Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

my hijackthis report please help

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

my hijackthis report please help

Unread postby shamoo » November 22nd, 2008, 5:14 pm

hello all i've done what you suggest to do with disk cleaner and i've only recently re-formatted my pc, but its running really slow, cant play any music and it sticks and even trying to get the internet up takes about 4mins so plaease help me :bounce:
heres the log file:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:12:26, on 22/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\mondrv411.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE
C:\Program Files\ppcbooster\ppcb_32.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Colin\Desktop\SECRUITY\scanner.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: DNSLander - {AEBB9A0D-AEB3-4763-A78A-4C09C526BEFA} - C:\Program Files\DNS Lander\DNSLander.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [mondrv411] C:\WINDOWS\mondrv411.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_SD6.tmp" /EF "HKCU"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: ppcb_32.lnk = C:\Program Files\ppcbooster\ppcb_32.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe

--
End of file - 6261 bytes
shamoo
Active Member
 
Posts: 7
Joined: November 22nd, 2008, 5:04 pm
Advertisement
Register to Remove

Re: my hijackthis report please help

Unread postby silver » November 27th, 2008, 12:44 am

Hi shamoo,

Download RSIT by random/random to your Desktop (right-click the link, select Save Target As..., select your Desktop and press Save)

  • Double click RSIT.exe to start the program, and click Continue at the disclaimer screen.
  • When the scan is complete, two text files will open - log.txt <- this one will be maximized and info.txt <-this one will be minimized
  • Make sure Format->Word Wrap is unchecked
  • Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of log.txt and info.txt in your reply

Once complete, please post both RSIT logs, you won't need to produce a new HijackThis log as RSIT produces one for you.
User avatar
silver
Regular Member
 
Posts: 9219
Joined: August 7th, 2006, 9:40 pm
Location: GMT+7

Re: my hijackthis report please help

Unread postby shamoo » November 27th, 2008, 6:20 pm

i've had some help from a friend but the computer is still very slow, and the sounds is very stuttery. hers's the info txt:

info.txt logfile of random's system information tool 1.04 2008-11-27 22:12:57

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Photoshop CS-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x9
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center-->MsiExec.exe /I{2F143483-68D6-4234-9346-724056818193}
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI HydraVision-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}\setup.exe"
ATI Parental Control & Encoder-->MsiExec.exe /I{36CDA33B-909B-4719-97D1-C4B99309BDC7}
AVG Free 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
AVIVO Codecs-->MsiExec.exe /X{C941F1F1-25B3-4DF5-83E6-888C51A1AAB6}
Camera RAW Plug-In for EPSON Creativity Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8DAC1AE4-33D1-4A78-8A42-00E09EDECC3E}\SETUP.EXE" -l0x9 UNINST
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
CX4300_5500_DX4400 manual-->C:\Program Files\EPSON\TPMANUAL\CX4300_5500_DX4400\ENG\USE_G\DOCUNINS.EXE
DVD and CD Cover Print-->C:\WINDOWS\system32\UNWISE.EXE C:\WINDOWS\system32\INSTALL.LOG
DVD Decrypter (Remove Only)-->"C:\Program Files\DVD Decrypter\uninstall.exe"
DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe"
EPSON Attach To Email-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{20C45B32-5AB6-46A4-94EF-58950CAF05E5} /l1033 ADDREMOVEDLG
EPSON Copy Utility 3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67EDD823-135A-4D59-87BD-950616D6E857}\SETUP.EXE" -l0x9 -UnInstall
EPSON Easy Photo Print-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B66E665A-DF96-4C38-9422-C7F74BC1B4E5}\SETUP.EXE" -l0x9 UNINST
EPSON File Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2EB81825-E9EE-44F4-8F51-1240C3898DC6}\Setup.exe" -l0x9 UNINST
EPSON Printer Software-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON Scan Assistant-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}\Setup.exe" -l0x9 -u
EPSON Scan-->C:\Program Files\epson\escndv\setup\setup.exe /r
EPSON Web-To-Page-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}\SETUP.EXE" -l0x9 -anything
ffdshow (remove only)-->"C:\Program Files\ffdshow\uninstall.exe"
Football Manager 2008-->"C:\Program Files\Sports Interactive\Football Manager 2008\Uninstall_Football Manager 2008\Uninstall Football Manager 2008.exe"
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
ImgBurn-->"C:\Program Files\ImgBurn\uninstall.exe"
J2SE Runtime Environment 5.0 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150010}
Java(TM) 6 Update 10-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
LG PC Suite-->C:\Program Files\InstallShield Installation Information\{993960EE-CA4D-443F-8F88-E24260DD5FD2}\setup.exe -runfromtemp -l0x0009 -removeonly
LG USB Modem driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C3ABE126-2BB2-4246-BFE1-6797679B3579}\setup.exe" -l0x9 LG -removeonly
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Professional Plus 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Mozilla Firefox (3.0.4)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Realtek AC'97 Audio-->Alcrmv.exe -r -m
RegCure 1.5.0.1-->C:\Program Files\RegCure\uninst.exe
Security Update for Microsoft .NET Framework 2.0 (KB917283)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {967B098A-042D-4367-BAC9-8BC11684174F} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
Security Update for Microsoft .NET Framework 2.0 (KB922770)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {0E92DD42-76F5-4EF2-B381-F9C1D72BE23D} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
SpeedFan (remove only)-->"C:\Program Files\SpeedFan\uninstall.exe"
Spyware Doctor 3.5-->"C:\Program Files\Spyware Doctor\unins000.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
VIA Platform Device Manager-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\unyt.exe

======Security center information======

AV: AVG Anti-Virus Free

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\ATI Technologies\ATI.ACE
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 1, GenuineIntel
"PROCESSOR_REVISION"=0401
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO

-----------------EOF-----------------


hers's the log txt

Logfile of random's system information tool 1.04 (written by random/random)
Run by Colin at 2008-11-27 22:11:51
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 152 GB (79%) free of 191 GB
Total RAM: 1023 MB (51% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:12:45, on 27/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\AVG\AVG8\avgupd.exe
C:\Documents and Settings\Colin\Desktop\RSIT.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\trend micro\Colin.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_SD6.tmp" /EF "HKCU"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe

--
End of file - 6292 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\RegCure Program Check.job
C:\WINDOWS\tasks\RegCure.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 440384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2008-10-22 455960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}]
PCTools Site Guard - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll [2005-12-09 786656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-26 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-10-22 2055960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B56A7D7D-6927-48C8-A975-17DF180C71AC}]
PCTools Browser Monitor - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll [2005-12-09 847072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-26 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-11-26 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
EpsonToolBandKicker Class - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-10-22 2055960]
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 440384]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe [2006-09-25 90112]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-10-22 1234712]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-26 136600]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2007-04-16 577536]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Spyware Doctor"=C:\Program Files\Spyware Doctor\swdoctor.exe [2006-01-11 960000]
"EPSON Stylus DX4400 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE [2007-03-01 180736]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-11-22 90112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDrives"=
"NoDriveAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe"="C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:*:Enabled:Football Manager 2008"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2008-11-27 22:11:59 ----D---- C:\Program Files\trend micro
2008-11-27 22:11:51 ----D---- C:\rsit
2008-11-26 20:52:35 ----A---- C:\WINDOWS\system32\d3dx9_31.dll
2008-11-26 20:51:39 ----D---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-11-26 19:16:59 ----A---- C:\WINDOWS\system32\javaws.exe
2008-11-26 19:16:59 ----A---- C:\WINDOWS\system32\javaw.exe
2008-11-26 19:16:59 ----A---- C:\WINDOWS\system32\java.exe
2008-11-26 19:16:59 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-11-25 13:38:37 ----SHD---- C:\RECYCLER
2008-11-25 13:28:41 ----D---- C:\WINDOWS\temp
2008-11-25 13:24:16 ----RASHD---- C:\cmdcons
2008-11-25 13:20:00 ----A---- C:\WINDOWS\zip.exe
2008-11-25 13:20:00 ----A---- C:\WINDOWS\VFIND.exe
2008-11-25 13:20:00 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-11-25 13:20:00 ----A---- C:\WINDOWS\SWSC.exe
2008-11-25 13:20:00 ----A---- C:\WINDOWS\SWREG.exe
2008-11-25 13:20:00 ----A---- C:\WINDOWS\sed.exe
2008-11-25 13:20:00 ----A---- C:\WINDOWS\NIRCMD.exe
2008-11-25 13:20:00 ----A---- C:\WINDOWS\grep.exe
2008-11-25 13:20:00 ----A---- C:\WINDOWS\fdsv.exe
2008-11-25 13:19:39 ----D---- C:\WINDOWS\ERDNT
2008-11-25 13:19:39 ----D---- C:\Qoobox
2008-11-23 15:32:26 ----D---- C:\Documents and Settings\Colin\Application Data\Malwarebytes
2008-11-23 15:32:15 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-11-23 15:32:15 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-11-20 18:36:44 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$
2008-11-20 17:49:47 ----D---- C:\Program Files\Realtek AC97
2008-11-20 12:21:23 ----HD---- C:\LG3G
2008-11-20 12:21:05 ----D---- C:\Documents and Settings\Colin\Application Data\LG Electronics
2008-11-20 12:19:25 ----D---- C:\Program Files\LG Electronics
2008-11-20 12:16:44 ----D---- C:\Program Files\LG PC Suite 2
2008-11-19 21:04:39 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-11-19 21:03:54 ----D---- C:\Program Files\Yahoo!
2008-11-19 21:03:41 ----D---- C:\Program Files\CCleaner
2008-11-18 22:33:42 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2008-11-18 22:33:19 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
2008-11-18 22:32:57 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-11-18 22:32:08 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP11$
2008-11-17 15:59:38 ----N---- C:\WINDOWS\system32\spmsg.dll
2008-11-17 15:59:37 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$
2008-11-17 15:59:13 ----D---- C:\Program Files\Windows Media Connect 2
2008-11-17 15:59:01 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$
2008-11-17 15:57:53 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2008-11-17 15:57:09 ----D---- C:\WINDOWS\system32\LogFiles
2008-11-17 15:57:03 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$
2008-11-12 21:41:03 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-11 21:57:35 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-11 21:57:28 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-11-06 19:40:12 ----D---- C:\ATI
2008-11-06 18:30:01 ----D---- C:\WINDOWS\Sun
2008-11-06 18:30:01 ----D---- C:\Documents and Settings\Colin\Application Data\Sun
2008-11-06 16:40:34 ----D---- C:\Program Files\uTorrent
2008-11-06 16:40:29 ----D---- C:\Documents and Settings\Colin\Application Data\uTorrent
2008-11-06 16:36:02 ----HD---- C:\$AVG8.VAULT$
2008-11-06 16:29:59 ----D---- C:\Program Files\RegCure
2008-10-31 17:04:36 ----D---- C:\Program Files\ffdshow
2008-10-31 17:02:28 ----A---- C:\WINDOWS\system32\wmpns.dll
2008-10-31 16:40:18 ----D---- C:\Program Files\Java
2008-10-31 16:40:07 ----D---- C:\Program Files\Common Files\Java

======List of files/folders modified in the last 1 months======

2008-11-27 22:11:59 ----RD---- C:\Program Files
2008-11-27 22:11:54 ----D---- C:\WINDOWS\Prefetch
2008-11-27 21:50:09 ----D---- C:\Program Files\Mozilla Firefox
2008-11-27 21:26:41 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-27 21:26:38 ----HD---- C:\WINDOWS\inf
2008-11-27 11:26:39 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-27 03:22:59 ----D---- C:\WINDOWS
2008-11-26 22:17:43 ----D---- C:\Documents and Settings\Colin\Application Data\Adobe
2008-11-26 22:17:43 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-11-26 21:02:50 ----SHD---- C:\WINDOWS\Installer
2008-11-26 21:02:50 ----D---- C:\WINDOWS\WinSxS
2008-11-26 20:52:49 ----D---- C:\WINDOWS\system32\DirectX
2008-11-26 20:52:48 ----D---- C:\WINDOWS\system32
2008-11-26 20:34:46 ----D---- C:\Program Files\SpeedFan
2008-11-26 20:23:30 ----D---- C:\WINDOWS\Microsoft.NET
2008-11-26 20:23:28 ----RSD---- C:\WINDOWS\assembly
2008-11-26 19:36:46 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-26 19:28:03 ----RD---- C:\WINDOWS\Web
2008-11-26 19:27:11 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-11-26 19:27:06 ----D---- C:\WINDOWS\system32\drivers
2008-11-26 19:18:54 ----A---- C:\WINDOWS\win.tmp
2008-11-26 19:18:54 ----A---- C:\WINDOWS\win.ini
2008-11-25 15:50:19 ----D---- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-11-25 13:27:33 ----A---- C:\WINDOWS\system.tmp
2008-11-25 13:27:33 ----A---- C:\WINDOWS\system.ini
2008-11-25 13:26:17 ----D---- C:\WINDOWS\AppPatch
2008-11-25 13:26:17 ----D---- C:\Program Files\Common Files
2008-11-25 13:24:32 ----RASH---- C:\boot.ini
2008-11-22 05:15:09 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2008-11-21 22:44:28 ----D---- C:\Documents and Settings\Colin\Application Data\RipIt4Me
2008-11-20 12:19:25 ----HD---- C:\Program Files\InstallShield Installation Information
2008-11-19 21:06:55 ----D---- C:\WINDOWS\Debug
2008-11-19 21:06:54 ----D---- C:\WINDOWS\Minidump
2008-11-17 15:59:28 ----D---- C:\Program Files\Windows Media Player
2008-11-17 15:59:09 ----D---- C:\WINDOWS\Help
2008-11-12 21:40:52 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-10 17:02:40 ----SD---- C:\Documents and Settings\Colin\Application Data\Microsoft
2008-11-06 16:46:59 ----D---- C:\Program Files\Online Services
2008-11-06 16:36:57 ----D---- C:\Documents and Settings\Colin\Application Data\AVGTOOLBAR
2008-11-06 16:30:05 ----SD---- C:\WINDOWS\Tasks
2008-11-04 00:10:25 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-10-22 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-10-22 26824]
R1 ikhlayer;Kernel Anti-Spyware Driver; \??\C:\WINDOWS\System32\drivers\ikhlayer.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R2 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2008-10-22 76040]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2008-09-24 4122368]
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2006-11-22 2829824]
R3 ATIAVAIW;ATI T200 Unified AVStream service; C:\WINDOWS\System32\DRIVERS\atinavt2.sys [2006-09-06 168832]
R3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [2001-08-17 27165]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2003-03-31 12160]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 catchme;catchme; \??\C:\Combo-Fix\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 MPE;BDA MPE Filter; C:\WINDOWS\System32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbbus;LGE Mobile Composite USB Device; C:\WINDOWS\system32\DRIVERS\lgusbbus.sys [2007-12-27 12672]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 UsbDiag;LGE Mobile USB Serial Port; C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys [2007-12-27 19968]
S3 USBModem;LGE Mobile USB Modem; C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys [2007-12-27 21760]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 mchInjDrv;mchInjDrv; \??\C:\WINDOWS\TEMP\mc21.tmp []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-11-22 430080]
R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-10-22 875288]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-10-22 231704]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-26 152984]
R2 SDhelper;PC Tools Spyware Doctor; C:\Program Files\Spyware Doctor\sdhelp.exe [2005-12-20 870624]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2006-11-22 520192]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------

is there anything you can think off thats causing the slowness and sound problems, sometimes the computer beeps, and freezes?
shamoo
Active Member
 
Posts: 7
Joined: November 22nd, 2008, 5:04 pm

Re: my hijackthis report please help

Unread postby silver » November 28th, 2008, 12:56 am

Hi shamoo,

Please open Start->Control Panel->Add/Remove Programs, and remove the following:
J2SE Runtime Environment 5.0 Update 1
Java(TM) 6 Update 7
These are out of date and now a security risk, you already have the latest update (version 6 update 10) - don't remove this one.

------------------------------------------------------------------------

Open Notepad: press Start->Run, type notepad into the box and press OK
Select Format from the top menu and make sure Word Wrap is NOT checked.
Then, copy/paste the contents of the following code box into Notepad:
Code: Select all
@echo off
rd /s /q "C:\Program Files\DNS Lander" >> results.txt 2>>&1
rd /s /q "C:\Program Files\iCheck" >> results.txt 2>>&1
rd /s /q "C:\Program Files\uTorrent" >> results.txt 2>>&1
rd /s /q "C:\Documents and Settings\Colin\Application Data\uTorrent" >> results.txt 2>>&1
rd /s /q "c:\documents and settings\Colin\Incomplete" >> results.txt 2>>&1
rd /s /q "c:\documents and settings\Colin\.limewire" >> results.txt 2>>&1
type C:\WINDOWS\win.tmp >> results.txt 2>>&1
type C:\WINDOWS\system.tmp >> results.txt 2>>&1
sc stop mchInjDrv >> results.txt 2>>&1
sc delete mchInjDrv >> results.txt 2>>&1
ipconfig /all >> results.txt 2>>&1
del %0

Select File and Save as
Save it to your Desktop as "runme.bat" (you MUST type the quotes)
Locate runme.bat on your Desktop and double-click it.
A black box should open and close after a short time, this is normal.
Another text file should appear on your Desktop called results.txt, do not open it until the black box has closed.
Post the contents of this file in your next response.

------------------------------------------------------------------------

Download Gmer to your Desktop from here:
http://www.gmer.net/gmer.zip
  • Unzip the program onto your Desktop (right-click, select Extract All... and follow the prompts)
  • Disconnect from the internet and close all running programs
  • Double click gmer.exe, let the gmer.sys driver load if asked
  • If it gives you a warning at program start about rootkit activity and asks if you want to run scan...say OK
  • If there is no warning, then check that the Rootkit tab is selected and click the Scan button - don't change any settings before you do so
  • Please do not use your computer during the scan
  • Once the scan is complete, click the Copy button
  • Open Notepad (Click Start->Run, type notepad and Enter) and hit Ctrl+V to paste the log and then save the log to your desktop

------------------------------------------------------------------------

Please click this link to open Kaspersky Online Scanner:
http://www.kaspersky.com/kos/eng/partne ... bscan.html

Press on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Click on the Save Report As... button.
  • Change the file type to Text file (*.txt), type a filename such as kaspersky and save it to your Desktop
  • Post the contents of the report in your next response.

------------------------------------------------------------------------

Once complete, please post the results.txt output, the Gmer report, the Kaspersky log and a new HijackThis log.
User avatar
silver
Regular Member
 
Posts: 9219
Joined: August 7th, 2006, 9:40 pm
Location: GMT+7

Re: my hijackthis report please help

Unread postby shamoo » November 28th, 2008, 12:05 pm

the kaspersky online scanner came back with no findings so there was no report, here are the other 2.

result.txt

The system cannot find the file specified.
The system cannot find the file specified.
; for 16-bit app support
[fonts]
[extensions]
[mci extensions]
[files]
[Mail]
MAPI=1
[MCI Extensions.BAK]
aif=MPEGVideo
aifc=MPEGVideo
aiff=MPEGVideo
asf=MPEGVideo2
asx=MPEGVideo2
au=MPEGVideo
m1v=MPEGVideo
m3u=MPEGVideo2
mp2=MPEGVideo
mp2v=MPEGVideo
mp3=MPEGVideo2
mpa=MPEGVideo
mpe=MPEGVideo
mpeg=MPEGVideo
mpg=MPEGVideo
mpv2=MPEGVideo
snd=MPEGVideo
wax=MPEGVideo2
wm=MPEGVideo2
wma=MPEGVideo2
wmv=MPEGVideo2
wmx=MPEGVideo2
wvx=MPEGVideo2
wpl=MPEGVideo
m2v=MPEGVideo
mod=MPEGVideo
[TRANTOR_SETUP_PROGRAM_LOADED_TEMPORARY_INFO]
INSTANCE=5270
TASK=4183
; for 16-bit app support
[drivers]
wave=mmdrv.dll
timer=timer.drv
[mci]
[driver32]
[386enh]
woafont=app850.FON
EGA80WOA.FON=EGA80850.FON
EGA40WOA.FON=EGA40850.FON
CGA80WOA.FON=CGA80850.FON
CGA40WOA.FON=CGA40850.FON
[SC] OpenService FAILED 1060:

The specified service does not exist as an installed service.


[SC] OpenService FAILED 1060:

The specified service does not exist as an installed service.




Windows IP Configuration



Host Name . . . . . . . . . . . . : family

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : VIA Compatable Fast Ethernet Adapter

Physical Address. . . . . . . . . : 00-19-66-16-94-BB

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.102

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 194.168.4.100

194.168.8.100

Lease Obtained. . . . . . . . . . : 28 November 2008 13:43:46

Lease Expires . . . . . . . . . . : 29 November 2008 13:43:46
shamoo
Active Member
 
Posts: 7
Joined: November 22nd, 2008, 5:04 pm

Re: my hijackthis report please help

Unread postby shamoo » November 28th, 2008, 12:10 pm

heres the gmer.log part 1

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-11-28 15:13:39
Windows 5.1.2600 Service Pack 3


---- Kernel code sections - GMER 1.0.14 ----

? C:\WINDOWS\TEMP\mc21.tmp The system cannot find the file specified. !

