328] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA 0000000076050e00 5 bytes JMP 0000000173b71da9
.text C:\Program Files (x86)\Canon\CAL\CALMAIN.exe[2328] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000076051072 5 bytes JMP 0000000173b72a21
.text C:\Program Files (x86)\Canon\CAL\CALMAIN.exe[2328] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 000000007605499f 5 bytes JMP 0000000173b725f9
.text C:\Program Files (x86)\Canon\CAL\CALMAIN.exe[2328] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000076063bbb 5 bytes JMP 0000000173b73011
.text C:\Program Files (x86)\Canon\CAL\CALMAIN.exe[2328] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot 0000000076077327 5 bytes JMP 0000000173b72729
.text C:\Program Files (x86)\Canon\CAL\CALMAIN.exe[2328] C:\Windows\syswow64\kernel32.dll!Process32NextW 00000000760788da 5 bytes JMP 0000000173b76451
.text C:\Program Files (x86)\Canon\CAL\CALMAIN.exe[2328] C:\Windows\syswow64\kernel32.dll!WinExec 00000000760d2ff1 5 bytes JMP 0000000173b728f1
.text C:\Program Files (x86)\Canon\CAL\CALMAIN.exe[2328] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA 00000000760f748b 5 bytes JMP 0000000173b746a1
.text C:\Program Files (x86)\Canon\CAL\CALMAIN.exe[2328] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW 00000000760f74ae 5 bytes JMP 0000000173b747d1
.text C:\Program Files (x86)\Canon\CAL\CALMAIN.exe[2328] C:\Windows\syswow64\kernel32.dll!ReadConsoleA 00000000760f7859 5 bytes JMP 0000000173b74901
.text C:\Program Files (x86)\Canon\CAL\CALMAIN.exe[2328] C:\Windows\syswow64\kernel32.dll!ReadConsoleW 00000000760f78d2 5 bytes JMP 0000000173b74a31
.text C:\Program Files (x86)\Canon\CAL\CALMAIN.exe[2328] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime 0000000075b28f8d 5 bytes JMP 0000000173b71a19
.text C:\Program Files (x86)\Canon\CAL\CALMAIN.exe[2328] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle 0000000075b2c436 5 bytes JMP 0000000173b73b59
.text C:\Program Files (x86)\Canon\CAL\CALMAIN.exe[2328] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 0000000075b2eca6 5 bytes JMP 0000000173b73601
.text C:\Program Files (x86)\Canon\CAL\CALMAIN.exe[2328] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess 0000000075b2f206 5 bytes JMP 0000000173b72399
.text C:\Program Files (x86)\Canon\CAL\CALMAIN.exe[2328] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW 0000000075b2fa89 5 bytes JMP 0000000173b71e41
.text C:\Program Files (x86)\Canon\CAL\CALMAIN.exe[2328] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW 0000000075b31358 5 bytes JMP 0000000173b73ac1
.text C:\Program Files (x86)\Canon\CAL\CALMAIN.exe[2328] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 0000000075b3137f 5 bytes JMP 0000000173b73a29
.text C:\Program Files (x86)\Canon\CAL\CALMAIN.exe[2328] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075b31d29 5 bytes JMP 0000000173b71981
.text C:\Program Files (x86)\Canon\CAL\CALMAIN.exe[2328] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress 0000000075b31e15 5 bytes JMP 0000000173b724c9
.text C:\Program Files (x86)\Canon\CAL\CALMAIN.exe[2328] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075b32ab1 5 bytes JMP 0000000173b76029
.text C:\Program Files (x86)\Canon\CAL\CALMAIN.exe[2328] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA 0000000075b32cd9 5 bytes JMP 0000000173b75f91
.text C:\Program Files (x86)\Canon\CAL\CALMAIN.exe[2328] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075b32d17 5 bytes JMP 0000000173b760c1
.text C:\Program Files (x86)\Canon\CAL\CALMAIN.exe[2328] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA 0000000075b32e7a 5 bytes JMP 0000000173b718e9
.text C:\Program Files (x86)\Canon\CAL\CALMAIN.exe[2328] C:\Windows\syswow64\KERNELBASE.dll!SleepEx 0000000075b33b70 5 bytes JMP 0000000173b72269
.text C:\Program Files (x86)\Canon\CAL\CALMAIN.exe[2328] C:\Windows\syswow64\KERNELBASE.dll!Sleep 0000000075b34496 5 bytes JMP 0000000173b72431
.text C:\Program Files (x86)\Canon\CAL\CALMAIN.exe[2328] C:\Windows\syswow64\KERNELBASE.dll!CreateThread 0000000075b34608 5 bytes JMP 0000000173b73569
.text C:\Program Files (x86)\Canon\CAL\CALMAIN.exe[2328] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread 0000000075b34631 5 bytes JMP 0000000173b72c81
.text C:\Program Files (x86)\Canon\CAL\CALMAIN.exe[2328] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA 0000000075b3c734 5 bytes JMP 0000000173b727c1
.text C:\Program Files (x86)\Canon\CAL\CALMAIN.exe[2328] C:\Windows\syswow64\msvcrt.dll!_lock + 41 00000000769ba472 5 bytes JMP 0000000173b76e69
.text C:\Program Files (x86)\Canon\CAL\CALMAIN.exe[2328] C:\Windows\syswow64\msvcrt.dll!__p__fmode 00000000769c27ce 5 bytes JMP 0000000173b71be1
.text C:\Program Files (x86)\Canon\CAL\CALMAIN.exe[2328] C:\Windows\syswow64\msvcrt.dll!__p__environ 00000000769ce6cf 5 bytes JMP 0000000173b71b49
.text C:\Program Files (x86)\Canon\CAL\CALMAIN.exe[2328] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000075bc78e2 5 bytes JMP 0000000173b74441
.text C:\Program Files (x86)\Canon\CAL\CALMAIN.exe[2328] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000075bc7bd3 5 bytes JMP 0000000173b743a9
.text C:\Program Files (x86)\Canon\CAL\CALMAIN.exe[2328] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075bc8a29 5 bytes JMP 0000000173b757d9
.text C:\Program Files (x86)\Canon\CAL\CALMAIN.exe[2328] C:\Windows\syswow64\USER32.dll!FindWindowW 0000000075bc98fd 5 bytes JMP 0000000173b76289
.text C:\Program Files (x86)\Canon\CAL\CALMAIN.exe[2328] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize 0000000075bcb6ed 5 bytes JMP 0000000173b76f01
.text C:\Program Files (x86)\Canon\CAL\CALMAIN.exe[2328] C:\Windows\syswow64\USER32.dll!CreateWindowExA 0000000075bcd22e 5 bytes JMP 0000000173b75871
.text C:\Program Files (x86)\Canon\CAL\CALMAIN.exe[2328] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000075bcee09 5 bytes JMP 0000000173b734d1
.text C:\Program Files (x86)\Canon\CAL\CALMAIN.exe[2328] C:\Windows\syswow64\USER32.dll!FindWindowA 0000000075bcffe6 5 bytes JMP 0000000173b76159
.text C:\Program Files (x86)\Canon\CAL\CALMAIN.exe[2328] C:\Windows\syswow64\USER32.dll!FindWindowExA 0000000075bd00d9 5 bytes JMP 0000000173b761f1
.text C:\Program Files (x86)\Canon\CAL\CALMAIN.exe[2328] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000075bd05ba 5 bytes JMP 0000000173b74571
.text C:\Program Files (x86)\Canon\CAL\CALMAIN.exe[2328] C:\Windows\syswow64\USER32.dll!ShowWindow 0000000075bd0dfb 5 bytes JMP 0000000173b75909
.text C:\Program Files (x86)\Canon\CAL\CALMAIN.exe[2328] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000075bd12a5 5 bytes JMP 0000000173b76ad9
.text C:\Program Files (x86)\Canon\CAL\CALMAIN.exe[2328] C:\Windows\syswow64\USER32.dll!SetWindowTextW 0000000075bd20ec 5 bytes JMP 0000000173b75c99
.text C:\Program Files (x86)\Canon\CAL\CALMAIN.exe[2328] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000075bd3baa 5 bytes JMP 0000000173b76a41
.text C:\Program Files (x86)\Canon\CAL\CALMAIN.exe[2328] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000075bd5f74 5 bytes JMP 0000000173b744d9
.text C:\Program Files (x86)\Canon\CAL\CALMAIN.exe[2328] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000075bd6285 5 bytes JMP 0000000173b74bf9
.text C:\Program Files (x86)\Canon\CAL\CALMAIN.exe[2328] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075bd7603 5 bytes JMP 0000000173b72be9
.text C:\Program Files (x86)\Canon\CAL\CALMAIN.exe[2328] C:\Windows\syswow64\USER32.dll!SetWindowTextA 0000000075bd7aee 5 bytes JMP 0000000173b75c01
.text C:\Program Files (x86)\Canon\CAL\CALMAIN.exe[2328] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000075bd835c 5 bytes JMP 0000000173b72b51
.text C:\Program Files (x86)\Canon\CAL\CALMAIN.exe[2328] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamAorW 0000000075bece54 5 bytes JMP 0000000173b75a39
.text C:\Program Files (x86)\Canon\CAL\CALMAIN.exe[2328] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000075bef52b 5 bytes JMP 0000000173b74c91
.text C:\Program Files (x86)\Canon\CAL\CALMAIN.exe[2328] C:\Windows\syswow64\USER32.dll!FindWindowExW 0000000075bef588 5 bytes JMP 0000000173b76321
.text C:\Program Files (x86)\Canon\CAL\CALMAIN.exe[2328] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamAorW 0000000075bf10a0 5 bytes JMP 0000000173b759a1
.text C:\Program Files (x86)\Canon\CAL\CALMAIN.exe[2328] C:\Windows\syswow64\USER32.dll!MessageBoxExA 0000000075c1fcd6 5 bytes JMP 0000000173b75ad1
.text C:\Program Files (x86)\Canon\CAL\CALMAIN.exe[2328] C:\Windows\syswow64\USER32.dll!MessageBoxExW 0000000075c1fcfa 5 bytes JMP 0000000173b75b69
.text C:\Program Files (x86)\Canon\CAL\CALMAIN.exe[2328] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceW 00000000762bc9ec 3 bytes JMP 0000000173b73c89
.text C:\Program Files (x86)\Canon\CAL\CALMAIN.exe[2328] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceW + 4 00000000762bc9f0 1 byte [FD]
.text C:\Program Files (x86)\Canon\CAL\CALMAIN.exe[2328] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceA 00000000762c2b70 3 bytes JMP 0000000173b73bf1
.text C:\Program Files (x86)\Canon\CAL\CALMAIN.exe[2328] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceA + 4 00000000762c2b74 1 byte [FD]
.text C:\Program Files (x86)\Canon\CAL\CALMAIN.exe[2328] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle 00000000762c361c 3 bytes JMP 0000000173b740b1
.text C:\Program Files (x86)\Canon\CAL\CALMAIN.exe[2328] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle + 4 00000000762c3620 1 byte [FD]
.text C:\Program Files (x86)\Canon\CAL\CALMAIN.exe[2328] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA + 222 00000000762c4965 3 bytes JMP 0000000173b76f99
