Code:
Alles auswählen Aufklappen ATTFilter
.text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[4564] C:\Windows\SysWOW64\ntdll.dll!NtWriteFile 0000000077a4f928 5 bytes JMP 00000001742a7589
.text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[4564] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000077a4f9e0 5 bytes JMP 00000001742a6619
.text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[4564] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000077a4fb28 5 bytes JMP 00000001742a6029
.text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[4564] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 0000000077a4fc20 5 bytes JMP 00000001742a31d9
.text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[4564] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 0000000077a4fc50 5 bytes JMP 00000001742a15f1
.text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[4564] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 0000000077a4fc80 5 bytes JMP 00000001742a1689
.text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[4564] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077a4fcb0 5 bytes JMP 00000001742a5f91
.text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[4564] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 0000000077a4fdc8 5 bytes JMP 00000001742a74f1
.text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[4564] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077a4fe14 5 bytes JMP 00000001742a30a9
.text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[4564] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 0000000077a4fe44 5 bytes JMP 00000001742a3309
.text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[4564] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 0000000077a4ff24 5 bytes JMP 00000001742a3271
.text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[4564] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 0000000077a4ffa4 5 bytes JMP 00000001742a7621
.text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[4564] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 0000000077a4ffec 5 bytes JMP 00000001742a2ee1
.text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[4564] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077a50004 5 bytes JMP 00000001742a2db1
.text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[4564] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077a500b4 5 bytes JMP 00000001742a1ed9
.text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[4564] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 0000000077a501c4 5 bytes JMP 00000001742a2301
.text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[4564] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077a5079c 5 bytes JMP 00000001742a7459
.text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[4564] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 0000000077a50814 5 bytes JMP 00000001742a2e49
.text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[4564] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077a508a4 5 bytes JMP 00000001742a2d19
.text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[4564] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077a50df4 5 bytes JMP 00000001742a66b1
.text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[4564] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError 0000000077a51604 5 bytes JMP 00000001742a4ac9
.text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[4564] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077a51920 5 bytes JMP 00000001742a3141
.text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[4564] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077a51be4 5 bytes JMP 00000001742a6749
.text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[4564] C:\Windows\SysWOW64\ntdll.dll!NtSuspendProcess 0000000077a51d54 5 bytes JMP 00000001742a3439
.text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[4564] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077a51d70 5 bytes JMP 00000001742a33a1
.text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[4564] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077a51d8c 5 bytes JMP 00000001742a76b9
.text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[4564] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl 0000000077a51ee8 5 bytes JMP 00000001742a7291
.text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[4564] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter 0000000077a688c4 5 bytes JMP 00000001742a1ab1
.text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[4564] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx 0000000077a90d3b 5 bytes JMP 00000001742a2009
.text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[4564] C:\Windows\SysWOW64\ntdll.dll!RtlReportException 0000000077ad860f 5 bytes JMP 00000001742a4b61
.text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[4564] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters 0000000077ade8ab 5 bytes JMP 00000001742a1f71
.text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[4564] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA 00000000755a0e00 5 bytes JMP 00000001742a1da9
.text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[4564] C:\Windows\syswow64\kernel32.dll!CreateProcessA 00000000755a1072 5 bytes JMP 00000001742a2a21
.text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[4564] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 00000000755a499f 5 bytes JMP 00000001742a25f9
.text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[4564] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 00000000755b3bbb 5 bytes JMP 00000001742a3011
.text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[4564] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 00000000755b9aa4 5 bytes JMP 00000001742a6f01
.text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[4564] C:\Windows\syswow64\kernel32.dll!MoveFileExW 00000000755b9b05 5 bytes JMP 00000001742a6ca1
.text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[4564] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot 00000000755c7327 5 bytes JMP 00000001742a2729
.text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[4564] C:\Windows\syswow64\kernel32.dll!Process32NextW 00000000755c88da 5 bytes JMP 00000001742a6581
.text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[4564] C:\Windows\syswow64\kernel32.dll!MoveFileExA 00000000755cccb1 5 bytes JMP 00000001742a6b71
.text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[4564] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 00000000755cccd1 5 bytes JMP 00000001742a6dd1
.text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[4564] C:\Windows\syswow64\kernel32.dll!WinExec 0000000075622ff1 5 bytes JMP 00000001742a28f1
.text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[4564] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA 000000007564748b 5 bytes JMP 00000001742a46a1
.text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[4564] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW 00000000756474ae 5 bytes JMP 00000001742a47d1