---- User code sections - GMER 1.0.14 ----

.text C:\WINDOWS\system32\csrss.exe[616] KERNEL32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\csrss.exe[616] KERNEL32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F110F5A
.text C:\WINDOWS\system32\csrss.exe[616] KERNEL32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\csrss.exe[616] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\csrss.exe[616] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\winlogon.exe[644] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\winlogon.exe[644] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F110F5A
.text C:\WINDOWS\system32\winlogon.exe[644] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\winlogon.exe[644] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\winlogon.exe[644] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F040F5A
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[672] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[672] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F110F5A
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[672] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0D0F5A
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[672] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0A0F5A
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[672] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlEnterCriticalSection 7C901000 5 Bytes [ 4D, 5A, 90, 00, 03 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlEnterCriticalSection + 7 7C901007 7 Bytes [ 00, 04, 00, 00, 00, FF, FF ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlEnterCriticalSection + F 7C90100F 18 Bytes [ 00, B8, 00, 00, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlEnterCriticalSection + 24 7C901024 4 Bytes [ 00, 00, 00, 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlEnterCriticalSection + 29 7C901029 3 Bytes [ 00, 00, 00 ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlLeaveCriticalSection 7C9010E0 28 Bytes [ 50, 45, 00, 00, 4C, 01, 04, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlLeaveCriticalSection + 1D 7C9010FD 8 Bytes [ A0, 07, 00, 00, 3A, 03, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlLeaveCriticalSection + 28 7C901108 4 Bytes [ 28, 2C, 01, 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlLeaveCriticalSection + 2D 7C90110D 1 Byte [ 10 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlLeaveCriticalSection + 30 7C901110 19 Bytes [ 00, 60, 07, 00, 00, 00, 90, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlTryEnterCriticalSection + C 7C901124 1 Byte [ 05 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlTryEnterCriticalSection + E 7C901126 10 Bytes [ 01, 00, 04, 00, 0A, 00, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlTryEnterCriticalSection + 19 7C901131 10 Bytes [ F0, 0A, 00, 00, 04, 00, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlTryEnterCriticalSection + 24 7C90113C 3 Bytes [ 03, 00, 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlTryEnterCriticalSection + 2A 7C901142 2 Bytes [ 04, 00 ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrInitializeThunk 7C901166 14 Bytes [ 00, 00, 00, 00, 08, 00, 68, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrInitializeThunk + F 7C901175 29 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrInitializeThunk + 2D 7C901193 15 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlActivateActivationContextUnsafeFast + D 7C9011A5 15 Bytes [ 00, 00, 00, 70, F3, 04, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlActivateActivationContextUnsafeFast + 1E 7C9011B6 6 Bytes [ 00, 00, 00, 00, 00, 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlActivateActivationContextUnsafeFast + 26 7C9011BE 6 Bytes [ 00, 00, 00, 00, 00, 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlActivateActivationContextUnsafeFast + 2D 7C9011C5 4 Bytes [ 00, 00, 00, 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlActivateActivationContextUnsafeFast + 33 7C9011CB 12 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDeactivateActivationContextUnsafeFast + F 7C9011EC 6 Bytes [ 00, 04, 00, 00, 00, 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDeactivateActivationContextUnsafeFast + 16 7C9011F3 10 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDeactivateActivationContextUnsafeFast + 22 7C9011FF 8 Bytes [ 60, 2E, 64, 61, 74, 61, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDeactivateActivationContextUnsafeFast + 2C 7C901209 20 Bytes [ 4A, 00, 00, 00, B0, 07, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtCurrentTeb 7C90121E 3 Bytes [ 00, 00, 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtCurrentTeb + 6 7C901224 15 Bytes [ 40, 00, 00, C0, 2E, 72, 73, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInitString + F 7C901234 20 Bytes [ 00, 00, 08, 00, 00, C0, 02, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInitString + 25 7C90124A 18 Bytes [ 00, 00, 40, 00, 00, 40, 2E, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInitAnsiString 7C90125D 11 Bytes [ C0, 0A, 00, 00, 30, 00, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInitAnsiString + F 7C90126C 20 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInitAnsiString + 25 7C901282 5 Bytes [ 00, 00, 00, 00, 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInitAnsiString + 2C 7C901289 11 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInitUnicodeString 7C901295 11 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInitUnicodeString + F 7C9012A4 23 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInitUnicodeString + 28 7C9012BD 5 Bytes [ 00, 00, 00, 00, 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInitUnicodeString + 2F 7C9012C4 12 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_CIsin 7C9012D1 9 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_CIsin + B 7C9012DC 2 Bytes [ 00, 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_CIsin + 10 7C9012E1 11 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!sin + 9 7C9012EE 35 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!sin + 2D 7C901312 4 Bytes [ 00, 00, 00, 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!sin + 33 7C901318 2 Bytes [ 00, 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!sin + 38 7C90131D 9 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!sin + 43 7C901328 25 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_CIsqrt + B 7C90138A 2 Bytes [ 00, 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_CIsqrt + 10 7C90138F 11 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!sqrt + 9 7C90139C 22 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!sqrt + 21 7C9013B4 1 Byte [ 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!sqrt + 25 7C9013B8 11 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!sqrt + 31 7C9013C4 4 Bytes [ 00, 00, 00, 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!sqrt + 37 7C9013CA 2 Bytes [ 00, 00 ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_alldiv + 19 7C901454 27 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_alldiv + 35 7C901470 110 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_alldiv + A4 7C9014DF 5 Bytes [ 00, 00, 00, 00, 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_alldvrm 7C9014E5 27 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_alldvrm + 1C 7C901501 27 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_alldvrm + 38 7C90151D 140 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_alldvrm + C5 7C9015AA 19 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_alldvrm + D9 7C9015BE 5 Bytes [ 00, 00, 00, 00, 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_allmul 7C9015C4 24 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_allmul + 19 7C9015DD 26 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_alloca_probe 7C9015F8 1 Byte [ 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_alloca_probe + 2 7C9015FA 1 Byte [ 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_alloca_probe + 5 7C9015FD 10 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_alloca_probe + 10 7C901608 2 Bytes [ 00, 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_alloca_probe + 13 7C90160B 9 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_allrem + 18 7C90164D 26 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_allrem + 33 7C901668 123 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_allrem + AF 7C9016E4 4 Bytes [ 00, 00, 00, 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_allshl 7C9016E9 167 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_aulldvrm 7C901791 134 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_aulldvrm + 87 7C901818 13 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_aullrem 7C901826 112 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_aullrem + 71 7C901897 3 Bytes [ 00, 00, 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_aullshr 7C90189B 87 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_memccpy + 14 7C9018F5 76 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!atan + F 7C901943 2 Bytes [ 00, 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!atan + 14 7C901948 11 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!atan + 21 7C901955 31 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!atan + 41 7C901975 4 Bytes [ 00, 00, 00, 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!atan + 47 7C90197B 2 Bytes [ 00, 00 ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!ceil + 5 7C9019DC 3 Bytes [ 00, 00, 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!ceil + C 7C9019E3 3 Bytes [ 00, 00, 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!ceil + 10 7C9019E7 35 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!ceil + 34 7C901A0B 12 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!ceil + 41 7C901A18 1 Byte [ 00 ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!floor + 5 7C901B1D 3 Bytes [ 00, 00, 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!floor + C 7C901B24 3 Bytes [ 00, 00, 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!floor + 10 7C901B28 48 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!floor + 41 7C901B59 1 Byte [ 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!floor + 44 7C901B5C 5 Bytes [ 00, 00, 00, 00, 00 ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!memchr 7C901C60 22 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!memchr + 19 7C901C79 15 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!memchr + 2B 7C901C8B 68 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!memchr + 70 7C901CD0 84 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!memcmp + 20 7C901D27 86 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!memcmp + 7A 7C901D81 32 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!memcmp + 9C 7C901DA3 1 Byte [ 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!memcmp + 9E 7C901DA5 2 Bytes [ 00, 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!memcmp + A2 7C901DA9 1 Byte [ 00 ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!memcpy + 20 7C901DD3 3 Bytes [ 00, 00, 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!memcpy + 26 7C901DD9 18 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!memcpy + 39 7C901DEC 7 Bytes [ 00, 00, 00, 00, 00, 00, 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!memcpy + 43 7C901DF6 83 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!memcpy + 97 7C901E4A 5 Bytes [ 00, 00, 00, 00, 00 ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!memmove + 7F 7C902174 102 Bytes [ 00, 90, 55, 8B, EC, 56, 57, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!memmove + E6 7C9021DB 57 Bytes [ 90, 90, 8B, FF, 55, 8B, EC, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!memmove + 120 7C902215 27 Bytes [ FF, 8B, 44, 24, 04, CC, C2, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!memmove + 13E 7C902233 135 Bytes [ 00, 89, 7A, 04, 0B, FF, 74, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!memmove + 1C6 7C9022BB 8 Bytes [ 00, 00, 76, 05, B9, FE, FF, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!memset + 1B 7C902450 1 Byte [ DA ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!memset + 1D 7C902452 19 Bytes [ D8, 00, 89, 44, 24, 14, 89, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!memset + 31 7C902466 34 Bytes [ 54, 24, 18, F7, D8, F7, DA, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!memset + 54 7C902489 9 Bytes [ D8, 8B, 44, 24, 10, F7, F1, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!strcpy + 6 7C902493 75 Bytes [ 41, 8B, D8, 8B, 4C, 24, 18, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!strcat + 42 7C9024DF 5 Bytes [ 5B, 5E, 5F, C2, 10 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!strcat + 48 7C9024E5 49 Bytes [ 57, 56, 55, 33, FF, 33, ED, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!strcat + 7A 7C902517 30 Bytes [ D8, F7, DA, 83, D8, 00, 89, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!strcat + 99 7C902536 19 Bytes [ D8, 8B, 44, 24, 10, F7, F1, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!strcat + AD 7C90254A 43 Bytes [ 64, 24, 18, 03, D1, EB, 47, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!strcmp + 7 7C90258A 43 Bytes [ 10, 76, 09, 4E, 2B, 44, 24, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!strcmp + 33 7C9025B6 24 Bytes [ 07, F7, DA, F7, D8, 83, DA, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!strcmp + 4C 7C9025CF 52 Bytes [ 4C, 24, 0C, 75, 09, 8B, 44, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!strcmp + 81 7C902604 5 Bytes [ C0, 04, 85, 00, 94 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!strcspn + 2 7C90260A 30 Bytes [ 00, 50, C3, 51, 8D, 4C, 24, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!strcspn + 21 7C902629 35 Bytes [ C4, 85, 01, 8B, E1, 8B, 08, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!strlen + 8 7C90264D 78 Bytes [ 89, 44, 24, 10, 89, 54, 24, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!strlen + 57 7C90269C 1 Byte [ 44 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!strlen + 59 7C90269E 19 Bytes [ 0C, D1, EB, D1, D9, D1, EA, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!strlen + 6D 7C9026B2 42 Bytes [ 18, 91, F7, 64, 24, 14, 03, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!strncat + 1D 7C9026DD 47 Bytes [ F7, DA, F7, D8, 83, DA, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!strncat + 4D 7C90270D 30 Bytes [ 80, F9, 20, 73, 06, 0F, AD, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!strncat + 6C 7C90272C 1 Byte [ 44 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!strncat + 6E 7C90272E 9 Bytes [ 18, 0B, C0, 75, 18, 8B, 4C, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!strncat + 78 7C902738 34 Bytes [ 44, 24, 10, 33, D2, F7, F1, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!strncmp + 2 7C9027E7 268 Bytes [ 44, 24, 10, F7, E6, 03, D1, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!strncpy + D8 7C9028F5 169 Bytes [ 8B, 44, 24, 0C, 8B, 74, 24, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!strspn + 22 7C90299F 36 Bytes [ EB, DD, D8, DB, 2D, 72, B0, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!strspn + 48 7C9029C5 2 Bytes [ BA, 0F ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!strspn + 4D 7C9029CA 67 Bytes [ 8D, 0D, 50, B0, 97, 7C, E8, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!tan + 40 7C902A0E 205 Bytes [ 66, 0F, FA, D0, 66, 0F, D3, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInterlockedPushListSList + C 7C902ADC 8 Bytes [ 00, 00, F0, 3F, 33, 04, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInterlockedPushListSList + 16 7C902AE6 1 Byte [ 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInterlockedPushListSList + 18 7C902AE8 8 Bytes [ 33, 04, 00, 00, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInterlockedPushListSList + 21 7C902AF1 6 Bytes [ 00, 00, 00, 00, 00, 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFirstEntrySList 7C902AF8 5 Bytes [ 00, 00, 00, 00, 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFirstEntrySList + 6 7C902AFE 5 Bytes [ 00, 00, FF, 07, 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFirstEntrySList + C 7C902B04 68 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUlonglongByteSwap + 9 7C902B49 30 Bytes [ 54, 05, 50, 1C, 90, 7C, 66, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCompareMemory + 15 7C902B68 52 Bytes [ CA, 3D, 32, 04, 00, 00, 7F, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCompareMemory + 4A 7C902B9D 16 Bytes CALL 7C971475 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCompareMemoryUlong + C 7C902BAF 24 Bytes [ 04, 66, 0F, F3, CA, 66, 0F, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCompareMemoryUlong + 26 7C902BC9 61 Bytes [ 7F, B0, 66, 0F, 54, 05, 10, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFillMemory + 34 7C902C07 9 Bytes [ 04, C3, 90, 90, 90, 90, 90, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFillMemory + 3F 7C902C12 39 Bytes [ 00, 00, 00, 00, F0, 3F, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFillMemory + 67 7C902C3A 3 Bytes [ 00, 00, 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFillMemory + 6B 7C902C3E 2 Bytes [ 30, 43 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFillMemory + 6E 7C902C41 23 Bytes [ 00, 00, 00, 00, 00, 00, 80, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFillMemoryUlong + 16 7C902C59 4 Bytes [ 00, 00, 00, 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFillMemoryUlong + 1D 7C902C60 9 Bytes [ 8B, 44, 24, 0C, 53, 85, C0, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlZeroMemory + 6 7C902C6A 1 Byte [ 54 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlZeroMemory + 8 7C902C6C 1 Byte [ 08 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlZeroMemory + A 7C902C6E 44 Bytes [ DB, 8A, 5C, 24, 0C, F7, C2, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlMoveMemory + 7 7C902C9B 183 Bytes [ FB, C1, E3, 10, 03, DF, EB, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlMoveMemory + BF 7C902D53 60 Bytes [ C3, 8B, C8, 83, E0, 03, C1, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlMoveMemory + FC 7C902D90 95 Bytes [ 0F, 3A, D1, 75, E7, 48, 74, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlMoveMemory + 15C 7C902DF0 109 Bytes [ C7, BA, 03, 00, 00, 00, 83, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlMoveMemory + 1CA 7C902E5E 37 Bytes [ 01, 83, C6, 02, 83, C7, 02, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlLargeIntegerShiftRight + 1F 7C9031D9 95 Bytes [ 22, 90, 7C, 1C, 22, 90, 7C, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlConvertLongToLargeInteger + 3 7C903239 5 Bytes [ 95, 40, 22, 90, 7C ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlConvertUlongToLargeInteger + 1 7C90323F 11 Bytes [ FF, 50, 22, 90, 7C, 58, 22, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlConvertUlongToLargeInteger + E 7C90324C 2 Bytes [ 78, 22 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlConvertUlongToLargeInteger + 11 7C90324F 40 Bytes [ 7C, 8B, 45, 08, 5E, 5F, C9, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlConvertUlongToLargeInteger + 3A 7C903278 38 Bytes [ 8A, 06, 88, 07, 8A, 46, 01, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlConvertUlongToLargeInteger + 61 7C90329F 23 Bytes JMP 8072B5A6
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCaptureContext + 52 7C90336C 80 Bytes [ 8C, 23, 90, 7C, 94, 23, 90, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCaptureContext + A3 7C9033BD 10 Bytes [ 44, 8E, 04, 89, 44, 8F, 04, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCaptureContext + AE 7C9033C8 19 Bytes [ 00, 00, 00, 03, F0, 03, F8, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCaptureContext + C2 7C9033DC 27 Bytes [ 90, 90, 90, 90, F0, 23, 90, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCaptureContext + DE 7C9033F8 49 Bytes [ 8A, 46, 03, 88, 47, 03, 8B, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtAreMappedFilesTheSame + F 7C90CF6F 20 Bytes [ 5A, 77, 51, 75, 65, 72, 79, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtCallbackReturn + 4 7C90CF84 98 Bytes [ 5A, 77, 51, 75, 65, 72, 79, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtCloseObjectAuditAlarm + 7 7C90CFE7 124 Bytes [ 5A, 77, 51, 75, 65, 72, 79, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtCreateDirectoryObject + 4 7C90D064 48 Bytes [ 5A, 77, 51, 75, 65, 72, 79, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtCreateFile + 5 7C90D095 77 Bytes [ 5A, 77, 51, 75, 65, 72, 79, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtCreateMailslotFile + 3 7C90D0E3 27 Bytes [ 5A, 77, 51, 75, 65, 72, 79, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtCreateMutant + F 7C90D0FF 117 Bytes [ 5A, 77, 51, 75, 65, 72, 79, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtCreateSemaphore + 5 7C90D175 94 Bytes [ 5A, 77, 51, 75, 65, 72, 79, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtDebugActiveProcess + 4 7C90D1D4 31 Bytes [ 5A, 77, 51, 75, 65, 72, 79, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtDelayExecution + 4 7C90D1F4 42 Bytes [ 5A, 77, 51, 75, 65, 72, 79, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtDeleteBootEntry + F 7C90D21F 35 Bytes [ 5A, 77, 51, 75, 65, 72, 79, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtDeleteObjectAuditAlarm + 3 7C90D243 15 Bytes [ 5A, 77, 51, 75, 65, 72, 79, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtDeleteValueKey + 3 7C90D253 49 Bytes [ 5A, 77, 51, 75, 65, 72, 79, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtDuplicateObject + 5 7C90D285 33 Bytes [ 5A, 77, 51, 75, 65, 75, 65, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtEnumerateBootEntries + 7 7C90D2A7 27 Bytes [ 5A, 77, 52, 61, 69, 73, 65, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtEnumerateSystemEnvironmentValuesEx + 3 7C90D2C3 17 Bytes [ 5A, 77, 52, 65, 61, 64, 46, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtEnumerateValueKey + 5 7C90D2D5 17 Bytes [ 5A, 77, 52, 65, 61, 64, 52, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtExtendSection + 7 7C90D2E7 125 Bytes [ 5A, 77, 52, 65, 61, 64, 56, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtFreeUserPhysicalPages + 5 7C90D365 45 Bytes [ 5A, 77, 52, 65, 6D, 6F, 76, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtGetContextThread + 3 7C90D393 11 Bytes [ 5A, 77, 52, 65, 70, 6C, 79, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtGetContextThread + F 7C90D39F 47 Bytes [ 5A, 77, 52, 65, 70, 6C, 79, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtGetWriteWatch + F 7C90D3CF 20 Bytes [ 5A, 77, 52, 65, 70, 6C, 79, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtImpersonateClientOfPort + 4 7C90D3E4 58 Bytes [ 5A, 77, 52, 65, 71, 75, 65, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtInitiatePowerAction + F 7C90D41F 35 Bytes [ 5A, 77, 52, 65, 71, 75, 65, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtListenPort + 3 7C90D443 17 Bytes [ 5A, 77, 52, 65, 73, 65, 74, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtLoadDriver + 5 7C90D455 65 Bytes [ 5A, 77, 52, 65, 73, 74, 6F, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtLockProductActivationKeys + 7 7C90D497 92 Bytes [ 5A, 77, 53, 61, 76, 65, 4D, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtMapUserPhysicalPagesScatter + 4 7C90D4F4 47 Bytes [ 5A, 77, 53, 65, 74, 44, 65, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtNotifyChangeDirectoryFile + 4 7C90D524 13 Bytes [ 5A, 77, 53, 65, 74, 44, 65, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtNotifyChangeKey + 2 7C90D532 4 Bytes [ 63, 61, 6C, 65 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtNotifyChangeKey + 7 7C90D537 45 Bytes [ 5A, 77, 53, 65, 74, 44, 65, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtOpenEvent + 5 7C90D565 28 Bytes [ 5A, 77, 53, 65, 74, 45, 76, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtOpenFile + 2 7C90D582 31 Bytes [ 48, 69, 67, 68, 45, 76, 65, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtOpenJobObject + 2 7C90D5A2 82 Bytes [ 65, 6E, 74, 50, 61, 69, 72, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtOpenProcessToken + 5 7C90D5F5 89 Bytes [ 5A, 77, 53, 65, 74, 49, 6E, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtOpenThread + F 7C90D64F 21 Bytes [ 5A, 77, 53, 65, 74, 49, 6E, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtOpenThreadTokenEx + 5 7C90D665 225 Bytes [ 5A, 77, 53, 65, 74, 49, 6E, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtQueryDefaultUILanguage + 7 7C90D747 63 Bytes [ 5A, 77, 53, 65, 74, 53, 79, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtQueryEvent + 7 7C90D787 31 Bytes [ 5A, 77, 53, 65, 74, 54, 69, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtQueryInformationAtom + 7 7C90D7A7 13 Bytes [ 5A, 77, 53, 65, 74, 55, 75, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtQueryInformationFile + 5 7C90D7B5 13 Bytes [ 5A, 77, 53, 65, 74, 56, 61, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtQueryInformationJobObject + 3 7C90D7C3 43 Bytes [ 5A, 77, 53, 65, 74, 56, 6F, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtQueryInformationProcess + F 7C90D7EF 183 Bytes [ 5A, 77, 53, 69, 67, 6E, 61, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtQueryQuotaInformationFile + 7 7C90D8A7 12 Bytes [ 5A, 77, 54, 72, 61, 63, 65, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtQuerySection + 4 7C90D8B4 34 Bytes [ 5A, 77, 54, 72, 61, 6E, 73, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtQuerySemaphore + 7 7C90D8D7 11 Bytes [ 5A, 77, 55, 6E, 6C, 6F, 61, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtQuerySymbolicLinkObject + 3 7C90D8E3 48 Bytes [ 5A, 77, 55, 6E, 6C, 6F, 61, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtQuerySystemInformation + 4 7C90D914 98 Bytes [ 5A, 77, 55, 6E, 6D, 61, 70, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtQueryVolumeInformationFile + 7 7C90D977 60 Bytes [ 5A, 77, 57, 61, 69, 74, 46, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtReadFile + 4 7C90D9B4 48 Bytes [ 5A, 77, 57, 72, 69, 74, 65, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtReadVirtualMemory + 5 7C90D9E5 65 Bytes [ 5A, 77, 57, 72, 69, 74, 65, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtRemoveIoCompletion + 7 7C90DA27 7 Bytes [ 5F, 43, 49, 73, 71, 72, 74 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtRemoveIoCompletion + F 7C90DA2F 55 Bytes [ 5F, 5F, 69, 73, 61, 73, 63, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtReplyPort + 7 7C90DA67 7 Bytes [ 5F, 61, 6C, 6C, 6D, 75, 6C ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtReplyPort + F 7C90DA6F 21 Bytes [ 5F, 61, 6C, 6C, 6F, 63, 61, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtReplyWaitReceivePortEx + 5 7C90DA85 15 Bytes [ 5F, 61, 6C, 6C, 73, 68, 6C, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtReplyWaitReplyPort + 5 7C90DA95 61 Bytes [ 5F, 61, 74, 6F, 69, 36, 34, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtRequestWakeupLatency + 3 7C90DAD3 27 Bytes [ 5F, 66, 74, 6F, 6C, 00, 5F, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtResetEvent + F 7C90DAEF 5 Bytes [ 5F, 69, 74, 6F, 77 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtResetWriteWatch + 5 7C90DAF5 46 Bytes [ 5F, 6C, 66, 69, 6E, 64, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtResumeThread + 4 7C90DB24 10 Bytes [ 5F, 73, 6E, 77, 70, 72, 69, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtResumeThread + F 7C90DB2F 19 Bytes [ 5F, 73, 70, 6C, 69, 74, 70, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtSaveKeyEx + 3 7C90DB43 16 Bytes [ 5F, 73, 74, 72, 69, 63, 6D, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtSaveMergedKeys + 4 7C90DB54 26 Bytes [ 5F, 73, 74, 72, 6E, 69, 63, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtSecureConnectPort + F 7C90DB6F 51 Bytes [ 5F, 74, 6F, 75, 70, 70, 65, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtSetDebugFilterState + 3 7C90DBA3 11 Bytes [ 5F, 76, 73, 6E, 77, 70, 72, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtSetDebugFilterState + F 7C90DBAF 63 Bytes [ 5F, 77, 63, 73, 69, 63, 6D, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtSetEaFile + F 7C90DBEF 4 Bytes [ 61, 74, 6F, 69 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtSetEvent + 4 7C90DBF4 26 Bytes [ 61, 74, 6F, 6C, 00, 62, 73, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtSetEventBoostPriority + F 7C90DC0F 5 Bytes [ 66, 6C, 6F, 6F, 72 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtSetHighEventPair + 5 7C90DC15 15 Bytes [ 69, 73, 61, 6C, 6E, 75, 6D, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtSetHighWaitLowEventPair + 5 7C90DC25 15 Bytes [ 69, 73, 63, 6E, 74, 72, 6C, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtSetInformationDebugObject + 5 7C90DC35 15 Bytes [ 69, 73, 67, 72, 61, 70, 68, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtSetInformationFile + 5 7C90DC45 15 Bytes [ 69, 73, 70, 72, 69, 6E, 74, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtSetInformationJobObject + 5 7C90DC55 15 Bytes [ 69, 73, 73, 70, 61, 63, 65, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtSetInformationKey + 5 7C90DC65 17 Bytes [ 69, 73, 77, 61, 6C, 70, 68, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtSetInformationObject + 7 7C90DC77 45 Bytes [ 69, 73, 77, 64, 69, 67, 69, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtSetInformationToken + 5 7C90DCA5 17 Bytes [ 6C, 61, 62, 73, 00, 6C, 6F, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtSetIntervalProfile + 7 7C90DCB7 13 Bytes [ 6D, 65, 6D, 63, 68, 72, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtSetIoCompletion + 5 7C90DCC5 14 Bytes [ 6D, 65, 6D, 63, 70, 79, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtSetLdtEntries + 4 7C90DCD4 10 Bytes [ 6D, 65, 6D, 73, 65, 74, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtSetLdtEntries + F 7C90DCDF 5 Bytes [ 71, 73, 6F, 72, 74 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtSetLowEventPair + 5 7C90DCE5 30 Bytes [ 73, 69, 6E, 00, 73, 70, 72, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtSetQuotaInformationFile + 4 7C90DD04 82 Bytes [ 73, 74, 72, 63, 68, 72, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtSetSystemPowerState + 7 7C90DD57 13 Bytes [ 73, 74, 72, 73, 74, 72, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtSetSystemTime + 5 7C90DD65 45 Bytes [ 73, 74, 72, 74, 6F, 75, 6C, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtSetTimerResolution + 3 7C90DD93 51 Bytes [ 74, 6F, 77, 75, 70, 70, 65, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtSetVolumeInformationFile + 7 7C90DDC7 13 Bytes [ 77, 63, 73, 63, 61, 74, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtShutdownSystem + 5 7C90DDD5 13 Bytes [ 77, 63, 73, 63, 6D, 70, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtSignalAndWaitForSingleObject + 3 7C90DDE3 75 Bytes [ 77, 63, 73, 63, 73, 70, 6E, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtSuspendThread + F 7C90DE2F 17 Bytes [ 77, 63, 73, 74, 6F, 6D, 62, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtTerminateJobObject + 2 7C90DE42 1 Byte [ 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtTerminateJobObject + D 7C90DE4D 1 Byte [ 18 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtTerminateProcess + 2 7C90DE52 1 Byte [ 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtTerminateProcess + D 7C90DE5D 1 Byte [ 20 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtTerminateThread + 2 7C90DE62 1 Byte [ 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtTerminateThread + D 7C90DE6D 1 Byte [ 2C ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtTestAlert + 2 7C90DE72 1 Byte [ 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtTestAlert + C 7C90DE7C 4 Bytes [ C2, 2C, 00, 90 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtTraceEvent + 2 7C90DE82 1 Byte [ 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtTraceEvent + D 7C90DE8D 1 Byte [ 40 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtTranslateFilePath + 2 7C90DE92 1 Byte [ 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtTranslateFilePath + D 7C90DE9D 1 Byte [ 2C ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtUnloadDriver + 2 7C90DEA2 1 Byte [ 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtUnloadDriver + D 7C90DEAD 1 Byte [ 40 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtUnloadKey + 2 7C90DEB2 1 Byte [ 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtUnloadKey + D 7C90DEBD 1 Byte [ 44 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtUnloadKeyEx + 2 7C90DEC2 1 Byte [ 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtUnloadKeyEx + D 7C90DECD 1 Byte [ 0C ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtUnlockFile + 2 7C90DED2 1 Byte [ 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtUnlockFile + D 7C90DEDD 1 Byte [ 08 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtUnlockVirtualMemory + 2 7C90DEE2 1 Byte [ 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtUnlockVirtualMemory + D 7C90DEED 1 Byte [ 18 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtUnmapViewOfSection + 2 7C90DEF2 1 Byte [ 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtUnmapViewOfSection + D 7C90DEFD 1 Byte [ 18 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtVdmControl + 2 7C90DF02 1 Byte [ 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtWaitForDebugEvent + 2 7C90DF12 1 Byte [ 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtWaitForDebugEvent + D 7C90DF1D 1 Byte [ 04 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtWaitForMultipleObjects + 2 7C90DF22 1 Byte [ 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtWaitForMultipleObjects + D 7C90DF2D 1 Byte [ 04 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtWaitForSingleObject + 2 7C90DF32 1 Byte [ 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtWaitHighEventPair + 2 7C90DF42 1 Byte [ 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtWaitHighEventPair + D 7C90DF4D 1 Byte [ 10 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtWaitLowEventPair + 2 7C90DF52 1 Byte [ 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtWaitLowEventPair + D 7C90DF5D 1 Byte [ 18 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtWriteFile + 2 7C90DF62 1 Byte [ 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtWriteFile + D 7C90DF6D 1 Byte [ 08 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtWriteFileGather + 2 7C90DF72 1 Byte [ 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtWriteFileGather + D 7C90DF7D 1 Byte [ 08 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtWriteRequestData + 2 7C90DF82 1 Byte [ 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtWriteRequestData + D 7C90DF8D 1 Byte [ 0C ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtWriteVirtualMemory + 2 7C90DF92 1 Byte [ 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtWriteVirtualMemory + D 7C90DF9D 1 Byte [ 04 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtYieldExecution + 2 7C90DFA2 1 Byte [ 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtYieldExecution + C 7C90DFAC 4 Bytes [ C2, 08, 00, 90 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtCreateKeyedEvent + 2 7C90DFB2 1 Byte [ 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtCreateKeyedEvent + D 7C90DFBD 1 Byte [ 08 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtOpenKeyedEvent + 2 7C90DFC2 1 Byte [ 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtOpenKeyedEvent + D 7C90DFCD 1 Byte [ 04 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtReleaseKeyedEvent + 2 7C90DFD2 1 Byte [ 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtReleaseKeyedEvent + D 7C90DFDD 1 Byte [ 04 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtWaitForKeyedEvent + 2 7C90DFE2 1 Byte [ 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtWaitForKeyedEvent + D 7C90DFED 1 Byte [ 0C ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtQueryPortInformationProcess + 2 7C90DFF2 1 Byte [ 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtQueryPortInformationProcess + C 7C90DFFC 3 Bytes [ C2, 08, 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!pow + 3 7C90E000 3 Bytes [ B8, 1C, 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_CIpow + 2 7C90E004 18 Bytes [ 00, BA, 00, 03, FE, 7F, FF, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_CIpow + 15 7C90E017 13 Bytes [ 03, FE, 7F, FF, 12, C2, 04, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_CIpow + 23 7C90E025 33 Bytes [ BA, 00, 03, FE, 7F, FF, 12, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_CIpow + 45 7C90E047 2 Bytes [ 03, FE ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_CIpow + 48 7C90E04A 4 Bytes [ FF, 12, C2, 08 ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!KiUserApcDispatcher 7C90E430 98 Bytes [ B8, 5F, 00, 00, 00, BA, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!KiUserExceptionDispatcher + 37 7C90E493 11 Bytes [ 00, 00, BA, 00, 03, FE, 7F, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!KiUserExceptionDispatcher + 43 7C90E49F 3 Bytes [ 90, B8, 66 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!KiUserExceptionDispatcher + 49 7C90E4A5 17 Bytes [ BA, 00, 03, FE, 7F, FF, 12, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!KiRaiseUserExceptionDispatcher + F 7C90E4B7 15 Bytes [ 03, FE, 7F, FF, 12, C2, 10, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!KiRaiseUserExceptionDispatcher + 1F 7C90E4C7 7 Bytes [ 03, FE, 7F, FF, 12, C2, 04 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!KiRaiseUserExceptionDispatcher + 27 7C90E4CF 7 Bytes [ 90, B8, 69, 00, 00, 00, BA ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!KiRaiseUserExceptionDispatcher + 2F 7C90E4D7 7 Bytes [ 03, FE, 7F, FF, 12, C2, 04 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!KiRaiseUserExceptionDispatcher + 37 7C90E4DF 83 Bytes [ 90, B8, 6A, 00, 00, 00, BA, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlRaiseException + 2B 7C90E533 3 Bytes [ 00, 00, BA ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlRaiseException + 2F 7C90E537 7 Bytes [ 03, FE, 7F, FF, 12, C2, 28 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlRaiseException + 37 7C90E53F 3 Bytes [ 90, B8, 70 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlRaiseException + 3D 7C90E545 13 Bytes [ BA, 00, 03, FE, 7F, FF, 12, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlRaiseException + 4C 7C90E554 2 Bytes [ 00, BA ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_CIcos + F 7C90E5D5 49 Bytes [ BA, 00, 03, FE, 7F, FF, 12, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!cos + 2D 7C90E607 13 Bytes [ 03, FE, 7F, FF, 12, C2, 10, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!cos + 3B 7C90E615 41 Bytes [ BA, 00, 03, FE, 7F, FF, 12, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!cos + 65 7C90E63F 17 Bytes [ 90, B8, 80, 00, 00, 00, BA, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!cos + 77 7C90E651 1 Byte [ 81 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!cos + 7B 7C90E655 15 Bytes [ BA, 00, 03, FE, 7F, FF, 12, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_CIlog + 2 7C90E684 14 Bytes [ 00, BA, 00, 03, FE, 7F, FF, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_CIlog + 12 7C90E694 46 Bytes [ 00, BA, 00, 03, FE, 7F, FF, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_CIlog + 43 7C90E6C5 15 Bytes [ BA, 00, 03, FE, 7F, FF, 12, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_CIlog + 53 7C90E6D5 5 Bytes [ BA, 00, 03, FE, 7F ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_CIlog + 59 7C90E6DB 8 Bytes [ 12, C2, 14, 00, 90, B8, 8A, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!strstr + 89 7C90E7E7 27 Bytes [ 03, FE, 7F, FF, 12, C2, 14, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!strchr + 16 7C90E803 16 Bytes [ 00, 00, BA, 00, 03, FE, 7F, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!strchr + 28 7C90E815 19 Bytes [ BA, 00, 03, FE, 7F, FF, 12, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!strchr + 3C 7C90E829 26 Bytes [ 7F, FF, 12, C2, 08, 00, 90, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!strchr + 57 7C90E844 84 Bytes [ 00, BA, 00, 03, FE, 7F, FF, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!strchr + AC 7C90E899 25 Bytes [ 7F, FF, 12, C2, 08, 00, 90, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAnsiStringToUnicodeString + 18 7C90EB33 11 Bytes [ 00, 00, BA, 00, 03, FE, 7F, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAnsiStringToUnicodeString + 24 7C90EB3F 5 Bytes [ 90, B8, D0, 00, 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAnsiStringToUnicodeString + 2A 7C90EB45 17 Bytes [ BA, 00, 03, FE, 7F, FF, 12, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAnsiStringToUnicodeString + 3C 7C90EB57 43 Bytes [ 03, FE, 7F, FF, 12, C2, 0C, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAnsiStringToUnicodeString + 68 7C90EB83 43 Bytes [ 00, 00, BA, 00, 03, FE, 7F, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlMultiByteToUnicodeN + 25 7C90ECBF 68 Bytes CALL 3690ECC4