.text C:\Program Files (x86)\Canon\CAL\CALMAIN.exe[2328] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA + 226 00000000762c4969 1 byte [FD]
.text C:\Program Files (x86)\Canon\CAL\CALMAIN.exe[2328] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 00000000762d70c4 5 bytes JMP 0000000173b74311
.text C:\Program Files (x86)\Canon\CAL\CALMAIN.exe[2328] C:\Windows\syswow64\ADVAPI32.dll!ControlService 00000000762d70dc 5 bytes JMP 0000000173b73e51
.text C:\Program Files (x86)\Canon\CAL\CALMAIN.exe[2328] C:\Windows\syswow64\ADVAPI32.dll!DeleteService 00000000762d70f4 5 bytes JMP 0000000173b73ee9
.text C:\Program Files (x86)\Canon\CAL\CALMAIN.exe[2328] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA 00000000762f31f4 5 bytes JMP 0000000173b73f81
.text C:\Program Files (x86)\Canon\CAL\CALMAIN.exe[2328] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW 00000000762f3204 5 bytes JMP 0000000173b74019
.text C:\Program Files (x86)\Canon\CAL\CALMAIN.exe[2328] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA 00000000762f3214 5 bytes JMP 0000000173b73d21
.text C:\Program Files (x86)\Canon\CAL\CALMAIN.exe[2328] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExW 00000000762f3224 5 bytes JMP 0000000173b73db9
.text C:\Program Files (x86)\Canon\CAL\CALMAIN.exe[2328] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 00000000762f3264 5 bytes JMP 0000000173b74279
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2388] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefccd1861 11 bytes [B8, 79, 52, 60, 75, 00, 00, ...]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2388] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefccd2db1 11 bytes [B8, B9, C7, 60, 75, 00, 00, ...]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2388] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefccd3461 11 bytes [B8, 79, C9, 60, 75, 00, 00, ...]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2388] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefccd8ef0 12 bytes [48, B8, F9, C5, 60, 75, 00, ...]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2388] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefccd94c0 12 bytes [48, B8, B9, 50, 60, 75, 00, ...]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2388] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefccdbfd1 11 bytes [B8, 39, C4, 60, 75, 00, 00, ...]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2388] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefcce2af1 11 bytes [B8, F9, 4E, 60, 75, 00, 00, ...]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2388] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefcd04350 12 bytes [48, B8, B9, 42, 60, 75, 00, ...]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2388] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefcd12871 8 bytes [B8, 39, 23, 60, 75, 00, 00, ...]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2388] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefcd1287a 2 bytes [50, C3]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2388] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefcd128b1 11 bytes [B8, F9, 40, 60, 75, 00, 00, ...]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2388] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefd9c642d 11 bytes [B8, 39, 5B, 60, 75, 00, 00, ...]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2388] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefd9c6484 12 bytes [48, B8, F9, 55, 60, 75, 00, ...]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2388] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefd9c6519 11 bytes [B8, 39, 62, 60, 75, 00, 00, ...]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2388] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefd9c6c34 12 bytes [48, B8, 39, 54, 60, 75, 00, ...]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2388] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefd9c7ab5 11 bytes [B8, F9, 5C, 60, 75, 00, 00, ...]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2388] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefd9c8b01 11 bytes [B8, B9, 57, 60, 75, 00, 00, ...]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2388] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefd9c8c39 11 bytes [B8, 79, 59, 60, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[2844] C:\Windows\system32\kernel32.dll!Process32NextW + 1 0000000076ac1b21 11 bytes [B8, F9, D3, 60, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[2844] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 0000000076ac1c10 12 bytes [48, B8, F9, 39, 60, 75, 00, ...]
.text C:\Windows\system32\svchost.exe[2844] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076addb80 12 bytes [48, B8, B9, 2D, 60, 75, 00, ...]
.text C:\Windows\system32\svchost.exe[2844] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 0000000076ae0931 11 bytes [B8, 79, E5, 60, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[2844] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 0000000076b152f1 11 bytes [B8, B9, 7A, 60, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[2844] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000076b15311 11 bytes [B8, 39, 77, 60, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[2844] C:\Windows\system32\kernel32.dll!ReadConsoleW 0000000076b2a5e0 12 bytes [48, B8, B9, 81, 60, 75, 00, ...]
.text C:\Windows\system32\svchost.exe[2844] C:\Windows\system32\kernel32.dll!ReadConsoleA 0000000076b2a6f0 12 bytes [48, B8, 39, 7E, 60, 75, 00, ...]
.text C:\Windows\system32\svchost.exe[2844] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefccd1861 11 bytes [B8, 79, 52, 60, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[2844] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefccd2db1 11 bytes [B8, B9, C7, 60, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[2844] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefccd3461 11 bytes [B8, 79, C9, 60, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[2844] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefccd8ef0 12 bytes [48, B8, F9, C5, 60, 75, 00, ...]
.text C:\Windows\system32\svchost.exe[2844] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefccd94c0 12 bytes [48, B8, B9, 50, 60, 75, 00, ...]
.text C:\Windows\system32\svchost.exe[2844] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefccdbfd1 11 bytes [B8, 39, C4, 60, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[2844] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefcce2af1 11 bytes [B8, F9, 4E, 60, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[2844] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefcd04350 12 bytes [48, B8, B9, 42, 60, 75, 00, ...]
.text C:\Windows\system32\svchost.exe[2844] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefcd12871 8 bytes [B8, 39, 23, 60, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[2844] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefcd1287a 2 bytes [50, C3]
.text C:\Windows\system32\svchost.exe[2844] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefcd128b1 11 bytes [B8, F9, 40, 60, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[2844] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefd9c642d 11 bytes [B8, 39, 5B, 60, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[2844] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefd9c6484 12 bytes [48, B8, F9, 55, 60, 75, 00, ...]
.text C:\Windows\system32\svchost.exe[2844] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefd9c6519 11 bytes [B8, 39, 62, 60, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[2844] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefd9c6c34 12 bytes [48, B8, 39, 54, 60, 75, 00, ...]
.text C:\Windows\system32\svchost.exe[2844] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefd9c7ab5 11 bytes [B8, F9, 5C, 60, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[2844] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefd9c8b01 11 bytes [B8, B9, 57, 60, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[2844] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefd9c8c39 11 bytes [B8, 79, 59, 60, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[2844] C:\Windows\system32\WS2_32.dll!WSASend + 1 000007fefdac13b1 11 bytes [B8, F9, BE, 60, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[2844] C:\Windows\system32\WS2_32.dll!closesocket 000007fefdac18e0 12 bytes [48, B8, 39, BD, 60, 75, 00, ...]
.text C:\Windows\system32\svchost.exe[2844] C:\Windows\system32\WS2_32.dll!WSASocketW + 1 000007fefdac1bd1 11 bytes [B8, 79, BB, 60, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[2844] C:\Windows\system32\WS2_32.dll!WSARecv + 1 000007fefdac2201 11 bytes [B8, F9, E1, 60, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[2844] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 000007fefdac23c0 12 bytes [48, B8, 79, A6, 60, 75, 00, ...]
.text C:\Windows\system32\svchost.exe[2844] C:\Windows\system32\WS2_32.dll!connect 000007fefdac45c0 12 bytes [48, B8, 79, 67, 60, 75, 00, ...]
.text C:\Windows\system32\svchost.exe[2844] C:\Windows\system32\WS2_32.dll!send + 1 000007fefdac8001 11 bytes [B8, B9, B9, 60, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[2844] C:\Windows\system32\WS2_32.dll!gethostbyname 000007fefdac8df0 7 bytes [48, B8, 39, A8, 60, 75, 00]
.text C:\Windows\system32\svchost.exe[2844] C:\Windows\system32\WS2_32.dll!gethostbyname + 9 000007fefdac8df9 3 bytes [00, 50, C3]
.text C:\Windows\system32\svchost.exe[2844] C:\Windows\system32\WS2_32.dll!socket + 1 000007fefdacde91 11 bytes [B8, F9, DA, 60, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[2844] C:\Windows\system32\WS2_32.dll!recv + 1 000007fefdacdf41 11 bytes [B8, 39, E0, 60, 75, 00, 00, ...]