.text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[4564] C:\Windows\syswow64\kernel32.dll!ReadConsoleA 0000000075647859 5 bytes JMP 00000001742a4901
.text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[4564] C:\Windows\syswow64\kernel32.dll!ReadConsoleW 00000000756478d2 5 bytes JMP 00000001742a4a31
.text C:\Program Files (x86)\Launch Manager\LMworker.exe[4844] C:\Windows\syswow64\USER32.dll!GetMessageW 00000000775278e2 5 bytes JMP 00000001742a4441
.text C:\Program Files (x86)\Launch Manager\LMworker.exe[4844] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000077527bd3 5 bytes JMP 00000001742a43a9
.text C:\Program Files (x86)\Launch Manager\LMworker.exe[4844] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000077528a29 5 bytes JMP 00000001742a5909
.text C:\Program Files (x86)\Launch Manager\LMworker.exe[4844] C:\Windows\syswow64\USER32.dll!FindWindowW 00000000775298fd 5 bytes JMP 00000001742a63b9
.text C:\Program Files (x86)\Launch Manager\LMworker.exe[4844] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize 000000007752b6ed 5 bytes JMP 00000001742a7751
.text C:\Program Files (x86)\Launch Manager\LMworker.exe[4844] C:\Windows\syswow64\USER32.dll!CreateWindowExA 000000007752d22e 5 bytes JMP 00000001742a59a1
.text C:\Program Files (x86)\Launch Manager\LMworker.exe[4844] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007752ee09 5 bytes JMP 00000001742a34d1
.text C:\Program Files (x86)\Launch Manager\LMworker.exe[4844] C:\Windows\syswow64\USER32.dll!FindWindowA 000000007752ffe6 5 bytes JMP 00000001742a6289
.text C:\Program Files (x86)\Launch Manager\LMworker.exe[4844] C:\Windows\syswow64\USER32.dll!FindWindowExA 00000000775300d9 5 bytes JMP 00000001742a6321
.text C:\Program Files (x86)\Launch Manager\LMworker.exe[4844] C:\Windows\syswow64\USER32.dll!PeekMessageW 00000000775305ba 5 bytes JMP 00000001742a4571
.text C:\Program Files (x86)\Launch Manager\LMworker.exe[4844] C:\Windows\syswow64\USER32.dll!ShowWindow 0000000077530dfb 5 bytes JMP 00000001742a5a39
.text C:\Program Files (x86)\Launch Manager\LMworker.exe[4844] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000775312a5 5 bytes JMP 00000001742a73c1
.text C:\Program Files (x86)\Launch Manager\LMworker.exe[4844] C:\Windows\syswow64\USER32.dll!SetWindowTextW 00000000775320ec 5 bytes JMP 00000001742a5dc9
.text C:\Program Files (x86)\Launch Manager\LMworker.exe[4844] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000077533baa 5 bytes JMP 00000001742a7329
.text C:\Program Files (x86)\Launch Manager\LMworker.exe[4844] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000077535f74 5 bytes JMP 00000001742a44d9
.text C:\Program Files (x86)\Launch Manager\LMworker.exe[4844] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000077536285 5 bytes JMP 00000001742a4bf9
.text C:\Program Files (x86)\Launch Manager\LMworker.exe[4844] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000077537603 5 bytes JMP 00000001742a2be9
.text C:\Program Files (x86)\Launch Manager\LMworker.exe[4844] C:\Windows\syswow64\USER32.dll!SetWindowTextA 0000000077537aee 5 bytes JMP 00000001742a5d31
.text C:\Program Files (x86)\Launch Manager\LMworker.exe[4844] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007753835c 5 bytes JMP 00000001742a2b51
.text C:\Program Files (x86)\Launch Manager\LMworker.exe[4844] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamAorW 000000007754ce54 5 bytes JMP 00000001742a5b69
.text C:\Program Files (x86)\Launch Manager\LMworker.exe[4844] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007754f52b 5 bytes JMP 00000001742a4c91
.text C:\Program Files (x86)\Launch Manager\LMworker.exe[4844] C:\Windows\syswow64\USER32.dll!FindWindowExW 000000007754f588 5 bytes JMP 00000001742a6451
.text C:\Program Files (x86)\Launch Manager\LMworker.exe[4844] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamAorW 00000000775510a0 5 bytes JMP 00000001742a5ad1
.text C:\Program Files (x86)\Launch Manager\LMworker.exe[4844] C:\Windows\syswow64\USER32.dll!MessageBoxExA 000000007757fcd6 5 bytes JMP 00000001742a5c01
.text C:\Program Files (x86)\Launch Manager\LMworker.exe[4844] C:\Windows\syswow64\USER32.dll!MessageBoxExW 000000007757fcfa 5 bytes JMP 00000001742a5c99
.text C:\Windows\system32\wbem\wmiprvse.exe[5016] C:\Windows\SYSTEM32\sechost.dll!ControlService + 1 000007fefd9d642d 11 bytes [B8, 39, 5B, 0E, 76, 00, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[5016] C:\Windows\SYSTEM32\sechost.dll!OpenServiceW 000007fefd9d6484 12 bytes [48, B8, F9, 55, 0E, 76, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[5016] C:\Windows\SYSTEM32\sechost.dll!CloseServiceHandle + 1 000007fefd9d6519 11 bytes [B8, 39, 62, 0E, 76, 00, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[5016] C:\Windows\SYSTEM32\sechost.dll!OpenServiceA 000007fefd9d6c34 12 bytes [48, B8, 39, 54, 0E, 76, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[5016] C:\Windows\SYSTEM32\sechost.dll!DeleteService + 1 000007fefd9d7ab5 11 bytes [B8, F9, 5C, 0E, 76, 00, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[5016] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExA + 1 000007fefd9d8b01 11 bytes [B8, B9, 57, 0E, 76, 00, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[5016] C:\Windows\SYSTEM32\sechost.dll!ControlServiceExW + 1 000007fefd9d8c39 11 bytes [B8, 79, 59, 0E, 76, 00, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[5016] C:\Windows\system32\WS2_32.dll!WSASend + 1 000007feff5013b1 11 bytes [B8, 79, A6, 0E, 76, 00, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[5016] C:\Windows\system32\WS2_32.dll!closesocket 000007feff5018e0 12 bytes [48, B8, B9, A4, 0E, 76, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[5016] C:\Windows\system32\WS2_32.dll!WSASocketW + 1 000007feff501bd1 11 bytes [B8, F9, A2, 0E, 76, 00, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[5016] C:\Windows\system32\WS2_32.dll!WSARecv + 1 000007feff502201 11 bytes [B8, 39, E0, 0E, 76, 00, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[5016] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 000007feff5023c0 12 bytes [48, B8, 39, 8C, 0E, 76, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[5016] C:\Windows\system32\WS2_32.dll!connect 000007feff5045c0 12 bytes [48, B8, 79, 67, 0E, 76, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[5016] C:\Windows\system32\WS2_32.dll!send + 1 000007feff508001 11 bytes [B8, 39, A1, 0E, 76, 00, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[5016] C:\Windows\system32\WS2_32.dll!gethostbyname 000007feff508df0 7 bytes [48, B8, B9, 8F, 0E, 76, 00]
.text C:\Windows\system32\wbem\wmiprvse.exe[5016] C:\Windows\system32\WS2_32.dll!gethostbyname + 9 000007feff508df9 3 bytes [00, 50, C3]
.text C:\Windows\system32\wbem\wmiprvse.exe[5016] C:\Windows\system32\WS2_32.dll!GetAddrInfoExW 000007feff50c090 12 bytes [48, B8, F9, 8D, 0E, 76, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[5016] C:\Windows\system32\WS2_32.dll!socket + 1 000007feff50de91 11 bytes [B8, 39, D9, 0E, 76, 00, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[5016] C:\Windows\system32\WS2_32.dll!recv + 1 000007feff50df41 11 bytes [B8, 79, DE, 0E, 76, 00, 00, ...]
