GMER 1.0.14.14116 - http://www.gmer.net Rootkit scan 2008-02-11 20:38:21 Windows 5.1.2600 Service Pack 2 ---- System - GMER 1.0.14 ---- SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwConnectPort [0xB3E58040] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateFile [0xB3E54930] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateKey [0xB3E5FA80] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreatePort [0xB3E58510] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateProcess [0xB3E5E870] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateProcessEx [0xB3E5EAA0] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateSection [0xB3E61FD0] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateWaitablePort [0xB3E58600] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwDeleteFile [0xB3E54F20] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwDeleteKey [0xB3E606E0] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwDeleteValueKey [0xB3E60440] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwDuplicateObject [0xB3E5E580] SSDT sptd.sys ZwEnumerateKey [0xBA6C3FB2] SSDT sptd.sys ZwEnumerateValueKey [0xBA6C4340] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwLoadDriver [0xB3E523F0] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwLoadKey [0xB3E608B0] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwMapViewOfSection [0xB3E62270] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwOpenFile [0xB3E54D70] SSDT sptd.sys ZwOpenKey [0xBA6BE0B0] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwOpenProcess [0xB3E5E350] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwOpenThread [0xB3E5E150] SSDT sptd.sys ZwQueryKey [0xBA6C4418] SSDT sptd.sys ZwQueryValueKey [0xBA6C4298] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwRenameKey [0xB3E61250] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwReplaceKey [0xB3E60CB0] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwRequestWaitReplyPort [0xB3E57C00] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwRestoreKey [0xB3E61080] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwSecureConnectPort [0xB3E58220] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwSetInformationFile [0xB3E55120] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwSetSystemInformation [0xB3E521C0] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwSetValueKey [0xB3E60140] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwTerminateProcess [0xB3E5ECD0] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwUnloadDriver [0xB3E525F0] SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwWriteVirtualMemory [0xB4216384] INT 0x20 srescan.sys BA4FAC90 ---- Kernel code sections - GMER 1.0.14 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 2BED 805047ED 11 Bytes CALL 6AF0FBD7 ? C:\WINDOWS\system32\drivers\sptd.sys 程序無法存取檔案,因為檔案正由另一個程序使用。 ? jskskdrv.sys 系統找不到指定的檔案。 ! ? srescan.sys 系統找不到指定的檔案。 ! ? ida8.sys 系統找不到指定的檔案。 ! .text USBPORT.SYS!DllUnload B9C9862C 5 Bytes JMP 8A4F4770 ? C:\WINDOWS\system32\Drivers\mchInjDrv.sys 系統找不到指定的檔案。 ! ---- User code sections - GMER 1.0.14 ---- .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] ntdll.dll!NtClose 7C92D586 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] ntdll.dll!NtClose + 4 7C92D58A 2 Bytes [ 2C, 5F ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] ntdll.dll!NtCreateFile 7C92D682 1 Byte [ FF ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] ntdll.dll!NtCreateFile + 2 7C92D684 1 Byte [ 1E ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] ntdll.dll!NtCreateFile + 4 7C92D686 2 Bytes [ 17, 5F ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] ntdll.dll!NtCreateKey 7C92D6D6 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] ntdll.dll!NtCreateKey + 4 7C92D6DA 2 Bytes [ 05, 5F ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] ntdll.dll!NtCreateSection 7C92D793 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] ntdll.dll!NtCreateSection + 4 7C92D797 2 Bytes [ 23, 5F ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] ntdll.dll!NtDeleteKey 7C92D8A4 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] ntdll.dll!NtDeleteKey + 4 7C92D8A8 2 Bytes [ 0B, 5F ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] ntdll.dll!NtDeleteValueKey 7C92D8CE 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] ntdll.dll!NtDeleteValueKey + 4 7C92D8D2 2 Bytes [ 11, 5F ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] ntdll.dll!NtRenameKey 7C92E339 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] ntdll.dll!NtRenameKey + 4 7C92E33D 2 Bytes [ 14, 5F ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] ntdll.dll!NtSetInformationFile 7C92E5D9 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] ntdll.dll!NtSetInformationFile + 4 7C92E5DD 2 Bytes [ 20, 5F ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] ntdll.dll!NtSetValueKey 7C92E7BC 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] ntdll.dll!NtSetValueKey + 4 7C92E7C0 2 Bytes [ 0E, 5F ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] ntdll.dll!NtTerminateProcess 7C92E88E 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] ntdll.dll!NtTerminateProcess + 4 7C92E892 2 Bytes [ 26, 5F ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] ntdll.dll!NtWriteFile 7C92E9F3 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] ntdll.dll!NtWriteFile + 4 7C92E9F7 2 Bytes [ 1A, 5F ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] ntdll.dll!NtWriteFileGather 7C92EA08 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] ntdll.dll!NtWriteFileGather + 4 7C92EA0C 2 Bytes [ 1D, 5F ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] ntdll.dll!NtWriteVirtualMemory 7C92EA32 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] ntdll.dll!NtWriteVirtualMemory + 4 7C92EA36 2 Bytes [ 29, 5F ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] USER32.dll!SetWindowsHookExW 77D3E621 6 Bytes JMP 5F320F5A .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] USER32.dll!SetWindowsHookExA 77D402B2 6 Bytes JMP 5F2E0F5A .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!TranslateNameA + FFFF5059 77FC1185 1 Byte [ 08 ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!TranslateNameA + FFFF505C 77FC1188 5 Bytes [ 7C, D1, 00, 00, 38 ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!TranslateNameA + FFFF5064 77FC1190 2 Bytes [ 00, 00 ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!TranslateNameA + FFFF5068 77FC1194 1 Byte [ 00 ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!TranslateNameA + FFFF506C 77FC1198 1 Byte [ 00 ] .text ... .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!GetUserNameExW + 29 77FC1CA3 8 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!GetUserNameExW + 33 77FC1CAD 17 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!GetUserNameExW + 46 77FC1CC0 11 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!GetUserNameExW + 53 77FC1CCD 5 Bytes [ 00, 00, 00, 00, 00 ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!GetUserNameExW + 59 77FC1CD3 11 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ] .text ... .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!GetUserNameExA + 11 77FC1DE5 31 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!GetUserNameExA + 32 77FC1E06 33 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!GetUserNameExA + 55 77FC1E29 36 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!GetUserNameExA + 7C 77FC1E50 22 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!GetUserNameExA + 93 77FC1E67 32 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ] .text ... .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!CredMarshalTargetInfo + 8A 77FC1F84 17 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!CredMarshalTargetInfo + 9D 77FC1F97 29 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!CredMarshalTargetInfo + BB 77FC1FB5 52 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!CredMarshalTargetInfo + F0 77FC1FEA 350 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!CredMarshalTargetInfo + 24F 77FC2149 68 Bytes [ 00, 00, 00, CC, D7, DA, 77, ... ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!LsaFreeReturnBuffer + 23 77FC218E 13 Bytes [ 00, 00, A4, 14, 00, 00, 01, ... ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!LsaCallAuthenticationPackage + 9 77FC219C 1 Byte [ 4C ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!LsaCallAuthenticationPackage + B 77FC219E 9 Bytes [ 00, 00, AC, 11, 00, 00, DC, ... ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!LsaCallAuthenticationPackage + 15 77FC21A8 35 Bytes [ 0C, 14, 00, 00, A8, 9F, 00, ... ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!LsaCallAuthenticationPackage + 39 77FC21CC 10 Bytes [ 85, 8B, 00, 00, 34, A3, 00, ... ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!LsaCallAuthenticationPackage + 44 77FC21D7 8 Bytes [ 00, FA, 1E, 00, 00, 2C, 85, ... ] .text ... .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!FreeContextBuffer + B1 77FC293F 47 Bytes [ 51, 75, 65, 72, 79, 53, 65, ... ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!FreeContextBuffer + E1 77FC296F 150 Bytes [ 53, 61, 73, 6C, 41, 63, 63, ... ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!FreeContextBuffer + 178 77FC2A06 134 Bytes [ 50, 61, 63, 6B, 61, 67, 65, ... ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!EnumerateSecurityPackagesW + 67 77FC2A8D 85 Bytes [ 4C, 6F, 63, 61, 6C, 65, 53, ... ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!EnumerateSecurityPackagesW + BD 77FC2AE3 161 Bytes [ 53, 65, 63, 70, 54, 72, 61, ... ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!EnumerateSecurityPackagesW + 15F 77FC2B85 76 Bytes [ 75, 10, 8B, 7D, 08, 56, FF, ... ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!FreeCredentialsHandle + 31 77FC2BD2 26 Bytes [ 55, 8B, EC, 51, 51, 83, 65, ... ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!FreeCredentialsHandle + 4E 77FC2BEF 8 Bytes [ 85, C0, 74, 08, 8B, 0D, 28, ... ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!FreeCredentialsHandle + 57 77FC2BF8 56 Bytes [ 77, 89, 08, 33, C0, C9, C2, ... ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!FreeCredentialsHandle + 90 77FC2C31 54 Bytes [ FF, FF, FF, 89, 45, F8, 8D, ... ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!FreeCredentialsHandle + C7 77FC2C68 19 Bytes [ F7, C1, 00, 00, FF, FF, 0F, ... ] .text ... .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!DeleteSecurityContext + 15 77FC2D32 1 Byte [ FE ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!DeleteSecurityContext + 17 77FC2D34 62 Bytes [ FF, 50, 50, FF, 75, FC, 66, ... ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!DeleteSecurityContext + 56 77FC2D73 1 Byte [ FF ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!DeleteSecurityContext + 58 77FC2D75 45 Bytes [ D8, 3B, DE, 7C, 44, F6, 85, ... ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!DeleteSecurityContext + 86 77FC2DA3 83 Bytes [ 00, 00, 75, 17, 8B, 7F, 04, ... ] .text ... .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!AcquireCredentialsHandleW + 20 77FC3133 50 Bytes [ 55, 8B, EC, 8B, 45, 0C, 83, ... ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!AcquireCredentialsHandleW + 53 77FC3166 5 Bytes [ 90, 90, 90, 90, 90 ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!AcquireCredentialsHandleW + 59 77FC316C 8 Bytes [ FF, 55, 8B, EC, 51, 83, 65, ... ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!AcquireCredentialsHandleW + 62 77FC3175 55 Bytes [ 68, 00, 80, 00, 00, 8D, 45, ... ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!AcquireCredentialsHandleW + 9A 77FC31AD 106 Bytes [ FF, 8B, 45, 10, 89, 85, 7C, ... ] .text ... .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!MakeSignature + 2 77FC32E9 27 Bytes [ FF, FF, 68, 94, E0, FC, 77, ... ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!MakeSignature + 1E 77FC3305 388 Bytes [ 70, 0C, FF, 15, A8, 10, FC, ... ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!LsaLogonUser + A2 77FC348A 79 Bytes [ 00, 00, 33, C0, A3, FC, E0, ... ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!QueryCredentialsAttributesW + 2 77FC34DA 10 Bytes [ 15, 54, 10, FC, 77, 8B, C3, ... ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!QueryCredentialsAttributesW + D 77FC34E5 3 Bytes [ FF, C2, 04 ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!QueryCredentialsAttributesW + 11 77FC34E9 172 Bytes [ 90, 90, 90, 90, 90, 90, 90, ... ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!QueryCredentialsAttributesW + BE 77FC3596 58 Bytes [ 00, 00, 83, 7D, FC, 00, 8B, ... ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!QueryCredentialsAttributesW + F9 77FC35D1 112 Bytes [ 53, 56, 68, 94, E0, FC, 77, ... ] .text ... .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!QuerySecurityPackageInfoW + 30 77FC38A5 40 Bytes [ 00, FF, 15, 3C, 11, FC, 77, ... ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!QuerySecurityPackageInfoW + 59 77FC38CE 41 Bytes [ 35, 78, E0, FC, 77, 85, F6, ... ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!QuerySecurityPackageInfoW + 83 77FC38F8 170 Bytes [ 85, B7, 47, 00, 00, A3, 78, ... ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!InitSecurityInterfaceA + 36 77FC39A3 9 Bytes [ 83, 65, FC, 00, 8B, 75, 0C, ... ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!InitSecurityInterfaceA + 42 77FC39AF 8 Bytes [ 69, 83, F8, FF, 74, 64, 8B, ... ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!InitSecurityInterfaceA + 4B 77FC39B8 21 Bytes [ 15, F4, 10, FC, 77, 3B, F8, ... ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!InitSecurityInterfaceA + 61 77FC39CE 18 Bytes [ 85, C0, 74, 25, 8B, 48, 14, ... ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!InitSecurityInterfaceA + 74 77FC39E1 34 Bytes [ 00, 74, 28, F6, C1, 01, 8B, ... ] .text ... .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!LsaRegisterPolicyChangeNotification + 7D 77FC4B52 5 Bytes [ 15, 7C, 11, FC, 77 ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!LsaRegisterPolicyChangeNotification + 83 77FC4B58 59 Bytes [ C0, 0F, 85, 10, 36, 00, 00, ... ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!LsaRegisterPolicyChangeNotification + BF 77FC4B94 61 Bytes [ C5, 26, 00, 00, 3B, C3, 0F, ... ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!LsaLookupAuthenticationPackage + 20 77FC4BD2 7 Bytes [ 53, 57, FF, 75, FC, FF, D6 ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!LsaLookupAuthenticationPackage + 28 77FC4BDA 57 Bytes [ 75, FC, 8B, F0, FF, 15, 64, ... ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!LsaLookupAuthenticationPackage + 63 77FC4C15 8 Bytes [ 85, C0, 0F, 84, 99, 00, 00, ... ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!LsaLookupAuthenticationPackage + 6C 77FC4C1E 37 Bytes [ 45, F4, EB, E6, 90, 90, 20, ... ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!LsaLookupAuthenticationPackage + 92 77FC4C44 21 Bytes [ 69, 00, 64, 00, 65, 00, 72, ... ] .text ... .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!LsaRegisterLogonProcess + B 77FC4D32 39 Bytes [ 90, 90, 56, 00, 65, 00, 72, ... ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!LsaRegisterLogonProcess + 33 77FC4D5A 72 Bytes [ 69, 00, 6C, 00, 69, 00, 74, ... ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!LsaRegisterLogonProcess + 7C 77FC4DA3 78 Bytes [ C0, 8B, 4D, 08, 89, 41, 04, ... ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!LsaRegisterLogonProcess + CB 77FC4DF2 1 Byte [ 2E ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!LsaRegisterLogonProcess + CD 77FC4DF4 21 Bytes [ 44, 00, 4C, 00, 4C, 00, 00, ... ] .text ... .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!LsaConnectUntrusted + 2F 77FC4EDA 13 Bytes JMP 77FC57C4 C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!LsaConnectUntrusted + 3D 77FC4EE8 46 Bytes JMP 77FC57C1 C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!LsaConnectUntrusted + 6D 77FC4F18 63 Bytes [ 8B, 4D, 0C, 89, 01, 8B, 45, ... ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!LsaConnectUntrusted + AD 77FC4F58 38 Bytes [ 00, A1, CC, E0, FC, 77, 57, ... ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!LsaConnectUntrusted + D4 77FC4F7F 16 Bytes [ 8B, C8, B8, 00, 00, 00, C0, ... ] .text ... .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!AcceptSecurityContext + 1 77FC536A 434 Bytes [ 45, F0, 66, 89, 46, 30, 8D, ... ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!QueryContextAttributesW + C6 77FC551D 116 Bytes [ 77, 5E, 5D, C2, 04, 00, 90, ... ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!RevertSecurityContext + 17 77FC5592 12 Bytes [ 45, 88, 89, 45, F8, 8D, 45, ... ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!RevertSecurityContext + 24 77FC559F 28 Bytes [ FF, 8B, F0, 85, F6, 0F, 84, ... ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!RevertSecurityContext + 44 77FC55BF 9 Bytes [ 90, 8B, FF, 55, 8B, EC, 81, ... ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!RevertSecurityContext + 4F 77FC55CA 71 Bytes [ 00, 56, 57, 33, F6, 66, 89, ... ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!RevertSecurityContext + 97 77FC5612 25 Bytes [ FF, 89, 7D, FC, 0F, 84, E4, ... ] .text ... .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!InitializeSecurityContextW + E 77FC5BF8 5 Bytes [ 00, 83, A5, 5C, FF ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!InitializeSecurityContextW + 14 77FC5BFE 11 Bytes [ FF, 00, 83, C4, 0C, 85, C0, ... ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!InitializeSecurityContextW + 20 77FC5C0A 8 Bytes [ FF, FF, 90, 00, 66, C7, 85, ... ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!InitializeSecurityContextW + 29 77FC5C13 48 Bytes [ FF, FF, A8, 00, 75, 2B, 8D, ... ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!InitializeSecurityContextW + 5A 77FC5C44 26 Bytes [ 8D, 8D, 58, FF, FF, FF, 51, ... ] .text ... .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!SecCacheSspiPackages + 21 77FC5F8C 46 Bytes [ FF, FF, 8C, 00, 00, 00, FF, ... ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!SecCacheSspiPackages + 50 77FC5FBB 13 Bytes [ B0, 10, FC, 77, 3B, C3, 7C, ... ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!SecCacheSspiPackages + 5E 77FC5FC9 71 Bytes [ 5F, 8B, 4D, FC, 5E, 5B, E8, ... ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!SecCacheSspiPackages + A6 77FC6011 23 Bytes JMP 77FC6436 C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!SecCacheSspiPackages + BE 77FC6029 62 Bytes JMP 77FC3630 C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) .text ... .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!LsaDeregisterLogonProcess + 15 77FC7C72 29 Bytes [ 66, 89, 9D, 22, FF, FF, FF, ... ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!LsaDeregisterLogonProcess + 34 77FC7C91 1 Byte [ FF ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!LsaDeregisterLogonProcess + 36 77FC7C93 10 Bytes JMP 77FC406A C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!LsaDeregisterLogonProcess + 41 77FC7C9E 17 Bytes JMP 77FC3CB6 C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!LsaDeregisterLogonProcess + 53 77FC7CB0 20 Bytes [ B8, 08, 03, 09, 80, E9, F1, ... ] .text ... .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!CredUnmarshalTargetInfo + 2 77FC852E 72 Bytes [ 15, 64, 11, FC, 77, 8B, C7, ... ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!CredUnmarshalTargetInfo + 4B 77FC8577 110 Bytes [ ED, FF, FF, 85, C0, 74, 5C, ... ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!CredUnmarshalTargetInfo + BB 77FC85E7 84 Bytes JMP 77FC4867 C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!CredUnmarshalTargetInfo + 111 77FC863D 120 Bytes [ 56, FF, 15, 50, 10, FC, 77, ... ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!CredUnmarshalTargetInfo + 18A 77FC86B6 26 Bytes JMP 77FC624A C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) .text ... .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!SecGetLocaleSpecificEncryptionRules + 27 77FC8AF6 52 Bytes [ FF, 6A, 08, FF, 15, BC, 10, ... ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!SecGetLocaleSpecificEncryptionRules + 5C 77FC8B2B 8 Bytes [ FC, 33, 75, F8, FF, 15, D0, ... ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!SecGetLocaleSpecificEncryptionRules + 66 77FC8B35 74 Bytes [ 33, F0, FF, 15, D4, 10, FC, ... ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!SecGetLocaleSpecificEncryptionRules + B1 77FC8B80 33 Bytes [ 5C, 00, 4D, 00, 69, 00, 63, ... ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!AddSecurityPackageW + 1D 77FC8BA2 53 Bytes [ 67, 00, 72, 00, 61, 00, 70, ... ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!AddSecurityPackageA + 14 77FC8BD8 7 Bytes [ 00, 00, 90, 90, 72, 00, 70 ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!AddSecurityPackageA + 1C 77FC8BE0 1 Byte [ 63 ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!AddSecurityPackageA + 1E 77FC8BE2 42 Bytes [ 72, 00, 74, 00, 34, 00, 2E, ... ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!AddSecurityPackageA + 49 77FC8C0D 9 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!AddSecurityPackageA + 53 77FC8C17 12 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!DeleteSecurityPackageA + 8 77FC8C24 107 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!DeleteSecurityPackageA + 74 77FC8C90 106 Bytes [ FF, A8, 00, 75, 13, 8D, 85, ... ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!DeleteSecurityPackageA + DF 77FC8CFB 36 Bytes [ 00, 57, 33, C0, 6A, 2C, 59, ... ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!DeleteSecurityPackageA + 104 77FC8D20 56 Bytes [ 8B, 45, 10, 3B, C3, 66, C7, ... ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!DeleteSecurityPackageA + 13E 77FC8D5A 10 Bytes [ 8B, 48, 04, 89, 8D, 2C, FF, ... ] .text ... .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!SecInitUserModeContext + 22 77FC9F7D 25 Bytes [ FF, 15, 40, 11, FC, 77, 85, ... ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!SecInitUserModeContext + 3C 77FC9F97 85 Bytes [ 65, 8B, 35, 00, E1, FC, 77, ... ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!SecDeleteUserModeContext + 45 77FC9FED 111 Bytes [ FF, 15, 54, 10, FC, 77, 8B, ... ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!SecDeleteUserModeContext + B5 77FCA05D 83 Bytes [ 15, 54, 10, FC, 77, B8, 00, ... ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!SecDeleteUserModeContext + 109 77FCA0B1 39 Bytes [ 22, 00, 57, FF, 15, 54, 10, ... ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!SecDeleteUserModeContext + 132 77FCA0DA 174 Bytes [ 74, 7D, 8B, 43, 4C, 8B, 4B, ... ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!SecDeleteUserModeContext + 1E1 77FCA189 71 Bytes [ 85, C0, 74, 18, 8B, 45, 08, ... ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!LsaUnregisterPolicyChangeNotification + 6 77FCA1D1 1 Byte [ 10 ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!LsaUnregisterPolicyChangeNotification + 8 77FCA1D3 2 Bytes [ 94, 95 ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!LsaUnregisterPolicyChangeNotification + C 77FCA1D7 17 Bytes [ 8B, F8, 8D, 45, F8, 50, FF, ... ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!LsaUnregisterPolicyChangeNotification + 1E 77FCA1E9 98 Bytes [ 74, 2D, F6, 47, 14, 04, 74, ... ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!LsaGetLogonSessionData + 3A 77FCA24C 81 Bytes [ 6A, 00, 56, 8D, 45, F8, 50, ... ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!AddCredentialsW + 14 77FCA29E 72 Bytes [ D6, 84, C0, 74, 21, 8B, 45, ... ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!AddCredentialsA + 9 77FCA2E8 3 Bytes [ 00, 00, 75 ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!AddCredentialsA + D 77FCA2EC 130 Bytes [ B8, 3C, E3, FC, 77, 8D, 4D, ... ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!ApplyControlToken + 3D 77FCA371 96 Bytes CALL 77FC392B C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!CompleteAuthToken + A 77FCA3D2 42 Bytes [ 08, 8B, 08, 8B, 40, 04, 89, ... ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!CompleteAuthToken + 35 77FCA3FD 18 Bytes [ 8D, 45, F0, 50, 6A, 00, E8, ... ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!QuerySecurityContextToken + 1 77FCA410 44 Bytes [ F0, 75, 0D, 56, FF, 35, 74, ... ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!QuerySecurityContextToken + 2E 77FCA43D 85 Bytes [ 5E, C9, C2, 20, 00, 90, 90, ... ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!QueryContextAttributesA + 2C 77FCA493 30 Bytes [ FC, 77, BF, 00, 03, 09, 80, ... ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!SetContextAttributesW + 1 77FCA4B2 195 Bytes [ 40, 04, 89, 45, EC, 8D, 45, ... ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!QueryCredentialsAttributesA + 1 77FCA576 55 Bytes [ F8, 85, FF, 7C, 4E, 8B, 45, ... ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!QueryCredentialsAttributesA + 39 77FCA5AE 13 Bytes [ 85, C0, 74, 04, 89, 06, EB, ... ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!QueryCredentialsAttributesA + 49 77FCA5BE 103 Bytes CALL 77FC3169 C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!DecryptMessage + 8 77FCA626 39 Bytes [ FF, 35, 74, E0, FC, 77, FF, ... ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!DecryptMessage + 30 77FCA64E 12 Bytes [ FF, 5E, C9, C2, 08, 00, 90, ... ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!DecryptMessage + 3D 77FCA65B 74 Bytes [ 55, 8B, EC, 56, 8B, 75, 0C, ... ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!ExportSecurityContext + 3A 77FCA6A7 1 Byte [ 08 ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!ExportSecurityContext + 3C 77FCA6A9 1 Byte [ 45 ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!ExportSecurityContext + 3E 77FCA6AB 32 Bytes [ 50, FF, 15, 9C, 10, FC, 77, ... ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!ImportSecurityContextW + 2 77FCA6CC 26 Bytes [ F6, 05, 27, E0, FC, 77, 20, ... ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!ImportSecurityContextW + 1E 77FCA6E8 6 Bytes [ 15, 28, 10, FC, 77, 50 ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!ImportSecurityContextW + 25 77FCA6EF 42 Bytes [ 15, BC, 10, FC, 77, 68, 04, ... ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!ImportSecurityContextW + 50 77FCA71A 30 Bytes [ 85, C0, 75, 07, BE, 01, 03, ... ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!ImportSecurityContextW + 6F 77FCA739 43 Bytes [ FF, D0, 8B, F0, EB, 05, BE, ... ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!ImportSecurityContextA + 20 77FCA765 28 Bytes [ 00, 90, 90, 90, 90, 90, 8B, ... ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!ImportSecurityContextA + 3D 77FCA782 24 Bytes [ 3B, C7, 75, 07, BE, 01, 03, ... ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!ImportSecurityContextA + 56 77FCA79B 6 Bytes [ 15, BC, 10, FC, 77, B8 ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!ImportSecurityContextA + 5D 77FCA7A2 11 Bytes [ 03, 09, 80, EB, 63, 8B, 40, ... ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!ImportSecurityContextA + 6A 77FCA7AF 42 Bytes [ 40, 18, 3B, C7, 74, 0D, 8D, ... ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!AcquireCredentialsHandleA + 1B 77FCA7DB 46 Bytes [ FC, 6A, FF, FF, 15, 24, 10, ... ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!InitializeSecurityContextA + 1A 77FCA80A 21 Bytes [ 5F, 5E, C9, C2, 08, 00, 90, ... ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!InitializeSecurityContextA + 30 77FCA820 22 Bytes [ 39, 3D, 38, E3, FC, 77, 89, ... ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!InitializeSecurityContextA + 48 77FCA838 78 Bytes [ 00, FF, 15, BC, 10, FC, 77, ... ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!InitializeSecurityContextA + 97 77FCA887 136 Bytes [ 45, DC, 8B, 46, 04, 89, 45, ... ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!InitializeSecurityContextA + 121 77FCA911 23 Bytes [ F0, 8B, 40, 64, 3B, C7, 74, ... ] .text ... .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!SaslEnumerateProfilesA 77FCADCC 3 Bytes [ 90, 90, 90 ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!SaslEnumerateProfilesA + 4 77FCADD0 40 Bytes [ FF, 55, 8B, EC, 83, 3D, 38, ... ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!SaslGetProfilePackageA + D 77FCADF9 32 Bytes [ FF, 85, C0, 75, 07, BE, 01, ... ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!SaslGetProfilePackageW + 2 77FCAE1A 25 Bytes [ EB, 42, 8B, 40, 64, 85, C0, ... ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!SaslGetProfilePackageW + 1C 77FCAE34 46 Bytes [ 76, 04, FF, D0, 8B, F0, EB, ... ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!SaslGetProfilePackageW + 4B 77FCAE63 79 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!SaslGetProfilePackageW + 9B 77FCAEB3 16 Bytes [ EB, 42, 8B, 40, 64, 85, C0, ... ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!SaslGetProfilePackageW + AC 77FCAEC4 5 Bytes [ 75, 14, FF, 75, 10 ] .text ... .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!SaslIdentifyPackageA + 9 77FCB11C 68 Bytes [ 77, 50, FF, 15, BC, 10, FC, ... ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!SaslIdentifyPackageW + 20 77FCB161 26 Bytes CALL 77FCA1B1 C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!SaslIdentifyPackageW + 3B 77FCB17C 50 Bytes [ 34, 85, C0, 74, 1C, 8B, 75, ... ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!SaslIdentifyPackageW + 6F 77FCB1B0 1 Byte [ BC ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!SaslIdentifyPackageW + 73 77FCB1B4 24 Bytes [ 68, 04, 03, 09, 80, 57, E8, ... ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!SaslIdentifyPackageW + 8C 77FCB1CD 110 Bytes [ 55, 8B, EC, 6A, 00, E8, F9, ... ] .text ... .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!SaslInitializeSecurityContextW + 2B 77FCB2E5 3 Bytes [ 7D, 10, 00 ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!SaslInitializeSecurityContextW + 2F 77FCB2E9 17 Bytes [ 07, B8, 05, 03, 09, 80, EB, ... ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!SaslInitializeSecurityContextW + 41 77FCB2FB 15 Bytes [ F0, 85, F6, 75, 0A, B8, 05, ... ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!SaslInitializeSecurityContextW + 51 77FCB30B 22 Bytes [ 46, 58, 83, 78, 58, 00, 75, ... ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!SaslInitializeSecurityContextW + 68 77FCB322 30 Bytes [ 15, 00, 11, FC, 77, 8B, 46, ... ] .text ... .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!SaslInitializeSecurityContextA + 6 77FCB3C9 19 Bytes [ FF, 55, 8B, EC, 51, 51, 56, ... ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!SaslInitializeSecurityContextA + 1A 77FCB3DD 84 Bytes [ FF, 8B, F0, 85, F6, 74, 1C, ... ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!SaslInitializeSecurityContextA + 6F 77FCB432 4 Bytes [ 74, 1D, 6A, 00 ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!SaslInitializeSecurityContextA + 74 77FCB437 5 Bytes [ 35, 70, E0, FC, 77 ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!SaslInitializeSecurityContextA + 7A 77FCB43D 59 Bytes [ 15, 00, 11, FC, 77, FF, 75, ... ] .text ... .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!SaslAcceptSecurityContext + 42 77FCB50E 25 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!SaslAcceptSecurityContext + 5C 77FCB528 7 Bytes [ FF, 8B, F0, 85, F6, 74, 37 ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!SaslAcceptSecurityContext + 64 77FCB530 28 Bytes [ 46, 58, 83, 38, 02, 72, 28, ... ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!SaslAcceptSecurityContext + 81 77FCB54D 13 Bytes [ 8B, 46, 58, FF, 75, 10, 8D, ... ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!SaslAcceptSecurityContext + 8F 77FCB55B 64 Bytes [ 50, 6C, EB, 0C, B8, 02, 03, ... ] .text ... .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!SecpFreeMemory + 31 77FCB78C 71 Bytes [ 77, 8B, 46, 58, 8D, 4D, F8, ... ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!SecpFreeMemory + 79 77FCB7D4 206 Bytes [ 75, 18, FF, 75, 14, FF, 75, ... ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!SecpFreeMemory + 148 77FCB8A3 80 Bytes [ 15, 38, 11, FC, 77, 8B, 40, ... ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!SecpFreeMemory + 199 77FCB8F4 27 Bytes [ C0, C2, 08, 00, 90, 90, 90, ... ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!SecpFreeMemory + 1B5 77FCB910 47 Bytes [ 45, 08, 56, 8B, 70, 04, 33, ... ] .text ... .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!SecpTranslateNameEx + 17 77FCBAF9 5 Bytes [ 8B, 85, 68, FF, FF ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!SecpTranslateNameEx + 1D 77FCBAFF 8 Bytes [ 39, 06, 73, 16, C7, 85, 78, ... ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!SecpTranslateNameEx + 27 77FCBB09 19 Bytes [ 00, 03, 09, 80, EB, 0A, C7, ... ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!SecpTranslateNameEx + 3B 77FCBB1D 18 Bytes [ FF, FF, 00, 0F, 8C, 87, 00, ... ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!SecpTranslateNameEx + 4E 77FCBB30 21 Bytes [ FF, FF, 8B, BD, 74, FF, FF, ... ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!SecpTranslateName + D 77FCBB46 46 Bytes [ FF, 83, E1, 03, F3, A4, 03, ... ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!SecpTranslateName + 3C 77FCBB75 11 Bytes [ 8D, 5C, FF, FF, FF, 8B, B5, ... ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!SecpTranslateName + 48 77FCBB81 90 Bytes [ 3C, 02, 8B, C1, C1, E9, 02, ... ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!SecpTranslateName + A3 77FCBBDC 21 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!SecpTranslateName + B9 77FCBBF2 16 Bytes [ C6, 45, FC, 01, 74, 04, C6, ... ] .text ... .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!GetComputerObjectNameW + 26 77FCBECE 11 Bytes [ 15, 40, 11, FC, 77, 8B, D8, ... ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!GetComputerObjectNameW + 32 77FCBEDA 5 Bytes [ 75, FC, E8, 8A, 72 ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!GetComputerObjectNameW + 39 77FCBEE1 82 Bytes [ BE, 00, 03, 09, 80, EB, 76, ... ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!GetComputerObjectNameW + 8C 77FCBF34 2 Bytes [ 1B, 57 ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!GetComputerObjectNameW + 8F 77FCBF37 105 Bytes CALL 77FC4892 C:\WINDOWS\system32\Secur32.dll (Security Support Provider Interface/Microsoft Corporation) .text ... .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!GetComputerObjectNameA + 17 77FCC091 15 Bytes [ 75, 08, 80, 3E, 06, 75, 6B, ... ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!GetComputerObjectNameA + 29 77FCC0A3 54 Bytes [ 49, 04, 40, 40, 33, D2, 85, ... ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!GetComputerObjectNameA + 60 77FCC0DA 51 Bytes [ 3B, 55, F8, 89, 7D, FC, 72, ... ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!GetComputerObjectNameA + 94 77FCC10E 79 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!TranslateNameA + 32 77FCC15E 29 Bytes [ 8B, 49, 08, 8B, 55, 0C, 89, ... ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!TranslateNameA + 50 77FCC17C 46 Bytes [ 11, FC, 77, 8B, F0, 85, F6, ... ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!TranslateNameA + 7F 77FCC1AB 130 Bytes [ 89, 46, 24, FF, 15, 70, 10, ... ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!TranslateNameA + 102 77FCC22E 35 Bytes [ 4E, 04, 89, 01, 89, 48, 04, ... ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[272] Secur32.dll!TranslateNameA + 126 77FCC252 4 Bytes [ EC, 56, 8B, 75 ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ntdll.dll!NtClose 7C92D586 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ntdll.dll!NtClose + 4 7C92D58A 2 Bytes [ 2C, 5F ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ntdll.dll!NtCreateFile 7C92D682 1 Byte [ FF ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ntdll.dll!NtCreateFile + 2 7C92D684 1 Byte [ 1E ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ntdll.dll!NtCreateFile + 4 7C92D686 2 Bytes [ 17, 5F ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ntdll.dll!NtCreateKey 7C92D6D6 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ntdll.dll!NtCreateKey + 4 7C92D6DA 2 Bytes [ 05, 5F ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ntdll.dll!NtCreateSection 7C92D793 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ntdll.dll!NtCreateSection + 4 7C92D797 2 Bytes [ 23, 5F ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ntdll.dll!NtDeleteKey 7C92D8A4 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ntdll.dll!NtDeleteKey + 4 7C92D8A8 2 Bytes [ 0B, 5F ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ntdll.dll!NtDeleteValueKey 7C92D8CE 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ntdll.dll!NtDeleteValueKey + 4 7C92D8D2 2 Bytes [ 11, 5F ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ntdll.dll!NtRenameKey 7C92E339 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ntdll.dll!NtRenameKey + 4 7C92E33D 2 Bytes [ 14, 5F ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ntdll.dll!NtSetInformationFile 7C92E5D9 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ntdll.dll!NtSetInformationFile + 4 7C92E5DD 2 Bytes [ 20, 5F ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ntdll.dll!NtSetValueKey 7C92E7BC 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ntdll.dll!NtSetValueKey + 4 7C92E7C0 2 Bytes [ 0E, 5F ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ntdll.dll!NtTerminateProcess 7C92E88E 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ntdll.dll!NtTerminateProcess + 4 7C92E892 2 Bytes [ 26, 5F ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ntdll.dll!NtWriteFile 7C92E9F3 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ntdll.dll!NtWriteFile + 4 7C92E9F7 2 Bytes [ 1A, 5F ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ntdll.dll!NtWriteFileGather 7C92EA08 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ntdll.dll!NtWriteFileGather + 4 7C92EA0C 2 Bytes [ 1D, 5F ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ntdll.dll!NtWriteVirtualMemory 7C92EA32 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ntdll.dll!NtWriteVirtualMemory + 4 7C92EA36 2 Bytes [ 29, 5F ] .text C:\WINDOWS\System32\nvsvc32.exe[468] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\System32\nvsvc32.exe[468] USER32.dll!SetWindowsHookExW 77D3E621 6 Bytes JMP 5F320F5A .text C:\WINDOWS\System32\nvsvc32.exe[468] USER32.dll!SetWindowsHookExA 77D402B2 6 Bytes JMP 5F2E0F5A .