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlMultiByteToUnicodeN + 6B 7C90ED05 254 Bytes [ BA, 00, 03, FE, 7F, FF, 12, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlMultiByteToUnicodeN + 16B 7C90EE05 30 Bytes [ BA, 00, 03, FE, 7F, FF, 12, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlMultiByteToUnicodeN + 18A 7C90EE24 31 Bytes [ 00, BA, 00, 03, FE, 7F, FF, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlMultiByteToUnicodeN + 1AA 7C90EE44 15 Bytes [ 00, BA, 00, 03, FE, 7F, FF, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlNtStatusToDosError + 43 7C90F650 20 Bytes [ B8, 01, 00, 00, 00, 83, 3D, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlNtStatusToDosErrorNoTeb + C 7C90F665 4 Bytes [ 00, 00, 8D, 0D ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlNtStatusToDosErrorNoTeb + 11 7C90F66A 144 Bytes CALL 7C90F3EC C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlNtStatusToDosErrorNoTeb + A2 7C90F6FB 25 Bytes [ 75, 1D, 83, 7C, 24, 08, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlNtStatusToDosErrorNoTeb + BD 7C90F716 1 Byte [ 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlNtStatusToDosErrorNoTeb + BF 7C90F718 13 Bytes CALL 7C90F23D C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAddRefActivationContext + 6 7C90FBB8 24 Bytes [ B0, 00, C1, 97, 7C, 4F, FF, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAddRefActivationContext + 20 7C90FBD2 13 Bytes [ F6, 03, C6, 66, 8B, 04, 43, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAddRefActivationContext + 2E 7C90FBE0 11 Bytes [ 4D, 18, EB, 10, 8B, 35, C0, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAddRefActivationContext + 3A 7C90FBEC 28 Bytes [ 04, 30, 66, 89, 01, 41, 41, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAddRefActivationContext + 57 7C90FC09 62 Bytes [ 00, 00, 2B, 4D, 08, 89, 08, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlQueryInformationActivationContext + 4F 7C90FD01 109 Bytes [ 26, 43, 00, 00, 5F, 5E, 33, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlQueryInformationActivationContext + BD 7C90FD6F 106 Bytes [ 34, 71, 66, 89, 70, 08, 0F, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlQueryInformationActivationContext + 128 7C90FDDA 15 Bytes JMP 15051400
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlQueryInformationActivationContext + 138 7C90FDEA 17 Bytes [ 17, 05, 60, 04, F6, 03, 61, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlQueryInformationActivationContext + 14A 7C90FDFC 8 Bytes [ 00, 80, E6, 03, 00, 00, 03, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGetLastWin32Error + 4 7C90FE05 20 Bytes [ 80, 04, 00, 00, 80, EA, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlRestoreLastWin32Error + A 7C90FE1A 127 Bytes [ 15, 00, AA, 00, 03, 01, FE, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInitUnicodeStringEx + 25 7C90FE9A 3 Bytes [ E6, 03, E7 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInitUnicodeStringEx + 29 7C90FE9E 20 Bytes JMP D391BFA6
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInitUnicodeStringEx + 3E 7C90FEB3 15 Bytes [ 00, 01, 00, 00, 00, 26, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInitUnicodeStringEx + 4E 7C90FEC3 12 Bytes [ 00, F9, 06, 00, 00, 1B, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInitUnicodeStringEx + 5B 7C90FED0 11 Bytes [ 08, 00, 00, 00, E7, 01, 00, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGetNtGlobalFlags + 5 7C90FF00 17 Bytes [ 7A, 00, 00, 00, 06, 00, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFreeHeap + 5 7C90FF12 32 Bytes [ 00, 00, 2B, 00, 00, C0, E7, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFreeHeap + 26 7C90FF33 2 Bytes [ 00, A1 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFreeHeap + 29 7C90FF36 4 Bytes [ 00, 00, 5D, 04 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFreeHeap + 2F 7C90FF3C 6 Bytes [ 5D, 04, 00, 00, 17, 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFreeHeap + 36 7C90FF43 27 Bytes [ 00, 17, 00, 00, 00, 08, 00, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAllocateHeap + 4 7C9100A8 25 Bytes [ EE, 03, 00, 00, 40, 05, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAllocateHeap + 1E 7C9100C2 21 Bytes [ 00, 00, E7, 01, 00, 00, E7, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAllocateHeap + 34 7C9100D8 6 Bytes [ 41, 05, 00, 00, 42, 05 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAllocateHeap + 3C 7C9100E0 6 Bytes [ 43, 05, 00, 00, 44, 05 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAllocateHeap + 44 7C9100E8 5 Bytes [ 45, 05, 00, 00, 57 ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAcquirePebLock + 5 7C9103F2 12 Bytes [ 00, 00, E7, 04, 00, 00, E6, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAcquirePebLock + 12 7C9103FF 55 Bytes [ 00, 74, 10, 00, 00, 6E, 10, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlReleasePebLock + 6 7C910437 35 Bytes [ 00, 43, 03, 09, 80, 7D, 17, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFreeAnsiString + 15 7C91045B 4 Bytes [ 00, EC, 04, EC ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFreeAnsiString + 1A 7C910460 9 Bytes [ EC, 04, EC, 04, FB, 04, FB, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFreeAnsiString + 24 7C91046A 17 Bytes [ 6B, 00, 10, 80, 6C, 00, 10, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFreeAnsiString + 36 7C91047C 7 Bytes [ 09, 80, 2C, 00, 10, 80, 16 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFreeAnsiString + 3E 7C910484 29 Bytes [ 09, 80, 2F, 00, 10, 80, F1, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlReleaseActivationContext + 13 7C91053A 25 Bytes [ 1B, 07, 1C, 07, 1D, 07, 1E, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlReleaseActivationContext + 2D 7C910554 66 Bytes [ 06, 00, F1, 06, F2, 06, F3, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!wcsncpy + 38 7C910597 241 Bytes [ 1B, 6E, 1B, 6F, 1B, 70, 1B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!wcsncpy + 12A 7C910689 79 Bytes [ F0, 81, F9, 00, 00, 00, D0, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!wcsncpy + 17A 7C9106D9 34 Bytes [ 7C, 3B, D3, 0F, 83, 24, DD, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!wcsncpy + 19D 7C9106FC 27 Bytes [ B7, 04, 75, D8, ED, 90, 7C, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!wcsncpy + 1B9 7C910718 53 Bytes [ 03, 01, 00, 00, 01, 00, 01, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDeleteCriticalSection + 6D 7C9113C7 7 Bytes [ 55, 08, 66, 83, FA, 61, 72 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDeleteCriticalSection + 75 7C9113CF 25 Bytes [ 66, 83, FA, 7A, 0F, 87, 18, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDeleteCriticalSection + 8F 7C9113E9 90 Bytes [ 90, 90, 90, 90, 6A, 18, 68, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDeleteCriticalSection + EC 7C911446 91 Bytes [ 8B, FF, 55, 8B, EC, 57, 8B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDeleteCriticalSection + 148 7C9114A2 32 Bytes [ 00, 00, FF, 75, 08, 8B, 40, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInitializeCriticalSectionAndSpinCount + 4E 7C911548 102 Bytes [ 0F, C1, 06, 48, 89, 45, 08, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInitializeCriticalSectionAndSpinCount + B5 7C9115AF 37 Bytes [ BF, 20, B4, 97, 7C, 33, DB, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlLogStackBackTrace + 21 7C9115D5 2 Bytes [ 17, CC ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlLogStackBackTrace + 25 7C9115D9 8 Bytes [ 85, C0, 75, D9, 57, E8, 1D, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlLogStackBackTrace + 2F 7C9115E3 38 Bytes [ F6, 46, 0C, 40, 0F, 84, 16, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInitializeCriticalSection + D 7C91160A 20 Bytes CALL 7C90E7F0 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInitializeCriticalSection + 22 7C91161F 47 Bytes [ FF, FF, 0D, F0, B0, 97, 7C, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInitializeCriticalSection + 52 7C91164F 3 Bytes [ 86, 58, FC ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInitializeCriticalSection + 57 7C911654 16 Bytes [ 83, F8, 01, 0F, 86, 4F, FC, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInitializeCriticalSection + 68 7C911665 4 Bytes [ FF, 55, 8B, EC ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlTimeToTimeFields + 18 7C911EF5 124 Bytes [ 8B, 4A, 04, 89, 8D, EC, FE, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlTimeToTimeFields + 95 7C911F72 76 Bytes [ 84, B1, FC, FF, FF, 8B, 45, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlTimeToTimeFields + E2 7C911FBF 11 Bytes [ B5, 20, FF, FF, FF, 83, B8, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlTimeToTimeFields + EE 7C911FCB 5 Bytes [ 0F, 85, E0, 0D, 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlTimeToTimeFields + F4 7C911FD1 58 Bytes [ 8B, 06, 8B, C8, 89, 8D, 70, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrFindResource_U + 11 7C912778 28 Bytes [ FF, 89, 39, 89, 4F, 04, 3B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrAccessResource + D 7C912795 6 Bytes [ 47, D3, E7, 89, BD, 50 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrAccessResource + 15 7C91279D 17 Bytes [ FF, 8D, BC, 1A, 58, 01, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrAccessResource + 27 7C9127AF 33 Bytes [ 88, 0F, 8B, 4D, 9C, 29, 4B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrAccessResource + 4A 7C9127D2 36 Bytes [ 00, 0F, 83, 23, 9A, 02, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrLoadAlternateResourceModule + F 7C9127F7 28 Bytes [ 55, 8B, EC, 51, 51, 53, 56, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrLoadAlternateResourceModule + 2C 7C912814 30 Bytes [ 45, F8, 8A, 46, 05, 88, 45, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrLoadAlternateResourceModule + 4B 7C912833 4 Bytes [ 87, 00, C0, 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrLoadAlternateResourceModule + 50 7C912838 39 Bytes [ 8B, D8, 8A, 45, 0F, 89, 5D, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrLoadAlternateResourceModule + 78 7C912860 18 Bytes [ 0F, 82, 93, A0, 02, 00, 83, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlImageRvaToSection + 1D 7C9128D4 35 Bytes [ 55, 08, 0F, 85, 46, BF, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlImageRvaToSection + 41 7C9128F8 130 Bytes JMP 5E52F888
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlImageRvaToSection + C4 7C91297B 11 Bytes [ 44, 86, 58, 89, 45, E4, 8D, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlImageRvaToSection + D0 7C912987 3 Bytes [ BA, 00, F0 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlImageRvaToSection + D4 7C91298B 212 Bytes [ FF, 23, C2, 8B, C8, 2B, CF, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUnicodeToMultiByteN + 16 7C912A83 106 Bytes [ C0, 75, 05, 39, 45, F8, 74, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUnicodeToMultiByteN + 81 7C912AEE 220 Bytes [ 84, 1D, FB, FF, FF, 0F, B7, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUnicodeStringToAnsiString + 33 7C912BCB 139 Bytes [ 50, 60, 8B, CF, C1, E9, 03, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrLockLoaderLock + 14 7C912C57 128 Bytes [ 2B, 8B, 16, 4A, 3B, FA, 73, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrLockLoaderLock + 95 7C912CD8 16 Bytes [ 91, 7C, 83, C0, 10, E9, B0, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrLockLoaderLock + A6 7C912CE9 26 Bytes [ 01, 8D, 49, 01, 89, 48, 20, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrUnlockLoaderLock + C 7C912D05 6 Bytes [ 57, 53, E8, CA, FD, FF ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrUnlockLoaderLock + 13 7C912D0C 44 Bytes [ 89, 45, 94, 39, 45, D8, 0F, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrUnlockLoaderLock + 40 7C912D39 41 Bytes [ 87, BB, FB, FF, FF, 56, 53, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrUnlockLoaderLock + 6B 7C912D64 314 Bytes [ 0F, B6, C4, 0F, BE, 80, 28, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlEqualUnicodeString + 4 7C912E9F 65 Bytes [ F0, FF, 35, D0, 1E, 91, 7C, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlEqualUnicodeString + 46 7C912EE1 15 Bytes [ EC, 51, 53, 56, 57, 8D, 45, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlEqualUnicodeString + 56 7C912EF1 62 Bytes CALL 7C912E76 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlEqualUnicodeString + 95 7C912F30 32 Bytes [ F8, 8B, C1, F7, F3, 33, D2, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!wcscpy + 11 7C912F51 380 Bytes [ 5B, F7, F3, 85, D2, 0F, 84, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIsDosDeviceName_U + 46 7C9130CE 13 Bytes [ 08, 08, 08, 08, 08, 08, 08, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIsDosDeviceName_U + 54 7C9130DC 39 Bytes [ 08, 08, 08, 08, 08, 08, 09, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIsDosDeviceName_U + 7C 7C913104 70 Bytes [ 0A, 0A, 0A, 0A, 0A, 0A, 0A, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCopySid + 1 7C91314B 26 Bytes [ 4D, 08, 53, 33, D2, 56, 8B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCopySid + 1C 7C913166 14 Bytes [ 00, 8B, F0, 69, C0, 4F, C5, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCopySid + 2B 7C913175 31 Bytes [ 64, 83, C0, 4B, F7, F7, 33, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlLengthSid + 17 7C913195 140 Bytes [ 8B, C1, 2B, C2, 6B, C0, 64, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlLockHeap + 37 7C913222 98 Bytes [ FF, FF, 89, 45, 88, 85, C0, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUnlockHeap + 32 7C913285 16 Bytes CALL 7C911324 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUnlockHeap + 43 7C913296 93 Bytes [ 00, 8B, 45, B0, 89, 45, B8, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIsValidHandle + 37 7C9132F4 37 Bytes [ 75, 11, 0F, B7, 55, B4, 8D, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIsValidHandle + 5D 7C91331A 5 Bytes [ 00, 00, 89, 45, B8 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFreeHandle + 1 7C913320 13 Bytes [ 5D, B4, 0F, B7, C3, 8D, 44, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFreeHandle + F 7C91332E 128 Bytes [ 90, 0F, 87, 0C, FF, FF, FF, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIsValidIndexHandle + 1 7C9133AF 4 Bytes [ 0E, 89, 4D, E4 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIsValidIndexHandle + 6 7C9133B4 50 Bytes [ 76, 04, 03, 75, B0, 89, 75, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlEncodePointer + 8 7C9133E7 31 Bytes [ C7, 45, CC, 04, 02, 00, C0, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDecodePointer + 2 7C913407 12 Bytes [ C2, 14, 00, 83, 7D, 98, 03, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCreateUnicodeString + 2 7C913414 118 Bytes JMP 7C9132CD C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCreateUnicodeString + 79 7C91348B 8 Bytes [ 00, 90, 90, 90, 90, FF, FF, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCreateUnicodeString + 82 7C913494 37 Bytes [ 11, 67, 94, 7C, 24, 67, 94, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCreateUnicodeString + A8 7C9134BA 70 Bytes JMP 7C914509 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCreateUnicodeString + EF 7C913501 94 Bytes [ 8B, 07, 89, 45, BC, 8B, 47, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlQueryInformationActiveActivationContext + 6 7C913597 141 Bytes [ 01, 26, 91, 7C, AB, 26, 91, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlEqualString + 6F 7C913625 3 Bytes [ 98, 2E, 02 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlEqualString + 74 7C91362A 66 Bytes [ B7, 4D, E0, 89, 4D, E4, 8D, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlEqualString + B7 7C91366D 8 Bytes [ EB, 98, 84, DB, 0F, 84, A6, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlEqualString + C1 7C913677 4 Bytes [ 64, A1, 18, 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlEqualString + C7 7C91367D 20 Bytes [ 89, 85, 74, FF, FF, FF, 8B, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlLengthRequiredSid + E 7C9136A6 27 Bytes JMP 7C913604 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSubAuthorityCountSid + 2 7C9136C2 77 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSubAuthorityCountSid + 51 7C913711 37 Bytes [ 40, 50, 39, 75, 0C, 0F, 82, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSubAuthorityCountSid + 77 7C913737 20 Bytes CALL 7C91341E C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSubAuthorityCountSid + 8D 7C91374D 4 Bytes [ 89, 50, 65, 01 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSubAuthorityCountSid + 92 7C913752 6 Bytes [ 25, FF, FF, FF, 7F, 03 ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGetDaclSecurityDescriptor + 9A 7C913819 25 Bytes [ 89, 9D, 74, F3, FF, FF, 88, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGetDaclSecurityDescriptor + B5 7C913834 35 Bytes [ BF, 43, 03, 00, 33, C0, 8B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGetUserInfoHeap + 16 7C913858 7 Bytes [ C4, 72, 94, 7C, 00, 00, 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGetUserInfoHeap + 1F 7C913861 279 Bytes [ 00, 00, 00, 47, 6E, 94, 7C, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrShutdownThread + 44 7C91397A 12 Bytes [ 8B, F8, 89, 7D, D4, 85, FF, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrShutdownThread + 51 7C913987 82 Bytes [ FF, 77, 0C, FF, 75, 08, 53, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrShutdownThread + A4 7C9139DA 148 Bytes [ 38, 8B, 7D, 0C, 85, FF, 74, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrShutdownThread + 139 7C913A6F 73 Bytes [ 55, 8B, EC, 53, 56, 8B, 75, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCheckForOrphanedCriticalSections + 26 7C913AB9 4 Bytes [ 0F, 0F, 87, C1 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCheckForOrphanedCriticalSections + 2D 7C913AC0 87 Bytes [ FF, 24, BD, 28, 2A, 91, 7C, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCheckForOrphanedCriticalSections + 85 7C913B18 11 Bytes [ B7, 58, 12, 8A, 1C, 33, 88, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCheckForOrphanedCriticalSections + 91 7C913B24 171 Bytes [ B7, 58, 0E, 8A, 1C, 33, 88, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDetermineDosPathNameType_U + 66 7C913BD0 63 Bytes [ 66, 89, 0E, 0F, 84, C9, 1D, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDetermineDosPathNameType_U + A6 7C913C10 194 Bytes [ 8B, 46, 04, 8B, 4D, 0C, 88, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDetermineDosPathNameType_U + 169 7C913CD3 89 Bytes [ 00, C1, E0, 10, 0B, D8, 89, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDetermineDosPathNameType_U + 1C3 7C913D2D 51 Bytes JMP A0D97042
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDetermineDosPathNameType_U + 1F7 7C913D61 84 Bytes [ FF, FF, FF, F3, CA, 93, 7C, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDosPathNameToNtPathName_U + 6E 7C914343 259 Bytes [ 42, 10, 89, 06, 5F, 89, 72, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlPrefixUnicodeString + 5F 7C914447 11 Bytes [ E1, 03, F3, A4, 66, 89, 5A, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlPrefixUnicodeString + 6B 7C914453 17 Bytes [ 89, 1A, B0, 01, 5F, 5E, 5B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlPrefixUnicodeString + 7D 7C914465 1 Byte [ 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlPrefixUnicodeString + 7F 7C914467 133 Bytes [ 00, 89, 85, 5C, FF, FF, FF, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGetCurrentDirectory_U + 7 7C9144ED 125 Bytes [ 1C, 64, A1, 18, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGetCurrentDirectory_U + 86 7C91456C 106 Bytes [ 83, F8, FC, 74, 11, 83, F8, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlQueryEnvironmentVariable_U + 5E 7C9145D7 80 Bytes [ 8B, 71, 04, 8B, 7A, 04, 03, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlQueryEnvironmentVariable_U + AF 7C914628 152 Bytes [ 00, 0F, BE, 81, 28, 0B, 91, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlExpandEnvironmentStrings_U + 17 7C9146C1 38 Bytes [ FF, 55, 8B, EC, 8B, 45, 08, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlExpandEnvironmentStrings_U + 3E 7C9146E8 97 Bytes JMP 7C91AE23 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlExpandEnvironmentStrings_U + A0 7C91474A 1 Byte [ 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlExpandEnvironmentStrings_U + A2 7C91474C 39 Bytes [ 0F, 84, 67, 10, 00, 00, E9, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlExpandEnvironmentStrings_U + CB 7C914775 87 Bytes JMP 7C91F939 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGetLongestNtPathLength + 11 7C9149CA 26 Bytes [ 46, 1C, 89, 45, E0, 85, C0, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGetLongestNtPathLength + 2C 7C9149E5 117 Bytes [ 00, 00, C7, 45, B0, 01, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGetLongestNtPathLength + A2 7C914A5B 143 Bytes [ 5E, C3, 80, 3D, DC, B0, 97, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGetLongestNtPathLength + 132 7C914AEB 65 Bytes [ 00, 89, 5E, 04, 89, 5E, 08, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGetLongestNtPathLength + 174 7C914B2D 150 Bytes [ 00, C6, 85, D7, FD, FF, FF, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlConvertSidToUnicodeString + EF 7C914D24 1 Byte [ 33 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlConvertSidToUnicodeString + F1 7C914D26 44 Bytes [ 5F, 5E, 5B, C9, C2, 04, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlConvertSidToUnicodeString + 11E 7C914D53 52 Bytes [ 4D, 14, 89, 4D, 94, 8B, 4D, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlConvertSidToUnicodeString + 153 7C914D88 21 Bytes [ 45, 9C, 0F, B7, C9, 8B, D1, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlConvertSidToUnicodeString + 16A 7C914D9F 63 Bytes [ 66, 39, 30, 0F, 84, 1B, CA, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCopyUnicodeString + 14 7C914ECD 121 Bytes [ 89, 7D, A4, 89, 55, C0, 89, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAppendUnicodeToString + 2D 7C914F47 36 Bytes [ 75, D8, EB, DE, 90, 90, 90, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAppendUnicodeToString + 52 7C914F6C 69 Bytes [ 83, 3A, 2E, 75, 8B, E9, FB, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAppendUnicodeStringToString + 23 7C914FB2 35 Bytes [ 84, 59, F7, FF, FF, 66, 83, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAppendUnicodeStringToString + 47 7C914FD6 9 Bytes [ 39, 19, 74, 77, 49, 49, 89, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAppendUnicodeStringToString + 51 7C914FE0 71 Bytes [ 4D, C8, 77, F1, 33, C9, 3B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFormatCurrentUserKeyPath + 2F 7C915028 30 Bytes [ FF, C3, 66, 39, 59, FE, 74, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFormatCurrentUserKeyPath + 4E 7C915047 55 Bytes [ 85, B0, FE, FF, FF, E9, 17, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFormatCurrentUserKeyPath + 86 7C91507F 83 Bytes [ 89, 45, E4, 8B, 45, 08, 8B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFormatCurrentUserKeyPath + DA 7C9150D3 56 Bytes [ 00, 8D, 85, D8, FD, FF, FF, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFormatCurrentUserKeyPath + 113 7C91510C 75 Bytes CALL 7C9113ED C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!bsearch + 34 7C915207 12 Bytes [ D0, FD, FF, FF, 89, 4E, 04, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!bsearch + 41 7C915214 38 Bytes [ 03, C0, 8B, 95, B0, FD, FF, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!bsearch + 68 7C91523B 18 Bytes [ FF, 66, 83, 24, 71, 00, 8B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!bsearch + 7B 7C91524E 9 Bytes [ FF, 85, DB, 74, 1C, 33, C0, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!bsearch + 85 7C915258 10 Bytes [ 66, 89, 43, 02, 89, 43, 04, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFindActivationContextSectionString + 54 7C915545 28 Bytes [ 66, 89, 5C, 77, FE, 4E, 89, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFindActivationContextSectionString + 71 7C915562 17 Bytes [ 90, 90, 90, 90, 90, 90, FF, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFindActivationContextSectionString + 83 7C915574 41 Bytes [ 90, 90, 90, 90, 90, 6A, 34, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFindActivationContextSectionString + AD 7C91559E 12 Bytes [ 89, 7D, FC, 8B, 75, 08, 3B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFindActivationContextSectionString + BB 7C9155AC 30 Bytes CALL 7C9113ED C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlHashUnicodeString + 53 7C915690 91 Bytes [ 39, 08, 75, F5, 66, 8B, 10, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlHashUnicodeString + AF 7C9156EC 4 Bytes [ 86, 90, 57, 01 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlHashUnicodeString + B4 7C9156F1 100 Bytes [ 8B, 4D, FC, 66, 8B, 06, 83, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlHashUnicodeString + 13D 7C91577A 246 Bytes [ 63, FF, FF, FF, 66, 3B, C2, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlHashUnicodeString + 234 7C915871 12 Bytes [ 45, C6, EB, 13, 66, 83, F8, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDosApplyFileIsolationRedirection_Ustr + F0 7C915A6B 11 Bytes [ FF, C7, 45, CC, 8A, 00, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDosApplyFileIsolationRedirection_Ustr + FD 7C915A78 5 Bytes [ 6A, 05, E9, 2F, F1 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDosApplyFileIsolationRedirection_Ustr + 103 7C915A7E 66 Bytes [ FF, C7, 45, CC, 8B, 00, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDosApplyFileIsolationRedirection_Ustr + 146 7C915AC1 366 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDosApplyFileIsolationRedirection_Ustr + 2B5 7C915C30 22 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFindCharInUnicodeString + 2D 7C915D6E 35 Bytes [ 89, 8D, F4, FD, FF, FF, 8D, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFindCharInUnicodeString + 51 7C915D92 50 Bytes [ 33, C0, 5B, 5F, 8B, 4D, FC, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFindCharInUnicodeString + 84 7C915DC5 44 Bytes CALL 2B156CCA
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFindCharInUnicodeString + B1 7C915DF2 50 Bytes [ 5D, 94, 8D, 75, E0, 66, 83, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFindCharInUnicodeString + E5 7C915E26 1 Byte [ 10 ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlValidateUnicodeString + 1 7C915E4B 92 Bytes [ CB, 83, E1, 03, F3, A4, 3B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlValidateUnicodeString + 5E 7C915EA8 11 Bytes [ 41, 00, 42, 00, 43, 00, 44, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlValidateUnicodeString + 6A 7C915EB4 2 Bytes [ 90, 90 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlValidateUnicodeString + 6D 7C915EB7 51 Bytes [ 90, 90, 8B, FF, 55, 8B, EC, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlValidateUnicodeString + A1 7C915EEB 37 Bytes JMP 7F1AC4F2
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrLoadDll + DC 7C91647F 29 Bytes [ 83, 7E, 10, 03, 0F, 86, 87, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrLoadDll + FA 7C91649D 11 Bytes [ 85, C0, 0F, 84, 9B, FD, FF, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrLoadDll + 106 7C9164A9 55 Bytes [ 75, 08, FF, 55, 18, F7, D8, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrLoadDll + 13E 7C9164E1 28 Bytes [ 46, 10, 01, 00, 00, 00, E9, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrLoadDll + 15D 7C916500 40 Bytes [ 8B, 48, 30, 33, DB, 39, 99, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrGetDllHandleEx + 1C 7C9166BD 23 Bytes [ 5F, 5E, C9, C2, 10, 00, 90, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrGetDllHandleEx + 34 7C9166D5 21 Bytes [ 14, 85, FF, 74, 03, 83, 27, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrGetDllHandleEx + 4A 7C9166EB 12 Bytes [ 0F, 82, 73, 0A, 00, 00, F7, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrGetDllHandleEx + 57 7C9166F8 10 Bytes [ 0F, 85, 66, 0A, 00, 00, 83, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrGetDllHandleEx + 63 7C916704 3 Bytes [ 5C, 0A, 00 ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlMultiAppendUnicodeStringBuffer + 7A 7C91696F 78 Bytes [ C7, 5F, 5B, C9, C2, 08, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlMultiAppendUnicodeStringBuffer + C9 7C9169BE 13 Bytes [ FF, 8B, 45, 20, 3B, C3, 57, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlMultiAppendUnicodeStringBuffer + D7 7C9169CC 23 Bytes [ B5, CC, FE, FF, FF, 89, 85, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlMultiAppendUnicodeStringBuffer + EF 7C9169E4 19 Bytes [ 66, 89, 9D, EE, FE, FF, FF, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlMultiAppendUnicodeStringBuffer + 103 7C9169F8 2 Bytes [ 66, C7 ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDosSearchPath_U + 43 7C91701C 19 Bytes CALL 7C917FD7 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDosSearchPath_U + 57 7C917030 21 Bytes [ 3D, 14, 02, 00, 00, 0F, 87, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDosSearchPath_U + 6D 7C917046 26 Bytes [ 89, 1C, 41, 66, 89, B5, C0, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDosSearchPath_U + 88 7C917061 69 Bytes [ 0F, 85, 67, 12, 00, 00, 33, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDosSearchPath_U + CE 7C9170A7 8 Bytes [ 00, 0F, 84, FA, D1, 02, 00, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrUnloadDll + 5 7C917370 26 Bytes [ 00, 39, 9D, C4, FD, FF, FF, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrUnloadDll + 20 7C91738B 64 Bytes [ FD, FF, FF, 8B, 4D, E4, E8, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrUnloadDll + 61 7C9173CC 7 Bytes [ 8B, 45, 10, 89, 85, D8, FD ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrUnloadDll + 69 7C9173D4 35 Bytes [ FF, 8B, 45, 14, 89, 85, B8, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrUnloadDll + 8D 7C9173F8 5 Bytes [ 89, 9D, BC, FD, FF ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlActivateActivationContextEx + 2 7C91765F 160 Bytes [ FF, 66, FF, 40, 38, 6A, 01, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlActivateActivationContextEx + A3 7C917700 7 Bytes [ 3B, F7, 0F, 84, AE, 64, 02 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlActivateActivationContextEx + AB 7C917708 15 Bytes [ F6, C2, 02, 0F, 85, AA, 64, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlActivateActivationContextEx + BB 7C917718 46 Bytes [ 00, 66, 89, 7D, BC, 66, C7, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlActivateActivationContextEx + EA 7C917747 17 Bytes [ FF, 89, 45, DC, 3B, C7, 0F, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlActivateActivationContext + 8E 7C917871 55 Bytes [ A3, 24, B2, 97, 7C, 83, 65, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlActivateActivationContext + C6 7C9178A9 17 Bytes CALL 7C9178BE C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlActivateActivationContext + DB 7C9178BE 11 Bytes [ 80, 7D, E7, 00, 75, 20, C3, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDeactivateActivationContext + B 7C9178CA 88 Bytes CALL 7C913C42 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDeactivateActivationContext + 64 7C917923 128 Bytes [ 0F, 87, 16, 55, 02, 00, 53, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCompareUnicodeString + 1C 7C9179A4 147 Bytes [ 3D, 25, 02, 00, C0, 0F, 84, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCompareUnicodeString + B0 7C917A38 21 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCompareUnicodeString + C6 7C917A4E 18 Bytes [ 83, A5, EC, FD, FF, FF, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCompareUnicodeString + D9 7C917A61 22 Bytes [ 8D, 8D, EC, FD, FF, FF, 51, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCompareUnicodeString + F1 7C917A79 30 Bytes CALL 7C917A8F C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrGetProcedureAddress + 1F 7C917EA7 42 Bytes [ 00, 00, 00, 8B, 40, 30, 57, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrGetProcedureAddress + 4A 7C917ED2 103 Bytes [ 66, 8B, 40, 04, 66, 83, F8, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrGetProcedureAddress + B2 7C917F3A 59 Bytes [ C2, 0F, 85, 2D, 1E, 00, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrGetProcedureAddress + EE 7C917F76 161 Bytes [ 75, 1C, 8D, 45, E0, 50, FF, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrGetProcedureAddress + 190 7C918018 80 Bytes [ 89, 55, FC, 53, 8B, 5D, 08, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_wcsnicmp + 3D 7C91820A 63 Bytes [ FF, 8B, F0, FF, B5, B4, FD, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlEqualSid + 1E 7C91824A 60 Bytes CALL 7C90E500 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInitializeSid + 12 7C918287 37 Bytes [ 78, 0C, 83, C7, 0C, 8B, 07, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInitializeSid + 38 7C9182AD 52 Bytes [ FF, 39, 5E, 08, 74, E1, 89, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInitializeSid + 6D 7C9182E2 16 Bytes JMP 7C918115 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInitializeSid + 7E 7C9182F3 62 Bytes [ 84, C0, 0F, 84, E2, E2, 01, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInitializeSid + BD 7C918332 20 Bytes [ 8B, 7D, F8, 8B, 07, 8B, 57, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!swprintf + 37 7C9184F2 26 Bytes [ 49, 04, 89, 4D, B8, 89, 01, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!swprintf + 52 7C91850D 37 Bytes [ 90, 8B, 0D, 2C, B2, 97, 7C, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!swprintf + 78 7C918533 10 Bytes [ FF, 00, 00, 00, 00, BC, 75, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!swprintf + 84 7C91853F 2 Bytes [ 00, 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!swprintf + 87 7C918542 1 Byte [ 00 ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlValidAcl + 63 7C918610 8 Bytes [ 00, 80, 4E, 35, 20, E9, 6F, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlValidAcl + 6C 7C918619 9 Bytes [ FF, 48, 0F, 85, 2D, 85, 02, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlValidAcl + 76 7C918623 8 Bytes [ 4F, 38, C7, 45, C8, 32, 76, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlValidAcl + 7F 7C91862C 46 Bytes JMP 7C917E23 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCreateSecurityDescriptor + 2C 7C91865D 81 Bytes [ 8B, FF, 55, 8B, EC, 51, 53, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetDaclSecurityDescriptor + 50 7C9186AF 1 Byte [ 85 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetDaclSecurityDescriptor + 52 7C9186B1 23 Bytes [ 7C, 7C, F6, 45, 08, 01, 56, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFirstFreeAce + F 7C9186C9 50 Bytes [ C0, 39, 05, D0, B1, 97, 7C, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFirstFreeAce + 42 7C9186FC 15 Bytes [ AC, 01, 00, 00, 8B, 43, 24, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFirstFreeAce + 52 7C91870C 1 Byte [ 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFirstFreeAce + 54 7C91870E 101 Bytes [ D1, C1, E0, 10, 81, E2, FF, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFirstFreeAce + BA 7C918774 39 Bytes [ 85, F2, CC, FF, FF, 64, A1, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCreateAcl + 4B 7C918814 17 Bytes [ 5D, C2, 0C, 00, B8, 0D, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAddAccessAllowedAce + B 7C918826 14 Bytes [ 55, 8B, EC, 57, 64, A1, 18, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAddAccessAllowedAce + 1A 7C918835 82 Bytes [ 74, 7A, F6, 47, 08, 04, 75, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAllocateAndInitializeSid + 1D 7C918888 1 Byte [ 04 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAllocateAndInitializeSid + 20 7C91888B 52 Bytes [ 00, 83, 79, 04, 00, 75, 1E, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAllocateAndInitializeSid + 55 7C9188C0 340 Bytes [ FF, 55, 8B, EC, 83, EC, 54, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetGroupSecurityDescriptor + 3 7C918A15 37 Bytes [ 0C, 75, 0D, 3B, 75, FC, 72, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetGroupSecurityDescriptor + 29 7C918A3B 1 Byte [ 45 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetGroupSecurityDescriptor + 2B 7C918A3D 8 Bytes [ 66, 83, FF, 61, 73, 1B, 8B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetGroupSecurityDescriptor + 34 7C918A46 132 Bytes [ 89, 45, 10, 66, 8B, 7D, 10, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlOpenCurrentUser + 13 7C918ACC 85 Bytes [ 8B, 75, F4, 8D, 46, FF, 83, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!wcsncat 7C918B24 5 Bytes [ 90, 90, 8B, FF, 55 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!wcsncat + 6 7C918B2A 2 Bytes [ EC, 53 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!wcsncat + 9 7C918B2D 69 Bytes [ 5D, 14, 85, DB, 0F, 84, 08, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!wcsncat + 4F 7C918B73 50 Bytes [ 02, 0F, 85, 78, 78, 00, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInitializeHandleTable + 2C 7C918BA6 24 Bytes [ 4D, EE, 8B, 40, 04, 03, C6, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInitializeHandleTable + 45 7C918BBF 206 Bytes [ 85, 55, DC, FF, FF, 8B, 7D, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDosSearchPath_Ustr + 9D 7C918C8E 50 Bytes [ CE, 8B, 7D, 14, 89, 0F, 0F, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDosSearchPath_Ustr + D1 7C918CC2 20 Bytes [ A1, C8, B0, 97, 7C, 89, 45, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDosSearchPath_Ustr + E6 7C918CD7 90 Bytes [ 45, 80, 80, 3D, C1, B1, 97, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDosSearchPath_Ustr + 141 7C918D32 19 Bytes [ 89, 5D, 8C, 83, 65, A0, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDosSearchPath_Ustr + 155 7C918D46 85 Bytes [ 00, 00, 89, 7D, FC, 8D, 45, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAllocateHandle + 38 7C9193AC 152 Bytes [ 8B, EC, 56, 8B, 75, 0C, 33, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetUserValueHeap + 7D 7C919446 14 Bytes JMP 7C91C74F C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetUserValueHeap + 8C 7C919455 1 Byte [ 8B ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetUserValueHeap + 8E 7C919457 19 Bytes [ D4, FB, FF, FF, 0F, B7, CB, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetUserValueHeap + A2 7C91946B 51 Bytes JMP 7C91CA9D C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetUserValueHeap + D6 7C91949F 1 Byte [ 83 ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGetVersion + C 7C919657 11 Bytes [ C0, EB, F5, 90, 90, 90, 90, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGetVersion + 18 7C919663 28 Bytes [ EC, 8B, 45, 08, 80, 38, 01, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGetVersion + 35 7C919680 36 Bytes [ 0F, 84, FD, D4, 01, 00, 8B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGetVersion + 5A 7C9196A5 15 Bytes [ 66, 89, 48, 02, 0F, 84, C8, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGetVersion + 6A 7C9196B5 51 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGetNtProductType + 32 7C91976A 95 Bytes [ 00, 00, 00, 0F, 84, 69, 71, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGetNtProductType + 92 7C9197CA 125 Bytes [ FF, 55, 8B, EC, 8B, 4D, 0C, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGetNtProductType + 111 7C919849 7 Bytes [ FF, 75, 08, 8B, 40, 30, 6A ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGetNtProductType + 119 7C919851 71 Bytes CALL 7C910F0A C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_strnicmp + 1C 7C919899 227 Bytes [ 3E, 8A, 4D, 0C, 56, 8B, 75, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrUnloadAlternateResourceModule + 4C 7C91997D 66 Bytes [ 39, 45, DC, 72, 0E, 8B, 45, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDoesFileExists_U + 8 7C9199C0 11 Bytes JMP 90909090