.text C:\Windows\system32\wbem\wmiprvse.exe[5016] C:\Windows\system32\WS2_32.dll!WSAConnect + 1 000007feff52e0f1 11 bytes [B8, B9, DC, 0E, 76, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4588] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime 00000000765e8f8d 5 bytes JMP 00000001742a1a19
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4588] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle 00000000765ec436 5 bytes JMP 00000001742a3b59
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4588] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 00000000765eeca6 5 bytes JMP 00000001742a3601
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4588] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess 00000000765ef206 5 bytes JMP 00000001742a2399
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4588] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW 00000000765efa89 5 bytes JMP 00000001742a1e41
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4588] C:\Windows\syswow64\KERNELBASE.dll!DefineDosDeviceW 00000000765efbb7 5 bytes JMP 00000001742a6a41
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4588] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW 00000000765f1358 5 bytes JMP 00000001742a3ac1
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4588] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 00000000765f137f 5 bytes JMP 00000001742a3a29
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4588] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000765f1d29 5 bytes JMP 00000001742a1981
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4588] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress 00000000765f1e15 5 bytes JMP 00000001742a24c9
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4588] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000765f2ab1 5 bytes JMP 00000001742a6159
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4588] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA 00000000765f2cd9 5 bytes JMP 00000001742a60c1
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4588] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000765f2d17 5 bytes JMP 00000001742a61f1
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4588] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA 00000000765f2e7a 5 bytes JMP 00000001742a18e9
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4588] C:\Windows\syswow64\KERNELBASE.dll!SleepEx 00000000765f3b70 5 bytes JMP 00000001742a2269
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4588] C:\Windows\syswow64\KERNELBASE.dll!Sleep 00000000765f4496 5 bytes JMP 00000001742a2431
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4588] C:\Windows\syswow64\KERNELBASE.dll!CreateThread 00000000765f4608 5 bytes JMP 00000001742a3569
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4588] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread 00000000765f4631 5 bytes JMP 00000001742a2c81
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4588] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA 00000000765fc734 5 bytes JMP 00000001742a27c1
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[1048] C:\Windows\system32\kernel32.dll!Process32NextW + 1 0000000077631b21 11 bytes [B8, 79, BB, 0E, 76, 00, 00, ...]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[1048] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 0000000077631c10 12 bytes [48, B8, F9, 39, 0E, 76, 00, ...]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[1048] C:\Windows\system32\kernel32.dll!MoveFileExW + 1 0000000077632b61 8 bytes [B8, 79, D0, 0E, 76, 00, 00, ...]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[1048] C:\Windows\system32\kernel32.dll!MoveFileExW + 10 0000000077632b6a 2 bytes [50, C3]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[1048] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007764db80 12 bytes [48, B8, B9, 2D, 0E, 76, 00, ...]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[1048] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 0000000077650931 11 bytes [B8, B9, E3, 0E, 76, 00, 00, ...]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[1048] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 00000000776852f1 11 bytes [B8, B9, 7A, 0E, 76, 00, 00, ...]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[1048] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000077685311 11 bytes [B8, 39, 77, 0E, 76, 00, 00, ...]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[1048] C:\Windows\system32\kernel32.dll!ReadConsoleW 000000007769a5e0 12 bytes [48, B8, B9, 81, 0E, 76, 00, ...]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[1048] C:\Windows\system32\kernel32.dll!ReadConsoleA 000000007769a6f0 12 bytes [48, B8, 39, 7E, 0E, 76, 00, ...]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[1048] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1 00000000776bf491 11 bytes [B8, 79, D7, 0E, 76, 00, 00, ...]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[1048] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1 00000000776bf691 11 bytes [B8, F9, D3, 0E, 76, 00, 00, ...]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[1048] C:\Windows\system32\kernel32.dll!MoveFileExA + 1 00000000776bf6c1 8 bytes [B8, F9, CC, 0E, 76, 00, 00, ...]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[1048] C:\Windows\system32\kernel32.dll!MoveFileExA + 10 00000000776bf6ca 2 bytes [50, C3]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[1048] C:\Windows\system32\KERNELBASE.dll!CloseHandle + 1 000007fefd731861 11 bytes [B8, 79, 52, 0E, 76, 00, 00, ...]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[1048] C:\Windows\system32\KERNELBASE.dll!FreeLibrary + 1 000007fefd732db1 11 bytes [B8, 39, AF, 0E, 76, 00, 00, ...]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[1048] C:\Windows\system32\KERNELBASE.dll!GetProcAddress + 1 000007fefd733461 11 bytes [B8, F9, B0, 0E, 76, 00, 00, ...]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[1048] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd738ef0 12 bytes [48, B8, 79, AD, 0E, 76, 00, ...]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[1048] C:\Windows\system32\KERNELBASE.dll!CreateMutexW 000007fefd7394c0 12 bytes [48, B8, B9, 50, 0E, 76, 00, ...]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[1048] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA + 1 000007fefd73bfd1 11 bytes [B8, B9, AB, 0E, 76, 00, 00, ...]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[1048] C:\Windows\system32\KERNELBASE.dll!OpenMutexW + 1 000007fefd742af1 11 bytes [B8, F9, 4E, 0E, 76, 00, 00, ...]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[1048] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory 000007fefd764350 12 bytes [48, B8, B9, 42, 0E, 76, 00, ...]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[1048] C:\Windows\system32\KERNELBASE.dll!DefineDosDeviceW + 1 000007fefd770c11 11 bytes [B8, 79, C9, 0E, 76, 00, 00, ...]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[1048] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 1 000007fefd772871 8 bytes [B8, 39, 23, 0E, 76, 00, 00, ...]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[1048] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThread + 10 000007fefd77287a 2 bytes [50, C3]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[1048] C:\Windows\system32\KERNELBASE.dll!CreateThread + 1 000007fefd7728b1 11 bytes [B8, F9, 40, 0E, 76, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4276] C:\Windows\SysWOW64\ntdll.dll!NtWriteFile 0000000077a4f928 5 bytes JMP 00000001742a7589
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4276] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000077a4f9e0 5 bytes JMP 00000001742a6619
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4276] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000077a4fb28 5 bytes JMP 00000001742a6029
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4276] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 0000000077a4fc20 5 bytes JMP 00000001742a31d9
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4276] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 0000000077a4fc50 5 bytes JMP 00000001742a15f1
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4276] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 0000000077a4fc80 5 bytes JMP 00000001742a1689
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4276] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077a4fcb0 5 bytes JMP 00000001742a5f91
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4276] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 0000000077a4fdc8 5 bytes JMP 00000001742a74f1
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4276] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077a4fe14 5 bytes JMP 00000001742a30a9
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4276] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 0000000077a4fe44 5 bytes JMP 00000001742a3309
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4276] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 0000000077a4ff24 5 bytes JMP 00000001742a3271
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4276] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 0000000077a4ffa4 5 bytes JMP 00000001742a7621
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4276] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 0000000077a4ffec 5 bytes JMP 00000001742a2ee1