.text C:\Windows\system32\svchost.exe[2844] C:\Windows\system32\WS2_32.dll!WSAConnect + 1 000007fefdaee0f1 11 bytes [B8, 79, DE, 60, 75, 00, 00, ...]
.text C:\Windows\system32\taskhost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000076d192d1 5 bytes [B8, 39, 69, 60, 75]
.text C:\Windows\system32\taskhost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7 0000000076d192d7 5 bytes [00, 00, 00, 50, C3]
.text C:\Windows\system32\taskhost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 0000000076d31330 6 bytes [48, B8, B9, F1, 60, 75]
.text C:\Windows\system32\taskhost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 0000000076d31338 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskhost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000076d313a0 6 bytes [48, B8, B9, D5, 60, 75]
.text C:\Windows\system32\taskhost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 0000000076d313a8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskhost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000076d31470 6 bytes [48, B8, 79, C2, 60, 75]
.text C:\Windows\system32\taskhost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 0000000076d31478 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskhost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d31510 6 bytes [48, B8, F9, 32, 60, 75]
.text C:\Windows\system32\taskhost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000076d31518 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskhost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076d31530 6 bytes [48, B8, 39, 1C, 60, 75]
.text C:\Windows\system32\taskhost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000076d31538 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskhost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000076d31550 6 bytes [48, B8, F9, 1D, 60, 75]
.text C:\Windows\system32\taskhost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000076d31558 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskhost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d31570 6 bytes [48, B8, B9, C0, 60, 75]
.text C:\Windows\system32\taskhost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 0000000076d31578 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskhost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d31620 6 bytes [48, B8, 39, EE, 60, 75]
.text C:\Windows\system32\taskhost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 0000000076d31628 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskhost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d31650 6 bytes [48, B8, 79, 2F, 60, 75]
.text C:\Windows\system32\taskhost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 0000000076d31658 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskhost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d31670 6 bytes [48, B8, 79, 36, 60, 75]
.text C:\Windows\system32\taskhost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 0000000076d31678 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskhost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076d31700 6 bytes [48, B8, B9, 34, 60, 75]
.text C:\Windows\system32\taskhost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 0000000076d31708 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskhost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d31750 6 bytes [48, B8, 79, F3, 60, 75]
.text C:\Windows\system32\taskhost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 0000000076d31758 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskhost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000076d31780 6 bytes [48, B8, 39, 2A, 60, 75]
.text C:\Windows\system32\taskhost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 0000000076d31788 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskhost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d31790 6 bytes [48, B8, B9, 26, 60, 75]
.text C:\Windows\system32\taskhost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 0000000076d31798 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskhost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076d31800 6 bytes [48, B8, F9, EF, 60, 75]
.text C:\Windows\system32\taskhost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000076d31808 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskhost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 0000000076d318b0 6 bytes [48, B8, F9, F6, 60, 75]
.text C:\Windows\system32\taskhost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 0000000076d318b8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskhost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d31c80 6 bytes [48, B8, 79, EC, 60, 75]
.text C:\Windows\system32\taskhost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 0000000076d31c88 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskhost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000076d31cd0 6 bytes [48, B8, 79, 28, 60, 75]
.text C:\Windows\system32\taskhost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 0000000076d31cd8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskhost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d31d30 6 bytes [48, B8, F9, 24, 60, 75]
.text C:\Windows\system32\taskhost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 0000000076d31d38 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskhost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d320a0 6 bytes [48, B8, 79, D7, 60, 75]
.text C:\Windows\system32\taskhost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 0000000076d320a8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskhost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 0000000076d325e0 6 bytes [48, B8, 79, 83, 60, 75]
.text C:\Windows\system32\taskhost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 0000000076d325e8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskhost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d327e0 6 bytes [48, B8, 39, 31, 60, 75]
.text C:\Windows\system32\taskhost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 0000000076d327e8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskhost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d329a0 6 bytes [48, B8, 39, D9, 60, 75]
.text C:\Windows\system32\taskhost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 0000000076d329a8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskhost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d32a80 6 bytes [48, B8, 79, 3D, 60, 75]
.text C:\Windows\system32\taskhost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8 0000000076d32a88 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskhost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d32a90 6 bytes [48, B8, B9, 3B, 60, 75]
.text C:\Windows\system32\taskhost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8 0000000076d32a98 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskhost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d32aa0 6 bytes [48, B8, 39, F5, 60, 75]
.text C:\Windows\system32\taskhost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 0000000076d32aa8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskhost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d32b80 6 bytes [48, B8, 39, E7, 60, 75]
.text C:\Windows\system32\taskhost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 0000000076d32b88 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskhost.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 0000000076da3201 11 bytes [B8, 39, 85, 60, 75, 00, 00, ...]
.text C:\Windows\system32\taskhost.exe[1920] C:\Windows\system32\kernel32.dll!Process32NextW + 1 0000000076ac1b21 11 bytes [B8, F9, D3, 60, 75, 00, 00, ...]
.text C:\Windows\system32\taskhost.exe[1920] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 0000000076ac1c10 12 bytes [48, B8, F9, 39, 60, 75, 00, ...]
.text C:\Windows\system32\taskhost.exe[1920] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076addb80 12 bytes [48, B8, B9, 2D, 60, 75, 00, ...]
.text C:\Windows\system32\taskhost.exe[1920] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 0000000076ae0931 11 bytes [B8, 79, E5, 60, 75, 00, 00, ...]
.text C:\Windows\system32\taskhost.exe[1920] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 0000000076b152f1 11 bytes [B8, B9, 7A, 60, 75, 00, 00, ...]
.text C:\Windows\system32\taskhost.exe[1920] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000076b15311 11 bytes [B8, 39, 77, 60, 75, 00, 00, ...]
.text C:\Windows\system32\taskhost.exe[1920] C:\Windows\system32\kernel32.dll!ReadConsoleW 0000000076b2a5e0 12 bytes [48, B8, B9, 81, 60, 75, 00, ...]
.text C:\Windows\system32\taskhost.exe[1920] C:\Windows\system32\kernel32.dll!ReadConsoleA 0000000076b2a6f0 12 bytes [48, B8, 39, 7E, 60, 75, 00, ...]
.text C:\Windows\system32\taskhost.exe[1920] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefccd1861 11 bytes [B8, 79, 52, 60, 75, 00, 00, ...]
.text C:\Windows\system32\taskhost.exe[1920] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefccd2db1 11 bytes [B8, B9, C7, 60, 75, 00, 00, ...]
.text C:\Windows\system32\taskhost.exe[1920] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefccd3461 11 bytes [B8, 79, C9, 60, 75, 00, 00, ...]
.text C:\Windows\system32\taskhost.exe[1920] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefccd8ef0 12 bytes [48, B8, F9, C5, 60, 75, 00, ...]
.text C:\Windows\system32\taskhost.exe[1920] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefccd94c0 12 bytes [48, B8, B9, 50, 60, 75, 00, ...]
.text C:\Windows\system32\taskhost.exe[1920] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefccdbfd1 11 bytes [B8, 39, C4, 60, 75, 00, 00, ...]
.text C:\Windows\system32\taskhost.exe[1920] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefcce2af1 11 bytes [B8, F9, 4E, 60, 75, 00, 00, ...]
.text C:\Windows\system32\taskhost.exe[1920] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefcd04350 12 bytes [48, B8, B9, 42, 60, 75, 00, ...]
.text C:\Windows\system32\taskhost.exe[1920] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefcd12871 8 bytes [B8, 39, 23, 60, 75, 00, 00, ...]
.text C:\Windows\system32\taskhost.exe[1920] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefcd1287a 2 bytes [50, C3]
.text C:\Windows\system32\taskhost.exe[1920] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefcd128b1 11 bytes [B8, F9, 40, 60, 75, 00, 00, ...]
.text C:\Windows\system32\taskhost.exe[1920] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefd9c642d 11 bytes [B8, 39, 5B, 60, 75, 00, 00, ...]
.text C:\Windows\system32\taskhost.exe[1920] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefd9c6484 12 bytes [48, B8, F9, 55, 60, 75, 00, ...]
.text C:\Windows\system32\taskhost.exe[1920] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefd9c6519 11 bytes [B8, 39, 62, 60, 75, 00, 00, ...]
.text C:\Windows\system32\taskhost.exe[1920] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefd9c6c34 12 bytes [48, B8, 39, 54, 60, 75, 00, ...]
.text C:\Windows\system32\taskhost.exe[1920] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefd9c7ab5 11 bytes [B8, F9, 5C, 60, 75, 00, 00, ...]
.text C:\Windows\system32\taskhost.exe[1920] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefd9c8b01 11 bytes [B8, B9, 57, 60, 75, 00, 00, ...]
.text C:\Windows\system32\taskhost.exe[1920] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefd9c8c39 11 bytes [B8, 79, 59, 60, 75, 00, 00, ...]
.text C:\Windows\system32\taskhost.exe[1920] C:\Windows\system32\ADVAPI32.dll!IsTextUnicode + 49 000007fefe0d4ea1 11 bytes [B8, 79, FA, 60, 75, 00, 00, ...]
.text C:\Windows\system32\taskhost.exe[1920] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fefe0d55c8 12 bytes [48, B8, B9, 6C, 60, 75, 00, ...]