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDoesFileExists_U + 14 7C9199CC 58 Bytes [ EC, 8B, 45, 08, 80, 38, 01, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDoesFileExists_U + 4F 7C919A07 22 Bytes [ 33, C0, 5D, C2, 0C, 00, 90, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDoesFileExists_U + 66 7C919A1E 4 Bytes [ 85, 03, F5, 02 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDoesFileExists_U + 6B 7C919A23 31 Bytes [ 66, 8B, 48, 02, 84, ED, 0F, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlPushFrame + 1B 7C919AFB 120 Bytes CALL 7C90E5AF C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlPushFrame + 95 7C919B75 56 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlReAllocateHeap + 2F 7C919BAF 37 Bytes [ 90, 00, 00, 83, F8, 65, 0F, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlReAllocateHeap + 56 7C919BD6 20 Bytes [ CE, 89, 4D, 14, 3B, C3, 0F, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlReAllocateHeap + 6B 7C919BEB 15 Bytes [ 00, 90, 90, 90, 90, 90, 8B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlReAllocateHeap + 7B 7C919BFB 4 Bytes [ 00, A1, C8, B0 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlReAllocateHeap + 80 7C919C00 14 Bytes [ 7C, 8B, 4D, 28, 89, 45, FC, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlTimeFieldsToTime + 10 7C91AB29 111 Bytes [ 40, 20, 85, C0, 75, 05, 5F, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlTimeFieldsToTime + 80 7C91AB99 64 Bytes [ 33, DB, 89, 5D, 8C, 8B, 75, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlTimeFieldsToTime + C2 7C91ABDB 50 Bytes [ FF, 7F, 0F, 87, C9, 22, 03, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlTimeFieldsToTime + F5 7C91AC0E 89 Bytes [ FF, F6, 46, FD, 02, 0F, 85, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlTimeFieldsToTime + 14F 7C91AC68 18 Bytes [ 83, 07, 23, 03, 00, 0F, B6, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIntegerToChar + B 7C91ACF3 74 Bytes [ 8B, D8, 89, 9D, 5C, FE, FF, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIntegerToChar + 56 7C91AD3E 27 Bytes [ 0F, 85, 65, A7, FF, FF, FF, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIntegerToChar + 72 7C91AD5A 8 Bytes [ 8C, 89, 5D, 10, 83, 7D, 10, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIntegerToChar + 7B 7C91AD63 4 Bytes [ 84, 1C, 3B, 01 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIntegerToChar + 80 7C91AD68 11 Bytes [ 83, 65, FC, 00, 83, 4D, FC, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUnicodeStringToInteger + 30 7C91AEA1 4 Bytes [ 85, 96, 22, 03 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUnicodeStringToInteger + 36 7C91AEA7 124 Bytes [ 4D, D4, 8D, 3C, CE, 89, BD, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUnicodeStringToInteger + B4 7C91AF25 236 Bytes [ 8B, 85, 2C, FF, FF, FF, 8B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUnicodeStringToInteger + 1A2 7C91B013 40 Bytes [ 0F, B7, 0E, 03, C8, 3B, CA, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUnicodeStringToInteger + 1CB 7C91B03C 39 Bytes [ 3B, C8, 0F, 85, 21, 38, 01, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!CsrNewThread + 43 7C91B0CD 10 Bytes [ 0F, 83, 78, 19, 03, 00, 88, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!CsrNewThread + 4E 7C91B0D8 25 Bytes [ 45, 18, 8D, 34, 1A, 66, 89, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!CsrNewThread + 68 7C91B0F2 88 Bytes [ 8B, 4D, F8, 8D, 0C, CE, 8A, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!CsrNewThread + C1 7C91B14B 38 Bytes [ 03, 8D, 84, 38, 58, 01, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!CsrNewThread + E8 7C91B172 45 Bytes CALL 7C911698 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlpWaitForCriticalSection + 1 7C91B1A0 2 Bytes [ 45, 0C ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlpWaitForCriticalSection + 4 7C91B1A3 82 Bytes JMP 81DCE3AC
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlpWaitForCriticalSection + 57 7C91B1F6 13 Bytes [ 53, 8B, 5D, 0C, 8D, 43, 30, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlpWaitForCriticalSection + 66 7C91B205 92 Bytes [ F8, 0F, 84, 05, 02, 00, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlpWaitForCriticalSection + C3 7C91B262 16 Bytes [ 00, 04, 00, F7, D8, 1B, C0, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlpUnWaitCriticalSection + C 7C91B273 76 Bytes [ 00, 00, 57, 6A, 00, 8D, 45, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlpUnWaitCriticalSection + 59 7C91B2C0 23 Bytes [ 00, 80, 67, 05, EF, 8B, 4D, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlpUnWaitCriticalSection + 71 7C91B2D8 13 Bytes [ C6, 40, 05, 10, 89, 43, 38, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlpUnWaitCriticalSection + 7F 7C91B2E6 54 Bytes JMP 81D2A8EE
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlpUnWaitCriticalSection + B6 7C91B31D 10 Bytes [ F0, 02, FE, 7F, 02, 0F, 85, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_snwprintf + 58 7C91BC22 10 Bytes [ C3, F7, F6, 8B, 75, EC, 33, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_snwprintf + 63 7C91BC2D 46 Bytes [ C3, 69, C0, 6D, 01, 00, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_snwprintf + 92 7C91BC5C 20 Bytes [ D2, 0F, 84, 7C, FE, FF, FF, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_snwprintf + A7 7C91BC71 12 Bytes [ BF, 80, C0, 21, 91, 7C, 6B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_snwprintf + B4 7C91BC7E 14 Bytes [ 75, 0C, 6B, C9, 3C, 03, 4D, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrFindResourceDirectory_U + 77 7C91C2C4 17 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrFindResourceDirectory_U + 89 7C91C2D6 1 Byte [ 03 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrFindResourceDirectory_U + 8B 7C91C2D8 1 Byte [ 10 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrFindResourceDirectory_U + 8D 7C91C2DA 8 Bytes [ 8D, 45, FC, 50, E8, 8D, 1D, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrFindResourceDirectory_U + 96 7C91C2E3 43 Bytes [ 85, C0, 8B, 45, 08, 8D, 50, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGetActiveActivationContext + 11 7C91C5BC 42 Bytes [ FF, B8, A3, 00, 00, 00, 39, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGetActiveActivationContext + 3C 7C91C5E7 14 Bytes [ 89, 85, F4, FB, FF, FF, 8B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGetActiveActivationContext + 4B 7C91C5F6 14 Bytes [ 0F, BE, C3, 50, 8D, 85, FC, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGetActiveActivationContext + 5A 7C91C605 40 Bytes [ FF, FF, 50, 89, 8D, A0, FB, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGetActiveActivationContext + 83 7C91C62E 3 Bytes [ 85, FC, FB ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrQueryImageFileExecutionOptions + 1C 7C91CC9F 28 Bytes [ 0F, 84, E3, 06, 00, 00, C3, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrQueryImageFileExecutionOptions + 39 7C91CCBC 4 Bytes [ 68, 16, 00, 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrQueryImageFileExecutionOptions + 3E 7C91CCC1 171 Bytes [ F8, 3B, FB, 0F, 8C, 6D, 49, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrQueryImageFileExecutionOptions + EA 7C91CD6D 22 Bytes [ 00, 38, 5D, 18, 0F, 85, 47, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrQueryImageFileExecutionOptions + 101 7C91CD84 5 Bytes [ 89, 46, 28, 66, 89 ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAppendPathElement + 135 7C91D5F2 8 Bytes [ 45, C4, 50, FF, 75, 18, 56, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAppendPathElement + 13E 7C91D5FB 105 Bytes CALL 7C91D672 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAppendPathElement + 1A8 7C91D665 2 Bytes [ A4, 38 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAppendPathElement + 1AC 7C91D669 5 Bytes JMP 7C91CCD7 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAppendPathElement + 1B3 7C91D670 205 Bytes [ 90, 90, 90, 8B, FF, 55, 8B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrDisableThreadCalloutsForDll + 63 7C91D73E 17 Bytes CALL 7C917FD7 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrDisableThreadCalloutsForDll + 75 7C91D750 202 Bytes [ B9, FE, FF, 00, 00, 3B, C1, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrDisableThreadCalloutsForDll + 140 7C91D81B 238 Bytes [ EC, 10, 53, 56, 8B, 75, 0C, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrDisableThreadCalloutsForDll + 22F 7C91D90A 12 Bytes [ 83, 7D, B4, 00, 66, 8B, 0E, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrDisableThreadCalloutsForDll + 23C 7C91D917 13 Bytes [ 66, 85, FF, 77, B9, EB, CA, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlpEnsureBufferSize + 8 7C91E26F 5 Bytes CALL 7C91E281 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlpEnsureBufferSize + E 7C91E275 12 Bytes [ C0, 7D, D3, 5D, C2, 10, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlpEnsureBufferSize + 1B 7C91E282 108 Bytes [ FF, 55, 8B, EC, 51, 51, 8B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlpEnsureBufferSize + 88 7C91E2EF 55 Bytes [ 6A, 00, 57, 53, FF, 75, F8, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlEnumerateGenericTableWithoutSplaying + 34 7C91E328 3 Bytes [ 8B, FF, 55 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlRealSuccessor + 1 7C91E32C 4 Bytes [ EC, 83, EC, 3C ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlRealSuccessor + 6 7C91E331 71 Bytes [ 45, 14, 33, C9, 3B, C1, 89, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIsGenericTableEmpty + D 7C91E379 26 Bytes [ 84, 2F, 03, 00, 00, 3B, F1, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIsGenericTableEmpty + 28 7C91E394 86 Bytes [ 3E, FE, FF, 64, A1, 18, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!CsrCaptureMessageBuffer + 3C 7C91E3EB 3 Bytes [ EC, 8D, 44 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!CsrCaptureMessageBuffer + 40 7C91E3EF 122 Bytes [ 02, 3D, FE, FF, 00, 00, 0F, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!wcsncmp + 5B 7C91E46A 9 Bytes [ FF, 8B, F8, 85, FF, 0F, 8C, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!wcsncmp + 65 7C91E474 57 Bytes [ 00, 8B, 45, EC, 8D, 48, 02, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!wcsncmp + 9F 7C91E4AE 47 Bytes [ 90, 90, 02, 00, 04, 00, 70, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!wcsncmp + D0 7C91E4DF 6 Bytes [ FF, 89, 45, FC, A1, 20 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!wcsncmp + D7 7C91E4E6 45 Bytes [ 92, 7C, 89, 45, D4, 89, 45, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetCurrentDirectory_U + A 7C91E798 28 Bytes [ 6A, 00, FF, 70, 04, FF, B5, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetCurrentDirectory_U + 27 7C91E7B5 2 Bytes [ B5, EA ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetCurrentDirectory_U + 2B 7C91E7B9 33 Bytes [ FF, 36, FF, B5, EC, FD, FF, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetCurrentDirectory_U + 4D 7C91E7DB 14 Bytes [ 8B, 40, 0C, 8B, 50, 20, 83, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetCurrentDirectory_U + 5C 7C91E7EA 50 Bytes [ 51, 04, 89, 0A, 89, 48, 04, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!vDbgPrintExWithPrefix + 24 7C91EA7F 23 Bytes [ 55, 14, 90, 90, 90, 90, 90, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!vDbgPrintExWithPrefix + 3C 7C91EA97 1 Byte [ 4D ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!vDbgPrintExWithPrefix + 3E 7C91EA99 4 Bytes [ 8B, C8, 81, E1 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!vDbgPrintExWithPrefix + 43 7C91EA9E 50 Bytes [ 0F, 00, 00, 03, 4D, 08, C1, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!vDbgPrintExWithPrefix + 77 7C91EAD2 3 Bytes [ 8B, FF, 55 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!DbgPrintEx + 1 7C91EAD6 140 Bytes [ EC, 83, EC, 10, 53, 56, FF, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!CsrAllocateCaptureBuffer + B 7C91EB63 86 Bytes [ 45, FC, 39, 45, FC, 72, 9B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!CsrAllocateMessagePointer + 1 7C91EBBA 4 Bytes [ 09, 8B, 7A, 18 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!CsrAllocateMessagePointer + 6 7C91EBBF 21 Bytes [ 5A, 20, 03, DF, 89, 5D, 88, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!CsrAllocateMessagePointer + 1C 7C91EBD5 2 Bytes [ 7A, 18 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!CsrAllocateMessagePointer + 1F 7C91EBD8 4 Bytes [ 5D, 94, 3B, DF ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!CsrAllocateMessagePointer + 25 7C91EBDE 20 Bytes [ 72, FC, FF, FF, 8B, 7A, 18, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrFindCreateProcessManifest + 3 7C91FE08 32 Bytes [ 3D, FE, FF, 00, 00, 0F, 87, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrFindCreateProcessManifest + 24 7C91FE29 10 Bytes [ 07, 51, 0F, B7, 0E, FF, 75, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrFindCreateProcessManifest + 2F 7C91FE34 10 Bytes [ 46, 04, 8D, 04, 48, 50, E8, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrFindCreateProcessManifest + 3A 7C91FE3F 41 Bytes [ 66, 8B, 45, C4, 33, C9, 66, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrFindCreateProcessManifest + 64 7C91FE69 54 Bytes [ 04, 0F, 85, 56, 73, 02, 00, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrCreateOutOfProcessImage + 41 7C9201E4 63 Bytes [ 0F, 84, F5, 5D, 02, 00, 8D, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrCreateOutOfProcessImage + 81 7C920224 45 Bytes [ FF, 89, 85, 8C, FB, FF, FF, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrCreateOutOfProcessImage + AF 7C920252 28 Bytes [ 39, 9D, 88, FB, FF, FF, 0F, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrCreateOutOfProcessImage + CC 7C92026F 62 Bytes [ 90, 53, 58, 53, 3A, 20, 41, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrCreateOutOfProcessImage + 10C 7C9202AF 129 Bytes [ 00, 53, 58, 53, 3A, 20, 53, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlReleaseMemoryStream + 2 7C920331 12 Bytes [ FF, 3B, FB, 0F, 85, DC, 70, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlReleaseMemoryStream + F 7C92033E 22 Bytes CALL 7C92036F C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlReleaseMemoryStream + 26 7C920355 16 Bytes [ 3B, C3, 0F, 85, EE, 70, 02, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlReleaseMemoryStream + 39 7C920368 2 Bytes [ 28, 68 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlReleaseMemoryStream + 3D 7C92036C 88 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!qsort + D 7C9203C5 30 Bytes [ 4F, 24, 89, 08, 33, D2, 6A, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!qsort + 2C 7C9203E4 75 Bytes CALL 7C910BB1 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!qsort + 78 7C920430 215 Bytes [ 89, 85, D4, FD, FF, FF, 33, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlpApplyLengthFunction + 52 7C920508 14 Bytes [ 85, E4, FD, FF, FF, 89, 13, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlpApplyLengthFunction + 61 7C920517 8 Bytes [ 8B, 8D, DC, FD, FF, FF, 89, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlReadOutOfProcessMemoryStream + 1 7C920520 8 Bytes [ 85, D4, FD, FF, FF, 3B, C6, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlReadOutOfProcessMemoryStream + B 7C92052A 28 Bytes [ 8D, E4, FD, FF, FF, 89, 08, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlReadOutOfProcessMemoryStream + 28 7C920547 11 Bytes [ 0F, 85, 60, 58, 02, 00, 8B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlReadOutOfProcessMemoryStream + 34 7C920553 135 Bytes CALL 7C910E55 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlQueryInterfaceMemoryStream + 3E 7C9205DB 40 Bytes [ 00, 8B, 45, 0C, 83, F8, 01, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlQueryInterfaceMemoryStream + 69 7C920606 27 Bytes [ 39, 7E, 04, 0F, 84, B0, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlQueryInterfaceMemoryStream + 85 7C920622 31 Bytes [ 0F, 87, 36, 50, 02, 00, 64, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!CsrCaptureMessageMultiUnicodeStringsInPlace + 15 7C920642 17 Bytes [ D8, 3B, DF, 0F, 84, 1D, 50, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!CsrCaptureMessageMultiUnicodeStringsInPlace + 27 7C920654 62 Bytes [ 8D, 7B, 10, 89, 7B, 08, 66, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!CsrCaptureMessageMultiUnicodeStringsInPlace + 66 7C920693 43 Bytes [ 8B, 45, 08, 8B, 40, 08, 8D, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!CsrCaptureMessageMultiUnicodeStringsInPlace + 92 7C9206BF 64 Bytes [ 3B, F7, 0F, 85, AB, 4F, 02, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!CsrCaptureMessageString + 12 7C920700 33 Bytes [ 45, 08, 48, 56, 8B, 75, 10, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!CsrCaptureMessageString + 34 7C920722 26 Bytes [ 8B, 43, 04, 83, C4, 10, 85, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!CsrCaptureMessageString + 50 7C92073E 21 Bytes [ 50, 38, 8D, 42, 10, 3D, FE, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!CsrCaptureMessageString + 66 7C920754 107 Bytes [ 0F, B7, 4B, 0E, 3B, C1, 0F, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGetLengthWithoutLastFullDosOrNtPathElement + 67 7C9207C0 81 Bytes CALL 7C91A9B8 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGetLengthWithoutLastFullDosOrNtPathElement + B9 7C920812 49 Bytes [ 20, 23, 25, 49, 75, 0A, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGetLengthWithoutLastFullDosOrNtPathElement + EB 7C920844 223 Bytes [ C4, 14, 8D, 85, D4, FB, FF, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGetLengthWithoutLastFullDosOrNtPathElement + 1CC 7C920925 39 Bytes [ 00, 90, 90, 90, 90, 90, 8B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGetLengthWithoutLastFullDosOrNtPathElement + 1F4 7C92094D 31 Bytes [ 45, 10, 89, 85, DC, FD, FF, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrAccessOutOfProcessResource + 2 7C92099A 44 Bytes [ FF, 89, BD, E4, FD, FF, FF, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrAccessOutOfProcessResource + 2F 7C9209C7 12 Bytes [ FF, 0F, 84, C4, 4F, 02, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInitOutOfProcessMemoryStream + 2 7C9209D4 163 Bytes [ 0F, 84, B8, 4F, 02, 00, 39, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlStatMemoryStream + 43 7C920A78 76 Bytes [ BD, E4, FD, FF, FF, 0F, 85, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCreateActivationContext + 10 7C920AC5 7 Bytes [ 50, 57, 8D, 85, D4, FD, FF ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCreateActivationContext + 18 7C920ACD 18 Bytes [ 50, FF, B5, F0, FD, FF, FF, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCreateActivationContext + 2B 7C920AE0 79 Bytes [ 84, C0, 0F, 84, 9E, 4D, 02, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCreateActivationContext + 7B 7C920B30 6 Bytes [ 85, 9C, FD, FF, FF, 18 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCreateActivationContext + 83 7C920B38 21 Bytes [ 00, C7, 85, A8, FD, FF, FF, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFinalReleaseOutOfProcessMemoryStream + 6F 7C920E8D 17 Bytes [ 0F, 85, DF, 69, 02, 00, 33, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFinalReleaseOutOfProcessMemoryStream + 82 7C920EA0 73 Bytes [ 83, 7D, 14, 03, 0F, 85, C8, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSplay + 32 7C920EEA 91 Bytes [ FF, 89, B5, B8, FE, FF, FF, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDuplicateUnicodeString + 2B 7C920F46 23 Bytes [ 89, B5, 9C, FE, FF, FF, C7, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDuplicateUnicodeString + 43 7C920F5E 5 Bytes [ FF, B8, 00, 01, 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDuplicateUnicodeString + 49 7C920F64 80 Bytes [ 89, 85, 80, FE, FF, FF, 8D, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDuplicateUnicodeString + 9A 7C920FB5 66 Bytes [ 85, B4, FE, FF, FF, 8D, 8D, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDuplicateUnicodeString + DD 7C920FF8 57 Bytes [ 8D, BC, FE, FF, FF, 0F, B7, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlLookupElementGenericTable + 23 7C921032 72 Bytes [ 0F, 87, 62, 68, 02, 00, 8D, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlLookupElementGenericTable + 6C 7C92107B 27 Bytes [ FF, 3B, B5, 9C, FE, FF, FF, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlLookupElementGenericTable + 88 7C921097 4 Bytes [ 84, 94, 00, 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlLookupElementGenericTable + 8D 7C92109C 20 Bytes [ 89, B5, 98, FE, FF, FF, 89, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlLookupElementGenericTable + A2 7C9210B1 66 Bytes [ 83, A5, 94, FE, FF, FF, 01, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!CsrClientConnectToServer + 44 7C92122B 147 Bytes [ 80, 0F, 84, 39, 65, 02, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!CsrClientConnectToServer + D8 7C9212BF 34 Bytes [ 55, 8B, EC, 51, 51, 56, 8B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!CsrClientConnectToServer + FB 7C9212E2 80 Bytes [ FF, 8B, 46, 04, 89, 06, 8B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGetNtVersionNumbers + 24 7C921333 29 Bytes [ EC, 8B, 45, 08, 56, 8D, 48, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGetNtVersionNumbers + 42 7C921351 132 Bytes [ 85, EC, FB, FF, FF, 0A, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGetNtVersionNumbers + C7 7C9213D6 1 Byte [ AF ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGetNtVersionNumbers + C9 7C9213D8 164 Bytes [ 53, 8B, 5D, 08, 03, F3, C7, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrEnumerateLoadedModules + 9B 7C921480 22 Bytes [ 90, 64, A1, 18, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInitializeGenericTable + 6 7C921497 228 Bytes [ F2, 8D, 24, 24, 8A, 10, 8A, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInitMemoryStream + 68 7C92157C 5 Bytes [ 90, 90, 90, 90, 90 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInitMemoryStream + 6E 7C921582 153 Bytes [ FF, 55, 8B, EC, 8B, 45, 08, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInitMemoryStream + 109 7C92161D 42 Bytes [ 00, 00, 00, C0, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInitMemoryStream + 134 7C921648 30 Bytes [ F1, 75, 2F, 33, D2, 39, 4D, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInitMemoryStream + 153 7C921667 6 Bytes [ 75, 0C, E8, EA, E4, FF ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCreateTagHeap + 3C 7C922270 35 Bytes [ 00, 8B, 45, 0C, 89, 85, 48, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetThreadPoolStartFunc + 1B 7C922294 11 Bytes [ 8D, 85, 4C, FF, FF, FF, 50, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetThreadPoolStartFunc + 28 7C9222A1 4 Bytes CALL 7C91FBB8 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetThreadPoolStartFunc + 2D 7C9222A6 16 Bytes [ FF, FF, B5, 50, FF, FF, FF, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetThreadPoolStartFunc + 3E 7C9222B7 2 Bytes [ 3A, 0E ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetThreadPoolStartFunc + 42 7C9222BB 96 Bytes [ 8B, 85, 50, FF, FF, FF, 83, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlNormalizeProcessParams + 6 7C92231C 7 Bytes [ 0D, 18, D0, 97, 7C, 89, 08 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlNormalizeProcessParams + E 7C922324 95 Bytes [ 45, 0C, 85, C0, 74, 08, 8B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlNormalizeProcessParams + 6E 7C922384 136 Bytes [ 45, E4, 50, 57, 57, 57, FF, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlNormalizeProcessParams + F7 7C92240D 3 Bytes [ 32, 18, FF ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlNormalizeProcessParams + FB 7C922411 7 Bytes [ 8B, F0, 3B, F3, 7C, 48, C6 ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlResetRtlTranslations + 1 7C9224DC 24 Bytes [ 5D, 10, 56, 8B, 72, 0C, 2B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlResetRtlTranslations + 1A 7C9224F5 31 Bytes [ F3, A5, 8B, C8, 8B, 45, 14, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlResetRtlTranslations + 3A 7C922515 70 Bytes [ FF, 55, 8B, EC, 8B, 55, 08, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlResetRtlTranslations + 81 7C92255C 7 Bytes [ 4F, 18, 95, 7C, 4F, 18, 95 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlResetRtlTranslations + 89 7C922564 7 Bytes [ 35, 0A, 92, 7C, D0, 18, 95 ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInitCodePageTable + 12 7C922668 148 Bytes [ 48, 40, 89, 8D, 4C, FF, FF, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInitCodePageTable + A7 7C9226FD 146 Bytes [ 4D, 90, 83, F9, 18, 72, 0B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInitCodePageTable + 13A 7C922790 83 Bytes [ 6A, 20, 59, B8, 60, B2, 97, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInitCodePageTable + 18F 7C9227E5 256 Bytes CALL 7C919A5A C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInitCodePageTable + 291 7C9228E7 18 Bytes [ 01, 00, 56, 68, 02, 10, 00, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDestroyProcessParameters + 2 7C922DA6 11 Bytes [ 57, 57, 57, 66, C7, 85, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDestroyProcessParameters + E 7C922DB2 73 Bytes [ 66, C7, 85, 02, FF, FF, FF, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDeNormalizeProcessParams + 31 7C922DFC 141 Bytes [ 44, FF, FF, FF, 50, FF, 75, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCreateProcessParameters + 12 7C922E8B 257 Bytes [ 00, 42, 61, 73, 65, 51, 75, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCreateProcessParameters + 114 7C922F8D 8 Bytes [ 00, 00, 00, 5C, 00, 73, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCreateProcessParameters + 11D 7C922F96 19 Bytes [ 73, 00, 74, 00, 65, 00, 6D, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCreateProcessParameters + 131 7C922FAA 17 Bytes [ 4B, 00, 6E, 00, 6F, 00, 77, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCreateProcessParameters + 143 7C922FBC 13 Bytes [ 00, 00, 00, 00, 4B, 00, 6E, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!wcsstr + 3A 7C923849 13 Bytes [ 85, 18, AF, 01, 00, 38, 5E, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!wcsstr + 48 7C923857 32 Bytes [ 8B, 4D, FC, 8A, 45, DB, 5F, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!wcsstr + 6A 7C923879 36 Bytes JMP 7C922303 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!wcsstr + 8F 7C92389E 25 Bytes [ 88, 5D, F4, 88, 5D, F5, 88, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!wcsstr + AA 7C9238B9 32 Bytes [ 00, 12, 50, FF, 35, 34, B2, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDestroyEnvironment + 4 7C923946 11 Bytes [ 45, EC, 89, 45, B0, 8B, 45, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDestroyEnvironment + 11 7C923953 1 Byte [ F0 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDestroyEnvironment + 13 7C923955 21 Bytes [ 53, 53, 53, 53, 53, 53, 53, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDestroyEnvironment + 29 7C92396B 259 Bytes [ 89, 5D, B4, 89, 5D, BC, 89, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDestroyEnvironment + 12D 7C923A6F 13 Bytes [ 8B, 4D, FC, 5E, 5B, E8, DE, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDestroyHandleTable + 1E 7C923B43 43 Bytes [ 48, 08, 66, 83, 39, 00, 0F, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlNumberGenericTableElements + 16 7C923B6F 176 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrShutdownProcess + 68 7C923C20 77 Bytes [ 30, 18, 89, 5D, 08, 76, 5C, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrShutdownProcess + B6 7C923C6E 70 Bytes [ 0F, 84, 46, A6, 01, 00, 0F, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrShutdownProcess + FD 7C923CB5 87 Bytes [ 00, 00, 00, 2E, 74, 78, 74, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDeleteResource + 32 7C923D0D 29 Bytes [ 03, C7, 3B, 45, EC, 76, 03, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!toupper + 18 7C923D2B 95 Bytes [ 1C, 33, D2, 5F, F7, F7, 8B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!toupper + 78 7C923D8B 121 Bytes [ 00, 3B, 45, A4, 0F, 82, 32, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!toupper + F2 7C923E05 41 Bytes [ 48, 44, 85, C9, 74, 05, 2B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!toupper + 11C 7C923E2F 89 Bytes [ 0A, 85, C9, 74, 04, 2B, C8, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!toupper + 177 7C923E8A 89 Bytes [ 00, 8B, 70, 30, 89, 75, C4, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUpcaseUnicodeToMultiByteN + 68 7C924225 40 Bytes [ 5F, 02, 8B, 47, 04, 85, C0, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUpcaseUnicodeToMultiByteN + 91 7C92424E 109 Bytes [ 48, 04, 66, 8B, 0F, 66, 89, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUpcaseUnicodeToMultiByteN + FF 7C9242BC 6 Bytes [ 57, 0F, 85, C1, C5, 01 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUpcaseUnicodeToMultiByteN + 106 7C9242C3 16 Bytes [ 33, C9, 41, BA, 14, D0, 97, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUpcaseUnicodeToMultiByteN + 117 7C9242D4 36 Bytes [ 85, F6, 01, 00, 00, 8D, 85, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlNtPathNameToDosPathName + 46 7C924442 3 Bytes [ D4, 1A, FF ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlNtPathNameToDosPathName + 4A 7C924446 1 Byte [ 85 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlNtPathNameToDosPathName + 4C 7C924448 19 Bytes [ 7C, 4F, 8D, 85, 60, FE, FF, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlNtPathNameToDosPathName + 60 7C92445C 56 Bytes [ 50, 6A, 01, 8D, 85, 70, FE, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlNtPathNameToDosPathName + 99 7C924495 7 Bytes [ E7, C2, 01, 00, 64, A1, 18 ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_wcslwr + 1C 7C924865 76 Bytes [ 85, D2, 75, C7, 33, C0, 5B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!atol + 1C 7C9248B2 107 Bytes [ B7, CB, 8D, 04, 80, 8D, 44, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!mbstowcs + 12 7C92491E 25 Bytes [ 0F, 85, 14, FF, FF, FF, E9, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!mbstowcs + 2C 7C924938 23 Bytes JMP 7C92275E C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!mbstowcs + 44 7C924950 6 Bytes [ 00, 8D, 45, FC, 50, 8D ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!mbstowcs + 4C 7C924958 31 Bytes [ 50, 6A, FF, C6, 05, F4, B1, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!mbstowcs + 6C 7C924978 34 Bytes [ 8B, 45, DC, 66, 8B, 00, 83, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInsertElementGenericTable + 2 7C924A21 35 Bytes CALL 7C9030F2 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInsertElementGenericTable + 26 7C924A45 61 Bytes [ 8B, 47, 0C, 83, C0, 1C, 3B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInsertElementGenericTable + 64 7C924A83 21 Bytes [ 00, 00, 33, C0, 8D, 7D, A8, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInsertElementGenericTable + 7A 7C924A99 5 Bytes [ C7, 45, FC, 01, 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInsertElementGenericTable + 80 7C924A9F 12 Bytes [ 00, 33, FF, 66, 39, 7E, 3A, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDeleteElementGenericTable + 2 7C924C62 35 Bytes [ FF, 90, 90, 90, 90, 90, FF, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDeleteElementGenericTable + 28 7C924C88 160 Bytes [ 8A, 61, 93, 7C, 90, 90, 90, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDelete + 68 7C924D29 4 Bytes [ FF, 6A, 02, 89 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDelete + 6D 7C924D2E 44 Bytes [ F4, 8D, 45, F4, 50, 8D, 45, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDelete + 9A 7C924D5B 21 Bytes [ 0D, E0, B0, 97, 7C, 0F, B7, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDelete + B0 7C924D71 30 Bytes [ 83, E3, 0F, 03, FB, 0F, B7, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDelete + CF 7C924D90 14 Bytes [ 0D, E0, B0, 97, 7C, 8B, F2, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlConsoleMultiByteToUnicodeN + 13 7C924E98 188 Bytes [ 08, 0F, B7, 34, 71, 8B, DA, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlConsoleMultiByteToUnicodeN + D2 7C924F57 9 Bytes [ B7, 55, 18, 8B, 0D, E0, B0, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlConsoleMultiByteToUnicodeN + DC 7C924F61 100 Bytes [ F2, C1, EE, 08, 0F, B7, 34, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlConsoleMultiByteToUnicodeN + 141 7C924FC6 83 Bytes [ 8B, F2, C1, EE, 08, 0F, B7, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlConsoleMultiByteToUnicodeN + 195 7C92501A 240 Bytes JMP 7C9253A6 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!sprintf + 37 7C925BDB 35 Bytes [ 70, 04, 85, F6, 89, 72, 08, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!sprintf + 5B 7C925BFF 55 Bytes [ FF, FF, 8B, 70, 04, 85, F6, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!sprintf + 93 7C925C37 17 Bytes [ FF, 90, 90, 90, 90, 90, 8B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!sprintf + A5 7C925C49 20 Bytes [ C0, 74, 07, 8B, 48, 08, 85, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!sprintf + BC 7C925C60 83 Bytes [ 8B, FF, 55, 8B, EC, 57, 8B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCreateHeap + 52 7C925CB4 76 Bytes [ C0, 75, 26, 8B, 46, 08, EB, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCreateHeap + 9F 7C925D01 29 Bytes [ 31, 0F, 85, EC, 7F, 02, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCreateHeap + BE 7C925D20 157 Bytes [ EB, B4, 90, 90, 90, 90, 90, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCreateHeap + 15C 7C925DBE 97 Bytes [ FF, 00, 00, 8B, 9D, 7C, FF, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCreateHeap + 1BE 7C925E20 36 Bytes [ 00, 00, 8A, 51, 04, 80, FA, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFindClearBitsAndSet + A 7C92640F 8 Bytes [ FF, 40, 33, FF, 39, BD, E8, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFindClearBitsAndSet + 14 7C926419 4 Bytes [ 8D, 85, F4, FD ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFindClearBitsAndSet + 19 7C92641E 6 Bytes [ FF, 89, 85, E4, FD, FF ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFindClearBitsAndSet + 20 7C926425 4 Bytes [ 0F, 8D, 07, 01 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFindClearBitsAndSet + 26 7C92642B 7 Bytes CALL 8392642D
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetBits + 5B 7C926493 53 Bytes [ 8B, 01, 8B, 51, 04, 83, C1, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetBits + 91 7C9264C9 6 Bytes [ 00, 83, 85, EC, FD, FF ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDestroyHeap + 2 7C9264D0 1 Byte [ 04 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDestroyHeap + 4 7C9264D2 5 Bytes [ 85, EC, FD, FF, FF ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDestroyHeap + A 7C9264D8 2 Bytes [ 40, FC ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDestroyHeap + D 7C9264DB 54 Bytes [ C0, 74, 39, 8B, 48, 04, 85, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDestroyHeap + 44 7C926512 60 Bytes JMP 7C92676B C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlClearBits + 30 7C9266D1 64 Bytes [ 8B, 85, EC, FD, FF, FF, 8B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAreBitsSet + 2B 7C926712 21 Bytes [ 01, 8C, 00, 00, F7, D8, 83, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAreBitsSet + 41 7C926728 58 Bytes [ 00, 83, A5, F0, FD, FF, FF, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAreBitsSet + 7C 7C926763 32 Bytes [ E4, FD, FF, FF, C6, 01, 30, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAreBitsSet + 9D 7C926784 6 Bytes [ FF, 2B, 89, 85, D0, FD ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAreBitsSet + A4 7C92678B 90 Bytes JMP 7C926A8C C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!iswctype + A 7C9269DB 10 Bytes [ 04, F6, C3, 20, 8B, 85, EC, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!iswctype + 15 7C9269E6 59 Bytes [ 85, 14, FD, FF, FF, F6, C3, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!iswctype + 51 7C926A22 15 Bytes [ FF, 01, 00, 00, 00, 8B, C3, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!iswctype + 61 7C926A32 7 Bytes [ 75, F3, 8B, 85, E8, FD, FF ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!iswctype + 69 7C926A3A 60 Bytes CALL 02926A3C
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!iswdigit + 2 7C926A77 5 Bytes [ 00, 0F, 85, C2, FE ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!iswdigit + 8 7C926A7D 5 Bytes [ FF, 8B, 9D, F0, FD ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!iswdigit + F 7C926A84 7 Bytes [ F6, C3, 40, 0F, 85, AB, 88 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!iswdigit + 17 7C926A8C 40 Bytes [ 00, 8B, B5, CC, FD, FF, FF, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!iswdigit + 40 7C926AB5 60 Bytes [ 85, DC, FD, FF, FF, 8D, 8D, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUpcaseUnicodeString + 9B 7C926BFE 40 Bytes CALL 67167B06