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4276] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077a50004 5 bytes JMP 00000001742a2db1
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4276] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077a500b4 5 bytes JMP 00000001742a1ed9
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4276] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 0000000077a501c4 5 bytes JMP 00000001742a2301
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4276] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077a5079c 5 bytes JMP 00000001742a7459
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4276] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 0000000077a50814 5 bytes JMP 00000001742a2e49
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4276] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077a508a4 5 bytes JMP 00000001742a2d19
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4276] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077a50df4 5 bytes JMP 00000001742a66b1
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4276] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError 0000000077a51604 5 bytes JMP 00000001742a4ac9
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4276] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077a51920 5 bytes JMP 00000001742a3141
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4276] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077a51be4 5 bytes JMP 00000001742a6749
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4276] C:\Windows\SysWOW64\ntdll.dll!NtSuspendProcess 0000000077a51d54 5 bytes JMP 00000001742a3439
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4276] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077a51d70 5 bytes JMP 00000001742a33a1
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4276] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077a51d8c 5 bytes JMP 00000001742a76b9
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4276] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl 0000000077a51ee8 5 bytes JMP 00000001742a7291
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4276] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter 0000000077a688c4 5 bytes JMP 00000001742a1ab1
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4276] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx 0000000077a90d3b 5 bytes JMP 00000001742a2009
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4276] C:\Windows\SysWOW64\ntdll.dll!RtlReportException 0000000077ad860f 5 bytes JMP 00000001742a4b61
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4276] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters 0000000077ade8ab 5 bytes JMP 00000001742a1f71
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4276] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA 00000000755a0e00 5 bytes JMP 00000001742a1da9
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4276] C:\Windows\syswow64\kernel32.dll!CreateProcessA 00000000755a1072 5 bytes JMP 00000001742a2a21
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4276] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 00000000755a499f 5 bytes JMP 00000001742a25f9
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4276] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 00000000755b3bbb 5 bytes JMP 00000001742a3011
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4276] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 00000000755b9aa4 5 bytes JMP 00000001742a6f01
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4276] C:\Windows\syswow64\kernel32.dll!MoveFileExW 00000000755b9b05 5 bytes JMP 00000001742a6ca1
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4276] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot 00000000755c7327 5 bytes JMP 00000001742a2729
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4276] C:\Windows\syswow64\kernel32.dll!Process32NextW 00000000755c88da 5 bytes JMP 00000001742a6581
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4276] C:\Windows\syswow64\kernel32.dll!MoveFileExA 00000000755cccb1 5 bytes JMP 00000001742a6b71
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4276] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 00000000755cccd1 5 bytes JMP 00000001742a6dd1
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4276] C:\Windows\syswow64\kernel32.dll!WinExec 0000000075622ff1 5 bytes JMP 00000001742a28f1
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4276] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA 000000007564748b 5 bytes JMP 00000001742a46a1
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4276] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW 00000000756474ae 5 bytes JMP 00000001742a47d1
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4276] C:\Windows\syswow64\kernel32.dll!ReadConsoleA 0000000075647859 5 bytes JMP 00000001742a4901
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4276] C:\Windows\syswow64\kernel32.dll!ReadConsoleW 00000000756478d2 5 bytes JMP 00000001742a4a31
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4276] C:\Windows\syswow64\WS2_32.dll!closesocket 00000000767d3918 5 bytes JMP 00000001742a5ef9
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4276] C:\Windows\syswow64\WS2_32.dll!WSASocketW 00000000767d3cd3 5 bytes JMP 00000001742a5e61
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4276] C:\Windows\syswow64\WS2_32.dll!socket 00000000767d3eb8 5 bytes JMP 00000001742a6f99
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4276] C:\Windows\syswow64\WS2_32.dll!WSASend 00000000767d4406 5 bytes JMP 00000001742a2139
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4276] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoW 00000000767d4889 5 bytes JMP 00000001742a5741
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4276] C:\Windows\syswow64\WS2_32.dll!recv 00000000767d6b0e 5 bytes JMP 00000001742a7161
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4276] C:\Windows\syswow64\WS2_32.dll!connect 00000000767d6bdd 1 byte JMP 00000001742a41e1
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4276] C:\Windows\syswow64\WS2_32.dll!connect + 2 00000000767d6bdf 3 bytes {CALL RBP}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4276] C:\Windows\syswow64\WS2_32.dll!send 00000000767d6f01 5 bytes JMP 00000001742a20a1
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4276] C:\Windows\syswow64\WS2_32.dll!WSARecv 00000000767d7089 5 bytes JMP 00000001742a71f9
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4276] C:\Windows\syswow64\WS2_32.dll!WSAConnect 00000000767dcc3f 5 bytes JMP 00000001742a70c9
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4276] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoExW 00000000767dd1ea 5 bytes JMP 00000001742a57d9
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4276] C:\Windows\syswow64\WS2_32.dll!gethostbyname 00000000767e7673 5 bytes JMP 00000001742a5871
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[632] C:\Windows\SysWOW64\ntdll.dll!NtWriteFile 0000000077a4f928 5 bytes JMP 00000001742a7589
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[632] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000077a4f9e0 5 bytes JMP 00000001742a6619
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[632] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000077a4fb28 5 bytes JMP 00000001742a6029
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[632] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 0000000077a4fc20 5 bytes JMP 00000001742a31d9
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[632] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 0000000077a4fc50 5 bytes JMP 00000001742a15f1
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[632] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 0000000077a4fc80 5 bytes JMP 00000001742a1689
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[632] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077a4fcb0 5 bytes JMP 00000001742a5f91
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[632] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 0000000077a4fdc8 5 bytes JMP 00000001742a74f1
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[632] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077a4fe14 5 bytes JMP 00000001742a30a9
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[632] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 0000000077a4fe44 5 bytes JMP 00000001742a3309
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[632] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 0000000077a4ff24 5 bytes JMP 00000001742a3271
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[632] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 0000000077a4ffa4 5 bytes JMP 00000001742a7621
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[632] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 0000000077a4ffec 5 bytes JMP 00000001742a2ee1
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[632] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077a50004 5 bytes JMP 00000001742a2db1
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[632] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077a500b4 5 bytes JMP 00000001742a1ed9
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[632] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 0000000077a501c4 5 bytes JMP 00000001742a2301
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[632] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077a5079c 5 bytes JMP 00000001742a7459