.text C:\Windows\system32\taskhost.exe[1920] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fefe0eb85c 12 bytes [48, B8, F9, 6A, 60, 75, 00, ...]
.text C:\Windows\system32\taskhost.exe[1920] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigW 000007fefe0eb9d0 12 bytes [48, B8, 79, 60, 60, 75, 00, ...]
.text C:\Windows\system32\taskhost.exe[1920] C:\Windows\system32\ADVAPI32.dll!ChangeServiceConfigA 000007fefe0eba3c 12 bytes [48, B8, B9, 5E, 60, 75, 00, ...]
.text C:\Windows\Explorer.EXE[3080] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000076d192d1 5 bytes [B8, F9, 55, 60, 75]
.text C:\Windows\Explorer.EXE[3080] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7 0000000076d192d7 5 bytes [00, 00, 00, 50, C3]
.text C:\Windows\Explorer.EXE[3080] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000076d31470 6 bytes [48, B8, F9, 5C, 60, 75]
.text C:\Windows\Explorer.EXE[3080] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 0000000076d31478 4 bytes [00, 00, 50, C3]
.text C:\Windows\Explorer.EXE[3080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d31510 6 bytes [48, B8, F9, 32, 60, 75]
.text C:\Windows\Explorer.EXE[3080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000076d31518 4 bytes [00, 00, 50, C3]
.text C:\Windows\Explorer.EXE[3080] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076d31530 6 bytes [48, B8, 39, 1C, 60, 75]
.text C:\Windows\Explorer.EXE[3080] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000076d31538 4 bytes [00, 00, 50, C3]
.text C:\Windows\Explorer.EXE[3080] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000076d31550 6 bytes [48, B8, F9, 1D, 60, 75]
.text C:\Windows\Explorer.EXE[3080] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000076d31558 4 bytes [00, 00, 50, C3]
.text C:\Windows\Explorer.EXE[3080] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d31570 6 bytes [48, B8, 39, 5B, 60, 75]
.text C:\Windows\Explorer.EXE[3080] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 0000000076d31578 4 bytes [00, 00, 50, C3]
.text C:\Windows\Explorer.EXE[3080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d31620 6 bytes [48, B8, 39, 70, 60, 75]
.text C:\Windows\Explorer.EXE[3080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 0000000076d31628 4 bytes [00, 00, 50, C3]
.text C:\Windows\Explorer.EXE[3080] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d31650 6 bytes [48, B8, 79, 2F, 60, 75]
.text C:\Windows\Explorer.EXE[3080] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 0000000076d31658 4 bytes [00, 00, 50, C3]
.text C:\Windows\Explorer.EXE[3080] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d31670 6 bytes [48, B8, 79, 36, 60, 75]
.text C:\Windows\Explorer.EXE[3080] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 0000000076d31678 4 bytes [00, 00, 50, C3]
.text C:\Windows\Explorer.EXE[3080] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076d31700 6 bytes [48, B8, B9, 34, 60, 75]
.text C:\Windows\Explorer.EXE[3080] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 0000000076d31708 4 bytes [00, 00, 50, C3]
.text C:\Windows\Explorer.EXE[3080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d31750 6 bytes [48, B8, F9, 71, 60, 75]
.text C:\Windows\Explorer.EXE[3080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 0000000076d31758 4 bytes [00, 00, 50, C3]
.text C:\Windows\Explorer.EXE[3080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000076d31780 6 bytes [48, B8, 39, 2A, 60, 75]
.text C:\Windows\Explorer.EXE[3080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 0000000076d31788 4 bytes [00, 00, 50, C3]
.text C:\Windows\Explorer.EXE[3080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d31790 6 bytes [48, B8, B9, 26, 60, 75]
.text C:\Windows\Explorer.EXE[3080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 0000000076d31798 4 bytes [00, 00, 50, C3]
.text C:\Windows\Explorer.EXE[3080] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 0000000076d318b0 6 bytes [48, B8, 79, 75, 60, 75]
.text C:\Windows\Explorer.EXE[3080] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 0000000076d318b8 4 bytes [00, 00, 50, C3]
.text C:\Windows\Explorer.EXE[3080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d31c80 6 bytes [48, B8, 79, 6E, 60, 75]
.text C:\Windows\Explorer.EXE[3080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 0000000076d31c88 4 bytes [00, 00, 50, C3]
.text C:\Windows\Explorer.EXE[3080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000076d31cd0 6 bytes [48, B8, 79, 28, 60, 75]
.text C:\Windows\Explorer.EXE[3080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 0000000076d31cd8 4 bytes [00, 00, 50, C3]
.text C:\Windows\Explorer.EXE[3080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d31d30 6 bytes [48, B8, F9, 24, 60, 75]
.text C:\Windows\Explorer.EXE[3080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 0000000076d31d38 4 bytes [00, 00, 50, C3]
.text C:\Windows\Explorer.EXE[3080] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d320a0 6 bytes [48, B8, B9, 5E, 60, 75]
.text C:\Windows\Explorer.EXE[3080] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 0000000076d320a8 4 bytes [00, 00, 50, C3]
.text C:\Windows\Explorer.EXE[3080] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d327e0 6 bytes [48, B8, 39, 31, 60, 75]
.text C:\Windows\Explorer.EXE[3080] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 0000000076d327e8 4 bytes [00, 00, 50, C3]
.text C:\Windows\Explorer.EXE[3080] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d329a0 6 bytes [48, B8, 79, 60, 60, 75]
.text C:\Windows\Explorer.EXE[3080] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 0000000076d329a8 4 bytes [00, 00, 50, C3]
.text C:\Windows\Explorer.EXE[3080] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d32a80 6 bytes [48, B8, 79, 3D, 60, 75]
.text C:\Windows\Explorer.EXE[3080] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8 0000000076d32a88 4 bytes [00, 00, 50, C3]
.text C:\Windows\Explorer.EXE[3080] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d32a90 6 bytes [48, B8, B9, 3B, 60, 75]
.text C:\Windows\Explorer.EXE[3080] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8 0000000076d32a98 4 bytes [00, 00, 50, C3]
.text C:\Windows\Explorer.EXE[3080] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d32aa0 6 bytes [48, B8, B9, 73, 60, 75]
.text C:\Windows\Explorer.EXE[3080] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 0000000076d32aa8 4 bytes [00, 00, 50, C3]
.text C:\Windows\Explorer.EXE[3080] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d32b80 6 bytes [48, B8, B9, 65, 60, 75]
.text C:\Windows\Explorer.EXE[3080] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 0000000076d32b88 4 bytes [00, 00, 50, C3]
.text C:\Windows\Explorer.EXE[3080] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 0000000076ac1c10 12 bytes [48, B8, F9, 39, 60, 75, 00, ...]
.text C:\Windows\Explorer.EXE[3080] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076addb80 12 bytes [48, B8, B9, 2D, 60, 75, 00, ...]
.text C:\Windows\Explorer.EXE[3080] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 0000000076ae0931 11 bytes [B8, F9, 63, 60, 75, 00, 00, ...]
.text C:\Windows\Explorer.EXE[3080] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefcd04350 12 bytes [48, B8, B9, 42, 60, 75, 00, ...]
.text C:\Windows\Explorer.EXE[3080] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefcd12871 8 bytes [B8, 39, 23, 60, 75, 00, 00, ...]
.text C:\Windows\Explorer.EXE[3080] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefcd1287a 2 bytes [50, C3]
.text C:\Windows\Explorer.EXE[3080] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefcd128b1 11 bytes [B8, F9, 40, 60, 75, 00, 00, ...]
.text C:\Windows\Explorer.EXE[3080] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefd9c642d 11 bytes [B8, 79, 4B, 60, 75, 00, 00, ...]
.text C:\Windows\Explorer.EXE[3080] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefd9c6484 12 bytes [48, B8, 39, 46, 60, 75, 00, ...]
.text C:\Windows\Explorer.EXE[3080] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefd9c6519 11 bytes [B8, 79, 52, 60, 75, 00, 00, ...]
.text C:\Windows\Explorer.EXE[3080] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefd9c6c34 12 bytes [48, B8, 79, 44, 60, 75, 00, ...]
.text C:\Windows\Explorer.EXE[3080] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefd9c7ab5 11 bytes [B8, 39, 4D, 60, 75, 00, 00, ...]
.text C:\Windows\Explorer.EXE[3080] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefd9c8b01 11 bytes [B8, F9, 47, 60, 75, 00, 00, ...]
.text C:\Windows\Explorer.EXE[3080] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefd9c8c39 11 bytes [B8, B9, 49, 60, 75, 00, 00, ...]