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUpcaseUnicodeString + C4 7C926C27 15 Bytes JMP 7C92693E C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUpcaseUnicodeString + D4 7C926C37 32 Bytes [ 8B, 85, CC, FD, FF, FF, 0F, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUpcaseUnicodeString + F6 7C926C59 95 Bytes [ E2, FE, FF, FF, 90, 90, 90, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGUIDFromString + 39 7C926CB9 23 Bytes [ 4D, 98, F6, C1, 10, 0F, 85, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGUIDFromString + 51 7C926CD1 1 Byte [ 20 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGUIDFromString + 53 7C926CD3 10 Bytes [ 0F, 85, 59, 44, 01, 00, 64, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGUIDFromString + 5F 7C926CDF 117 Bytes [ 8B, 40, 30, F6, C1, 40, 0F, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGUIDFromString + D5 7C926D55 41 Bytes [ 05, 00, F0, FE, FF, 89, 45, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUnicodeToOemN + 31 7C9270F9 71 Bytes [ 88, 00, 00, 00, 66, 89, 48, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUnicodeToOemN + 79 7C927141 15 Bytes [ 04, 04, 04, 04, 04, 04, 04, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUnicodeToOemN + 89 7C927151 193 Bytes [ 03, 03, 03, 03, 03, 03, 03, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUnicodeStringToOemString + 29 7C927213 23 Bytes [ 01, 02, 01, 01, 01, 05, 04, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUnicodeStringToOemString + 41 7C92722B 4 Bytes [ 02, 02, 01, 01 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUnicodeStringToOemString + 46 7C927230 18 Bytes [ 03, 02, 01, 01, 02, 01, 01, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUnicodeStringToOemString + 59 7C927243 109 Bytes [ 04, 04, 04, 04, 04, 03, 03, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUnicodeStringToOemString + C7 7C9272B1 36 Bytes [ 01, 01, 01, 01, 01, 01, 01, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlOemToUnicodeN 7C92733C 335 Bytes [ 90, 8B, FF, 55, 8B, EC, 83, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlOemStringToUnicodeString + 27 7C92748C 36 Bytes JMP 7C9273B3 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlOemStringToUnicodeString + 4C 7C9274B1 48 Bytes [ 55, 8B, EC, 56, 8B, 75, 08, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlOemStringToUnicodeString + 7D 7C9274E2 46 Bytes [ F6, 46, 13, 01, 0F, 85, AD, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlOemStringToUnicodeString + AC 7C927511 27 Bytes [ 00, 02, 0F, 84, AB, 29, 02, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlOemStringToUnicodeString + C8 7C92752D 6 Bytes [ 50, 8B, 38, BB, 00, 80 ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetEnvironmentVariable + 52 7C9277EA 1 Byte [ 20 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetEnvironmentVariable + 54 7C9277EC 5 Bytes [ 20, 00, 20, 00, 20 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetEnvironmentVariable + 5A 7C9277F2 1 Byte [ 20 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetEnvironmentVariable + 5C 7C9277F4 35 Bytes [ 20, 00, 20, 00, 20, 00, 20, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetEnvironmentVariable + 80 7C927818 9 Bytes [ 10, 00, 10, 00, 10, 00, 10, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlQueueWorkItem + 12 7C927C4A 193 Bytes [ 00, 8B, 75, D8, 66, 39, 7E, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlQueueWorkItem + D4 7C927D0C 26 Bytes [ 1D, 34, 00, 00, 03, DF, FF, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlQueueWorkItem + EF 7C927D27 3 Bytes [ 49, FF, FF ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlQueueWorkItem + F3 7C927D2B 40 Bytes [ 66, 89, 01, FF, 45, F4, 33, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlQueueWorkItem + 11C 7C927D54 11 Bytes [ FF, 55, 8B, EC, 83, EC, 0C, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlLookupAtomInAtomTable + 4D 7C9284D7 17 Bytes [ 1C, 41, 33, C0, 5E, 5F, 5B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlLookupAtomInAtomTable + 60 7C9284EA 8 Bytes [ 00, 83, C8, 10, C1, E0, 04, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlLookupAtomInAtomTable + 69 7C9284F3 34 Bytes CALL 7C9142F0 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlLookupAtomInAtomTable + 8C 7C928516 5 Bytes [ 00, 00, E9, C6, 27 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlLookupAtomInAtomTable + 92 7C92851C 14 Bytes CALL 7C9142F0 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFindActivationContextSectionGuid + 46 7C928D34 5 Bytes [ 75, 08, E8, 24, 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFindActivationContextSectionGuid + 4D 7C928D3B 21 Bytes [ 8B, D8, 68, 20, B4, 97, 7C, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFindActivationContextSectionGuid + 64 7C928D52 322 Bytes [ 5E, 8B, C3, 5B, C9, C2, 0C, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlStringFromGUID 7C928E96 15 Bytes [ 90, 90, 90, 8D, 45, D0, 50, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlStringFromGUID + 10 7C928EA6 24 Bytes [ 00, 00, 83, B8, 9C, 0F, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlStringFromGUID + 29 7C928EBF 74 Bytes [ EC, 51, 51, 64, A1, 18, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlStringFromGUID + 74 7C928F0A 20 Bytes [ FF, 55, 8B, EC, 51, 51, 53, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlStringFromGUID + 89 7C928F1F 50 Bytes [ 7D, 0C, 8B, 75, 10, B8, 00, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIsTextUnicode + 9 7C929054 68 Bytes [ 1A, 89, 18, 89, 50, 04, 89, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIsTextUnicode + 4E 7C929099 5 Bytes [ 51, 04, 8D, 70, D0 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIsTextUnicode + 54 7C92909F 2 Bytes [ 40, 04 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIsTextUnicode + 57 7C9290A2 136 Bytes [ 00, F6, 46, 10, 08, 75, 3C, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIsTextUnicode + E0 7C92912B 50 Bytes [ 00, 33, D2, 39, 13, 75, 65, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlMultiByteToUnicodeSize + 4 7C92937E 27 Bytes [ 45, 08, 83, C0, 04, 50, E8, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlMultiByteToUnicodeSize + 20 7C92939A 70 Bytes [ 0C, 33, C0, F7, C3, 00, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFormatMessage + 1D 7C9293E1 104 Bytes [ 0C, 0F, 87, 97, F7, 01, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFormatMessage + 86 7C92944A 118 Bytes [ 0F, 84, 6E, F6, 01, 00, 66, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFormatMessage + FD 7C9294C1 107 Bytes [ 39, 3E, 0F, 84, 6C, F7, 01, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFormatMessage + 169 7C92952D 113 Bytes [ EC, 8D, 45, 0C, 50, FF, 75, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFormatMessage + 1DB 7C92959F 61 Bytes CALL 7C90F8E3 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlpNtQueryValueKey + 19 7C92979F 1 Byte [ 08 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlpNtQueryValueKey + 1B 7C9297A1 7 Bytes [ 85, F4, FD, FF, FF, 3D, FF ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlpNtQueryValueKey + 23 7C9297A9 14 Bytes [ 00, 00, 0F, 83, AF, 0F, 02, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlpNtQueryValueKey + 32 7C9297B8 24 Bytes [ FF, 0F, B7, 03, 8B, 4C, C3, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlpNtQueryValueKey + 4B 7C9297D1 13 Bytes [ F6, C4, 08, 0F, 84, D6, 18, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlpNtOpenKey + 52 7C929899 45 Bytes [ 89, 55, D4, 89, 4D, B4, 8B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlpNtOpenKey + 80 7C9298C7 39 Bytes [ 8B, 02, 89, 45, BC, 83, C2, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlpNtOpenKey + A8 7C9298EF 31 Bytes [ 0F, 85, 71, 01, 00, 00, C1, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlpNtOpenKey + C8 7C92990F 34 Bytes JMP 7C91A03F C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlMakeSelfRelativeSD + 3 7C929932 95 Bytes [ D4, 85, C0, 0F, 85, D9, 06, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlMakeSelfRelativeSD + 63 7C929992 19 Bytes [ C8, 83, C0, 40, 3B, C1, 0F, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlMakeSelfRelativeSD + 77 7C9299A6 63 Bytes JMP 7C9161C5 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlMakeSelfRelativeSD + B7 7C9299E6 142 Bytes [ 74, 09, 0F, BE, 81, 28, 0B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAdjustPrivilege + 28 7C929A75 108 Bytes [ 0F, B6, C4, 0F, BE, 80, 28, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAdjustPrivilege + 95 7C929AE2 3 Bytes [ 75, 18, 88 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAdjustPrivilege + 99 7C929AE6 21 Bytes [ 13, 0F, B7, 0B, 03, CA, 3B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDowncaseUnicodeString + 2 7C929AFC 18 Bytes [ 39, 46, 04, 0F, 84, 20, 17, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDowncaseUnicodeString + 15 7C929B0F 4 Bytes [ 83, 5C, 4D, 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDowncaseUnicodeString + 1A 7C929B14 76 Bytes [ 0F, B6, 43, 07, 8B, 44, 87, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDowncaseUnicodeString + 67 7C929B61 124 Bytes JMP 7C92B401 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDowncaseUnicodeString + E5 7C929BDF 30 Bytes [ 94, 8B, 06, 89, 45, 90, 8B, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlImpersonateSelf + 7A 7C929E01 25 Bytes [ 53, 14, 85, D2, 0F, 84, 1F, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlImpersonateSelf + 94 7C929E1B 10 Bytes [ 32, C0, 84, C0, 57, 0F, 85, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlImpersonateSelf + 9F 7C929E26 115 Bytes [ F6, 43, 10, 01, 0F, 84, 5F, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlImpersonateSelf + 113 7C929E9A 17 Bytes [ EC, 56, 8B, 75, 0C, 6A, 4E, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlImpersonateSelf + 125 7C929EAC 26 Bytes [ FF, 15, 90, 04, 91, 7C, 85, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlReleaseResource + 1A 7C929F7E 76 Bytes [ 53, 57, 56, 8D, 85, C0, FD, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAcquireResourceShared + 2C 7C929FCB 3 Bytes [ D5, 70, FE ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAcquireResourceShared + 30 7C929FCF 58 Bytes [ 8B, F0, 3B, F3, 0F, 84, 6E, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlMapGenericMask + 2D 7C92A00A 60 Bytes [ B7, 08, 83, C7, 02, D1, E9, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetCriticalSectionSpinCount 7C92A047 33 Bytes [ 90, 90, 90, 90, 8B, FF, 55, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetCriticalSectionSpinCount + 22 7C92A069 29 Bytes [ 5D, D0, 89, 5D, D4, 89, 5D, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAcquireResourceExclusive + 12 7C92A088 84 Bytes [ E0, 89, 5D, B4, 89, 5D, B8, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAcquireResourceExclusive + 67 7C92A0DD 5 Bytes [ 00, 39, 5D, F8, 57 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAcquireResourceExclusive + 6E 7C92A0E4 38 Bytes [ 92, CF, 00, 00, 8B, 45, 08, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAcquireResourceExclusive + 95 7C92A10B 82 Bytes CALL C4BA1538
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlTimeToSecondsSince1980 + 1A 7C92A15E 232 Bytes [ 0F, 94, C2, 03, 55, E0, 03, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDeleteSecurityObject + 84 7C92A247 69 Bytes [ 00, 8B, 45, C8, 8B, 4D, C4, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIdentifierAuthoritySid + 41 7C92A28D 102 Bytes [ 66, 3D, FF, FE, 0F, 84, E1, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIdentifierAuthoritySid + A9 7C92A2F5 10 Bytes [ 8A, 0E, 8A, 17, 46, 47, 3A, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIdentifierAuthoritySid + B4 7C92A300 20 Bytes CALL 64A31904
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIdentifierAuthoritySid + CA 7C92A316 53 Bytes [ 00, 3A, C3, 0F, 85, AF, A2, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIdentifierAuthoritySid + 100 7C92A34C 253 Bytes [ 0F, 84, 00, CD, 00, 00, 83, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!towlower + CB 7C92A8F1 35 Bytes [ CA, 8B, 5D, 14, 89, 0B, 0F, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!towlower + EF 7C92A915 76 Bytes [ 4D, 24, 89, 01, 0F, 85, 6E, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!towlower + 13C 7C92A962 59 Bytes [ F0, 8B, 4D, F8, 8B, 75, F4, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!towlower + 178 7C92A99E 15 Bytes [ 42, 14, 0F, 87, 16, 66, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!towlower + 188 7C92A9AE 82 Bytes [ C9, 0F, 86, D5, 19, 00, 00, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUnwind + A 7C92ABAF 14 Bytes [ 8B, 40, 24, 6A, 40, 89, 85, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUnwind + 19 7C92ABBE 2 Bytes [ BD, 7C ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUnwind + 1E 7C92ABC3 54 Bytes [ F3, AB, 6A, 40, 59, 8D, BD, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUnwind + 55 7C92ABFA 6 Bytes [ 50, 6A, FF, FF, B5, 7C ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUnwind + 5C 7C92AC01 42 Bytes [ FF, FF, 89, 75, D4, E8, FE, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUpdateTimer + 23 7C92AE60 74 Bytes JMP 7C92A764 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUpdateTimer + 6E 7C92AEAB 88 Bytes [ 00, 8B, C1, 89, 75, FC, E9, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUpdateTimer + C7 7C92AF04 91 Bytes [ FF, 55, 8B, EC, 6A, 00, FF, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUpdateTimer + 124 7C92AF61 15 Bytes [ 90, 90, 90, 8B, FF, 55, 8B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUpdateTimer + 134 7C92AF71 47 Bytes [ FD, FF, 8B, 46, 28, 85, C0, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlStartRXact + 1A 7C92B14A 16 Bytes [ 45, 08, 6A, 17, FF, 35, 84, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlStartRXact + 2B 7C92B15B 52 Bytes CALL 7C9040A6 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAbortRXact + D 7C92B190 42 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAbortRXact + 39 7C92B1BC 1 Byte [ 0C ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlTimeToSecondsSince1970 + 5 7C92B1C8 119 Bytes [ 64, A1, 18, 00, 00, 00, 8B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlTimeToSecondsSince1970 + 7D 7C92B240 60 Bytes JMP 7C92BD6B C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlTimeToSecondsSince1970 + BA 7C92B27D 3 Bytes [ 94, 97, FE ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlTimeToSecondsSince1970 + BE 7C92B281 93 Bytes JMP 7C92A8EE C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlLengthSecurityDescriptor + 44 7C92B2DF 55 Bytes [ CF, FD, FF, FF, 01, 8B, 85, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlLengthSecurityDescriptor + 7C 7C92B317 10 Bytes JMP 7C92BA1E C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlLengthSecurityDescriptor + 87 7C92B322 42 Bytes [ 83, D4, 8B, FE, FF, 66, 8B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlLengthSecurityDescriptor + B2 7C92B34D 65 Bytes JMP 7C90FCBD C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlLengthSecurityDescriptor + F4 7C92B38F 3 Bytes [ 10, 77, FE ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGetGroupSecurityDescriptor + 16 7C92B40D 30 Bytes [ 4A, 04, 89, 8D, BC, FE, FF, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGetGroupSecurityDescriptor + 35 7C92B42C 10 Bytes [ F6, 46, D3, E6, 89, B5, 10, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlEqualDomainName + 1 7C92B437 83 Bytes [ 4D, 08, 8D, B4, 08, 58, 01, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlEqualDomainName + 55 7C92B48B 24 Bytes [ 8A, 0E, 0B, C8, 88, 0E, E9, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFreeOemString + 11 7C92B4A4 74 Bytes [ 83, E1, 07, 33, D2, 42, D3, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFreeOemString + 5D 7C92B4F0 96 Bytes [ 8B, 46, 04, 0F, B7, 00, 50, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAddAce + 1 7C92B551 11 Bytes [ 4C, 8F, 58, 89, 71, 38, 88, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAddAce + D 7C92B55D 51 Bytes [ F8, 24, F8, 66, 89, 0E, 88, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAddAce + 41 7C92B591 16 Bytes [ 3B, C8, 0F, 84, 1C, 62, FE, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAddAce + 52 7C92B5A2 23 Bytes [ 86, 0E, 62, FE, FF, 8B, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAddAce + 6A 7C92B5BA 53 Bytes [ A6, FB, FE, FF, 0F, B7, 0E, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUpcaseUnicodeToOemN 7C92BD75 7 Bytes [ 90, 90, 8B, FF, 55, 8B, EC ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUpcaseUnicodeToOemN + 8 7C92BD7D 21 Bytes [ 55, 08, 33, C0, 39, 12, 74, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUpcaseUnicodeToOemN + 1E 7C92BD93 12 Bytes [ 03, 42, 08, 5D, C2, 04, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUpcaseUnicodeToOemN + 2B 7C92BDA0 88 Bytes [ FF, 55, 8B, EC, 8B, 55, 0C, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUpcaseUnicodeToOemN + 84 7C92BDF9 103 Bytes [ 7D, 14, 57, 56, 53, FF, 75, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUpcaseUnicodeStringToOemString + 52 7C92C0EB 5 Bytes [ 00, 50, E8, B5, CE ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUpcaseUnicodeStringToOemString + 58 7C92C0F1 53 Bytes [ FF, 03, C7, 13, D3, 89, 86, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUpcaseUnicodeStringToOemString + 8E 7C92C127 2 Bytes [ 5D, C2 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUpcaseUnicodeStringToOemString + 91 7C92C12A 106 Bytes [ 00, 90, 90, 90, 90, 90, 8B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUpcaseUnicodeStringToOemString + FD 7C92C196 6 Bytes [ 64, A1, 18, 00, 00, 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlClearAllBits + 2 7C92C19D 26 Bytes [ 76, 0C, 8B, 40, 30, 6A, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlClearAllBits + 1E 7C92C1B9 20 Bytes [ 5E, 5D, C2, 04, 00, 90, 90, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetAllBits + 2 7C92C1CE 20 Bytes [ 35, 84, A7, 92, 7C, FF, 35, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetAllBits + 17 7C92C1E3 16 Bytes [ 8B, 0D, 08, B2, 92, 7C, 2B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetAllBits + 28 7C92C1F4 3 Bytes [ 85, 5B, F1 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetAllBits + 2D 7C92C1F9 25 Bytes [ 8B, 4D, 0C, 89, 01, B0, 01, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetAllBits + 47 7C92C213 44 Bytes [ 5D, C3, 8A, 06, 46, 3C, 78, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCopySecurityDescriptor 7C92C3B4 123 Bytes [ 90, 8B, FF, 55, 8B, EC, 8B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCopySecurityDescriptor + 7C 7C92C430 37 Bytes [ 00, 90, 90, 90, 90, 90, 8B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCopySecurityDescriptor + A2 7C92C456 9 Bytes [ 75, 0C, 8D, 45, F8, 50, E8, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCopySecurityDescriptor + AD 7C92C461 36 Bytes [ 85, C0, 7C, 19, 53, 8D, 45, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetSecurityObject + 1A 7C92C486 9 Bytes [ 00, 8A, C3, 5B, C9, C2, 08, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetSecurityObject + 27 7C92C493 44 Bytes [ 8B, FF, 55, 8B, EC, 8B, 45, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetSecurityObject + 54 7C92C4C0 2 Bytes [ EC, 53 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetSecurityObject + 57 7C92C4C3 9 Bytes [ 5D, 08, 85, DB, 74, 4D, 83, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetSecurityObject + 62 7C92C4CE 91 Bytes [ 83, 7B, 04, 00, 56, 8D, 73, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!isdigit + 13 7C92C88C 2 Bytes [ 50, 04 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!isdigit + 16 7C92C88F 87 Bytes [ 08, 8B, 32, 3B, 71, 04, 75, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!__isascii + 45 7C92C8E7 58 Bytes [ B7, D6, 8B, FA, C1, EF, 08, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!__isascii + 81 7C92C923 104 Bytes [ 0F, B7, 55, 18, 8B, 0D, E0, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIpv4StringToAddressA + 3B 7C92C98C 68 Bytes [ 03, F2, 66, 8B, 0C, 71, 66, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIpv4StringToAddressA + 80 7C92C9D1 276 Bytes [ 03, F2, 66, 8B, 0C, 71, 66, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrAddRefDll + 11 7C92CAE6 70 Bytes [ B0, 97, 7C, 8B, F2, C1, EE, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrAddRefDll + 58 7C92CB2D 124 Bytes [ 03, F3, 0F, B7, 34, 71, 83, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlConvertSharedToExclusive + C 7C92CBAA 16 Bytes [ 00, 0F, B7, 55, 18, 8B, 0D, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlConvertSharedToExclusive + 1D 7C92CBBB 135 Bytes [ B7, 34, 71, 8B, DA, C1, EB, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlConvertExclusiveToShared + 64 7C92CC44 11 Bytes [ 85, C0, 8B, 7D, 08, 89, 7D, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlConvertExclusiveToShared + 70 7C92CC50 26 Bytes [ 00, 00, 83, 7D, 0C, 00, 0F, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlConvertExclusiveToShared + 8B 7C92CC6B 134 Bytes [ 42, 83, 45, 14, 02, 0F, B6, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlConvertExclusiveToShared + 112 7C92CCF2 4 Bytes [ C2, 66, C1, E8 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlConvertExclusiveToShared + 117 7C92CCF7 34 Bytes [ 84, C0, 74, 0E, 8B, 4D, 0C, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCreateTimer + 59 7C92CD89 2 Bytes [ 56, 57 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCreateTimer + 5D 7C92CD8D 1 Byte [ F8 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCreateTimer + 5F 7C92CD8F 28 Bytes [ 85, B0, FE, FF, FF, 8B, 4D, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCreateTimer + 7C 7C92CDAC 24 Bytes [ 55, 14, A1, F0, B1, 97, 7C, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCreateTimer + 95 7C92CDC5 18 Bytes [ 05, 00, 00, FF, 24, 8D, 30, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetSaclSecurityDescriptor + 20 7C92CF36 59 Bytes [ 4A, 66, 83, F9, 61, 89, 4D, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetSaclSecurityDescriptor + 5D 7C92CF73 3 Bytes [ 89, 4D, 18 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetSaclSecurityDescriptor + 61 7C92CF77 18 Bytes [ B7, 4D, 18, 8A, 0C, 01, 8B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetSaclSecurityDescriptor + 74 7C92CF8A 22 Bytes [ 01, 8B, 15, EC, B1, 97, 7C, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetSaclSecurityDescriptor + 8C 7C92CFA2 20 Bytes [ 89, 4D, 18, 0F, B7, 4D, 18, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSelfRelativeToAbsoluteSD + 10 7C92CFB7 79 Bytes [ B6, 0C, 01, 8B, 15, EC, B1, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSelfRelativeToAbsoluteSD + 60 7C92D007 17 Bytes [ 8A, 0C, 01, 8B, 55, 08, 88, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSelfRelativeToAbsoluteSD + 72 7C92D019 30 Bytes [ 15, EC, B1, 97, 7C, 0F, B7, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSelfRelativeToAbsoluteSD + 91 7C92D038 157 Bytes [ 01, 8B, 55, 08, 88, 4A, FE, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSelfRelativeToAbsoluteSD + 12F 7C92D0D6 2 Bytes [ 66, 89 ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCopyString + 1F 7C92D1CD 33 Bytes [ FF, 55, 8B, EC, 8B, 45, 08, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCopyString + 42 7C92D1F0 36 Bytes [ 7D, 18, 7A, 0F, 87, 4C, F9, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlValidRelativeSecurityDescriptor + 1C 7C92D215 54 Bytes JMP 7C92D000 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlValidRelativeSecurityDescriptor + 53 7C92D24C 32 Bytes [ 87, 27, F9, FF, FF, 81, C1, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlValidRelativeSecurityDescriptor + 74 7C92D26D 12 Bytes JMP 7C92CF73 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlValidRelativeSecurityDescriptor + 81 7C92D27A 99 Bytes [ 00, 8B, 48, 0C, 3B, CA, 0F, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlValidRelativeSecurityDescriptor + E6 7C92D2DF 62 Bytes [ 0C, 4A, 83, 45, 08, 10, 83, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlRunEncodeUnicodeString + E 7C92D773 112 Bytes [ 8B, 4D, E0, 8B, 55, 18, 8B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlRunDecodeUnicodeString + 31 7C92D7E4 48 Bytes [ 45, 14, 8B, 00, 0F, B6, 40, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlRunDecodeUnicodeString + 62 7C92D815 12 Bytes [ 85, DF, C0, 01, 00, 80, 7D, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlRunDecodeUnicodeString + 6F 7C92D822 14 Bytes [ 01, 00, 5B, 5F, 8B, C6, 5E, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlRunDecodeUnicodeString + 7E 7C92D831 20 Bytes JMP 7C92D4FB C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlRunDecodeUnicodeString + 93 7C92D846 23 Bytes JMP 7C92D5A3 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIpv4AddressToStringExW + 3A 7C92D98C 62 Bytes CALL 7C92D89F C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIpv4AddressToStringW + 1 7C92D9CB 66 Bytes [ 75, F8, 80, 3B, 2E, 0F, 85, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIpv4AddressToStringW + 44 7C92DA0E 1 Byte [ 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIpv4AddressToStringW + 46 7C92DA10 16 Bytes JMP 7C92D97A C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIpv4AddressToStringW + 57 7C92DA21 16 Bytes CALL 7C91EB0F C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIpv4AddressToStringW + 68 7C92DA32 37 Bytes [ FF, 85, C0, 59, 74, 12, 0F, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCreateTimerQueue 7C92DAD3 79 Bytes [ 90, 90, 6A, 18, 68, 78, CB, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCreateTimerQueue + 50 7C92DB23 2 Bytes [ 75, 0C ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCreateTimerQueue + 53 7C92DB26 2 Bytes [ BD, 62 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCreateTimerQueue + 57 7C92DB2A 16 Bytes [ 84, C0, 0F, 84, 60, 98, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCreateTimerQueue + 68 7C92DB3B 142 Bytes [ 01, 00, 66, 83, 78, 38, FF, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAddAccessDeniedAce + F 7C92DBCA 32 Bytes [ 8B, 40, 24, 89, 46, 2C, 56, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAddAccessDeniedAce + 30 7C92DBEB 7 Bytes [ 11, 44, FD, FF, 83, 7E, 28 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAddAccessDeniedAce + 38 7C92DBF3 80 Bytes [ 75, 1C, 8B, 46, 1C, 83, 66, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlPrefixString + 1F 7C92DC44 88 Bytes [ 00, 89, 45, DC, FF, B3, 90, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_itow + 1C 7C92DC9D 105 Bytes [ 7D, 08, 8B, 77, 14, E8, 35, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_itow + 86 7C92DD07 90 Bytes [ 84, C0, 74, 10, 6A, 00, FF, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_itow + E1 7C92DD62 34 Bytes [ F7, 45, 22, FF, FF, 0F, 85, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetIoCompletionCallback + 1C 7C92DD85 4 Bytes [ 3B, 66, 00, 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetIoCompletionCallback + 22 7C92DD8B 67 Bytes [ 89, 45, 08, 0F, 8C, D7, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetIoCompletionCallback + 67 7C92DDD0 3 Bytes [ 35, DD, 01 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetIoCompletionCallback + 6B 7C92DDD4 147 Bytes [ 89, 4E, 38, 8B, 45, 18, 89, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetIoCompletionCallback + FF 7C92DE68 49 Bytes [ 30, 5F, 5E, 83, 7D, FC, 00, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCreateUserThread + 9A 7C92E004 37 Bytes [ 8B, 7D, 18, 8B, 5D, F0, 3B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCreateUserThread + C0 7C92E02A 48 Bytes [ FD, FF, 8B, 45, EC, 80, 66, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCreateUserThread + F3 7C92E05D 4 Bytes [ 85, 3A, A8, 01 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCreateUserThread + F9 7C92E063 84 Bytes [ 45, E0, 3B, C3, 74, 15, 0F, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInitializeContext + F 7C92E0B8 48 Bytes [ 00, 8B, 45, 0C, 8B, 56, 1C, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInitializeContext + 41 7C92E0EA 39 Bytes [ 33, C0, 8B, 56, 14, 89, 42, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInitializeContext + 69 7C92E112 9 Bytes [ 00, 89, 41, 14, FF, B7, 1C, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInitializeContext + 73 7C92E11C 31 Bytes CALL 7C92BD0B C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInitializeContext + 94 7C92E13D 8 Bytes [ 57, FF, 75, 0C, FF, B7, 1C, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlpNtEnumerateSubKey + 1D 7C92E58E 6 Bytes [ 4D, FC, FF, C7, 45, F8 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlpNtEnumerateSubKey + 24 7C92E595 16 Bytes [ D8, 94, 11, 8D, 45, F8, E9, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlpNtEnumerateSubKey + 35 7C92E5A6 1 Byte [ C0 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlpNtEnumerateSubKey + 37 7C92E5A8 4 Bytes [ 8D, 1B, 5C, 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlpNtEnumerateSubKey + 3C 7C92E5AD 11 Bytes JMP 7C94DF46 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAddAttributeActionToRXact + 14 7C92E642 2 Bytes JMP 6592E83F
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAddAttributeActionToRXact + 18 7C92E646 198 Bytes JMP 7C94DF35 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAddAttributeActionToRXact + DF 7C92E70D 20 Bytes [ 57, 8D, 46, 08, 50, 56, 68, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAddAttributeActionToRXact + F4 7C92E722 2 Bytes [ F8, 85 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAddAttributeActionToRXact + F7 7C92E725 163 Bytes [ 0F, 8C, C0, 07, 02, 00, BA, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlApplyRXact + 28 7C92E831 156 Bytes JMP 7C936AFA C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAddActionToRXact + 41 7C92E8CE 110 Bytes [ FB, 04, 0F, 85, 25, 82, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlNewSecurityObject + 16 7C92E93D 14 Bytes [ 89, 38, 8B, 45, 14, 0F, C9, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlNewSecurityObject + 25 7C92E94C 90 Bytes [ 00, 90, 90, 90, 90, 90, 8B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_itoa + 43 7C92E9A7 22 Bytes [ D0, 66, F3, A5, 33, C0, 89, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_itoa + 5A 7C92E9BE 61 Bytes [ B8, 0D, 00, 00, C0, EB, EB, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_itoa + 98 7C92E9FC 25 Bytes [ 04, 46, 5E, 5D, C2, 08, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_itoa + B2 7C92EA16 60 Bytes [ 25, 00, 75, 00, 00, 00, CC, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_itoa + EF 7C92EA53 84 Bytes [ 0F, 84, CF, 3D, 01, 00, 3B, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetProcessIsCritical + 18 7C92EB84 6 Bytes [ 0F, 85, 2C, CF, 01, 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetProcessIsCritical + 1F 7C92EB8B 11 Bytes [ C6, 5E, C9, C2, 04, 00, 56, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetProcessIsCritical + 2B 7C92EB97 21 Bytes [ 68, C9, 7A, 92, 7C, FF, 35, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetProcessIsCritical + 41 7C92EBAD 43 Bytes JMP 7C94F03D C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetThreadIsCritical + 19 7C92EBD9 5 Bytes CALL 7C9355E2 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetThreadIsCritical + 1F 7C92EBDF 2 Bytes [ F0, 85 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetThreadIsCritical + 22 7C92EBE2 72 Bytes [ 0F, 8D, 1F, FF, FF, FF, EB, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUniform + 2A 7C92EC2B 38 Bytes [ 45, 08, 8B, 4D, 0C, 8B, 51, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUniform + 51 7C92EC52 24 Bytes [ 74, 1F, 8A, 06, 8A, 0A, 46, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUniform + 6A 7C92EC6B 141 Bytes [ 81, C7, FF, FF, 00, 00, EB, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUniform + F8 7C92ECF9 25 Bytes [ 56, 6A, 10, 8D, 45, EC, 50, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUniform + 112 7C92ED13 80 Bytes [ FF, 81, 7D, F4, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrFlushAlternateResourceModules + 42 7C92ED64 231 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCreateUserSecurityObject + B 7C92EE4C 22 Bytes [ 8B, 40, 30, FF, 70, 08, E8, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCreateUserSecurityObject + 22 7C92EE63 24 Bytes [ 06, 8B, 48, 60, 89, 4D, 0C, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCreateUserSecurityObject + 3B 7C92EE7C 30 Bytes [ 40, 30, 8B, 80, 08, 02, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCreateUserSecurityObject + 5A 7C92EE9B 5 Bytes [ 45, D0, 8D, 54, 10 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCreateUserSecurityObject + 60 7C92EEA1 42 Bytes [ 48, F7, D0, 23, D0, 8B, 45, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCreateAndSetSD + 13 7C92EECC 119 Bytes CALL 7C90DF4E C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCreateAndSetSD + 8B 7C92EF44 18 Bytes [ 8D, 45, F8, 50, 8D, 45, FC, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCreateAndSetSD + 9E 7C92EF57 74 Bytes [ 45, F8, 01, 46, 0C, 33, C0, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCreateAndSetSD + E9 7C92EFA2 106 Bytes [ 8B, 45, 2C, 89, 85, 00, FD, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCreateAndSetSD + 154 7C92F00D 12 Bytes [ 89, BD, F0, FC, FF, FF, 89, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGetLengthWithoutTrailingPathSeperators + 2 7C92F2DF 112 Bytes [ 83, F8, 58, 0F, 8E, 8A, 70, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGetLengthWithoutTrailingPathSeperators + 73 7C92F350 117 Bytes [ 84, 38, 77, FF, FF, E9, 37, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGetLengthWithoutTrailingPathSeperators + E9 7C92F3C6 67 Bytes [ 75, DA, 33, C0, 33, D2, 8B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlQueryRegistryValues + 3C 7C92F40A 13 Bytes JMP 7C935D39 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlQueryRegistryValues + 4A 7C92F418 53 Bytes [ 68, 00, 00, 8B, 45, 0C, 85, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlQueryRegistryValues + 80 7C92F44E 37 Bytes CALL 7C9030F2 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlQueryRegistryValues + A6 7C92F474 7 Bytes [ C7, 89, 45, FC, 0F, 85, 0A ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlQueryRegistryValues + AE 7C92F47C 27 Bytes JMP 7C94BBFC C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetControlSecurityDescriptor + 33 7C92FAE3 28 Bytes [ 8D, 45, F8, 50, FF, 75, F8, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetControlSecurityDescriptor + 50 7C92FB00 18 Bytes [ 39, 1E, 0F, 8C, 97, 95, 01, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetControlSecurityDescriptor + 63 7C92FB13 10 Bytes [ 47, 04, 89, 45, 10, 8B, 45, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetControlSecurityDescriptor + 6E 7C92FB1E 6 Bytes [ 75, 0C, E8, 07, 97, FE ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetControlSecurityDescriptor + 75 7C92FB25 74 Bytes [ 84, C0, 0F, 84, 7A, 95, 01, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_vsnprintf + 9 7C92FB70 98 Bytes [ EC, 56, 8B, 75, 0C, 33, C9, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_vsnprintf + 6C 7C92FBD3 69 Bytes [ 64, A1, 18, 00, 00, 00, 38, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_vsnprintf + B3 7C92FC1A 21 Bytes [ FF, 7F, 33, D2, F7, F6, 5E, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_vsnprintf + C9 7C92FC30 21 Bytes [ C0, 75, F6, 8B, C7, 2B, 45, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_vsnprintf + DF 7C92FC46 11 Bytes [ 72, 0C, FF, 75, 14, 50, FF, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInitializeRXact + 45 7C92FE5F 22 Bytes [ 75, 0C, FF, 75, 08, E8, 50, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInitializeRXact + 5C 7C92FE76 7 Bytes CALL 7C90E5F0 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInitializeRXact + 64 7C92FE7E 3 Bytes [ DB, 7C, 20 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInitializeRXact + 68 7C92FE82 11 Bytes [ 75, 1C, FF, 75, FC, FF, 75, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInitializeRXact + 74 7C92FE8E 114 Bytes CALL 7C92F923 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAddAuditAccessAce + 1D 7C93001A 195 Bytes [ FF, 8B, D8, 85, DB, 0F, 8C, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 86 7C9300DF 53 Bytes [ 88, 48, 01, 8B, 4D, 18, 89, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + BC 7C930115 13 Bytes JMP 7C9213EA C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + CA 7C930123 22 Bytes [ F8, 57, 53, FF, 55, 14, 83, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + E1 7C93013A 69 Bytes [ CB, 2B, CF, 89, 55, FC, 8A, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInitializeGenericTableAvl + 1F 7C930180 83 Bytes [ CF, 2B, CE, 89, 55, FC, 8A, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCheckProcessParameters + 3D 7C9301D4 69 Bytes [ 83, C4, 08, 85, C0, 7E, ED, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCheckProcessParameters + 83 7C93021A 18 Bytes [ C4, 08, 85, C0, 7F, BF, EB, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCheckProcessParameters + 96 7C93022D 57 Bytes [ 8D, 24, 24, 2B, 75, 10, 3B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCheckProcessParameters + D0 7C930267 5 Bytes [ 89, 94, 8D, 00, FF ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCheckProcessParameters + D6 7C93026D 37 Bytes [ FF, 41, 89, 4D, F0, 3B, C6, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlLockBootStatusData + 24 7C9302D7 144 Bytes [ FF, 90, 90, 90, 90, 90, 8B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlLockBootStatusData + B6 7C930369 52 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlLockBootStatusData + EB 7C93039E 1 Byte [ 10 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlLockBootStatusData + ED 7C9303A0 23 Bytes [ 00, FF, 75, 08, 8D, 45, FC, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlLockBootStatusData + 105 7C9303B8 17 Bytes [ 8B, 4D, 14, 3B, CE, 5E, 74, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUnlockBootStatusData 7C9303CB 3 Bytes [ 90, 90, 90 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUnlockBootStatusData + 4 7C9303CF 106 Bytes [ FF, 55, 8B, EC, 83, EC, 3C, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGetSetBootStatusData + 29 7C93043A 8 Bytes [ F0, 53, 8B, 5D, 10, 83, C7, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGetSetBootStatusData + 32 7C930443 22 Bytes [ 45, F4, 8B, 0B, 85, C9, 0F, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGetSetBootStatusData + 49 7C93045A 6 Bytes [ A8, 03, 0F, 85, 52, 04 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGetSetBootStatusData + 51 7C930462 39 Bytes [ 8B, 4B, 04, F6, C1, 01, 8B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGetSetBootStatusData + 79 7C93048A 36 Bytes [ 45, 0C, FF, 45, 0C, 83, F8, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCreateUserProcess + 5 7C930580 31 Bytes [ 83, E0, F8, 8D, 51, 02, 2B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCreateUserProcess + 25 7C9305A0 184 Bytes [ CA, 8B, 55, 08, 83, E1, 03, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCreateUserProcess + DF 7C93065A 84 Bytes [ FF, 8B, 45, 08, 5F, 5E, C9, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCreateUserProcess + 134 7C9306AF 55 Bytes [ CB, B8, 01, 00, 53, 33, DB, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCreateUserProcess + 16C 7C9306E7 60 Bytes CALL CD9306E9