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!WdtpInterfacePointer_UserFree + FFEDDA86 76991931 51 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!WdtpInterfacePointer_UserFree + FFEDDAC1 7699196C 1 Byte [ 00 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!WdtpInterfacePointer_UserFree + FFEDDAC8 76991973 3 Bytes [ 00, 00, 00 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!WdtpInterfacePointer_UserFree + FFEDDAD1 7699197C 1 Byte [ 00 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!WdtpInterfacePointer_UserFree + FFEDDAD8 76991983 3 Bytes [ 00, 00, 00 ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoTaskMemAlloc + 17 769A207F 7 Bytes [ 48, 41, 43, 43, 45, 4C, 5F ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoTaskMemAlloc + 1F 769A2087 160 Bytes [ 73, 65, 72, 55, 6E, 6D, 61, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoTaskMemAlloc + C0 769A2128 279 Bytes [ 48, 44, 43, 5F, 55, 73, 65, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoTaskMemAlloc + 1D8 769A2240 146 Bytes [ 48, 49, 43, 4F, 4E, 5F, 55, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoTaskMemAlloc + 26B 769A22D3 288 Bytes [ 49, 43, 54, 5F, 55, 73, 65, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!ComPs_NdrDllCanUnloadNow + 5B 769A23F4 267 Bytes [ 49, 49, 44, 46, 72, 6F, 6D, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!ComPs_NdrDllCanUnloadNow + 167 769A2500 254 Bytes [ 4F, 6C, 65, 43, 6F, 6E, 76, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!ComPs_NdrDllCanUnloadNow + 266 769A25FF 114 Bytes [ 4F, 6C, 65, 43, 72, 65, 61, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!ComPs_NdrDllCanUnloadNow + 2D9 769A2672 16 Bytes [ 4F, 6C, 65, 44, 6F, 41, 75, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!ComPs_NdrDllCanUnloadNow + 2EA 769A2683 24 Bytes [ 4F, 6C, 65, 44, 72, 61, 77, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!GetRunningObjectTable + 8F 769A2C08 134 Bytes [ 53, 74, 67, 53, 65, 74, 54, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!GetRunningObjectTable + 116 769A2C8F 266 Bytes [ 36, 49, 6E, 66, 6F, 00, 55, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!StringFromGUID2 + A0 769A2D9A 3 Bytes [ 00, 00, 00 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!StringFromGUID2 + A6 769A2DA0 6 Bytes [ 00, 00, 00, 00, 00, 00 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!StringFromGUID2 + AE 769A2DA8 5 Bytes [ BA, 38, 9A, 76, 01 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!StringFromGUID2 + B4 769A2DAE 5 Bytes [ 00, 00, 02, 00, 05 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!StringFromGUID2 + BB 769A2DB5 10 Bytes [ 00, 00, 00, 5B, 01, 00, 06, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoGetMalloc + 8 769A305B 28 Bytes [ 50, FF, 51, 14, 5D, C2, 04, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoGetMalloc + 25 769A3078 59 Bytes [ FF, 51, 0C, 5D, C2, 04, 00, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoGetMalloc + 61 769A30B4 7 Bytes [ 33, C0, 40, 5E, 5D, C2, 0C ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoGetMalloc + 69 769A30BC 79 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoGetMalloc + B9 769A310C 30 Bytes [ 89, 45, 0C, 0F, 84, BB, 2D, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!IsValidInterface + 36 769A3BE3 57 Bytes [ 3B, C7, 89, 45, FC, 0F, 84, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!IsValidInterface + 70 769A3C1D 56 Bytes [ 56, 8B, 75, 08, 33, C9, 80, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!IsValidInterface + A9 769A3C56 88 Bytes [ 83, E2, 0F, 66, 8B, 14, 55, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!IsValidInterface + 102 769A3CAF 18 Bytes [ 00, 66, C7, 00, 2D, 00, EB, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!IsValidInterface + 115 769A3CC2 24 Bytes [ 7D, 10, 27, 0F, 8C, 16, 64, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoUninitialize + 25 769A41E5 5 Bytes [ 8B, 0D, 9C, 57, AB ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoUninitialize + 2B 769A41EB 118 Bytes [ 8B, 45, 08, 89, 48, 10, 8B, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!SetErrorInfo + 3E 769A4262 25 Bytes CALL 769A33A3 C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!SetErrorInfo + 58 769A427C 59 Bytes CALL 769A4203 C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoCreateGuid + F 769A42B8 37 Bytes [ 08, 33, 9A, 76, 0E, 5A, 9A, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoCreateGuid + 35 769A42DE 9 Bytes [ 00, 00, 02, 00, 05, 00, 00, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoCreateGuid + 3F 769A42E8 33 Bytes [ 5B, 01, 00, 06, F8, 33, 9A, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoInitializeEx + 17 769A430A 73 Bytes [ 00, 00, 60, 9E, E7, B9, 52, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoInitializeEx + 61 769A4354 33 Bytes [ 30, 41, 00, 00, 12, 08, 25, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoInitializeEx + 83 769A4376 57 Bytes [ 12, 00, 1F, 00, 00, 04, 00, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoInitializeEx + BD 769A43B0 17 Bytes [ 10, 5C, 11, 00, F2, FF, 11, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoInitializeEx + CF 769A43C2 7 Bytes [ 11, 14, 02, 00, 12, 00, 22 ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CreateBindCtx + 23 769A473E 1 Byte [ 12 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CreateBindCtx + 25 769A4740 23 Bytes [ D6, FF, 00, 00, 0D, 3C, A4, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CreateBindCtx + 3D 769A4758 87 Bytes [ 02, 5B, 15, 00, 06, 00, 4C, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CreateBindCtx + 95 769A47B0 51 Bytes [ 08, 00, 12, 00, E0, FF, 5B, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CreateBindCtx + C9 769A47E4 2 Bytes [ 00, 00 ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!RegisterDragDrop + 7 769A4F98 11 Bytes [ 45, F8, 8B, 45, F8, 3B, 05, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!RegisterDragDrop + 13 769A4FA4 4 Bytes [ 87, 7C, 76, 02 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!RegisterDragDrop + 18 769A4FA9 115 Bytes [ 8B, 77, 0C, 81, 7D, FC, 1F, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!RegisterDragDrop + 8C 769A501D 311 Bytes [ 5B, C3, 90, 90, 90, 90, 90, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!RevokeDragDrop + 104 769A5155 8 Bytes [ BB, 00, 01, 00, 00, 85, FF, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!RevokeDragDrop + 10D 769A515E 2 Bytes [ D2, BF ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!RevokeDragDrop + 110 769A5161 95 Bytes [ 00, 8B, 45, 14, 5F, 5B, 5D, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!RevokeDragDrop + 170 769A51C1 116 Bytes [ FF, 55, 8B, EC, 51, 56, 57, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!RevokeDragDrop + 1E6 769A5237 41 Bytes [ 88, 80, 0F, 00, 00, 89, 4D, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!DllGetClassObject 769A67F3 32 Bytes [ 90, 90, 83, C1, 04, 51, FF, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!DllGetClassObject + 21 769A6814 29 Bytes [ A9, CB, FF, FF, A1, D8, 5F, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!DllGetClassObject + 3F 769A6832 49 Bytes [ FF, FF, FF, 33, FF, 8B, CE, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!DllGetClassObject + 71 769A6864 10 Bytes [ 00, 83, 7D, 08, 01, 0F, 84, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!DllGetClassObject + 7C 769A686F 11 Bytes JMP 769A8D69 C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoMarshalInterface + 3F 769A74C4 2 Bytes [ 0C, 89 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoMarshalInterface + 42 769A74C7 4 Bytes [ FC, 50, E8, 63 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoMarshalInterface + 48 769A74CD 160 Bytes [ 00, 8B, 45, FC, 83, C6, 30, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoMarshalInterface + E9 769A756E 75 Bytes [ 00, 00, 02, 57, 0F, 85, E0, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoMarshalInterface + 135 769A75BA 125 Bytes [ 52, 04, 89, 50, 0C, 8B, 49, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoReleaseMarshalData 769A8B98 3 Bytes [ 90, 90, 90 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoReleaseMarshalData + 4 769A8B9C 28 Bytes [ FF, 55, 8B, EC, 51, 56, 8B, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoReleaseMarshalData + 21 769A8BB9 45 Bytes [ 8B, 46, 14, 85, C0, 0F, 85, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoReleaseMarshalData + 4F 769A8BE7 24 Bytes [ 77, 0C, 85, F6, 74, 16, 8B, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoReleaseMarshalData + 68 769A8C00 29 Bytes [ 36, EB, E6, 39, 77, 0C, 74, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CreateStreamOnHGlobal + 46 769A9790 79 Bytes CALL 769EA728 C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CreateStreamOnHGlobal + 96 769A97E0 4 Bytes [ 00, 83, 7D, DC ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CreateStreamOnHGlobal + 9B 769A97E5 1 Byte [ 0F ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CreateStreamOnHGlobal + 9D 769A97E7 100 Bytes [ 27, B8, 06, 00, 85, DB, 0F, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CreateStreamOnHGlobal + 102 769A984C 112 Bytes [ BE, 08, 60, AB, 76, 56, 8D, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!StgOpenStorage + D 769AAE66 8 Bytes [ D7, 85, C0, 56, 0F, 8F, EA, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!StgOpenStorage + 16 769AAE6F 19 Bytes [ FF, FF, D7, EB, A2, B8, 50, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!StgOpenStorage + 2A 769AAE83 4 Bytes [ 90, 90, 90, 90 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!StgOpenStorage + 2F 769AAE88 64 Bytes [ FF, 55, 8B, EC, 83, EC, 40, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!StgOpenStorage + 70 769AAEC9 63 Bytes [ 53, FF, 15, CC, 12, 99, 76, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!StgCreateDocfile + 34 769B3A76 83 Bytes [ 4D, FC, 0F, 85, B9, D5, 01, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!StgCreateDocfile + 88 769B3ACA 87 Bytes CALL 769DCF12 C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!StgCreateDocfile + E1 769B3B23 136 Bytes [ 01, 00, 00, 00, 8B, C7, 5F, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!StgCreateDocfile + 16A 769B3BAC 124 Bytes [ 00, 00, 8B, 87, 98, 00, 00, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!StgCreateDocfile + 1E7 769B3C29 15 Bytes [ B6, 9C, 00, 00, 00, 8B, 46, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!WriteClassStg + 1A 769B3CFC 33 Bytes [ 00, 8B, CE, 0F, 85, 7F, 6D, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!ReadClassStg + 13 769B3D1F 21 Bytes CALL 769DD767 C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!ReadClassStg + 29 769B3D35 4 Bytes [ 85, E4, 74, 02 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!ReadClassStg + 2E 769B3D3A 12 Bytes [ 39, 5E, 2C, 0F, 84, 92, CE, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!ReadClassStg + 3B 769B3D47 113 Bytes [ 00, 00, 8B, 80, 80, 0F, 00, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!ReadClassStg + AD 769B3DB9 18 Bytes [ 8B, FF, 55, 8B, EC, 53, 8B, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!StgCreateStorageEx + 5 769B4E9C 35 Bytes [ 8D, 45, 0C, 50, FF, 15, DC, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!StgCreateStorageEx + 29 769B4EC0 1 Byte [ 55 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!StgCreateStorageEx + 2B 769B4EC2 64 Bytes [ EC, 8B, 4D, 14, 8B, 45, 18, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!StgCreateStorageEx + 6C 769B4F03 3 Bytes [ 84, 1F, 5C ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!StgCreateStorageEx + 71 769B4F08 3 Bytes [ 83, F8, 20 ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CreateErrorInfo + 21 769B53BA 48 Bytes [ 78, 40, 8B, F8, 85, FF, 0F, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CreateErrorInfo + 52 769B53EB 102 Bytes CALL 769DBB58 C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CreateErrorInfo + B9 769B5452 62 Bytes [ FF, 86, 70, 02, 00, 00, 8B, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CreateErrorInfo + F8 769B5491 7 Bytes [ 8B, 45, 08, 89, 08, EB, EF ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CreateErrorInfo + 104 769B549D 68 Bytes [ 8B, FF, 55, 8B, EC, 53, 56, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoWaitForMultipleHandles + E 769B5706 69 Bytes [ EC, 81, 7D, 0C, 12, 10, 00, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoWaitForMultipleHandles + 55 769B574D 41 Bytes [ 45, 14, 89, 30, 8B, C7, 5F, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoWaitForMultipleHandles + 80 769B5778 50 Bytes [ 00, C0, FF, 75, 08, 8B, F1, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoWaitForMultipleHandles + B3 769B57AB 7 Bytes [ 00, 00, 8D, BE, 58, 02, 00 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoWaitForMultipleHandles + BB 769B57B3 66 Bytes [ BE, 3C, 1A, 99, 76, A5, A5, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!StgOpenStorageEx + 1D 769B6B0C 202 Bytes [ 00, 00, 00, 00, 66, 3D, 61, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!StgOpenStorageEx + E8 769B6BD7 56 Bytes [ 5D, FC, 0F, B6, 06, 33, C9, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!StgOpenStorageEx + 121 769B6C10 50 Bytes [ 66, 83, 22, 00, 6A, 1B, 58, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!StgOpenStorageEx + 155 769B6C44 3 Bytes [ 90, 90, 90 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!StgOpenStorageEx + 159 769B6C48 2 Bytes [ FF, 55 ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!StgOpenStorageOnHandle + 30 769B9C76 30 Bytes [ 5E, 5B, C9, C3, 90, 90, 90, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!StgOpenStorageOnHandle + 4F 769B9C95 151 Bytes [ FF, 75, 10, 8D, 4E, F8, FF, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!StgOpenStorageOnHandle + E7 769B9D2D 6 Bytes [ 90, 90, 90, FF, FF, FF ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!StgOpenStorageOnHandle + EE 769B9D34 35 Bytes [ 50, C7, A1, 76, 59, C7, A1, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!StgOpenStorageOnHandle + 112 769B9D58 116 Bytes [ 00, 89, 41, 0C, 89, 41, 10, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CreateItemMoniker + 8 769BA4DD 27 Bytes [ 46, 4C, F7, D0, A8, 01, 0F, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CreateItemMoniker + 24 769BA4F9 53 Bytes [ 00, 00, 00, 33, FF, 3B, C7, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CreateItemMoniker + 5A 769BA52F 28 Bytes [ 45, B0, 75, 33, 8B, 45, C4, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CreateItemMoniker + 77 769BA54C 68 Bytes [ 45, D4, 89, 43, 34, 8B, 45, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CreateItemMoniker + BD 769BA592 3 Bytes [ 90, 90, 90 ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CreateGenericComposite + D 769BACC0 11 Bytes [ 56, 57, 56, FF, 15, 28, 12, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CreateGenericComposite + 19 769BACCC 90 Bytes [ 45, F8, 0F, 84, BF, 2A, 06, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CreateGenericComposite + 74 769BAD27 12 Bytes [ 0F, 85, CF, 2A, 06, 00, FF, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CreateGenericComposite + 81 769BAD34 41 Bytes [ 75, 18, 50, 6A, 03, FF, 75, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CreateGenericComposite + AB 769BAD5E 56 Bytes [ 15, 1C, 12, 99, 76, 8B, C6, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoLockObjectExternal + 26 769BB8BF 22 Bytes [ 56, FF, 35, 2C, 51, AB, 76, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoLockObjectExternal + 3D 769BB8D6 60 Bytes [ 80, 68, B0, 6C, 99, 76, FF, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoLockObjectExternal + 7A 769BB913 248 Bytes [ 15, 00, 16, 99, 76, 89, BB, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoLockObjectExternal + 173 769BBA0C 140 Bytes [ 48, 12, 66, 89, 0D, E4, A6, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoLockObjectExternal + 200 769BBA99 32 Bytes [ A3, FC, 5A, AB, 76, E9, 29, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CreateFileMoniker + 8 769BBB5B 84 Bytes [ C2, 99, 76, 74, 06, 8B, 08, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CreateFileMoniker + 5D 769BBBB0 4 Bytes [ 84, 3E, 98, 00 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CreateFileMoniker + 62 769BBBB5 134 Bytes [ 8B, 75, 0C, 6A, 04, 59, BF, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CreateFileMoniker + EE 769BBC41 14 Bytes [ 00, 8B, F0, 85, F6, 74, 19, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CreateFileMoniker + 218 769BBD6B 27 Bytes [ C0, 0F, 84, B1, 79, 03, 00, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoGetCurrentProcess + B 769BC3B4 5 Bytes [ 0A, 01, 18, 00, 48 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoGetCurrentProcess + 11 769BC3BA 11 Bytes [ 48, 00, 1C, 00, 08, 00, 0B, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoGetCurrentProcess + 1D 769BC3C6 5 Bytes [ 12, 41, 24, 00, 54 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoGetCurrentProcess + 23 769BC3CC 5 Bytes [ 50, 21, 28, 00, 10 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoGetCurrentProcess + 29 769BC3D2 30 Bytes [ 70, 00, 2C, 00, 08, 00, 00, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoGetStandardMarshal + 17 769BC3F3 28 Bytes [ 00, 08, 00, 04, 00, 02, 00, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoGetStandardMarshal + 34 769BC410 5 Bytes [ 10, 00, 70, 00, 18 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoGetStandardMarshal + 3A 769BC416 1 Byte [ 08 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoGetStandardMarshal + 3C 769BC418 23 Bytes [ 00, 68, 00, 00, 00, 00, 02, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoGetStandardMarshal + 54 769BC430 3 Bytes [ 01, 00, 00 ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoDisconnectObject + 6 769BDD6F 19 Bytes [ 20, 8B, F0, 81, FE, E3, 01, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoDisconnectObject + 1A 769BDD83 17 Bytes [ C0, 0F, 84, F4, 45, 02, 00, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoDisconnectObject + 2C 769BDD95 38 Bytes [ 53, 50, FF, 51, 50, 8B, F0, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoDisconnectObject + 53 769BDDBC 17 Bytes CALL 01A0254A .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoDisconnectObject + 65 769BDDCE 50 Bytes [ 8B, 45, 08, 85, C0, 74, 06, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!StgSetTimes + 4 769BFB28 5 Bytes [ 38, 03, BE, D0, 00 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!StgSetTimes + B 769BFB2F 33 Bytes [ 8B, 45, FC, 8B, 58, 08, E8, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!StgSetTimes + 2D 769BFB51 19 Bytes [ FF, 8B, F8, 85, FF, 0F, 84, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!StgSetTimes + 41 769BFB65 22 Bytes [ FF, 8B, D8, 33, C9, 3B, D9, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!StgSetTimes + 58 769BFB7C 23 Bytes [ 00, 8B, 57, 08, 74, 14, 64, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!WriteFmtUserTypeStg + 30 769C20AB 13 Bytes [ 39, 5E, 6C, 0F, 84, ED, 8B, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!WriteFmtUserTypeStg + 3E 769C20B9 19 Bytes [ 00, 8B, 80, 80, 0F, 00, 00, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!WriteFmtUserTypeStg + 52 769C20CD 32 Bytes [ 3B, C3, 89, 85, 58, FF, FF, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!WriteFmtUserTypeStg + 73 769C20EE 124 Bytes [ FF, FF, 0F, 8C, 11, EE, 05, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!WriteFmtUserTypeStg + F0 769C216B 77 Bytes [ 4E, 6C, 6A, 08, FF, 75, 08, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!WriteStringStream + 31 769C234C 1 Byte [ 55 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!WriteStringStream + 33 769C234E 85 Bytes [ EC, C7, 81, 98, 00, 00, 00, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!WriteStringStream + 89 769C23A4 24 Bytes [ 5D, 90, 90, 90, 90, 90, 8B, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!WriteStringStream + A2 769C23BD 1 Byte [ 75 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!WriteStringStream + A4 769C23BF 192 Bytes [ F6, 86, B8, 00, 00, 00, 01, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleIsRunning 769C40E7 3 Bytes [ 90, 90, 90 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleIsRunning + 4 769C40EB 2 Bytes [ FF, 55 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleIsRunning + 7 769C40EE 10 Bytes [ EC, 57, 8B, 7D, 08, 8B, 07, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleIsRunning + 12 769C40F9 4 Bytes [ 86, 54, 6D, 05 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleIsRunning + 17 769C40FE 70 Bytes [ 33, C0, 5F, 5D, C2, 04, 00, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!MonikerRelativePathTo + 6B 769C45C5 168 Bytes [ C0, 0F, 84, 64, 9E, 04, 00, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!MonikerRelativePathTo + 114 769C466E 73 Bytes [ C6, 5E, C3, FF, 70, 1C, 8B, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!MonikerRelativePathTo + 15E 769C46B8 42 Bytes [ EC, 56, 8B, 75, 08, 66, 83, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!MonikerRelativePathTo + 189 769C46E3 94 Bytes [ F8, 0F, 84, DD, C3, 04, 00, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!MonikerRelativePathTo + 1E8 769C4742 53 Bytes [ C0, 75, 76, 3B, 7D, 08, 76, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleRegGetMiscStatus + 37 769C4E6A 78 Bytes [ 89, 06, F7, D8, 1B, C0, 25, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleRegGetMiscStatus + 86 769C4EB9 6 Bytes [ 8B, 06, 56, FF, 50, 04 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleRegGetMiscStatus + 8D 769C4EC0 20 Bytes [ C6, 5E, 5D, C2, 08, 00, 33, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleRegGetMiscStatus + A2 769C4ED5 13 Bytes [ 55, 8B, EC, 56, 57, 8B, 7D, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleRegGetMiscStatus + B1 769C4EE4 40 Bytes [ 06, 98, C2, 99, 76, 89, 7E, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!HENHMETAFILE_UserSize + 15 769C5178 69 Bytes [ 08, 57, 8D, 46, 5C, 50, 8D, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!HENHMETAFILE_UserMarshal + 15 769C51BE 32 Bytes CALL 769C7FA8 C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!HENHMETAFILE_UserMarshal + 36 769C51DF 83 Bytes [ F8, 3B, FB, 0F, 8C, 21, 94, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!HENHMETAFILE_UserMarshal + 8A 769C5233 43 Bytes [ 45, FC, 8B, 08, 56, 50, FF, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!HENHMETAFILE_UserMarshal + B6 769C525F 168 Bytes [ 40, 04, FF, 75, 0C, 8B, 08, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!HENHMETAFILE_UserMarshal + 15F 769C5308 1 Byte [ FD ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleGetAutoConvert + 34 769C5BA8 39 Bytes [ 85, C0, 0F, 84, B2, 8D, 04, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleGetAutoConvert + 5C 769C5BD0 71 Bytes [ 3B, F3, 7C, 62, 8B, 07, 8D, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleGetAutoConvert + A4 769C5C18 5 Bytes [ 8B, F0, 8B, 45, F8 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleGetAutoConvert + AA 769C5C1E 23 Bytes [ 08, 50, FF, 51, 08, 3B, F3, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleGetAutoConvert + C2 769C5C36 1 Byte [ 5F ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CreateDataAdviseHolder + 2A 769C5EEE 1 Byte [ 69 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CreateDataAdviseHolder + 2C 769C5EF0 13 Bytes [ 73, 00, 63, 00, 53, 00, 74, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CreateDataAdviseHolder + 3A 769C5EFE 43 Bytes [ 73, 00, 00, 00, 00, 00, 90, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CreateDataAdviseHolder + 66 769C5F2A 61 Bytes [ 6A, 04, 6A, 00, 6A, 00, FF, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CreateDataAdviseHolder + A4 769C5F68 74 Bytes CALL A8206E7D .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoGetInstanceFromFile + 3D 769C615E 6 Bytes [ 90, 90, 90, 90, 90, 8B ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoGetInstanceFromFile + 44 769C6165 13 Bytes [ 55, 8B, EC, 8B, 45, 10, 85, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoGetInstanceFromFile + 52 769C6173 1 Byte [ 8B ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoGetInstanceFromFile + 54 769C6175 63 Bytes [ 56, 8B, 75, 0C, 83, C6, 03, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoGetInstanceFromFile + 94 769C61B5 51 Bytes [ 0F, 84, D7, 46, 05, 00, 8B, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleCreateLinkFromData + 7 769C63D9 143 Bytes [ 0F, 84, 3B, 97, 04, 00, 57, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleCreateLinkFromDataEx + 4C 769C6469 27 Bytes [ 85, F6, 74, 0E, 56, E8, 3A, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleCreateLinkFromDataEx + 6A 769C6487 4 Bytes [ 85, F9, 96, 04 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleCreateLinkFromDataEx + 6F 769C648C 31 Bytes [ 85, F6, 89, 73, 48, 74, 10, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleCreateLinkFromDataEx + 8F 769C64AC 24 Bytes [ 8B, 03, 8D, 7B, 58, 89, 7D, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleCreateLinkFromDataEx + A8 769C64C5 32 Bytes [ C7, 96, 04, 00, 8B, 75, FC, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!ReadFmtUserTypeStg + 75 769C7C2D 10 Bytes [ 75, 18, 89, 06, 8B, 45, 08, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!ReadFmtUserTypeStg + 80 769C7C38 176 Bytes [ C0, 57, 0F, 85, F7, 70, 04, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!ReadFmtUserTypeStg + 131 769C7CE9 158 Bytes [ 50, 8D, 71, 48, 56, 68, C4, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!ReadFmtUserTypeStg + 1D0 769C7D88 94 Bytes [ F8, 3B, FE, 75, 0B, FF, 75, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!ReadFmtUserTypeStg + 22F 769C7DE7 7 Bytes [ 08, 53, 57, 50, FF, 51, 0C ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoIsHandlerConnected + 14 769C885C 30 Bytes [ FF, 55, 8B, EC, 8B, 45, 08, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoIsHandlerConnected + 33 769C887B 157 Bytes [ F3, 33, C0, F3, A7, 0F, 84, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoIsHandlerConnected + D3 769C891B 74 Bytes [ 90, 90, 8B, FF, 55, 8B, EC, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoIsHandlerConnected + 11E 769C8966 195 Bytes [ 5D, 0C, 83, 26, 00, 85, DB, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CreateOleAdviseHolder + 70 769C8A2A 13 Bytes [ 28, 00, 00, 00, 85, C0, 75, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CreateOleAdviseHolder + 7E 769C8A38 118 Bytes [ 5F, 5E, 8B, C3, 5B, 5D, C2, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CreateOleAdviseHolder + F5 769C8AAF 12 Bytes [ 56, 8B, F1, 6A, 01, 8D, 4E, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CreateOleAdviseHolder + 102 769C8ABC 57 Bytes [ 83, 26, 00, 8B, C6, 5E, C3, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CreateOleAdviseHolder + 13C 769C8AF6 98 Bytes [ 51, 50, 89, 45, E0, A5, E8, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleLoadFromStream + 9B 769C8CFD 4 Bytes [ 55, 8B, EC, FF ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleLoadFromStream + A0 769C8D02 17 Bytes CALL 769A4BAC C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleLoadFromStream + B2 769C8D14 232 Bytes [ 39, 00, 00, 00, 85, C0, 74, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!ReadClassStm + C6 769C8DFD 25 Bytes [ 55, 8B, EC, 56, 8B, 75, 0C, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!ReadClassStm + E0 769C8E17 51 Bytes [ 45, 10, 53, 8B, 18, 57, 8B, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!ReadClassStm + 116 769C8E4D 1 Byte [ 10 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!ReadClassStm + 122 769C8E59 21 Bytes [ 53, 56, 8B, 75, 08, 57, 56, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!ReadClassStm + 138 769C8E6F 87 Bytes [ 2C, C7, 03, B8, DA, 99, 76, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleSave + 41 769CA1DF 155 Bytes [ 03, 80, 78, 1E, 83, 7D, 0C, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleSave + DD 769CA27B 6 Bytes CALL 769DDA4C C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleSave + E4 769CA282 22 Bytes [ F8, 3B, FB, 0F, 8C, F0, 00, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleSave + FC 769CA29A 4 Bytes [ 8B, 80, 80, 0F ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleSave + 101 769CA29F 59 Bytes [ 00, 8B, 00, 03, 46, 70, 8B, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!MkParseDisplayName + 61 769CAC22 156 Bytes [ 72, 3A, 04, 00, 89, 7E, 60, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!MkParseDisplayName + FE 769CACBF 8 Bytes [ 00, 00, 8B, 80, 80, 0F, 00, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!MkParseDisplayName + 107 769CACC8 51 Bytes [ 00, 03, 46, 1C, 50, 8B, CF, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!MkParseDisplayName + 13B 769CACFC 1 Byte [ 0A ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!MkParseDisplayName + 13F 769CAD00 18 Bytes [ 5E, 5D, C2, 04, 00, 90, 90, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoGetObject + 5C 769CAF0C 55 Bytes [ 7E, 6C, 74, 59, 64, A1, 18, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoGetObject + 94 769CAF44 7 Bytes [ 17, 05, 00, 8D, 8D, 64, FF ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoGetObject + 9C 769CAF4C 39 Bytes CALL 769DA9CB C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoGetObject + C4 769CAF74 72 Bytes [ FF, FF, 90, 90, 90, 90, 90, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoGetObject + 10D 769CAFBD 32 Bytes [ 00, 00, 8B, 80, 80, 0F, 00, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoResumeClassObjects + 26 769CDFAA 13 Bytes [ 75, FC, 89, 75, F8, 89, 75, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoResumeClassObjects + 34 769CDFB8 209 Bytes [ 39, 72, 4C, 0F, 85, 37, 54, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoResumeClassObjects + 106 769CE08A 126 Bytes [ 6A, 48, 68, D0, D0, 9C, 76, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoResumeClassObjects + 185 769CE109 77 Bytes [ C7, 52, 04, 00, 5E, C3, 90, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoResumeClassObjects + 1D3 769CE157 46 Bytes JMP 769CD929 C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!GetHGlobalFromILockBytes + 44 769CE72D 70 Bytes [ BE, 7F, 00, 07, 80, E9, 55, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!GetHGlobalFromILockBytes + 8B 769CE774 2 Bytes [ BB, 0E ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!GetHGlobalFromILockBytes + C1 769CE7AA 105 Bytes CALL 769A33A2 C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!GetHGlobalFromILockBytes + 12B 769CE814 90 Bytes [ 33, C0, 5D, C2, 08, 00, 8B, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!GetHGlobalFromILockBytes + 186 769CE86F 82 Bytes [ 51, 04, 33, C0, EB, EA, 90, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CreateILockBytesOnHGlobal + 37 769CEA98 21 Bytes [ 83, 66, 14, EF, EB, DF, 90, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CreateILockBytesOnHGlobal + 4D 769CEAAE 5 Bytes [ 00, 00, 5D, C2, 04 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CreateILockBytesOnHGlobal + 53 769CEAB4 32 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CreateILockBytesOnHGlobal + 74 769CEAD5 3 Bytes [ 00, 85, C0 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CreateILockBytesOnHGlobal + 78 769CEAD9 68 Bytes [ 45, FC, 75, 15, 8D, 4D, FC, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!StgCreateDocfileOnILockBytes 769CEB91 110 Bytes [ 90, 90, 90, 90, 8B, FF, 55, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!StgCreateDocfileOnILockBytes + 6F 769CEC00 2 Bytes [ 10, 00 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!StgCreateDocfileOnILockBytes + 74 769CEC05 78 Bytes [ D8, 5F, 5E, 8B, C3, 5B, 5D, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!StgCreateDocfileOnILockBytes + C3 769CEC54 31 Bytes [ 8B, 06, BE, C4, 5E, AB, 76, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!StgCreateDocfileOnILockBytes + E3 769CEC74 1 Byte [ CE ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoQueryClientBlanket + 92 769D127C 30 Bytes JMP 769D13F2 C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoQueryClientBlanket + B1 769D129B 178 Bytes [ 45, 20, 8B, F1, 33, C9, 89, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoQueryClientBlanket + 164 769D134E 85 Bytes [ 33, C9, 39, 4E, 2C, 0F, 85, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoQueryClientBlanket + 1BA 769D13A4 60 Bytes [ 8B, CE, 89, 5D, FC, E8, BA, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoQueryClientBlanket + 1F8 769D13E2 30 Bytes [ 8B, 00, 03, 46, 20, 8B, 55, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CreateClassMoniker + 1E 769D1E95 21 Bytes [ 8B, 00, 85, C0, 89, 86, 8C, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CreateClassMoniker + 34 769D1EAB 49 Bytes [ A8, F7, 04, 00, 5E, 5D, C2, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CreateClassMoniker + 66 769D1EDD 11 Bytes [ FD, FF, FF, 0F, B7, 45, F4, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CreateClassMoniker + 73 769D1EEA 39 Bytes [ 8D, 4D, FC, 51, 48, 50, FF, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CreateClassMoniker + 9B 769D1F12 9 Bytes [ 8B, C8, 85, C9, 0F, 8C, F4, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoGetInterfaceAndReleaseStream + 12 769D21B0 48 Bytes [ C7, 04, F3, A5, 8B, C8, 83, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoGetInterfaceAndReleaseStream + 43 769D21E1 4 Bytes [ 07, 80, EB, D8 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoGetInterfaceAndReleaseStream + 48 769D21E6 47 Bytes [ 90, 90, 90, 90, 8B, FF, 55, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoGetInterfaceAndReleaseStream + 78 769D2216 11 Bytes [ 10, FF, 75, 0C, FF, 75, 08, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoGetInterfaceAndReleaseStream + 84 769D2222 24 Bytes [ F0, 8B, 45, FC, 8B, 08, 50, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoMarshalInterThreadInterfaceInStream + 55 769D22E3 1 Byte [ 00 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoMarshalInterThreadInterfaceInStream + 57 769D22E5 11 Bytes [ 85, C0, 89, 45, FC, 0F, 8C, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoMarshalInterThreadInterfaceInStream + 63 769D22F1 72 Bytes [ 46, 10, 33, C9, 85, C0, 0F, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoMarshalInterThreadInterfaceInStream + AC 769D233A 11 Bytes [ FF, 8D, 4D, EC, 51, 8B, 4D, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoMarshalInterThreadInterfaceInStream + B8 769D2346 88 Bytes [ 89, 75, EC, 89, 7D, F0, E8, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoSuspendClassObjects + 29 769D3598 54 Bytes [ 45, 0C, 80, 48, 43, 01, 8B, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoSuspendClassObjects + 60 769D35CF 72 Bytes [ FF, 50, 57, FF, 35, 00, 50, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoSuspendClassObjects + A9 769D3618 43 Bytes [ A4, 00, 00, 85, C0, 0F, 84, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoSuspendClassObjects + D5 769D3644 12 Bytes [ 8B, 45, 08, 89, 7E, 6C, 5B, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoSuspendClassObjects + E2 769D3651 32 Bytes CALL 769A3049 C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoRevokeClassObject + A 769D4324 13 Bytes JMP 769E9182 C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoRevokeClassObject + 18 769D4332 35 Bytes [ C5, FF, FF, FF, 85, C0, 75, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoRevokeClassObject + 3C 769D4356 7 Bytes [ 89, 45, FC, E9, 2C, 5B, FD ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoRevokeClassObject + 44 769D435E 119 Bytes JMP 769A9E86 C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoRevokeClassObject + BC 769D43D6 5 Bytes [ 8B, CB, E8, C7, EF ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleSetClipboard + 37 769D473A 5 Bytes [ 00, 8B, 80, 80, 0F ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleSetClipboard + 3D 769D4740 61 Bytes [ 00, 8B, 00, 03, 01, 52, FF, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleSetClipboard + 7B 769D477E 69 Bytes [ 33, C0, 3B, C7, 0F, 85, C4, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleSetClipboard + C1 769D47C4 30 Bytes [ 85, C0, 0F, 8D, 7A, CD, 04, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleSetClipboard + E0 769D47E3 2 Bytes [ 00, 50 ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!ReleaseStgMedium + 6A 769D5861 135 Bytes CALL 769D6916 C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!ReleaseStgMedium + F2 769D58E9 16 Bytes CALL 769A69AE C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!ReleaseStgMedium + 103 769D58FA 62 Bytes [ F6, 7C, 21, 8B, 45, D4, 8B, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CLIPFORMAT_UserFree + 7 769D5939 118 Bytes [ 8B, 40, 04, 8B, 4D, 0C, 89, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CLIPFORMAT_UserFree + 7E 769D59B0 51 Bytes [ 8B, 7D, F8, 8B, 75, 0C, FF, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CLIPFORMAT_UserFree + B2 769D59E4 19 Bytes [ 89, 7E, 04, 5F, 5E, 5B, C9, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CLIPFORMAT_UserFree + C6 769D59F8 15 Bytes [ 33, C9, 66, 8B, 0A, 66, 2B, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CLIPFORMAT_UserFree + D6 769D5A08 3 Bytes [ 00, B8, 0E ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoCreateInstanceEx + 2 769D5FB3 45 Bytes [ 5E, 5F, 8B, C3, 5B, 5D, C2, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoCreateInstanceEx + 30 769D5FE1 3 Bytes [ 8B, 08, 50 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoCreateInstanceEx + 34 769D5FE5 48 Bytes [ 51, 08, 39, 5D, DC, 74, 46, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoCreateInstance + D 769D6016 229 Bytes [ C0, 75, 19, F6, 45, DC, 20, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoCreateInstance + F3 769D60FC 81 Bytes [ 75, 18, 85, F6, 0F, 85, 6E, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoCreateInstance + 145 769D614E 11 Bytes [ 45, 18, 57, 8B, 7D, 0C, 89, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoCreateInstance + 151 769D615A 164 Bytes [ 50, FF, 75, 10, B9, E8, 64, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoCreateInstance + 1F6 769D61FF 35 Bytes CALL 769D6236 C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoInitialize + 2 769D85D5 132 Bytes [ 90, 90, 90, 22, 00, 22, 00, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoInitialize + 87 769D865A 7 Bytes [ 10, 8B, F8, C1, E7, 02, 57 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoInitialize + 8F 769D8662 63 Bytes CALL 769A3870 C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoInitialize + CF 769D86A2 21 Bytes [ 4D, 20, 8B, 45, 0C, 33, D2, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoInitialize + E5 769D86B8 61 Bytes [ FF, 8B, 45, 0C, 89, 38, FF, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleInitialize + 3A 769D94D5 94 Bytes [ 33, C0, 8B, 4D, FC, 5F, 5E, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleInitialize + 99 769D9534 35 Bytes JMP 769DA358 C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleUninitialize + 1F 769D9558 110 Bytes [ 0D, 08, 59, AB, 76, 0F, 84, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleUninitialize + 8E 769D95C7 11 Bytes JMP 769A5D48 C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleUninitialize + 9A 769D95D3 27 Bytes [ 8B, FF, 55, 8B, EC, 6A, 02, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleUninitialize + B6 769D95EF 102 Bytes [ 33, C0, 39, 35, F0, 55, AB, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleUninitialize + 11E 769D9657 3 Bytes [ 17, 0D, 00 ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoFreeAllLibraries + 42 769DA443 70 Bytes [ FF, 55, 8B, EC, 51, 53, 57, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoFreeAllLibraries + 89 769DA48A 12 Bytes [ 4E, 18, 3B, 4D, 08, 75, DF, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoFreeAllLibraries + 99 769DA49A 22 Bytes [ 90, 8B, FF, 55, 8B, EC, 6A, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoFreeAllLibraries + B2 769DA4B3 121 Bytes [ 8B, FF, 55, 8B, EC, 51, 53, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoFreeAllLibraries + 12C 769DA52D 12 Bytes [ 45, 0C, 5B, C9, C2, 08, 00, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoFileTimeNow + 15 769DB637 42 Bytes [ 83, 7D, 0C, 00, 75, 0C, F7, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoFileTimeNow + 41 769DB663 10 Bytes [ 8B, 45, FC, 5F, 5E, 5B, C9, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoFileTimeNow + 4D 769DB66F 3 Bytes [ 90, 90, 90 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoFileTimeNow + 51 769DB673 2 Bytes [ FF, 55 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoFileTimeNow + 54 769DB676 92 Bytes [ EC, 33, C0, 39, 45, 08, 74, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleGetClipboard + 6C 769DCB4A 13 Bytes [ 00, 8B, 00, 03, 46, 2C, 3B, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleGetClipboard + 7B 769DCB59 3 Bytes [ 9F, 00, 00 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleGetClipboard + 7F 769DCB5D 3 Bytes [ 64, A1, 18 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleGetClipboard + 85 769DCB63 5 Bytes [ 8B, 80, 80, 0F, 00 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleGetClipboard + 8B 769DCB69 29 Bytes [ 8B, 08, 03, 4E, 2C, E8, DE, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleQueryLinkFromData + 6 769DD038 6 Bytes [ 50, 6A, 10, E8, C2, E6 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleQueryLinkFromData + D 769DD03F 7 Bytes [ FF, 85, C0, 74, 77, 83, 20 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleQueryLinkFromData + 15 769DD047 32 Bytes [ 83, 60, 04, 00, 89, 58, 08, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleQueryCreateFromData + 4 769DD068 24 Bytes [ 45, 10, 8D, 4D, 14, 89, 46, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleQueryCreateFromData + 1D 769DD081 34 Bytes [ A4, E4, FF, FF, 8B, 00, 85, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleQueryCreateFromData + 40 769DD0A4 14 Bytes [ 15, FC, 11, 99, 76, 89, 5E, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleQueryCreateFromData + 4F 769DD0B3 195 Bytes [ 33, C0, 5E, 5B, 5D, C2, 10, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleQueryCreateFromData + 113 769DD177 23 Bytes [ C7, 46, 60, 01, 00, 00, 00, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoFreeUnusedLibraries + F 769DD1EF 41 Bytes [ 00, 00, C7, 06, D8, 57, 99, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoFreeUnusedLibraries + 39 769DD219 2 Bytes [ 46, 34 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoFreeUnusedLibraries + 3C 769DD21C 66 Bytes [ 46, 3C, 89, 46, 40, 89, 46, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoFreeUnusedLibraries + 7F 769DD25F 73 Bytes [ 00, 8B, 80, 80, 0F, 00, 00, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoFreeUnusedLibraries + C9 769DD2A9 1 Byte [ 46 ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoFreeUnusedLibrariesEx + 2 769DD392 33 Bytes [ FF, 90, 90, 90, 90, 90, 33, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoFreeUnusedLibrariesEx + 24 769DD3B4 8 Bytes [ 00, C3, 8B, 4D, 0C, 81, F9, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoFreeUnusedLibrariesEx + 2E 769DD3BE 12 Bytes [ 00, 74, 09, 3B, 4D, F8, 0F, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoFreeUnusedLibrariesEx + 3B 769DD3CB 30 Bytes [ 4D, FC, 89, 4E, 04, E9, BE, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoFreeUnusedLibrariesEx + 5A 769DD3EA 41 Bytes JMP 769DC24C C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoGetTreatAsClass + 4 769DF8FA 65 Bytes [ C7, 5F, 5E, 5D, C2, 08, 00, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoGetTreatAsClass + 46 769DF93C 2 Bytes [ 55, 8B ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoGetTreatAsClass + 49 769DF93F 48 Bytes [ 53, 8B, 5D, 0C, 85, DB, 56, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoGetTreatAsClass + 7A 769DF970 130 Bytes [ C0, 7C, 0A, 8B, 45, 0C, 0D, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoGetTreatAsClass + FD 769DF9F3 26 Bytes [ 8B, 45, 0C, 8B, 08, 56, 68, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!ProgIDFromCLSID + F 769E09FD 13 Bytes JMP 769D8BA0 C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!ProgIDFromCLSID + 1D 769E0A0B 9 Bytes [ FF, 55, 8B, EC, 51, 51, 83, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!ProgIDFromCLSID + 27 769E0A15 40 Bytes [ 0F, 84, C8, 6D, 03, 00, 53, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!ProgIDFromCLSID + 50 769E0A3E 3 Bytes [ 8D, 45, 14 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!ProgIDFromCLSID + 55 769E0A43 4 Bytes [ D2, 09, 00, 00 ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!StringFromCLSID + 4 769E0F11 23 Bytes CALL C99E0F13 .