.text C:\Windows\Explorer.EXE[3080] C:\Windows\system32\WS2_32.dll!connect 000007fefdac45c0 12 bytes [48, B8, 39, 54, 60, 75, 00, ...]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000076d192d1 5 bytes [B8, 39, 69, 60, 75]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7 0000000076d192d7 5 bytes [00, 00, 00, 50, C3]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 0000000076d31330 6 bytes [48, B8, B9, F1, 60, 75]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 0000000076d31338 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000076d313a0 6 bytes [48, B8, B9, D5, 60, 75]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 0000000076d313a8 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000076d31470 6 bytes [48, B8, 79, C2, 60, 75]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 0000000076d31478 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d31510 6 bytes [48, B8, F9, 32, 60, 75]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000076d31518 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076d31530 6 bytes [48, B8, 39, 1C, 60, 75]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000076d31538 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000076d31550 6 bytes [48, B8, F9, 1D, 60, 75]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000076d31558 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d31570 6 bytes [48, B8, B9, C0, 60, 75]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 0000000076d31578 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d31620 6 bytes [48, B8, 39, EE, 60, 75]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 0000000076d31628 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d31650 6 bytes [48, B8, 79, 2F, 60, 75]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 0000000076d31658 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d31670 6 bytes [48, B8, 79, 36, 60, 75]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 0000000076d31678 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076d31700 6 bytes [48, B8, B9, 34, 60, 75]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 0000000076d31708 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d31750 6 bytes [48, B8, 79, F3, 60, 75]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 0000000076d31758 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000076d31780 6 bytes [48, B8, 39, 2A, 60, 75]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 0000000076d31788 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d31790 6 bytes [48, B8, B9, 26, 60, 75]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 0000000076d31798 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076d31800 6 bytes [48, B8, F9, EF, 60, 75]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000076d31808 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 0000000076d318b0 6 bytes [48, B8, F9, F6, 60, 75]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 0000000076d318b8 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d31c80 6 bytes [48, B8, 79, EC, 60, 75]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 0000000076d31c88 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000076d31cd0 6 bytes [48, B8, 79, 28, 60, 75]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 0000000076d31cd8 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d31d30 6 bytes [48, B8, F9, 24, 60, 75]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 0000000076d31d38 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d320a0 6 bytes [48, B8, 79, D7, 60, 75]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 0000000076d320a8 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 0000000076d325e0 6 bytes [48, B8, 79, 83, 60, 75]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 0000000076d325e8 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d327e0 6 bytes [48, B8, 39, 31, 60, 75]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 0000000076d327e8 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d329a0 6 bytes [48, B8, 39, D9, 60, 75]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 0000000076d329a8 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d32a80 6 bytes [48, B8, 79, 3D, 60, 75]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8 0000000076d32a88 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d32a90 6 bytes [48, B8, B9, 3B, 60, 75]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8 0000000076d32a98 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d32aa0 6 bytes [48, B8, 39, F5, 60, 75]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 0000000076d32aa8 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d32b80 6 bytes [48, B8, 39, E7, 60, 75]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 0000000076d32b88 4 bytes [00, 00, 50, C3]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 0000000076da3201 11 bytes [B8, 39, 85, 60, 75, 00, 00, ...]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3176] C:\Windows\system32\kernel32.dll!Process32NextW + 1 0000000076ac1b21 11 bytes [B8, F9, D3, 60, 75, 00, 00, ...]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3176] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 0000000076ac1c10 12 bytes [48, B8, F9, 39, 60, 75, 00, ...]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3176] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076addb80 12 bytes [48, B8, B9, 2D, 60, 75, 00, ...]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3176] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 0000000076ae0931 11 bytes [B8, 79, E5, 60, 75, 00, 00, ...]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3176] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 0000000076b152f1 11 bytes [B8, B9, 7A, 60, 75, 00, 00, ...]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3176] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000076b15311 11 bytes [B8, 39, 77, 60, 75, 00, 00, ...]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3176] C:\Windows\system32\kernel32.dll!ReadConsoleW 0000000076b2a5e0 12 bytes [48, B8, B9, 81, 60, 75, 00, ...]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3176] C:\Windows\system32\kernel32.dll!ReadConsoleA 0000000076b2a6f0 12 bytes [48, B8, 39, 7E, 60, 75, 00, ...]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3176] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefccd1861 11 bytes [B8, 79, 52, 60, 75, 00, 00, ...]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3176] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefccd2db1 11 bytes [B8, B9, C7, 60, 75, 00, 00, ...]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3176] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefccd3461 11 bytes [B8, 79, C9, 60, 75, 00, 00, ...]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3176] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefccd8ef0 12 bytes [48, B8, F9, C5, 60, 75, 00, ...]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3176] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefccd94c0 12 bytes [48, B8, B9, 50, 60, 75, 00, ...]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3176] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefccdbfd1 11 bytes [B8, 39, C4, 60, 75, 00, 00, ...]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3176] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefcce2af1 11 bytes [B8, F9, 4E, 60, 75, 00, 00, ...]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3176] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefcd04350 12 bytes [48, B8, B9, 42, 60, 75, 00, ...]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3176] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefcd12871 8 bytes [B8, 39, 23, 60, 75, 00, 00, ...]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3176] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefcd1287a 2 bytes [50, C3]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3176] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefcd128b1 11 bytes [B8, F9, 40, 60, 75, 00, 00, ...]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3176] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefd9c642d 11 bytes [B8, 39, 5B, 60, 75, 00, 00, ...]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3176] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefd9c6484 12 bytes [48, B8, F9, 55, 60, 75, 00, ...]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3176] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefd9c6519 11 bytes [B8, 39, 62, 60, 75, 00, 00, ...]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3176] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefd9c6c34 12 bytes [48, B8, 39, 54, 60, 75, 00, ...]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3176] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefd9c7ab5 11 bytes [B8, F9, 5C, 60, 75, 00, 00, ...]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3176] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefd9c8b01 11 bytes [B8, B9, 57, 60, 75, 00, 00, ...]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3176] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefd9c8c39 11 bytes [B8, 79, 59, 60, 75, 00, 00, ...]
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[3276] C:\Windows\SysWOW64\ntdll.dll!NtWriteFile 0000000076edf928 5 bytes JMP 0000000173b76ca1
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[3276] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000076edf9e0 5 bytes JMP 0000000173b764e9
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[3276] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000076edfb28 5 bytes JMP 0000000173b75ef9
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[3276] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 0000000076edfc20 5 bytes JMP 0000000173b731d9
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[3276] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 0000000076edfc50 5 bytes JMP 0000000173b715f1
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[3276] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 0000000076edfc80 5 bytes JMP 0000000173b71689
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[3276] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000076edfcb0 5 bytes JMP 0000000173b75e61
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[3276] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 0000000076edfdc8 5 bytes JMP 0000000173b76c09
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[3276] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000076edfe14 5 bytes JMP 0000000173b730a9
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[3276] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 0000000076edfe44 5 bytes JMP 0000000173b73309
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[3276] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 0000000076edff24 5 bytes JMP 0000000173b73271
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[3276] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 0000000076edffa4 5 bytes JMP 0000000173b76d39
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[3276] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 0000000076edffec 5 bytes JMP 0000000173b72ee1
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[3276] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000076ee0004 5 bytes JMP 0000000173b72db1
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[3276] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000076ee00b4 5 bytes JMP 0000000173b71ed9
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[3276] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 0000000076ee01c4 5 bytes JMP 0000000173b72301
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[3276] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000076ee079c 5 bytes JMP 0000000173b76b71
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[3276] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 0000000076ee0814 5 bytes JMP 0000000173b72e49
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[3276] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000076ee08a4 5 bytes JMP 0000000173b72d19
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[3276] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000076ee0df4 5 bytes JMP 0000000173b76581
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[3276] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError 0000000076ee1604 5 bytes JMP 0000000173b74ac9
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[3276] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000076ee1920 5 bytes JMP 0000000173b73141
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[3276] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000076ee1be4 5 bytes JMP 0000000173b76619
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[3276] C:\Windows\SysWOW64\ntdll.dll!NtSuspendProcess 0000000076ee1d54 5 bytes JMP 0000000173b73439
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[3276] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000076ee1d70 5 bytes JMP 0000000173b733a1
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[3276] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000076ee1d8c 5 bytes JMP 0000000173b76dd1
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[3276] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl 0000000076ee1ee8 5 bytes JMP 0000000173b769a9
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[3276] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter 0000000076ef88c4 5 bytes JMP 0000000173b71ab1
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[3276] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx 0000000076f20d3b 5 bytes JMP 0000000173b72009
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[3276] C:\Windows\SysWOW64\ntdll.dll!RtlReportException 0000000076f6860f 5 bytes JMP 0000000173b74b61
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[3276] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters 0000000076f6e8ab 5 bytes JMP 0000000173b71f71
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[3276] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA 0000000076050e00 5 bytes JMP 0000000173b71da9
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[3276] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000076051072 5 bytes JMP 0000000173b72a21
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[3276] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 000000007605499f 5 bytes JMP 0000000173b725f9
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[3276] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000076063bbb 5 bytes JMP 0000000173b73011
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[3276] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot 0000000076077327 5 bytes JMP 0000000173b72729