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrVerifyImageMatchesChecksum + 15 7C930A21 73 Bytes [ 84, C0, 0F, 85, 24, E8, FF, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrVerifyImageMatchesChecksum + 5F 7C930A6B 72 Bytes JMP 7C930627 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrVerifyImageMatchesChecksum + A8 7C930AB4 201 Bytes [ EC, 8B, 45, 0C, 0F, B7, C8, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlImageRvaToVa + 45 7C930B7F 32 Bytes [ 10, 8D, 45, E0, 50, C7, 45, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlImageRvaToVa + 66 7C930BA0 55 Bytes [ 4D, E4, 0F, 88, 5E, F4, 01, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlImageRvaToVa + 9E 7C930BD8 45 Bytes [ C7, 8D, 48, 01, 8A, 10, 40, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlImageRvaToVa + CC 7C930C06 80 Bytes [ B5, CC, FD, FF, FF, B8, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlImageRvaToVa + 11E 7C930C58 24 Bytes [ 00, 8B, 40, 30, 80, 78, 02, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDnsHostNameToComputerName + 2 7C930EA5 49 Bytes [ C0, 00, 00, 00, 89, 9D, 30, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDnsHostNameToComputerName + 34 7C930ED7 29 Bytes [ C3, FF, B5, 78, FF, FF, FF, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDnsHostNameToComputerName + 53 7C930EF6 32 Bytes [ 0F, 84, A9, 77, 01, 00, 8D, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDnsHostNameToComputerName + 74 7C930F17 5 Bytes [ 50, FF, B5, 78, FF ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDnsHostNameToComputerName + 7A 7C930F1D 11 Bytes CALL 7C92A785 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlWriteRegistryValue + 11 7C930F81 43 Bytes [ 85, C0, 0F, 8D, EF, 77, 01, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlWriteRegistryValue + 3D 7C930FAD 7 Bytes [ 00, CC, CC, CC, CC, CC, CC ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlWriteRegistryValue + 45 7C930FB5 52 Bytes JMP 7C92A910 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDeleteRegistryValue + 1E 7C930FEA 48 Bytes [ FF, 85, C0, 0F, 84, 49, 87, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDeleteRegistryValue + 4F 7C93101B 5 Bytes [ 14, FF, 75, 10, 50 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDeleteRegistryValue + 55 7C931021 28 Bytes [ 75, 0C, FF, 75, 08, E8, CA, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDeleteRegistryValue + 72 7C93103E 1 Byte [ 45 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDeleteRegistryValue + 74 7C931040 13 Bytes [ 74, 04, 83, 60, 20, 00, 8D, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDeregisterWaitEx + 13 7C931295 30 Bytes [ 83, 7D, 08, 00, 0F, 84, 1E, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDeregisterWaitEx + 32 7C9312B4 9 Bytes [ FF, 55, 8B, EC, 81, EC, 34, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDeregisterWaitEx + 3C 7C9312BE 83 Bytes [ A1, C8, B0, 97, 7C, 56, 57, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDeregisterWaitEx + 90 7C931312 3 Bytes CALL 7C902294 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDeregisterWaitEx + 94 7C931316 53 Bytes [ FD, FF, 6A, 20, 33, F6, 8D, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDeregisterWait + 2 7C9315AC 12 Bytes [ FF, FF, 33, DB, 3B, C3, 0F, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDeregisterWait + F 7C9315B9 3 Bytes [ 75, D0, 68 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDeregisterWait + 13 7C9315BD 9 Bytes [ 00, 00, 01, 6A, 10, 53, 53, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDeregisterWait + 1D 7C9315C7 6 Bytes [ 0F, 00, 8D, 45, DC, 50 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDeregisterWait + 24 7C9315CE 3 Bytes [ 8E, CB, FD ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCutoverTimeToSystemTime + 126 7C931B73 13 Bytes [ 0C, 03, C7, 5F, 5E, 5D, C2, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCutoverTimeToSystemTime + 134 7C931B81 19 Bytes CALL 7C9138B5 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCutoverTimeToSystemTime + 148 7C931B95 3 Bytes [ 01, EB, 08 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCutoverTimeToSystemTime + 14C 7C931B99 140 Bytes JMP 7C9222F5 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCutoverTimeToSystemTime + 1D9 7C931C26 18 Bytes [ 8B, 7B, 04, 0F, B7, CE, 8B, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlNewSecurityObjectEx + 10 7C932700 8 Bytes [ 01, 00, 81, F9, E8, 03, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlNewSecurityObjectEx + 19 7C932709 36 Bytes [ 83, 98, 21, 00, 00, 8B, F1, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlNewSecurityObjectEx + 3E 7C93272E 37 Bytes [ C9, 0F, 84, A8, C9, 01, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlNewSecurityObjectEx + 64 7C932754 17 Bytes [ 75, 10, FF, 75, 0C, FF, 75, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlNewSecurityObjectEx + 76 7C932766 84 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlEqualPrefixSid + 49 7C932FAD 1 Byte [ 18 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlEqualPrefixSid + 4B 7C932FAF 2 Bytes [ BF, 17 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlEqualPrefixSid + 4E 7C932FB2 26 Bytes [ 00, C0, 8B, 45, 0C, 8B, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlEqualPrefixSid + 69 7C932FCD 7 Bytes [ 55, 8B, EC, 81, EC, B4, 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlEqualPrefixSid + 71 7C932FD5 30 Bytes [ 00, 53, 56, 33, F6, 89, 75, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlRegisterWait + 38 7C93323B 65 Bytes [ FF, 75, 14, 6A, 00, FF, 75, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlRegisterWait + 7B 7C93327E 140 Bytes [ 83, C8, 04, 09, 45, F4, C6, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlRegisterWait + 108 7C93330B 56 Bytes [ 08, 00, 00, 00, 8D, 70, 03, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlRegisterWait + 142 7C933345 65 Bytes [ 45, F8, 0F, B7, 40, 02, 83, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlRegisterWait + 184 7C933387 132 Bytes [ 45, F4, 66, 09, 43, 02, 83, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDeleteTimer + 34 7C933466 3 Bytes [ A3, DA, FD ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDeleteTimer + 38 7C93346A 28 Bytes [ FF, 75, C0, 53, 57, E8, 99, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDeleteTimer + 55 7C933487 24 Bytes [ 80, 7D, FE, 00, 74, 0F, 39, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDeleteTimer + 6E 7C9334A0 89 Bytes [ 4D, E0, 89, 08, 8B, C6, 5F, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDeleteTimer + C8 7C9334FA 21 Bytes [ 00, FF, 75, 48, FF, 75, 44, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCharToInteger + 60 7C933BF0 107 Bytes [ FF, FF, F6, 47, 01, 01, 75, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInterlockedPushEntrySList + 1B 7C933C5C 15 Bytes CALL 7C933D2B C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInterlockedPushEntrySList + 2B 7C933C6C 9 Bytes [ 80, 7D, FF, 00, 75, 19, 83, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInterlockedPushEntrySList + 35 7C933C76 78 Bytes [ 76, 13, 85, FF, 74, 0F, 57, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInterlockedPopEntrySList + 42 7C933CC5 229 Bytes [ 7D, 08, 8D, 77, 08, 1B, D2, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlQueryDepthSList + BB 7C933DAB 14 Bytes CALL 7C919271 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlQueryDepthSList + CA 7C933DBA 10 Bytes [ 00, 00, 8B, 45, 1C, 83, A5, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlQueryDepthSList + D5 7C933DC5 6 Bytes [ 00, 85, C0, 89, 45, D4 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlQueryDepthSList + DC 7C933DCC 18 Bytes [ 84, 2F, 53, 01, 00, 8B, 45, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlQueryDepthSList + EF 7C933DDF 36 Bytes [ 45, A4, C6, 07, 00, 74, 03, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDeleteAtomFromAtomTable + 35 7C934083 158 Bytes [ F6, 46, 01, 01, 0F, 85, C9, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDeleteAtomFromAtomTable + D4 7C934122 6 Bytes [ 75, 08, 0F, B6, 0E, 89 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDeleteAtomFromAtomTable + DB 7C934129 61 Bytes [ EC, 0F, B6, 02, 8A, 98, A0, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDeleteAtomFromAtomTable + 119 7C934167 119 Bytes [ B6, 42, 01, 8B, C8, F7, D1, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDeleteAtomFromAtomTable + 191 7C9341DF 22 Bytes [ 33, D2, 8D, 48, 10, 42, F0, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlPcToFileHeader + 27 7C93438A 14 Bytes [ 56, 04, 89, 54, 8F, 1C, 8B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlPcToFileHeader + 37 7C93439A 23 Bytes [ FF, 47, 14, FF, 47, 18, 6A, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlPcToFileHeader + 4F 7C9343B2 83 Bytes [ 00, 0F, 85, 00, 9D, FF, FF, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlPcToFileHeader + A3 7C934406 3 Bytes [ D6, DC, FC ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlPcToFileHeader + A7 7C93440A 29 Bytes [ 5E, 8B, C7, 5F, 5D, C2, 04, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAddAtomToAtomTable + C 7C934706 6 Bytes JMP 7C91C1D7 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAddAtomToAtomTable + 13 7C93470D 110 Bytes CALL 7C90EFDE C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAddAtomToAtomTable + 83 7C93477D 95 Bytes [ 89, 5D, 0C, 0F, 85, 75, E9, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAddAtomToAtomTable + E3 7C9347DD 10 Bytes [ 8B, 45, AC, 85, C0, 0F, 84, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAddAtomToAtomTable + EE 7C9347E8 19 Bytes [ 83, 4D, F4, 04, 89, 45, F8, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCreateAtomTable + 2 7C9348EC 136 Bytes JMP 7C928967 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCreateAtomTable + 8B 7C934975 78 Bytes [ 81, E1, FF, 03, FF, FF, E9, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlQueryAtomInAtomTable + 37 7C9349C4 4 Bytes [ 89, 45, 80, 66 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlQueryAtomInAtomTable + 3C 7C9349C9 4 Bytes [ 80, C4, 00, 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlQueryAtomInAtomTable + 41 7C9349CE 88 Bytes [ 66, 3B, 05, CC, B0, 97, 7C, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlQueryAtomInAtomTable + 9A 7C934A27 2 Bytes [ 00, 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlQueryAtomInAtomTable + 9D 7C934A2A 122 Bytes JMP 7C92AC6F C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!VerSetConditionMask + 1C 7C934AA5 35 Bytes CALL 7C928F09 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlVerifyVersionInfo + 2 7C934AC9 54 Bytes JMP 7C929194 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlVerifyVersionInfo + 39 7C934B00 18 Bytes [ 0F, B7, 13, 03, D0, 89, 85, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlVerifyVersionInfo + 4D 7C934B14 4 Bytes [ 89, 85, B8, FD ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlVerifyVersionInfo + 52 7C934B19 34 Bytes [ FF, 0F, 87, AB, 89, 00, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlVerifyVersionInfo + 76 7C934B3D 7 Bytes [ 0F, 85, B8, 01, 00, 00, BE ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!wcstoul + 4 7C934D95 3 Bytes [ 8D, E4, FD ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!wcstoul + 8 7C934D99 11 Bytes [ FF, 66, 85, C9, 74, 10, 66, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!wcstoul + 15 7C934DA6 54 Bytes [ 74, 07, 66, C7, 00, 5C, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!wcstoul + 4C 7C934DDD 31 Bytes [ 66, 89, 38, 2B, 85, F0, FD, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlValidSecurityDescriptor + 1B 7C934DFD 15 Bytes [ 84, C0, 0F, 84, 0E, 01, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlValidSecurityDescriptor + 2B 7C934E0D 17 Bytes [ D4, FD, FF, FF, 50, 57, FF, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlValidSecurityDescriptor + 3D 7C934E1F 6 Bytes [ FF, B5, C8, FD, FF, FF ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlValidSecurityDescriptor + 44 7C934E26 113 Bytes [ B5, C0, FD, FF, FF, FF, B5, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlValidSecurityDescriptor + B6 7C934E98 9 Bytes [ FA, 2E, 75, E5, 83, A5, CC, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGetAce + 16 7C934ECF 4 Bytes [ C1, D1, E8, 8D ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGetAce + 1B 7C934ED4 96 Bytes [ 46, EB, 34, 3B, CE, 0F, 84, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGetAce + 7C 7C934F35 3 Bytes [ 0A, FC, FF ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGetAce + 80 7C934F39 71 Bytes [ FF, B5, C4, FD, FF, FF, 83, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGetAce + C8 7C934F81 4 Bytes JMP 7C934E60 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFindMessage + D2 7C9350CB 86 Bytes [ C2, 08, 00, 90, 90, FF, FF, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFindMessage + 129 7C935122 59 Bytes [ EC, 56, 8B, 75, 08, 8D, 45, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFindMessage + 165 7C93515E 46 Bytes [ E1, F9, FF, FF, F6, 45, 08, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFindMessage + 194 7C93518D 81 Bytes [ 82, 00, 00, 0F, B7, 0B, 8B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFindMessage + 1E7 7C9351E0 74 Bytes JMP C6B7D54B
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!wcscmp + 2 7C935426 60 Bytes [ FF, FF, AD, DD, 94, 7C, B6, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!wcscmp + 3F 7C935463 61 Bytes JMP 7C913CD8 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!wcscmp + 7D 7C9354A1 57 Bytes [ FF, 89, 45, CC, 3B, C3, 0F, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!wcscmp + B7 7C9354DB 50 Bytes [ 1F, 00, 8D, 77, 04, 56, E8, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!wcscmp + EA 7C93550E 156 Bytes [ 90, 8B, FF, 55, 8B, EC, 83, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!wcscspn + 2 7C9356F0 48 Bytes JMP 7C928D48 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!wcscspn + 33 7C935721 50 Bytes CALL 7C929438 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!wcscspn + 66 7C935754 14 Bytes [ 00, 39, 7D, D8, 0F, 84, DD, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!wcscspn + 75 7C935763 87 Bytes [ 00, C0, 68, 41, 74, 6D, 41, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!wcscspn + CE 7C9357BC 2 Bytes [ 43, 04 ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIpv4StringToAddressW + 2B 7C935A8F 101 Bytes [ 65, 14, 07, 33, C0, 39, 45, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIpv4StringToAddressW + 91 7C935AF5 29 Bytes [ 57, 6A, 47, 59, 33, C0, 8D, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIpv4StringToAddressW + B0 7C935B14 19 Bytes CALL 7C91A64B C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIpv4StringToAddressW + C5 7C935B29 3 Bytes [ 68, 96, FF ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIpv4StringToAddressW + C9 7C935B2D 15 Bytes [ 66, 8B, 86, 18, 01, 00, 00, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCompactHeap + 17 7C9361BE 100 Bytes JMP 708BECC5
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCompactHeap + 7C 7C936223 31 Bytes CALL 7C91CBC7 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCompactHeap + 9D 7C936244 11 Bytes [ 25, 00, 25, 00, 25, 00, 75, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCompactHeap + A9 7C936250 64 Bytes [ 0F, B7, 4F, E4, 0F, B6, 0C, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCompactHeap + EA 7C936291 33 Bytes [ EB, D8, 83, 7D, 1C, 01, 0F, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_wtol + 10 7C93685A 36 Bytes [ 89, 50, 38, 8A, 51, 1B, 80, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_wtol + 35 7C93687F 61 Bytes [ FF, 0F, B6, D2, 66, 8B, 14, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_wtol + 73 7C9368BD 59 Bytes [ 3A, EB, 86, 8A, 51, 1F, 80, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_wtol + AF 7C9368F9 7 Bytes [ 00, 3B, D6, 0F, 85, F0, F3 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_wtol + B7 7C936901 25 Bytes [ 00, 8D, 81, F8, 01, 00, 00, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIpv4StringToAddressExW + 2 7C936B71 8 Bytes JMP 7C91CA9C C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIpv4StringToAddressExW + B 7C936B7A 86 Bytes JMP 7C9196AB C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIpv4StringToAddressExW + 62 7C936BD1 7 Bytes [ FF, 20, 89, B5, D8, FB, FF ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIpv4StringToAddressExW + 6A 7C936BD9 92 Bytes [ 89, 85, B8, FB, FF, FF, 0F, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAddVectoredExceptionHandler + 3C 7C936C36 73 Bytes [ 00, 89, 45, D4, 6A, 03, 8B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlRemoveVectoredExceptionHandler + 1A 7C936C80 131 Bytes JMP 7C919FB0 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlRemoveVectoredExceptionHandler + 9E 7C936D04 56 Bytes JMP 7C91A039 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlRemoveVectoredExceptionHandler + D7 7C936D3D 81 Bytes JMP 7C91799D C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlRemoveVectoredExceptionHandler + 129 7C936D8F 35 Bytes [ FF, 80, 3D, C4, B0, 97, 7C, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlRemoveVectoredExceptionHandler + 14D 7C936DB3 12 Bytes [ FF, 70, 48, 8D, 45, C4, 50, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetHeapInformation + 19 7C937CCE 14 Bytes [ 8D, B0, 78, 01, 00, 00, 89, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetHeapInformation + 29 7C937CDE 20 Bytes [ 74, 32, 0F, B7, C3, 50, FF, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetHeapInformation + 3F 7C937CF4 61 Bytes [ 3B, F2, 74, 12, 8D, 42, F8, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlRandomEx + 2A 7C937D32 48 Bytes [ 8B, BB, 80, 05, 00, 00, E9, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlRandomEx + 5C 7C937D64 196 Bytes [ 80, 00, 0F, 85, 91, 93, FD, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlRandomEx + 122 7C937E2A 42 Bytes [ 83, 65, FC, 00, 8B, 75, E0, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlRandomEx + 14D 7C937E55 55 Bytes [ 85, C9, 0F, 84, 7A, 06, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlRandomEx + 185 7C937E8D 10 Bytes [ 00, 0B, C8, 0B, DA, 89, 8D, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAreAnyAccessesGranted + 1D 7C938111 9 Bytes [ B5, 74, FF, FF, FF, 8B, 85, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAreAnyAccessesGranted + 28 7C93811C 5 Bytes [ FF, 30, 56, 8B, D7 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDeleteAce + 1 7C938122 81 Bytes CALL 7C9385EF C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDeleteAce + 53 7C938174 118 Bytes [ 00, 00, 8B, 31, 8B, D7, 8B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDeleteAce + CA 7C9381EB 10 Bytes [ E6, F8, FF, 07, 00, 03, F1, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDeleteAce + D5 7C9381F6 14 Bytes [ FF, FF, 8D, 7E, 08, 0F, B7, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDeleteAce + E4 7C938205 5 Bytes [ FF, 83, D2, FF, 25 ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrAlternateResourcesEnabled + 52 7C946AB1 50 Bytes [ 65, 72, 73, 20, 41, 73, 73, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrAlternateResourcesEnabled + 85 7C946AE4 444 Bytes [ 65, 72, 2D, 3E, 45, 6E, 74, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrAlternateResourcesEnabled + 242 7C946CA1 340 Bytes [ 8B, 47, 04, 89, 41, 04, 8B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrAlternateResourcesEnabled + 397 7C946DF6 69 Bytes [ 49, 6E, 74, 65, 72, 6E, 61, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrAlternateResourcesEnabled + 3DD 7C946E3C 340 Bytes [ 69, 6E, 67, 2D, 3E, 4D, 61, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!CsrIdentifyAlertableThread + 29 7C94FDD3 5 Bytes [ 00, E8, D7, 3C, FB ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!CsrIdentifyAlertableThread + 2F 7C94FDD9 32 Bytes [ B0, 01, 8B, 7D, AC, E9, 7A, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!CsrSetPriorityClass + 14 7C94FDFA 39 Bytes [ 88, 00, 00, 00, 83, 65, D0, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!CsrSetPriorityClass + 3C 7C94FE22 56 Bytes [ 42, 50, EB, 64, F6, 41, 1C, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!CsrCaptureTimeout + 21 7C94FE5B 108 Bytes [ 32, 8B, C6, 83, E0, FD, 8B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!CsrProbeForRead + D 7C94FEC8 56 Bytes [ C2, F0, 0F, B1, 3B, 3B, C2, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!DbgUiConnectToDbg + 10 7C94FF01 14 Bytes [ 83, 42, 0C, 01, 8B, 4D, F4, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!DbgUiConnectToDbg + 1F 7C94FF10 73 Bytes JMP 7C938BE3 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!DbgUiSetThreadDebugObject + 2 7C94FF5A 46 Bytes JMP 7C92BB0B C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!DbgUiWaitStateChange + 14 7C94FF89 57 Bytes JMP 7C92587F C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!DbgUiStopDebugging + 2 7C94FFC3 14 Bytes JMP 7C92EC98 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!DbgUiStopDebugging + 11 7C94FFD2 91 Bytes CALL 7C97145F C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!DbgUiRemoteBreakin + 4B 7C95002E 4 Bytes [ 00, 00, 83, C8 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!DbgUiRemoteBreakin + 50 7C950033 118 Bytes JMP 7C925961 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!DbgUiDebugActiveProcess + 28 7C9500AA 11 Bytes [ C7, 45, 10, 08, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!DbgUiDebugActiveProcess + 34 7C9500B6 26 Bytes [ 75, 09, 3B, 45, F8, 0F, 86, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!DbgUiConvertStateChangeStructure + D 7C9500D1 76 Bytes [ 7D, 08, 83, 65, FC, 00, E9, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!DbgUiConvertStateChangeStructure + 5A 7C95011E 29 Bytes JMP 7C935D83 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!DbgUiConvertStateChangeStructure + 78 7C95013C 85 Bytes JMP 7C9261D2 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!DbgUiConvertStateChangeStructure + CF 7C950193 17 Bytes [ 66, 3B, C1, 0F, 82, B3, 5A, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!DbgUiConvertStateChangeStructure + E1 7C9501A5 4 Bytes [ 00, B9, 66, 0A ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrHotPatchRoutine + 85 7C950433 46 Bytes [ 90, 48, 65, 61, 70, 46, 72, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrHotPatchRoutine + B4 7C950462 52 Bytes [ 90, 90, 4C, 6F, 63, 61, 6C, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrHotPatchRoutine + E9 7C950497 33 Bytes [ 6F, 63, 00, 90, 90, 47, 6C, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrHotPatchRoutine + 10C 7C9504BA 312 Bytes [ 00, 00, A8, D3, 97, 7C, 08, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrHotPatchRoutine + 246 7C9505F4 46 Bytes [ FF, 1F, 00, 00, FF, 3F, 00, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGetUnloadEventTrace + B 7C9506A6 56 Bytes [ 90, 90, 46, 72, 6F, 6E, 74, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGetUnloadEventTrace + 44 7C9506DF 72 Bytes [ 90, 4C, 6F, 63, 6B, 56, 61, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGetUnloadEventTrace + 8D 7C950728 117 Bytes [ 41, 6C, 6C, 6F, 63, 61, 74, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGetUnloadEventTrace + 103 7C95079E 6 Bytes [ 00, 90, 55, 6E, 75, 73 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGetUnloadEventTrace + 10A 7C9507A5 52 Bytes [ 64, 55, 6E, 43, 6F, 6D, 6D, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrQueryProcessModuleInformation + 9 7C950C0A 125 Bytes [ 83, C4, 1C, 80, 7D, 0F, 01, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrSetAppCompatDllRedirectionCallback + 67 7C950C88 6 Bytes [ CC, CC, CC, CC, CC, CC ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIsThreadWithinLoaderCallout 7C950C91 141 Bytes [ 90, 90, 8B, FF, 55, 8B, EC, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIsThreadWithinLoaderCallout + 8E 7C950D1F 12 Bytes [ 6F, 72, 20, 25, 77, 73, 20, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIsThreadWithinLoaderCallout + 9B 7C950D2C 181 Bytes [ 6E, 20, 69, 6E, 20, 25, 77, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIsThreadWithinLoaderCallout + 152 7C950DE3 3 Bytes [ 90, 90, 90 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIsThreadWithinLoaderCallout + 156 7C950DE7 7 Bytes [ FF, 55, 8B, EC, 81, EC, C8 ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrInitShimEngineDynamic + 45 7C950ED7 88 Bytes CALL 7C965766 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrInitShimEngineDynamic + 9E 7C950F30 25 Bytes [ 05, 24, 0F, 00, 00, 50, E8, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrInitShimEngineDynamic + B9 7C950F4B 13 Bytes [ 00, 8B, 80, 24, 0F, 00, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrInitShimEngineDynamic + C7 7C950F59 42 Bytes [ FF, 55, 8B, EC, 64, A1, 18, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrInitShimEngineDynamic + F2 7C950F84 34 Bytes [ 75, 0C, 6A, 01, FF, B0, 24, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlComputePrivatizedDllName_U + 3B 7C951506 6 Bytes JMP 7C9515EB C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlComputePrivatizedDllName_U + 42 7C95150D 107 Bytes JMP 7C95143E C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlComputePrivatizedDllName_U + AE 7C951579 60 Bytes [ 01, 00, 00, 00, EB, 15, 8B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlComputePrivatizedDllName_U + EB 7C9515B6 97 Bytes [ 45, E0, 8B, 48, 28, 89, 41, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlComputePrivatizedDllName_U + 14D 7C951618 112 Bytes [ 39, 5D, D0, 75, 0D, 39, 5D, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSeekMemoryStream + 1E 7C9517FE 15 Bytes [ FF, 55, 8B, EC, 81, EC, 18, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSeekMemoryStream + 30 7C951810 169 Bytes [ 56, 89, 45, FC, 8B, 45, 0C, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCopyMemoryStreamTo + 5E 7C9518BA 18 Bytes [ 47, 1A, 33, C0, 8B, 4D, FC, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCloneMemoryStream 7C9518D0 16 Bytes [ 90, 8B, FF, 55, 8B, EC, 83, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDumpResource + 77 7C95196B 127 Bytes [ 0C, 8D, 51, 0C, 89, 16, 8B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlpNotOwnerCriticalSection + 2B 7C9519EB 252 Bytes [ CA, 56, BE, 00, 28, 00, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlQuerySecurityObject + 2E 7C951AE8 39 Bytes [ 75, 05, 8B, 75, D8, EB, 66, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlQuerySecurityObject + 56 7C951B10 6 Bytes [ 00, 00, 8B, 4D, D0, FF ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlQuerySecurityObject + 5D 7C951B17 53 Bytes [ D0, 85, C9, 75, 07, BE, 29, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlQuerySecurityObject + 93 7C951B4D 54 Bytes [ 45, E0, 85, C0, 7D, 13, 8B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlQuerySecurityObject + CA 7C951B84 130 Bytes [ 45, E0, 85, C0, 0F, 8D, 78, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlNewInstanceSecurityObject + 2F 7C951CEB 94 Bytes [ 4D, 08, 8B, 01, 6A, 00, 68, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlNewSecurityGrantedAccess + 18 7C951D4A 163 Bytes [ 00, 00, 00, 00, 4C, 44, 52, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlNewSecurityGrantedAccess + BC 7C951DEE 31 Bytes [ 00, 00, 8B, 70, 30, E8, 34, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlNewSecurityGrantedAccess + DC 7C951E0E 49 Bytes [ C7, 00, 68, B1, 97, 7C, 89, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlNewSecurityGrantedAccess + 10E 7C951E40 42 Bytes [ 45, FC, 7D, 06, 50, E8, 1E, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlNewSecurityGrantedAccess + 139 7C951E6B 14 Bytes [ 00, 68, 00, 00, 01, 00, 6A, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlConvertToAutoInheritSecurityObject 7C951E90 119 Bytes [ 90, 90, 8B, FF, 55, 8B, EC, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDefaultNpAcl + 68 7C951F08 158 Bytes [ 8D, 04, 80, 8D, 44, 47, D0, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDefaultNpAcl + 107 7C951FA7 6 Bytes [ 90, 90, 90, 90, 90, 8B ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDefaultNpAcl + 10E 7C951FAE 40 Bytes [ 55, 8B, EC, 53, 33, DB, 38, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDefaultNpAcl + 137 7C951FD7 5 Bytes [ 75, 08, FF, 75, 10 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDefaultNpAcl + 13D 7C951FDD 46 Bytes [ EF, 4F, 00, 00, F6, 46, 6B, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlConvertUiListToApiList + 50 7C9521F2 41 Bytes [ 75, 00, 74, 00, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlConvertUiListToApiList + 7A 7C95221C 23 Bytes [ 74, 00, 61, 00, 72, 00, 74, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlConvertUiListToApiList + 92 7C952234 7 Bytes [ 70, 00, 44, 00, 6C, 00, 6C ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlConvertUiListToApiList + 9A 7C95223C 7 Bytes [ 52, 00, 61, 00, 6E, 00, 67 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlConvertUiListToApiList + A2 7C952244 5 Bytes [ 65, 00, 45, 00, 6E ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCreateQueryDebugBuffer + B 7C95274B 1 Byte [ 55 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCreateQueryDebugBuffer + D 7C95274D 107 Bytes [ 03, D0, 66, 89, 51, 02, 8B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCreateQueryDebugBuffer + 7A 7C9527BA 78 Bytes [ 2E, 00, 4C, 00, 6F, 00, 63, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCreateQueryDebugBuffer + C9 7C952809 84 Bytes [ 41, 0C, EB, 06, 8B, 4D, 08, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDestroyQueryDebugBuffer + 36 7C95285E 7 Bytes [ 55, 8B, EC, 51, 8B, 45, 08 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDestroyQueryDebugBuffer + 3E 7C952866 20 Bytes [ 48, 0C, 8B, 40, 14, 56, 33, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDestroyQueryDebugBuffer + 53 7C95287B 12 Bytes [ EB, 03, 8B, 55, 10, 3B, C2, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDestroyQueryDebugBuffer + 60 7C952888 131 Bytes [ 0C, 53, 57, 8B, 38, 8D, 5D, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlQueryProcessBackTraceInformation + 3 7C95290C 2 Bytes [ 48, 19 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlQueryProcessBackTraceInformation + 8 7C952911 3 Bytes [ 2A, E2, FD ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlQueryProcessBackTraceInformation + C 7C952915 176 Bytes [ FF, 76, 24, 68, 68, 19, 95, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlQueryProcessBackTraceInformation + BD 7C9529C6 96 Bytes [ 4D, 08, 81, F9, 78, B1, 97, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlQueryProcessBackTraceInformation + 11E 7C952A27 122 Bytes [ 5D, C2, 04, 00, 90, 4E, 54, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlQueryProcessHeapInformation + 8A 7C952B3B 159 Bytes [ 89, 45, 08, 74, 0C, 0F, B7, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlQueryProcessHeapInformation + 12B 7C952BDC 62 Bytes [ 00, 8B, 75, 10, 6A, 01, 56, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlQueryProcessHeapInformation + 16A 7C952C1B 40 Bytes [ 30, 66, 09, 46, 02, 83, 7D, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlQueryProcessHeapInformation + 193 7C952C44 44 Bytes [ 10, 33, C0, 8A, 43, 02, 83, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlQueryProcessHeapInformation + 1C0 7C952C71 18 Bytes [ 7D, F0, 89, 46, 04, 33, C0, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlQueryProcessLockInformation + 1D 7C952FFA 102 Bytes [ 6A, 02, 8D, 45, E4, 50, 8D, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlQueryProcessLockInformation + 84 7C953061 84 Bytes [ 18, 8D, 45, EC, 50, BF, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlQueryProcessLockInformation + D9 7C9530B6 162 Bytes [ 40, 30, 53, FF, 70, 18, E8, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlQueryProcessDebugInformation + 6 7C953159 111 Bytes [ FA, 09, 74, 30, 66, 83, FA, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlQueryProcessDebugInformation + 76 7C9531C9 5 Bytes [ B4, C6, 45, C3, 01 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlQueryProcessDebugInformation + 7C 7C9531CF 35 Bytes [ 45, FC, 3B, F8, 74, 21, 0F, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlQueryProcessDebugInformation + A0 7C9531F3 40 Bytes [ C0, EB, 03, 8B, 5D, B8, 50, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlQueryProcessDebugInformation + CA 7C95321D 62 Bytes [ C0, 83, 4D, FC, FF, 8B, 5D, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlApplicationVerifierStop 7C9548B5 9 Bytes [ 90, 8B, FF, 55, 8B, EC, 6A, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlApplicationVerifierStop + A 7C9548BF 10 Bytes [ 10, FF, 75, 0C, FF, 75, 08, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlApplicationVerifierStop + 15 7C9548CA 11 Bytes [ FF, 5D, C2, 0C, 00, 90, 90, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlApplicationVerifierStop + 21 7C9548D6 16 Bytes [ 55, 8B, EC, 6A, 2D, FF, 75, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlApplicationVerifierStop + 33 7C9548E8 64 Bytes [ FF, 5D, C2, 0C, 00, 90, 90, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlZombifyActivationContext + 10 7C956285 12 Bytes CALL 7C91D02F C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlZombifyActivationContext + 1D 7C956292 3 Bytes [ 17, FF, 76 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlZombifyActivationContext + 21 7C956296 48 Bytes [ 68, 5C, 54, 95, 7C, E8, 9F, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIsActivationContextActive + 1 7C9562C7 37 Bytes [ 7D, E0, 85, FF, 74, 67, 89, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIsActivationContextActive + 27 7C9562ED 42 Bytes [ 00, F6, 05, B8, E6, 97, 7C, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIsActivationContextActive + 52 7C956318 120 Bytes CALL 7C9557A9 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIsActivationContextActive + CB 7C956391 65 Bytes [ 38, 45, E7, 0F, 94, C0, E8, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIsActivationContextActive + 10D 7C9563D3 21 Bytes [ 00, 5C, 00, 53, 00, 79, 00, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlComputeImportTableHash + 31 7C9578D0 362 Bytes [ 20, 73, 74, 72, 75, 63, 74, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlComputeImportTableHash + 19D 7C957A3C 16 Bytes [ 00, 00, 00, 00, 53, 58, 53, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlComputeImportTableHash + 1AE 7C957A4D 225 Bytes [ 6E, 64, 20, 61, 73, 73, 65, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlComputeImportTableHash + 290 7C957B2F 124 Bytes [ 65, 6E, 64, 69, 6E, 67, 20, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlComputeImportTableHash + 30E 7C957BAD 23 Bytes [ 8B, FF, 55, 8B, EC, 83, EC, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlConvertPropertyToVariant + 2C 7C957E8F 13 Bytes [ 55, 8B, EC, 83, EC, 10, 8B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlConvertPropertyToVariant + 3A 7C957E9D 113 Bytes [ 3B, C7, C7, 45, F4, E5, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!PropertyLengthAsVariant + 14 7C957F0F 119 Bytes [ 00, 8B, 45, FC, 8B, 53, 04, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!PropertyLengthAsVariant + 8C 7C957F87 197 Bytes [ 8D, 04, 40, 8D, 14, C2, 8B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetUnicodeCallouts + BC 7C95804D 373 Bytes [ 4D, 14, 8B, 09, 03, F2, 8B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!DbgSetDebugFilterState + 5 7C9581CC 128 Bytes [ 81, EC, 40, 02, 00, 00, A1, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrFindEntryForAddress + 2 7C95824D 278 Bytes [ FF, 89, BD, D4, FD, FF, FF, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrEnumResources + 84 7C958364 154 Bytes [ 39, BD, E0, FD, FF, FF, 74, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrEnumResources + 11F 7C9583FF 251 Bytes [ 20, 73, 75, 62, 6B, 65, 79, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrEnumResources + 21B 7C9584FB 91 Bytes [ 55, 8B, EC, 53, 56, 8B, 75, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrEnumResources + 277 7C958557 110 Bytes [ 00, 56, 00, 41, 00, 50, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrEnumResources + 2E6 7C9585C6 84 Bytes [ FF, 55, 8B, EC, 83, EC, 14, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrFindResourceEx_U + 2 7C959010 12 Bytes [ FF, 8D, 45, 04, 8B, 40, FC, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrFindResourceEx_U + F 7C95901D 9 Bytes [ 6A, 14, 59, 33, C0, 8D, BD, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrFindResourceEx_U + 19 7C959027 20 Bytes [ FF, F3, AB, C7, 85, D0, FC, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrFindResourceEx_U + 2E 7C95903C 8 Bytes [ FF, 8D, 85, D0, FC, FF, FF, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrFindResourceEx_U + 37 7C959045 30 Bytes [ F8, 8D, 85, 28, FD, FF, FF, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCustomCPToUnicodeN + 22 7C959740 18 Bytes [ 00, 00, 68, C8, 8A, 95, 7C, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCustomCPToUnicodeN + 35 7C959753 1 Byte [ E4 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCustomCPToUnicodeN + 37 7C959755 7 Bytes [ 75, 08, 89, B5, 20, FD, FF ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCustomCPToUnicodeN + 3F 7C95975D 34 Bytes [ 8B, 45, 0C, 89, 85, 54, FD, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCustomCPToUnicodeN + 62 7C959780 35 Bytes [ A1, CE, B0, 97, 7C, 66, 3D, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUnicodeToCustomCPN + 2 7C959904 1 Byte [ FF ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUnicodeToCustomCPN + 4 7C959906 19 Bytes [ BD, 38, FD, FF, FF, EB, 20, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUnicodeToCustomCPN + 18 7C95991A 232 Bytes CALL 7C9131DE C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUnicodeToCustomCPN + 102 7C959A04 65 Bytes CALL 7C913421 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUnicodeToCustomCPN + 144 7C959A46 7 Bytes [ 83, 85, 64, FD, FF, FF, 08 ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUpcaseUnicodeToCustomCPN + 29 7C959ADA 16 Bytes [ FF, 55, 8B, EC, 81, EC, 20, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUpcaseUnicodeToCustomCPN + 3A 7C959AEB 113 Bytes [ 5D, 1C, 56, 8B, 75, 08, 57, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUpcaseUnicodeToCustomCPN + AC 7C959B5D 41 Bytes [ E1, 03, 85, DB, F3, A4, 74, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUpcaseUnicodeToCustomCPN + D6 7C959B87 153 Bytes [ EC, 18, 8B, 45, 0C, 8B, 4D, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUpcaseUnicodeToCustomCPN + 170 7C959C21 102 Bytes [ 45, FC, 8B, 45, 0C, 53, 56, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!PfxInitialize + 11 7C95A332 64 Bytes [ 8D, 85, 8C, FE, FF, FF, 50, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!PfxRemovePrefix + 34 7C95A373 179 Bytes CALL 7C902293 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!PfxRemovePrefix + E8 7C95A427 18 Bytes [ DE, 8D, 85, A0, FE, FF, FF, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!PfxRemovePrefix + FB 7C95A43A 75 Bytes [ BD, 8C, FE, FF, FF, 8B, B5, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!PfxRemovePrefix + 147 7C95A486 12 Bytes [ FF, 74, 41, 8D, 45, C8, 50, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!PfxRemovePrefix + 154 7C95A493 47 Bytes CALL 7C902294 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!PfxInsertPrefix + 52 7C95A5D8 1 Byte [ 72 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!PfxInsertPrefix + 54 7C95A5DA 84 Bytes [ 6F, 00, 6C, 00, 5C, 00, 4E, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!PfxInsertPrefix + A9 7C95A62F 15 Bytes [ A1, CC, B0, 97, 7C, 66, 85, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!PfxInsertPrefix + B9 7C95A63F 83 Bytes [ 00, 8D, 4D, F0, 51, 50, FF, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!PfxFindPrefix + 2A 7C95A693 66 Bytes [ 4D, F8, 51, 50, 56, E8, C3, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!PfxFindPrefix + 6D 7C95A6D6 23 Bytes [ 04, B0, 01, EB, 17, FF, 75, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!PfxFindPrefix + 85 7C95A6EE 17 Bytes [ 9F, FB, FF, FF, 5E, C9, C2, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!PfxFindPrefix + 97 7C95A700 73 Bytes [ EC, 8B, 45, 14, 99, 52, 50, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSelfRelativeToAbsoluteSD2 + 42 7C95A74A 8 Bytes [ 0C, 36, 89, 08, 8B, 53, 1C, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSelfRelativeToAbsoluteSD2 + 4B 7C95A753 25 Bytes [ 18, 8B, 4D, 0C, 83, FE, 0F, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSelfRelativeToAbsoluteSD2 + 65 7C95A76D 11 Bytes [ 59, 1E, 0F, B6, 58, 0E, 66, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSelfRelativeToAbsoluteSD2 + 71 7C95A779 19 Bytes [ 59, 1C, 0F, B6, 58, 0D, 66, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetInformationAcl + 6 7C95A78D 45 Bytes [ 1C, 5A, 66, 89, 59, 18, 0F, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetInformationAcl + 34 7C95A7BB 49 Bytes [ 66, 8B, 1C, 5A, 66, 89, 59, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAddCompoundAce + 1A 7C95A7ED 385 Bytes [ 1C, 5A, 66, 89, 59, 08, 0F, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAddCompoundAce + 19C 7C95A96F 180 Bytes [ B7, 58, 02, 8A, 1C, 33, 88, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAddAccessDeniedAceEx + D 7C95AA24 58 Bytes [ 46, 83, 45, 18, 02, 66, 8B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAddAuditAccessAceEx + 24 7C95AA5F 111 Bytes [ 5F, 1B, C0, 25, 05, 00, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAddAccessDeniedObjectAce + F 7C95AACF 121 Bytes [ 07, 00, 00, 8B, 55, 10, 3B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAddAuditAccessObjectAce + 3B 7C95AB49 65 Bytes [ 5A, 89, 7D, 18, C1, EF, 04, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAddAuditAccessObjectAce + 7D 7C95AB8B 37 Bytes [ 1C, 73, 05, 89, 55, 1C, EB, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDestroyAtomTable + F 7C95ABB1 270 Bytes [ 0F, B7, 1C, 5A, 89, 7D, 18, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlEmptyAtomTable + 47 7C95ACC0 246 Bytes [ 7E, 1C, 0F, B7, 14, 57, 66, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlPinAtomInAtomTable + 76 7C95ADB7 12 Bytes [ EB, EC, 0F, B7, 7D, 1C, 8B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlPinAtomInAtomTable + 83 7C95ADC4 71 Bytes [ DF, C1, EB, 08, 0F, B7, 1C, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInitializeRangeList + 13 7C95AE0C 54 Bytes [ 55, 1C, 73, 05, 89, 55, 1C, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInitializeRangeList + 4A 7C95AE43 66 Bytes [ B7, 1C, 5A, 8B, 7D, 18, 83, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInitializeRangeList + 8D 7C95AE86 61 Bytes [ 08, 81, C2, E0, FF, 00, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInitializeRangeList + CB 7C95AEC4 4 Bytes [ 1C, 8A, 14, 02 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInitializeRangeList + D0 7C95AEC9 46 Bytes [ 7D, 0C, 88, 57, F8, 0F, B7, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFreeRangeList + 4 7C95B018 45 Bytes [ 7E, 1C, 0F, B7, 14, 57, 66, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFreeRangeList + 32 7C95B046 213 Bytes [ DF, C1, EB, 08, 0F, B7, 1C, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGetNextRange + B 7C95B11C 109 Bytes [ DF, C1, EB, 08, 0F, B7, 1C, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGetNextRange + 79 7C95B18A 26 Bytes [ 08, 0F, B7, 1C, 5A, 89, 7D, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGetNextRange + 94 7C95B1A5 68 Bytes [ DF, 66, 8B, 14, 5A, 66, 01, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGetNextRange + D9 7C95B1EA 1 Byte [ CA ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGetNextRange + DC 7C95B1ED 29 Bytes [ 00, 83, 7D, 10, 00, 0F, 84, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCopyRangeList + 3C 7C95B2B9 12 Bytes [ 4D, 14, 85, C9, 74, 08, 8B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCopyRangeList + 49 7C95B2C6 202 Bytes [ 01, 8B, 45, FC, 39, 45, 10, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCopyRangeList + 114 7C95B391 233 Bytes [ 27, 8B, 4E, 04, 83, C0, F8, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFindRange + AB 7C95B47B 102 Bytes [ 3B, DA, 89, 5D, 08, 72, 03, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFindRange + 112 7C95B4E2 45 Bytes [ 75, F8, 0F, B6, 34, 31, 8B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFindRange + 140 7C95B510 30 Bytes [ 5C, 75, 3A, 83, 65, 08, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFindRange + 15F 7C95B52F 2 Bytes [ 55, F8 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFindRange + 162 7C95B532 82 Bytes [ D2, 66, 39, 14, 4E, 0F, 95, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIsRangeAvailable + E 7C95B761 71 Bytes [ 08, 80, 66, 03, 7F, 89, 46, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIsRangeAvailable + 56 7C95B7A9 84 Bytes [ 04, 73, 07, B8, 23, 00, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIsRangeAvailable + AB 7C95B7FE 38 Bytes [ 7D, 08, 8A, 07, 3C, 04, 0F, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIsRangeAvailable + D2 7C95B825 150 Bytes [ 03, 88, 4D, 1B, 57, E8, 7E, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIsRangeAvailable + 169 7C95B8BC 152 Bytes CALL 7C914149 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlMergeRangeLists + A2 7C95BA28 35 Bytes [ 75, 0C, FF, 75, 08, E8, C3, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlMergeRangeLists + C6 7C95BA4C 26 Bytes [ 20, 00, 74, 04, 80, 4D, 10, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAddRange + 1 7C95BA67 30 Bytes [ DC, FB, FF, 5D, C2, 1C, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAddRange + 21 7C95BA87 1 Byte [ 20 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAddRange + 24 7C95BA8A 1 Byte [ 14 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAddRange + 27 7C95BA8D 348 Bytes [ 10, FF, 75, 0C, FF, 75, 08, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDeleteRange + F9 7C95BBEA 155 Bytes [ 7D, E0, 8B, C6, 89, 45, D0, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDeleteOwnersRanges + 58 7C95BC86 5 Bytes [ 5D, 08, 33, F6, 89 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDeleteOwnersRanges + 5E 7C95BC8C 14 Bytes CALL 7C92934A C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDeleteOwnersRanges + 6D 7C95BC9B 198 Bytes JMP 7C95BD25 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInvertRangeList + 83 7C95BD62 97 Bytes [ 89, 7D, FC, C7, 45, E4, 08, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInvertRangeList + E5 7C95BDC4 58 Bytes CALL 06760354