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[632] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 0000000077a50814 5 bytes JMP 00000001742a2e49
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[632] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077a508a4 5 bytes JMP 00000001742a2d19
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[632] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077a50df4 5 bytes JMP 00000001742a66b1
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[632] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError 0000000077a51604 5 bytes JMP 00000001742a4ac9
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[632] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077a51920 5 bytes JMP 00000001742a3141
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[632] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077a51be4 5 bytes JMP 00000001742a6749
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[632] C:\Windows\SysWOW64\ntdll.dll!NtSuspendProcess 0000000077a51d54 5 bytes JMP 00000001742a3439
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[632] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077a51d70 5 bytes JMP 00000001742a33a1
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[632] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077a51d8c 5 bytes JMP 00000001742a76b9
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[632] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl 0000000077a51ee8 5 bytes JMP 00000001742a7291
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[632] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter 0000000077a688c4 5 bytes JMP 00000001742a1ab1
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[632] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx 0000000077a90d3b 5 bytes JMP 00000001742a2009
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[632] C:\Windows\SysWOW64\ntdll.dll!RtlReportException 0000000077ad860f 5 bytes JMP 00000001742a4b61
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[632] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters 0000000077ade8ab 5 bytes JMP 00000001742a1f71
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[632] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA 00000000755a0e00 5 bytes JMP 00000001742a1da9
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[632] C:\Windows\syswow64\kernel32.dll!CreateProcessA 00000000755a1072 5 bytes JMP 00000001742a2a21
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[632] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 00000000755a499f 5 bytes JMP 00000001742a25f9
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[632] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 00000000755b3bbb 5 bytes JMP 00000001742a3011
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[632] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 00000000755b9aa4 5 bytes JMP 00000001742a6f01
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[632] C:\Windows\syswow64\kernel32.dll!MoveFileExW 00000000755b9b05 5 bytes JMP 00000001742a6ca1
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[632] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot 00000000755c7327 5 bytes JMP 00000001742a2729
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[632] C:\Windows\syswow64\kernel32.dll!Process32NextW 00000000755c88da 5 bytes JMP 00000001742a6581
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[632] C:\Windows\syswow64\kernel32.dll!MoveFileExA 00000000755cccb1 5 bytes JMP 00000001742a6b71
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[632] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 00000000755cccd1 5 bytes JMP 00000001742a6dd1
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[632] C:\Windows\syswow64\kernel32.dll!WinExec 0000000075622ff1 5 bytes JMP 00000001742a28f1
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[632] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA 000000007564748b 5 bytes JMP 00000001742a46a1
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[632] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW 00000000756474ae 5 bytes JMP 00000001742a47d1
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[632] C:\Windows\syswow64\kernel32.dll!ReadConsoleA 0000000075647859 5 bytes JMP 00000001742a4901
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[632] C:\Windows\syswow64\kernel32.dll!ReadConsoleW 00000000756478d2 5 bytes JMP 00000001742a4a31
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[632] C:\Windows\syswow64\msvcrt.dll!_lock + 41 000000007643a472 5 bytes JMP 00000001742a7751
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[632] C:\Windows\syswow64\msvcrt.dll!__p__fmode 00000000764427ce 5 bytes JMP 00000001742a1be1
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[632] C:\Windows\syswow64\msvcrt.dll!__p__environ 000000007644e6cf 5 bytes JMP 00000001742a1b49
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[632] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceW 000000007638c9ec 5 bytes JMP 00000001742a3c89
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[632] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceA 0000000076392b70 5 bytes JMP 00000001742a3bf1
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[632] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle 000000007639361c 5 bytes JMP 00000001742a40b1
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[632] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA + 222 0000000076394965 5 bytes JMP 00000001742a7881
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[632] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 00000000763a70c4 5 bytes JMP 00000001742a4311
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[632] C:\Windows\syswow64\ADVAPI32.dll!ControlService 00000000763a70dc 5 bytes JMP 00000001742a3e51
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[632] C:\Windows\syswow64\ADVAPI32.dll!DeleteService 00000000763a70f4 5 bytes JMP 00000001742a3ee9
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[632] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA 00000000763c31f4 5 bytes JMP 00000001742a3f81
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[632] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW 00000000763c3204 5 bytes JMP 00000001742a4019
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[632] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA 00000000763c3214 5 bytes JMP 00000001742a3d21
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[632] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExW 00000000763c3224 5 bytes JMP 00000001742a3db9
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[632] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 00000000763c3264 5 bytes JMP 00000001742a4279
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[632] C:\Windows\syswow64\SHELL32.dll!Shell_NotifyIconW 00000000756c0179 5 bytes JMP 00000001742a4d29
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[632] C:\Windows\syswow64\WS2_32.dll!closesocket 00000000767d3918 5 bytes JMP 00000001742a5ef9
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[632] C:\Windows\syswow64\WS2_32.dll!WSASocketW 00000000767d3cd3 5 bytes JMP 00000001742a5e61
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[632] C:\Windows\syswow64\WS2_32.dll!socket 00000000767d3eb8 5 bytes JMP 00000001742a6f99
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[632] C:\Windows\syswow64\WS2_32.dll!WSASend 00000000767d4406 5 bytes JMP 00000001742a2139
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[632] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoW 00000000767d4889 5 bytes JMP 00000001742a5741
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[632] C:\Windows\syswow64\WS2_32.dll!recv 00000000767d6b0e 5 bytes JMP 00000001742a7161
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[632] C:\Windows\syswow64\WS2_32.dll!connect 00000000767d6bdd 1 byte JMP 00000001742a41e1
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[632] C:\Windows\syswow64\WS2_32.dll!connect + 2 00000000767d6bdf 3 bytes {CALL RBP}
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[632] C:\Windows\syswow64\WS2_32.dll!send 00000000767d6f01 5 bytes JMP 00000001742a20a1
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[632] C:\Windows\syswow64\WS2_32.dll!WSARecv 00000000767d7089 5 bytes JMP 00000001742a71f9
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[632] C:\Windows\syswow64\WS2_32.dll!WSAConnect 00000000767dcc3f 5 bytes JMP 00000001742a70c9
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[632] C:\Windows\syswow64\WS2_32.dll!GetAddrInfoExW 00000000767dd1ea 5 bytes JMP 00000001742a57d9
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[632] C:\Windows\syswow64\WS2_32.dll!gethostbyname 00000000767e7673 5 bytes JMP 00000001742a5871
.text C:\Program Files\Bitdefender\Bitdefender 2015\seccenter.exe[5640] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778a1570 6 bytes [48, B8, F0, 12, ED, 01]
.text C:\Program Files\Bitdefender\Bitdefender 2015\seccenter.exe[5640] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess + 8 00000000778a1578 4 bytes [00, 00, 50, C3]
.text C:\Windows\system32\taskhost.exe[5324] C:\Windows\system32\DNSAPI.dll!DnsQuery_UTF8 000007fefcc756e0 12 bytes [48, B8, F9, C5, 0E, 76, 00, ...]
.text C:\Windows\system32\taskhost.exe[5324] C:\Windows\system32\DNSAPI.dll!DnsQuery_W 000007fefcc8010c 12 bytes [48, B8, 39, C4, 0E, 76, 00, ...]