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[3276] C:\Windows\syswow64\kernel32.dll!Process32NextW 00000000760788da 5 bytes JMP 0000000173b76451
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[3276] C:\Windows\syswow64\kernel32.dll!WinExec 00000000760d2ff1 5 bytes JMP 0000000173b728f1
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[3276] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA 00000000760f748b 5 bytes JMP 0000000173b746a1
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[3276] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW 00000000760f74ae 5 bytes JMP 0000000173b747d1
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[3276] C:\Windows\syswow64\kernel32.dll!ReadConsoleA 00000000760f7859 5 bytes JMP 0000000173b74901
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[3276] C:\Windows\syswow64\kernel32.dll!ReadConsoleW 00000000760f78d2 5 bytes JMP 0000000173b74a31
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[3276] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime 0000000075b28f8d 5 bytes JMP 0000000173b71a19
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[3276] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle 0000000075b2c436 5 bytes JMP 0000000173b73b59
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[3276] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 0000000075b2eca6 5 bytes JMP 0000000173b73601
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[3276] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess 0000000075b2f206 5 bytes JMP 0000000173b72399
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[3276] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW 0000000075b2fa89 5 bytes JMP 0000000173b71e41
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[3276] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW 0000000075b31358 5 bytes JMP 0000000173b73ac1
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[3276] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 0000000075b3137f 5 bytes JMP 0000000173b73a29
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[3276] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075b31d29 5 bytes JMP 0000000173b71981
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[3276] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress 0000000075b31e15 5 bytes JMP 0000000173b724c9
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[3276] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075b32ab1 5 bytes JMP 0000000173b76029
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[3276] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA 0000000075b32cd9 5 bytes JMP 0000000173b75f91
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[3276] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075b32d17 5 bytes JMP 0000000173b760c1
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[3276] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA 0000000075b32e7a 5 bytes JMP 0000000173b718e9
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[3276] C:\Windows\syswow64\KERNELBASE.dll!SleepEx 0000000075b33b70 5 bytes JMP 0000000173b72269
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[3276] C:\Windows\syswow64\KERNELBASE.dll!Sleep 0000000075b34496 5 bytes JMP 0000000173b72431
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[3276] C:\Windows\syswow64\KERNELBASE.dll!CreateThread 0000000075b34608 5 bytes JMP 0000000173b73569
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[3276] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread 0000000075b34631 5 bytes JMP 0000000173b72c81
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[3276] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA 0000000075b3c734 5 bytes JMP 0000000173b727c1
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[3276] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000075bc78e2 5 bytes JMP 0000000173b74441
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[3276] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000075bc7bd3 5 bytes JMP 0000000173b743a9
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[3276] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075bc8a29 5 bytes JMP 0000000173b757d9
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[3276] C:\Windows\syswow64\USER32.dll!FindWindowW 0000000075bc98fd 5 bytes JMP 0000000173b76289
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[3276] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize 0000000075bcb6ed 5 bytes JMP 0000000173b76e69
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[3276] C:\Windows\syswow64\USER32.dll!CreateWindowExA 0000000075bcd22e 5 bytes JMP 0000000173b75871
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[3276] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000075bcee09 5 bytes JMP 0000000173b734d1
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[3276] C:\Windows\syswow64\USER32.dll!FindWindowA 0000000075bcffe6 5 bytes JMP 0000000173b76159
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[3276] C:\Windows\syswow64\USER32.dll!FindWindowExA 0000000075bd00d9 5 bytes JMP 0000000173b761f1
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[3276] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000075bd05ba 5 bytes JMP 0000000173b74571
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[3276] C:\Windows\syswow64\USER32.dll!ShowWindow 0000000075bd0dfb 5 bytes JMP 0000000173b75909
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[3276] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000075bd12a5 5 bytes JMP 0000000173b76ad9
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[3276] C:\Windows\syswow64\USER32.dll!SetWindowTextW 0000000075bd20ec 5 bytes JMP 0000000173b75c99
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[3276] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000075bd3baa 5 bytes JMP 0000000173b76a41
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[3276] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000075bd5f74 5 bytes JMP 0000000173b744d9
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[3276] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000075bd6285 5 bytes JMP 0000000173b74bf9
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[3276] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075bd7603 5 bytes JMP 0000000173b72be9
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[3276] C:\Windows\syswow64\USER32.dll!SetWindowTextA 0000000075bd7aee 5 bytes JMP 0000000173b75c01
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[3276] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000075bd835c 5 bytes JMP 0000000173b72b51
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[3276] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamAorW 0000000075bece54 5 bytes JMP 0000000173b75a39
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[3276] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000075bef52b 5 bytes JMP 0000000173b74c91
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[3276] C:\Windows\syswow64\USER32.dll!FindWindowExW 0000000075bef588 5 bytes JMP 0000000173b76321
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[3276] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamAorW 0000000075bf10a0 5 bytes JMP 0000000173b759a1
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[3276] C:\Windows\syswow64\USER32.dll!MessageBoxExA 0000000075c1fcd6 5 bytes JMP 0000000173b75ad1
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[3276] C:\Windows\syswow64\USER32.dll!MessageBoxExW 0000000075c1fcfa 5 bytes JMP 0000000173b75b69
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[3276] C:\Windows\syswow64\msvcrt.dll!_lock + 41 00000000769ba472 5 bytes JMP 0000000173b76f01
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[3276] C:\Windows\syswow64\msvcrt.dll!__p__fmode 00000000769c27ce 5 bytes JMP 0000000173b71be1
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[3276] C:\Windows\syswow64\msvcrt.dll!__p__environ 00000000769ce6cf 5 bytes JMP 0000000173b71b49
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[3276] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceW 00000000762bc9ec 3 bytes JMP 0000000173b73c89
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[3276] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceW + 4 00000000762bc9f0 1 byte [FD]
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[3276] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceA 00000000762c2b70 3 bytes JMP 0000000173b73bf1
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[3276] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceA + 4 00000000762c2b74 1 byte [FD]
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[3276] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle 00000000762c361c 3 bytes JMP 0000000173b740b1
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[3276] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle + 4 00000000762c3620 1 byte [FD]
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[3276] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA + 222 00000000762c4965 3 bytes JMP 0000000173b76f99
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[3276] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA + 226 00000000762c4969 1 byte [FD]
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[3276] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 00000000762d70c4 5 bytes JMP 0000000173b74311
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[3276] C:\Windows\syswow64\ADVAPI32.dll!ControlService 00000000762d70dc 5 bytes JMP 0000000173b73e51
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[3276] C:\Windows\syswow64\ADVAPI32.dll!DeleteService 00000000762d70f4 5 bytes JMP 0000000173b73ee9
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[3276] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA 00000000762f31f4 5 bytes JMP 0000000173b73f81
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[3276] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW 00000000762f3204 5 bytes JMP 0000000173b74019
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[3276] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA 00000000762f3214 5 bytes JMP 0000000173b73d21
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[3276] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExW 00000000762f3224 5 bytes JMP 0000000173b73db9
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[3276] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 00000000762f3264 5 bytes JMP 0000000173b74279
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[3276] C:\Windows\syswow64\SHELL32.dll!Shell_NotifyIconW 0000000074e00179 5 bytes JMP 0000000173b74d29
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3468] C:\Windows\SysWOW64\ntdll.dll!NtWriteFile 0000000076edf928 5 bytes JMP 0000000173b76ca1
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3468] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000076edf9e0 5 bytes JMP 0000000173b764e9
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3468] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000076edfb28 5 bytes JMP 0000000173b75ef9
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3468] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 0000000076edfc20 5 bytes JMP 0000000173b731d9
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3468] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 0000000076edfc50 5 bytes JMP 0000000173b715f1
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3468] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 0000000076edfc80 5 bytes JMP 0000000173b71689
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3468] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000076edfcb0 5 bytes JMP 0000000173b75e61
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3468] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 0000000076edfdc8 5 bytes JMP 0000000173b76c09
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3468] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000076edfe14 5 bytes JMP 0000000173b730a9
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3468] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 0000000076edfe44 5 bytes JMP 0000000173b73309
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3468] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 0000000076edff24 5 bytes JMP 0000000173b73271
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3468] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 0000000076edffa4 5 bytes JMP 0000000173b76d39
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3468] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 0000000076edffec 5 bytes JMP 0000000173b72ee1
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3468] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000076ee0004 5 bytes JMP 0000000173b72db1
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3468] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000076ee00b4 5 bytes JMP 0000000173b71ed9
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3468] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 0000000076ee01c4 5 bytes JMP 0000000173b72301
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3468] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000076ee079c 5 bytes JMP 0000000173b76b71
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3468] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 0000000076ee0814 5 bytes JMP 0000000173b72e49
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3468] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000076ee08a4 5 bytes JMP 0000000173b72d19
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3468] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000076ee0df4 5 bytes JMP 0000000173b76581
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3468] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError 0000000076ee1604 5 bytes JMP 0000000173b74ac9
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3468] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000076ee1920 5 bytes JMP 0000000173b73141
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3468] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000076ee1be4 5 bytes JMP 0000000173b76619
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3468] C:\Windows\SysWOW64\ntdll.dll!NtSuspendProcess 0000000076ee1d54 5 bytes JMP 0000000173b73439
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3468] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000076ee1d70 5 bytes JMP 0000000173b733a1
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3468] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000076ee1d8c 5 bytes JMP 0000000173b76dd1