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!StringFromCLSID + 1C 769E0F29 25 Bytes [ 00, 00, F6, 45, 08, 08, 57, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!StringFromCLSID + 36 769E0F43 85 Bytes [ 01, 0F, 84, 19, BE, FE, FF, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!GetHGlobalFromStream + 2 769E0F99 34 Bytes [ FF, 52, 50, FF, 51, 0C, 85, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!GetHGlobalFromStream + 25 769E0FBC 89 Bytes [ FF, B5, EC, FD, FF, FF, 8B, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoGetObjectContext + 11 769E1016 20 Bytes [ 33, 00, 32, 00, 2E, 00, 44, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoGetObjectContext + 26 769E102B 44 Bytes [ 55, 8B, EC, 83, EC, 4C, A1, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoGetObjectContext + 53 769E1058 2 Bytes [ E6, 3E ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoGetObjectContext + 58 769E105D 15 Bytes [ 5E, 14, 0F, 85, F4, 00, 00, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoGetObjectContext + 68 769E106D 115 Bytes [ 00, 00, 8D, 4D, C0, E8, 1E, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!DcomChannelSetHResult + 10 769E36CF 14 Bytes [ 00, 5A, A5, 9E, 76, 8A, 21, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!DcomChannelSetHResult + 1F 769E36DE 5 Bytes [ 00, 00, 00, 00, 00 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!DcomChannelSetHResult + 25 769E36E4 37 Bytes [ 00, 00, 00, 00, F0, 46, 9E, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!DcomChannelSetHResult + 4B 769E370A 46 Bytes [ 9E, 76, 00, 00, 00, 00, 5A, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!DcomChannelSetHResult + 7A 769E3739 42 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoGetMarshalSizeMax + 75 769E8AF0 19 Bytes [ F0, 46, 9E, 76, 5A, A5, 9E, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoGetMarshalSizeMax + 89 769E8B04 2 Bytes [ 00, 00 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoGetMarshalSizeMax + 8C 769E8B07 21 Bytes [ 00, F0, 46, 9E, 76, 5A, A5, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoGetMarshalSizeMax + A2 769E8B1D 26 Bytes [ 00, 00, 00, F0, 46, 9E, 76, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoGetMarshalSizeMax + BD 769E8B38 24 Bytes [ 2C, 1F, 00, 00, F0, 46, 9E, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoUnmarshalInterface + D 769E8BBC 32 Bytes [ 5A, A5, 9E, 76, 9A, 21, A2, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoUnmarshalInterface + 2E 769E8BDD 2 Bytes [ 00, 00 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoUnmarshalInterface + 31 769E8BE0 4 Bytes [ 00, 00, 00, 00 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoUnmarshalInterface + 36 769E8BE5 216 Bytes [ 00, 00, 00, F0, 46, 9E, 76, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoUnmarshalInterface + 10F 769E8CBE 14 Bytes [ 00, 00, F0, 46, 9E, 76, 5A, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CLIPFORMAT_UserSize + B 769EDA08 31 Bytes [ 0B, 00, 04, 00, DA, 10, 50, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CLIPFORMAT_UserSize + 2B 769EDA28 19 Bytes [ 44, 02, 08, 01, 00, 00, 00, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CLIPFORMAT_UserSize + 3F 769EDA3C 19 Bytes [ 08, 00, 33, 6C, 00, 00, 00, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CLIPFORMAT_UserSize + 54 769EDA51 12 Bytes [ 00, 00, 00, 00, 00, 13, 00, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CLIPFORMAT_UserSize + 61 769EDA5E 15 Bytes [ 08, 00, 08, 00, 33, 6C, 00, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CLIPFORMAT_UserMarshal + B 769EDA7E 2 Bytes [ 08, 00 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CLIPFORMAT_UserMarshal + E 769EDA81 73 Bytes [ 21, 08, 00, 08, 00, 70, 00, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CLIPFORMAT_UserMarshal + 58 769EDACB 71 Bytes [ 00, 16, 11, 70, 00, 08, 00, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!STGMEDIUM_UserMarshal + 2F 769EDB13 14 Bytes [ 00, 08, 00, 70, 00, 08, 00, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!STGMEDIUM_UserMarshal + 3E 769EDB22 26 Bytes [ 04, 00, 0C, 00, 00, 00, 24, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!STGMEDIUM_UserMarshal + 59 769EDB3D 26 Bytes [ 00, 08, 00, 33, 6C, 00, 00, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!STGMEDIUM_UserMarshal + 74 769EDB58 20 Bytes [ 0B, 00, 04, 00, 24, 11, 0A, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!STGMEDIUM_UserSize + 10 769EDB6D 19 Bytes [ 00, 00, 00, 06, 00, 0C, 00, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!STGMEDIUM_UserSize + 25 769EDB82 11 Bytes [ 13, 00, 04, 00, 3A, 11, 70, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!STGMEDIUM_UserSize + 31 769EDB8E 7 Bytes [ 33, 6C, 00, 00, 00, 00, 07 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!STGMEDIUM_UserSize + 39 769EDB96 38 Bytes [ 0C, 00, 00, 00, 08, 00, 46, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!STGMEDIUM_UserSize + 60 769EDBBD 8 Bytes [ 00, 08, 00, 45, 02, 08, 01, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!STGMEDIUM_UserFree + 17 769EDBE2 17 Bytes [ 08, 00, 46, 03, 08, 01, 00, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!STGMEDIUM_UserFree + 29 769EDBF4 7 Bytes [ 0B, 00, 08, 00, 5C, 11, 70 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!STGMEDIUM_UserFree + 31 769EDBFC 17 Bytes [ 0C, 00, 08, 00, 33, 6C, 00, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!STGMEDIUM_UserFree + 43 769EDC0E 49 Bytes [ 44, 01, 08, 01, 00, 00, 00, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!STGMEDIUM_UserFree + 75 769EDC40 29 Bytes [ 08, 00, 33, 6C, 00, 00, 00, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!STGMEDIUM_UserUnmarshal + 17 769EDC82 4 Bytes [ 08, 00, 33, 6C ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!STGMEDIUM_UserUnmarshal + 1C 769EDC87 24 Bytes [ 00, 00, 00, 06, 00, 1C, 00, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!STGMEDIUM_UserUnmarshal + 35 769EDCA0 62 Bytes [ 98, 11, 48, 00, 08, 00, 08, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!STGMEDIUM_UserUnmarshal + 74 769EDCDF 22 Bytes [ 00, 08, 00, C0, 11, 0A, 01, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!STGMEDIUM_UserUnmarshal + 8B 769EDCF6 10 Bytes [ 33, 6C, 00, 00, 00, 00, 08, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CLIPFORMAT_UserUnmarshal + 1A 769EDDB6 1 Byte [ 05 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CLIPFORMAT_UserUnmarshal + 1C 769EDDB8 3 Bytes [ 08, 00, 00 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CLIPFORMAT_UserUnmarshal + 20 769EDDBC 39 Bytes [ 08, 00, 44, 01, 08, 01, 00, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CLIPFORMAT_UserUnmarshal + 48 769EDDE4 23 Bytes [ 00, 00, 48, 00, 04, 00, 08, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CLIPFORMAT_UserUnmarshal + 60 769EDDFC 11 Bytes [ 08, 00, 08, 00, 44, 02, 08, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!HGLOBAL_UserMarshal + 11 769EE10A 21 Bytes [ 08, 00, 44, 01, 08, 01, 00, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!HGLOBAL_UserMarshal + 27 769EE120 129 Bytes [ 00, 00, 0E, 00, 0C, 00, 34, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!HGLOBAL_UserSize + 10 769EE1A2 2 Bytes [ 20, 00 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!HGLOBAL_UserSize + 13 769EE1A5 5 Bytes [ 13, 0B, 00, 24, 00 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!HGLOBAL_UserSize + 19 769EE1AB 9 Bytes [ 13, 70, 00, 28, 00, 08, 00, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!HGLOBAL_UserSize + 24 769EE1B6 2 Bytes [ 00, 00 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!HGLOBAL_UserSize + 27 769EE1B9 80 Bytes [ 00, 20, 00, 20, 00, 08, 00, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleSaveToStream + 34 769EE342 21 Bytes [ 08, 00, 70, 00, 14, 00, 08, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleSaveToStream + 4A 769EE358 63 Bytes [ 44, 01, 08, 01, 00, 00, 00, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!WriteClassStm + 17 769EE398 3 Bytes [ 70, 00, 18 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!WriteClassStm + 1B 769EE39C 12 Bytes [ 08, 00, 33, 6C, 00, 00, 00, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!WriteClassStm + 29 769EE3AA 34 Bytes [ 24, 00, 45, 04, 08, 03, 01, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!WriteClassStm + 4C 769EE3CD 16 Bytes [ 00, 33, 6C, 00, 00, 00, 00, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!WriteClassStm + 5D 769EE3DE 27 Bytes [ 08, 01, 00, 00, 00, 00, 00, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoGetClassObject + 17 769EF36D 5 Bytes [ B6, 41, FB, FF, C9 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoGetClassObject + 1D 769EF373 1 Byte [ 08 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoGetClassObject + 1F 769EF375 12 Bytes [ B8, 57, 00, 07, 80, EB, EB, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoGetClassObject + 2C 769EF382 285 Bytes [ FF, 55, 8B, EC, 56, 8B, 75, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoGetClassObject + 14F 769EF4A5 35 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoRegisterChannelHook + 34 769F065E 97 Bytes [ 55, 8B, EC, 83, EC, 1C, A1, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoRegisterChannelHook + 96 769F06C0 186 Bytes [ 00, 0F, 84, EB, 61, 02, 00, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoRegisterChannelHook + 151 769F077B 59 Bytes [ 02, 00, 00, 39, 38, 0F, 85, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoRegisterChannelHook + 18D 769F07B7 3 Bytes [ A0, 0C, FF ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoRegisterChannelHook + 191 769F07BB 105 Bytes [ 8B, D8, 3B, DF, 89, 5D, C4, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoInitializeSecurity + 5 769F08FD 98 Bytes [ 51, A1, 00, 7C, AB, 76, 57, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoInitializeSecurity + 68 769F0960 37 Bytes [ 7C, 04, 83, 4E, 08, 02, 8B, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoInitializeSecurity + 8E 769F0986 6 Bytes [ E4, 0F, 84, F6, 3A, 02 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoInitializeSecurity + 9D 769F0995 5 Bytes [ 85, 48, 0C, 74, 09 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoInitializeSecurity + A3 769F099B 63 Bytes JMP 769A7AB7 C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoRegisterClassObject + 2B 769F1C27 27 Bytes [ 45, 24, 04, 50, 0F, 85, D1, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoRegisterClassObject + 47 769F1C43 73 Bytes [ 35, 00, 50, AB, 76, FF, 15, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoRegisterClassObject + 91 769F1C8D 68 Bytes [ FF, AB, AB, AB, 89, 9D, E4, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoRegisterClassObject + D6 769F1CD2 8 Bytes [ FB, FF, FF, 0F, 85, F5, 4C, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoRegisterClassObject + DF 769F1CDB 1 Byte [ 33 ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CLSIDFromProgID + 1A 769F29F7 5 Bytes [ 00, 8D, BD, 96, FD ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CLSIDFromProgID + 20 769F29FD 31 Bytes [ FF, 66, 89, B5, 94, FD, FF, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CLSIDFromProgID + 40 769F2A1D 72 Bytes [ 74, 0A, 8B, 03, 3B, C6, 0F, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CLSIDFromProgID + 89 769F2A66 80 Bytes [ 74, 03, 4F, 75, E3, 85, FF, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CLSIDFromOle1Class + 13 769F2AB7 53 Bytes [ FF, 50, 68, 00, 00, 00, 80, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CLSIDFromOle1Class + 49 769F2AED 13 Bytes [ 83, 3E, 01, 0F, 84, 93, 00, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CLSIDFromOle1Class + 57 769F2AFB 87 Bytes [ FF, 0F, 85, DE, 14, 00, 00, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CLSIDFromOle1Class + AF 769F2B53 40 Bytes [ B9, D8, 56, AB, 76, E8, 5A, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CLSIDFromOle1Class + D9 769F2B7D 282 Bytes [ 39, BD, 84, FB, FF, FF, 0F, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleSetMenuDescriptor + 2 769F3FB5 47 Bytes [ FF, F3, A5, 8D, 85, 88, FB, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleSetMenuDescriptor + 32 769F3FE5 71 Bytes [ FF, 50, FF, B5, 7C, FB, FF, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CLSIDFromProgIDEx + 21 769F40B4 5 Bytes [ FF, 55, 8B, EC, 53 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CLSIDFromProgIDEx + 27 769F40BA 35 Bytes [ 57, FF, 75, 08, 8B, D9, 83, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CLSIDFromProgIDEx + 4B 769F40DE 62 Bytes [ 15, 04, 14, 99, 76, 40, 8D, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CLSIDFromProgIDEx + 8A 769F411D 12 Bytes [ F9, EB, 20, 8B, 4D, F4, EB, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CLSIDFromProgIDEx + 97 769F412A 24 Bytes [ 00, 00, EB, 56, C7, 46, 10, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoSetProxyBlanket + 1 769F4DA8 16 Bytes CALL 769A33A3 C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoSetProxyBlanket + 12 769F4DB9 4 Bytes [ FF, 55, 8B, EC ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoSetProxyBlanket + 17 769F4DBE 59 Bytes [ 83, 65, FC, 00, 56, 8B, F1, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoSetProxyBlanket + 53 769F4DFA 26 Bytes CALL 769A5E20 C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoSetProxyBlanket + 6E 769F4E15 60 Bytes [ 00, C7, 45, FC, 01, 00, 00, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoGetPSClsid + 12 769F502E 3 Bytes [ 90, 90, 70 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoGetPSClsid + 16 769F5032 85 Bytes [ 46, 00, 72, 00, 61, 00, 6D, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoGetPSClsid + 96 769F50B2 33 Bytes [ FF, 8B, D8, 85, DB, 0F, 8C, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoGetPSClsid + B8 769F50D4 50 Bytes [ FF, 55, 8B, EC, 57, 8B, 7D, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoGetPSClsid + EB 769F5107 172 Bytes [ 01, 00, 0F, B7, C6, 5E, 5F, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoIsOle1Class 769F54D2 23 Bytes [ 90, 90, 90, 90, 8B, FF, 55, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoIsOle1Class + 18 769F54EA 170 Bytes [ E3, FA, FF, 85, C0, 59, 74, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoIsOle1Class + C3 769F5595 93 Bytes [ 89, 01, 8B, 08, 50, FF, 51, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoIsOle1Class + 121 769F55F3 46 Bytes [ 46, 5C, 50, FF, 15, 30, 12, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoIsOle1Class + 150 769F5622 300 Bytes [ 55, 8B, EC, 83, EC, 60, A1, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoCopyProxy + 2 769F6CB0 5 Bytes [ 75, BC, 8B, C8, FF ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoCopyProxy + 8 769F6CB6 8 Bytes [ B8, FF, 75, 9C, E8, A8, AF, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoCopyProxy + 11 769F6CBF 17 Bytes [ 8B, D8, 33, F6, 3B, DE, 0F, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoCopyProxy + 23 769F6CD1 80 Bytes [ BA, 01, 00, 8D, 45, 18, 50, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoCopyProxy + 74 769F6D22 123 Bytes [ 75, 98, FF, 33, FF, 15, E0, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!GetErrorInfo + 29 769FBDFD 23 Bytes [ 00, A0, BC, 99, 76, 89, 48, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!GetErrorInfo + 41 769FBE15 102 Bytes JMP 769EEA29 C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!FreePropVariantArray + 23 769FBE7C 3 Bytes [ D7, 8B, F0 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!FreePropVariantArray + 27 769FBE80 68 Bytes [ F6, 74, 40, 6A, 0B, 59, 33, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!FreePropVariantArray + 6C 769FBEC5 108 Bytes [ F8, FF, 15, 34, 12, 99, 76, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!FreePropVariantArray + D9 769FBF32 27 Bytes [ 69, 00, 6E, 00, 73, 00, 74, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!FreePropVariantArray + F6 769FBF4F 48 Bytes [ 75, C8, 8D, 45, B4, 50, 8D, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoGetInterceptorFromTypeInfo + 48 769FCC7B 32 Bytes [ 42, 67, FA, FF, FF, 76, 3C, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoGetInterceptorFromTypeInfo + 69 769FCC9C 20 Bytes [ 53, 56, BB, 80, 56, AB, 76, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoGetInterceptorFromTypeInfo + 7E 769FCCB1 71 Bytes [ 35, 60, 62, AB, 76, 3B, F7, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoGetInterceptorFromTypeInfo + C6 769FCCF9 26 Bytes JMP 769A33A2 C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoGetInterceptorFromTypeInfo + E1 769FCD14 49 Bytes CALL 76A04775 C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoRevertToSelf + 7E 769FFF7C 69 Bytes [ FF, 89, 46, 28, 8D, 46, 38, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoRevertToSelf + C4 769FFFC2 55 Bytes [ 55, 08, 8B, 12, 85, D2, 7D, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoRevertToSelf + 111 76A0000F 51 Bytes [ 80, D8, 01, 00, 00, 83, E0, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoRevertToSelf + 145 76A00043 69 Bytes [ 8B, 45, 08, A3, F8, 7E, AB, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoRevertToSelf + 18B 76A00089 142 Bytes [ 75, 10, 33, FF, 89, 7D, FC, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoQueryProxyBlanket + 16 76A00290 43 Bytes [ 74, 13, 57, FF, 70, 0C, E8, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoQueryProxyBlanket + 42 76A002BC 11 Bytes [ 74, FA, FF, 85, C0, 89, 45, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoQueryProxyBlanket + 4E 76A002C8 47 Bytes [ FC, 50, 57, FF, 75, 08, 8B, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoQueryProxyBlanket + 7E 76A002F8 72 Bytes [ 8B, 4D, F8, 85, C9, 5F, 5E, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoQueryProxyBlanket + C7 76A00341 21 Bytes [ 75, FC, FF, 75, F4, FF, 75, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoImpersonateClient + 1B 76A00F1E 13 Bytes [ 51, 14, 8B, F0, 8B, 45, FC, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoImpersonateClient + 29 76A00F2C 7 Bytes [ C6, 5E, C9, C3, 8B, 45, FC ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoImpersonateClient + 31 76A00F34 67 Bytes [ 08, 56, 50, FF, 51, 10, 8B, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoCreateFreeThreadedMarshaler + 11 76A00F78 134 Bytes [ 72, 25, FA, FF, 85, C0, 0F, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoCreateFreeThreadedMarshaler + 98 76A00FFF 37 Bytes [ 5E, 18, 8B, 46, 40, 3B, C3, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoCreateFreeThreadedMarshaler + BE 76A01025 3 Bytes CALL 76A0105D C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoCreateFreeThreadedMarshaler + C2 76A01029 56 Bytes [ 00, 00, FF, 4F, 08, B9, F0, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoGetCallContext + 34 76A01062 31 Bytes [ EC, B9, F0, 5E, AB, 76, 5D, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoGetCallContext + 54 76A01082 42 Bytes CALL 769A33A2 C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!PropVariantClear 76A010AF 163 Bytes [ 90, 90, 8B, FF, 55, 8B, EC, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!IIDFromString + 6 76A01153 8 Bytes [ 53, 68, 68, 01, A0, 76, 68, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!IIDFromString + F 76A0115C 1 Byte [ 00 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!IIDFromString + 11 76A0115E 13 Bytes [ FF, D7, 89, 45, F8, E9, 2B, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!IIDFromString + 1F 76A0116C 19 Bytes [ 66, 00, 74, 00, 77, 00, 61, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!IIDFromString + 33 76A01180 104 Bytes [ 73, 00, 73, 00, 65, 00, 73, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!StringFromIID + 4 76A011E9 221 Bytes [ 3D, 04, 17, 99, 76, 83, 65, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!StringFromIID + E2 76A012C7 14 Bytes [ 45, 08, 8B, 08, 50, FF, 51, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!StringFromIID + F1 76A012D6 30 Bytes JMP 76A00E43 C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!StringFromIID + 110 76A012F5 49 Bytes [ 00, 00, FF, 35, 00, 50, AB, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!StringFromIID + 142 76A01327 21 Bytes CALL 028058B7 .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoGetComCatalog + 18 76A01FEB 185 Bytes CALL 769A3508 C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoGetComCatalog + D2 76A020A5 46 Bytes [ D0, 8B, D8, EB, C5, 90, 90, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoGetComCatalog + 101 76A020D4 113 Bytes [ 0F, B7, 07, 83, F8, 48, 56, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoGetComCatalog + 173 76A02146 81 Bytes [ EB, DC, 90, 90, 90, 90, 90, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoGetComCatalog + 1C6 76A02199 28 Bytes [ 8B, F8, 8B, C7, 5F, 5E, 5D, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoRegisterMessageFilter + 2 76A02DA2 25 Bytes [ 35, 14, 82, AB, 76, 56, FF, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoRegisterMessageFilter + 1C 76A02DBC 137 Bytes [ 15, 68, 12, 99, 76, A3, B8, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoRegisterMessageFilter + A8 76A02E48 106 Bytes [ 90, 90, 8B, FF, 55, 8B, EC, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoRegisterMessageFilter + 113 76A02EB3 42 Bytes [ FF, 90, 90, 90, 90, 90, 83, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoRegisterMessageFilter + 13E 76A02EDE 26 Bytes [ 6F, 00, 66, 00, 74, 00, 5C, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CLSIDFromString + 50 76A048F4 1 Byte [ 99 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CLSIDFromString + 52 76A048F6 10 Bytes [ 0F, 85, 3A, D7, 00, 00, 83, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CLSIDFromString + 5E 76A04902 149 Bytes [ 00, BB, 08, 56, 99, 76, 0F, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CLSIDFromString + F4 76A04998 42 Bytes [ 00, 00, 83, 60, 38, 00, 83, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CLSIDFromString + 11F 76A049C3 45 Bytes CALL 769A33C0 C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!HMETAFILEPICT_UserUnmarshal + 41 76A22C20 50 Bytes [ 0D, 00, 0C, 00, 44, 00, 08, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!HMETAFILEPICT_UserMarshal + 2E 76A22C53 10 Bytes [ 00, 00, 00, 12, 01, 04, 00, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!HMETAFILEPICT_UserMarshal + 39 76A22C5E 1 Byte [ 08 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!HMETAFILEPICT_UserMarshal + 3B 76A22C60 25 Bytes [ 08, 00, 33, 6C, 00, 00, 00, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!HMETAFILEPICT_UserMarshal + 55 76A22C7A 84 Bytes [ 0A, 01, 04, 00, C0, 02, 0A, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!HMETAFILEPICT_UserMarshal + AA 76A22CCF 1 Byte [ 6C ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!HMETAFILEPICT_UserSize + 96 76A22DB1 17 Bytes [ 00, 03, 00, 14, 00, 08, 00, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!HMETAFILEPICT_UserSize + A9 76A22DC4 8 Bytes [ 48, 00, 04, 00, 08, 00, 13, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!HMETAFILEPICT_UserSize + B2 76A22DCD 14 Bytes [ 00, D2, 0D, 50, 21, 0C, 00, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!HMETAFILEPICT_UserSize + C1 76A22DDC 11 Bytes [ 33, 6C, 00, 00, 00, 00, 04, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!HMETAFILEPICT_UserSize + CD 76A22DE8 19 Bytes [ 08, 00, 44, 02, 08, 01, 00, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!WriteOleStg + 1 76A24BAF 7 Bytes [ F8, 85, FF, 0F, 8C, A1, 00 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!WriteOleStg + 9 76A24BB7 169 Bytes [ 00, 83, 7D, 08, 04, 74, 0A, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!WriteOleStg + B3 76A24C61 5 Bytes [ 90, 90, 90, 90, 90 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!WriteOleStg + B9 76A24C67 31 Bytes [ FF, 55, 8B, EC, 56, 57, 8B, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!WriteOleStg + D9 76A24C87 139 Bytes [ FF, 55, 8B, EC, 51, 51, 53, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!ReadStringStream + 13 76A256B2 9 Bytes [ 1C, 01, 06, 8B, 43, 0C, 6A, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!ReadStringStream + 1D 76A256BC 106 Bytes [ 10, 50, 57, 8D, 45, 1C, 50, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!ReadStringStream + 88 76A25727 50 Bytes [ 3B, C7, 7C, 05, 8B, 4D, 10, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!ReadStringStream + BB 76A2575A 77 Bytes [ 00, 83, 65, 08, 00, 53, 8B, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!ReadStringStream + 109 76A257A8 27 Bytes [ 51, 20, 85, C0, 89, 45, 08, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!StgIsStorageFile + 6C 76A2592B 1 Byte [ 7D ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!StgIsStorageFile + 6E 76A2592D 47 Bytes [ 8B, 43, 18, 8B, 08, 8D, 14, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!StgIsStorageFile + 9E 76A2595D 49 Bytes [ FF, FF, 8B, 7D, FC, 85, FF, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleRegGetUserType + 16 76A2598F 7 Bytes [ 08, 00, 74, 08, FF, 75, 08 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleRegGetUserType + 1E 76A25997 2 Bytes [ B1, D6 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleRegGetUserType + 22 76A2599B 7 Bytes CALL 70889288 .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleRegGetUserType + 2A 76A259A3 111 Bytes [ 8B, C6, 5E, 5B, C9, C2, 10, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleRegGetUserType + 9B 76A25A14 27 Bytes CALL 769EEE18 C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!ReadOleStg + 34 76A26F2F 3 Bytes [ 00, EF, F9 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!ReadOleStg + 38 76A26F33 63 Bytes [ 8B, D8, 85, DB, 75, 2A, F6, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!ReadOleStg + 78 76A26F73 45 Bytes [ 07, 80, 5F, 5E, 5D, C2, 0C, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!ReadOleStg + A6 76A26FA1 77 Bytes [ 83, 65, 08, 00, 53, 57, 8D, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!ReadOleStg + F4 76A26FEF 48 Bytes [ 14, 8D, 4D, FC, 51, 8D, 8E, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleDoAutoConvert + 33 76A27185 135 Bytes [ 06, 8B, 08, 50, FF, 51, 08, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleDoAutoConvert + BB 76A2720D 97 Bytes [ 04, 80, 4B, 7C, 80, 83, 7D, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleDoAutoConvert + 11D 76A2726F 14 Bytes [ 75, 0C, 8B, C8, FF, 73, 58, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleDoAutoConvert + 12D 76A2727F 99 Bytes [ 3B, C6, 89, 83, 90, 00, 00, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleDoAutoConvert + 191 76A272E3 8 Bytes [ FF, 55, 8B, EC, 81, EC, 0C, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoBuildVersion + 49 76A27635 18 Bytes [ FF, EB, 1E, BF, 1D, 01, 01, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoBuildVersion + 5C 76A27648 6 Bytes [ B0, 1A, 99, 76, 74, 08 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoBuildVersion + 63 76A2764F 113 Bytes CALL 769A4993 C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoBuildVersion + D5 76A276C1 70 Bytes [ 5E, 5D, C2, 04, 00, 90, 90, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoBuildVersion + 11D 76A27709 243 Bytes [ 85, C0, 0F, 85, 90, 00, 00, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleRegEnumVerbs + 52 76A2796F 40 Bytes JMP 76A279F8 C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleRegEnumVerbs + 7B 76A27998 43 Bytes [ 5D, 10, F6, C3, 01, 74, 07, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleRegEnumVerbs + A7 76A279C4 45 Bytes [ 4D, 0C, 89, 5E, 30, 89, 4E, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleRegEnumVerbs + D5 76A279F2 28 Bytes [ 46, 34, 33, C0, 5B, 5F, 5E, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleRegEnumVerbs + F2 76A27A0F 4 Bytes [ C0, 74, 0B, 50 ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleLoad + C 76A27CA9 10 Bytes [ 55, 8B, EC, 56, 8B, 75, 08, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleLoad + 17 76A27CB4 85 Bytes [ D3, 5D, FB, FF, 85, C0, 75, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleLoad + 6D 76A27D0A 74 Bytes [ 51, 08, 83, 27, 00, 8B, 76, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleLoad + B8 76A27D55 63 Bytes [ 75, 0C, 83, 26, 00, E8, 4E, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleLoad + F8 76A27D95 146 Bytes [ BF, E2, 01, 04, 80, 8B, C7, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!IsAccelerator + 5B 76A282B6 95 Bytes [ 85, C0, 75, 05, 39, 47, 10, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!IsAccelerator + BB 76A28316 41 Bytes [ F6, 46, 4C, 08, 74, 1F, 8D, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!IsAccelerator + E5 76A28340 25 Bytes [ 56, 8B, 4E, 50, 6A, 01, E8, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!IsAccelerator + 100 76A2835B 51 Bytes [ 83, 7F, 34, 00, 75, 1B, 53, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!IsAccelerator + 144 76A2839F 109 Bytes [ 00, 8D, 4D, 8C, 89, 7D, 84, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleTranslateAccelerator + 64 76A28468 45 Bytes [ 75, 84, 8D, 45, E4, 50, 89, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleTranslateAccelerator + 92 76A28496 300 Bytes [ 3D, 02, 00, 03, 80, 75, 0C, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleTranslateAccelerator + 1BF 76A285C3 37 Bytes [ 75, EC, 33, D2, F3, A7, 5F, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleTranslateAccelerator + 1E8 76A285EC 14 Bytes [ B8, 38, 03, 17, 00, C3, 90, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleTranslateAccelerator + 1F7 76A285FB 1 Byte [ EC ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleCreateMenuDescriptor + 36 76A28748 164 Bytes [ A2, AD, F7, FF, 85, C0, 74, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleCreateMenuDescriptor + DB 76A287ED 5 Bytes [ 0E, 8B, 76, 74, 8D ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleCreateMenuDescriptor + E2 76A287F4 29 Bytes [ 8B, 08, 6A, 01, 50, FF, 51, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleCreateMenuDescriptor + 100 76A28812 12 Bytes [ 51, 10, 85, C0, 75, 15, 8D, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleCreateMenuDescriptor + 10D 76A2881F 25 Bytes [ 38, 00, 74, 0A, 8B, 00, 8B, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!HGLOBAL_UserUnmarshal + 31 76A28995 6 Bytes [ 75, 16, 8B, 85, F4, FD ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!HGLOBAL_UserUnmarshal + 38 76A2899C 6 Bytes [ FF, 89, 18, 8B, 03, 53 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!HGLOBAL_UserUnmarshal + 3F 76A289A3 10 Bytes [ 50, 04, 8B, 03, 53, FF, 50, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleDestroyMenuDescriptor + 2 76A289AE 3 Bytes [ B5, F4, FD ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleDestroyMenuDescriptor + 6 76A289B2 7 Bytes [ FF, 8B, 03, 53, FF, 50, 18 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleDestroyMenuDescriptor + 10 76A289BC 10 Bytes [ 0E, 8B, 85, F4, FD, FF, FF, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleDestroyMenuDescriptor + 1B 76A289C7 48 Bytes [ 50, FF, 51, 14, 53, 68, B0, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleDestroyMenuDescriptor + 4C 76A289F8 6 Bytes [ 6A, 8D, 85, EC, FD, FF ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleInitializeWOW + 21 76A291D3 55 Bytes [ 50, 10, 8B, F0, 85, F6, 7C, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleInitializeWOW + 59 76A2920B 1 Byte [ 50 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleInitializeWOW + 5B 76A2920D 13 Bytes [ 51, 2C, 8B, F0, 85, F6, 7D, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleInitializeWOW + 69 76A2921B 8 Bytes [ 8B, 07, 6A, 01, 57, FF, 50, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleInitializeWOW + 72 76A29224 53 Bytes CALL 769C3EF1 C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoInitializeWOW + 2 76A29347 75 Bytes [ 4D, 0C, 75, 85, EB, 11, 66, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoUnmarshalHresult + 1 76A29393 2 Bytes [ 75, 08 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoUnmarshalHresult + 4 76A29396 88 Bytes [ 46, 04, 33, DB, 3D, 00, 01, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoUnloadingWOW + 1B 76A293F0 1 Byte [ 08 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoUnloadingWOW + 1D 76A293F2 40 Bytes [ 8B, 45, 0C, 33, DB, 66, C7, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoUnloadingWOW + 46 76A2941B 1 Byte [ 00 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoUnloadingWOW + 48 76A2941D 2 Bytes [ 75, 0C ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoUnloadingWOW + 4B 76A29420 16 Bytes [ F6, 8B, 1D, BC, 12, 99, 76, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!SetConvertStg + 67 76A29D86 20 Bytes [ F6, 75, 18, FF, 75, A0, 8D, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!SetConvertStg + 7C 76A29D9B 20 Bytes [ 8B, F0, 85, F6, 74, 5A, 8B, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!SetConvertStg + C3 76A29DE2 13 Bytes [ 50, 08, 74, A3, B8, 65, 00, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!SetConvertStg + D1 76A29DF0 129 Bytes [ F6, 43, 50, 08, 74, 93, E9, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!SetConvertStg + 153 76A29E72 44 Bytes [ 4B, 30, 51, 50, 8B, CE, E8, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleIsCurrentClipboard + 1F 76A2A398 168 Bytes CALL 769A4BAB C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleIsCurrentClipboard + C9 76A2A442 6 Bytes [ EB, 49, 66, 83, 3E, 08 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleIsCurrentClipboard + D0 76A2A449 7 Bytes [ 43, 8B, 03, 6A, 05, 59, 8D ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleIsCurrentClipboard + D8 76A2A451 11 Bytes CALL C4304A49 .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleIsCurrentClipboard + E4 76A2A45D 14 Bytes [ 02, 00, C7, 45, F8, 10, 00, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleFlushClipboard + 46 76A2A56F 154 Bytes [ 8B, 46, 04, 85, C0, 53, 74, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleFlushClipboard + E1 76A2A60A 30 Bytes [ 0C, 8D, 4D, F4, 51, 89, 45, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleFlushClipboard + 100 76A2A629 11 Bytes [ 53, 8B, 5D, 08, 83, 3B, 00, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleFlushClipboard + 10C 76A2A635 36 Bytes [ 04, 80, EB, 71, 83, 45, 0C, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleFlushClipboard + 131 76A2A65A 199 Bytes [ 15, 64, 12, 99, 76, 8B, 75, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleCreateEx + 28 76A2B46B 153 Bytes CALL 76A2B6EE C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleCreateEx + C2 76A2B505 19 Bytes [ BE, D2, 01, 04, 80, 8B, C6, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleCreateEx + D6 76A2B519 16 Bytes [ FF, FF, FF, F5, A4, A2, 76, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleCreateEx + E7 76A2B52A 69 Bytes [ FF, 55, 8B, EC, 83, EC, 14, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleCreateEx + 12D 76A2B570 123 Bytes [ 21, 75, FC, F6, 43, 10, 04, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleCreate + 3B 76A2B5EC 44 Bytes [ 15, 28, 15, 99, 76, EB, 66, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleCreate + 6A 76A2B61B 12 Bytes [ FF, 15, 28, 15, 99, 76, 68, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleCreate + 77 76A2B628 63 Bytes [ EC, FF, 15, 44, 15, 99, 76, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleCreate + B7 76A2B668 47 Bytes [ 15, B4, 13, 99, 76, 85, C0, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleCreate + E7 76A2B698 39 Bytes [ 15, 60, 12, 99, 76, 0F, B7, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleCreateFromDataEx + 7 76A2BA8F 151 Bytes JMP 0248AD96 .