.text C:\Windows\system32\taskhost.exe[5324] C:\Windows\system32\DNSAPI.dll!DnsQuery_A 000007fefcc9daa0 12 bytes [48, B8, 79, C2, 0E, 76, 00, ...]
.text C:\Users\Maddäs\Downloads\FRST64.exe[1600] C:\Windows\system32\kernel32.dll!Process32NextW + 1 0000000077631b21 11 bytes [B8, 79, BB, 0E, 76, 00, 00, ...]
.text C:\Users\Maddäs\Downloads\FRST64.exe[1600] C:\Windows\system32\kernel32.dll!CreateToolhelp32Snapshot 0000000077631c10 12 bytes [48, B8, F9, 39, 0E, 76, 00, ...]
.text C:\Users\Maddäs\Downloads\FRST64.exe[1600] C:\Windows\system32\kernel32.dll!MoveFileExW + 1 0000000077632b61 8 bytes [B8, 79, D0, 0E, 76, 00, 00, ...]
.text C:\Users\Maddäs\Downloads\FRST64.exe[1600] C:\Windows\system32\kernel32.dll!MoveFileExW + 10 0000000077632b6a 2 bytes [50, C3]
.text C:\Users\Maddäs\Downloads\FRST64.exe[1600] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007764db80 12 bytes [48, B8, B9, 2D, 0E, 76, 00, ...]
.text C:\Users\Maddäs\Downloads\FRST64.exe[1600] C:\Windows\system32\kernel32.dll!GetStartupInfoA + 1 0000000077650931 11 bytes [B8, 79, E5, 0E, 76, 00, 00, ...]
.text C:\Users\Maddäs\Downloads\FRST64.exe[1600] C:\Windows\system32\kernel32.dll!ReadConsoleInputW + 1 00000000776852f1 11 bytes [B8, B9, 7A, 0E, 76, 00, 00, ...]
.text C:\Users\Maddäs\Downloads\FRST64.exe[1600] C:\Windows\system32\kernel32.dll!ReadConsoleInputA + 1 0000000077685311 11 bytes [B8, 39, 77, 0E, 76, 00, 00, ...]
.text C:\Users\Maddäs\Downloads\FRST64.exe[1600] C:\Windows\system32\kernel32.dll!ReadConsoleW 000000007769a5e0 12 bytes [48, B8, B9, 81, 0E, 76, 00, ...]
.text C:\Users\Maddäs\Downloads\FRST64.exe[1600] C:\Windows\system32\kernel32.dll!ReadConsoleA 000000007769a6f0 12 bytes [48, B8, 39, 7E, 0E, 76, 00, ...]
.text C:\Users\Maddäs\Downloads\FRST64.exe[1600] C:\Windows\system32\kernel32.dll!MoveFileWithProgressW + 1 00000000776bf491 11 bytes [B8, 79, D7, 0E, 76, 00, 00, ...]
.text C:\Users\Maddäs\Downloads\FRST64.exe[1600] C:\Windows\system32\kernel32.dll!MoveFileWithProgressA + 1 00000000776bf691 11 bytes [B8, F9, D3, 0E, 76, 00, 00, ...]
.text C:\Users\Maddäs\Downloads\FRST64.exe[1600] C:\Windows\system32\kernel32.dll!MoveFileExA + 1 00000000776bf6c1 8 bytes [B8, F9, CC, 0E, 76, 00, 00, ...]
.text C:\Users\Maddäs\Downloads\FRST64.exe[1600] C:\Windows\system32\kernel32.dll!MoveFileExA + 10 00000000776bf6ca 2 bytes [50, C3]
.text C:\Users\Maddäs\Downloads\FRST64.exe[1600] C:\Windows\system32\WS2_32.dll!WSASend + 1 000007feff5013b1 11 bytes [B8, 79, A6, 0E, 76, 00, 00, ...]
.text C:\Users\Maddäs\Downloads\FRST64.exe[1600] C:\Windows\system32\WS2_32.dll!closesocket 000007feff5018e0 12 bytes [48, B8, B9, A4, 0E, 76, 00, ...]
.text C:\Users\Maddäs\Downloads\FRST64.exe[1600] C:\Windows\system32\WS2_32.dll!WSASocketW + 1 000007feff501bd1 11 bytes [B8, F9, A2, 0E, 76, 00, 00, ...]
.text C:\Users\Maddäs\Downloads\FRST64.exe[1600] C:\Windows\system32\WS2_32.dll!WSARecv + 1 000007feff502201 11 bytes [B8, F9, E1, 0E, 76, 00, 00, ...]
.text C:\Users\Maddäs\Downloads\FRST64.exe[1600] C:\Windows\system32\WS2_32.dll!GetAddrInfoW 000007feff5023c0 12 bytes [48, B8, 39, 8C, 0E, 76, 00, ...]
.text C:\Users\Maddäs\Downloads\FRST64.exe[1600] C:\Windows\system32\WS2_32.dll!connect 000007feff5045c0 12 bytes [48, B8, 79, 67, 0E, 76, 00, ...]
.text C:\Users\Maddäs\Downloads\FRST64.exe[1600] C:\Windows\system32\WS2_32.dll!send + 1 000007feff508001 11 bytes [B8, 39, A1, 0E, 76, 00, 00, ...]
.text C:\Users\Maddäs\Downloads\FRST64.exe[1600] C:\Windows\system32\WS2_32.dll!gethostbyname 000007feff508df0 7 bytes [48, B8, B9, 8F, 0E, 76, 00]
.text C:\Users\Maddäs\Downloads\FRST64.exe[1600] C:\Windows\system32\WS2_32.dll!gethostbyname + 9 000007feff508df9 3 bytes [00, 50, C3]
.text C:\Users\Maddäs\Downloads\FRST64.exe[1600] C:\Windows\system32\WS2_32.dll!GetAddrInfoExW 000007feff50c090 12 bytes [48, B8, F9, 8D, 0E, 76, 00, ...]
.text C:\Users\Maddäs\Downloads\FRST64.exe[1600] C:\Windows\system32\WS2_32.dll!socket + 1 000007feff50de91 11 bytes [B8, F9, DA, 0E, 76, 00, 00, ...]
.text C:\Users\Maddäs\Downloads\FRST64.exe[1600] C:\Windows\system32\WS2_32.dll!recv + 1 000007feff50df41 11 bytes [B8, 39, E0, 0E, 76, 00, 00, ...]
.text C:\Users\Maddäs\Downloads\FRST64.exe[1600] C:\Windows\system32\WS2_32.dll!WSAConnect + 1 000007feff52e0f1 11 bytes [B8, 79, DE, 0E, 76, 00, 00, ...]