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3468] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl 0000000076ee1ee8 5 bytes JMP 0000000173b769a9
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3468] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter 0000000076ef88c4 5 bytes JMP 0000000173b71ab1
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3468] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx 0000000076f20d3b 5 bytes JMP 0000000173b72009
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3468] C:\Windows\SysWOW64\ntdll.dll!RtlReportException 0000000076f6860f 5 bytes JMP 0000000173b74b61
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3468] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters 0000000076f6e8ab 5 bytes JMP 0000000173b71f71
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3468] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA 0000000076050e00 5 bytes JMP 0000000173b71da9
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3468] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000076051072 5 bytes JMP 0000000173b72a21
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3468] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 000000007605499f 5 bytes JMP 0000000173b725f9
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3468] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 0000000076063bbb 5 bytes JMP 0000000173b73011
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3468] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot 0000000076077327 5 bytes JMP 0000000173b72729
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3468] C:\Windows\syswow64\kernel32.dll!Process32NextW 00000000760788da 5 bytes JMP 0000000173b76451
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3468] C:\Windows\syswow64\kernel32.dll!WinExec 00000000760d2ff1 5 bytes JMP 0000000173b728f1
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3468] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA 00000000760f748b 5 bytes JMP 0000000173b746a1
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3468] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW 00000000760f74ae 5 bytes JMP 0000000173b747d1
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3468] C:\Windows\syswow64\kernel32.dll!ReadConsoleA 00000000760f7859 5 bytes JMP 0000000173b74901
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3468] C:\Windows\syswow64\kernel32.dll!ReadConsoleW 00000000760f78d2 5 bytes JMP 0000000173b74a31
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3468] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime 0000000075b28f8d 5 bytes JMP 0000000173b71a19
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3468] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle 0000000075b2c436 5 bytes JMP 0000000173b73b59
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3468] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 0000000075b2eca6 5 bytes JMP 0000000173b73601
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3468] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess 0000000075b2f206 5 bytes JMP 0000000173b72399
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3468] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW 0000000075b2fa89 5 bytes JMP 0000000173b71e41
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3468] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW 0000000075b31358 5 bytes JMP 0000000173b73ac1
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3468] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 0000000075b3137f 5 bytes JMP 0000000173b73a29
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3468] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075b31d29 5 bytes JMP 0000000173b71981
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3468] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress 0000000075b31e15 5 bytes JMP 0000000173b724c9
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3468] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075b32ab1 5 bytes JMP 0000000173b76029
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3468] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA 0000000075b32cd9 5 bytes JMP 0000000173b75f91
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3468] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075b32d17 5 bytes JMP 0000000173b760c1
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3468] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA 0000000075b32e7a 5 bytes JMP 0000000173b718e9
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3468] C:\Windows\syswow64\KERNELBASE.dll!SleepEx 0000000075b33b70 5 bytes JMP 0000000173b72269
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3468] C:\Windows\syswow64\KERNELBASE.dll!Sleep 0000000075b34496 5 bytes JMP 0000000173b72431
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3468] C:\Windows\syswow64\KERNELBASE.dll!CreateThread 0000000075b34608 5 bytes JMP 0000000173b73569
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3468] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread 0000000075b34631 5 bytes JMP 0000000173b72c81
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3468] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA 0000000075b3c734 5 bytes JMP 0000000173b727c1
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3468] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceW 00000000762bc9ec 3 bytes JMP 0000000173b73c89
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3468] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceW + 4 00000000762bc9f0 1 byte [FD]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3468] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceA 00000000762c2b70 3 bytes JMP 0000000173b73bf1
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3468] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceA + 4 00000000762c2b74 1 byte [FD]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3468] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle 00000000762c361c 3 bytes JMP 0000000173b740b1
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3468] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle + 4 00000000762c3620 1 byte [FD]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3468] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA + 222 00000000762c4965 1 byte JMP 0000000173b76e69
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3468] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA + 224 00000000762c4967 1 byte [24]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3468] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 00000000762d70c4 5 bytes JMP 0000000173b74311
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3468] C:\Windows\syswow64\ADVAPI32.dll!ControlService 00000000762d70dc 5 bytes JMP 0000000173b73e51
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3468] C:\Windows\syswow64\ADVAPI32.dll!DeleteService 00000000762d70f4 5 bytes JMP 0000000173b73ee9
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3468] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA 00000000762f31f4 5 bytes JMP 0000000173b73f81
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3468] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW 00000000762f3204 5 bytes JMP 0000000173b74019
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3468] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA 00000000762f3214 5 bytes JMP 0000000173b73d21
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3468] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExW 00000000762f3224 5 bytes JMP 0000000173b73db9
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3468] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 00000000762f3264 5 bytes JMP 0000000173b74279
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3468] C:\Windows\syswow64\msvcrt.dll!_lock + 41 00000000769ba472 5 bytes JMP 0000000173b76f01
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3468] C:\Windows\syswow64\msvcrt.dll!__p__fmode 00000000769c27ce 5 bytes JMP 0000000173b71be1
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3468] C:\Windows\syswow64\msvcrt.dll!__p__environ 00000000769ce6cf 5 bytes JMP 0000000173b71b49
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3468] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000075bc78e2 5 bytes JMP 0000000173b74441
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3468] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000075bc7bd3 5 bytes JMP 0000000173b743a9
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3468] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075bc8a29 5 bytes JMP 0000000173b757d9
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3468] C:\Windows\syswow64\USER32.dll!FindWindowW 0000000075bc98fd 5 bytes JMP 0000000173b76289
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3468] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize 0000000075bcb6ed 5 bytes JMP 0000000173b76f99
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3468] C:\Windows\syswow64\USER32.dll!CreateWindowExA 0000000075bcd22e 5 bytes JMP 0000000173b75871
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3468] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000075bcee09 5 bytes JMP 0000000173b734d1
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3468] C:\Windows\syswow64\USER32.dll!FindWindowA 0000000075bcffe6 5 bytes JMP 0000000173b76159
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3468] C:\Windows\syswow64\USER32.dll!FindWindowExA 0000000075bd00d9 5 bytes JMP 0000000173b761f1
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3468] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000075bd05ba 5 bytes JMP 0000000173b74571
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3468] C:\Windows\syswow64\USER32.dll!ShowWindow 0000000075bd0dfb 5 bytes JMP 0000000173b75909
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3468] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000075bd12a5 5 bytes JMP 0000000173b76ad9
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3468] C:\Windows\syswow64\USER32.dll!SetWindowTextW 0000000075bd20ec 5 bytes JMP 0000000173b75c99
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3468] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000075bd3baa 5 bytes JMP 0000000173b76a41
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3468] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000075bd5f74 5 bytes JMP 0000000173b744d9
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3468] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000075bd6285 5 bytes JMP 0000000173b74bf9
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3468] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075bd7603 5 bytes JMP 0000000173b72be9
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3468] C:\Windows\syswow64\USER32.dll!SetWindowTextA 0000000075bd7aee 5 bytes JMP 0000000173b75c01
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3468] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000075bd835c 5 bytes JMP 0000000173b72b51
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3468] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamAorW 0000000075bece54 5 bytes JMP 0000000173b75a39
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3468] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000075bef52b 5 bytes JMP 0000000173b74c91
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3468] C:\Windows\syswow64\USER32.dll!FindWindowExW 0000000075bef588 5 bytes JMP 0000000173b76321
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3468] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamAorW 0000000075bf10a0 5 bytes JMP 0000000173b759a1
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3468] C:\Windows\syswow64\USER32.dll!MessageBoxExA 0000000075c1fcd6 5 bytes JMP 0000000173b75ad1
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3468] C:\Windows\syswow64\USER32.dll!MessageBoxExW 0000000075c1fcfa 5 bytes JMP 0000000173b75b69
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3468] C:\Windows\syswow64\SHELL32.dll!Shell_NotifyIconW 0000000074e00179 5 bytes JMP 0000000173b74d29
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3468] C:\Windows\syswow64\WS2_32.dll!closesocket 0000000074c43918 5 bytes JMP 0000000173b75dc9
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3468] C:\Windows\syswow64\WS2_32.dll!WSASocketW 0000000074c43cd3 5 bytes JMP 0000000173b75d31
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3468] C:\Windows\syswow64\WS2_32.dll!socket 0000000074c43eb8 5 bytes JMP 0000000173b766b1
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3468] C:\Windows\syswow64\WS2_32.dll!WSASend 0000000074c44406 5 bytes JMP 0000000173b72139
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3468] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoW 0000000074c44889 5 bytes JMP 0000000173b756a9
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3468] C:\Windows\syswow64\WS2_32.dll!recv 0000000074c46b0e 5 bytes JMP 0000000173b76879
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3468] C:\Windows\syswow64\WS2_32.dll!connect 0000000074c46bdd 1 byte JMP 0000000173b741e1
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3468] C:\Windows\syswow64\WS2_32.dll!connect + 2 0000000074c46bdf 3 bytes {CALL RBP}
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3468] C:\Windows\syswow64\WS2_32.dll!send 0000000074c46f01 5 bytes JMP 0000000173b720a1
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3468] C:\Windows\syswow64\WS2_32.dll!WSARecv 0000000074c47089 5 bytes JMP 0000000173b76911
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3468] C:\Windows\syswow64\WS2_32.dll!WSAConnect 0000000074c4cc3f 5 bytes JMP 0000000173b767e1
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3468] C:\Windows\syswow64\WS2_32.dll!gethostbyname 0000000074c57673 5 bytes JMP 0000000173b75741
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3468] C:\Windows\syswow64\urlmon.dll!URLDownloadToCacheFileW 00000000767b6dd3 5 bytes JMP 0000000173b74149
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3468] C:\Windows\syswow64\urlmon.dll!URLDownloadToFileW 00000000767b73ab 5 bytes JMP 0000000173b721d1
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3468] C:\Windows\syswow64\urlmon.dll!URLDownloadToFileA 000000007682d27c 5 bytes JMP 0000000173b72ab9
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3468] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074b01465 2 bytes [B0, 74]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3468] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074b014bb 2 bytes [B0, 74]