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleCreateFromDataEx + 9F 76A2BB27 14 Bytes [ 3A, 56, 8D, 4D, 08, E8, D2, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleCreateFromDataEx + AE 76A2BB36 7 Bytes [ 07, 8B, CE, E8, F3, 97, F9 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleCreateFromDataEx + B6 76A2BB3E 16 Bytes [ 8D, 86, 90, 00, 00, 00, 83, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleCreateFromDataEx + C7 76A2BB4F 8 Bytes [ 51, 20, 8D, 46, 20, 8B, 08, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleCreateFromData + 4 76A2BB88 13 Bytes [ 76, 14, 7E, 12, 8B, 06, 85, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleCreateFromData + 12 76A2BB96 1 Byte [ 51 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleCreateFromData + 14 76A2BB98 15 Bytes [ 83, C6, 04, 4F, 75, EE, 8B, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleCreateFromData + 24 76A2BBA8 84 Bytes [ C0, 5E, 5D, C2, 04, 00, 90, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleCreateFromData + 79 76A2BBFD 87 Bytes [ 0F, 85, D9, 00, 00, 00, 8D, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CreateAntiMoniker + 3F 76A2C073 13 Bytes [ 00, 8D, 45, D0, 50, 8D, 45, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CreatePointerMoniker + 30 76A2C0AF 2 Bytes [ 0F, 85 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CreatePointerMoniker + 33 76A2C0B2 6 Bytes [ 00, 00, 00, 39, 5D, D4 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CreateObjrefMoniker + 62 76A2C141 20 Bytes [ 15, 64, 12, 99, 76, 3B, C3, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CreateObjrefMoniker + 77 76A2C156 54 Bytes [ F8, F3, A5, 8B, CA, 83, E1, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CreateObjrefMoniker + AE 76A2C18D 25 Bytes [ F3, A5, 8B, CA, 83, E1, 03, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CreateObjrefMoniker + C8 76A2C1A7 4 Bytes [ 15, 60, 12, 99 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CreateObjrefMoniker + CD 76A2C1AC 1 Byte [ 8B ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!BindMoniker 76A2C3E3 3 Bytes [ 90, 90, 90 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!BindMoniker + 4 76A2C3E7 95 Bytes [ FF, 55, 8B, EC, 8D, 45, 04, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!BindMoniker + 64 76A2C447 63 Bytes [ EC, 83, EC, 18, 53, 8B, 5D, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!BindMoniker + A5 76A2C488 7 Bytes [ 20, FF, 75, 1C, FF, 75, 18 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!BindMoniker + AD 76A2C490 67 Bytes [ 75, 14, FF, 75, 10, E8, 8D, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!MonikerCommonPrefixWith + 79 76A2D971 32 Bytes [ 40, C3, 90, 90, 90, 90, 90, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!MonikerCommonPrefixWith + 9A 76A2D992 86 Bytes [ FF, FF, 6F, C9, A2, 76, 78, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!MonikerCommonPrefixWith + F1 76A2D9E9 91 Bytes [ 85, C0, 0F, 8C, A0, 00, 00, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!MonikerCommonPrefixWith + 14D 76A2DA45 102 Bytes [ D6, 8D, 45, 98, 50, 57, FF, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!MonikerCommonPrefixWith + 1B4 76A2DAAC 30 Bytes [ 7E, CA, A2, 76, 87, CA, A2, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CreateStdProgressIndicator + 1 76A2E43A 14 Bytes [ EC, 83, EC, 0C, 8B, 45, 0C, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CreateStdProgressIndicator + 10 76A2E449 37 Bytes [ 57, 8D, 4D, F8, 51, 6A, 01, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CreateStdProgressIndicator + 36 76A2E46F 89 Bytes [ FF, FF, 8B, D8, 3B, DF, 75, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CreateStdProgressIndicator + 90 76A2E4C9 63 Bytes [ 51, 08, 5F, 5E, 8B, C3, 5B, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CreateStdProgressIndicator + D0 76A2E509 22 Bytes CALL 769A4BAA C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!GetClassFile + 1 76A2E520 23 Bytes [ 08, 53, 8D, 55, F8, 52, 33, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!GetClassFile + 19 76A2E538 7 Bytes [ 8B, 45, F8, 8B, 08, 57, 8D ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!GetClassFile + 21 76A2E540 42 Bytes [ 08, 52, 53, 50, FF, 51, 0C, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!GetClassFile + 4C 76A2E56B 123 Bytes [ 45, FC, 8B, 08, 57, 8D, 55, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!GetClassFile + C8 76A2E5E7 3 Bytes [ 8B, F8, 85 ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoGetCallerTID + C 76A31991 2 Bytes [ 5D, 16 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoGetCallerTID + 10 76A31995 6 Bytes [ C2, 08, 00, FF, FF, FF ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoGetCallerTID + 17 76A3199C 7 Bytes [ 76, 09, A3, 76, 7F, 09, A3 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoGetCallerTID + 1F 76A319A4 24 Bytes [ 90, 90, 90, 90, 90, 6A, 0C, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoGetCurrentLogicalThreadId + 1 76A319BD 282 Bytes [ 08, 6A, 00, 6A, 04, 8B, 55, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoGetClassVersion + E5 76A31AD8 66 Bytes [ 07, 80, 83, 4D, FC, FF, 8B, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoGetClassVersion + 128 76A31B1B 109 Bytes [ 06, 8D, 4D, E0, 51, 68, D4, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoGetClassVersion + 196 76A31B89 10 Bytes [ FF, FF, FF, 5F, 0B, A3, 76, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoGetClassVersion + 1A1 76A31B94 12 Bytes [ 90, 90, 90, 90, 90, 6A, 10, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoGetClassVersion + 1AE 76A31BA1 3 Bytes [ 0D, 14, F7 ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoTreatAsClass + 47 76A32031 3 Bytes [ FF, FF, FF ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoTreatAsClass + 4B 76A32035 7 Bytes [ 10, A3, 76, 10, 10, A3, 76 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoTreatAsClass + 56 76A32040 100 Bytes [ 90, 8B, FF, 55, 8B, EC, 56, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoTreatAsClass + BB 76A320A5 94 Bytes [ 90, 90, 90, 90, 90, 83, 6C, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoTreatAsClass + 11A 76A32104 15 Bytes [ 56, 8B, 75, 08, 57, 6A, 04, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!DllRegisterServer + 1E 76A322C3 249 Bytes [ 8B, FB, 8B, C1, C1, E9, 02, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoRegisterInitializeSpy + BC 76A323BD 1 Byte [ 8B ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoRegisterInitializeSpy + BE 76A323BF 62 Bytes [ CC, 8D, 65, 88, 8B, 4D, E4, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoRegisterInitializeSpy + FD 76A323FE 2 Bytes [ 75, E0 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoRegisterInitializeSpy + 100 76A32401 2 Bytes [ 5D, 18 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoRegisterInitializeSpy + 103 76A32404 27 Bytes [ 03, 8B, 4D, 14, 89, 01, C7, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoRevokeInitializeSpy + 2 76A3249B 149 Bytes [ FF, 7B, 14, A3, 76, 84, 14, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoGetState + 11 76A32531 16 Bytes CALL 769A2FF0 C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoGetState + 22 76A32542 57 Bytes [ FF, FF, 11, 15, A3, 76, 1A, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoQueryReleaseObject + 7 76A3257C 9 Bytes [ 45, 0C, 8B, 08, 8D, 55, B4, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoQueryReleaseObject + 11 76A32586 51 Bytes [ 51, 1C, 6A, 3A, 5A, 6A, 02, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoQueryReleaseObject + 45 76A325BA 155 Bytes [ 0D, 66, 3B, C2, 74, 08, 46, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoQueryReleaseObject + E1 76A32656 14 Bytes [ 06, 56, FF, 50, 08, 89, 7D, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoQueryReleaseObject + F0 76A32665 154 Bytes [ 07, 80, 8B, 03, 53, FF, 50, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoRegisterMallocSpy + 70 76A32700 60 Bytes [ B8, EC, 01, 04, 80, 5D, C2, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoRegisterMallocSpy + AD 76A3273D 2 Bytes [ FF, 55 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoRegisterMallocSpy + B0 76A32740 54 Bytes [ EC, 56, 8B, 75, 0C, 85, F6, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoRevokeMallocSpy + 17 76A32777 4 Bytes [ 55, 8B, EC, 57 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoRevokeMallocSpy + 1C 76A3277C 35 Bytes CALL 769A4BAA C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoRevokeMallocSpy + 40 76A327A0 29 Bytes [ E7, 56, 8B, 75, 14, 85, F6, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoRevokeMallocSpy + 5E 76A327BE 104 Bytes [ 75, 3A, 85, F6, 74, 0B, FF, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoRevokeMallocSpy + C7 76A32827 47 Bytes [ 75, 14, 56, 6A, EB, FF, 75, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!HkOleRegisterObject + 10 76A32F6D 36 Bytes [ 15, 90, 16, 99, 76, FF, B5, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!HkOleRegisterObject + 37 76A32F94 50 Bytes [ 50, FF, 15, 04, 14, 99, 76, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!HkOleRegisterObject + 6A 76A32FC7 14 Bytes [ FD, FF, FF, FF, 15, A0, 16, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!HkOleRegisterObject + 79 76A32FD6 75 Bytes [ 5F, 8B, 4D, FC, 5E, 5B, E8, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!HkOleRegisterObject + C5 76A33022 109 Bytes [ 75, 0C, FF, D6, 85, C0, 75, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!EnableHookObject + 35 76A33219 19 Bytes [ 15, 8C, 16, 99, 76, 3B, C6, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!EnableHookObject + 49 76A3322D 72 Bytes [ 56, 68, 06, 00, 02, 00, 56, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!EnableHookObject + 92 76A33276 59 Bytes [ 15, 8C, 16, 99, 76, FF, 75, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!EnableHookObject + CE 76A332B2 110 Bytes [ FF, 85, C0, 7C, 1F, E8, 98, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!EnableHookObject + 13D 76A33321 1 Byte [ 7D ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoGetStdMarshalEx + 65 76A33E7E 61 Bytes [ FF, 55, 8B, EC, FF, 75, 10, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoGetStdMarshalEx + A3 76A33EBC 58 Bytes [ 07, 80, EB, 31, 57, FF, 75, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoGetStdMarshalEx + DF 76A33EF8 85 Bytes [ 90, 90, 90, A1, AC, B5, AB, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoGetStdMarshalEx + 135 76A33F4E 9 Bytes [ E0, B8, 02, 40, 00, 80, 5D, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoGetStdMarshalEx + 13F 76A33F58 8 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoDeactivateObject + 5A 76A340F7 65 Bytes [ 0F, 85, C3, 00, 00, 00, 8D, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoReactivateObject + 9 76A34139 39 Bytes CALL C7A3413C .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoReactivateObject + 31 76A34161 33 Bytes [ 74, 5D, 56, 8B, 35, 14, 12, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoReactivateObject + 53 76A34183 135 Bytes [ D6, 68, 18, DE, 99, 76, FF, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoInvalidateRemoteMachineBindings + 2 76A3420B 5 Bytes [ FF, 00, 80, 5D, C2 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoInvalidateRemoteMachineBindings + 9 76A34212 56 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoRetireServer + 1E 76A3424B 9 Bytes [ 75, 16, 83, C6, 08, 3B, F0, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoGetProcessIdentifier + 4 76A34255 39 Bytes CALL 769A33A3 C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoGetContextToken + 1 76A3427D 40 Bytes [ 48, 0C, 83, C0, 20, 3B, C8, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoGetContextToken + 2A 76A342A6 55 Bytes [ 4D, FC, 6A, 01, 83, C1, 18, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoGetSystemSecurityPermissions + 2B 76A342DE 14 Bytes [ 50, AB, 76, FF, 15, EC, 55, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoGetSystemSecurityPermissions + 3A 76A342ED 77 Bytes [ 75, 0C, 89, 43, 0C, 50, FF, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoGetDefaultContext + 3A 76A3433B 77 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoGetDefaultContext + 89 76A3438A 33 Bytes [ 00, 53, 56, 89, 45, FC, 8B, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoGetDefaultContext + AB 76A343AC 27 Bytes [ FF, 50, FF, 15, F0, 15, 99, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoGetDefaultContext + C7 76A343C8 23 Bytes [ CB, 89, 85, EC, FD, FF, FF, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoGetDefaultContext + DF 76A343E0 45 Bytes CALL 769A4D4E C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoGetCancelObject + 7B 76A34945 79 Bytes [ FF, 55, 8B, EC, 68, B0, AA, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoCancelCall + 35 76A34995 49 Bytes [ FF, 55, 8B, EC, 56, 68, B4, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoTestCancel + 27 76A349C7 2 Bytes [ FF, 55 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoTestCancel + 2A 76A349CA 71 Bytes [ EC, 56, 68, B8, AA, AB, 76, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoEnableCallCancellation + 39 76A34A12 1 Byte [ 25 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoEnableCallCancellation + 3B 76A34A14 3 Bytes [ AA, AB, 76 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoEnableCallCancellation + 40 76A34A19 1 Byte [ 08 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoDisableCallCancellation + 5 76A34A25 80 Bytes [ 68, C4, AA, AB, 76, 68, 6C, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoDisableCallCancellation + 56 76A34A76 19 Bytes [ F0, 8B, C6, 5E, 5D, C2, 10, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoDisableCallCancellation + 6A 76A34A8A 3 Bytes [ EC, AA, AB ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoDisableCallCancellation + 6E 76A34A8E 6 Bytes [ 68, 98, DF, 99, 76, 33 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoDisableCallCancellation + 81 76A34AA1 6 Bytes [ FF, 75, 0C, FF, 75, 08 ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoSetCancelObject + 9 76A34E9A 34 Bytes [ 28, 8B, 07, 83, 65, 0C, 00, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoSetCancelObject + 2C 76A34EBD 37 Bytes [ D8, 8B, 45, 0C, EB, CA, BB, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoSetCancelObject + 52 76A34EE3 35 Bytes [ 45, 08, 83, C0, 08, 50, FF, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoSetCancelObject + 76 76A34F07 32 Bytes [ 40, 0C, FF, 75, 0C, 8B, 08, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoSetCancelObject + 97 76A34F28 74 Bytes [ 45, 08, 83, 78, 0C, 00, 74, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoQueryAuthenticationServices + 14 76A350F8 342 Bytes [ 45, 0C, 7C, 04, 89, 33, EB, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoQueryAuthenticationServices + 16D 76A35251 134 Bytes [ 8B, FF, 55, 8B, EC, 57, 8B, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoQueryAuthenticationServices + 1F4 76A352D8 36 Bytes [ 07, 80, 5D, C2, 08, 00, 90, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoQueryAuthenticationServices + 21C 76A35300 10 Bytes [ 90, 8B, FF, 55, 8B, EC, 53, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoQueryAuthenticationServices + 227 76A3530B 17 Bytes [ 23, 00, 56, 8B, 75, 08, 85, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoCreateObjectInContext + 29 76A39180 2 Bytes [ 20, A2 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoCreateObjectInContext + 2D 76A39184 136 Bytes [ 39, 7D, F0, 0F, 84, BB, 00, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoCreateObjectInContext + B6 76A3920D 64 Bytes [ 75, F8, FF, 76, 14, E8, DC, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoCreateObjectInContext + FE 76A39255 77 Bytes [ 45, F8, 8B, 08, 50, FF, 51, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoCreateObjectInContext + 16D 76A392C4 7 Bytes [ 8B, FF, 55, 8B, EC, 53, 56 ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoGetApartmentID + B1 76A3ACA2 113 Bytes [ 85, C0, 7C, 52, 8B, 75, 0C, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoGetApartmentID + 123 76A3AD14 38 Bytes [ 75, 08, F6, 46, 28, 01, BB, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoGetApartmentID + 163 76A3AD54 6 Bytes [ 90, 90, 90, 90, 90, 8B ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoGetApartmentID + 16A 76A3AD5B 9 Bytes [ 55, 8B, EC, 8B, 45, 08, 8B, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoGetApartmentID + 174 76A3AD65 45 Bytes [ FF, 75, 18, FF, 75, 14, FF, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoRegisterPSClsid + 52 76A3BC38 40 Bytes [ B8, F0, 01, 04, 80, EB, 05, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoRegisterPSClsid + 7B 76A3BC61 4 Bytes JMP 769DE8D8 C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoRegisterPSClsid + 80 76A3BC66 4 Bytes [ 90, 90, 90, 90 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoRegisterPSClsid + 85 76A3BC6B 26 Bytes [ 83, 6C, 24, 04, 0C, E9, 63, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoRegisterPSClsid + A3 76A3BC89 44 Bytes [ 83, 6C, 24, 04, 14, E9, 45, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoPushServiceDomain + 2C 76A3BCB6 140 Bytes [ 15, 0C, 12, 99, 76, 8B, F8, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoPopServiceDomain + 80 76A3BD45 6 Bytes [ 8D, 04, 40, C1, E0, 03 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoPopServiceDomain + 87 76A3BD4C 119 Bytes [ C0, 03, 83, E0, FC, BE, 0E, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoPopServiceDomain + FF 76A3BDC4 31 Bytes [ F0, 85, F6, 0F, 8C, 23, 01, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoPopServiceDomain + 12F 76A3BDF4 3 Bytes [ 83, 65, C8 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoPopServiceDomain + 133 76A3BDF8 123 Bytes [ 8D, 45, C8, 50, FF, 75, B0, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoRegisterSurrogateEx + 62 76A3D781 16 Bytes [ 76, 30, FF, D7, BB, 02, 01, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoRegisterSurrogateEx + 73 76A3D792 20 Bytes [ 85, C0, 74, 14, FF, 86, B4, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoRegisterSurrogateEx + 88 76A3D7A7 18 Bytes [ 17, 99, 76, B9, D8, 56, AB, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoRegisterSurrogateEx + 9B 76A3D7BA 31 Bytes [ 76, 30, FF, D7, 3B, C3, 74, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoRegisterSurrogateEx + BB 76A3D7DA 44 Bytes [ 83, 7E, 2C, 00, C7, 45, FC, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!UpdateDCOMSettings + E 76A3EAE2 115 Bytes [ 8B, FF, 55, 8B, EC, 8B, 45, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!UpdateDCOMSettings + 82 76A3EB56 8 Bytes [ 55, 8B, EC, 8B, 45, 08, 83, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!UpdateDCOMSettings + 8B 76A3EB5F 65 Bytes [ 00, 75, 0C, 8B, 4D, 0C, 8B, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!UpdateDCOMSettings + CD 76A3EBA1 47 Bytes [ 55, 8B, EC, 56, 8B, 75, 0C, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!UpdateDCOMSettings + FD 76A3EBD1 23 Bytes [ 70, 08, EB, 22, 8B, 75, 0C, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoGetInstanceFromIStorage + 17 76A45657 44 Bytes [ 5D, C2, 08, 00, 90, 90, 90, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoFreeLibrary 76A45685 3 Bytes [ 90, 90, 90 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoFreeLibrary + 4 76A45689 53 Bytes [ FF, 55, 8B, EC, FF, 75, 0C, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoFreeLibrary + 3A 76A456BF 40 Bytes [ 8B, 51, 04, 03, 11, 89, 50, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoFreeLibrary + 63 76A456E8 91 Bytes [ 8B, 45, 08, 89, 06, 5E, 74, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoInstall + 3A 76A45744 322 Bytes [ 75, 08, FF, 75, 0C, 8B, 46, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoInstall + 17D 76A45887 27 Bytes [ 43, 14, 85, C0, 89, 45, FC, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoInstall + 199 76A458A3 92 Bytes [ 47, 3B, 7D, FC, 72, F1, 5F, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoInstall + 1F6 76A45900 5 Bytes [ C3, 5B, 5D, C2, 0C ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoInstall + 1FC 76A45906 16 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoFileTimeToDosDateTime + 8 76A4A724 39 Bytes [ FF, 00, 8D, 85, 7C, FD, FF, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoFileTimeToDosDateTime + 30 76A4A74C 12 Bytes [ 50, FF, B6, CC, 00, 00, 00, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoFileTimeToDosDateTime + 3D 76A4A759 49 Bytes CALL 769D8295 C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoFileTimeToDosDateTime + 6F 76A4A78B 56 Bytes [ FF, 8D, 85, 90, FD, FF, FF, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoDosDateTimeToFileTime + 2C 76A4A7C4 55 Bytes CALL 769D82E4 C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoDosDateTimeToFileTime + 64 76A4A7FC 17 Bytes [ 33, DB, 81, FB, 0E, 00, 07, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoDosDateTimeToFileTime + 76 76A4A80E 24 Bytes [ 84, FD, FF, FF, 85, C0, 74, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoDosDateTimeToFileTime + 8F 76A4A827 42 Bytes [ FF, 89, 01, 8B, C3, 8B, 4D, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoDosDateTimeToFileTime + BA 76A4A852 15 Bytes [ 74, 00, 61, 00, 62, 00, 6C, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoGetInterceptor + 1 76A4F83D 2 Bytes [ 45, 08 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoGetInterceptor + 4 76A4F840 33 Bytes [ 08, 68, 44, 71, 99, 76, 50, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoGetInterceptor + 26 76A4F862 1 Byte [ 6C ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoGetInterceptor + 4C 76A4F888 9 Bytes [ FF, 90, 90, 90, 90, 90, 83, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CoGetInterceptor + 56 76A4F892 155 Bytes JMP 76A4BB8C C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!ComPs_CStdStubBuffer_QueryInterface 76A4FC09 99 Bytes [ 90, 90, 8B, FF, 55, 8B, EC, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!ComPs_CStdStubBuffer_IsIIDSupported + B 76A4FC6D 18 Bytes [ 00, 7D, 19, 8D, 45, FC, 50, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!ComPs_CStdStubBuffer_CountRefs + 1 76A4FC80 2 Bytes [ 45, FC ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!ComPs_CStdStubBuffer_CountRefs + 4 76A4FC83 3 Bytes [ 08, 89, 4F ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!ComPs_CStdStubBuffer_CountRefs + 8 76A4FC87 13 Bytes [ 89, 38, 8B, 3F, 3B, FB, 75, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!ComPs_CStdStubBuffer_DebugServerQueryInterface + 5 76A4FC9E 12 Bytes [ 51, 53, 56, 57, 8B, F1, FF, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!ComPs_CStdStubBuffer_DebugServerQueryInterface + 12 76A4FCAB 77 Bytes [ 8B, 4E, 08, 33, DB, 89, 1E, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!ComPs_CStdStubBuffer_Connect + C 76A4FCF9 20 Bytes [ 7F, 0C, 00, 7D, 19, 8D, 45, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!ComPs_CStdStubBuffer_Disconnect + 4 76A4FD0E 3 Bytes [ 45, FC, 8B ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!ComPs_CStdStubBuffer_Disconnect + 8 76A4FD12 16 Bytes [ 89, 4F, 08, 89, 38, 8B, 3F, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!ComPs_NdrStubForwardingFunction 76A4FD24 3 Bytes [ 90, 90, 90 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!ComPs_NdrStubForwardingFunction + 4 76A4FD28 27 Bytes [ FF, 55, 8B, EC, 56, 57, 8B, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!ComPs_NdrStubForwardingFunction + 20 76A4FD44 61 Bytes CALL 76A4FBE1 C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!ComPs_NdrStubForwardingFunction + 5E 76A4FD82 2 Bytes [ EC, 8B ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!ComPs_NdrStubForwardingFunction + 62 76A4FD86 36 Bytes [ 8B, 50, 20, 85, D2, 74, 7A, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!ComPs_IUnknown_Release_Proxy + 20 76A5002E 2 Bytes [ 75, 10 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!ComPs_IUnknown_Release_Proxy + 23 76A50031 1 Byte [ F8 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!ComPs_IUnknown_Release_Proxy + 25 76A50033 127 Bytes JMP 024AF33A .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!ComPs_IUnknown_Release_Proxy + A6 76A500B4 104 Bytes [ 8B, 73, 10, 89, 75, C4, 6A, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!ComPs_IUnknown_Release_Proxy + 11E 76A5012C 14 Bytes [ 51, 08, 83, 65, E4, 00, 8B, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!ComPs_NdrClientCall2_va + F 76A53CD4 99 Bytes [ FF, 90, 90, 90, 90, 90, B8, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!ComPs_NdrClientCall2_va + 73 76A53D38 44 Bytes JMP 76A5107C C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!ComPs_NdrClientCall2_va + A0 76A53D65 4 Bytes JMP 76A5107C C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!ComPs_NdrClientCall2_va + A6 76A53D6B 24 Bytes [ 90, 90, 90, 90, 90, B8, 01, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!ComPs_NdrClientCall2_va + BF 76A53D84 64 Bytes JMP 76A5107D C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!ComPs_NdrClientCall2 + 1B 76A54188 206 Bytes [ 90, 90, B8, 47, 03, 00, 00, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!ComPs_NdrClientCall2 + EA 76A54257 14 Bytes [ 90, 90, 90, 90, 90, B8, 55, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!ComPs_NdrClientCall2 + F9 76A54266 63 Bytes [ 90, 90, 90, 90, 90, B8, 56, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!ComPs_NdrClientCall2 + 13A 76A542A7 41 Bytes [ B8, 5A, 03, 00, 00, E9, CC, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!ComPs_NdrClientCall2 + 167 76A542D4 25 Bytes [ B8, 5D, 03, 00, 00, E9, 9F, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!ComPs_NdrDllGetClassObject 76A54891 10 Bytes [ 90, B8, BF, 03, 00, 00, E9, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!ComPs_NdrDllGetClassObject + B 76A5489C 135 Bytes [ 90, 90, 90, 90, 90, B8, C0, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!ComPs_NdrDllGetClassObject + 93 76A54924 87 Bytes [ 90, 90, 90, 90, B8, C9, 03, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!ComPs_NdrDllGetClassObject + EB 76A5497C 24 Bytes [ FF, 90, 90, 90, 90, 90, B8, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!ComPs_NdrDllGetClassObject + 104 76A54995 45 Bytes JMP 76A5107C C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!ComPs_NdrDllUnregisterProxy + 1 76A555D6 4 Bytes CALL 76A554ED C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!ComPs_NdrDllUnregisterProxy + 6 76A555DB 31 Bytes [ FF, F6, 45, 08, 01, 74, 06, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!ComPs_NdrDllUnregisterProxy + 26 76A555FB 57 Bytes CALL 76A553E2 C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!ComPs_NdrDllUnregisterProxy + 61 76A55636 54 Bytes [ 8B, FF, 55, 8B, EC, 8B, 45, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!ComPs_NdrStubCall2 + 34 76A5566D 41 Bytes [ 5D, 0C, 85, DB, 56, 57, 8B, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!ComPs_NdrStubCall2 + 5E 76A55697 19 Bytes [ 5B, 5D, C2, 0C, 00, 90, 90, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!ComPs_NdrStubCall2 + 72 76A556AB 27 Bytes CALL 76A55515 C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!ComPs_NdrStubCall2 + 8E 76A556C7 15 Bytes [ 51, 0C, 5E, 5D, C2, 08, 00, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!ComPs_NdrStubCall2 + 9E 76A556D7 61 Bytes [ EC, 56, 8B, 75, 08, 56, E8, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!HBITMAP_UserSize + 57 76A69008 137 Bytes [ A1, 04, 50, AB, 76, 89, 45, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!HBITMAP_UserMarshal + 61 76A69092 66 Bytes [ 32, 02, 00, 00, 8D, 85, 7C, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!HBITMAP_UserMarshal + A4 76A690D5 50 Bytes CALL 76A68FA2 C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!HBITMAP_UserMarshal + D7 76A69108 23 Bytes [ 85, 7C, FB, FF, FF, 89, 85, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!HBITMAP_UserMarshal + EF 76A69120 95 Bytes [ 7C, C4, 99, 76, BE, 30, C4, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!HBITMAP_UserMarshal + 14F 76A69180 49 Bytes CALL 2CA6081E .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!HBITMAP_UserUnmarshal + B 76A691CC 36 Bytes CALL 76A68DA1 C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!HBITMAP_UserUnmarshal + 30 76A691F1 5 Bytes [ 89, 85, 50, FB, FF ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!HBITMAP_UserUnmarshal + 36 76A691F7 2 Bytes [ 68, 68 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!HBITMAP_UserUnmarshal + 39 76A691FA 3 Bytes [ 99, 76, 50 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!HBITMAP_UserUnmarshal + 3D 76A691FE 21 Bytes [ D6, 8B, 85, 7C, FB, FF, FF, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!HBITMAP_UserFree + D 76A69214 30 Bytes [ 85, 7C, FB, FF, FF, 89, 85, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!HBITMAP_UserFree + 2C 76A69233 202 Bytes CALL 75F708D1 .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!HBITMAP_UserFree + F8 76A692FF 100 Bytes [ B5, 78, FB, FF, FF, FF, D6, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!HBITMAP_UserFree + 15D 76A69364 17 Bytes [ 00, FF, 73, 20, 57, E8, 33, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!HBITMAP_UserFree + 16F 76A69376 15 Bytes CALL 76A693DC C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!HMETAFILEPICT_UserFree + E 76A693D2 12 Bytes [ 35, A0, 16, 99, 76, 90, 90, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!HMETAFILEPICT_UserFree + 1B 76A693DF 2 Bytes [ FB, FF ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!HMETAFILEPICT_UserFree + 1E 76A693E2 33 Bytes [ 00, 74, 08, FF, B5, 74, FB, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!HMETAFILEPICT_UserFree + 40 76A69404 7 Bytes [ 00, 74, 08, FF, B5, 78, FB ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!HMETAFILEPICT_UserFree + 48 76A6940C 5 Bytes [ FF, FF, D6, C3, FF ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!HENHMETAFILE_UserUnmarshal + 14 76A69438 3 Bytes [ 76, 9B, F3 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!HENHMETAFILE_UserUnmarshal + 18 76A6943C 23 Bytes [ A1, 04, 50, AB, 76, 89, 45, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!HENHMETAFILE_UserUnmarshal + 30 76A69454 51 Bytes [ 89, 45, FC, 33, C9, 41, 89, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!HENHMETAFILE_UserFree + 1E 76A69488 6 Bytes [ 07, 80, E9, E7, 00, 00 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!HENHMETAFILE_UserFree + 25 76A6948F 13 Bytes [ 8D, 45, 94, 50, 53, E8, 48, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!HMETAFILE_UserSize + 9 76A6949D 67 Bytes [ 84, FD, FF, FF, 50, 33, F6, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!HMETAFILE_UserMarshal + 6 76A694E1 61 Bytes [ FF, 15, B0, 12, 99, 76, 85, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!HMETAFILE_UserMarshal + 44 76A6951F 76 Bytes [ B5, 84, FD, FF, FF, E8, 18, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!HMETAFILE_UserMarshal + 91 76A6956C 23 Bytes [ 85, 7C, FD, FF, FF, 8B, 00, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!HMETAFILE_UserUnmarshal + 1 76A69584 47 Bytes [ C6, EB, B0, 90, 90, 90, 90, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!HMETAFILE_UserUnmarshal + 31 76A695B4 78 Bytes [ FF, FF, 15, A0, 16, 99, 76, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!HMETAFILE_UserUnmarshal + 80 76A69603 116 Bytes [ FF, 89, 9D, 14, FD, FF, FF, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!HPALETTE_UserSize + F 76A69678 158 Bytes [ B5, 10, FD, FF, FF, 33, C0, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!HPALETTE_UserMarshal + 66 76A69717 19 Bytes JMP 76A69F21 C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!HPALETTE_UserMarshal + 7A 76A6972B 17 Bytes [ 8B, 40, 10, 2B, C3, 0F, 84, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!HPALETTE_UserMarshal + 8C 76A6973D 62 Bytes [ 48, 0F, 84, E1, 00, 00, 00, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!HPALETTE_UserMarshal + CB 76A6977C 33 Bytes [ FF, FF, 50, 53, 68, 3F, 00, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!HPALETTE_UserMarshal + ED 76A6979E 42 Bytes [ 8D, 85, 38, FD, FF, FF, 50, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!HPALETTE_UserUnmarshal + 11 76A698B8 25 Bytes [ FF, 15, A0, 16, 99, 76, 8B, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!HPALETTE_UserUnmarshal + 2C 76A698D3 60 Bytes [ 00, 00, 0D, 00, 00, 07, 80, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!SNB_UserSize + 24 76A69911 53 Bytes [ FF, B5, 14, FD, FF, FF, E8, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!SNB_UserMarshal + 11 76A69947 5 Bytes [ 85, 10, FD, FF, FF ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!SNB_UserMarshal + 17 76A6994D 8 Bytes [ 40, 1C, 89, 85, E4, FC, FF, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!SNB_UserMarshal + 20 76A69956 71 Bytes [ 85, 14, FD, FF, FF, 89, 85, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!SNB_UserMarshal + 68 76A6999E 53 Bytes [ B5, 14, FD, FF, FF, FF, 15, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!SNB_UserUnmarshal + 2 76A699D4 44 Bytes [ FF, 15, 8C, 16, 99, 76, 89, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!SNB_UserUnmarshal + 2F 76A69A01 4 Bytes [ 0C, FF, D7, 25 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!SNB_UserUnmarshal + 35 76A69A07 23 Bytes [ 00, 00, 0D, 00, 00, 07, 80, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!SNB_UserUnmarshal + 4D 76A69A1F 2 Bytes [ FF, FF ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!SNB_UserUnmarshal + 50 76A69A22 20 Bytes [ 15, A0, 16, 99, 76, 89, 9D, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!SNB_UserFree + D 76A69B41 64 Bytes [ 85, 18, FD, FF, FF, 89, 85, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!SNB_UserFree + 4E 76A69B82 55 Bytes [ FF, 15, 74, 16, 99, 76, 89, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!SNB_UserFree + 86 76A69BBA 35 Bytes [ FF, 3B, C3, 74, 2F, 39, 9D, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!SNB_UserFree + AA 76A69BDE 12 Bytes [ D7, 25, FF, FF, 00, 00, 0D, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!SNB_UserFree + B7 76A69BEB 39 Bytes [ EF, FF, FF, 39, 9D, 0C, FD, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleSetContainedObject + 27 76A78079 77 Bytes [ B6, 84, 00, 00, 00, E8, 47, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleNoteObjectVisible + 22 76A780C7 62 Bytes [ 48, 4C, 0F, B7, 40, 4E, 51, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleNoteObjectVisible + 77 76A7811C 208 Bytes [ 11, 3B, C3, 89, 45, FC, 0F, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleNoteObjectVisible + 148 76A781ED 49 Bytes [ 55, 8B, EC, 56, FF, 75, 10, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleNoteObjectVisible + 17A 76A7821F 3 Bytes [ 1A, F3, FF ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleNoteObjectVisible + 17E 76A78223 27 Bytes [ FF, 75, 10, 8B, F0, FF, 15, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!GetDocumentBitStg + C 76A783A3 13 Bytes [ 3B, CA, 72, F4, 8B, CE, 8B, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!GetDocumentBitStg + 1A 76A783B1 95 Bytes [ D6, 33, C0, 40, 5F, 5E, 5D, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!GetConvertStg + 27 76A78411 6 Bytes [ 8B, 47, 1C, 8B, 08, 50 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleDraw + 2 76A78418 5 Bytes [ 51, 04, 8B, 45, 08 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleDraw + 8 76A7841E 93 Bytes JMP 402CEA33 .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleDraw + 66 76A7847C 11 Bytes [ 51, 08, 83, 7D, 10, 00, 75, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleDraw + 72 76A78488 19 Bytes [ 8D, 56, 24, 52, 68, C8, 30, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleDraw + 86 76A7849C 110 Bytes [ 1B, 8B, 03, 53, FF, 50, 08, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleDuplicateData + 23 76A78743 30 Bytes [ FF, FF, FF, 5F, 5E, 5B, E8, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleDuplicateData + 42 76A78762 5 Bytes [ A1, 04, 50, AB, 76 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleDuplicateData + 48 76A78768 20 Bytes [ 89, 45, FC, 8B, 45, 08, 56, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleDuplicateData + 5D 76A7877D 21 Bytes [ 89, 85, F8, FE, FF, FF, 8B, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleDuplicateData + 73 76A78793 77 Bytes [ B5, FC, FE, FF, FF, 89, B5, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleCreateStaticFromData + 7F 76A78F27 146 Bytes [ 04, 21, 13, EB, 0D, 8B, 45, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleCreateStaticFromData + 113 76A78FBB 9 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleCreateStaticFromData + 11D 76A78FC5 34 Bytes [ 56, 8B, 75, 0C, 33, C0, 3B, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleCreateStaticFromData + 140 76A78FE8 68 Bytes [ 55, 10, 3B, D0, 74, 04, 2B, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleCreateStaticFromData + 185 76A7902D 2 Bytes [ 75, 10 ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleCreateLinkEx + 4 76A79310 7 Bytes [ C7, 5F, 5E, 5B, C9, C2, 08 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleCreateLinkEx + C 76A79318 25 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleCreateLinkEx + 26 76A79332 114 Bytes [ 85, C0, 75, 07, B8, 57, 00, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleCreateLinkEx + 99 76A793A5 1 Byte [ FF ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleCreateLinkEx + 9B 76A793A7 3 Bytes [ FF, 85, C0 ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleCreateLinkToFileEx + 5 76A793EF 39 Bytes [ 8D, 45, 08, 50, 8B, 45, 08, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleCreateLinkToFileEx + 2D 76A79417 16 Bytes [ FF, 55, 8B, EC, 56, 57, 8B, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleCreateLinkToFileEx + 3E 76A79428 83 Bytes [ 75, 07, BE, 57, 00, 07, 80, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleCreateLinkToFileEx + 92 76A7947C 15 Bytes [ FF, 75, 0C, 50, FF, 51, 0C, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleCreateLinkToFileEx + A2 76A7948C 16 Bytes [ 51, 08, 5F, 8B, C6, 5E, 5D, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleCreateFromFileEx + 25 76A795D3 40 Bytes [ EC, 51, 83, 65, FC, 00, 83, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleCreateFromFileEx + 4E 76A795FC 65 Bytes [ 07, 80, 85, C0, 7C, 0C, 8B, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleCreateFromFileEx + 90 76A7963E 6 Bytes [ 56, 8D, 8D, F0, FE, FF ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleCreateFromFileEx + 97 76A79645 5 Bytes CALL 76A8A8E7 C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleCreateFromFileEx + 9D 76A7964B 14 Bytes [ 8D, 85, F0, FE, FF, FF, 50, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleCreateLink + 4 76A798D2 2 Bytes [ 08, 50 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleCreateLink + 7 76A798D5 2 Bytes [ 51, 08 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleCreateLink + A 76A798D8 36 Bytes [ 45, E4, 85, C0, 74, 06, 8B, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleCreateLink + 2F 76A798FD 53 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleCreateLinkToFile + 1A 76A79933 20 Bytes [ 0D, FF, B5, E4, FD, FF, FF, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleCreateLinkToFile + 2F 76A79948 22 Bytes CALL C7A7994A .