.text C:\Users\Maddäs\Downloads\FRST64.exe[1600] C:\Windows\system32\urlmon.dll!URLDownloadToCacheFileW 000007feff0b2fc0 12 bytes [48, B8, B9, 65, 0E, 76, 00, ...]
.text C:\Users\Maddäs\Downloads\FRST64.exe[1600] C:\Windows\system32\urlmon.dll!URLDownloadToFileW + 1 000007feff0d5891 11 bytes [B8, F9, 63, 0E, 76, 00, 00, ...]
.text C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\SysWOW64\ntdll.dll!NtReadFile 0000000077a4f8f0 5 bytes JMP 00000001742a6619
.text C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\SysWOW64\ntdll.dll!NtWriteFile 0000000077a4f928 5 bytes JMP 00000001742a6ca1
.text C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000077a4f9e0 5 bytes JMP 00000001742a5c99
.text C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000077a4fb28 5 bytes JMP 00000001742a56a9
.text C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 0000000077a4fc20 5 bytes JMP 00000001742a31d9
.text C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 0000000077a4fc50 5 bytes JMP 00000001742a15f1
.text C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 0000000077a4fc80 5 bytes JMP 00000001742a1689
.text C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077a4fcb0 5 bytes JMP 00000001742a5611
.text C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 0000000077a4fdc8 5 bytes JMP 00000001742a6c09
.text C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 0000000077a4fe14 5 bytes JMP 00000001742a30a9
.text C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 0000000077a4fe44 5 bytes JMP 00000001742a3309
.text C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\SysWOW64\ntdll.dll!NtQueueApcThread 0000000077a4ff24 5 bytes JMP 00000001742a3271
.text C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 0000000077a4ffa4 5 bytes JMP 00000001742a6d39
.text C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 0000000077a4ffec 5 bytes JMP 00000001742a2ee1
.text C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077a50004 5 bytes JMP 00000001742a2db1
.text C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077a500b4 5 bytes JMP 00000001742a1ed9
.text C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 0000000077a501c4 5 bytes JMP 00000001742a2301
.text C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000077a5079c 5 bytes JMP 00000001742a6b71
.text C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 0000000077a50814 5 bytes JMP 00000001742a2e49
.text C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077a508a4 5 bytes JMP 00000001742a2d19
.text C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077a50df4 5 bytes JMP 00000001742a5d31
.text C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\SysWOW64\ntdll.dll!NtRaiseHardError 0000000077a51604 5 bytes JMP 00000001742a4ac9
.text C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077a51920 5 bytes JMP 00000001742a3141
.text C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077a51be4 5 bytes JMP 00000001742a5dc9
.text C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\SysWOW64\ntdll.dll!NtSuspendProcess 0000000077a51d54 5 bytes JMP 00000001742a3439
.text C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077a51d70 5 bytes JMP 00000001742a33a1
.text C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000077a51d8c 5 bytes JMP 00000001742a6dd1
.text C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl 0000000077a51ee8 5 bytes JMP 00000001742a69a9
.text C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\SysWOW64\ntdll.dll!RtlQueryPerformanceCounter 0000000077a688c4 5 bytes JMP 00000001742a1ab1
.text C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParametersEx 0000000077a90d3b 5 bytes JMP 00000001742a2009
.text C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\SysWOW64\ntdll.dll!RtlReportException 0000000077ad860f 5 bytes JMP 00000001742a4b61
.text C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\SysWOW64\ntdll.dll!RtlCreateProcessParameters 0000000077ade8ab 5 bytes JMP 00000001742a1f71
.text C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\syswow64\kernel32.dll!GetStartupInfoA 00000000755a0e00 5 bytes JMP 00000001742a1da9
.text C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\syswow64\kernel32.dll!CreateProcessA 00000000755a1072 5 bytes JMP 00000001742a2a21
.text C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\syswow64\kernel32.dll!LoadLibraryA 00000000755a499f 5 bytes JMP 00000001742a25f9
.text C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 00000000755b3bbb 5 bytes JMP 00000001742a3011
.text C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressW 00000000755b9aa4 5 bytes JMP 00000001742a6581
.text C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\syswow64\kernel32.dll!MoveFileExW 00000000755b9b05 5 bytes JMP 00000001742a6321
.text C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\syswow64\kernel32.dll!CreateToolhelp32Snapshot 00000000755c7327 5 bytes JMP 00000001742a2729
.text C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\syswow64\kernel32.dll!Process32NextW 00000000755c88da 5 bytes JMP 00000001742a5c01
.text C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\syswow64\kernel32.dll!MoveFileExA 00000000755cccb1 5 bytes JMP 00000001742a61f1
.text C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\syswow64\kernel32.dll!MoveFileWithProgressA 00000000755cccd1 5 bytes JMP 00000001742a6451
.text C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\syswow64\kernel32.dll!WinExec 0000000075622ff1 5 bytes JMP 00000001742a28f1
.text C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputA 000000007564748b 5 bytes JMP 00000001742a46a1
.text C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\syswow64\kernel32.dll!ReadConsoleInputW 00000000756474ae 5 bytes JMP 00000001742a47d1
.text C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\syswow64\kernel32.dll!ReadConsoleA 0000000075647859 5 bytes JMP 00000001742a4901
.text C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\syswow64\kernel32.dll!ReadConsoleW 00000000756478d2 5 bytes JMP 00000001742a4a31
.text C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\syswow64\KERNELBASE.dll!GetSystemTimeAsFileTime 00000000765e8f8d 5 bytes JMP 00000001742a1a19
.text C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\syswow64\KERNELBASE.dll!CloseHandle 00000000765ec436 5 bytes JMP 00000001742a3b59
.text C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\syswow64\KERNELBASE.dll!WriteProcessMemory 00000000765eeca6 5 bytes JMP 00000001742a3601
.text C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\syswow64\KERNELBASE.dll!ExitProcess 00000000765ef206 5 bytes JMP 00000001742a2399
.text C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\syswow64\KERNELBASE.dll!GetStartupInfoW 00000000765efa89 5 bytes JMP 00000001742a1e41
.text C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\syswow64\KERNELBASE.dll!DefineDosDeviceW 00000000765efbb7 5 bytes JMP 00000001742a60c1
.text C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\syswow64\KERNELBASE.dll!CreateMutexW 00000000765f1358 5 bytes JMP 00000001742a3ac1
.text C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\syswow64\KERNELBASE.dll!OpenMutexW 00000000765f137f 5 bytes JMP 00000001742a3a29
.text C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000765f1d29 5 bytes JMP 00000001742a1981
.text C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\syswow64\KERNELBASE.dll!GetProcAddress 00000000765f1e15 5 bytes JMP 00000001742a24c9