.text ... * 2
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000076d192d1 5 bytes [B8, 39, 69, 60, 75]
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7 0000000076d192d7 5 bytes [00, 00, 00, 50, C3]
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 0000000076d31330 6 bytes [48, B8, B9, F1, 60, 75]
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 0000000076d31338 4 bytes [00, 00, 50, C3]
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000076d313a0 6 bytes [48, B8, B9, D5, 60, 75]
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 0000000076d313a8 4 bytes [00, 00, 50, C3]
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000076d31470 6 bytes [48, B8, 79, C2, 60, 75]
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 0000000076d31478 4 bytes [00, 00, 50, C3]
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d31510 6 bytes [48, B8, F9, 32, 60, 75]
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000076d31518 4 bytes [00, 00, 50, C3]
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076d31530 6 bytes [48, B8, 39, 1C, 60, 75]
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000076d31538 4 bytes [00, 00, 50, C3]
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000076d31550 6 bytes [48, B8, F9, 1D, 60, 75]
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000076d31558 4 bytes [00, 00, 50, C3]
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d31570 6 bytes [48, B8, B9, C0, 60, 75]
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 0000000076d31578 4 bytes [00, 00, 50, C3]
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d31620 6 bytes [48, B8, 39, EE, 60, 75]
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 0000000076d31628 4 bytes [00, 00, 50, C3]
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d31650 6 bytes [48, B8, 79, 2F, 60, 75]
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 0000000076d31658 4 bytes [00, 00, 50, C3]
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d31670 6 bytes [48, B8, 79, 36, 60, 75]
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 0000000076d31678 4 bytes [00, 00, 50, C3]
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076d31700 6 bytes [48, B8, B9, 34, 60, 75]
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 0000000076d31708 4 bytes [00, 00, 50, C3]
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d31750 6 bytes [48, B8, 79, F3, 60, 75]
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 0000000076d31758 4 bytes [00, 00, 50, C3]
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000076d31780 6 bytes [48, B8, 39, 2A, 60, 75]
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 0000000076d31788 4 bytes [00, 00, 50, C3]
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d31790 6 bytes [48, B8, B9, 26, 60, 75]
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 0000000076d31798 4 bytes [00, 00, 50, C3]
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076d31800 6 bytes [48, B8, F9, EF, 60, 75]
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000076d31808 4 bytes [00, 00, 50, C3]
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 0000000076d318b0 6 bytes [48, B8, F9, F6, 60, 75]
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 0000000076d318b8 4 bytes [00, 00, 50, C3]
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076d31c80 6 bytes [48, B8, 79, EC, 60, 75]
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant + 8 0000000076d31c88 4 bytes [00, 00, 50, C3]
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess 0000000076d31cd0 6 bytes [48, B8, 79, 28, 60, 75]
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcess + 8 0000000076d31cd8 4 bytes [00, 00, 50, C3]
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076d31d30 6 bytes [48, B8, F9, 24, 60, 75]
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx + 8 0000000076d31d38 4 bytes [00, 00, 50, C3]
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076d320a0 6 bytes [48, B8, 79, D7, 60, 75]
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver + 8 0000000076d320a8 4 bytes [00, 00, 50, C3]
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError 0000000076d325e0 6 bytes [48, B8, 79, 83, 60, 75]
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtRaiseHardError + 8 0000000076d325e8 4 bytes [00, 00, 50, C3]
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d327e0 6 bytes [48, B8, 39, 31, 60, 75]
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread + 8 0000000076d327e8 4 bytes [00, 00, 50, C3]
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076d329a0 6 bytes [48, B8, 39, D9, 60, 75]
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation + 8 0000000076d329a8 4 bytes [00, 00, 50, C3]
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000076d32a80 6 bytes [48, B8, 79, 3D, 60, 75]
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess + 8 0000000076d32a88 4 bytes [00, 00, 50, C3]
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000076d32a90 6 bytes [48, B8, B9, 3B, 60, 75]
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread + 8 0000000076d32a98 4 bytes [00, 00, 50, C3]
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076d32aa0 6 bytes [48, B8, 39, F5, 60, 75]
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl + 8 0000000076d32aa8 4 bytes [00, 00, 50, C3]
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000076d32b80 6 bytes [48, B8, 39, E7, 60, 75]
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl + 8 0000000076d32b88 4 bytes [00, 00, 50, C3]
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!RtlReportException + 1 0000000076da3201 11 bytes [B8, 39, 85, 60, 75, 00, 00, ...]
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[3524] C:\Windows\system32\kernel32.dll!Process32NextW + 1 0000000076ac1b21 11 bytes [B8, F9, D3, 60, 75, 00, 00, ...]
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[3524] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 0000000076ac1c10 12 bytes [48, B8, F9, 39, 60, 75, 00, ...]
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[3524] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076addb80 12 bytes [48, B8, B9, 2D, 60, 75, 00, ...]
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[3524] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 0000000076ae0931 11 bytes [B8, 79, E5, 60, 75, 00, 00, ...]
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[3524] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 0000000076b152f1 11 bytes [B8, B9, 7A, 60, 75, 00, 00, ...]
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[3524] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000076b15311 11 bytes [B8, 39, 77, 60, 75, 00, 00, ...]
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[3524] C:\Windows\system32\kernel32.dll!ReadConsoleW 0000000076b2a5e0 12 bytes [48, B8, B9, 81, 60, 75, 00, ...]
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[3524] C:\Windows\system32\kernel32.dll!ReadConsoleA 0000000076b2a6f0 12 bytes [48, B8, 39, 7E, 60, 75, 00, ...]
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[3524] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefccd1861 11 bytes [B8, 79, 52, 60, 75, 00, 00, ...]
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[3524] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefccd2db1 11 bytes [B8, B9, C7, 60, 75, 00, 00, ...]
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[3524] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefccd3461 11 bytes [B8, 79, C9, 60, 75, 00, 00, ...]
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[3524] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefccd8ef0 12 bytes [48, B8, F9, C5, 60, 75, 00, ...]
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[3524] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefccd94c0 12 bytes [48, B8, B9, 50, 60, 75, 00, ...]
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[3524] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefccdbfd1 11 bytes [B8, 39, C4, 60, 75, 00, 00, ...]
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[3524] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefcce2af1 11 bytes [B8, F9, 4E, 60, 75, 00, 00, ...]
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[3524] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefcd04350 12 bytes [48, B8, B9, 42, 60, 75, 00, ...]
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[3524] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefcd12871 8 bytes [B8, 39, 23, 60, 75, 00, 00, ...]
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[3524] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefcd1287a 2 bytes [50, C3]
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[3524] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefcd128b1 11 bytes [B8, F9, 40, 60, 75, 00, 00, ...]
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[3524] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefd9c642d 11 bytes [B8, 39, 5B, 60, 75, 00, 00, ...]
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[3524] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefd9c6484 12 bytes [48, B8, F9, 55, 60, 75, 00, ...]
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[3524] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefd9c6519 11 bytes [B8, 39, 62, 60, 75, 00, 00, ...]
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[3524] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefd9c6c34 12 bytes [48, B8, 39, 54, 60, 75, 00, ...]
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[3524] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefd9c7ab5 11 bytes [B8, F9, 5C, 60, 75, 00, 00, ...]
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[3524] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefd9c8b01 11 bytes [B8, B9, 57, 60, 75, 00, 00, ...]
.text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe[3524] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefd9c8c39 11 bytes [B8, 79, 59, 60, 75, 00, 00, ...]
.text C:\Windows\system32\taskeng.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 1 0000000076d192d1 5 bytes [B8, 39, 69, 60, 75]
.text C:\Windows\system32\taskeng.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateProcessParametersEx + 7 0000000076d192d7 5 bytes [00, 00, 00, 50, C3]
.text C:\Windows\system32\taskeng.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile 0000000076d31330 6 bytes [48, B8, B9, F1, 60, 75]
.text C:\Windows\system32\taskeng.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtWriteFile + 8 0000000076d31338 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskeng.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000076d313a0 6 bytes [48, B8, B9, D5, 60, 75]
.text C:\Windows\system32\taskeng.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtClose + 8 0000000076d313a8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskeng.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000076d31470 6 bytes [48, B8, 79, C2, 60, 75]
.text C:\Windows\system32\taskeng.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess + 8 0000000076d31478 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskeng.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000076d31510 6 bytes [48, B8, F9, 32, 60, 75]
.text C:\Windows\system32\taskeng.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess + 8 0000000076d31518 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskeng.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000076d31530 6 bytes [48, B8, 39, 1C, 60, 75]
.text C:\Windows\system32\taskeng.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection + 8 0000000076d31538 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskeng.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 0000000076d31550 6 bytes [48, B8, F9, 1D, 60, 75]
.text C:\Windows\system32\taskeng.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection + 8 0000000076d31558 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskeng.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d31570 6 bytes [48, B8, B9, C0, 60, 75]
.text C:\Windows\system32\taskeng.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 0000000076d31578 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskeng.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076d31620 6 bytes [48, B8, 39, EE, 60, 75]
.text C:\Windows\system32\taskeng.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection + 8 0000000076d31628 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskeng.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000076d31650 6 bytes [48, B8, 79, 2F, 60, 75]
.text C:\Windows\system32\taskeng.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory + 8 0000000076d31658 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskeng.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000076d31670 6 bytes [48, B8, 79, 36, 60, 75]
.text C:\Windows\system32\taskeng.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject + 8 0000000076d31678 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskeng.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000076d31700 6 bytes [48, B8, B9, 34, 60, 75]
.text C:\Windows\system32\taskeng.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread + 8 0000000076d31708 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskeng.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076d31750 6 bytes [48, B8, 79, F3, 60, 75]
.text C:\Windows\system32\taskeng.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 8 0000000076d31758 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskeng.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx 0000000076d31780 6 bytes [48, B8, 39, 2A, 60, 75]
.text C:\Windows\system32\taskeng.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateProcessEx + 8 0000000076d31788 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskeng.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076d31790 6 bytes [48, B8, B9, 26, 60, 75]
.text C:\Windows\system32\taskeng.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread + 8 0000000076d31798 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskeng.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076d31800 6 bytes [48, B8, F9, EF, 60, 75]
.text C:\Windows\system32\taskeng.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile + 8 0000000076d31808 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskeng.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 0000000076d318b0 6 bytes [48, B8, F9, F6, 60, 75]
.text C:\Windows\system32\taskeng.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey + 8 0000000076d318b8 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskeng.exe[3604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant
Sign In
Create Account