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleCreateLinkToFile + 46 76A7995F 6 Bytes [ 00, 8D, 85, FC, FD, FF ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleCreateFromFile + 2 76A79966 40 Bytes CALL C7A79968 .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleCreateFromFile + 2B 76A7998F 90 Bytes CALL 769A3526 C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleCreateFromFile + 86 76A799EA 7 Bytes [ 33, C9, 41, 3B, C1, 75, 64 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleCreateFromFile + 8E 76A799F2 42 Bytes [ 75, 0C, 3B, F7, 74, 48, 66, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleCreateFromFile + B9 76A79A1D 160 Bytes [ 3B, CF, 74, 18, 8B, C1, 8D, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CreateDataCache 76A7B72E 21 Bytes [ 90, 90, 90, 90, 8B, FF, 55, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CreateDataCache + 16 76A7B744 3 Bytes [ 43, 23, F6 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CreateDataCache + 1C 76A7B74A 297 Bytes [ 75, 0A, B8, 0E, 01, 01, 80, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CreateDataCache + 146 76A7B874 106 Bytes CALL C52ABD64 .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!CreateDataCache + 1B1 76A7B8DF 45 Bytes [ 75, 06, 66, 83, FA, 02, 74, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!DoDragDrop + 92 76A7FB9C 23 Bytes [ 51, 08, 83, 65, A4, 00, 85, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!DoDragDrop + AA 76A7FBB4 10 Bytes [ 8B, 45, A4, 85, C0, 74, 06, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!DoDragDrop + B5 76A7FBBF 59 Bytes [ 51, 08, 83, 7D, 9C, 00, 74, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!DoDragDrop + F1 76A7FBFB 15 Bytes [ 4D, FC, 8B, C7, 5F, 5E, 5B, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!DoDragDrop + 101 76A7FC0B 12 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleCreateEmbeddingHelper + 43 76A81226 21 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleCreateEmbeddingHelper + 59 76A8123C 6 Bytes [ 00, FF, 35, 00, 50, AB ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleCreateEmbeddingHelper + 60 76A81243 65 Bytes [ 8B, F9, FF, 15, EC, 55, AB, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleCreateEmbeddingHelper + A2 76A81285 252 Bytes [ 00, 72, 0A, 3D, 07, 01, 00, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleSetAutoConvert + 38 76A81382 27 Bytes [ 0F, 84, 87, 00, 00, 00, 8B, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleSetAutoConvert + 54 76A8139E 22 Bytes [ 74, 81, 28, 68, 17, 01, 00, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleSetAutoConvert + 6B 76A813B5 42 Bytes [ 76, 3C, FF, 75, F0, FF, D3, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleSetAutoConvert + 96 76A813E0 13 Bytes [ 76, 3C, 68, 11, 01, 00, 00, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleSetAutoConvert + A4 76A813EE 5 Bytes [ 15, D8, 14, 99, 76 ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleMetafilePictFromIconAndLabel + 33 76A81EC4 97 Bytes [ 85, C0, 75, 07, B8, 0E, 01, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleMetafilePictFromIconAndLabel + 95 76A81F26 29 Bytes [ 8B, C7, 5F, 5E, 5D, C2, 08, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleMetafilePictFromIconAndLabel + B3 76A81F44 105 Bytes [ 85, C0, 75, 07, B8, 0E, 01, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleMetafilePictFromIconAndLabel + 11D 76A81FAE 56 Bytes [ 51, 18, 85, FF, 5F, 74, 05, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleMetafilePictFromIconAndLabel + 156 76A81FE7 9 Bytes [ 85, C0, 74, 0B, 6A, 14, FF, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleGetIconOfFile 76A82349 10 Bytes [ 90, 8B, FF, 55, 8B, EC, 81, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleGetIconOfFile + B 76A82354 21 Bytes [ 00, A1, 04, 50, AB, 76, 83, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleGetIconOfFile + 22 76A8236B 86 Bytes [ 51, 89, 45, FC, 8B, 45, 08, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleGetIconOfFile + 79 76A823C2 14 Bytes [ FF, 50, FF, 15, 04, 14, 99, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleGetIconOfFile + 88 76A823D1 20 Bytes [ 50, 6A, 01, 68, FC, 5B, 9C, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleGetIconOfClass + 40 76A82673 38 Bytes [ B5, 74, FF, FF, FF, E8, B0, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleGetIconOfClass + 67 76A8269A 6 Bytes [ B5, 68, FF, FF, FF, FF ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleGetIconOfClass + 6E 76A826A1 1 Byte [ 78 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleGetIconOfClass + 72 76A826A5 23 Bytes [ FF, 15, 60, 13, 99, 76, 85, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleGetIconOfClass + 8A 76A826BD 12 Bytes JMP 76A827D9 C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleRegEnumFormatEtc + 2D 76A834D0 15 Bytes [ FF, FF, D3, 8D, 85, 88, FA, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleRegEnumFormatEtc + 3D 76A834E0 117 Bytes [ 50, FF, 35, 2C, 51, AB, 76, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleRegEnumFormatEtc + B3 76A83556 97 Bytes [ FA, FF, FF, 8D, 44, 46, FE, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleRegEnumFormatEtc + 115 76A835B8 12 Bytes [ 50, 8D, 85, 54, FF, FF, FF, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleRegEnumFormatEtc + 122 76A835C5 10 Bytes [ 68, 00, 00, 00, 80, C7, 85, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleConvertIStorageToOLESTREAM + 7 76A88C6A 6 Bytes [ 34, 53, 56, 33, F6, 57 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleConvertIStorageToOLESTREAM + E 76A88C71 10 Bytes [ 33, C0, 8D, 7D, E4, 8B, D9, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleConvertIStorageToOLESTREAM + 19 76A88C7C 4 Bytes [ 75, EC, 89, 75 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleConvertIStorageToOLESTREAM + 1E 76A88C81 107 Bytes CALL 76A87F7A C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleConvertIStorageToOLESTREAMEx + 2F 76A88CED 7 Bytes [ 15, D8, 11, 99, 76, BE, 0E ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleConvertIStorageToOLESTREAMEx + 37 76A88CF5 220 Bytes [ 07, 80, EB, 63, 56, FF, 15, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleConvertIStorageToOLESTREAMEx + 114 76A88DD2 69 Bytes [ FF, 51, 2C, 3B, C3, 89, 45, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleConvertIStorageToOLESTREAMEx + 15A 76A88E18 15 Bytes [ 85, 6C, FF, FF, FF, 8B, 08, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleConvertIStorageToOLESTREAMEx + 16A 76A88E28 24 Bytes [ 75, B4, 89, 9D, 78, FF, FF, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleConvertOLESTREAMToIStorage + 3E 76A88FE5 85 Bytes [ 8B, 4D, FC, 8B, 45, AC, 5B, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleConvertOLESTREAMToIStorage + 94 76A8903B 3 Bytes CALL 372E903F .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleConvertOLESTREAMToIStorage + 98 76A8903F 12 Bytes [ 85, C0, 7C, 29, 85, F6, 75, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleConvertOLESTREAMToIStorageEx + 4 76A8904C 12 Bytes CALL 76A87BD3 C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleConvertOLESTREAMToIStorageEx + 11 76A89059 9 Bytes CALL 76A88217 C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleConvertOLESTREAMToIStorageEx + 1B 76A89063 3 Bytes [ 08, FF, 70 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleConvertOLESTREAMToIStorageEx + 1F 76A89067 84 Bytes CALL 76A88382 C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!OleConvertOLESTREAMToIStorageEx + 74 76A890BC 35 Bytes [ 45, F8, 89, 47, 4C, EB, 10, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!UtGetDvtd16Info + 38 76A89D3C 33 Bytes [ BE, 69, 00, 04, 80, E9, DB, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!UtGetDvtd16Info + 5B 76A89D5F 58 Bytes [ 8B, F0, 85, F6, 0F, 85, B8, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!UtGetDvtd16Info + 96 76A89D9A 109 Bytes [ 85, FF, 74, 72, 6A, 30, E8, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!UtGetDvtd16Info + 104 76A89E08 58 Bytes [ 89, 1E, 66, 89, 7E, 04, EB, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!UtConvertDvtd16toDvtd32 + 15 76A89E43 87 Bytes [ EC, 51, 51, 83, 65, FC, 00, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!UtConvertDvtd16toDvtd32 + 6E 76A89E9C 2 Bytes [ CF, 00 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!UtConvertDvtd16toDvtd32 + 72 76A89EA0 24 Bytes [ 8B, 75, 0C, 89, 46, 3C, EB, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!UtConvertDvtd16toDvtd32 + 8B 76A89EB9 43 Bytes [ 8C, B1, 00, 00, 00, 83, 7D, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!UtConvertDvtd16toDvtd32 + B7 76A89EE5 67 Bytes CALL 76A88590 C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!UtGetDvtd32Info + 73 76A8A092 206 Bytes CALL 769A34EE C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!UtConvertDvtd32toDvtd16 + 32 76A8A161 74 Bytes [ 65, D0, 00, 6A, 00, FF, 75, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!UtConvertDvtd32toDvtd16 + 7D 76A8A1AC 69 Bytes [ 0A, 8B, 4E, 20, 89, 0B, 83, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!UtConvertDvtd32toDvtd16 + C3 76A8A1F2 91 Bytes [ 4F, 04, 89, 46, 28, 89, 46, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!UtConvertDvtd32toDvtd16 + 11F 76A8A24E 6 Bytes [ AB, 76, 83, 65, F0, 00 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!UtConvertDvtd32toDvtd16 + 126 76A8A255 27 Bytes [ 8B, 75, 08, 57, 8B, 7D, 10, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!StgOpenStorageOnILockBytes + 8B 76A8B400 50 Bytes [ 3B, F3, 74, 34, 8D, 46, 04, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!StgOpenStorageOnILockBytes + BE 76A8B433 29 Bytes [ 15, 60, 12, 99, 76, 57, FF, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!StgOpenStorageOnILockBytes + DC 76A8B451 141 Bytes [ EC, 66, 8B, 45, 08, 66, 3D, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!StgOpenStorageOnILockBytes + 16A 76A8B4DF 21 Bytes [ 53, 8B, F0, FF, 15, C4, 14, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!StgOpenStorageOnILockBytes + 181 76A8B4F6 75 Bytes [ 6A, 42, FF, 15, B4, 13, 99, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!StgIsStorageILockBytes + 10 76A8B6DA 16 Bytes [ F4, 53, FF, 15, C4, 14, 99, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!StgIsStorageILockBytes + 21 76A8B6EB 29 Bytes [ 15, D8, 11, 99, 76, 39, 5D, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!StgIsStorageILockBytes + 3F 76A8B709 81 Bytes [ 75, F8, FF, 15, B0, 13, 99, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!StgIsStorageILockBytes + 91 76A8B75B 101 Bytes [ 75, 05, 6A, 0C, 58, EB, 02, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!StgIsStorageILockBytes + F7 76A8B7C1 159 Bytes [ 68, 10, 27, 00, 00, 6A, 5A, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!PropVariantChangeType + 7A 76A92DA1 1 Byte [ 0C ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!PropVariantChangeType + 7C 76A92DA3 193 Bytes CALL 769E1F0B C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!PropStgNameToFmtId + 18 76A92E65 28 Bytes CALL 76A92A29 C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!PropStgNameToFmtId + 37 76A92E84 46 Bytes [ 8D, 45, EC, 50, 8D, 45, DC, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!StgCreatePropStg + A 76A92EB3 14 Bytes CALL 76A9257B C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!StgCreatePropStg + 19 76A92EC2 94 Bytes [ 75, FC, FF, 15, 70, 7D, AB, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!StgCreatePropStg + 78 76A92F21 64 Bytes [ 73, 83, EE, 16, 74, 2D, 4E, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!StgCreatePropStg + B9 76A92F62 32 Bytes CALL 769A3064 C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!StgCreatePropStg + DA 76A92F83 16 Bytes JMP 6AA1BA8A .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!StgOpenPropStg + 3 76A9302D 36 Bytes [ 20, 74, 0F, 8B, 45, 1C, 8B, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!StgOpenPropStg + 28 76A93052 61 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!StgOpenPropStg + 66 76A93090 752 Bytes [ 75, 18, FF, 75, 14, FF, 75, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!StgCreatePropSetStg + 1F5 76A93381 32 Bytes [ 50, FF, 75, F8, 56, FF, 75, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!StgCreatePropSetStg + 216 76A933A2 2 Bytes [ FF, 55 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!StgCreatePropSetStg + 219 76A933A5 180 Bytes [ EC, 51, 51, 8B, 4D, 0C, 0F, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!PropSysFreeString + 7A 76A9345A 16 Bytes [ 0A, BF, 0A, 00, 02, 80, E9, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!PropSysFreeString + 8B 76A9346B 105 Bytes JMP 76A935DD C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!PropSysFreeString + F5 76A934D5 6 Bytes [ 84, 9F, 00, 00, 00, 48 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!PropSysFreeString + FC 76A934DC 11 Bytes [ 6B, 48, 74, 12, 48, 48, 0F, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!PropSysFreeString + 108 76A934E8 8 Bytes [ 48, 74, 34, 48, 0F, 85, CC, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!PropVariantCopy + 9 76A93613 2 Bytes [ 01, 00 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!PropVariantCopy + C 76A93616 36 Bytes [ 83, F9, 1E, 0F, 8D, 6A, 01, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!PropVariantCopy + 32 76A9363C 96 Bytes [ 00, 49, 0F, 84, 98, 00, 00, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!PropVariantCopy + 93 76A9369D 9 Bytes [ 00, 72, 09, 83, F8, FF, 0F, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!PropVariantCopy + 9D 76A936A7 36 Bytes [ 00, 00, 8B, 4D, 08, 89, 41, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!StgConvertVariantToProperty + 11 76A950BB 82 Bytes JMP 76A9532D C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!StgPropertyLengthAsVariant + 1F 76A9510E 88 Bytes [ 0F, 8C, 1B, 02, 00, 00, 8B, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!StgConvertPropertyToVariant + 40 76A95167 25 Bytes [ 8A, 45, 20, 88, 45, DB, 8B, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!StgConvertPropertyToVariant + 5A 76A95181 18 Bytes [ 10, 99, 76, 59, 40, 89, 45, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!StgConvertPropertyToVariant + 6D 76A95194 10 Bytes [ 06, 00, 00, 8A, 45, 20, 88, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!StgConvertPropertyToVariant + 78 76A9519F 7 Bytes [ 5F, 8D, 46, 08, E9, 12, 02 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!StgConvertPropertyToVariant + 80 76A951A7 23 Bytes [ 00, BA, 08, 20, 00, 00, 3B, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!StgGetIFillLockBytesOnILockBytes + 52 76A9F8CB 93 Bytes [ 01, 75, 1C, 8B, 45, 14, 83, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!StgGetIFillLockBytesOnILockBytes + B0 76A9F929 117 Bytes [ 45, 14, FF, 70, 0C, EB, 0F, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!StgOpenAsyncDocfileOnIFillLockBytes + 5F 76A9F99F 29 Bytes [ 8D, 4D, DC, 51, 50, 8B, CB, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!StgOpenAsyncDocfileOnIFillLockBytes + 7D 76A9F9BD 61 Bytes [ 08, 89, 45, D4, 73, 24, 8B, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!StgOpenAsyncDocfileOnIFillLockBytes + BB 76A9F9FB 80 Bytes [ 45, EC, 89, 45, E4, C7, 47, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!StgOpenAsyncDocfileOnIFillLockBytes + 10C 76A9FA4C 67 Bytes [ 8B, 4D, DC, F7, D9, 89, 48, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!StgOpenAsyncDocfileOnIFillLockBytes + 150 76A9FA90 58 Bytes [ 00, 83, F8, 42, 74, 43, 83, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!StgGetIFillLockBytesOnFile + D 76A9FAFA 19 Bytes [ 0F, 84, 82, 01, 00, 00, 83, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!StgGetIFillLockBytesOnFile + 22 76A9FB0F 17 Bytes CALL 769A3066 C:\WINDOWS\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation) .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!StgGetIFillLockBytesOnFile + 34 76A9FB21 104 Bytes [ 16, C7, 06, 9A, 00, 00, C0, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!StgGetIFillLockBytesOnFile + 9D 76A9FB8A 16 Bytes [ 07, 83, F8, FF, 0F, 84, D5, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] ole32.dll!StgGetIFillLockBytesOnFile + AE 76A9FB9B 5 Bytes [ CB, E8, 8A, 8D, F1 ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WEP + FFFEF0D0 71A111D5 18 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WEP + FFFEF0E3 71A111E8 46 Bytes [ 2E, 74, 65, 78, 74, 00, 00, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WEP + FFFEF113 71A11218 15 Bytes [ EC, 08, 00, 00, 00, 40, 01, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WEP + FFFEF125 71A1122A 39 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WEP + FFFEF14D 71A11252 9 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSAStringToAddressW + 25 71A12843 19 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSAStringToAddressW + 3A 71A12858 21 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSAStringToAddressW + 51 71A1286F 19 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSAStringToAddressW + 65 71A12883 30 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!GetAddrInfoW + B 71A128A4 81 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!GetAddrInfoW + 5E 71A128F7 11 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!GetAddrInfoW + 6B 71A12904 22 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!GetAddrInfoW + 83 71A1291C 11 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!GetAddrInfoW + 90 71A12929 7 Bytes [ 00, 00, 00, 00, 00, 00, 00 ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!getaddrinfo + 1F 71A12A8E 36 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!getaddrinfo + 45 71A12AB4 7 Bytes [ 00, 00, 00, 00, 00, 00, 00 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!getaddrinfo + 4E 71A12ABD 21 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!getaddrinfo + 65 71A12AD4 14 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!getaddrinfo + 74 71A12AE3 4 Bytes [ 00, 00, 00, 00 ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!FreeAddrInfoW + 11 71A12B1C 4 Bytes [ 00, 00, 00, 00 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!FreeAddrInfoW + 16 71A12B21 23 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!FreeAddrInfoW + 2F 71A12B3A 33 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!FreeAddrInfoW + 52 71A12B5D 3 Bytes [ 00, 00, 00 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!FreeAddrInfoW + 56 71A12B61 29 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!htons + 19 71A12B7F 59 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!htons + 55 71A12BBB 21 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!htonl + 11 71A12BD1 1 Byte [ 00 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!htonl + 14 71A12BD4 6 Bytes [ 00, 00, 00, 00, 00, 00 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!htonl + 1C 71A12BDC 1 Byte [ 00 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!htonl + 1E 71A12BDE 16 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!htonl + 2F 71A12BEF 43 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!inet_addr + 27 71A12C1B 31 Bytes [ 00, 40, 1F, 00, 00, 56, 1F, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!inet_addr + 47 71A12C3B 7 Bytes [ 00, ED, 1F, 00, 00, 03, 20 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!inet_addr + 4F 71A12C43 64 Bytes [ 00, 0E, 20, 00, 00, 1C, 20, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!sendto + 1B 71A12C84 11 Bytes [ 43, 21, 00, 00, 64, 21, 00, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!sendto + 27 71A12C90 22 Bytes [ 8E, 21, 00, 00, 97, 21, 00, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!sendto + 3F 71A12CA8 19 Bytes JMP 01000021 .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!sendto + 53 71A12CBC 67 Bytes [ 58, 22, 00, 00, 64, 22, 00, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!sendto + 97 71A12D00 42 Bytes [ 49, 23, 00, 00, 54, 23, 00, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!recvfrom + 1C 71A12D2B 11 Bytes [ 00, 0E, 24, 00, 00, 21, 24, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!recvfrom + 28 71A12D37 43 Bytes [ 00, 48, 24, 00, 00, 5E, 24, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!recvfrom + 54 71A12D63 67 Bytes [ 00, E3, 24, 00, 00, F1, 24, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!recvfrom + 99 71A12DA8 18 Bytes [ A9, 25, 00, 00, AF, 25, 00, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!recvfrom + AC 71A12DBB 36 Bytes [ 00, CA, 25, 00, 00, CF, 25, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!select + 20 71A12DE0 11 Bytes [ 65, 00, 66, 00, 68, 00, 67, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!select + 2C 71A12DEC 11 Bytes [ 64, 00, 6B, 00, 70, 00, 73, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!select + 38 71A12DF8 13 Bytes [ 21, 00, 22, 00, 23, 00, 24, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!select + 46 71A12E06 7 Bytes [ 28, 00, 29, 00, 6E, 00, 2A ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!select + 4E 71A12E0E 23 Bytes [ 2B, 00, 2C, 00, 2D, 00, 2E, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSALookupServiceNextW + 15 71A12EAE 39 Bytes [ 11, 00, 12, 00, 13, 00, 14, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSALookupServiceNextW + 3D 71A12ED6 55 Bytes [ 41, 64, 64, 72, 49, 6E, 66, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSALookupServiceNextW + 75 71A12F0E 9 Bytes [ 57, 53, 41, 41, 63, 63, 65, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSALookupServiceNextW + 7F 71A12F18 39 Bytes [ 57, 53, 41, 41, 64, 64, 72, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSALookupServiceNextW + A7 71A12F40 655 Bytes [ 57, 53, 41, 41, 73, 79, 6E, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSALookupServiceEnd + 6A 71A13290 70 Bytes [ 41, 52, 65, 63, 76, 00, 57, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSALookupServiceEnd + B1 71A132D7 87 Bytes [ 00, 57, 53, 41, 53, 65, 6E, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSALookupServiceBeginW + 28 71A1332F 78 Bytes [ 65, 74, 53, 65, 72, 76, 69, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSALookupServiceBeginW + 77 71A1337E 41 Bytes [ 57, 53, 41, 53, 74, 72, 69, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSALookupServiceBeginW + A1 71A133A8 29 Bytes [ 57, 53, 41, 57, 61, 69, 74, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSALookupServiceBeginW + BF 71A133C6 192 Bytes [ 65, 74, 50, 6F, 73, 74, 52, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSALookupServiceBeginW + 180 71A13487 21 Bytes [ 57, 53, 43, 57, 72, 69, 74, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSASocketW + 15 71A139E0 62 Bytes CALL 71A137C8 C:\WINDOWS\System32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSASocketW + 55 71A13A20 25 Bytes [ F6, 85, 54, FF, FF, FF, 04, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSASocketW + 6F 71A13A3A 37 Bytes [ 85, C0, 0F, 85, 8B, 74, 00, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSASocketW + 95 71A13A60 145 Bytes JMP 11A425FF .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSASocketW + 127 71A13AF2 32 Bytes [ 00, 00, 83, 26, 00, 57, E8, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!socket + 2 71A13B93 39 Bytes [ 15, 80, 11, A1, 71, 8B, 37, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!socket + 2A 71A13BBB 97 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!socket + 8C 71A13C1D 54 Bytes [ E4, 51, 8D, 4D, 08, 51, 53, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!socket + C7 71A13C58 126 Bytes [ FF, FF, FF, FF, C3, 99, A1, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!socket + 146 71A13CD7 6 Bytes [ 45, 0C, FF, 75, 14, 89 ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!bind + 22 71A13E22 3 Bytes [ 84, 87, 62 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!bind + 27 71A13E27 32 Bytes [ 8B, 7D, 14, 39, 75, E0, 0F, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!bind + 48 71A13E48 38 Bytes [ 8B, F0, 85, F6, 0F, 84, 85, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!bind + 70 71A13E70 42 Bytes [ 83, FF, FF, 0F, 84, 4F, 87, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!bind + 9B 71A13E9B 11 Bytes [ 55, 8B, EC, 81, 3D, 28, 40, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!setsockopt + 7 71A13EA8 48 Bytes [ 57, 0F, 84, F9, 5A, 00, 00, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!setsockopt + 38 71A13ED9 15 Bytes [ 75, 14, FF, 15, 00, 11, A1, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!setsockopt + 48 71A13EE9 17 Bytes [ 8B, 7D, 08, 85, FF, 0F, 84, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!setsockopt + 5A 71A13EFB 8 Bytes [ 85, C0, 0F, 84, B8, 83, 00, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!setsockopt + 64 71A13F05 335 Bytes [ 14, 56, FF, 75, 0C, 57, E8, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!inet_ntoa + 114 71A14055 92 Bytes [ EC, 56, 8B, 75, 08, 8D, 46, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!connect + 48 71A140B2 73 Bytes [ 56, 8B, F1, 56, FF, 15, B0, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!connect + 92 71A140FC 5 Bytes [ FF, FF, 39, 7D, F8 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!connect + 98 71A14102 42 Bytes [ D8, 75, 03, 89, 5E, 14, 85, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!connect + C3 71A1412D 19 Bytes [ 00, 00, 85, C0, 0F, 85, A0, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!connect + D7 71A14141 25 Bytes [ FF, 15, CC, 11, A1, 71, 85, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!send + 53 71A142DD 15 Bytes [ FF, 59, 8B, C6, 5E, 5D, C2, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!send + 63 71A142ED 29 Bytes [ 56, 8B, F1, 8B, 4E, 08, 85, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!send + 81 71A1430B 14 Bytes [ EC, 51, 51, 53, 56, 57, 8D, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSARecv + 2 71A1431A 68 Bytes [ 15, 28, 40, A2, 71, 8B, F0, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSARecv + 47 71A1435F 73 Bytes [ 0F, 84, 0C, 7F, 00, 00, 8B, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSARecv + 92 71A143AA 2 Bytes [ E2, 7E ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSARecv + 96 71A143AE 8 Bytes [ 83, FE, FF, 74, E4, E9, E5, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSARecv + 9F 71A143B7 187 Bytes [ 00, 90, 90, 90, 90, 90, 8B, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSACleanup + 4B 71A14473 2 Bytes [ 01, 00 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSACleanup + 4E 71A14476 50 Bytes [ 3B, C3, 89, 45, FC, 74, 20, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSAIoctl + 21 71A144AA 195 Bytes [ 39, 5D, FC, 0F, 85, F4, 1A, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!__WSAFDIsSet + 2A 71A1456E 32 Bytes [ 8B, 75, 0C, 8B, 4E, 10, 8B, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSAEventSelect + 1C 71A1458F 10 Bytes CALL 71A1221D C:\WINDOWS\System32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSAEventSelect + 27 71A1459A 6 Bytes [ 90, 90, 90, 90, 90, 90 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSAEventSelect + 2F 71A145A2 27 Bytes [ FF, FF, D0, AC, A1, 71, D9, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSAEventSelect + 4B 71A145BE 19 Bytes [ 75, 14, FF, 75, 10, FF, 75, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSAEventSelect + 5F 71A145D2 36 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSACreateEvent 71A145F7 4 Bytes [ 90, 90, 90, 90 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSACreateEvent + 5 71A145FC 30 Bytes [ 00, FF, 15, A4, 11, A1, 71, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSAEnumNetworkEvents + 4 71A1461B 43 Bytes CALL 71A135F4 C:\WINDOWS\System32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSAEnumNetworkEvents + 30 71A14647 70 Bytes [ 48, 04, 89, 06, 89, 4E, 04, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSACloseEvent + C 71A1468E 32 Bytes CALL 71A13611 C:\WINDOWS\System32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSACloseEvent + 2D 71A146AF 2 Bytes [ 2D, DB ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSACloseEvent + 31 71A146B3 26 Bytes [ 8B, F1, 83, 65, FC, 00, 8D, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!getsockopt + 5 71A146CE 60 Bytes [ 00, 00, 33, C0, 89, 45, E4, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!getsockopt + 42 71A1470B 38 Bytes [ 14, 89, 50, 30, 89, 50, 34, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!getsockopt + 6A 71A14733 6 Bytes [ 8B, F0, 56, E8, BB, EE ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!getsockopt + 71 71A1473A 22 Bytes [ FF, 85, C0, 59, 8B, 4D, 0C, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!getsockopt + 88 71A14751 31 Bytes [ 00, 00, 5E, 5D, C2, 08, 00, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSANSPIoctl + 27 71A14D2D 11 Bytes [ C0, 0F, 84, 83, 00, 00, 00, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSANSPIoctl + 34 71A14D3A 18 Bytes CALL 71A14BE8 C:\WINDOWS\System32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSANSPIoctl + 47 71A14D4D 23 Bytes [ FF, 85, C0, 59, 74, 4E, 8B, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSANSPIoctl + 5F 71A14D65 1 Byte [ CF ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSANSPIoctl + 61 71A14D67 2 Bytes [ 14, FF ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!gethostbyname + 7C 71A15050 15 Bytes [ 09, 5A, 00, 00, 8B, C6, 8B, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!gethostbyname + 8C 71A15060 4 Bytes [ FF, C9, C2, 04 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!gethostbyname + 91 71A15065 11 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!gethostbyname + 9D 71A15071 4 Bytes [ 18, 57, 8D, 45 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!gethostbyname + A2 71A15076 82 Bytes [ 50, 8D, 45, EC, 50, FF, 15, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!gethostname + 1 71A150C9 239 Bytes CALL 71A13B24 C:\WINDOWS\System32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!gethostname + F2 71A151BA 4 Bytes CALL 71A151E4 C:\WINDOWS\System32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!gethostname + F8 71A151C0 16 Bytes JMP 71A13AD2 C:\WINDOWS\System32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!gethostname + 109 71A151D1 54 Bytes JMP 71A13A8C C:\WINDOWS\System32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!gethostname + 140 71A15208 46 Bytes [ D8, 85, DB, 74, 15, 57, E8, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSALookupServiceBeginA + BE 71A15368 14 Bytes [ 75, 18, FF, 75, 14, FF, 75, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSALookupServiceBeginA + CD 71A15377 62 Bytes [ 50, 54, 8B, CE, 8B, F8, E8, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSALookupServiceBeginA + 10C 71A153B6 83 Bytes JMP 71A170F2 C:\WINDOWS\System32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSALookupServiceBeginA + 160 71A1540A 15 Bytes [ 75, FC, FF, 15, A4, 11, A1, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSALookupServiceBeginA + 170 71A1541A 15 Bytes [ C7, 45, FC, 36, 27, 00, 00, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSALookupServiceNextA + D 71A1571B 4 Bytes [ FF, 0F, 85, 45 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSALookupServiceNextA + 12 71A15720 6 Bytes [ 00, 00, BB, FF, FF, 00 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSALookupServiceNextA + 19 71A15727 40 Bytes [ 39, 5D, 0C, 75, 0D, 81, 7D, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSALookupServiceNextA + 42 71A15750 15 Bytes [ 00, 8B, 41, 0C, 39, 5D, 0C, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSALookupServiceNextA + 52 71A15760 3 Bytes [ 75, 4E, C7 ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!recv + 40 71A1619A 184 Bytes [ 8B, B5, B4, FE, FF, FF, 8B, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSASend + 21 71A16254 28 Bytes [ 00, 85, C0, 75, 42, 56, 8D, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSASend + 3E 71A16271 1 Byte [ 00 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSASend + 41 71A16274 23 Bytes [ 38, 85, C0, 89, 45, F8, 0F, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSASend + 5A 71A1628D 4 Bytes CALL 71A14225 C:\WINDOWS\System32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSASend + 5F 71A16292 18 Bytes [ FF, 85, FF, 0F, 85, 6F, 55, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSAAddressToStringW + 67 71A16319 5 Bytes [ 8B, F8, FF, 75, FC ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSAAddressToStringW + 6D 71A1631F 2 Bytes [ 4B, C0 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSAAddressToStringW + 71 71A16323 176 Bytes [ 59, 3B, FB, 5B, 0F, 85, F4, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSAAddressToStringW + 122 71A163D4 9 Bytes [ 44, 8B, 46, 28, 85, C0, 0F, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSAAddressToStringW + 12C 71A163DE 40 Bytes [ 00, 00, 85, DB, 8B, 45, F8, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSAStartup + 6C 71A166B9 13 Bytes [ 00, 33, FF, 53, 57, 6A, FF, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSAStartup + 7A 71A166C7 44 Bytes [ FF, 15, BC, 11, A1, 71, 8B, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSAStartup + A7 71A166F4 50 Bytes [ 75, C6, 8B, C7, 5F, 5E, 5B, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSAStartup + DA 71A16727 216 Bytes [ 00, 8B, 03, 85, C0, 74, 12, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSAStartup + 1B3 71A16800 42 Bytes [ 85, C0, 89, 45, FC, 74, 7B, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSCEnumProtocols + 1A 71A1777B 4 Bytes [ FF, 5B, BA, A1 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSCEnumProtocols + 1F 71A17780 99 Bytes [ 64, BA, A1, 71, 90, 90, 90, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSCEnumProtocols + 83 71A177E4 45 Bytes [ 47, 65, 74, 41, 64, 64, 72, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSCEnumProtocols + B3 71A17814 71 Bytes [ 57, 53, 43, 57, 72, 69, 74, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSCEnumProtocols + FB 71A1785C 29 Bytes [ 57, 50, 55, 43, 6F, 6D, 70, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSAEnumProtocolsW + 47 71A184D3 17 Bytes [ FF, 50, 52, FF, 15, 2C, 11, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSAEnumProtocolsW + 59 71A184E5 22 Bytes [ 85, E0, FE, FF, FF, 50, FF, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSAEnumProtocolsW + 70 71A184FC 60 Bytes [ 68, 8C, 76, A1, 71, 50, FF, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSAEnumProtocolsW + AD 71A18539 107 Bytes [ D0, 89, 85, D8, FC, FF, FF, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSAEnumProtocolsW + 119 71A185A5 130 Bytes [ 00, 39, 43, 30, 0F, 84, 87, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSASocketA + 92 71A187FB 155 Bytes [ B1, 2E, 00, 00, 3B, F7, 0F, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSAProviderConfigChange + 78 71A18897 10 Bytes JMP 71A18037 C:\WINDOWS\System32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSAProviderConfigChange + 84 71A188A3 64 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!listen + 11 71A188E4 18 Bytes [ FF, 15, D0, 10, A1, 71, 85, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!listen + 24 71A188F7 38 Bytes CALL 71A18925 C:\WINDOWS\System32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!listen + 4B 71A1891E 74 Bytes [ C9, C2, 08, 00, 90, 90, 90, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!listen + 96 71A18969 51 Bytes [ FF, 8B, D8, 3B, DE, 59, 0F, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!listen + CA 71A1899D 5 Bytes [ 75, 08, E8, 62, F6 ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSCGetProviderPath + 35 71A18A5C 22 Bytes [ FF, FF, 35, 20, 40, A2, 71, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSCGetProviderPath + 4D 71A18A74 1 Byte [ 8D ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSCGetProviderPath + 4F 71A18A76 21 Bytes CALL 71A1A376 C:\WINDOWS\System32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSCGetProviderPath + 65 71A18A8C 28 Bytes [ FF, 56, 57, 6A, 3C, E8, 60, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSCGetProviderPath + 82 71A18AA9 35 Bytes CALL 71A18AD8 C:\WINDOWS\System32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSAStringToAddressA + E 71A190E6 1 Byte [ EC ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSAStringToAddressA + 10 71A190E8 45 Bytes [ 56, FF, 15, D0, 10, A1, 71, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSAStringToAddressA + 3E 71A19116 78 Bytes [ 02, 8B, C6, 8B, 4D, FC, 5F, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSAStringToAddressA + 8D 71A19165 27 Bytes [ FF, 51, 68, 98, 7D, A1, 71, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSAStringToAddressA + A9 71A19181 46 Bytes [ 8D, 85, F8, FE, FF, FF, 50, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSAAddressToStringA + B 71A19201 105 Bytes [ 50, 68, 74, 83, A1, 71, FF, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSAAddressToStringA + 76 71A1926C 19 Bytes [ 8D, 4E, 24, 89, 8D, EC, FE, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSAAddressToStringA + 8A 71A19280 55 Bytes [ 00, 00, 39, 5D, 0C, 6A, 04, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSAAddressToStringA + C2 71A192B8 15 Bytes [ B5, F4, FE, FF, FF, E8, 44, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSAAddressToStringA + D4 71A192CA 23 Bytes [ 39, 5D, 0C, 57, 0F, 84, 77, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSAResetEvent + 2 71A194A1 15 Bytes [ 15, 28, 40, A2, 71, 33, F6, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSASetEvent + 1 71A194B1 80 Bytes [ 45, 08, 89, 45, C4, 8B, 45, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSAGetLastError + 26 71A19502 54 Bytes [ FC, 01, 00, 00, 00, 8B, 4D, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!getsockname + 1C 71A1953A 11 Bytes [ FF, FF, 0C, A6, A1, 71, 15, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!getsockname + 28 71A19546 10 Bytes [ FF, FF, 1C, A6, A1, 71, 25, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!getsockname + 33 71A19551 17 Bytes [ 47, 10, 04, 75, 40, 83, 7F, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!getsockname + 45 71A19563 62 Bytes [ FF, 81, 46, 0C, 74, 02, 00, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!getsockname + 84 71A195A2 3 Bytes [ C2, 08, 00 ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!closesocket + 1B 71A19654 18 Bytes JMP 71A14F8A C:\WINDOWS\System32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!closesocket + 2E 71A19667 42 Bytes [ 35, 20, 40, A2, 71, FF, 15, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!closesocket + 59 71A19692 62 Bytes [ 00, 83, 65, FC, 00, E9, A9, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!closesocket + 9A 71A196D3 112 Bytes [ 0F, 84, E6, B7, FF, FF, FF, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!closesocket + 10B 71A19744 87 Bytes [ F8, 7B, 27, 00, 00, E9, 9B, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSAHtonl + 26 71A1BCEF 21 Bytes [ 83, 4D, FC, FF, 89, 5F, 40, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSAHtonl + 3C 71A1BD05 147 Bytes [ 3B, C3, 89, 45, FC, 75, 1A, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSAHtonl + D0 71A1BD99 35 Bytes [ FF, 8B, 0F, 8B, 01, 89, 07, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSAHtons + C 71A1BDBD 25 Bytes [ 75, 0C, FF, 15, A4, 11, A1, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSAHtons + 26 71A1BDD7 7 Bytes [ 8D, 7E, 0C, EB, 1C, 8B, 0F ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSAHtons + 2E 71A1BDDF 13 Bytes [ 01, 89, 07, 51, 89, 4D, F8, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSAHtons + 3C 71A1BDED 21 Bytes [ FF, 8B, 4D, F8, 6A, 01, E8, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSAHtons + 52 71A1BE03 109 Bytes [ 66, 14, 00, 0D, 00, 10, 00, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!GetNameInfoW + 4E 71A1C53A 12 Bytes [ 68, 47, 27, 00, 00, EB, 58, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!GetNameInfoW + 5C 71A1C548 23 Bytes [ 8B, 52, 24, 89, 55, C8, 83, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!GetNameInfoW + 74 71A1C560 26 Bytes [ FF, 90, 90, 90, 90, 90, 33, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!GetNameInfoW + 8F 71A1C57B 63 Bytes [ 04, 24, 1E, 27, 00, 00, EB, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!GetNameInfoW + CF 71A1C5BB 12 Bytes [ 4F, 04, 89, 4D, DC, 89, 45, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!getnameinfo + 4E 71A1C6BF 46 Bytes [ 11, A1, 71, 83, C8, FF, E9, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!getnameinfo + 7D 71A1C6EE 3 Bytes [ 83, 65, FC ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!getnameinfo + 81 71A1C6F2 25 Bytes JMP 71A1725F C:\WINDOWS\System32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!getnameinfo + 9C 71A1C70D 15 Bytes [ FF, 75, FC, FF, 15, A4, 11, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!getnameinfo + AD 71A1C71E 24 Bytes [ C7, 45, FC, 7B, 27, 00, 00, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSACancelBlockingCall + 49 71A1D43B 3 Bytes [ C2, 18, 00 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSAIsBlocking 71A1D441 127 Bytes [ 90, 90, 8B, FF, 55, 8B, EC, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSASetBlockingHook + 2D 71A1D4C1 15 Bytes [ 15, B4, 11, A1, 71, 8B, F8, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSASetBlockingHook + 3D 71A1D4D1 8 Bytes [ 8B, C7, 8B, 4D, FC, 5F, 5E, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSASetBlockingHook + 46 71A1D4DA 2 Bytes [ 61, FF ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSASetBlockingHook + 49 71A1D4DD 9 Bytes [ C9, C2, 10, 00, 90, 90, 90, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSASetBlockingHook + 53 71A1D4E7 4 Bytes [ 90, 90, 90, 90 ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSAUnhookBlockingHook + 1B 71A1D50B 37 Bytes [ 10, 53, 56, 8B, 75, 08, 89, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSAUnhookBlockingHook + 41 71A1D531 8 Bytes [ FF, 00, EB, 13, E8, 47, 61, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSAUnhookBlockingHook + 4A 71A1D53A 50 Bytes [ 85, C0, 89, 85, 78, FF, FF, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSAUnhookBlockingHook + 7D 71A1D56D 28 Bytes [ FF, FF, 1C, 00, 00, 00, 8D, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSAUnhookBlockingHook + 9A 71A1D58A 19 Bytes [ 95, 74, FF, FF, FF, 39, 55, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSADuplicateSocketA + 19 71A1DB9B 58 Bytes [ 4E, 01, 8B, C1, 8B, F7, 8B, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSADuplicateSocketA + 54 71A1DBD6 29 Bytes [ 24, 81, 00, EB, F0, 90, 90, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSADuplicateSocketA + 72 71A1DBF4 276 Bytes [ 8B, 55, 08, 8B, C8, 33, C0, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSAEnumProtocolsA + C2 71A1DD09 95 Bytes [ 45, F8, 76, 6E, 8B, 4D, 10, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSAEnumProtocolsA + 122 71A1DD69 365 Bytes [ 45, F8, 8D, 04, 13, 89, 45, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSAEnumProtocolsA + 290 71A1DED7 53 Bytes [ 4A, 04, 83, 24, 81, 00, 8B, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSAEnumProtocolsA + 2C6 71A1DF0D 29 Bytes [ 83, 25, 80, 48, A2, 71, 00, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSAEnumProtocolsA + 2E4 71A1DF2B 144 Bytes [ 75, 20, FF, 75, 1C, FF, 75, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!getprotobynumber + 59 71A1E10D 1 Byte [ 57 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!getprotobynumber + 5C 71A1E110 1 Byte [ CC ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!getprotobynumber + 60 71A1E114 24 Bytes [ 0F, B7, F6, 0F, B7, C3, C1, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!getprotobynumber + 79 71A1E12D 29 Bytes [ 85, C0, 74, 0C, 56, FF, 75, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!getprotobynumber + 97 71A1E14B 135 Bytes [ 55, 8B, EC, 53, 56, 57, 8B, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!getprotobyname + 5D 71A1E1D3 22 Bytes [ 76, 14, FF, 76, 10, 50, FF, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!getprotobyname + 74 71A1E1EA 37 Bytes [ 76, 18, FF, 76, 14, FF, 76, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!getprotobyname + 9A 71A1E210 11 Bytes [ 76, 10, 50, FF, 76, 08, E8, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!getprotobyname + A6 71A1E21C 53 Bytes [ 25, D4, 48, A2, 71, 00, 56, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!getprotobyname + DC 71A1E252 24 Bytes [ 39, 3F, 75, ED, 53, FF, 15, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSAAsyncGetProtoByNumber + C 71A1E2B7 36 Bytes [ A2, 71, 0F, 85, F1, 00, 00, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSAAsyncGetProtoByNumber + 31 71A1E2DC 70 Bytes [ 00, 00, 57, 57, 57, 89, 35, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSAAsyncGetProtoByNumber + 78 71A1E323 286 Bytes [ 15, 68, 11, A1, 71, 3B, C7, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSACancelAsyncRequest + 113 71A1E442 82 Bytes [ FF, 55, 8B, EC, 51, 81, 3D, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!gethostbyaddr + 1C 71A1E495 43 Bytes [ FF, 55, 8B, EC, 51, 51, 8D, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!gethostbyaddr + 48 71A1E4C1 111 Bytes [ 75, 08, FF, 15, 58, 11, A1, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!gethostbyaddr + B8 71A1E531 10 Bytes [ C9, C3, 90, 90, 90, 90, 90, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!gethostbyaddr + C3 71A1E53C 75 Bytes [ EC, 56, 8B, 75, 08, 57, 8B, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!gethostbyaddr + 10F 71A1E588 1 Byte [ 55 ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!getservbyport + 2 71A1E59F 1 Byte [ 59 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!getservbyport + 4 71A1E5A1 5 Bytes [ C6, 5E, 5D, C2, 04 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!getservbyport + A 71A1E5A7 34 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!getservbyport + 2D 71A1E5CA 54 Bytes [ 76, 0C, FF, 76, 14, E8, 0D, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!getservbyport + 65 71A1E602 118 Bytes [ 75, 67, 57, FF, 75, F8, E8, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!getservbyname + 134 71A1E81F 126 Bytes [ 55, 8B, EC, 83, EC, 1C, A1, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSAAsyncGetServByName + 4F 71A1E89E 141 Bytes [ FF, C9, C2, 08, 00, 90, 90, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSAAsyncGetServByPort + 31 71A1E92C 30 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSAAsyncGetServByPort + 50 71A1E94B 46 Bytes [ FF, 55, 8B, EC, 56, 33, F6, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSAAsyncGetServByPort + 7F 71A1E97A 41 Bytes [ FF, 55, 8B, EC, 51, 56, 8B, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSAAsyncGetHostByName + 1F 71A1E9A4 46 Bytes [ 55, 8B, EC, 51, 56, 8B, F1, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSAAsyncGetHostByName + 4E 71A1E9D3 44 Bytes [ 00, 00, 33, C0, 5E, C9, C3, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSAAsyncGetHostByName + 7B 71A1EA00 39 Bytes [ F8, 89, 7D, E4, 3B, FE, 74, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSAAsyncGetHostByAddr 71A1EA2B 192 Bytes CALL BF25E963 .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSAAsyncGetProtoByName + 17 71A1EAEC 45 Bytes [ 33, C0, C3, 90, 90, 90, 90, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSAAsyncGetProtoByName + 45 71A1EB1A 82 Bytes [ FF, 85, C0, 89, 45, FC, 75, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSAAsyncGetProtoByName + 98 71A1EB6D 20 Bytes [ 75, FC, FF, 15, A4, 11, A1, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSAAsyncGetProtoByName + AD 71A1EB82 140 Bytes [ 8B, FF, 55, 8B, EC, 81, EC, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSAAsyncGetProtoByName + 13A 71A1EC0F 18 Bytes [ A3, 94, FF, FF, 8B, F8, 85, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSCEnableNSProvider + 2D 71A1EE6E 5 Bytes [ 8D, 85, F8, FE, FF ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSCEnableNSProvider + 33 71A1EE74 86 Bytes [ 50, FF, 15, 14, 11, A1, 71, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSCEnableNSProvider + 8A 71A1EECB 78 Bytes [ 75, F8, 8B, C8, C1, E9, 02, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSCEnableNSProvider + D9 71A1EF1A 16 Bytes [ 15, 34, 10, A1, 71, 59, 59, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSCEnableNSProvider + EA 71A1EF2B 101 Bytes [ FF, C9, C2, 04, 00, 72, 74, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSCWriteNameSpaceOrder + 19 71A1F01A 204 Bytes [ FF, 8B, F8, 85, FF, 74, BA, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSCWriteNameSpaceOrder + E6 71A1F0E7 2 Bytes [ D6, B3 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSCWriteNameSpaceOrder + EA 71A1F0EB 35 Bytes [ 85, C0, 74, 0B, 50, FF, 15, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSCWriteNameSpaceOrder + 10E 71A1F10F 29 Bytes [ 15, A4, 11, A1, 71, 33, C0, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSCWriteNameSpaceOrder + 12D 71A1F12E 43 Bytes [ FF, 15, A4, 11, A1, 71, 33, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSCInstallNameSpace + 25 71A1F15A 1 Byte [ 59 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSCInstallNameSpace + 27 71A1F15C 59 Bytes [ 0B, 68, FC, 2A, 00, 00, FF, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSCInstallNameSpace + 63 71A1F198 42 Bytes [ 35, 20, 40, A2, 71, FF, 15, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSCInstallNameSpace + 8E 71A1F1C3 31 Bytes [ 07, 68, 26, 27, 00, 00, EB, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSCInstallNameSpace + AE 71A1F1E3 6 Bytes [ 8B, F8, 89, 7D, E0, 85 ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSCUnInstallNameSpace + 72 71A1F373 68 Bytes [ 55, 8B, EC, 56, 57, 8B, 7D, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSCUnInstallNameSpace + B7 71A1F3B8 5 Bytes [ 25, 78, 3A, 00, 90 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSCUnInstallNameSpace + C0 71A1F3C1 120 Bytes [ 8B, FF, 55, 8B, EC, 8B, 45, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSCUnInstallNameSpace + 139 71A1F43A 7 Bytes [ 06, 59, 59, 66, 89, 43, 3E ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSCUnInstallNameSpace + 141 71A1F442 11 Bytes [ 7B, 38, 85, FF, 74, 15, 8B, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSAGetQOSByName + 4E 71A1F4A6 11 Bytes [ 35, 20, 40, A2, 71, FF, 15, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSAGetQOSByName + 5A 71A1F4B2 119 Bytes [ C0, 89, 85, B8, FD, FF, FF, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSAGetQOSByName + D2 71A1F52A 97 Bytes [ 00, 8D, 85, BC, FD, FF, FF, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSAGetQOSByName + 135 71A1F58D 19 Bytes CALL 71A1369B C:\WINDOWS\System32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSAGetQOSByName + 149 71A1F5A1 40 Bytes [ EC, 81, EC, 48, 01, 00, 00, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSARecvDisconnect + 28 71A1F5FE 6 Bytes [ FF, 8D, 85, C0, FE, FF ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSARecvDisconnect + 2F 71A1F605 5 Bytes [ 89, 85, BC, FE, FF ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSARecvDisconnect + 35 71A1F60B 7 Bytes [ 75, 05, BF, 4C, BC, A1, 71 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSARecvDisconnect + 3D 71A1F613 25 Bytes [ C7, 8D, 50, 01, 8A, 08, 40, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSARecvDisconnect + 57 71A1F62D 2 Bytes [ F6, 59 ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSARecvFrom + 4E 71A1F6A0 17 Bytes CALL 71A1F40F C:\WINDOWS\System32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSARecvFrom + 60 71A1F6B2 5 Bytes [ FF, 8D, 85, C0, FE ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSARecvFrom + 66 71A1F6B8 5 Bytes [ FF, 39, 85, BC, FE ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSARecvFrom + 6C 71A1F6BE 8 Bytes [ FF, 74, 0C, FF, B5, BC, FE, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSARecvFrom + 75 71A1F6C7 16 Bytes CALL 71A1236E C:\WINDOWS\System32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSAEnumNameSpaceProvidersA + 22 71A1F9EB 59 Bytes [ 88, 14, 0F, 41, 84, D2, 75, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSAEnumNameSpaceProvidersW 71A1FA29 6 Bytes [ 90, 90, 8B, FF, 55, 8B ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSAEnumNameSpaceProvidersW + 7 71A1FA30 42 Bytes [ 81, 3D, 28, 40, A2, 71, 48, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSAEnumNameSpaceProvidersW + 32 71A1FA5B 16 Bytes CALL 71A1D7AA C:\WINDOWS\System32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSAEnumNameSpaceProvidersW + 43 71A1FA6C 134 Bytes [ 15, A4, 11, A1, 71, 33, C0, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSAEnumNameSpaceProvidersW + CA 71A1FAF3 84 Bytes [ FF, 85, C0, 74, 03, 50, EB, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSAInstallServiceClassW + 3B 71A1FBEC 11 Bytes CALL 71A1FD79 C:\WINDOWS\System32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSAInstallServiceClassW + 48 71A1FBF9 228 Bytes [ F8, 75, 22, 3B, FE, 75, E7, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSARemoveServiceClass + 42 71A1FCDE 182 Bytes [ FF, 55, 8B, EC, 51, 83, 65, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSAGetServiceClassNameByClassIdA + E 71A1FD95 27 Bytes [ FC, 8D, 45, EC, 68, 70, 78, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSAGetServiceClassNameByClassIdA + 2A 71A1FDB1 97 Bytes [ 50, 33, F6, 56, 68, 1F, 00, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSAGetServiceClassNameByClassIdA + 8C 71A1FE13 17 Bytes [ 5D, 08, 56, 57, 6A, 04, 59, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSAGetServiceClassNameByClassIdA + 9E 71A1FE25 70 Bytes [ FC, 01, 00, 00, 00, 75, 06, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSAGetServiceClassNameByClassIdA + E7 71A1FE6E 89 Bytes CALL 71A135F4 C:\WINDOWS\System32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSAGetServiceClassNameByClassIdW + 7 71A1FF70 107 Bytes [ 00, EF, A1, 71, 90, 90, 90, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSAGetServiceClassNameByClassIdW + 73 71A1FFDC 22 Bytes [ 00, 83, 4D, FC, FF, 33, C0, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSAGetServiceClassNameByClassIdW + 8B 71A1FFF4 38 Bytes [ C7, EF, A1, 71, D0, EF, A1, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSAGetServiceClassNameByClassIdW + B5 71A2001E 14 Bytes [ 59, 89, 7D, FC, 75, 08, 6A, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSAGetServiceClassNameByClassIdW + C4 71A2002D 20 Bytes JMP 65623334 .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSAGetServiceClassInfoW + 32 71A20173 5 Bytes CALL 71A1FB7B C:\WINDOWS\System32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSAGetServiceClassInfoW + 38 71A20179 93 Bytes [ 68, D4, F2, A1, 71, FF, 75, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSAGetServiceClassInfoW + 96 71A201D7 34 Bytes [ F3, 8D, 7D, D0, A5, A5, A5, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSAGetServiceClassInfoW + B9 71A201FA 43 Bytes [ 85, F6, 75, 6F, 50, FF, 75, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSAGetServiceClassInfoW + E5 71A20226 48 Bytes [ 39, 7D, E0, 74, 07, BE, 26, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSASetServiceW + 45 71A202AE 33 Bytes [ 15, A4, 10, A1, 71, 33, C0, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSASetServiceW + 67 71A202D0 34 Bytes [ 00, 90, 90, 90, 43, 75, 72, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSASetServiceW + 8B 71A202F4 39 Bytes [ 58, F2, A1, 71, 61, F2, A1, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSASetServiceW + B3 71A2031C 6 Bytes [ FF, 89, 45, CC, 85, C0 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSASetServiceW + BA 71A20323 87 Bytes [ 0A, 68, 7B, 27, 00, 00, E9, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSAInstallServiceClassA + 20 71A203C9 70 Bytes [ 00, 83, 4D, FC, FF, 8B, 5D, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSAInstallServiceClassA + 67 71A20410 25 Bytes [ 15, A4, 11, A1, 71, 83, C8, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSAGetServiceClassInfoA + 2 71A2042A 40 Bytes [ FF, FF, B9, F3, A1, 71, C2, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSAGetServiceClassInfoA + 2B 71A20453 44 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSAGetServiceClassInfoA + 58 71A20480 13 Bytes [ 85, C0, 89, 45, FC, 75, 48, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSAGetServiceClassInfoA + 66 71A2048E 33 Bytes [ FF, 8B, F0, 85, F6, 74, 33, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSAGetServiceClassInfoA + 88 71A204B0 72 Bytes [ FF, 85, FF, 74, 04, 8B, C7, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSASetServiceA + 3F 71A204F9 34 Bytes [ FF, 8B, CE, 8B, 75, 08, 8B, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSASetServiceA + 62 71A2051C 1 Byte [ 55 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSASetServiceA + 64 71A2051E 33 Bytes [ EC, 83, EC, 0C, 85, D2, 0F, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSASetServiceA + 86 71A20540 151 Bytes [ C9, 39, 4B, FC, 74, 2E, 8B, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSASetServiceA + 11E 71A205D8 9 Bytes [ 55, 8B, EC, 51, 81, 3D, 28, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSAAsyncSelect + 2 71A2097B 81 Bytes [ 8B, 45, E0, 3B, C7, 75, 05, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSAAsyncSelect + 54 71A209CD 50 Bytes [ EC, 83, EC, 0C, 8D, 45, F4, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSAAsyncSelect + 87 71A20A00 11 Bytes [ 75, 0C, FF, 75, 08, 6A, 01, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSASendDisconnect + 2 71A20A0C 1 Byte [ FF ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSASendDisconnect + 4 71A20A0E 21 Bytes [ F0, 83, FE, FF, 75, 09, FF, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSASendDisconnect + 1A 71A20A24 32 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSASendDisconnect + 3B 71A20A45 26 Bytes [ 0C, 50, FF, 15, A4, 11, A1, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSASendDisconnect + 56 71A20A60 3 Bytes [ 75, 0C, FF ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSASendTo + 2A 71A20ABF 92 Bytes [ F6, 75, 13, 8B, 4D, 08, 50, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSASendTo + 87 71A20B1C 21 Bytes [ C0, 75, 41, 6A, 0C, E8, D0, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSASendTo + 9D 71A20B32 55 Bytes [ 02, 33, F6, 85, F6, 74, 1C, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!getpeername + 1A 71A20B6A 13 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!getpeername + 28 71A20B78 6 Bytes [ C9, 74, 09, E8, 1E, 93 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!getpeername + 2F 71A20B7F 24 Bytes [ FF, 83, 66, 08, 00, 5E, C3, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!getpeername + 48 71A20B98 149 Bytes [ F6, 45, 08, 01, 74, 07, 56, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!shutdown + 50 71A20C2E 111 Bytes [ 07, FF, 75, F8, 8D, 4D, E8, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSAConnect + 35 71A20C9E 1 Byte [ 55 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSAConnect + 37 71A20CA0 9 Bytes [ EC, 83, EC, 2C, 57, 8D, 45, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSAConnect + 41 71A20CAA 1 Byte [ 45 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSAConnect + 43 71A20CAC 1 Byte [ 50 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSAConnect + 45 71A20CAE 20 Bytes [ 15, 28, 40, A2, 71, 33, FF, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSAGetOverlappedResult + 33 71A20D36 2 Bytes [ 12, FA ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSAGetOverlappedResult + 37 71A20D3A 31 Bytes [ 85, C0, 75, 04, 33, F6, EB, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSAGetOverlappedResult + 57 71A20D5A 36 Bytes CALL 71A20B8A C:\WINDOWS\System32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSAGetOverlappedResult + 7D 71A20D80 1 Byte [ 04 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSAGetOverlappedResult + 84 71A20D87 123 Bytes [ 6A, 54, 68, 58, FF, A1, 71, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSAAccept + 5A 71A20E03 84 Bytes [ B0, 8D, 55, B0, 89, 50, 04, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSAAccept + AF 71A20E58 79 Bytes CALL 71A135F3 C:\WINDOWS\System32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSAAccept + FF 71A20EA8 98 Bytes [ 75, 0C, 6A, FF, FF, 77, 04, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSAAccept + 162 71A20F0B 53 Bytes [ 4D, E0, EB, 0B, 8B, 01, 89, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSAAccept + 198 71A20F41 19 Bytes [ FF, 53, FF, 15, A4, 11, A1, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSAJoinLeaf 71A20F58 1 Byte [ FF ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSAJoinLeaf + 2 71A20F5A 45 Bytes [ FF, FF, D1, FE, A1, 71, DA, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSAJoinLeaf + 31 71A20F89 13 Bytes JMP 71A21118 C:\WINDOWS\System32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSAJoinLeaf + 3F 71A20F97 6 Bytes [ 8B, C8, 89, 4D, D8, 89 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSAJoinLeaf + 46 71A20F9E 2 Bytes [ A0, 89 ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!accept + 2 71A2102A 85 Bytes [ 75, 02, 8B, FB, 81, FF, 1E, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!accept + 58 71A21080 74 Bytes [ 73, 04, FF, 75, 0C, FF, 15, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!accept + A3 71A210CB 12 Bytes [ 75, 05, BF, FC, 2A, 00, 00, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!accept + B0 71A210D8 13 Bytes [ 59, EB, 05, BF, 47, 27, 00, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!accept + BE 71A210E6 16 Bytes [ 01, 89, 45, B0, 8D, 55, B0, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSCUpdateProvider + 52 71A212CB 18 Bytes [ EB, 09, 8B, 47, 14, 89, 45, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSCUpdateProvider + 65 71A212DE 48 Bytes [ 45, D4, 89, 45, D0, 89, 5D, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSCUpdateProvider + 96 71A2130F 52 Bytes CALL 71A20AAC C:\WINDOWS\System32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSCUpdateProvider + CB 71A21344 1 Byte [ FC ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSCUpdateProvider + CF 71A21348 92 Bytes CALL 71A20B87 C:\WINDOWS\System32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSCWriteProviderOrder + 23 71A2153C 51 Bytes [ 53, 56, 57, 33, FF, 3B, D7, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSCWriteProviderOrder + 57 71A21570 25 Bytes [ C6, 10, 3B, D7, 74, 05, 8B, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSCWriteProviderOrder + 71 71A2158A 6 Bytes [ FF, FF, 71, 04, 57, 57 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSCWriteProviderOrder + 78 71A21591 90 Bytes [ 15, BC, 11, A1, 71, 8D, 74, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSCWriteProviderOrder + D3 71A215EC 53 Bytes [ FF, 34, 18, 57, 57, FF, 15, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSCInstallProvider + 59 71A216A6 112 Bytes [ 57, 57, 6A, FF, FF, 70, 04, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSCInstallProvider + CA 71A21717 18 Bytes [ 45, DC, 8B, 4D, E4, 8D, 4C, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSCInstallProvider + DD 71A2172A 35 Bytes [ 75, D4, 6A, 00, 6A, 00, FF, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSCInstallProvider + 101 71A2174E 45 Bytes [ 7C, 38, 10, 8B, C1, C1, E9, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSCInstallProvider + 12F 71A2177C 55 Bytes JMP 71A216D8 C:\WINDOWS\System32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSCDeinstallProvider + 3F 71A219F0 194 Bytes [ 36, 27, 00, 00, FF, 75, FC, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSCDeinstallProvider + 102 71A21AB3 16 Bytes [ 35, 20, 40, A2, 71, FF, 15, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSCDeinstallProvider + 113 71A21AC4 15 Bytes [ 06, 83, 65, FC, 00, EB, 10, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSCDeinstallProvider + 123 71A21AD4 32 Bytes [ 85, C0, 89, 45, FC, 75, 5F, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSCDeinstallProvider + 144 71A21AF5 26 Bytes [ 75, 28, FF, 75, 24, FF, 75, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WPUCompleteOverlappedRequest + 35 71A21CDC 38 Bytes [ 10, C7, 45, FC, 7B, 27, 00, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WPUCompleteOverlappedRequest + 5C 71A21D03 23 Bytes [ 8B, FF, 55, 8B, EC, 51, 81, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WPUCompleteOverlappedRequest + 76 71A21D1D 18 Bytes [ 00, 74, 06, 83, 65, FC, 00, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WPUCompleteOverlappedRequest + 89 71A21D30 8 Bytes [ 75, 3F, FF, 75, 08, E8, B9, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WPUCompleteOverlappedRequest + 92 71A21D39 50 Bytes [ FF, 8B, F0, 85, F6, 74, 2A, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSApSetPostRoutine + 5D 71A21F26 49 Bytes [ 48, 08, 8B, 55, 0C, 89, 0A, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSApSetPostRoutine + 8F 71A21F58 121 Bytes [ 8B, FF, 55, 8B, EC, 51, 51, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSApSetPostRoutine + 109 71A21FD2 172 Bytes [ 75, 1C, FF, 75, 18, FF, 75, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSApSetPostRoutine + 1B6 71A2207F 21 Bytes [ FF, 8B, F0, 85, F6, 0F, 85, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WSApSetPostRoutine + 1CC 71A22095 22 Bytes [ 8B, F0, 85, F6, 0F, 85, 84, ... ] .text ... .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WEP + A 71A2210F 3 Bytes [ FF, EB, 11 ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WEP + F 71A22114 1 Byte [ FC ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WEP + 12 71A22117 117 Bytes [ F8, FF, 15, B4, 10, A1, 71, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WEP + 88 71A2218D 58 Bytes [ E4, 8B, 5D, 08, 89, 9D, 64, ... ] .text C:\WINDOWS\System32\nvsvc32.exe[468] WS2_32.dll!WEP + C3 71A221C8 75 Bytes [ FF, 3B, 43, 0C, 73, 4B, 69, ... ] .text ... .text C:\WINDOWS\system32\PnkBstrA.exe[480] ntdll.dll!NtClose 7C92D586 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\PnkBstrA.exe[480] ntdll.dll!NtClose + 4 7C92D58A 2 Bytes [ 2C, 5F ] .text C:\WINDOWS\system32\PnkBstrA.exe[480] ntdll.dll!NtCreateFile 7C92D682 1 Byte [ FF ] .text C:\WINDOWS\system32\PnkBstrA.exe[480] ntdll.dll!NtCreateFile + 2 7C92D684 1 Byte [ 1E ] .text C:\WINDOWS\system32\PnkBstrA.exe[480] ntdll.dll!NtCreateFile + 4 7C92D686 2 Bytes [ 17, 5F ] .text C:\WINDOWS\system32\PnkBstrA.exe[480] ntdll.dll!NtCreateKey 7C92D6D6 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\PnkBstrA.exe[480] ntdll.dll!NtCreateKey + 4 7C92D6DA 2 Bytes [ 05, 5F ] .text C:\WINDOWS\system32\PnkBstrA.exe[480] ntdll.dll!NtCreateSection 7C92D793 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\PnkBstrA.exe[480] ntdll.dll!NtCreateSection + 4 7C92D797 2 Bytes [ 23, 5F ] .text C:\WINDOWS\system32\PnkBstrA.exe[480] ntdll.dll!NtDeleteKey 7C92D8A4 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\PnkBstrA.exe[480] ntdll.dll!NtDeleteKey + 4 7C92D8A8 2 Bytes [ 0B, 5F ] .text C:\WINDOWS\system32\PnkBstrA.exe[480] ntdll.dll!NtDeleteValueKey 7C92D8CE 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\PnkBstrA.exe[480] ntdll.dll!NtDeleteValueKey + 4 7C92D8D2 2 Bytes [ 11, 5F ] .text C:\WINDOWS\system32\PnkBstrA.exe[480] ntdll.dll!NtRenameKey 7C92E339 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\PnkBstrA.exe[480] ntdll.dll!NtRenameKey + 4 7C92E33D 2 Bytes [ 14, 5F ] .text C:\WINDOWS\system32\PnkBstrA.exe[480] ntdll.dll!NtSetInformationFile 7C92E5D9 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\PnkBstrA.exe[480] ntdll.dll!NtSetInformationFile + 4 7C92E5DD 2 Bytes [ 20, 5F ] .text C:\WINDOWS\system32\PnkBstrA.exe[480] ntdll.dll!NtSetValueKey 7C92E7BC 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\PnkBstrA.exe[480] ntdll.dll!NtSetValueKey + 4 7C92E7C0 2 Bytes [ 0E, 5F ] .text C:\WINDOWS\system32\PnkBstrA.exe[480] ntdll.dll!NtTerminateProcess 7C92E88E 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\PnkBstrA.exe[480] ntdll.dll!NtTerminateProcess + 4 7C92E892 2 Bytes [ 26, 5F ] .text C:\WINDOWS\system32\PnkBstrA.exe[480] ntdll.dll!NtWriteFile 7C92E9F3 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\PnkBstrA.exe[480] ntdll.dll!NtWriteFile + 4 7C92E9F7 2 Bytes [ 1A, 5F ] .text C:\WINDOWS\system32\PnkBstrA.exe[480] ntdll.dll!NtWriteFileGather 7C92EA08 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\PnkBstrA.exe[480] ntdll.dll!NtWriteFileGather + 4 7C92EA0C 2 Bytes [ 1D, 5F ] .text C:\WINDOWS\system32\PnkBstrA.exe[480] ntdll.dll!NtWriteVirtualMemory 7C92EA32 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\PnkBstrA.exe[480] ntdll.dll!NtWriteVirtualMemory + 4 7C92EA36 2 Bytes [ 29, 5F ] .text C:\WINDOWS\system32\PnkBstrA.exe[480] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\PnkBstrA.exe[480] USER32.dll!SetWindowsHookExW 77D3E621 6 Bytes JMP 5F320F5A .text C:\WINDOWS\system32\PnkBstrA.exe[480] USER32.dll!SetWindowsHookExA 77D402B2 6 Bytes JMP 5F2E0F5A .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[524] ntdll.dll!NtClose 7C92D586 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[524] ntdll.dll!NtClose + 4 7C92D58A 2 Bytes [ 2C, 5F ] .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[524] ntdll.dll!NtCreateFile 7C92D682 1 Byte [ FF ] .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[524] ntdll.dll!NtCreateFile + 2 7C92D684 1 Byte [ 1E ] .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[524] ntdll.dll!NtCreateFile + 4 7C92D686 2 Bytes [ 17, 5F ] .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[524] ntdll.dll!NtCreateKey 7C92D6D6 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[524] ntdll.dll!NtCreateKey + 4 7C92D6DA 2 Bytes [ 05, 5F ] .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[524] ntdll.dll!NtCreateSection 7C92D793 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[524] ntdll.dll!NtCreateSection + 4 7C92D797 2 Bytes [ 23, 5F ] .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[524] ntdll.dll!NtDeleteKey 7C92D8A4 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[524] ntdll.dll!NtDeleteKey + 4 7C92D8A8 2 Bytes [ 0B, 5F ] .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[524] ntdll.dll!NtDeleteValueKey 7C92D8CE 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[524] ntdll.dll!NtDeleteValueKey + 4 7C92D8D2 2 Bytes [ 11, 5F ] .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[524] ntdll.dll!NtRenameKey 7C92E339 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[524] ntdll.dll!NtRenameKey + 4 7C92E33D 2 Bytes [ 14, 5F ] .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[524] ntdll.dll!NtSetInformationFile 7C92E5D9 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[524] ntdll.dll!NtSetInformationFile + 4 7C92E5DD 2 Bytes [ 20, 5F ] .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[524] ntdll.dll!NtSetValueKey 7C92E7BC 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[524] ntdll.dll!NtSetValueKey + 4 7C92E7C0 2 Bytes [ 0E, 5F ] .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[524] ntdll.dll!NtTerminateProcess 7C92E88E 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[524] ntdll.dll!NtTerminateProcess + 4 7C92E892 2 Bytes [ 26, 5F ] .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[524] ntdll.dll!NtWriteFile 7C92E9F3 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[524] ntdll.dll!NtWriteFile + 4 7C92E9F7 2 Bytes [ 1A, 5F ] .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[524] ntdll.dll!NtWriteFileGather 7C92EA08 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[524] ntdll.dll!NtWriteFileGather + 4 7C92EA0C 2 Bytes [ 1D, 5F ] .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[524] ntdll.dll!NtWriteVirtualMemory 7C92EA32 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[524] ntdll.dll!NtWriteVirtualMemory + 4 7C92EA36 2 Bytes [ 29, 5F ] .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[524] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[524] USER32.dll!SetWindowsHookExW 77D3E621 6 Bytes JMP 5F320F5A .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[524] USER32.dll!SetWindowsHookExA 77D402B2 6 Bytes JMP 5F2E0F5A .text C:\WINDOWS\system32\csrss.exe[748] ntdll.dll!NtClose 7C92D586 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\csrss.exe[748] ntdll.dll!NtClose + 4 7C92D58A 2 Bytes [ 2C, 5F ] .text C:\WINDOWS\system32\csrss.exe[748] ntdll.dll!NtCreateFile 7C92D682 1 Byte [ FF ] .text C:\WINDOWS\system32\csrss.exe[748] ntdll.dll!NtCreateFile + 2 7C92D684 1 Byte [ 1E ] .text C:\WINDOWS\system32\csrss.exe[748] ntdll.dll!NtCreateFile + 4 7C92D686 2 Bytes [ 17, 5F ] .text C:\WINDOWS\system32\csrss.exe[748] ntdll.dll!NtCreateKey 7C92D6D6 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\csrss.exe[748] ntdll.dll!NtCreateKey + 4 7C92D6DA 2 Bytes [ 05, 5F ] .text C:\WINDOWS\system32\csrss.exe[748] ntdll.dll!NtCreateSection 7C92D793 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\csrss.exe[748] ntdll.dll!NtCreateSection + 4 7C92D797 2 Bytes [ 23, 5F ] .text C:\WINDOWS\system32\csrss.exe[748] ntdll.dll!NtDeleteKey 7C92D8A4 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\csrss.exe[748] ntdll.dll!NtDeleteKey + 4 7C92D8A8 2 Bytes [ 0B, 5F ] .text C:\WINDOWS\system32\csrss.exe[748] ntdll.dll!NtDeleteValueKey 7C92D8CE 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\csrss.exe[748] ntdll.dll!NtDeleteValueKey + 4 7C92D8D2 2 Bytes [ 11, 5F ] .text C:\WINDOWS\system32\csrss.exe[748] ntdll.dll!NtRenameKey 7C92E339 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\csrss.exe[748] ntdll.dll!NtRenameKey + 4 7C92E33D 2 Bytes [ 14, 5F ] .text C:\WINDOWS\system32\csrss.exe[748] ntdll.dll!NtSetInformationFile 7C92E5D9 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\csrss.exe[748] ntdll.dll!NtSetInformationFile + 4 7C92E5DD 2 Bytes [ 20, 5F ] .text C:\WINDOWS\system32\csrss.exe[748] ntdll.dll!NtSetValueKey 7C92E7BC 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\csrss.exe[748] ntdll.dll!NtSetValueKey + 4 7C92E7C0 2 Bytes [ 0E, 5F ] .text C:\WINDOWS\system32\csrss.exe[748] ntdll.dll!NtTerminateProcess 7C92E88E 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\csrss.exe[748] ntdll.dll!NtTerminateProcess + 4 7C92E892 2 Bytes [ 26, 5F ] .text C:\WINDOWS\system32\csrss.exe[748] ntdll.dll!NtWriteFile 7C92E9F3 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\csrss.exe[748] ntdll.dll!NtWriteFile + 4 7C92E9F7 2 Bytes [ 1A, 5F ] .text C:\WINDOWS\system32\csrss.exe[748] ntdll.dll!NtWriteFileGather 7C92EA08 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\csrss.exe[748] ntdll.dll!NtWriteFileGather + 4 7C92EA0C 2 Bytes [ 1D, 5F ] .text C:\WINDOWS\system32\csrss.exe[748] ntdll.dll!NtWriteVirtualMemory 7C92EA32 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\csrss.exe[748] ntdll.dll!NtWriteVirtualMemory + 4 7C92EA36 2 Bytes [ 29, 5F ] .text C:\WINDOWS\system32\csrss.exe[748] USER32.dll!SetWindowsHookExW 77D3E621 6 Bytes JMP 5F320F5A .text C:\WINDOWS\system32\csrss.exe[748] USER32.dll!SetWindowsHookExA 77D402B2 6 Bytes JMP 5F2E0F5A .text C:\WINDOWS\system32\csrss.exe[748] KERNEL32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\winlogon.exe[772] ntdll.dll!NtClose 7C92D586 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\winlogon.exe[772] ntdll.dll!NtClose + 4 7C92D58A 2 Bytes [ 2C, 5F ] .text C:\WINDOWS\system32\winlogon.exe[772] ntdll.dll!NtCreateFile 7C92D682 1 Byte [ FF ] .text C:\WINDOWS\system32\winlogon.exe[772] ntdll.dll!NtCreateFile + 2 7C92D684 1 Byte [ 1E ] .text C:\WINDOWS\system32\winlogon.exe[772] ntdll.dll!NtCreateFile + 4 7C92D686 2 Bytes [ 17, 5F ] .text C:\WINDOWS\system32\winlogon.exe[772] ntdll.dll!NtCreateKey 7C92D6D6 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\winlogon.exe[772] ntdll.dll!NtCreateKey + 4 7C92D6DA 2 Bytes [ 05, 5F ] .text C:\WINDOWS\system32\winlogon.exe[772] ntdll.dll!NtCreateSection 7C92D793 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\winlogon.exe[772] ntdll.dll!NtCreateSection + 4 7C92D797 2 Bytes [ 23, 5F ] .text C:\WINDOWS\system32\winlogon.exe[772] ntdll.dll!NtDeleteKey 7C92D8A4 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\winlogon.exe[772] ntdll.dll!NtDeleteKey + 4 7C92D8A8 2 Bytes [ 0B, 5F ] .text C:\WINDOWS\system32\winlogon.exe[772] ntdll.dll!NtDeleteValueKey 7C92D8CE 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\winlogon.exe[772] ntdll.dll!NtDeleteValueKey + 4 7C92D8D2 2 Bytes [ 11, 5F ] .text C:\WINDOWS\system32\winlogon.exe[772] ntdll.dll!NtRenameKey 7C92E339 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\winlogon.exe[772] ntdll.dll!NtRenameKey + 4 7C92E33D 2 Bytes [ 14, 5F ] .text C:\WINDOWS\system32\winlogon.exe[772] ntdll.dll!NtSetInformationFile 7C92E5D9 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\winlogon.exe[772] ntdll.dll!NtSetInformationFile + 4 7C92E5DD 2 Bytes [ 20, 5F ] .text C:\WINDOWS\system32\winlogon.exe[772] ntdll.dll!NtSetValueKey 7C92E7BC 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\winlogon.exe[772] ntdll.dll!NtSetValueKey + 4 7C92E7C0 2 Bytes [ 0E, 5F ] .text C:\WINDOWS\system32\winlogon.exe[772] ntdll.dll!NtTerminateProcess 7C92E88E 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\winlogon.exe[772] ntdll.dll!NtTerminateProcess + 4 7C92E892 2 Bytes [ 26, 5F ] .text C:\WINDOWS\system32\winlogon.exe[772] ntdll.dll!NtWriteFile 7C92E9F3 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\winlogon.exe[772] ntdll.dll!NtWriteFile + 4 7C92E9F7 2 Bytes [ 1A, 5F ] .text C:\WINDOWS\system32\winlogon.exe[772] ntdll.dll!NtWriteFileGather 7C92EA08 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\winlogon.exe[772] ntdll.dll!NtWriteFileGather + 4 7C92EA0C 2 Bytes [ 1D, 5F ] .text C:\WINDOWS\system32\winlogon.exe[772] ntdll.dll!NtWriteVirtualMemory 7C92EA32 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\winlogon.exe[772] ntdll.dll!NtWriteVirtualMemory + 4 7C92EA36 2 Bytes [ 29, 5F ] .text C:\WINDOWS\system32\winlogon.exe[772] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\winlogon.exe[772] USER32.dll!SetWindowsHookExW 77D3E621 6 Bytes JMP 5F320F5A .text C:\WINDOWS\system32\winlogon.exe[772] USER32.dll!SetWindowsHookExA 77D402B2 6 Bytes JMP 5F2E0F5A .text C:\Program Files\Spyware Doctor\pctsSvc.exe[792] kernel32.dll!CreateThread + 1A 7C810849 4 Bytes [ 67, 96, C3, 83 ] .text C:\WINDOWS\system32\services.exe[816] ntdll.dll!NtClose 7C92D586 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\services.exe[816] ntdll.dll!NtClose + 4 7C92D58A 2 Bytes [ 2C, 5F ] .text C:\WINDOWS\system32\services.exe[816] ntdll.dll!NtCreateFile 7C92D682 1 Byte [ FF ] .text C:\WINDOWS\system32\services.exe[816] ntdll.dll!NtCreateFile + 2 7C92D684 1 Byte [ 1E ] .text C:\WINDOWS\system32\services.exe[816] ntdll.dll!NtCreateFile + 4 7C92D686 2 Bytes [ 17, 5F ] .text C:\WINDOWS\system32\services.exe[816] ntdll.dll!NtCreateKey 7C92D6D6 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\services.exe[816] ntdll.dll!NtCreateKey + 4 7C92D6DA 2 Bytes [ 05, 5F ] .text C:\WINDOWS\system32\services.exe[816] ntdll.dll!NtCreateSection 7C92D793 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\services.exe[816] ntdll.dll!NtCreateSection + 4 7C92D797 2 Bytes [ 23, 5F ] .text C:\WINDOWS\system32\services.exe[816] ntdll.dll!NtDeleteKey 7C92D8A4 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\services.exe[816] ntdll.dll!NtDeleteKey + 4 7C92D8A8 2 Bytes [ 0B, 5F ] .text C:\WINDOWS\system32\services.exe[816] ntdll.dll!NtDeleteValueKey 7C92D8CE 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\services.exe[816] ntdll.dll!NtDeleteValueKey + 4 7C92D8D2 2 Bytes [ 11, 5F ] .text C:\WINDOWS\system32\services.exe[816] ntdll.dll!NtRenameKey 7C92E339 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\services.exe[816] ntdll.dll!NtRenameKey + 4 7C92E33D 2 Bytes [ 14, 5F ] .text C:\WINDOWS\system32\services.exe[816] ntdll.dll!NtSetInformationFile 7C92E5D9 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\services.exe[816] ntdll.dll!NtSetInformationFile + 4 7C92E5DD 2 Bytes [ 20, 5F ] .text C:\WINDOWS\system32\services.exe[816] ntdll.dll!NtSetValueKey 7C92E7BC 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\services.exe[816] ntdll.dll!NtSetValueKey + 4 7C92E7C0 2 Bytes [ 0E, 5F ] .text C:\WINDOWS\system32\services.exe[816] ntdll.dll!NtTerminateProcess 7C92E88E 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\services.exe[816] ntdll.dll!NtTerminateProcess + 4 7C92E892 2 Bytes [ 26, 5F ] .text C:\WINDOWS\system32\services.exe[816] ntdll.dll!NtWriteFile 7C92E9F3 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\services.exe[816] ntdll.dll!NtWriteFile + 4 7C92E9F7 2 Bytes [ 1A, 5F ] .text C:\WINDOWS\system32\services.exe[816] ntdll.dll!NtWriteFileGather 7C92EA08 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\services.exe[816] ntdll.dll!NtWriteFileGather + 4 7C92EA0C 2 Bytes [ 1D, 5F ] .text C:\WINDOWS\system32\services.exe[816] ntdll.dll!NtWriteVirtualMemory 7C92EA32 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\services.exe[816] ntdll.dll!NtWriteVirtualMemory + 4 7C92EA36 2 Bytes [ 29, 5F ] .text C:\WINDOWS\system32\services.exe[816] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\services.exe[816] USER32.dll!SetWindowsHookExW 77D3E621 6 Bytes JMP 5F320F5A .text C:\WINDOWS\system32\services.exe[816] USER32.dll!SetWindowsHookExA 77D402B2 6 Bytes JMP 5F2E0F5A .text C:\WINDOWS\system32\lsass.exe[828] ntdll.dll!NtClose 7C92D586 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\lsass.exe[828] ntdll.dll!NtClose + 4 7C92D58A 2 Bytes [ 2C, 5F ] .text C:\WINDOWS\system32\lsass.exe[828] ntdll.dll!NtCreateFile 7C92D682 1 Byte [ FF ] .text C:\WINDOWS\system32\lsass.exe[828] ntdll.dll!NtCreateFile + 2 7C92D684 1 Byte [ 1E ] .text C:\WINDOWS\system32\lsass.exe[828] ntdll.dll!NtCreateFile + 4 7C92D686 2 Bytes [ 17, 5F ] .text C:\WINDOWS\system32\lsass.exe[828] ntdll.dll!NtCreateKey 7C92D6D6 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\lsass.exe[828] ntdll.dll!NtCreateKey + 4 7C92D6DA 2 Bytes [ 05, 5F ] .text C:\WINDOWS\system32\lsass.exe[828] ntdll.dll!NtCreateSection 7C92D793 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\lsass.exe[828] ntdll.dll!NtCreateSection + 4 7C92D797 2 Bytes [ 23, 5F ] .text C:\WINDOWS\system32\lsass.exe[828] ntdll.dll!NtDeleteKey 7C92D8A4 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\lsass.exe[828] ntdll.dll!NtDeleteKey + 4 7C92D8A8 2 Bytes [ 0B, 5F ] .text C:\WINDOWS\system32\lsass.exe[828] ntdll.dll!NtDeleteValueKey 7C92D8CE 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\lsass.exe[828] ntdll.dll!NtDeleteValueKey + 4 7C92D8D2 2 Bytes [ 11, 5F ] .text C:\WINDOWS\system32\lsass.exe[828] ntdll.dll!NtRenameKey 7C92E339 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\lsass.exe[828] ntdll.dll!NtRenameKey + 4 7C92E33D 2 Bytes [ 14, 5F ] .text C:\WINDOWS\system32\lsass.exe[828] ntdll.dll!NtSetInformationFile 7C92E5D9 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\lsass.exe[828] ntdll.dll!NtSetInformationFile + 4 7C92E5DD 2 Bytes [ 20, 5F ] .text C:\WINDOWS\system32\lsass.exe[828] ntdll.dll!NtSetValueKey 7C92E7BC 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\lsass.exe[828] ntdll.dll!NtSetValueKey + 4 7C92E7C0 2 Bytes [ 0E, 5F ] .text C:\WINDOWS\system32\lsass.exe[828] ntdll.dll!NtTerminateProcess 7C92E88E 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\lsass.exe[828] ntdll.dll!NtTerminateProcess + 4 7C92E892 2 Bytes [ 26, 5F ] .text C:\WINDOWS\system32\lsass.exe[828] ntdll.dll!NtWriteFile 7C92E9F3 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\lsass.exe[828] ntdll.dll!NtWriteFile + 4 7C92E9F7 2 Bytes [ 1A, 5F ] .text C:\WINDOWS\system32\lsass.exe[828] ntdll.dll!NtWriteFileGather 7C92EA08 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\lsass.exe[828] ntdll.dll!NtWriteFileGather + 4 7C92EA0C 2 Bytes [ 1D, 5F ] .text C:\WINDOWS\system32\lsass.exe[828] ntdll.dll!NtWriteVirtualMemory 7C92EA32 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\lsass.exe[828] ntdll.dll!NtWriteVirtualMemory + 4 7C92EA36 2 Bytes [ 29, 5F ] .text C:\WINDOWS\system32\lsass.exe[828] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\lsass.exe[828] USER32.dll!SetWindowsHookExW 77D3E621 6 Bytes JMP 5F320F5A .text C:\WINDOWS\system32\lsass.exe[828] USER32.dll!SetWindowsHookExA 77D402B2 6 Bytes JMP 5F2E0F5A .text C:\Program Files\internet explorer\iexplore.exe[968] ntdll.dll!NtClose 7C92D586 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\internet explorer\iexplore.exe[968] ntdll.dll!NtClose + 4 7C92D58A 2 Bytes [ 2C, 5F ] .text C:\Program Files\internet explorer\iexplore.exe[968] ntdll.dll!NtCreateFile 7C92D682 1 Byte [ FF ] .text C:\Program Files\internet explorer\iexplore.exe[968] ntdll.dll!NtCreateFile + 2 7C92D684 1 Byte [ 1E ] .text C:\Program Files\internet explorer\iexplore.exe[968] ntdll.dll!NtCreateFile + 4 7C92D686 2 Bytes [ 17, 5F ] .text C:\Program Files\internet explorer\iexplore.exe[968] ntdll.dll!NtCreateKey 7C92D6D6 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\internet explorer\iexplore.exe[968] ntdll.dll!NtCreateKey + 4 7C92D6DA 2 Bytes [ 05, 5F ] .text C:\Program Files\internet explorer\iexplore.exe[968] ntdll.dll!NtCreateSection 7C92D793 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\internet explorer\iexplore.exe[968] ntdll.dll!NtCreateSection + 4 7C92D797 2 Bytes [ 23, 5F ] .text C:\Program Files\internet explorer\iexplore.exe[968] ntdll.dll!NtDeleteKey 7C92D8A4 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\internet explorer\iexplore.exe[968] ntdll.dll!NtDeleteKey + 4 7C92D8A8 2 Bytes [ 0B, 5F ] .text C:\Program Files\internet explorer\iexplore.exe[968] ntdll.dll!NtDeleteValueKey 7C92D8CE 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\internet explorer\iexplore.exe[968] ntdll.dll!NtDeleteValueKey + 4 7C92D8D2 2 Bytes [ 11, 5F ] .text C:\Program Files\internet explorer\iexplore.exe[968] ntdll.dll!NtRenameKey 7C92E339 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\internet explorer\iexplore.exe[968] ntdll.dll!NtRenameKey + 4 7C92E33D 2 Bytes [ 14, 5F ] .text C:\Program Files\internet explorer\iexplore.exe[968] ntdll.dll!NtSetInformationFile 7C92E5D9 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\internet explorer\iexplore.exe[968] ntdll.dll!NtSetInformationFile + 4 7C92E5DD 2 Bytes [ 20, 5F ] .text C:\Program Files\internet explorer\iexplore.exe[968] ntdll.dll!NtSetValueKey 7C92E7BC 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\internet explorer\iexplore.exe[968] ntdll.dll!NtSetValueKey + 4 7C92E7C0 2 Bytes [ 0E, 5F ] .text C:\Program Files\internet explorer\iexplore.exe[968] ntdll.dll!NtTerminateProcess 7C92E88E 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\internet explorer\iexplore.exe[968] ntdll.dll!NtTerminateProcess + 4 7C92E892 2 Bytes [ 26, 5F ] .text C:\Program Files\internet explorer\iexplore.exe[968] ntdll.dll!NtWriteFile 7C92E9F3 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\internet explorer\iexplore.exe[968] ntdll.dll!NtWriteFile + 4 7C92E9F7 2 Bytes [ 1A, 5F ] .text C:\Program Files\internet explorer\iexplore.exe[968] ntdll.dll!NtWriteFileGather 7C92EA08 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\internet explorer\iexplore.exe[968] ntdll.dll!NtWriteFileGather + 4 7C92EA0C 2 Bytes [ 1D, 5F ] .text C:\Program Files\internet explorer\iexplore.exe[968] ntdll.dll!NtWriteVirtualMemory 7C92EA32 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\internet explorer\iexplore.exe[968] ntdll.dll!NtWriteVirtualMemory + 4 7C92EA36 2 Bytes [ 29, 5F ] .text C:\Program Files\internet explorer\iexplore.exe[968] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Program Files\internet explorer\iexplore.exe[968] kernel32.dll!FreeLibrary + 15 7C80AA7B 4 Bytes [ BD, 55, EF, F4 ] .text C:\Program Files\internet explorer\iexplore.exe[968] USER32.dll!SetWindowsHookExW 77D3E621 6 Bytes JMP 5F320F5A .text C:\Program Files\internet explorer\iexplore.exe[968] USER32.dll!SetWindowsHookExA 77D402B2 6 Bytes JMP 5F2E0F5A .text C:\WINDOWS\system32\svchost.exe[1008] ntdll.dll!NtClose 7C92D586 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1008] ntdll.dll!NtClose + 4 7C92D58A 2 Bytes [ 2C, 5F ] .text C:\WINDOWS\system32\svchost.exe[1008] ntdll.dll!NtCreateFile 7C92D682 1 Byte [ FF ] .text C:\WINDOWS\system32\svchost.exe[1008] ntdll.dll!NtCreateFile + 2 7C92D684 1 Byte [ 1E ] .text C:\WINDOWS\system32\svchost.exe[1008] ntdll.dll!NtCreateFile + 4 7C92D686 2 Bytes [ 17, 5F ] .text C:\WINDOWS\system32\svchost.exe[1008] ntdll.dll!NtCreateKey 7C92D6D6 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1008] ntdll.dll!NtCreateKey + 4 7C92D6DA 2 Bytes [ 05, 5F ] .text C:\WINDOWS\system32\svchost.exe[1008] ntdll.dll!NtCreateSection 7C92D793 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1008] ntdll.dll!NtCreateSection + 4 7C92D797 2 Bytes [ 23, 5F ] .text C:\WINDOWS\system32\svchost.exe[1008] ntdll.dll!NtDeleteKey 7C92D8A4 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1008] ntdll.dll!NtDeleteKey + 4 7C92D8A8 2 Bytes [ 0B, 5F ] .text C:\WINDOWS\system32\svchost.exe[1008] ntdll.dll!NtDeleteValueKey 7C92D8CE 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1008] ntdll.dll!NtDeleteValueKey + 4 7C92D8D2 2 Bytes [ 11, 5F ] .text C:\WINDOWS\system32\svchost.exe[1008] ntdll.dll!NtRenameKey 7C92E339 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1008] ntdll.dll!NtRenameKey + 4 7C92E33D 2 Bytes [ 14, 5F ] .text C:\WINDOWS\system32\svchost.exe[1008] ntdll.dll!NtSetInformationFile 7C92E5D9 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1008] ntdll.dll!NtSetInformationFile + 4 7C92E5DD 2 Bytes [ 20, 5F ] .text C:\WINDOWS\system32\svchost.exe[1008] ntdll.dll!NtSetValueKey 7C92E7BC 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1008] ntdll.dll!NtSetValueKey + 4 7C92E7C0 2 Bytes [ 0E, 5F ] .text C:\WINDOWS\system32\svchost.exe[1008] ntdll.dll!NtTerminateProcess 7C92E88E 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1008] ntdll.dll!NtTerminateProcess + 4 7C92E892 2 Bytes [ 26, 5F ] .text C:\WINDOWS\system32\svchost.exe[1008] ntdll.dll!NtWriteFile 7C92E9F3 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1008] ntdll.dll!NtWriteFile + 4 7C92E9F7 2 Bytes [ 1A, 5F ] .text C:\WINDOWS\system32\svchost.exe[1008] ntdll.dll!NtWriteFileGather 7C92EA08 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1008] ntdll.dll!NtWriteFileGather + 4 7C92EA0C 2 Bytes [ 1D, 5F ] .text C:\WINDOWS\system32\svchost.exe[1008] ntdll.dll!NtWriteVirtualMemory 7C92EA32 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1008] ntdll.dll!NtWriteVirtualMemory + 4 7C92EA36 2 Bytes [ 29, 5F ] .text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\svchost.exe[1008] USER32.dll!SetWindowsHookExW 77D3E621 6 Bytes JMP 5F320F5A .text C:\WINDOWS\system32\svchost.exe[1008] USER32.dll!SetWindowsHookExA 77D402B2 6 Bytes JMP 5F2E0F5A .text C:\WINDOWS\system32\svchost.exe[1052] ntdll.dll!NtClose 7C92D586 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1052] ntdll.dll!NtClose + 4 7C92D58A 2 Bytes [ 2C, 5F ] .text C:\WINDOWS\system32\svchost.exe[1052] ntdll.dll!NtCreateFile 7C92D682 1 Byte [ FF ] .text C:\WINDOWS\system32\svchost.exe[1052] ntdll.dll!NtCreateFile + 2 7C92D684 1 Byte [ 1E ] .text C:\WINDOWS\system32\svchost.exe[1052] ntdll.dll!NtCreateFile + 4 7C92D686 2 Bytes [ 17, 5F ] .text C:\WINDOWS\system32\svchost.exe[1052] ntdll.dll!NtCreateKey 7C92D6D6 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1052] ntdll.dll!NtCreateKey + 4 7C92D6DA 2 Bytes [ 05, 5F ] .text C:\WINDOWS\system32\svchost.exe[1052] ntdll.dll!NtCreateSection 7C92D793 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1052] ntdll.dll!NtCreateSection + 4 7C92D797 2 Bytes [ 23, 5F ] .text C:\WINDOWS\system32\svchost.exe[1052] ntdll.dll!NtDeleteKey 7C92D8A4 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1052] ntdll.dll!NtDeleteKey + 4 7C92D8A8 2 Bytes [ 0B, 5F ] .text C:\WINDOWS\system32\svchost.exe[1052] ntdll.dll!NtDeleteValueKey 7C92D8CE 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1052] ntdll.dll!NtDeleteValueKey + 4 7C92D8D2 2 Bytes [ 11, 5F ] .text C:\WINDOWS\system32\svchost.exe[1052] ntdll.dll!NtRenameKey 7C92E339 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1052] ntdll.dll!NtRenameKey + 4 7C92E33D 2 Bytes [ 14, 5F ] .text C:\WINDOWS\system32\svchost.exe[1052] ntdll.dll!NtSetInformationFile 7C92E5D9 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1052] ntdll.dll!NtSetInformationFile + 4 7C92E5DD 2 Bytes [ 20, 5F ] .text C:\WINDOWS\system32\svchost.exe[1052] ntdll.dll!NtSetValueKey 7C92E7BC 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1052] ntdll.dll!NtSetValueKey + 4 7C92E7C0 2 Bytes [ 0E, 5F ] .text C:\WINDOWS\system32\svchost.exe[1052] ntdll.dll!NtTerminateProcess 7C92E88E 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1052] ntdll.dll!NtTerminateProcess + 4 7C92E892 2 Bytes [ 26, 5F ] .text C:\WINDOWS\system32\svchost.exe[1052] ntdll.dll!NtWriteFile 7C92E9F3 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1052] ntdll.dll!NtWriteFile + 4 7C92E9F7 2 Bytes [ 1A, 5F ] .text C:\WINDOWS\system32\svchost.exe[1052] ntdll.dll!NtWriteFileGather 7C92EA08 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1052] ntdll.dll!NtWriteFileGather + 4 7C92EA0C 2 Bytes [ 1D, 5F ] .text C:\WINDOWS\system32\svchost.exe[1052] ntdll.dll!NtWriteVirtualMemory 7C92EA32 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1052] ntdll.dll!NtWriteVirtualMemory + 4 7C92EA36 2 Bytes [ 29, 5F ] .text C:\WINDOWS\system32\svchost.exe[1052] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\svchost.exe[1052] USER32.dll!SetWindowsHookExW 77D3E621 6 Bytes JMP 5F320F5A .text C:\WINDOWS\system32\svchost.exe[1052] USER32.dll!SetWindowsHookExA 77D402B2 6 Bytes JMP 5F2E0F5A .text C:\WINDOWS\System32\svchost.exe[1120] ntdll.dll!NtClose 7C92D586 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\svchost.exe[1120] ntdll.dll!NtClose + 4 7C92D58A 2 Bytes [ 2C, 5F ] .text C:\WINDOWS\System32\svchost.exe[1120] ntdll.dll!NtCreateFile 7C92D682 1 Byte [ FF ] .text C:\WINDOWS\System32\svchost.exe[1120] ntdll.dll!NtCreateFile + 2 7C92D684 1 Byte [ 1E ] .text C:\WINDOWS\System32\svchost.exe[1120] ntdll.dll!NtCreateFile + 4 7C92D686 2 Bytes [ 17, 5F ] .text C:\WINDOWS\System32\svchost.exe[1120] ntdll.dll!NtCreateKey 7C92D6D6 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\svchost.exe[1120] ntdll.dll!NtCreateKey + 4 7C92D6DA 2 Bytes [ 05, 5F ] .text C:\WINDOWS\System32\svchost.exe[1120] ntdll.dll!NtCreateSection 7C92D793 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\svchost.exe[1120] ntdll.dll!NtCreateSection + 4 7C92D797 2 Bytes [ 23, 5F ] .text C:\WINDOWS\System32\svchost.exe[1120] ntdll.dll!NtDeleteKey 7C92D8A4 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\svchost.exe[1120] ntdll.dll!NtDeleteKey + 4 7C92D8A8 2 Bytes [ 0B, 5F ] .text C:\WINDOWS\System32\svchost.exe[1120] ntdll.dll!NtDeleteValueKey 7C92D8CE 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\svchost.exe[1120] ntdll.dll!NtDeleteValueKey + 4 7C92D8D2 2 Bytes [ 11, 5F ] .text C:\WINDOWS\System32\svchost.exe[1120] ntdll.dll!NtRenameKey 7C92E339 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\svchost.exe[1120] ntdll.dll!NtRenameKey + 4 7C92E33D 2 Bytes [ 14, 5F ] .text C:\WINDOWS\System32\svchost.exe[1120] ntdll.dll!NtSetInformationFile 7C92E5D9 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\svchost.exe[1120] ntdll.dll!NtSetInformationFile + 4 7C92E5DD 2 Bytes [ 20, 5F ] .text C:\WINDOWS\System32\svchost.exe[1120] ntdll.dll!NtSetValueKey 7C92E7BC 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\svchost.exe[1120] ntdll.dll!NtSetValueKey + 4 7C92E7C0 2 Bytes [ 0E, 5F ] .text C:\WINDOWS\System32\svchost.exe[1120] ntdll.dll!NtTerminateProcess 7C92E88E 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\svchost.exe[1120] ntdll.dll!NtTerminateProcess + 4 7C92E892 2 Bytes [ 26, 5F ] .text C:\WINDOWS\System32\svchost.exe[1120] ntdll.dll!NtWriteFile 7C92E9F3 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\svchost.exe[1120] ntdll.dll!NtWriteFile + 4 7C92E9F7 2 Bytes [ 1A, 5F ] .text C:\WINDOWS\System32\svchost.exe[1120] ntdll.dll!NtWriteFileGather 7C92EA08 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\svchost.exe[1120] ntdll.dll!NtWriteFileGather + 4 7C92EA0C 2 Bytes [ 1D, 5F ] .text C:\WINDOWS\System32\svchost.exe[1120] ntdll.dll!NtWriteVirtualMemory 7C92EA32 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\svchost.exe[1120] ntdll.dll!NtWriteVirtualMemory + 4 7C92EA36 2 Bytes [ 29, 5F ] .text C:\WINDOWS\System32\svchost.exe[1120] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\System32\svchost.exe[1120] USER32.dll!SetWindowsHookExW 77D3E621 6 Bytes JMP 5F320F5A .text C:\WINDOWS\System32\svchost.exe[1120] USER32.dll!SetWindowsHookExA 77D402B2 6 Bytes JMP 5F2E0F5A .text C:\WINDOWS\System32\svchost.exe[1148] ntdll.dll!NtClose 7C92D586 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\svchost.exe[1148] ntdll.dll!NtClose + 4 7C92D58A 2 Bytes [ 2C, 5F ] .text C:\WINDOWS\System32\svchost.exe[1148] ntdll.dll!NtCreateFile 7C92D682 1 Byte [ FF ] .text C:\WINDOWS\System32\svchost.exe[1148] ntdll.dll!NtCreateFile + 2 7C92D684 1 Byte [ 1E ] .text C:\WINDOWS\System32\svchost.exe[1148] ntdll.dll!NtCreateFile + 4 7C92D686 2 Bytes [ 17, 5F ] .text C:\WINDOWS\System32\svchost.exe[1148] ntdll.dll!NtCreateKey 7C92D6D6 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\svchost.exe[1148] ntdll.dll!NtCreateKey + 4 7C92D6DA 2 Bytes [ 05, 5F ] .text C:\WINDOWS\System32\svchost.exe[1148] ntdll.dll!NtCreateSection 7C92D793 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\svchost.exe[1148] ntdll.dll!NtCreateSection + 4 7C92D797 2 Bytes [ 23, 5F ] .text C:\WINDOWS\System32\svchost.exe[1148] ntdll.dll!NtDeleteKey 7C92D8A4 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\svchost.exe[1148] ntdll.dll!NtDeleteKey + 4 7C92D8A8 2 Bytes [ 0B, 5F ] .text C:\WINDOWS\System32\svchost.exe[1148] ntdll.dll!NtDeleteValueKey 7C92D8CE 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\svchost.exe[1148] ntdll.dll!NtDeleteValueKey + 4 7C92D8D2 2 Bytes [ 11, 5F ] .text C:\WINDOWS\System32\svchost.exe[1148] ntdll.dll!NtRenameKey 7C92E339 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\svchost.exe[1148] ntdll.dll!NtRenameKey + 4 7C92E33D 2 Bytes [ 14, 5F ] .text C:\WINDOWS\System32\svchost.exe[1148] ntdll.dll!NtSetInformationFile 7C92E5D9 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\svchost.exe[1148] ntdll.dll!NtSetInformationFile + 4 7C92E5DD 2 Bytes [ 20, 5F ] .text C:\WINDOWS\System32\svchost.exe[1148] ntdll.dll!NtSetValueKey 7C92E7BC 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\svchost.exe[1148] ntdll.dll!NtSetValueKey + 4 7C92E7C0 2 Bytes [ 0E, 5F ] .text C:\WINDOWS\System32\svchost.exe[1148] ntdll.dll!NtTerminateProcess 7C92E88E 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\svchost.exe[1148] ntdll.dll!NtTerminateProcess + 4 7C92E892 2 Bytes [ 26, 5F ] .text C:\WINDOWS\System32\svchost.exe[1148] ntdll.dll!NtWriteFile 7C92E9F3 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\svchost.exe[1148] ntdll.dll!NtWriteFile + 4 7C92E9F7 2 Bytes [ 1A, 5F ] .text C:\WINDOWS\System32\svchost.exe[1148] ntdll.dll!NtWriteFileGather 7C92EA08 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\svchost.exe[1148] ntdll.dll!NtWriteFileGather + 4 7C92EA0C 2 Bytes [ 1D, 5F ] .text C:\WINDOWS\System32\svchost.exe[1148] ntdll.dll!NtWriteVirtualMemory 7C92EA32 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\svchost.exe[1148] ntdll.dll!NtWriteVirtualMemory + 4 7C92EA36 2 Bytes [ 29, 5F ] .text C:\WINDOWS\System32\svchost.exe[1148] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\System32\svchost.exe[1148] USER32.dll!SetWindowsHookExW 77D3E621 6 Bytes JMP 5F320F5A .text C:\WINDOWS\System32\svchost.exe[1148] USER32.dll!SetWindowsHookExA 77D402B2 6 Bytes JMP 5F2E0F5A .text C:\WINDOWS\System32\svchost.exe[1240] ntdll.dll!NtClose 7C92D586 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\svchost.exe[1240] ntdll.dll!NtClose + 4 7C92D58A 2 Bytes [ 2C, 5F ] .text C:\WINDOWS\System32\svchost.exe[1240] ntdll.dll!NtCreateFile 7C92D682 1 Byte [ FF ] .text C:\WINDOWS\System32\svchost.exe[1240] ntdll.dll!NtCreateFile + 2 7C92D684 1 Byte [ 1E ] .text C:\WINDOWS\System32\svchost.exe[1240] ntdll.dll!NtCreateFile + 4 7C92D686 2 Bytes [ 17, 5F ] .text C:\WINDOWS\System32\svchost.exe[1240] ntdll.dll!NtCreateKey 7C92D6D6 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\svchost.exe[1240] ntdll.dll!NtCreateKey + 4 7C92D6DA 2 Bytes [ 05, 5F ] .text C:\WINDOWS\System32\svchost.exe[1240] ntdll.dll!NtCreateSection 7C92D793 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\svchost.exe[1240] ntdll.dll!NtCreateSection + 4 7C92D797 2 Bytes [ 23, 5F ] .text C:\WINDOWS\System32\svchost.exe[1240] ntdll.dll!NtDeleteKey 7C92D8A4 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\svchost.exe[1240] ntdll.dll!NtDeleteKey + 4 7C92D8A8 2 Bytes [ 0B, 5F ] .text C:\WINDOWS\System32\svchost.exe[1240] ntdll.dll!NtDeleteValueKey 7C92D8CE 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\svchost.exe[1240] ntdll.dll!NtDeleteValueKey + 4 7C92D8D2 2 Bytes [ 11, 5F ] .text C:\WINDOWS\System32\svchost.exe[1240] ntdll.dll!NtRenameKey 7C92E339 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\svchost.exe[1240] ntdll.dll!NtRenameKey + 4 7C92E33D 2 Bytes [ 14, 5F ] .text C:\WINDOWS\System32\svchost.exe[1240] ntdll.dll!NtSetInformationFile 7C92E5D9 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\svchost.exe[1240] ntdll.dll!NtSetInformationFile + 4 7C92E5DD 2 Bytes [ 20, 5F ] .text C:\WINDOWS\System32\svchost.exe[1240] ntdll.dll!NtSetValueKey 7C92E7BC 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\svchost.exe[1240] ntdll.dll!NtSetValueKey + 4 7C92E7C0 2 Bytes [ 0E, 5F ] .text C:\WINDOWS\System32\svchost.exe[1240] ntdll.dll!NtTerminateProcess 7C92E88E 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\svchost.exe[1240] ntdll.dll!NtTerminateProcess + 4 7C92E892 2 Bytes [ 26, 5F ] .text C:\WINDOWS\System32\svchost.exe[1240] ntdll.dll!NtWriteFile 7C92E9F3 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\svchost.exe[1240] ntdll.dll!NtWriteFile + 4 7C92E9F7 2 Bytes [ 1A, 5F ] .text C:\WINDOWS\System32\svchost.exe[1240] ntdll.dll!NtWriteFileGather 7C92EA08 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\svchost.exe[1240] ntdll.dll!NtWriteFileGather + 4 7C92EA0C 2 Bytes [ 1D, 5F ] .text C:\WINDOWS\System32\svchost.exe[1240] ntdll.dll!NtWriteVirtualMemory 7C92EA32 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\svchost.exe[1240] ntdll.dll!NtWriteVirtualMemory + 4 7C92EA36 2 Bytes [ 29, 5F ] .text C:\WINDOWS\System32\svchost.exe[1240] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\System32\svchost.exe[1240] USER32.dll!SetWindowsHookExW 77D3E621 6 Bytes JMP 5F320F5A .text C:\WINDOWS\System32\svchost.exe[1240] USER32.dll!SetWindowsHookExA 77D402B2 6 Bytes JMP 5F2E0F5A .text C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1384] ntdll.dll!NtClose 7C92D586 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1384] ntdll.dll!NtClose + 4 7C92D58A 2 Bytes [ 2C, 5F ] .text C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1384] ntdll.dll!NtCreateFile 7C92D682 1 Byte [ FF ] .text C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1384] ntdll.dll!NtCreateFile + 2 7C92D684 1 Byte [ 1E ] .text C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1384] ntdll.dll!NtCreateFile + 4 7C92D686 2 Bytes [ 17, 5F ] .text C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1384] ntdll.dll!NtCreateKey 7C92D6D6 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1384] ntdll.dll!NtCreateKey + 4 7C92D6DA 2 Bytes [ 05, 5F ] .text C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1384] ntdll.dll!NtCreateSection 7C92D793 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1384] ntdll.dll!NtCreateSection + 4 7C92D797 2 Bytes [ 23, 5F ] .text C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1384] ntdll.dll!NtDeleteKey 7C92D8A4 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1384] ntdll.dll!NtDeleteKey + 4 7C92D8A8 2 Bytes [ 0B, 5F ] .text C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1384] ntdll.dll!NtDeleteValueKey 7C92D8CE 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1384] ntdll.dll!NtDeleteValueKey + 4 7C92D8D2 2 Bytes [ 11, 5F ] .text C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1384] ntdll.dll!NtRenameKey 7C92E339 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1384] ntdll.dll!NtRenameKey + 4 7C92E33D 2 Bytes [ 14, 5F ] .text C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1384] ntdll.dll!NtSetInformationFile 7C92E5D9 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1384] ntdll.dll!NtSetInformationFile + 4 7C92E5DD 2 Bytes [ 20, 5F ] .text C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1384] ntdll.dll!NtSetValueKey 7C92E7BC 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1384] ntdll.dll!NtSetValueKey + 4 7C92E7C0 2 Bytes [ 0E, 5F ] .text C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1384] ntdll.dll!NtTerminateProcess 7C92E88E 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1384] ntdll.dll!NtTerminateProcess + 4 7C92E892 2 Bytes [ 26, 5F ] .text C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1384] ntdll.dll!NtWriteFile 7C92E9F3 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1384] ntdll.dll!NtWriteFile + 4 7C92E9F7 2 Bytes [ 1A, 5F ] .text C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1384] ntdll.dll!NtWriteFileGather 7C92EA08 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1384] ntdll.dll!NtWriteFileGather + 4 7C92EA0C 2 Bytes [ 1D, 5F ] .text C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1384] ntdll.dll!NtWriteVirtualMemory 7C92EA32 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1384] ntdll.dll!NtWriteVirtualMemory + 4 7C92EA36 2 Bytes [ 29, 5F ] .text C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1384] ntdll.dll!KiFastSystemCall + 2 7C92EB8D 2 Bytes [ CD, 20 ] .text C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1384] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1384] USER32.dll!SetWindowsHookExW 77D3E621 6 Bytes JMP 5F320F5A .text C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1384] USER32.dll!SetWindowsHookExA 77D402B2 6 Bytes JMP 5F2E0F5A .text C:\WINDOWS\Explorer.EXE[1596] ntdll.dll!NtClose 7C92D586 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\Explorer.EXE[1596] ntdll.dll!NtClose + 4 7C92D58A 2 Bytes [ 2C, 5F ] .text C:\WINDOWS\Explorer.EXE[1596] ntdll.dll!NtCreateFile 7C92D682 1 Byte [ FF ] .text C:\WINDOWS\Explorer.EXE[1596] ntdll.dll!NtCreateFile + 2 7C92D684 1 Byte [ 1E ] .text C:\WINDOWS\Explorer.EXE[1596] ntdll.dll!NtCreateFile + 4 7C92D686 2 Bytes [ 17, 5F ] .text C:\WINDOWS\Explorer.EXE[1596] ntdll.dll!NtCreateKey 7C92D6D6 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\Explorer.EXE[1596] ntdll.dll!NtCreateKey + 4 7C92D6DA 2 Bytes [ 05, 5F ] .text C:\WINDOWS\Explorer.EXE[1596] ntdll.dll!NtCreateSection 7C92D793 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\Explorer.EXE[1596] ntdll.dll!NtCreateSection + 4 7C92D797 2 Bytes [ 23, 5F ] .text C:\WINDOWS\Explorer.EXE[1596] ntdll.dll!NtDeleteKey 7C92D8A4 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\Explorer.EXE[1596] ntdll.dll!NtDeleteKey + 4 7C92D8A8 2 Bytes [ 0B, 5F ] .text C:\WINDOWS\Explorer.EXE[1596] ntdll.dll!NtDeleteValueKey 7C92D8CE 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\Explorer.EXE[1596] ntdll.dll!NtDeleteValueKey + 4 7C92D8D2 2 Bytes [ 11, 5F ] .text C:\WINDOWS\Explorer.EXE[1596] ntdll.dll!NtRenameKey 7C92E339 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\Explorer.EXE[1596] ntdll.dll!NtRenameKey + 4 7C92E33D 2 Bytes [ 14, 5F ] .text C:\WINDOWS\Explorer.EXE[1596] ntdll.dll!NtSetInformationFile 7C92E5D9 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\Explorer.EXE[1596] ntdll.dll!NtSetInformationFile + 4 7C92E5DD 2 Bytes [ 20, 5F ] .text C:\WINDOWS\Explorer.EXE[1596] ntdll.dll!NtSetValueKey 7C92E7BC 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\Explorer.EXE[1596] ntdll.dll!NtSetValueKey + 4 7C92E7C0 2 Bytes [ 0E, 5F ] .text C:\WINDOWS\Explorer.EXE[1596] ntdll.dll!NtTerminateProcess 7C92E88E 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\Explorer.EXE[1596] ntdll.dll!NtTerminateProcess + 4 7C92E892 2 Bytes [ 26, 5F ] .text C:\WINDOWS\Explorer.EXE[1596] ntdll.dll!NtWriteFile 7C92E9F3 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\Explorer.EXE[1596] ntdll.dll!NtWriteFile + 4 7C92E9F7 2 Bytes [ 1A, 5F ] .text C:\WINDOWS\Explorer.EXE[1596] ntdll.dll!NtWriteFileGather 7C92EA08 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\Explorer.EXE[1596] ntdll.dll!NtWriteFileGather + 4 7C92EA0C 2 Bytes [ 1D, 5F ] .text C:\WINDOWS\Explorer.EXE[1596] ntdll.dll!NtWriteVirtualMemory 7C92EA32 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\Explorer.EXE[1596] ntdll.dll!NtWriteVirtualMemory + 4 7C92EA36 2 Bytes [ 29, 5F ] .text C:\WINDOWS\Explorer.EXE[1596] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\Explorer.EXE[1596] USER32.dll!SetWindowsHookExW 77D3E621 6 Bytes JMP 5F320F5A .text C:\WINDOWS\Explorer.EXE[1596] USER32.dll!SetWindowsHookExA 77D402B2 6 Bytes JMP 5F2E0F5A .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[1828] ntdll.dll!NtClose 7C92D586 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[1828] ntdll.dll!NtClose + 4 7C92D58A 2 Bytes [ 2C, 5F ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[1828] ntdll.dll!NtCreateFile 7C92D682 1 Byte [ FF ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[1828] ntdll.dll!NtCreateFile + 2 7C92D684 1 Byte [ 1E ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[1828] ntdll.dll!NtCreateFile + 4 7C92D686 2 Bytes [ 17, 5F ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[1828] ntdll.dll!NtCreateKey 7C92D6D6 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[1828] ntdll.dll!NtCreateKey + 4 7C92D6DA 2 Bytes [ 05, 5F ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[1828] ntdll.dll!NtCreateSection 7C92D793 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[1828] ntdll.dll!NtCreateSection + 4 7C92D797 2 Bytes [ 23, 5F ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[1828] ntdll.dll!NtDeleteKey 7C92D8A4 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[1828] ntdll.dll!NtDeleteKey + 4 7C92D8A8 2 Bytes [ 0B, 5F ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[1828] ntdll.dll!NtDeleteValueKey 7C92D8CE 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[1828] ntdll.dll!NtDeleteValueKey + 4 7C92D8D2 2 Bytes [ 11, 5F ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[1828] ntdll.dll!NtRenameKey 7C92E339 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[1828] ntdll.dll!NtRenameKey + 4 7C92E33D 2 Bytes [ 14, 5F ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[1828] ntdll.dll!NtSetInformationFile 7C92E5D9 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[1828] ntdll.dll!NtSetInformationFile + 4 7C92E5DD 2 Bytes [ 20, 5F ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[1828] ntdll.dll!NtSetValueKey 7C92E7BC 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[1828] ntdll.dll!NtSetValueKey + 4 7C92E7C0 2 Bytes [ 0E, 5F ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[1828] ntdll.dll!NtTerminateProcess 7C92E88E 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[1828] ntdll.dll!NtTerminateProcess + 4 7C92E892 2 Bytes [ 26, 5F ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[1828] ntdll.dll!NtWriteFile 7C92E9F3 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[1828] ntdll.dll!NtWriteFile + 4 7C92E9F7 2 Bytes [ 1A, 5F ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[1828] ntdll.dll!NtWriteFileGather 7C92EA08 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[1828] ntdll.dll!NtWriteFileGather + 4 7C92EA0C 2 Bytes [ 1D, 5F ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[1828] ntdll.dll!NtWriteVirtualMemory 7C92EA32 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[1828] ntdll.dll!NtWriteVirtualMemory + 4 7C92EA36 2 Bytes [ 29, 5F ] .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[1828] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[1828] USER32.dll!SetWindowsHookExW 77D3E621 6 Bytes JMP 5F320F5A .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[1828] USER32.dll!SetWindowsHookExA 77D402B2 6 Bytes JMP 5F2E0F5A .text C:\WINDOWS\system32\spoolsv.exe[1900] ntdll.dll!NtClose 7C92D586 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\spoolsv.exe[1900] ntdll.dll!NtClose + 4 7C92D58A 2 Bytes [ 2C, 5F ] .text C:\WINDOWS\system32\spoolsv.exe[1900] ntdll.dll!NtCreateFile 7C92D682 1 Byte [ FF ] .text C:\WINDOWS\system32\spoolsv.exe[1900] ntdll.dll!NtCreateFile + 2 7C92D684 1 Byte [ 1E ] .text C:\WINDOWS\system32\spoolsv.exe[1900] ntdll.dll!NtCreateFile + 4 7C92D686 2 Bytes [ 17, 5F ] .text C:\WINDOWS\system32\spoolsv.exe[1900] ntdll.dll!NtCreateKey 7C92D6D6 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\spoolsv.exe[1900] ntdll.dll!NtCreateKey + 4 7C92D6DA 2 Bytes [ 05, 5F ] .text C:\WINDOWS\system32\spoolsv.exe[1900] ntdll.dll!NtCreateSection 7C92D793 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\spoolsv.exe[1900] ntdll.dll!NtCreateSection + 4 7C92D797 2 Bytes [ 23, 5F ] .text C:\WINDOWS\system32\spoolsv.exe[1900] ntdll.dll!NtDeleteKey 7C92D8A4 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\spoolsv.exe[1900] ntdll.dll!NtDeleteKey + 4 7C92D8A8 2 Bytes [ 0B, 5F ] .text C:\WINDOWS\system32\spoolsv.exe[1900] ntdll.dll!NtDeleteValueKey 7C92D8CE 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\spoolsv.exe[1900] ntdll.dll!NtDeleteValueKey + 4 7C92D8D2 2 Bytes [ 11, 5F ] .text C:\WINDOWS\system32\spoolsv.exe[1900] ntdll.dll!NtRenameKey 7C92E339 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\spoolsv.exe[1900] ntdll.dll!NtRenameKey + 4 7C92E33D 2 Bytes [ 14, 5F ] .text C:\WINDOWS\system32\spoolsv.exe[1900] ntdll.dll!NtSetInformationFile 7C92E5D9 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\spoolsv.exe[1900] ntdll.dll!NtSetInformationFile + 4 7C92E5DD 2 Bytes [ 20, 5F ] .text C:\WINDOWS\system32\spoolsv.exe[1900] ntdll.dll!NtSetValueKey 7C92E7BC 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\spoolsv.exe[1900] ntdll.dll!NtSetValueKey + 4 7C92E7C0 2 Bytes [ 0E, 5F ] .text C:\WINDOWS\system32\spoolsv.exe[1900] ntdll.dll!NtTerminateProcess 7C92E88E 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\spoolsv.exe[1900] ntdll.dll!NtTerminateProcess + 4 7C92E892 2 Bytes [ 26, 5F ] .text C:\WINDOWS\system32\spoolsv.exe[1900] ntdll.dll!NtWriteFile 7C92E9F3 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\spoolsv.exe[1900] ntdll.dll!NtWriteFile + 4 7C92E9F7 2 Bytes [ 1A, 5F ] .text C:\WINDOWS\system32\spoolsv.exe[1900] ntdll.dll!NtWriteFileGather 7C92EA08 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\spoolsv.exe[1900] ntdll.dll!NtWriteFileGather + 4 7C92EA0C 2 Bytes [ 1D, 5F ] .text C:\WINDOWS\system32\spoolsv.exe[1900] ntdll.dll!NtWriteVirtualMemory 7C92EA32 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\spoolsv.exe[1900] ntdll.dll!NtWriteVirtualMemory + 4 7C92EA36 2 Bytes [ 29, 5F ] .text C:\WINDOWS\system32\spoolsv.exe[1900] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\spoolsv.exe[1900] USER32.dll!SetWindowsHookExW 77D3E621 6 Bytes JMP 5F320F5A .text C:\WINDOWS\system32\spoolsv.exe[1900] USER32.dll!SetWindowsHookExA 77D402B2 6 Bytes JMP 5F2E0F5A .text C:\Documents and Settings\Administrator\桌面\systools\gmer.exe[2056] ntdll.dll!NtClose 7C92D586 3 Bytes [ FF, 25, 1E ] .text C:\Documents and Settings\Administrator\桌面\systools\gmer.exe[2056] ntdll.dll!NtClose + 4 7C92D58A 2 Bytes [ 2C, 5F ] .text C:\Documents and Settings\Administrator\桌面\systools\gmer.exe[2056] ntdll.dll!NtCreateFile 7C92D682 1 Byte [ FF ] .text C:\Documents and Settings\Administrator\桌面\systools\gmer.exe[2056] ntdll.dll!NtCreateFile + 2 7C92D684 1 Byte [ 1E ] .text C:\Documents and Settings\Administrator\桌面\systools\gmer.exe[2056] ntdll.dll!NtCreateFile + 4 7C92D686 2 Bytes [ 17, 5F ] .text C:\Documents and Settings\Administrator\桌面\systools\gmer.exe[2056] ntdll.dll!NtCreateKey 7C92D6D6 3 Bytes [ FF, 25, 1E ] .text C:\Documents and Settings\Administrator\桌面\systools\gmer.exe[2056] ntdll.dll!NtCreateKey + 4 7C92D6DA 2 Bytes [ 05, 5F ] .text C:\Documents and Settings\Administrator\桌面\systools\gmer.exe[2056] ntdll.dll!NtCreateSection 7C92D793 3 Bytes [ FF, 25, 1E ] .text C:\Documents and Settings\Administrator\桌面\systools\gmer.exe[2056] ntdll.dll!NtCreateSection + 4 7C92D797 2 Bytes [ 23, 5F ] .text C:\Documents and Settings\Administrator\桌面\systools\gmer.exe[2056] ntdll.dll!NtDeleteKey 7C92D8A4 3 Bytes [ FF, 25, 1E ] .text C:\Documents and Settings\Administrator\桌面\systools\gmer.exe[2056] ntdll.dll!NtDeleteKey + 4 7C92D8A8 2 Bytes [ 0B, 5F ] .text C:\Documents and Settings\Administrator\桌面\systools\gmer.exe[2056] ntdll.dll!NtDeleteValueKey 7C92D8CE 3 Bytes [ FF, 25, 1E ] .text C:\Documents and Settings\Administrator\桌面\systools\gmer.exe[2056] ntdll.dll!NtDeleteValueKey + 4 7C92D8D2 2 Bytes [ 11, 5F ] .text C:\Documents and Settings\Administrator\桌面\systools\gmer.exe[2056] ntdll.dll!NtRenameKey 7C92E339 3 Bytes [ FF, 25, 1E ] .text C:\Documents and Settings\Administrator\桌面\systools\gmer.exe[2056] ntdll.dll!NtRenameKey + 4 7C92E33D 2 Bytes [ 14, 5F ] .text C:\Documents and Settings\Administrator\桌面\systools\gmer.exe[2056] ntdll.dll!NtSetInformationFile 7C92E5D9 3 Bytes [ FF, 25, 1E ] .text C:\Documents and Settings\Administrator\桌面\systools\gmer.exe[2056] ntdll.dll!NtSetInformationFile + 4 7C92E5DD 2 Bytes [ 20, 5F ] .text C:\Documents and Settings\Administrator\桌面\systools\gmer.exe[2056] ntdll.dll!NtSetValueKey 7C92E7BC 3 Bytes [ FF, 25, 1E ] .text C:\Documents and Settings\Administrator\桌面\systools\gmer.exe[2056] ntdll.dll!NtSetValueKey + 4 7C92E7C0 2 Bytes [ 0E, 5F ] .text C:\Documents and Settings\Administrator\桌面\systools\gmer.exe[2056] ntdll.dll!NtTerminateProcess 7C92E88E 3 Bytes [ FF, 25, 1E ] .text C:\Documents and Settings\Administrator\桌面\systools\gmer.exe[2056] ntdll.dll!NtTerminateProcess + 4 7C92E892 2 Bytes [ 26, 5F ] .text C:\Documents and Settings\Administrator\桌面\systools\gmer.exe[2056] ntdll.dll!NtWriteFile 7C92E9F3 3 Bytes [ FF, 25, 1E ] .text