.text C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000765f2ab1 5 bytes JMP 00000001742a57d9
.text C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExA 00000000765f2cd9 5 bytes JMP 00000001742a5741
.text C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000765f2d17 5 bytes JMP 00000001742a5871
.text C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleA 00000000765f2e7a 5 bytes JMP 00000001742a18e9
.text C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\syswow64\KERNELBASE.dll!SleepEx 00000000765f3b70 5 bytes JMP 00000001742a2269
.text C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\syswow64\KERNELBASE.dll!Sleep 00000000765f4496 5 bytes JMP 00000001742a2431
.text C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\syswow64\KERNELBASE.dll!CreateThread 00000000765f4608 5 bytes JMP 00000001742a3569
.text C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\syswow64\KERNELBASE.dll!CreateRemoteThread 00000000765f4631 5 bytes JMP 00000001742a2c81
.text C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\syswow64\KERNELBASE.dll!CreateFileA 00000000765fc734 5 bytes JMP 00000001742a27c1
.text C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceW 000000007638c9ec 5 bytes JMP 00000001742a3c89
.text C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\syswow64\ADVAPI32.dll!OpenServiceA 0000000076392b70 5 bytes JMP 00000001742a3bf1
.text C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\syswow64\ADVAPI32.dll!CloseServiceHandle 000000007639361c 5 bytes JMP 00000001742a40b1
.text C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA + 222 0000000076394965 1 byte JMP 00000001742a6e69
.text C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\syswow64\ADVAPI32.dll!RegOpenKeyExA + 224 0000000076394967 3 bytes {JMP QWORD [RCX+RSI*8]}
.text C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 00000000763a70c4 5 bytes JMP 00000001742a4311
.text C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\syswow64\ADVAPI32.dll!ControlService 00000000763a70dc 5 bytes JMP 00000001742a3e51
.text C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\syswow64\ADVAPI32.dll!DeleteService 00000000763a70f4 5 bytes JMP 00000001742a3ee9
.text C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigA 00000000763c31f4 5 bytes JMP 00000001742a3f81
.text C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\syswow64\ADVAPI32.dll!ChangeServiceConfigW 00000000763c3204 5 bytes JMP 00000001742a4019
.text C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExA 00000000763c3214 5 bytes JMP 00000001742a3d21
.text C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\syswow64\ADVAPI32.dll!ControlServiceExW 00000000763c3224 5 bytes JMP 00000001742a3db9
.text C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 00000000763c3264 5 bytes JMP 00000001742a4279
.text C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\syswow64\msvcrt.dll!_lock + 41 000000007643a472 5 bytes JMP 00000001742a6f01
.text C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\syswow64\msvcrt.dll!__p__fmode 00000000764427ce 5 bytes JMP 00000001742a1be1
.text C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\syswow64\msvcrt.dll!__p__environ 000000007644e6cf 5 bytes JMP 00000001742a1b49
.text C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\syswow64\USER32.dll!GetMessageW 00000000775278e2 5 bytes JMP 00000001742a4441
.text C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\syswow64\USER32.dll!GetMessageA 0000000077527bd3 5 bytes JMP 00000001742a43a9
.text C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000077528a29 5 bytes JMP 00000001742a4f89
.text C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\syswow64\USER32.dll!FindWindowW 00000000775298fd 5 bytes JMP 00000001742a5a39
.text C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize 000000007752b6ed 5 bytes JMP 00000001742a6f99
.text C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\syswow64\USER32.dll!CreateWindowExA 000000007752d22e 5 bytes JMP 00000001742a5021
.text C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007752ee09 5 bytes JMP 00000001742a34d1
.text C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\syswow64\USER32.dll!FindWindowA 000000007752ffe6 5 bytes JMP 00000001742a5909
.text C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\syswow64\USER32.dll!FindWindowExA 00000000775300d9 5 bytes JMP 00000001742a59a1
.text C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\syswow64\USER32.dll!PeekMessageW 00000000775305ba 5 bytes JMP 00000001742a4571
.text C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\syswow64\USER32.dll!ShowWindow 0000000077530dfb 5 bytes JMP 00000001742a50b9
.text C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000775312a5 5 bytes JMP 00000001742a6ad9
.text C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\syswow64\USER32.dll!SetWindowTextW 00000000775320ec 5 bytes JMP 00000001742a5449
.text C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000077533baa 5 bytes JMP 00000001742a6a41
.text C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\syswow64\USER32.dll!PeekMessageA 0000000077535f74 5 bytes JMP 00000001742a44d9
.text C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000077536285 5 bytes JMP 00000001742a4bf9
.text C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000077537603 5 bytes JMP 00000001742a2be9
.text C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\syswow64\USER32.dll!SetWindowTextA 0000000077537aee 5 bytes JMP 00000001742a53b1
.text C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007753835c 5 bytes JMP 00000001742a2b51
.text C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamAorW 000000007754ce54 5 bytes JMP 00000001742a51e9
.text C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007754f52b 5 bytes JMP 00000001742a4c91
.text C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\syswow64\USER32.dll!FindWindowExW 000000007754f588 5 bytes JMP 00000001742a5ad1
.text C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamAorW 00000000775510a0 5 bytes JMP 00000001742a5151
.text C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\syswow64\USER32.dll!MessageBoxExA 000000007757fcd6 2 bytes JMP 00000001742a5281
.text C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\syswow64\USER32.dll!MessageBoxExA + 3 000000007757fcd9 2 bytes [D2, FC]
.text C:\Users\Maddäs\Downloads\Gmer-19357.exe[6812] C:\Windows\syswow64\USER32.dll!MessageBoxExW 000000007757fcfa 5 bytes JMP 00000001742a5319
---- Modules - GMER 2.1 ----
Module \SystemRoot\System32\drivers\yeflxetu.sys fffff88000d62000-fffff88000d78000 (90112 bytes)
Module \??\C:\Users\MADDS~1\AppData\Local\Temp\pxdiypob.sys (GMER) fffff88002800000-fffff88002810000 (65536 bytes)
---- Threads - GMER 2.1 ----
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2448:1304] 0000000076d27587
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2448:956] 00000000741b8aa6
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2448:4496] 0000000077a82e65
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2448:3040] 0000000077a83e85
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2448:5376] 0000000077a83e85
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2448:2084] 0000000077a83e85
---- Processes - GMER 2.1 ----
Library \\?\C:\Program Files\Common Files\Bitdefender\Bitdefender Threat Scanner\trufos.dll (*** suspicious ***) @ C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe [972] (FILE NOT FOUND) 000007fefbaa0000
---- EOF - GMER 2.1 ----
02.04.2015, 04:43
Baum-Darstellung