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCopySidAndAttributesArray + 2E 7C95BDFF 63 Bytes [ 45, 08, 33, C9, 89, 40, 04, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCopySidAndAttributesArray + 6E 7C95BE3F 46 Bytes [ F3, 88, 55, 0F, 89, 5D, 08, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlEqualLuid + 9 7C95BE6E 1 Byte [ 51 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlEqualLuid + B 7C95BE70 44 Bytes [ 3B, 50, 04, 77, 19, 72, 06, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCopyLuidAndAttributesArray + F 7C95BE9D 102 Bytes [ 01, 74, 54, 80, 48, 19, 02, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGetSaclSecurityDescriptor + 47 7C95BF04 30 Bytes [ 30, 89, 46, 04, 89, 02, 8A, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGetSaclSecurityDescriptor + 66 7C95BF23 310 Bytes [ 41, 08, 8B, 49, 0C, 3B, 4F, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGetSaclSecurityDescriptor + 19D 7C95C05A 97 Bytes [ FF, 55, 8B, EC, 8B, 55, 08, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGetSaclSecurityDescriptor + 201 7C95C0BE 63 Bytes [ 0C, 89, 11, 56, 8B, 72, 10, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGetSaclSecurityDescriptor + 241 7C95C0FE 29 Bytes [ 4D, 10, 89, 01, B8, 1A, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGetSecurityDescriptorRMControl + 4 7C95C11C 14 Bytes [ 40, 10, 3B, 41, 0C, 74, 0A, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGetSecurityDescriptorRMControl + 14 7C95C12C 121 Bytes [ 00, 8B, 41, 08, 53, 33, DB, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlMapSecurityErrorToNtStatus + 1 7C95C1A6 41 Bytes CALL 84D74AC7
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlMapSecurityErrorToNtStatus + 2B 7C95C1D0 27 Bytes [ 8B, 40, 30, 6A, 28, 68, 52, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlMapSecurityErrorToNtStatus + 48 7C95C1ED 198 Bytes [ 8B, 55, 08, 6A, 0A, 59, 8B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetAttributesSecurityDescriptor + 24 7C95C2B4 20 Bytes [ 85, C0, 74, 25, 8B, 4E, 04, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetAttributesSecurityDescriptor + 39 7C95C2C9 54 Bytes CALL 990E4FEA
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetAttributesSecurityDescriptor + 70 7C95C300 9 Bytes [ 08, 74, 20, 8B, 7D, 10, 80, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetAttributesSecurityDescriptor + 7A 7C95C30A 95 Bytes [ 74, 1F, 83, 7E, 04, 00, 75, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetAttributesSecurityDescriptor + DA 7C95C36A 17 Bytes [ 3B, CF, 72, 39, 77, 08, 8B, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlZeroHeap + 7 7C95D266 17 Bytes [ 00, 01, 02, 03, 04, 05, 06, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlZeroHeap + 19 7C95D278 74 Bytes [ 0E, 0E, 0E, 0E, 05, 0E, 0E, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlZeroHeap + 64 7C95D2C3 28 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlZeroHeap + 81 7C95D2E0 93 Bytes [ 2C, 89, 5D, F4, 89, 5D, F0, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlZeroHeap + DF 7C95D33E 32 Bytes [ 18, 6A, 01, 6A, 10, 57, FF, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDowncaseUnicodeChar + B 7C95D519 144 Bytes [ 7D, FC, 02, 73, 1B, EB, A3, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAnsiStringToUnicodeSize + 1A 7C95D5AA 328 Bytes [ E4, 23, CF, 83, 65, E4, 02, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUnicodeStringToCountedOemString + 8D 7C95D6F3 40 Bytes CALL 7C933F60 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUnicodeStringToCountedOemString + B6 7C95D71C 31 Bytes [ FF, FF, 75, EC, EB, 0C, 39, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUpcaseUnicodeStringToCountedOemString + 2 7C95D73C 12 Bytes JMP 7C95D604 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUpcaseUnicodeStringToCountedOemString + F 7C95D749 30 Bytes [ FF, 55, 8B, EC, 81, EC, C8, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUpcaseUnicodeStringToCountedOemString + 2E 7C95D768 5 Bytes [ 45, 9C, 8B, 45, 1C ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUpcaseUnicodeStringToCountedOemString + 34 7C95D76E 29 Bytes [ 45, A4, 8B, 45, 20, 53, 89, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUpcaseUnicodeStringToCountedOemString + 52 7C95D78C 79 Bytes [ A8, 89, 55, B4, 89, 45, C0, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlEqualComputerName + 2 7C95D810 80 Bytes [ 01, 00, 00, 00, 74, 0C, FF, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCompareString + 43 7C95D861 6 Bytes [ 51, 8D, 8D, 38, FF, FF ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCompareString + 4A 7C95D868 116 Bytes [ 51, 8D, 8D, 68, FF, FF, FF, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUpperString + 2C 7C95D8DD 140 Bytes [ 83, C6, 04, 8A, 03, 3C, 08, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAppendStringToString + 15 7C95D96A 44 Bytes [ 74, 08, 89, 56, 04, 89, 56, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAppendStringToString + 42 7C95D997 53 Bytes [ 65, A0, 00, 66, 83, 79, 04, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFindSetBits + 24 7C95D9CD 45 Bytes [ 56, FC, 0B, 56, 04, 0B, 16, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFindSetBits + 53 7C95D9FC 161 Bytes [ 8B, 45, EC, 8A, 18, 80, FB, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFindSetBits + F5 7C95DA9E 96 Bytes [ 98, EB, 05, 33, DB, 89, 55, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFindSetBits + 156 7C95DAFF 136 Bytes [ 45, DC, 0F, B7, 40, 02, 01, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFindSetBits + 1DF 7C95DB88 46 Bytes [ 0F, 8C, 3E, FE, FF, FF, 8D, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFindClearRuns + 16 7C95DC70 10 Bytes JMP 08916777
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFindClearRuns + 21 7C95DC7B 14 Bytes [ CA, 83, E1, 03, F3, A4, 80, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFindClearRuns + 30 7C95DC8A 58 Bytes [ F3, 03, D9, 8B, 4D, B4, 8B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFindClearRuns + 6B 7C95DCC5 81 Bytes [ BC, 50, 89, 7D, BC, E8, 0E, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFindClearRuns + BD 7C95DD17 87 Bytes JMP 3E676824
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlNumberOfSetBits + 4 7C95DF2C 83 Bytes [ 47, 0C, 79, 0A, 85, C0, 75, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAreBitsClear + 1 7C95DF80 28 Bytes [ 7D, 08, 25, 10, 20, 00, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAreBitsClear + 1E 7C95DF9D 27 Bytes [ 4E, 10, 89, 45, 0C, 81, 65, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAreBitsClear + 3A 7C95DFB9 197 Bytes [ 0D, 83, E0, 04, 0D, 00, 14, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFindNextForwardRunClear + 7D 7C95E07F 138 Bytes CALL 8923DCEE
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFindLastBackwardRunClear + E 7C95E10A 173 Bytes [ 4D, F4, 66, 81, C9, 00, 80, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFindLastBackwardRunClear + BC 7C95E1B8 47 Bytes JMP 708E6CBF
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFindMostSignificantBit + 1C 7C95E1E8 70 Bytes [ 75, F8, 6A, 00, FF, 75, E0, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFindMostSignificantBit + 63 7C95E22F 89 Bytes [ 5D, C2, 04, 00, 90, 48, 65, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFindLeastSignificantBit + 12 7C95E289 9 Bytes CALL 7C96F157 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFindLeastSignificantBit + 1D 7C95E294 180 Bytes [ 00, 33, F6, 89, 75, D4, 89, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFindSetBitsAndClear + 29 7C95E349 19 Bytes [ EB, 93, FF, 45, DC, E9, 67, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAssert2 + A 7C95E35D 130 Bytes [ 8B, 00, 89, 45, CC, 33, C0, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAssert2 + 8D 7C95E3E0 52 Bytes [ 55, 8B, EC, 53, 56, 8B, 75, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAssert2 + C2 7C95E415 10 Bytes [ F8, 08, 89, 45, 08, 74, 3C, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAssert2 + CE 7C95E421 105 Bytes [ 00, 8B, 40, 30, 8B, 40, 0C, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAssert2 + 138 7C95E48B 15 Bytes [ 64, 69, 66, 69, 65, 64, 20, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAssert + 17 7C95E578 57 Bytes [ 70, 04, 8D, 45, 08, 50, E8, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAssert + 51 7C95E5B2 43 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDebugPrintTimes + 1A 7C95E5DE 70 Bytes [ 00, 76, 07, B8, F0, 00, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDebugPrintTimes + 61 7C95E625 47 Bytes [ 45, 0C, 50, 0F, B7, 06, 50, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDebugPrintTimes + 91 7C95E655 77 Bytes [ 88, 1C, 01, 33, C0, 5E, 5F, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDeleteTimerQueueEx + 2A 7C95E6A3 194 Bytes [ 3D, FF, FF, 00, 00, 76, 07, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDeleteTimerQueueEx + ED 7C95E766 21 Bytes [ 66, 89, 18, 66, 89, 58, 02, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDeleteTimerQueueEx + 103 7C95E77C 112 Bytes [ 76, 07, B8, F0, 00, 00, C0, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCancelTimer + 44 7C95E7ED 7 Bytes [ 74, 0D, FF, 76, 04, FF, 15 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlWalkFrameChain + 3 7C95E7F5 6 Bytes [ 04, 91, 7C, 83, 66, 04 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlWalkFrameChain + A 7C95E7FC 55 Bytes [ 8B, C3, EB, 02, 33, C0, 5E, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlWalkFrameChain + 42 7C95E834 15 Bytes [ 79, 04, 0F, B7, 09, 3B, C1, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlWalkFrameChain + 52 7C95E844 35 Bytes [ C1, 80, 7D, 10, 00, 8D, 1C, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlWalkFrameChain + 77 7C95E869 116 Bytes [ 75, 08, 88, 45, 10, E8, 2F, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCaptureStackContext + 7C 7C95E9E5 24 Bytes [ 00, 8B, 45, 10, 8B, 75, 0C, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCaptureStackContext + 95 7C95E9FE 1 Byte [ 09 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCaptureStackContext + 98 7C95EA01 33 Bytes [ 10, 8B, 5D, E4, 8B, 4D, E0, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCaptureStackContext + BA 7C95EA23 28 Bytes [ 03, 83, FE, 02, 73, 05, 89, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCaptureStackContext + D7 7C95EA40 98 Bytes [ 4D, F8, 33, C0, 21, 45, 10, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCaptureStackBackTrace + 3A 7C95EAA3 67 Bytes [ 00, 00, 8B, 45, EC, 0F, BE, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCaptureStackBackTrace + 7E 7C95EAE7 181 Bytes [ 3B, F8, C6, 45, 0F, 00, 88, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlLargeIntegerToChar + 31 7C95EB9D 16 Bytes [ 65, F4, 00, 8D, 4E, F9, C1, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlLargeIntegerToChar + 42 7C95EBAE 9 Bytes [ 89, 4D, DC, 8D, 04, C5, F8, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlLargeIntegerToChar + 4C 7C95EBB8 12 Bytes [ 8B, 4D, F4, 3B, 4D, DC, 72, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlLargeIntegerToChar + 59 7C95EBC5 95 Bytes [ 33, DB, 8A, 5D, 0F, F7, D1, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlLargeIntegerToChar + BB 7C95EC27 1 Byte [ 8A ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCreateRegistryKey + 66 7C95F01E 1 Byte [ 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCreateRegistryKey + 68 7C95F020 21 Bytes [ 8B, 43, 04, 49, C1, E9, 05, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCreateRegistryKey + 7E 7C95F036 3 Bytes [ 3B, D6, 57 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlQueryTimeZoneInformation + 1 7C95F03A 22 Bytes [ F9, 74, 32, 8B, C1, 83, E0, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlQueryTimeZoneInformation + 18 7C95F051 8 Bytes [ 75, 1C, 2B, 4D, 0C, 83, C1, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlQueryTimeZoneInformation + 21 7C95F05A 67 Bytes [ F9, 83, C2, 04, EB, 0B, 83, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlQueryTimeZoneInformation + 65 7C95F09E 88 Bytes [ 4D, 08, 8B, 0C, 8D, C0, F5, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlQueryTimeZoneInformation + BE 7C95F0F7 87 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetTimeZoneInformation + 2E 7C95F18F 230 Bytes JMP 20EF8304
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetTimeZoneInformation + 116 7C95F277 3 Bytes [ 8B, FF, 55 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlProtectHeap + 1 7C95F27B 29 Bytes [ EC, 8B, 45, 08, 33, D2, 8B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlProtectHeap + 1F 7C95F299 48 Bytes [ C8, 74, 12, 81, E1, FF, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlProtectHeap + 50 7C95F2CA 76 Bytes [ 33, C9, 0B, CE, 8B, F2, 74, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlProtectHeap + 9D 7C95F317 33 Bytes [ 5D, C2, 08, 00, 90, 90, 90, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlProtectHeap + BF 7C95F339 125 Bytes [ 74, 0C, FF, 75, 0C, 56, FF, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetUserFlagsHeap + 43 7C95F420 11 Bytes CALL 7C90EE5C C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetUserFlagsHeap + 4F 7C95F42C 4 Bytes [ FF, FF, 68, 01 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetUserFlagsHeap + 54 7C95F431 173 Bytes CALL 7C90EE4C C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetUserFlagsHeap + 102 7C95F4DF 130 Bytes [ 61, 6B, 20, 72, 65, 70, 65, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlQueryTagHeap + 35 7C95F562 22 Bytes [ FF, 55, 8B, EC, 6A, 00, FF, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlQueryTagHeap + 4C 7C95F579 51 Bytes [ 5D, C2, 10, 00, 90, 90, 90, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlQueryTagHeap + 80 7C95F5AD 34 Bytes [ 40, 30, 56, 6A, 00, FF, 70, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlQueryTagHeap + A3 7C95F5D0 167 Bytes CALL 7C928FD8 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlQueryTagHeap + 14B 7C95F678 2 Bytes [ 90, 8B ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlExtendHeap + 31 7C95F6C2 15 Bytes [ F0, 09, 03, 64, A1, 18, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlExtendHeap + 41 7C95F6D2 137 Bytes [ 45, 0C, 83, F8, FF, 75, 16, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlExtendHeap + CB 7C95F75C 4 Bytes [ 00, 83, 7D, 08 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlExtendHeap + D0 7C95F761 18 Bytes [ 74, 10, FF, 75, 08, E8, E1, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlExtendHeap + E3 7C95F774 59 Bytes [ C6, 5E, 5B, 5F, C9, C2, 08, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGetProcessHeaps + 8 7C95F8A1 3 Bytes [ 41, 00, FB ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGetProcessHeaps + C 7C95F8A5 80 Bytes [ C2, 0C, 00, FF, FF, FF, FF, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGetProcessHeaps + 5D 7C95F8F6 2 Bytes [ D0, 3B ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGetProcessHeaps + 60 7C95F8F9 47 Bytes [ E0, 73, 4B, 8B, 3B, 89, 7D, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGetProcessHeaps + 90 7C95F929 22 Bytes [ 45, 08, 8B, 4D, E4, 89, 34, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlEnumProcessHeaps + 3D 7C95F98E 28 Bytes [ 00, 89, 7B, 08, 89, 45, F0, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlEnumProcessHeaps + 5A 7C95F9AB 77 Bytes [ 94, 47, 00, 00, 84, C0, 75, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlWalkHeap + 20 7C95F9F9 25 Bytes [ 45, F0, 03, C3, EB, 0A, 8B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlWalkHeap + 3A 7C95FA13 28 Bytes [ 01, 00, 76, 32, 3B, 7D, F8, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlWalkHeap + 57 7C95FA30 114 Bytes [ 45, F4, 89, 70, FC, 89, 38, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlWalkHeap + CA 7C95FAA3 27 Bytes CALL 7C95F7EE C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlWalkHeap + E6 7C95FABF 25 Bytes [ 8B, 45, 10, 74, 08, 83, 08, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlQueryHeapInformation + 2 7C960265 24 Bytes CALL 7C90DFCE C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlQueryHeapInformation + 1B 7C96027E 54 Bytes [ EC, 83, EC, 2C, 53, 8B, 5D, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlQueryHeapInformation + 52 7C9602B5 176 Bytes [ 66, 81, 7D, E4, 00, 10, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlValidateHeap + 96 7C960366 3 Bytes [ B2, F3, 95 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlValidateHeap + 9A 7C96036A 17 Bytes CALL 7C930B3F C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlValidateHeap + AC 7C96037C 9 Bytes [ 41, 50, 5B, 25, 77, 5A, 5D, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlValidateHeap + B6 7C960386 35 Bytes [ 56, 69, 72, 74, 75, 61, 6C, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlValidateHeap + DA 7C9603AA 100 Bytes [ 5B, 25, 77, 5A, 5D, 3A, 20, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlValidateProcessHeaps + B 7C9604FE 18 Bytes [ 74, 0E, 8B, 45, DC, FF, B0, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlValidateProcessHeaps + 1E 7C960511 103 Bytes [ FF, FF, FF, 00, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlValidateProcessHeaps + 86 7C960579 7 Bytes [ 75, 10, 50, 56, E8, 19, EE ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlValidateProcessHeaps + 8E 7C960581 43 Bytes JMP 7C96063F C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUsageHeap + D 7C9605AD 65 Bytes [ 4E, 3C, 3B, CB, 74, 37, 0F, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUsageHeap + 4F 7C9605EF 29 Bytes [ 66, 85, C1, 74, 4F, 33, C1, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUsageHeap + 6D 7C96060D 39 Bytes [ 04, 40, 8D, 04, 86, 89, 45, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUsageHeap + 95 7C960635 70 Bytes [ 18, 89, 58, 04, 89, 58, 08, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUsageHeap + DC 7C96067C 3 Bytes [ 00, 00, 00 ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGetCompressionWorkSpaceSize + 4F 7C960B48 45 Bytes [ 02, 0F, 85, F2, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCompressBuffer + 11 7C960B76 61 Bytes [ 00, F6, 47, 05, 10, 74, B2, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCompressBuffer + 50 7C960BB5 47 Bytes JMP 7C960B32 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDecompressBuffer + 4 7C960BE5 46 Bytes [ 48, 20, F6, 41, 05, 01, 74, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDecompressBuffer + 33 7C960C14 63 Bytes [ F5, 85, C0, 75, 09, C7, 45, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDecompressFragment + 7 7C960C54 5 Bytes [ 0F, 85, 78, 01, 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDecompressFragment + D 7C960C5A 58 Bytes [ F6, 47, 05, 01, 0F, 84, E5, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDecompressFragment + 48 7C960C95 19 Bytes [ EB, 24, 80, 7F, 07, FF, 75, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDecompressFragment + 5C 7C960CA9 2 Bytes [ B0, 97 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDecompressFragment + 5F 7C960CAC 67 Bytes [ 33, C3, 0F, B7, 40, 10, EB, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlComputeCrc32 + 37 7C960DE0 123 Bytes [ 90, 8B, FF, 55, 8B, EC, 83, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlComputeCrc32 + B3 7C960E5C 675 Bytes [ FF, 85, C0, 7D, 07, 33, C0, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlComputeCrc32 + 357 7C961100 220 Bytes [ 74, 02, 33, C0, 8B, BB, 74, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlComputeCrc32 + 434 7C9611DD 23 Bytes [ 45, 08, 50, 6A, 00, 8D, 45, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCreateBootStatusDataFile + 10 7C9611F5 4 Bytes [ 3B, 8B, 4D, 08 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCreateBootStatusDataFile + 15 7C9611FA 191 Bytes [ 4E, 08, 85, C9, 8B, 45, FC, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCreateBootStatusDataFile + D5 7C9612BA 33 Bytes [ C3, 90, 90, 90, 90, 90, 68, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCreateBootStatusDataFile + F7 7C9612DC 127 Bytes [ 8B, 7D, 08, 8B, DF, 89, 5D, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCreateBootStatusDataFile + 177 7C96135C 41 Bytes [ EB, DF, 46, EB, D1, C6, 45, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetCurrentEnvironment 7C9613BD 38 Bytes [ 90, 8B, 45, EC, 8B, 00, 8B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetCurrentEnvironment + 27 7C9613E4 95 Bytes [ 45, C8, 89, 01, 64, A1, 18, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetCurrentEnvironment + 87 7C961444 31 Bytes [ 50, 8D, 45, DC, 50, 8D, 45, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetCurrentEnvironment + A7 7C961464 27 Bytes [ D4, 66, 89, 50, 04, 8B, 45, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetCurrentEnvironment + C3 7C961480 2 Bytes [ 62, E4 ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlExitUserThread + 25 7C9614C0 76 Bytes [ BE, 03, 96, 7C, D1, 03, 96, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFreeUserThreadStack + 48 7C96150D 2 Bytes [ 56, C6 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFreeUserThreadStack + 4B 7C961510 3 Bytes [ FF, 01, 89 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFreeUserThreadStack + 4F 7C961514 110 Bytes CALL 7C960898 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFreeUserThreadStack + BF 7C961584 61 Bytes [ 8D, 45, F4, 50, 8D, 45, F8, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFreeUserThreadStack + FD 7C9615C2 222 Bytes [ 00, 02, 69, 74, 17, F7, C1, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCreateSystemVolumeInformationFolder + 1 7C9619B2 115 Bytes [ 43, 0A, 66, 89, 47, 0E, 8B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCreateSystemVolumeInformationFolder + 75 7C961A26 19 Bytes [ FF, FF, 89, 45, D8, EB, D1, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCreateSystemVolumeInformationFolder + 89 7C961A3A 2 Bytes [ 4D, D4 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCreateSystemVolumeInformationFolder + 8C 7C961A3D 37 Bytes [ 01, 8B, 00, 89, 45, D8, 8B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCreateSystemVolumeInformationFolder + B2 7C961A63 43 Bytes [ 3F, 89, 7D, C4, 83, 27, 00, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlTimeToElapsedTimeFields + 48 7C961BF3 59 Bytes [ 83, F8, 01, 74, 26, A8, F0, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSecondsSince1980ToTime + 1D 7C961C2F 25 Bytes [ 00, 76, EB, 96, 7C, DB, 0C, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSecondsSince1970ToTime 7C961C49 12 Bytes [ 90, 90, 90, 90, 8B, FF, 55, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSecondsSince1970ToTime + E 7C961C57 42 Bytes [ 25, FF, 00, 00, 00, 74, 32, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlLocalTimeToSystemTime + 2 7C961C82 88 Bytes [ 75, 10, FF, 75, 0C, FF, 14, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSubtreeSuccessor + 1F 7C961CDB 209 Bytes [ B8, 5F, 02, 00, C0, C2, 14, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGetElementGenericTable + 11 7C961DAD 335 Bytes [ EC, 8B, 45, 08, 33, C9, 39, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlEnumerateGenericTable + D8 7C961EFD 285 Bytes CALL F49DE8A4
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlEnumerateGenericTable + 1F6 7C96201B 551 Bytes [ 0A, B1, 9E, 07, 7D, 44, 93, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGetElementGenericTableAvl + B4 7C962243 4 Bytes [ 8D, 85, B4, FD ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGetElementGenericTableAvl + B9 7C962248 75 Bytes CALL 7C902293 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlNumberGenericTableElementsAvl + 30 7C962294 71 Bytes [ FF, C7, 85, C8, FD, FF, FF, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInsertElementGenericTableAvl + B 7C9622DC 8 Bytes [ FF, 50, 6A, 01, 8D, 85, F7, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInsertElementGenericTableAvl + 16 7C9622E7 42 Bytes [ 8D, 85, D4, FD, FF, FF, 50, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDeleteElementGenericTableAvl + E 7C962312 31 Bytes CALL 7C91A738 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDeleteElementGenericTableAvl + 2E 7C962332 3 Bytes CALL 05962334
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDeleteElementGenericTableAvl + 32 7C962336 44 Bytes [ FF, 88, 9D, E4, FD, FF, FF, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDeleteElementGenericTableAvl + 5F 7C962363 6 Bytes [ F0, FF, B5, E8, FD, FF ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDeleteElementGenericTableAvl + 66 7C96236A 4 Bytes CALL 7C90DFD0 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlLookupElementGenericTableAvl 7C96245D 94 Bytes [ 90, 90, 90, 90, 8B, FF, 55, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFlushSecureMemoryCache + 2 7C9624BC 29 Bytes [ 5D, C2, 04, 00, 90, 90, 90, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFlushSecureMemoryCache + 20 7C9624DA 27 Bytes CALL 7C90E7EF C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFlushSecureMemoryCache + 3C 7C9624F6 23 Bytes [ 00, 50, FF, 75, 08, E8, E0, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFlushSecureMemoryCache + 54 7C96250E 249 Bytes [ 8D, 45, FC, 50, 8D, 45, 0C, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFlushSecureMemoryCache + 14E 7C962608 59 Bytes [ F8, 85, FF, 7C, 2A, 8D, 45, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIsNameLegalDOS8Dot3 + 2 7C9627A9 1 Byte [ FF ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIsNameLegalDOS8Dot3 + 4 7C9627AB 37 Bytes [ 45, C0, 89, 45, C4, 8D, 45, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIsNameLegalDOS8Dot3 + 2A 7C9627D1 3 Bytes [ 00, 8B, 4D ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIsNameLegalDOS8Dot3 + 2E 7C9627D5 98 Bytes [ 8B, 75, C8, FF, 75, C8, 8B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIsNameLegalDOS8Dot3 + 91 7C962838 16 Bytes [ 8C, 96, FE, FF, FF, 8D, 45, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGenerate8dot3Name + 17 7C96293F 3 Bytes [ 75, B8, C7 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGenerate8dot3Name + 1B 7C962943 5 Bytes [ C0, 40, 02, 00, 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGenerate8dot3Name + 21 7C962949 2 Bytes [ 5D, BC ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGenerate8dot3Name + 24 7C96294C 102 Bytes [ 75, C4, 89, 75, C8, E8, 2A, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGenerate8dot3Name + 8B 7C9629B3 30 Bytes [ 55, 8B, EC, 83, EC, 38, 53, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlRemoteCall + 68 7C962DB0 4 Bytes [ 8B, 7D, 0C, 83 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlRemoteCall + 6E 7C962DB6 2 Bytes [ 8D, 5F ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlRemoteCall + 71 7C962DB9 198 Bytes [ 74, 5C, 3B, DA, 77, 58, 3B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlRemoteCall + 138 7C962E80 66 Bytes [ 55, 8B, EC, 8B, 4D, 08, 8B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInterlockedFlushSList + 1B 7C962ED0 13 Bytes [ 51, 53, 56, 57, 8B, 7D, 08, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInterlockedFlushSList + 29 7C962EDE 11 Bytes [ 05, 8B, 77, 08, EB, 03, 8B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInterlockedFlushSList + 35 7C962EEA 126 Bytes [ 3A, CB, 75, 12, 56, E8, 8A, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInterlockedFlushSList + B4 7C962F69 72 Bytes [ FF, 55, 8B, EC, 8B, 4D, 0C, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInitializeStackTraceDataBase + 1B 7C962FB2 73 Bytes [ 05, 89, 48, 04, EB, 05, 89, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInitializeStackTraceDataBase + 65 7C962FFC 60 Bytes [ 85, C0, 75, 20, 8B, 3F, 8B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInitializeStackTraceDataBase + A2 7C963039 29 Bytes [ 89, 58, 04, EB, 03, 89, 58, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInitializeStackTraceDataBase + C0 7C963057 25 Bytes [ C2, 08, 00, 90, 90, 90, 90, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInitializeStackTraceDataBase + DA 7C963071 108 Bytes [ C1, 8B, 48, 08, 85, C9, 74, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIpv6AddressToStringA + 15 7C96317E 43 Bytes [ 33, C0, 39, 41, 18, 0F, 94, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIpv6AddressToStringA + 42 7C9631AB 1 Byte [ A7 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIpv6AddressToStringA + 46 7C9631AF 27 Bytes [ 8D, 53, 01, 3B, D7, 0F, 87, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIpv6AddressToStringA + 62 7C9631CB 161 Bytes [ F7, 21, 4E, 14, 89, 46, 10, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIpv6AddressToStringA + 104 7C96326D 137 Bytes [ 40, 18, 5D, C2, 04, 00, 90, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIpv6AddressToStringExA + 84 7C963419 13 Bytes [ 57, FF, 55, 0C, 8B, D8, 81, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIpv6AddressToStringExA + 92 7C963427 25 Bytes CALL 7C91F32A C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIpv6AddressToStringExA + AC 7C963441 56 Bytes [ 4D, 1C, 89, 30, 8B, 47, 24, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIpv4AddressToStringA 7C96347B 3 Bytes [ 90, 90, 90 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIpv4AddressToStringA + 4 7C96347F 211 Bytes [ FF, 55, 8B, EC, 6A, 00, 6A, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIpv4AddressToStringExA + 8A 7C963553 116 Bytes [ EC, 51, 80, 3D, A8, B0, 97, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIpv6AddressToStringW + 59 7C9635C8 21 Bytes [ 8B, 55, FC, 0F, B7, C2, 66, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIpv6AddressToStringW + 6F 7C9635DE 10 Bytes [ 66, 8B, 04, 46, 8B, 15, BC, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIpv6AddressToStringW + 7B 7C9635EA 168 Bytes [ CC, 66, 8B, 0C, 4A, 66, 85, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIpv6AddressToStringW + 124 7C963693 161 Bytes [ 06, 8B, 4B, 04, 33, FF, 66, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIpv6AddressToStringW + 1C6 7C963735 17 Bytes [ FE, 02, 75, 08, 8B, 42, 04, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIpv6AddressToStringExW + 2D 7C963804 106 Bytes [ 66, 8B, 0E, 66, 83, F9, 01, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIpv6AddressToStringExW + 98 7C96386F 7 Bytes [ 07, 0F, 83, 9C, 00, 00, 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIpv6AddressToStringExW + A0 7C963877 57 Bytes [ 50, FF, 3B, DA, 0F, 84, 91, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIpv6AddressToStringExW + DA 7C9638B1 13 Bytes [ 04, C6, 45, ED, 01, 80, F9, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIpv6AddressToStringExW + E8 7C9638BF 67 Bytes [ 75, 51, 85, DB, 74, 4D, 80, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIpv6StringToAddressA + 39 7C963904 15 Bytes [ 28, FF, FF, FF, 8A, 45, ED, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIpv6StringToAddressA + 49 7C963914 98 Bytes [ 5B, 8B, 4D, FC, 5F, 5E, E8, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIpv6StringToAddressA + AC 7C963977 24 Bytes [ 65, D8, 00, 66, 85, F6, 76, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIpv6StringToAddressA + C5 7C963990 17 Bytes [ FF, 75, 0C, FF, 75, D0, EB, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIpv6StringToAddressA + D7 7C9639A2 1 Byte [ 45 ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIpv6StringToAddressExA + 2B 7C963C15 114 Bytes [ D0, 8A, 4B, 03, 84, C9, 66, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIpv6StringToAddressExA + 9E 7C963C88 3 Bytes [ 10, 74, 1B ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIpv6StringToAddressExA + A2 7C963C8C 79 Bytes [ 78, 04, 0F, B7, D2, D1, EA, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIpv6StringToAddressExA + F2 7C963CDC 85 Bytes [ 74, 05, 6A, 02, 59, EB, 03, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIpv6StringToAddressExA + 148 7C963D32 7 Bytes [ FA, FF, 8B, C8, 64, A1, 18 ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIpv4StringToAddressExA + 2D 7C963E54 2 Bytes [ 50, 53 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIpv4StringToAddressExA + 30 7C963E57 23 Bytes [ B5, 24, FD, FF, FF, E8, 2F, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIpv4StringToAddressExA + 48 7C963E6F 33 Bytes CALL 0A963E71
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIpv4StringToAddressExA + 6A 7C963E91 30 Bytes [ 75, 0C, 57, FF, B5, 2C, FD, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIpv4StringToAddressExA + 89 7C963EB0 81 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIpv6StringToAddressW + 8A 7C96404A 83 Bytes [ 00, 53, 8D, 45, FC, 50, 6A, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIpv6StringToAddressW + DE 7C96409E 27 Bytes [ 50, 6A, FF, 89, 5D, FC, E8, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIpv6StringToAddressW + FA 7C9640BA 49 Bytes [ 5E, 54, 80, 7E, 44, 00, 8B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIpv6StringToAddressW + 12C 7C9640EC 73 Bytes [ 83, C4, 0C, FF, 46, 60, 66, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIpv6StringToAddressW + 176 7C964136 29 Bytes [ EB, 02, 33, C0, 5D, C2, 04, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIpv6StringToAddressExW + F 7C9642CD 107 Bytes [ FA, 74, 14, 3B, 7D, 08, 74, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIpv6StringToAddressExW + 7B 7C964339 141 Bytes [ 90, 00, 00, 00, 00, 66, 66, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIpv6StringToAddressExW + 109 7C9643C7 169 Bytes [ 00, 00, 66, 83, 7D, 10, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIpv6StringToAddressExW + 1B3 7C964471 120 Bytes [ CC, CC, CC, CC, CC, 90, 90, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIpv6StringToAddressExW + 22C 7C9644EA 192 Bytes [ 74, 61, 85, DB, 74, 5D, 56, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlLargeIntegerDivide + 8A 7C9645AB 7 Bytes [ 66, 39, 56, 0C, 0F, 84, 8A ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlLargeIntegerDivide + 92 7C9645B3 240 Bytes [ 00, 00, 66, 8B, 4E, 08, 66, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlLargeIntegerDivide + 183 7C9646A4 61 Bytes [ 7D, 0C, 33, DB, 39, 55, F8, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlLargeIntegerDivide + 1C1 7C9646E2 3 Bytes [ D5, 4D, FB ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlLargeIntegerDivide + 1C5 7C9646E6 68 Bytes [ 59, 59, 8D, 3C, 47, 66, 8B, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlRaiseStatus + 20 7C964788 9 Bytes [ 2E, 00, 25, 00, 75, 00, 2E, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlRaiseStatus + 2A 7C964792 86 Bytes [ 75, 00, 2E, 00, 25, 00, 75, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlRandom + 52 7C9647E9 261 Bytes [ 5D, 18, 56, 8B, 75, 08, 85, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlRandom + 158 7C9648EF 33 Bytes [ 55, E4, 89, 55, F0, 75, 07, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlRandom + 17A 7C964911 91 Bytes JMP 7C964A87 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlRandom + 1D6 7C96496D 179 Bytes [ 7D, EC, 00, 0F, 87, 8E, 01, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlTraceDatabaseEnumerate + 5F 7C964A21 35 Bytes [ 4D, F4, EB, 6B, 0F, BE, DB, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlTraceDatabaseEnumerate + 83 7C964A45 27 Bytes CALL 068A8FD3
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlTraceDatabaseCreate + 17 7C964A61 5 Bytes [ 00, 53, E8, 12, BA ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlTraceDatabaseCreate + 1E 7C964A68 17 Bytes [ 85, C0, 59, 0F, 84, 93, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlTraceDatabaseCreate + 31 7C964A7B 13 Bytes [ 33, C0, 40, C6, 45, 0B, 01, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlTraceDatabaseCreate + 3F 7C964A89 29 Bytes [ 45, F8, 39, 45, F4, 74, 69, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlTraceDatabaseCreate + 5E 7C964AA8 9 Bytes [ 6A, 10, 50, FF, 75, E8, E8, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlTraceDatabaseDestroy + 3B 7C964B77 118 Bytes [ 00, 00, 00, 77, 5D, 8B, 4D, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlTraceDatabaseValidate + 15 7C964BEE 73 Bytes [ EC, 83, EC, 10, 8B, 45, 08, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlTraceDatabaseFind + 15 7C964C38 23 Bytes [ 7D, 46, 8A, 1E, 0F, BE, FB, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlTraceDatabaseFind + 2D 7C964C50 8 Bytes [ 85, C0, 59, 75, 5D, B8, 0D, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlTraceDatabaseFind + 36 7C964C59 97 Bytes [ C0, 5F, 5E, 5B, C9, C2, 10, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlTraceDatabaseFind + 98 7C964CBB 22 Bytes [ 33, 01, 00, 00, 80, 7D, 0B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlTraceDatabaseFind + B0 7C964CD3 15 Bytes [ 46, 80, 3E, 30, C7, 45, F8, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlTraceDatabaseAdd + 12 7C964E29 219 Bytes [ 55, 8B, EC, 53, 56, 33, F6, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlTraceDatabaseAdd + EE 7C964F05 75 Bytes [ 83, 7D, 0C, 10, 0F, 85, 87, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlTraceDatabaseAdd + 13B 7C964F52 13 Bytes [ 00, 00, 77, 40, C1, 65, 08, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlTraceDatabaseAdd + 149 7C964F60 11 Bytes [ 85, C0, 59, 74, 0F, 56, E8, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlTraceDatabaseAdd + 155 7C964F6C 34 Bytes [ C0, 59, 74, 04, 6A, 61, EB, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUnhandledExceptionFilter2 + C 7C965035 5 Bytes [ 45, F4, 83, 7D, F8 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUnhandledExceptionFilter2 + 12 7C96503B 117 Bytes [ 0F, 87, 9C, 01, 00, 00, C6, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUnhandledExceptionFilter2 + 88 7C9650B1 21 Bytes [ 00, 83, 7D, FC, 06, 0F, 87, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUnhandledExceptionFilter2 + 9E 7C9650C7 162 Bytes [ 00, 00, 66, 83, FE, 3A, 75, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUnhandledExceptionFilter2 + 141 7C96516A 4 Bytes [ 62, 33, D2, 39 ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUnhandledExceptionFilter + 49 7C9659F8 66 Bytes [ 40, 04, 8B, 48, 04, 3B, 4E, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUnhandledExceptionFilter + 8C 7C965A3B 46 Bytes [ FF, FF, 5E, 8A, C3, 5B, 5D, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUnhandledExceptionFilter + BB 7C965A6A 98 Bytes CALL 7C9658D9 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlpNtMakeTemporaryKey + 1 7C965ACD 125 Bytes [ 45, 08, 89, 46, 34, 8B, 45, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlpNtMakeTemporaryKey + 7F 7C965B4B 37 Bytes CALL 7C965963 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlpNtMakeTemporaryKey + A5 7C965B71 37 Bytes CALL 7C965915 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlpNtMakeTemporaryKey + CB 7C965B97 105 Bytes [ 5E, 0F, 94, C0, 5B, C9, C2, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlpNtMakeTemporaryKey + 135 7C965C01 67 Bytes [ 01, EB, 03, 8B, 40, 18, 85, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!isxdigit + 1B 7C96F495 122 Bytes [ 00, 00, 00, 75, E4, 96, 7C, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!ispunct + 2B 7C96F510 21 Bytes [ 0D, 00, 00, C0, EB, 3B, 8B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!isalnum + E 7C96F526 4 Bytes [ FF, B6, 78, 05 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!isalnum + 13 7C96F52B 10 Bytes CALL 7C901FFF C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!isalnum + 1E 7C96F536 43 Bytes CALL 7C96D684 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!isprint + 12 7C96F562 63 Bytes [ 89, 45, DC, 33, C0, 40, C3, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!isgraph + 1B 7C96F5A3 20 Bytes CALL 7C9020E0 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!isgraph + 30 7C96F5B8 66 Bytes [ 94, E5, 96, 7C, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!__toascii + 8 7C96F5FB 81 Bytes CALL 7C9141C5 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!__iscsym + 2 7C96F64D 3 Bytes [ 89, 46, 34 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!__iscsym + 6 7C96F651 148 Bytes [ 4D, FC, FF, 8A, 45, E7, E8, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_atoi64 + 55 7C96F6E6 68 Bytes [ 84, 13, 01, 00, 00, 8B, C2, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_atoi64 + 9A 7C96F72B 92 Bytes JMP 7C787840