C:\Documents and Settings\Administrator\桌面\systools\gmer.exe[2056] ntdll.dll!NtWriteFile + 4 7C92E9F7 2 Bytes [ 1A, 5F ] .text C:\Documents and Settings\Administrator\桌面\systools\gmer.exe[2056] ntdll.dll!NtWriteFileGather 7C92EA08 3 Bytes [ FF, 25, 1E ] .text C:\Documents and Settings\Administrator\桌面\systools\gmer.exe[2056] ntdll.dll!NtWriteFileGather + 4 7C92EA0C 2 Bytes [ 1D, 5F ] .text C:\Documents and Settings\Administrator\桌面\systools\gmer.exe[2056] ntdll.dll!NtWriteVirtualMemory 7C92EA32 3 Bytes [ FF, 25, 1E ] .text C:\Documents and Settings\Administrator\桌面\systools\gmer.exe[2056] ntdll.dll!NtWriteVirtualMemory + 4 7C92EA36 2 Bytes [ 29, 5F ] .text C:\Documents and Settings\Administrator\桌面\systools\gmer.exe[2056] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Documents and Settings\Administrator\桌面\systools\gmer.exe[2056] kernel32.dll!FreeLibrary + 15 7C80AA7B 4 Bytes [ BD, 55, EF, F4 ] .text C:\Documents and Settings\Administrator\桌面\systools\gmer.exe[2056] USER32.dll!SetWindowsHookExW 77D3E621 6 Bytes JMP 5F320F5A .text C:\Documents and Settings\Administrator\桌面\systools\gmer.exe[2056] USER32.dll!SetWindowsHookExA 77D402B2 6 Bytes JMP 5F2E0F5A .text C:\WINDOWS\System32\alg.exe[2512] ntdll.dll!NtClose 7C92D586 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\alg.exe[2512] ntdll.dll!NtClose + 4 7C92D58A 2 Bytes [ 2C, 5F ] .text C:\WINDOWS\System32\alg.exe[2512] ntdll.dll!NtCreateFile 7C92D682 1 Byte [ FF ] .text C:\WINDOWS\System32\alg.exe[2512] ntdll.dll!NtCreateFile + 2 7C92D684 1 Byte [ 1E ] .text C:\WINDOWS\System32\alg.exe[2512] ntdll.dll!NtCreateFile + 4 7C92D686 2 Bytes [ 17, 5F ] .text C:\WINDOWS\System32\alg.exe[2512] ntdll.dll!NtCreateKey 7C92D6D6 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\alg.exe[2512] ntdll.dll!NtCreateKey + 4 7C92D6DA 2 Bytes [ 05, 5F ] .text C:\WINDOWS\System32\alg.exe[2512] ntdll.dll!NtCreateSection 7C92D793 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\alg.exe[2512] ntdll.dll!NtCreateSection + 4 7C92D797 2 Bytes [ 23, 5F ] .text C:\WINDOWS\System32\alg.exe[2512] ntdll.dll!NtDeleteKey 7C92D8A4 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\alg.exe[2512] ntdll.dll!NtDeleteKey + 4 7C92D8A8 2 Bytes [ 0B, 5F ] .text C:\WINDOWS\System32\alg.exe[2512] ntdll.dll!NtDeleteValueKey 7C92D8CE 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\alg.exe[2512] ntdll.dll!NtDeleteValueKey + 4 7C92D8D2 2 Bytes [ 11, 5F ] .text C:\WINDOWS\System32\alg.exe[2512] ntdll.dll!NtRenameKey 7C92E339 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\alg.exe[2512] ntdll.dll!NtRenameKey + 4 7C92E33D 2 Bytes [ 14, 5F ] .text C:\WINDOWS\System32\alg.exe[2512] ntdll.dll!NtSetInformationFile 7C92E5D9 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\alg.exe[2512] ntdll.dll!NtSetInformationFile + 4 7C92E5DD 2 Bytes [ 20, 5F ] .text C:\WINDOWS\System32\alg.exe[2512] ntdll.dll!NtSetValueKey 7C92E7BC 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\alg.exe[2512] ntdll.dll!NtSetValueKey + 4 7C92E7C0 2 Bytes [ 0E, 5F ] .text C:\WINDOWS\System32\alg.exe[2512] ntdll.dll!NtTerminateProcess 7C92E88E 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\alg.exe[2512] ntdll.dll!NtTerminateProcess + 4 7C92E892 2 Bytes [ 26, 5F ] .text C:\WINDOWS\System32\alg.exe[2512] ntdll.dll!NtWriteFile 7C92E9F3 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\alg.exe[2512] ntdll.dll!NtWriteFile + 4 7C92E9F7 2 Bytes [ 1A, 5F ] .text C:\WINDOWS\System32\alg.exe[2512] ntdll.dll!NtWriteFileGather 7C92EA08 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\alg.exe[2512] ntdll.dll!NtWriteFileGather + 4 7C92EA0C 2 Bytes [ 1D, 5F ] .text C:\WINDOWS\System32\alg.exe[2512] ntdll.dll!NtWriteVirtualMemory 7C92EA32 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\alg.exe[2512] ntdll.dll!NtWriteVirtualMemory + 4 7C92EA36 2 Bytes [ 29, 5F ] .text C:\WINDOWS\System32\alg.exe[2512] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\System32\alg.exe[2512] kernel32.dll!FreeLibrary + 15 7C80AA7B 4 Bytes [ BD, 55, EF, F4 ] .text C:\WINDOWS\System32\alg.exe[2512] USER32.dll!SetWindowsHookExW 77D3E621 6 Bytes JMP 5F320F5A .text C:\WINDOWS\System32\alg.exe[2512] USER32.dll!SetWindowsHookExA 77D402B2 6 Bytes JMP 5F2E0F5A .text C:\WINDOWS\system32\wscntfy.exe[2632] ntdll.dll!NtClose 7C92D586 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\wscntfy.exe[2632] ntdll.dll!NtClose + 4 7C92D58A 2 Bytes [ 2C, 5F ] .text C:\WINDOWS\system32\wscntfy.exe[2632] ntdll.dll!NtCreateFile 7C92D682 1 Byte [ FF ] .text C:\WINDOWS\system32\wscntfy.exe[2632] ntdll.dll!NtCreateFile + 2 7C92D684 1 Byte [ 1E ] .text C:\WINDOWS\system32\wscntfy.exe[2632] ntdll.dll!NtCreateFile + 4 7C92D686 2 Bytes [ 17, 5F ] .text C:\WINDOWS\system32\wscntfy.exe[2632] ntdll.dll!NtCreateKey 7C92D6D6 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\wscntfy.exe[2632] ntdll.dll!NtCreateKey + 4 7C92D6DA 2 Bytes [ 05, 5F ] .text C:\WINDOWS\system32\wscntfy.exe[2632] ntdll.dll!NtCreateSection 7C92D793 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\wscntfy.exe[2632] ntdll.dll!NtCreateSection + 4 7C92D797 2 Bytes [ 23, 5F ] .text C:\WINDOWS\system32\wscntfy.exe[2632] ntdll.dll!NtDeleteKey 7C92D8A4 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\wscntfy.exe[2632] ntdll.dll!NtDeleteKey + 4 7C92D8A8 2 Bytes [ 0B, 5F ] .text C:\WINDOWS\system32\wscntfy.exe[2632] ntdll.dll!NtDeleteValueKey 7C92D8CE 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\wscntfy.exe[2632] ntdll.dll!NtDeleteValueKey + 4 7C92D8D2 2 Bytes [ 11, 5F ] .text C:\WINDOWS\system32\wscntfy.exe[2632] ntdll.dll!NtRenameKey 7C92E339 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\wscntfy.exe[2632] ntdll.dll!NtRenameKey + 4 7C92E33D 2 Bytes [ 14, 5F ] .text C:\WINDOWS\system32\wscntfy.exe[2632] ntdll.dll!NtSetInformationFile 7C92E5D9 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\wscntfy.exe[2632] ntdll.dll!NtSetInformationFile + 4 7C92E5DD 2 Bytes [ 20, 5F ] .text C:\WINDOWS\system32\wscntfy.exe[2632] ntdll.dll!NtSetValueKey 7C92E7BC 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\wscntfy.exe[2632] ntdll.dll!NtSetValueKey + 4 7C92E7C0 2 Bytes [ 0E, 5F ] .text C:\WINDOWS\system32\wscntfy.exe[2632] ntdll.dll!NtTerminateProcess 7C92E88E 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\wscntfy.exe[2632] ntdll.dll!NtTerminateProcess + 4 7C92E892 2 Bytes [ 26, 5F ] .text C:\WINDOWS\system32\wscntfy.exe[2632] ntdll.dll!NtWriteFile 7C92E9F3 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\wscntfy.exe[2632] ntdll.dll!NtWriteFile + 4 7C92E9F7 2 Bytes [ 1A, 5F ] .text C:\WINDOWS\system32\wscntfy.exe[2632] ntdll.dll!NtWriteFileGather 7C92EA08 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\wscntfy.exe[2632] ntdll.dll!NtWriteFileGather + 4 7C92EA0C 2 Bytes [ 1D, 5F ] .text C:\WINDOWS\system32\wscntfy.exe[2632] ntdll.dll!NtWriteVirtualMemory 7C92EA32 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\wscntfy.exe[2632] ntdll.dll!NtWriteVirtualMemory + 4 7C92EA36 2 Bytes [ 29, 5F ] .text C:\WINDOWS\system32\wscntfy.exe[2632] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\wscntfy.exe[2632] kernel32.dll!FreeLibrary + 15 7C80AA7B 4 Bytes [ BD, 55, EF, F4 ] .text C:\WINDOWS\system32\wscntfy.exe[2632] USER32.dll!SetWindowsHookExW 77D3E621 6 Bytes JMP 5F320F5A .text C:\WINDOWS\system32\wscntfy.exe[2632] USER32.dll!SetWindowsHookExA 77D402B2 6 Bytes JMP 5F2E0F5A .text C:\WINDOWS\RTHDCPL.EXE[2804] ntdll.dll!NtClose 7C92D586 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\RTHDCPL.EXE[2804] ntdll.dll!NtClose + 4 7C92D58A 2 Bytes [ 2C, 5F ] .text C:\WINDOWS\RTHDCPL.EXE[2804] ntdll.dll!NtCreateFile 7C92D682 1 Byte [ FF ] .text C:\WINDOWS\RTHDCPL.EXE[2804] ntdll.dll!NtCreateFile + 2 7C92D684 1 Byte [ 1E ] .text C:\WINDOWS\RTHDCPL.EXE[2804] ntdll.dll!NtCreateFile + 4 7C92D686 2 Bytes [ 17, 5F ] .text C:\WINDOWS\RTHDCPL.EXE[2804] ntdll.dll!NtCreateKey 7C92D6D6 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\RTHDCPL.EXE[2804] ntdll.dll!NtCreateKey + 4 7C92D6DA 2 Bytes [ 05, 5F ] .text C:\WINDOWS\RTHDCPL.EXE[2804] ntdll.dll!NtCreateSection 7C92D793 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\RTHDCPL.EXE[2804] ntdll.dll!NtCreateSection + 4 7C92D797 2 Bytes [ 23, 5F ] .text C:\WINDOWS\RTHDCPL.EXE[2804] ntdll.dll!NtDeleteKey 7C92D8A4 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\RTHDCPL.EXE[2804] ntdll.dll!NtDeleteKey + 4 7C92D8A8 2 Bytes [ 0B, 5F ] .text C:\WINDOWS\RTHDCPL.EXE[2804] ntdll.dll!NtDeleteValueKey 7C92D8CE 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\RTHDCPL.EXE[2804] ntdll.dll!NtDeleteValueKey + 4 7C92D8D2 2 Bytes [ 11, 5F ] .text C:\WINDOWS\RTHDCPL.EXE[2804] ntdll.dll!NtRenameKey 7C92E339 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\RTHDCPL.EXE[2804] ntdll.dll!NtRenameKey + 4 7C92E33D 2 Bytes [ 14, 5F ] .text C:\WINDOWS\RTHDCPL.EXE[2804] ntdll.dll!NtSetInformationFile 7C92E5D9 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\RTHDCPL.EXE[2804] ntdll.dll!NtSetInformationFile + 4 7C92E5DD 2 Bytes [ 20, 5F ] .text C:\WINDOWS\RTHDCPL.EXE[2804] ntdll.dll!NtSetValueKey 7C92E7BC 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\RTHDCPL.EXE[2804] ntdll.dll!NtSetValueKey + 4 7C92E7C0 2 Bytes [ 0E, 5F ] .text C:\WINDOWS\RTHDCPL.EXE[2804] ntdll.dll!NtTerminateProcess 7C92E88E 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\RTHDCPL.EXE[2804] ntdll.dll!NtTerminateProcess + 4 7C92E892 2 Bytes [ 26, 5F ] .text C:\WINDOWS\RTHDCPL.EXE[2804] ntdll.dll!NtWriteFile 7C92E9F3 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\RTHDCPL.EXE[2804] ntdll.dll!NtWriteFile + 4 7C92E9F7 2 Bytes [ 1A, 5F ] .text C:\WINDOWS\RTHDCPL.EXE[2804] ntdll.dll!NtWriteFileGather 7C92EA08 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\RTHDCPL.EXE[2804] ntdll.dll!NtWriteFileGather + 4 7C92EA0C 2 Bytes [ 1D, 5F ] .text C:\WINDOWS\RTHDCPL.EXE[2804] ntdll.dll!NtWriteVirtualMemory 7C92EA32 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\RTHDCPL.EXE[2804] ntdll.dll!NtWriteVirtualMemory + 4 7C92EA36 2 Bytes [ 29, 5F ] .text C:\WINDOWS\RTHDCPL.EXE[2804] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\RTHDCPL.EXE[2804] kernel32.dll!FreeLibrary + 15 7C80AA7B 4 Bytes [ BD, 55, EF, F4 ] .text C:\WINDOWS\RTHDCPL.EXE[2804] USER32.dll!SetWindowsHookExW 77D3E621 6 Bytes JMP 5F320F5A .text C:\WINDOWS\RTHDCPL.EXE[2804] USER32.dll!SetWindowsHookExA 77D402B2 6 Bytes JMP 5F2E0F5A .text C:\WINDOWS\ALCFDRTM.EXE[2900] ntdll.dll!NtClose 7C92D586 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\ALCFDRTM.EXE[2900] ntdll.dll!NtClose + 4 7C92D58A 2 Bytes [ 2C, 5F ] .text C:\WINDOWS\ALCFDRTM.EXE[2900] ntdll.dll!NtCreateFile 7C92D682 1 Byte [ FF ] .text C:\WINDOWS\ALCFDRTM.EXE[2900] ntdll.dll!NtCreateFile + 2 7C92D684 1 Byte [ 1E ] .text C:\WINDOWS\ALCFDRTM.EXE[2900] ntdll.dll!NtCreateFile + 4 7C92D686 2 Bytes [ 17, 5F ] .text C:\WINDOWS\ALCFDRTM.EXE[2900] ntdll.dll!NtCreateKey 7C92D6D6 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\ALCFDRTM.EXE[2900] ntdll.dll!NtCreateKey + 4 7C92D6DA 2 Bytes [ 05, 5F ] .text C:\WINDOWS\ALCFDRTM.EXE[2900] ntdll.dll!NtCreateSection 7C92D793 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\ALCFDRTM.EXE[2900] ntdll.dll!NtCreateSection + 4 7C92D797 2 Bytes [ 23, 5F ] .text C:\WINDOWS\ALCFDRTM.EXE[2900] ntdll.dll!NtDeleteKey 7C92D8A4 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\ALCFDRTM.EXE[2900] ntdll.dll!NtDeleteKey + 4 7C92D8A8 2 Bytes [ 0B, 5F ] .text C:\WINDOWS\ALCFDRTM.EXE[2900] ntdll.dll!NtDeleteValueKey 7C92D8CE 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\ALCFDRTM.EXE[2900] ntdll.dll!NtDeleteValueKey + 4 7C92D8D2 2 Bytes [ 11, 5F ] .text C:\WINDOWS\ALCFDRTM.EXE[2900] ntdll.dll!NtRenameKey 7C92E339 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\ALCFDRTM.EXE[2900] ntdll.dll!NtRenameKey + 4 7C92E33D 2 Bytes [ 14, 5F ] .text C:\WINDOWS\ALCFDRTM.EXE[2900] ntdll.dll!NtSetInformationFile 7C92E5D9 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\ALCFDRTM.EXE[2900] ntdll.dll!NtSetInformationFile + 4 7C92E5DD 2 Bytes [ 20, 5F ] .text C:\WINDOWS\ALCFDRTM.EXE[2900] ntdll.dll!NtSetValueKey 7C92E7BC 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\ALCFDRTM.EXE[2900] ntdll.dll!NtSetValueKey + 4 7C92E7C0 2 Bytes [ 0E, 5F ] .text C:\WINDOWS\ALCFDRTM.EXE[2900] ntdll.dll!NtTerminateProcess 7C92E88E 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\ALCFDRTM.EXE[2900] ntdll.dll!NtTerminateProcess + 4 7C92E892 2 Bytes [ 26, 5F ] .text C:\WINDOWS\ALCFDRTM.EXE[2900] ntdll.dll!NtWriteFile 7C92E9F3 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\ALCFDRTM.EXE[2900] ntdll.dll!NtWriteFile + 4 7C92E9F7 2 Bytes [ 1A, 5F ] .text C:\WINDOWS\ALCFDRTM.EXE[2900] ntdll.dll!NtWriteFileGather 7C92EA08 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\ALCFDRTM.EXE[2900] ntdll.dll!NtWriteFileGather + 4 7C92EA0C 2 Bytes [ 1D, 5F ] .text C:\WINDOWS\ALCFDRTM.EXE[2900] ntdll.dll!NtWriteVirtualMemory 7C92EA32 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\ALCFDRTM.EXE[2900] ntdll.dll!NtWriteVirtualMemory + 4 7C92EA36 2 Bytes [ 29, 5F ] .text C:\WINDOWS\ALCFDRTM.EXE[2900] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\ALCFDRTM.EXE[2900] kernel32.dll!FreeLibrary + 15 7C80AA7B 4 Bytes [ BD, 55, EF, F4 ] .text C:\WINDOWS\ALCFDRTM.EXE[2900] USER32.dll!SetWindowsHookExW 77D3E621 6 Bytes JMP 5F320F5A .text C:\WINDOWS\ALCFDRTM.EXE[2900] USER32.dll!SetWindowsHookExA 77D402B2 6 Bytes JMP 5F2E0F5A .text C:\WINDOWS\system32\RUNDLL32.EXE[2984] ntdll.dll!NtClose 7C92D586 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\RUNDLL32.EXE[2984] ntdll.dll!NtClose + 4 7C92D58A 2 Bytes [ 2C, 5F ] .text C:\WINDOWS\system32\RUNDLL32.EXE[2984] ntdll.dll!NtCreateFile 7C92D682 1 Byte [ FF ] .text C:\WINDOWS\system32\RUNDLL32.EXE[2984] ntdll.dll!NtCreateFile + 2 7C92D684 1 Byte [ 1E ] .text C:\WINDOWS\system32\RUNDLL32.EXE[2984] ntdll.dll!NtCreateFile + 4 7C92D686 2 Bytes [ 17, 5F ] .text C:\WINDOWS\system32\RUNDLL32.EXE[2984] ntdll.dll!NtCreateKey 7C92D6D6 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\RUNDLL32.EXE[2984] ntdll.dll!NtCreateKey + 4 7C92D6DA 2 Bytes [ 05, 5F ] .text C:\WINDOWS\system32\RUNDLL32.EXE[2984] ntdll.dll!NtCreateSection 7C92D793 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\RUNDLL32.EXE[2984] ntdll.dll!NtCreateSection + 4 7C92D797 2 Bytes [ 23, 5F ] .text C:\WINDOWS\system32\RUNDLL32.EXE[2984] ntdll.dll!NtDeleteKey 7C92D8A4 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\RUNDLL32.EXE[2984] ntdll.dll!NtDeleteKey + 4 7C92D8A8 2 Bytes [ 0B, 5F ] .text C:\WINDOWS\system32\RUNDLL32.EXE[2984] ntdll.dll!NtDeleteValueKey 7C92D8CE 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\RUNDLL32.EXE[2984] ntdll.dll!NtDeleteValueKey + 4 7C92D8D2 2 Bytes [ 11, 5F ] .text C:\WINDOWS\system32\RUNDLL32.EXE[2984] ntdll.dll!NtRenameKey 7C92E339 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\RUNDLL32.EXE[2984] ntdll.dll!NtRenameKey + 4 7C92E33D 2 Bytes [ 14, 5F ] .text C:\WINDOWS\system32\RUNDLL32.EXE[2984] ntdll.dll!NtSetInformationFile 7C92E5D9 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\RUNDLL32.EXE[2984] ntdll.dll!NtSetInformationFile + 4 7C92E5DD 2 Bytes [ 20, 5F ] .text C:\WINDOWS\system32\RUNDLL32.EXE[2984] ntdll.dll!NtSetValueKey 7C92E7BC 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\RUNDLL32.EXE[2984] ntdll.dll!NtSetValueKey + 4 7C92E7C0 2 Bytes [ 0E, 5F ] .text C:\WINDOWS\system32\RUNDLL32.EXE[2984] ntdll.dll!NtTerminateProcess 7C92E88E 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\RUNDLL32.EXE[2984] ntdll.dll!NtTerminateProcess + 4 7C92E892 2 Bytes [ 26, 5F ] .text C:\WINDOWS\system32\RUNDLL32.EXE[2984] ntdll.dll!NtWriteFile 7C92E9F3 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\RUNDLL32.EXE[2984] ntdll.dll!NtWriteFile + 4 7C92E9F7 2 Bytes [ 1A, 5F ] .text C:\WINDOWS\system32\RUNDLL32.EXE[2984] ntdll.dll!NtWriteFileGather 7C92EA08 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\RUNDLL32.EXE[2984] ntdll.dll!NtWriteFileGather + 4 7C92EA0C 2 Bytes [ 1D, 5F ] .text C:\WINDOWS\system32\RUNDLL32.EXE[2984] ntdll.dll!NtWriteVirtualMemory 7C92EA32 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\RUNDLL32.EXE[2984] ntdll.dll!NtWriteVirtualMemory + 4 7C92EA36 2 Bytes [ 29, 5F ] .text C:\WINDOWS\system32\RUNDLL32.EXE[2984] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\RUNDLL32.EXE[2984] kernel32.dll!FreeLibrary + 15 7C80AA7B 4 Bytes [ BD, 55, EF, F4 ] .text C:\WINDOWS\system32\RUNDLL32.EXE[2984] USER32.dll!SetWindowsHookExW 77D3E621 6 Bytes JMP 5F320F5A .text C:\WINDOWS\system32\RUNDLL32.EXE[2984] USER32.dll!SetWindowsHookExA 77D402B2 6 Bytes JMP 5F2E0F5A .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[3056] ntdll.dll!NtClose 7C92D586 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[3056] ntdll.dll!NtClose + 4 7C92D58A 2 Bytes [ 2C, 5F ] .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[3056] ntdll.dll!NtCreateFile 7C92D682 1 Byte [ FF ] .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[3056] ntdll.dll!NtCreateFile + 2 7C92D684 1 Byte [ 1E ] .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[3056] ntdll.dll!NtCreateFile + 4 7C92D686 2 Bytes [ 17, 5F ] .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[3056] ntdll.dll!NtCreateKey 7C92D6D6 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[3056] ntdll.dll!NtCreateKey + 4 7C92D6DA 2 Bytes [ 05, 5F ] .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[3056] ntdll.dll!NtCreateSection 7C92D793 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[3056] ntdll.dll!NtCreateSection + 4 7C92D797 2 Bytes [ 23, 5F ] .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[3056] ntdll.dll!NtDeleteKey 7C92D8A4 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[3056] ntdll.dll!NtDeleteKey + 4 7C92D8A8 2 Bytes [ 0B, 5F ] .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[3056] ntdll.dll!NtDeleteValueKey 7C92D8CE 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[3056] ntdll.dll!NtDeleteValueKey + 4 7C92D8D2 2 Bytes [ 11, 5F ] .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[3056] ntdll.dll!NtRenameKey 7C92E339 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[3056] ntdll.dll!NtRenameKey + 4 7C92E33D 2 Bytes [ 14, 5F ] .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[3056] ntdll.dll!NtSetInformationFile 7C92E5D9 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[3056] ntdll.dll!NtSetInformationFile + 4 7C92E5DD 2 Bytes [ 20, 5F ] .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[3056] ntdll.dll!NtSetValueKey 7C92E7BC 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[3056] ntdll.dll!NtSetValueKey + 4 7C92E7C0 2 Bytes [ 0E, 5F ] .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[3056] ntdll.dll!NtTerminateProcess 7C92E88E 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[3056] ntdll.dll!NtTerminateProcess + 4 7C92E892 2 Bytes [ 26, 5F ] .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[3056] ntdll.dll!NtWriteFile 7C92E9F3 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[3056] ntdll.dll!NtWriteFile + 4 7C92E9F7 2 Bytes [ 1A, 5F ] .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[3056] ntdll.dll!NtWriteFileGather 7C92EA08 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[3056] ntdll.dll!NtWriteFileGather + 4 7C92EA0C 2 Bytes [ 1D, 5F ] .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[3056] ntdll.dll!NtWriteVirtualMemory 7C92EA32 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[3056] ntdll.dll!NtWriteVirtualMemory + 4 7C92EA36 2 Bytes [ 29, 5F ] .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[3056] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[3056] kernel32.dll!FreeLibrary + 15 7C80AA7B 4 Bytes [ BD, 55, EF, F4 ] .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[3056] USER32.dll!SetWindowsHookExW 77D3E621 6 Bytes JMP 5F320F5A .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[3056] USER32.dll!SetWindowsHookExA 77D402B2 6 Bytes JMP 5F2E0F5A .text C:\WINDOWS\system32\ctfmon.exe[3132] ntdll.dll!NtClose 7C92D586 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\ctfmon.exe[3132] ntdll.dll!NtClose + 4 7C92D58A 2 Bytes [ 2C, 5F ] .text C:\WINDOWS\system32\ctfmon.exe[3132] ntdll.dll!NtCreateFile 7C92D682 1 Byte [ FF ] .text C:\WINDOWS\system32\ctfmon.exe[3132] ntdll.dll!NtCreateFile + 2 7C92D684 1 Byte [ 1E ] .text C:\WINDOWS\system32\ctfmon.exe[3132] ntdll.dll!NtCreateFile + 4 7C92D686 2 Bytes [ 17, 5F ] .text C:\WINDOWS\system32\ctfmon.exe[3132] ntdll.dll!NtCreateKey 7C92D6D6 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\ctfmon.exe[3132] ntdll.dll!NtCreateKey + 4 7C92D6DA 2 Bytes [ 05, 5F ] .text C:\WINDOWS\system32\ctfmon.exe[3132] ntdll.dll!NtCreateSection 7C92D793 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\ctfmon.exe[3132] ntdll.dll!NtCreateSection + 4 7C92D797 2 Bytes [ 23, 5F ] .text C:\WINDOWS\system32\ctfmon.exe[3132] ntdll.dll!NtDeleteKey 7C92D8A4 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\ctfmon.exe[3132] ntdll.dll!NtDeleteKey + 4 7C92D8A8 2 Bytes [ 0B, 5F ] .text C:\WINDOWS\system32\ctfmon.exe[3132] ntdll.dll!NtDeleteValueKey 7C92D8CE 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\ctfmon.exe[3132] ntdll.dll!NtDeleteValueKey + 4 7C92D8D2 2 Bytes [ 11, 5F ] .text C:\WINDOWS\system32\ctfmon.exe[3132] ntdll.dll!NtRenameKey 7C92E339 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\ctfmon.exe[3132] ntdll.dll!NtRenameKey + 4 7C92E33D 2 Bytes [ 14, 5F ] .text C:\WINDOWS\system32\ctfmon.exe[3132] ntdll.dll!NtSetInformationFile 7C92E5D9 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\ctfmon.exe[3132] ntdll.dll!NtSetInformationFile + 4 7C92E5DD 2 Bytes [ 20, 5F ] .text C:\WINDOWS\system32\ctfmon.exe[3132] ntdll.dll!NtSetValueKey 7C92E7BC 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\ctfmon.exe[3132] ntdll.dll!NtSetValueKey + 4 7C92E7C0 2 Bytes [ 0E, 5F ] .text C:\WINDOWS\system32\ctfmon.exe[3132] ntdll.dll!NtTerminateProcess 7C92E88E 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\ctfmon.exe[3132] ntdll.dll!NtTerminateProcess + 4 7C92E892 2 Bytes [ 26, 5F ] .text C:\WINDOWS\system32\ctfmon.exe[3132] ntdll.dll!NtWriteFile 7C92E9F3 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\ctfmon.exe[3132] ntdll.dll!NtWriteFile + 4 7C92E9F7 2 Bytes [ 1A, 5F ] .text C:\WINDOWS\system32\ctfmon.exe[3132] ntdll.dll!NtWriteFileGather 7C92EA08 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\ctfmon.exe[3132] ntdll.dll!NtWriteFileGather + 4 7C92EA0C 2 Bytes [ 1D, 5F ] .text C:\WINDOWS\system32\ctfmon.exe[3132] ntdll.dll!NtWriteVirtualMemory 7C92EA32 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\ctfmon.exe[3132] ntdll.dll!NtWriteVirtualMemory + 4 7C92EA36 2 Bytes [ 29, 5F ] .text C:\WINDOWS\system32\ctfmon.exe[3132] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\ctfmon.exe[3132] kernel32.dll!FreeLibrary + 15 7C80AA7B 4 Bytes [ BD, 55, EF, F4 ] .text C:\WINDOWS\system32\ctfmon.exe[3132] USER32.dll!SetWindowsHookExW 77D3E621 6 Bytes JMP 5F320F5A .text C:\WINDOWS\system32\ctfmon.exe[3132] USER32.dll!SetWindowsHookExA 77D402B2 6 Bytes JMP 5F2E0F5A .text C:\WINDOWS\system32\wuauclt.exe[3328] ntdll.dll!NtClose 7C92D586 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\wuauclt.exe[3328] ntdll.dll!NtClose + 4 7C92D58A 2 Bytes [ 2C, 5F ] .text C:\WINDOWS\system32\wuauclt.exe[3328] ntdll.dll!NtCreateFile 7C92D682 1 Byte [ FF ] .text C:\WINDOWS\system32\wuauclt.exe[3328] ntdll.dll!NtCreateFile + 2 7C92D684 1 Byte [ 1E ] .text C:\WINDOWS\system32\wuauclt.exe[3328] ntdll.dll!NtCreateFile + 4 7C92D686 2 Bytes [ 17, 5F ] .text C:\WINDOWS\system32\wuauclt.exe[3328] ntdll.dll!NtCreateKey 7C92D6D6 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\wuauclt.exe[3328] ntdll.dll!NtCreateKey + 4 7C92D6DA 2 Bytes [ 05, 5F ] .text C:\WINDOWS\system32\wuauclt.exe[3328] ntdll.dll!NtCreateSection 7C92D793 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\wuauclt.exe[3328] ntdll.dll!NtCreateSection + 4 7C92D797 2 Bytes [ 23, 5F ] .text C:\WINDOWS\system32\wuauclt.exe[3328] ntdll.dll!NtDeleteKey 7C92D8A4 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\wuauclt.exe[3328] ntdll.dll!NtDeleteKey + 4 7C92D8A8 2 Bytes [ 0B, 5F ] .text C:\WINDOWS\system32\wuauclt.exe[3328] ntdll.dll!NtDeleteValueKey 7C92D8CE 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\wuauclt.exe[3328] ntdll.dll!NtDeleteValueKey + 4 7C92D8D2 2 Bytes [ 11, 5F ] .text C:\WINDOWS\system32\wuauclt.exe[3328] ntdll.dll!NtRenameKey 7C92E339 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\wuauclt.exe[3328] ntdll.dll!NtRenameKey + 4 7C92E33D 2 Bytes [ 14, 5F ] .text C:\WINDOWS\system32\wuauclt.exe[3328] ntdll.dll!NtSetInformationFile 7C92E5D9 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\wuauclt.exe[3328] ntdll.dll!NtSetInformationFile + 4 7C92E5DD 2 Bytes [ 20, 5F ] .text C:\WINDOWS\system32\wuauclt.exe[3328] ntdll.dll!NtSetValueKey 7C92E7BC 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\wuauclt.exe[3328] ntdll.dll!NtSetValueKey + 4 7C92E7C0 2 Bytes [ 0E, 5F ] .text C:\WINDOWS\system32\wuauclt.exe[3328] ntdll.dll!NtTerminateProcess 7C92E88E 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\wuauclt.exe[3328] ntdll.dll!NtTerminateProcess + 4 7C92E892 2 Bytes [ 26, 5F ] .text C:\WINDOWS\system32\wuauclt.exe[3328] ntdll.dll!NtWriteFile 7C92E9F3 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\wuauclt.exe[3328] ntdll.dll!NtWriteFile + 4 7C92E9F7 2 Bytes [ 1A, 5F ] .text C:\WINDOWS\system32\wuauclt.exe[3328] ntdll.dll!NtWriteFileGather 7C92EA08 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\wuauclt.exe[3328] ntdll.dll!NtWriteFileGather + 4 7C92EA0C 2 Bytes [ 1D, 5F ] .text C:\WINDOWS\system32\wuauclt.exe[3328] ntdll.dll!NtWriteVirtualMemory 7C92EA32 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\wuauclt.exe[3328] ntdll.dll!NtWriteVirtualMemory + 4 7C92EA36 2 Bytes [ 29, 5F ] .text C:\WINDOWS\system32\wuauclt.exe[3328] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\wuauclt.exe[3328] kernel32.dll!FreeLibrary + 15 7C80AA7B 4 Bytes [ BD, 55, EF, F4 ] .text C:\WINDOWS\system32\wuauclt.exe[3328] USER32.dll!SetWindowsHookExW 77D3E621 6 Bytes JMP 5F320F5A .text C:\WINDOWS\system32\wuauclt.exe[3328] USER32.dll!SetWindowsHookExA 77D402B2 6 Bytes JMP 5F2E0F5A ---- Kernel IAT/EAT - GMER 1.0.14 ---- IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [BA6BEAD4] sptd.sys IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [BA6BEC1A] sptd.sys IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [BA6BEB9C] sptd.sys IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [BA6BF748] sptd.sys IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [BA6BF61E] sptd.sys IAT \SystemRoot\System32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [BA6D429A] sptd.sys IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [B3E5CCA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [B3E5D1C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [B3E5D320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [B3E5CE10] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [B3E5CE10] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [B3E5CCA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [B3E5D1C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [B3E5D320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [B3E5CCA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [B3E5D320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [B3E5D1C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [B3E5CE10] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [B3E5D320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [B3E5CCA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [B3E5D1C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [B3E5CE10] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [B3E5CCA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [B3E5D1C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [B3E5D320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [B3E5CCA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [B3E5CE10] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [B3E5D320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [B3E5D1C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ---- Devices - GMER 1.0.14 ---- Device \FileSystem\Ntfs \Ntfs 8A5631E8 Device \Driver\NetBT \Device\NetBT_Tcpip_{A74506DB-9754-4C0C-AAF1-D5C76A6CCCA3} 8976B1E8 Device \Driver\Tcpip \Device\Ip vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) Device \Driver\usbohci \Device\USBPDO-0 8A3C11E8 Device \Driver\dmio \Device\DmControl\DmIoDaemon 8A5AC1E8 Device \Driver\dmio \Device\DmControl\DmConfig 8A5AC1E8 Device \Driver\dmio \Device\DmControl\DmPnP 8A5AC1E8 Device \Driver\dmio \Device\DmControl\DmInfo 8A5AC1E8 Device \Driver\usbehci \Device\USBPDO-1 8A4491E8 Device \Driver\Tcpip \Device\Tcp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) Device \Driver\Ftdisk \Device\HarddiskVolume1 8A5AD1E8 Device \Driver\atapi \Device\Ide\IdePort0 8A5651E8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 8A5651E8 Device \Driver\atapi \Device\Ide\IdePort1 8A5651E8 Device \Driver\atapi \Device\Ide\IdePort2 8A5651E8 Device \Driver\atapi \Device\Ide\IdePort3 8A5651E8 Device \Driver\atapi \Device\Ide\IdePort4 8A5651E8 Device \Driver\atapi \Device\Ide\IdePort5 8A5651E8 Device \Driver\atapi \Device\Ide\IdePort6 8A5651E8 Device \Driver\atapi \Device\Ide\IdePort7 8A5651E8 Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e 8A5651E8 Device \Driver\NetBT \Device\NetBt_Wins_Export 8976B1E8 Device \Driver\NetBT \Device\NetbiosSmb 8976B1E8 Device \Driver\Tcpip \Device\Udp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) Device \Driver\Tcpip \Device\RawIp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) Device \Driver\usbohci \Device\USBFDO-0 8A3C11E8 Device \Driver\usbehci \Device\USBFDO-1 8A4491E8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 897681E8 Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) Device \FileSystem\MRxSmb \Device\LanmanRedirector 897681E8 Device \Driver\Ftdisk \Device\FtControl 8A5AD1E8 Device \FileSystem\Cdfs \Cdfs 895EF1E8 ---- Threads - GMER 1.0.14 ---- Thread 4:164 8A527950 ---- Registry - GMER 1.0.14 ---- Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x74 0xC5 0x6B 0xB0 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x9D 0xE3 0x86 0x88 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x52 0x7E 0xE0 0xC1 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41 Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41@ujdew 0xD2 0xB9 0x06 0x1B ... Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@矏卉s^L?\xe48ec豦\0\0\0\0 1? Reg HKLM\SYSTEM\CurrentControlSet\Services\lanmanserver\Shares@pSh\xf322j CSCFlags=0?MaxUses=4294967295?Path=Microsoft Office Document Image Writer,LocalsplOnly?Permissions=0?Remark=Microsoft Office Document Image Writer?Type=1? Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x29 0xE3 0x92 0x92 ... Reg HKLM\SYSTEM\ControlSet003\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@矏卉s^L?\xe48ec豦\0\0\0\0 1? Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x74 0xC5 0x6B 0xB0 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x9D 0xE3 0x86 0x88 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x52 0x7E 0xE0 0xC1 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41@ujdew 0xD2 0xB9 0x06 0x1B ... Reg HKLM\SYSTEM\ControlSet004\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@矏卉s^L?\xe48ec豦\0\0\0\0 1? Reg HKLM\SYSTEM\ControlSet004\Services\lanmanserver\Shares@pSh\xf322j CSCFlags=0?MaxUses=4294967295?Path=Microsoft Office Document Image Writer,LocalsplOnly?Permissions=0?Remark=Microsoft Office Document Image Writer?Type=1? Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x29 0xE3 0x92 0x92 ... Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes@芏?}vr\0\0 "C:\WINDOWS\Cursors\3dwarro.cur,,C:\WINDOWS\Cursors\appstar3.ani,C:\WINDOWS\Cursors\hourgla3.ani,C:\WINDOWS\Cursors\cross.cur,,,C:\WINDOWS\Cursors\3dwno.cur,C:\WINDOWS\Cursors\3dwns.cur,C:\WINDOWS\Cursors\3dwwe.cur,C:\WINDOWS\Cursors\3dwnwse.cur,C:\WINDOWS\Cursors\3dwnesw.cur,C:\WINDOWS\Cursors\3dwmove.cur," Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes@Kb槔 \0001\0 "C:\WINDOWS\Cursors\harrow.cur,,C:\WINDOWS\Cursors\handapst.ani,C:\WINDOWS\Cursors\hand.ani,C:\WINDOWS\Cursors\hcross.cur,C:\WINDOWS\Cursors\hibeam.cur,,C:\WINDOWS\Cursors\hnodrop.cur,C:\WINDOWS\Cursors\hns.cur,C:\WINDOWS\Cursors\hwe.cur,C:\WINDOWS\Cursors\hnwse.cur,C:\WINDOWS\Cursors\hnesw.cur,C:\WINDOWS\Cursors\hmove.cur," Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes@Kb槔 \0002\0 "C:\WINDOWS\Cursors\harrow.cur,,C:\WINDOWS\Cursors\handapst.ani,C:\WINDOWS\Cursors\handwait.ani,C:\WINDOWS\Cursors\hcross.cur,C:\WINDOWS\Cursors\hibeam.cur,,C:\WINDOWS\Cursors\handno.ani,C:\WINDOWS\Cursors\handns.ani,C:\WINDOWS\Cursors\handwe.ani,C:\WINDOWS\Cursors\handnwse.ani,C:\WINDOWS\Cursors\handnesw.ani,C:\WINDOWS\Cursors\hmove.cur," Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes@P`? "C:\WINDOWS\Cursors\3dgarro.cur,,C:\WINDOWS\Cursors\dinosaur.ani,C:\WINDOWS\Cursors\dinosau2.ani,C:\WINDOWS\Cursors\cross.cur,,,C:\WINDOWS\Cursors\banana.ani,C:\WINDOWS\Cursors\3dsns.cur,C:\WINDOWS\Cursors\3dgwe.cur,C:\WINDOWS\Cursors\3dsnwse.cur,C:\WINDOWS\Cursors\3dgnesw.cur,C:\WINDOWS\Cursors\3dsmove.cur," Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes@躐\n?_\0 "C:\WINDOWS\Cursors\harrow.cur,,C:\WINDOWS\Cursors\horse.ani,C:\WINDOWS\Cursors\barber.ani,C:\WINDOWS\Cursors\hcross.cur,C:\WINDOWS\Cursors\hibeam.cur,,C:\WINDOWS\Cursors\coin.ani,C:\WINDOWS\Cursors\3dgns.cur,C:\WINDOWS\Cursors\3dgwe.cur,C:\WINDOWS\Cursors\3dgnwse.cur,C:\WINDOWS\Cursors\3dgnesw.cur,C:\WINDOWS\Cursors\3dgmove.cur," Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes@\ac蟃跋\0 "C:\WINDOWS\Cursors\harrow.cur,,C:\WINDOWS\Cursors\drum.ani,C:\WINDOWS\Cursors\metronom.ani,C:\WINDOWS\Cursors\hcross.cur,C:\WINDOWS\Cursors\hibeam.cur,,C:\WINDOWS\Cursors\piano.ani,C:\WINDOWS\Cursors\hns.cur,C:\WINDOWS\Cursors\hwe.cur,C:\WINDOWS\Cursors\hnwse.cur,C:\WINDOWS\Cursors\hnesw.cur,C:\WINDOWS\Cursors\hmove.cur," Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes@>e'Y "C:\WINDOWS\Cursors\larrow.cur,,C:\WINDOWS\Cursors\lappstrt.cur,C:\WINDOWS\Cursors\lwait.cur,C:\WINDOWS\Cursors\lcross.cur,C:\WINDOWS\Cursors\libeam.cur,,C:\WINDOWS\Cursors\lnodrop.cur,C:\WINDOWS\Cursors\lns.cur,C:\WINDOWS\Cursors\lwe.cur,C:\WINDOWS\Cursors\lnwse.cur,C:\WINDOWS\Cursors\lnesw.cur,C:\WINDOWS\Cursors\lmove.cur," Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes@?OY "C:\WINDOWS\Cursors\fillitup.ani,,C:\WINDOWS\Cursors\raindrop.ani,C:\WINDOWS\Cursors\counter.ani,C:\WINDOWS\Cursors\cross.cur,,,C:\WINDOWS\Cursors\wagtail.ani,C:\WINDOWS\Cursors\sizens.ani,C:\WINDOWS\Cursors\sizewe.ani,C:\WINDOWS\Cursors\sizenwse.ani,C:\WINDOWS\Cursors\sizenesw.ani," Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes@芏??r\0\0\0 "C:\WINDOWS\Cursors\3dgarro.cur,,C:\WINDOWS\Cursors\appstar2.ani,C:\WINDOWS\Cursors\hourgla2.ani,C:\WINDOWS\Cursors\cross.cur,,,C:\WINDOWS\Cursors\3dgno.cur,C:\WINDOWS\Cursors\3dgns.cur,C:\WINDOWS\Cursors\3dgwe.cur,C:\WINDOWS\Cursors\3dgnwse.cur,C:\WINDOWS\Cursors\3dgnesw.cur,C:\WINDOWS\Cursors\3dgmove.cur," Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\?d?[?PNq_柣 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\?d?[?PNq_柣@ {67cf8cbd-e5c0-44f7-9de5-e1d599d626d8} Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\?d?[?PNq_柣@Description ??????????? Windows???????????????????????? Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\?d?[?PNq_柣@Display ??????????? Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\?d?[?PNq_柣@IconPath %SystemRoot%\system32\osuninst.EXE,0 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Documents and Settings\All Users\\x300c開始\x300d功能表\程式集\Microsoft Office\Microsoft Office 工 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Documents and Settings\All Users\\x300c開始\x300d功能表\程式集\Microsoft Office\ Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Documents and Settings\All Users\\x300c開始\x300d功能表\程式集\QuickTime\i Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Documents and Settings\All Users\\x300c開始\x300d功能表\程式集\iTunes\ Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontMapper@0}\16f? 32904 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontMapper@送0}\16f?\0 136 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts@\31jwi? \0(\0T\0r\0u\0e\0T\0y\0p\0e\0)\0 KAIU.TTF Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts@0}\16f? \0&\0 \0送0}\16f? \0(\0T\0r\0u\0e\0T\0y\0p\0e\0)\0\0\0 MINGLIU.TTC Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Applets\Volume Control\Realtek HD Audio Input\呃6R Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Applets\Volume Control\Realtek HD Audio Input\呃6R@LineStates 0x00 0x00 0x00 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Applets\Volume Control\Realtek HD Audio output\;N?? Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Applets\Volume Control\Realtek HD Audio output\;N??@LineStates 0x00 0x00 0x00 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\ N?+ Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\ N?+@Order 0x08 0x00 0x00 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Z? Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Z?@Order 0x08 0x00 0x00 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\bv Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\bv@Order 0x08 0x00 0x00 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\t??e Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\t??e@Order 0x08 0x00 0x00 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\#P} Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\#P}@Order 0x08 0x00 0x00 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\_U悐 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\_U悐@Order 0x08 0x00 0x00 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\\?l` Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\\?l`@Order 0x08 0x00 0x00 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Dl\气(u z_ Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Dl\气(u z_@Order 0x08 0x00 0x00 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Dl\气(u z_\TS命嬁wQ Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Dl\气(u z_\TS命嬁wQ@Order 0x08 0x00 0x00 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Dl\气(u z_\Zj Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Dl\气(u z_\Zj@Order 0x08 0x00 0x00 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Dl\气(u z_\|q}嬁wQ Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Dl\气(u z_\|q}嬁wQ@Order 0x08 0x00 0x00 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Dl\气(u z_\? Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Dl\气(u z_\?@Order 0x08 0x00 0x00 0x00 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\GrpConv\MapGroups@J?j4X ??????\??? Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\Network\N譸▏?hV Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\Network\N譸▏?hV@SaveSettings 1 Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\Network\:O ghV﹃t嗿 Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\Network\:O ghV﹃t嗿@SaveSettings 1 Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\Network\O(u﹃t嗿 Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\Network\O(u﹃t嗿@SaveSettings 1 Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\Network\瓠綈O(u﹃t嗿 Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\Network\瓠綈O(u﹃t嗿@SaveSettings 1 Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\Twain@\20??O\xed91\0\0 C:\WINDOWS\Twain_32\CNQL20\CISDS.DS ---- EOF - GMER 1.0.14 ----