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_ultoa + E 7C96F788 54 Bytes [ 00, 00, 00, 74, 0C, 0F, BE, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_ultoa + 45 7C96F7BF 8 Bytes CALL 068F3D51
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_ultoa + 4E 7C96F7C8 203 Bytes CALL 146D1886
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_ultow + 1 7C96F894 262 Bytes [ C7, 0B, C1, 89, 45, EC, 8D, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_lfind + 12 7C96F99B 130 Bytes [ 53, 04, 8D, 0C, C7, 0F, B7, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_snprintf + 4C 7C96FA1E 60 Bytes [ 00, C6, 46, 08, 08, 0F, B7, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_splitpath + 2B 7C96FA5B 30 Bytes [ 5F, 08, 53, FF, 75, FC, E8, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_splitpath + 4A 7C96FA7A 57 Bytes [ 18, 89, 06, 83, C0, F8, F6, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_splitpath + 84 7C96FAB4 171 Bytes [ 8B, 4C, C8, FC, 88, 4E, 08, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_splitpath + 130 7C96FB60 3 Bytes [ C7, 00, 10 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_splitpath + 134 7C96FB64 15 Bytes [ 00, 00, EB, E0, B8, BB, 00, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_strlwr + 6 7C96FB7E 44 Bytes [ 4D, 0C, 8B, 45, 10, 53, 8B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_strupr + 6 7C96FBAB 5 Bytes [ 08, 66, 89, 4D, 10 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_strupr + C 7C96FBB1 21 Bytes [ 4D, 10, 81, E1, FF, 0F, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_strupr + 22 7C96FBC7 29 Bytes [ 74, 25, 8D, 45, 0C, 50, FF, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!tolower + 1 7C96FBE5 61 Bytes JMP 7C96FCB9 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_toupper + 4 7C96FC23 7 Bytes [ C8, 83, E1, 03, F3, A4, 03 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_toupper + C 7C96FC2B 9 Bytes [ 0C, 8B, 55, F8, 3B, 5D, FC, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_vsnwprintf + 4 7C96FC35 38 Bytes [ 45, 14, 83, C0, FE, 3B, D0, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_vsnwprintf + 2B 7C96FC5C 49 Bytes [ 74, 47, B9, 00, 10, 00, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_vsnwprintf + 5D 7C96FC8E 36 Bytes [ 00, 83, C0, 03, 03, C2, 3B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_wcsupr + C 7C96FCB3 156 Bytes [ C0, EB, 07, 2B, 5D, 08, 89, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_wtoi64 + 63 7C96FD50 58 Bytes [ 3B, F3, 89, 5D, F4, 73, BA, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!abs + 1 7C96FD8B 30 Bytes [ 4D, 0C, F6, 45, 11, 80, 89, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!fabs + B 7C96FDAA 14 Bytes [ 75, EC, FF, 75, 14, E8, 4F, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!fabs + 1A 7C96FDB9 114 Bytes JMP 7C96FE83 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!fabs + 8D 7C96FE2C 1 Byte [ 01 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!fabs + 8F 7C96FE2E 82 Bytes [ 14, 29, 45, 0C, 74, 70, 8B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!iswlower + F 7C96FE81 55 Bytes [ FF, 8B, 55, F4, 8B, 4D, 1C, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!sscanf + A 7C96FEC7 34 Bytes [ 10, 83, 65, F8, 00, 53, 8B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!sscanf + 2D 7C96FEEA 1 Byte [ 18 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!sscanf + 2F 7C96FEEC 58 Bytes [ 8A, FF, 0F, 00, 00, 3B, CE, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!sscanf + 6A 7C96FF27 110 Bytes [ 00, 8D, 46, 01, C7, 45, E4, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!sscanf + DA 7C96FF97 116 Bytes [ 00, 8B, 4D, 20, 3B, 4D, F0, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!strtol + 2 7C9700B4 1 Byte [ FF ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!strtol + 4 7C9700B6 153 Bytes [ 55, 14, 3B, 5D, 10, 73, 4C, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!vsprintf + 4C 7C970150 94 Bytes [ 00, 5F, 5E, 5B, C9, C2, 1C, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!wcsspn + 4 7C9701AF 205 Bytes [ 55, 0C, 56, 8B, 75, 08, 8A, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!wcstombs + 84 7C97027D 5 Bytes [ 5D, 08, 40, 3B, 5A ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!wcstombs + 8A 7C970283 108 Bytes CALL B59F4813
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!wcstombs + F7 7C9702F0 35 Bytes [ 45, 0C, 46, 39, 5D, 0C, 72, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!wcstombs + 11B 7C970314 132 Bytes [ 03, 5F, 73, 02, 33, C0, 5E, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!wcstombs + 1A0 7C970399 1 Byte [ 10 ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\services.exe[784] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F110F5A
.text C:\WINDOWS\system32\services.exe[784] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\services.exe[784] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\services.exe[784] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\lsass.exe[796] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\lsass.exe[796] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F110F5A
.text C:\WINDOWS\system32\lsass.exe[796] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\lsass.exe[796] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\lsass.exe[796] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHCreateStreamWrapper + FFF99CF5 77F61820 4 Bytes [ 00, 00, 00, 00 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHCreateStreamWrapper + FFF99CFD 77F61828 2 Bytes [ 00, 00 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHCreateStreamWrapper + FFF99D01 77F6182C 1 Byte [ 00 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHCreateStreamWrapper + FFF99D05 77F61830 2 Bytes [ 00, 00 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHCreateStreamWrapper + FFF99D09 77F61834 2 Bytes [ 00, 00 ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathBuildRootW + 95 77F640D3 218 Bytes [ 50, 61, 74, 68, 47, 65, 74, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathBuildRootW + 170 77F641AE 130 Bytes [ 50, 61, 74, 68, 49, 73, 46, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathBuildRootW + 1F3 77F64231 390 Bytes [ 69, 76, 65, 41, 00, 50, 61, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegGetValueW + 99 77F643B8 53 Bytes [ 50, 61, 74, 68, 51, 75, 6F, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegGetValueW + CF 77F643EE 19 Bytes [ 50, 61, 74, 68, 52, 65, 6C, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegGetValueW + E3 77F64402 15 Bytes [ 50, 61, 74, 68, 52, 65, 6D, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegGetValueW + F3 77F64412 175 Bytes [ 50, 61, 74, 68, 52, 65, 6D, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegGetValueW + 1A3 77F644C2 63 Bytes [ 50, 61, 74, 68, 52, 65, 6E, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHGetValueW + 55 77F645DC 82 Bytes [ 50, 61, 74, 68, 55, 6E, 64, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHGetValueW + A8 77F6462F 135 Bytes [ 50, 61, 74, 68, 55, 6E, 71, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHGetValueW + 130 77F646B7 9 Bytes [ 53, 48, 43, 72, 65, 61, 74, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHGetValueW + 13A 77F646C1 115 Bytes [ 72, 65, 61, 6D, 4F, 6E, 46, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHGetValueW + 1AE 77F64735 50 Bytes [ 53, 48, 44, 65, 6C, 65, 74, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathMakeSystemFolderW + 6D 77F64B1C 61 Bytes [ 61, 6C, 69, 64, 61, 74, 65, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathMakeSystemFolderW + AB 77F64B5A 46 Bytes [ 53, 48, 53, 65, 74, 56, 61, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathMakeSystemFolderW + DA 77F64B89 23 Bytes [ 53, 48, 55, 6E, 6C, 6F, 63, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathMakeSystemFolderW + F2 77F64BA1 40 Bytes [ 53, 74, 72, 43, 53, 70, 6E, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathMakeSystemFolderW + 11B 77F64BCA 11 Bytes [ 53, 74, 72, 43, 61, 74, 42, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrChrW + 93 77F66750 159 Bytes [ 09, 04, F9, EC, 8C, F3, FE, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsRelativeW + 1E 77F667F0 13 Bytes [ 6F, 00, 6C, 00, 64, 00, 65, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsRelativeW + 2C 77F667FE 175 Bytes [ 66, 00, 6F, 00, 54, 00, 69, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathFindExtensionW + 55 77F668AE 7 Bytes [ 76, 00, 69, 00, 6F, 00, 72 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathFindExtensionW + 5D 77F668B6 23 Bytes [ 00, 00, 4C, 00, 6F, 00, 77, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathFindExtensionW + 75 77F668CE 31 Bytes [ 54, 00, 79, 00, 70, 00, 65, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathFindExtensionW + 95 77F668EE 13 Bytes [ 6C, 00, 65, 00, 54, 00, 79, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathRemoveExtensionW + 9 77F668FC 13 Bytes [ 00, 00, 90, 90, 48, 00, 69, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathRemoveExtensionW + 17 77F6690A 5 Bytes [ 69, 00, 73, 00, 6B ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathRemoveExtensionW + 1D 77F66910 3 Bytes [ 46, 00, 69 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathRemoveExtensionW + 21 77F66914 67 Bytes [ 6C, 00, 65, 00, 54, 00, 79, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrCmpCW + 3F 77F66958 3 Bytes [ 48, 00, 69 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrCmpCW + 43 77F6695C 29 Bytes [ 64, 00, 65, 00, 5A, 00, 6F, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrCmpCW + 61 77F6697A 31 Bytes [ 70, 00, 65, 00, 72, 00, 74, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrCmpCW + 81 77F6699A 5 Bytes [ 74, 00, 65, 00, 64 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrCmpCW + 87 77F669A0 5 Bytes [ 48, 00, 61, 00, 6E ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrCatBuffW + 7D 77F66BCD 14 Bytes [ 8D, CD, 00, 00, 85, C0, 74, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathGetDriveNumberW + 27 77F66C01 19 Bytes [ 85, C0, 8D, 85, F4, FD, FF, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathGetDriveNumberW + 3B 77F66C15 62 Bytes [ 8B, F0, F7, DE, 1B, F6, 81, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathGetDriveNumberW + 7A 77F66C54 186 Bytes [ 85, F0, FD, FF, FF, 74, 6F, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHStrDupW + AC 77F66D0F 2 Bytes [ 68, 80 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHStrDupW + AF 77F66D12 32 Bytes [ F6, 77, 57, FF, D6, 8B, D8, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrRetToBufW + 4 77F66D33 75 Bytes [ 4D, F8, 89, 0D, C0, D6, FC, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrRetToBufW + 50 77F66D7F 81 Bytes [ 90, 43, 68, 61, 6E, 67, 65, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrRetToBufW + A2 77F66DD1 179 Bytes [ 65, 75, 65, 00, 8B, 35, EC, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsUNCW + 17 77F66E86 6 Bytes [ 8B, 4D, FC, 5F, 5E, E8 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathAddBackslashW 77F66E8D 1 Byte [ E1 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathAddBackslashW + 2 77F66E8F 148 Bytes [ FF, C9, C2, 04, 00, 90, 90, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathAddBackslashW + 97 77F66F24 55 Bytes [ 89, 45, EC, 29, 5D, EC, EB, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHQueryValueExW + 2E 77F66F5C 158 Bytes [ FF, FF, 85, C0, 8B, 45, EC, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrCmpICA + B 77F66FFB 56 Bytes CALL ED81C77E
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrCmpICA + 44 77F67034 39 Bytes [ 45, D8, 83, 78, 14, 00, 0F, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrCmpICA + 6C 77F6705C 32 Bytes [ 15, 6C, 10, F6, 77, 85, C0, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathFindFileNameW + 6 77F6707D 2 Bytes [ 7D, D0 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathFindFileNameW + 9 77F67080 18 Bytes [ FF, 74, 2D, 33, F6, 39, 75, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathFindFileNameW + 1C 77F67093 35 Bytes [ 0F, 85, DB, 0F, 85, 9B, FE, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathFindFileNameW + 40 77F670B7 90 Bytes [ 27, 89, 02, 00, 39, 75, F0, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathFindFileNameW + 9B 77F67112 104 Bytes [ 00, 00, 84, C0, 0F, 88, 38, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrCmpW + 55 77F6717B 12 Bytes [ 0F, 84, D3, 03, 00, 00, A8, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrCmpW + 62 77F67188 32 Bytes [ 66, F7, 05, 78, D7, FC, 77, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrCmpW + 84 77F671AA 61 Bytes [ 80, EB, 36, 38, 1D, 7A, D7, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrCmpW + CF 77F671F5 24 Bytes [ 0F, 85, 59, 03, 00, 00, 3B, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrCmpW + E8 77F6720E 33 Bytes [ F9, 02, 0F, 85, 3E, 03, 00, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsRootW + B 77F67471 33 Bytes [ 77, 02, 62, F6, 77, 1D, 62, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsRootW + 2D 77F67493 7 Bytes [ 63, F6, 77, 72, 63, F6, 77 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsRootW + 35 77F6749B 7 Bytes [ 63, F6, 77, A3, 63, F6, 77 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsRootW + 3D 77F674A3 39 Bytes [ 63, F6, 77, DD, 63, F6, 77, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathRemoveBackslashW + C 77F674CB 393 Bytes [ 64, F6, 77, 54, 65, F6, 77, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!IntlStrEqWorkerW + 48 77F67655 15 Bytes [ FF, 55, 8B, EC, 33, C0, 39, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!IntlStrEqWorkerW + 58 77F67665 112 Bytes [ 55, 08, 56, 8B, 75, 10, 90, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!IntlStrEqWorkerW + C9 77F676D6 113 Bytes [ 74, 0A, 66, 3B, 4D, 0C, 74, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!IntlStrEqWorkerW + 13B 77F67748 8 Bytes [ 83, 6D, 08, 02, EB, EB, 90, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!IntlStrEqWorkerW + 146 77F67753 63 Bytes [ 8B, FF, 55, 8B, EC, FF, 75, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathCanonicalizeW + 4 77F67885 6 Bytes [ 01, 66, 85, C0, 75, E4 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathCanonicalizeW + B 77F6788C 41 Bytes [ D2, 8B, C2, 75, 02, 8B, C1, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathCanonicalizeW + 35 77F678B6 127 Bytes [ A1, 80, D2, FC, 77, 89, 45, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathCanonicalizeW + B5 77F67936 76 Bytes [ ED, 0F, B7, 01, 0F, B7, 0A, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathCanonicalizeW + 102 77F67983 64 Bytes [ 14, 74, 3E, 57, 66, 89, 06, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathCombineW + 17 77F679E0 16 Bytes [ 18, 33, FF, FF, 75, 14, FF, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathCombineW + 28 77F679F1 11 Bytes [ D6, 3B, C7, 89, 45, FC, 0F, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathCombineW + 34 77F679FD 23 Bytes [ 8B, 45, FC, 5F, 5E, C9, C2, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathCombineW + 4D 77F67A16 6 Bytes [ 83, 3D, 84, D2, FC, 77 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathCombineW + 54 77F67A1D 50 Bytes [ A1, 80, D2, FC, 77, 56, 8B, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathAppendW + F8 77F67BC5 123 Bytes [ F0, 8B, 4D, FC, 8B, C6, 5E, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathRemoveFileSpecW + 42 77F67C98 32 Bytes [ F3, A5, 8B, C8, 83, E1, 03, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathRemoveFileSpecW + A1 77F67CF7 6 Bytes [ 8B, FF, 55, 8B, EC, 8B ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathRemoveFileSpecW + A8 77F67CFE 147 Bytes [ 10, 33, C9, 33, C0, 39, 4A, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathFileExistsW + 9 77F67D92 1 Byte [ 75 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathFileExistsW + B 77F67D94 14 Bytes [ 0F, 85, A3, 95, 00, 00, 8B, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathFileExistsW + 1B 77F67DA4 5 Bytes [ 0C, E8, E8, FD, FF ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathFileExistsW + 21 77F67DAA 43 Bytes [ 8B, F0, 3B, F7, 0F, 87, EB, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!ChrCmpIW 77F67E0A 9 Bytes [ 90, 90, 8B, FF, 55, 8B, EC, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!ChrCmpIW + A 77F67E14 53 Bytes [ 00, 57, 74, 45, 8B, 7D, 0C, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrChrIW + A 77F67E4A 10 Bytes [ C0, 74, 07, 53, 83, C6, 02, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrChrIW + 15 77F67E55 67 Bytes [ C6, 5E, 5B, 5F, 5D, C2, 08, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrStrIW + 1D 77F67E99 101 Bytes [ C0, 85, FF, 74, 36, 57, FF, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrStrIW + 83 77F67EFF 10 Bytes [ 17, 66, 8B, 0E, 66, 85, C9, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrStrIW + 8E 77F67F0A 13 Bytes [ 0A, 42, 42, 46, 46, 4F, FF, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrStrIW + 9C 77F67F18 11 Bytes [ FF, 5E, 0F, 84, 81, AE, 02, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrStrIW + A8 77F67F24 4 Bytes [ 5F, 5D, C2, 10 ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!wvnsprintfA + 62 77F68064 29 Bytes [ FF, 7F, 0F, 87, 78, 6B, 02, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!wvnsprintfA + 80 77F68082 19 Bytes [ C2, 74, 26, 66, 8B, 0A, 66, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!wvnsprintfA + 94 77F68096 104 Bytes [ F9, 3A, 74, 15, 66, 83, F9, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!wvnsprintfA + 177 77F68179 69 Bytes [ FC, 01, 00, 00, 00, EB, 52, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!wvnsprintfA + 1BD 77F681BF 19 Bytes [ FF, 0F, C1, E7, 04, 03, FA, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!wnsprintfA + 24 77F682A0 22 Bytes [ EB, FE, FF, FF, 85, C0, 0F, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!wnsprintfA + 3B 77F682B7 55 Bytes [ 5F, 66, 89, 46, 06, 57, 8D, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!wnsprintfA + 73 77F682EF 21 Bytes [ 00, 8A, 45, 0C, 53, 88, 46, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!wnsprintfA + 89 77F68305 85 Bytes [ 85, C0, 0F, 84, D8, A4, 00, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!wnsprintfA + DF 77F6835B 90 Bytes [ FF, 85, C0, 0F, 84, 81, A4, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathStripToRootW + E 77F68403 93 Bytes [ 20, 40, 40, 66, 39, 08, 75, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathStripToRootW + 6C 77F68461 6 Bytes [ 90, 90, 90, 90, 90, 8B ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathStripToRootW + 73 77F68468 58 Bytes [ 55, 8B, EC, 56, 8B, 75, 08, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrCmpLogicalW + E 77F684A3 20 Bytes [ 0F, 85, E5, A4, 01, 00, 33, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrCmpLogicalW + 23 77F684B8 87 Bytes [ 00, 00, 90, 90, 90, 90, 90, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrCmpLogicalW + 7B 77F68510 27 Bytes [ 8B, 08, 66, 85, C9, 74, 0A, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrCmpLogicalW + 97 77F6852C 179 Bytes [ 55, 8B, EC, 8B, 4D, 08, 85, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrCmpLogicalW + 14B 77F685E0 48 Bytes [ 00, 7D, 1E, 8B, 75, 08, 8D, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegOpenUSKeyA + 6 77F68B4F 66 Bytes CALL AA7A9A74
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegOpenUSKeyA + 4B 77F68B94 19 Bytes [ 6A, 02, 5A, 2B, C2, 0F, 84, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegOpenUSKeyA + 5F 77F68BA8 16 Bytes [ 2B, C2, 0F, 84, AE, 85, 01, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegOpenUSKeyA + 71 77F68BBA 121 Bytes [ 83, E0, 04, EB, A3, 90, 90, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegOpenUSKeyA + EC 77F68C35 2 Bytes [ EB, 07 ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegOpenUSKeyW + 56 77F68CE0 92 Bytes [ 55, 10, 3B, D0, 74, 04, 2B, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegGetUSValueW + 4B 77F68D3D 134 Bytes [ FF, FF, 7F, 0F, 87, 01, 79, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegGetUSValueW + D2 77F68DC4 54 Bytes [ FF, 55, 8B, EC, 83, 7D, 08, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegGetUSValueW + 109 77F68DFB 3 Bytes [ 25, 80, 00 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegGetUSValueW + 14F 77F68E41 2 Bytes [ FF, 55 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegGetUSValueW + 152 77F68E44 12 Bytes [ EC, 56, 8B, 75, 08, 85, F6, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegQueryUSValueW + 4D 77F68EC2 58 Bytes [ EB, E0, 8B, C6, 5E, 5B, 5F, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegQueryUSValueW + 8A 77F68EFF 36 Bytes [ 4D, 6A, 01, FF, 15, D8, 11, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegQueryUSValueW + CD 77F68F42 14 Bytes [ B5, F8, FD, FF, FF, FF, 15, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegQueryUSValueW + F4 77F68F69 128 Bytes [ 4D, 08, 85, C9, 74, 0F, 8B, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegGetBoolUSValueW + 56 77F68FEA 13 Bytes [ 15, 44, 12, F6, 77, 8B, 4D, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegGetBoolUSValueW + 64 77F68FF8 27 Bytes [ FF, C9, C2, 1C, 00, 90, 90, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegGetBoolUSValueW + 80 77F69014 16 Bytes [ 4D, 0C, 8B, 4D, 0C, 56, 8B, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegGetBoolUSValueW + 91 77F69025 13 Bytes [ 7D, 08, 89, 75, D8, 89, 4D, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegGetBoolUSValueW + 9F 77F69033 72 Bytes [ 00, 89, 45, E0, 0F, 88, 1D, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!wvnsprintfW + 6 77F691F7 6 Bytes [ 7D, D4, 00, 0F, 85, 7F ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!wvnsprintfW + D 77F691FE 34 Bytes [ 02, 00, 85, C0, 0F, 8C, 5E, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!wvnsprintfW + 30 77F69221 77 Bytes [ 39, 75, D4, 0F, 85, E8, 77, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!wvnsprintfW + 7E 77F6926F 47 Bytes [ 55, 0C, 89, 0A, 5D, C2, 08, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!wvnsprintfW + AE 77F6929F 2 Bytes CALL C37AA1AB
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!wnsprintfW + 56 77F6943C 9 Bytes [ 68, 14, 77, F6, 77, 56, FF, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!wnsprintfW + 60 77F69446 6 Bytes [ 85, FF, 0F, 8C, EB, F7 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!wnsprintfW + 67 77F6944D 25 Bytes JMP 77F93B83 C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation)
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!wnsprintfW + 81 77F69467 41 Bytes [ FF, 75, 0C, 8B, 08, 50, FF, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!wnsprintfW + AB 77F69491 198 Bytes [ 90, 90, 90, 90, 8B, FF, 55, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHSetValueW + 9 77F69768 47 Bytes [ 77, 73, 70, 49, 74, 69, 68, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHSetValueW + 3A 77F69799 71 Bytes [ 97, 06, D1, 2E, 93, CF, 11, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHSetValueW + 82 77F697E1 45 Bytes [ EE, 44, 45, 53, 54, 00, 00, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHSetValueW + B0 77F6980F 97 Bytes [ 55, 8B, EC, 83, EC, 14, A1, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHSetValueW + 112 77F69871 34 Bytes [ 0B, D8, 8B, 4D, FC, 5F, 5E, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!AssocCreate + 2 77F69E6B 12 Bytes [ 5E, 5D, C2, 1C, 00, 90, 90, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!AssocCreate + F 77F69E78 3 Bytes [ 8B, EC, 51 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!AssocCreate + 14 77F69E7D 15 Bytes [ 8B, 7D, 18, 33, C0, 3B, F8, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!AssocCreate + 24 77F69E8D 92 Bytes [ 4D, 18, 8B, 4D, 10, 3B, C8, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!AssocCreate + 81 77F69EEA 79 Bytes [ FF, 85, C0, 74, 37, 83, 7D, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegDuplicateHKey + 26 77F6A565 1 Byte [ 00 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegDuplicateHKey + 2B 77F6A56A 13 Bytes [ 90, 8B, FF, 55, 8B, EC, 8B, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegDuplicateHKey + 3A 77F6A579 9 Bytes [ 70, 08, 57, 8B, 38, 50, E8, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegDuplicateHKey + 44 77F6A583 23 Bytes [ FF, 59, 53, FF, D7, 85, F6, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegDuplicateHKey + 60 77F6A59F 9 Bytes [ 8B, FF, 55, 8B, EC, F7, 45, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!AssocQueryKeyW + 5D 77F6A60B 67 Bytes [ 45, 0C, 89, 46, 04, 8B, 45, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!AssocQueryKeyW + A2 77F6A650 1 Byte [ 8C ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!AssocQueryKeyW + A6 77F6A654 7 Bytes [ 5F, 33, C0, 40, 85, DB, 0F ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!AssocQueryKeyW + AE 77F6A65C 18 Bytes [ 0A, C0, 02, 00, 5B, 5D, C2, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!AssocQueryKeyW + C1 77F6A66F 194 Bytes [ FF, BE, 30, D4, FC, 77, 39, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrToIntW + 20 77F6AF94 73 Bytes [ 00, 68, 98, 00, 00, 00, E8, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathUnquoteSpacesW + 1F 77F6AFDE 5 Bytes [ 5B, 5D, C2, 0C, 00 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathUnquoteSpacesW + 25 77F6AFE4 33 Bytes [ DD, D0, 16, 90, 41, 7C, CC, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrRChrW + 19 77F6B077 55 Bytes [ 83, C1, 0C, 39, 75, 10, 0F, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathParseIconLocationW + 12 77F6B0AF 107 Bytes CALL 7860C128
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathParseIconLocationW + 7E 77F6B11B 25 Bytes [ CB, 07, F4, C4, 5B, 90, 90, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!AssocQueryStringByKeyW + 15 77F6B135 56 Bytes [ FF, 55, 8B, EC, 56, 8B, 75, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!AssocQueryStringByKeyW + 4F 77F6B16F 6 Bytes [ 0C, 51, 50, E8, 25, C5 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!AssocQueryStringByKeyW + 56 77F6B176 6 Bytes [ FF, 8D, 4E, F0, 8B, 01 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!AssocQueryStringByKeyW + 5D 77F6B17D 22 Bytes [ 50, 20, 5E, 5D, C2, 08, 00, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!AssocQueryStringByKeyW + 77 77F6B197 105 Bytes [ 90, 83, 6C, 24, 04, 10, E9, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHUnlockShared 77F6B53E 45 Bytes [ 90, 8B, FF, 55, 8B, EC, 51, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHFreeShared + 13 77F6B56C 17 Bytes [ 55, 8B, EC, 8B, 45, 08, 8B, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHFreeShared + 7A 77F6B5D3 40 Bytes [ F0, 85, F6, 7C, 3D, 8B, 55, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHAllocShared + C 77F6B5FD 25 Bytes [ 14, 8B, 08, FF, 75, 0C, FF, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHAllocShared + 26 77F6B617 17 Bytes [ C6, 5E, C9, C2, 14, 00, 90, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHAllocShared + 38 77F6B629 174 Bytes [ 57, 8B, 7D, 08, 33, C0, 83, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHAllocShared + E7 77F6B6D8 101 Bytes [ 00, 00, 8B, F8, 85, FF, 74, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHAllocShared + 14E 77F6B73F 14 Bytes [ 8B, 4D, 1C, 89, 01, 0F, 84, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHCreateStreamOnFileW + 15 77F6B8AE 114 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHCreateStreamOnFileW + 88 77F6B921 9 Bytes [ FF, 00, 01, 00, 00, E8, 5C, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHCreateStreamOnFileW + 92 77F6B92B 17 Bytes [ 83, 26, 00, 85, C0, 0F, 85, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHCreateStreamOnFileW + A5 77F6B93E 3 Bytes [ 85, A8, AA ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHCreateStreamOnFileW + AA 77F6B943 43 Bytes [ 85, DB, 75, 0D, 66, 39, 85, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsURLW + 9 77F6BB9A 47 Bytes [ C4, 10, 85, C0, 7C, 13, 3B, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsURLW + 39 77F6BBCA 63 Bytes [ 68, 2C, 01, 00, 00, 50, E8, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsURLW + 79 77F6BC0A 47 Bytes [ 00, 00, B8, 18, AC, F6, 77, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsURLW + A9 77F6BC3A 11 Bytes [ 74, 00, 5C, 00, 57, 00, 69, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsURLW + B5 77F6BC46 11 Bytes [ 6F, 00, 77, 00, 73, 00, 5C, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlIsW + A 77F6BCB6 116 Bytes [ 73, 00, 65, 00, 73, 00, 5C, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlIsW + 7F 77F6BD2B 5 Bytes [ A1, 80, D2, FC, 77 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlIsW + 85 77F6BD31 35 Bytes [ 4D, 1C, 53, 8B, 5D, 14, 56, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlIsW + A9 77F6BD55 95 Bytes [ FE, FF, FF, C7, 85, F8, FE, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlIsW + 109 77F6BDB5 25 Bytes [ 85, F8, FE, FF, FF, 5F, 5E, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHLoadIndirectString + A 77F6BEB8 25 Bytes [ 4E, 00, 61, 00, 6D, 00, 65, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHLoadIndirectString + 24 77F6BED2 41 Bytes [ 75, 14, 8B, 7D, 0C, FF, 75, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHLoadIndirectString + 4E 77F6BEFC 72 Bytes [ 51, 6A, 02, 68, 18, AF, F6, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHLoadIndirectString + 97 77F6BF45 26 Bytes [ FF, 00, 00, 0D, 00, 00, 07, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHLoadIndirectString + B2 77F6BF60 34 Bytes [ 75, 14, 8B, 76, 08, 8B, 06, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathFindFileNameA + 4 77F6C1A0 13 Bytes [ 45, 0C, 66, 83, 38, 40, FF, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathFindFileNameA + 12 77F6C1AE 27 Bytes [ 43, 02, 00, 00, 68, 74, 6F, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathFindFileNameA + 2E 77F6C1CA 59 Bytes [ FF, 55, 8B, EC, 81, EC, 64, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathFindFileNameA + 6A 77F6C206 14 Bytes [ 00, 68, 05, 00, 00, 41, FF, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathFindFileNameA + 79 77F6C215 5 Bytes [ B5, A0, F6, FF, FF ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlGetPartW + 27 77F6CCBC 93 Bytes [ 89, 45, FC, 8B, 45, 08, 53, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlGetPartW + 85 77F6CD1A 150 Bytes [ 75, 10, FF, 75, 0C, FF, 70, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlGetPartW + 11C 77F6CDB1 23 Bytes [ FF, 51, 24, 8B, D8, 3B, DE, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlGetPartW + 134 77F6CDC9 68 Bytes [ FF, 51, 14, 85, C0, 8B, 4D, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlGetPartW + 179 77F6CE0E 52 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegGetValueA + 2F 77F70059 193 Bytes [ 79, 6D, 46, 75, 6E, 63, 74, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHGetValueA + 58 77F7011B 270 Bytes [ 77, 77, 82, FC, 77, 50, F4, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHQueryValueExA + 3F 77F7022A 28 Bytes [ 69, 6C, 44, 72, 61, 77, 42, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHQueryValueExA + 5C 77F70247 22 Bytes [ 79, 6C, 65, 00, 90, 53, 65, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHQueryValueExA + 73 77F7025E 21 Bytes [ 90, 90, 53, 65, 74, 47, 61, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHQueryValueExA + 89 77F70274 14 Bytes [ 61, 64, 67, 65, 74, 50, 61, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHQueryValueExA + 98 77F70283 33 Bytes [ 47, 61, 64, 67, 65, 74, 4D, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrRChrA + 74 77F70374 216 Bytes [ 47, 65, 74, 47, 61, 64, 67, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrRChrA + 14D 77F7044D 54 Bytes [ 90, 90, 90, 42, 75, 69, 6C, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrRChrA + 184 77F70484 14 Bytes [ 41, 75, 74, 6F, 54, 72, 61, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrCatW + D 77F70493 319 Bytes [ 61, 63, 68, 57, 6E, 64, 50, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathAddBackslashA + 86 77F705D3 199 Bytes [ 61, 63, 68, 00, 90, 44, 6E, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegQueryInfoUSKeyW + 4E 77F7069B 17 Bytes [ 90, 44, 6E, 73, 4E, 61, 6D, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegQueryInfoUSKeyW + 60 77F706AD 251 Bytes [ 90, 90, 90, 44, 6E, 73, 4E, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrCmpNIA + 3 77F707A9 632 Bytes [ 49, 50, 72, 6F, 6D, 70, 74, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrCmpNIA + 27C 77F70A22 1 Byte [ 00 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrCmpNIA + 27E 77F70A24 5 Bytes [ E0, 83, FC, 77, 82 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrCmpNIA + 284 77F70A2A 1 Byte [ 00 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrCmpNIA + 286 77F70A2C 5 Bytes [ 74, 7E, FC, 77, 83 ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!AssocGetPerceivedType + 14 77F710B7 23 Bytes [ 00, 65, 00, 41, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!AssocGetPerceivedType + 2C 77F710CF 61 Bytes [ 75, 14, 68, FF, FF, 00, 00, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!AssocGetPerceivedType + 6A 77F7110D 138 Bytes [ 33, DB, 8B, 7D, 14, 85, FF, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!AssocGetPerceivedType + F5 77F71198 20 Bytes [ 80, 38, 00, 0F, 84, D1, FE, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!AssocGetPerceivedType + 10A 77F711AD 63 Bytes [ 15, AC, 10, F6, 77, 8B, F0, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHCreateShellPalette 77F71940 111 Bytes [ B8, 08, D2, FC, 77, EB, D7, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHCreateShellPalette + 70 77F719B0 119 Bytes [ 14, 8B, 75, 08, 89, 45, FC, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHCreateShellPalette + E8 77F71A28 44 Bytes [ 2E, 00, 73, 00, 63, 00, 72, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHCreateShellPalette + 115 77F71A55 1 Byte [ 00 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHCreateShellPalette + 118 77F71A58 115 Bytes [ 2E, 00, 65, 00, 78, 00, 65, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHOpenRegStream2W + DC 77F72596 2 Bytes [ B4, 9C ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHOpenRegStream2W + E0 77F7259A 16 Bytes [ 6A, 00, 68, AC, 15, F7, 77, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHOpenRegStream2W + F1 77F725AB 3 Bytes [ C3, 2A, 00 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHOpenRegStream2W + F5 77F725AF 119 Bytes [ 00, 90, 90, 90, 90, 90, 8B, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrRetToStrW + 14 77F72627 7 Bytes [ 89, 75, C0, 89, 4D, CC, AB ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrRetToStrW + 1C 77F7262F 50 Bytes [ 4D, D4, 89, 4D, D8, 89, 4D, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrRetToStrW + 4F 77F72662 13 Bytes [ 7D, 81, E2, FF, FF, 00, 00, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrRetToStrW + 5E 77F72671 123 Bytes [ 33, DB, 3B, C1, 0F, 85, A8, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHGetThreadRef + 59 77F726ED 6 Bytes [ 85, FF, 74, 7A, E9, 88 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHGetThreadRef + 60 77F726F4 50 Bytes [ 00, 00, 57, FF, 15, 70, 13, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHGetThreadRef + 93 77F72727 1 Byte [ FF ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHGetThreadRef + 95 77F72729 33 Bytes [ BB, 88, D3, FC, 77, 53, FF, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHGetThreadRef + B7 77F7274B 3 Bytes [ 89, 3E, 53 ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathMatchSpecW + 21 77F72847 18 Bytes [ C0, 59, 0F, 84, FD, 5A, 00, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathMatchSpecW + 34 77F7285A 104 Bytes [ FF, 90, 90, 90, 90, 90, 8B, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathMatchSpecW + 9D 77F728C3 67 Bytes [ 77, 31, 9B, F6, 77, 40, AA, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathMatchSpecW + E1 77F72907 112 Bytes [ C3, 46, 00, 6F, 00, 6C, 00, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsFileSpecW + 1A 77F72978 68 Bytes [ 00, 00, 00, 3B, F3, 74, 7F, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsFileSpecW + 5F 77F729BD 9 Bytes [ 21, 8B, 35, 04, 11, F6, 77, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsFileSpecW + 69 77F729C7 18 Bytes [ FC, FF, FF, 50, 6A, 0A, 53, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsFileSpecW + 7C 77F729DA 1 Byte [ 00 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsFileSpecW + 7E 77F729DC 44 Bytes [ 57, FF, D6, 8D, 85, FC, FB, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrTrimW + 54 77F72F3B 70 Bytes [ 00, 30, 21, F7, 77, 28, 21, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrTrimW + 9C 77F72F83 5 Bytes [ 00, CC, 21, F7, 77 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrTrimW + A2 77F72F89 64 Bytes [ 00, 00, 00, 10, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrTrimW + E3 77F72FCA 28 Bytes [ 00, 00, A4, 20, F7, 77, 8C, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrTrimW + 101 77F72FE8 53 Bytes [ 64, 20, F7, 77, 00, 02, 00, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrRStrIW + 1D 77F7387A 100 Bytes [ 66, 8B, 06, 66, 3B, C7, 74, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrRStrIW + 82 77F738DF 27 Bytes [ 85, C0, 7C, 17, 57, 6A, 04, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrRStrIW + 9E 77F738FB 182 Bytes [ 75, E4, 8B, 03, FF, 75, 10, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrRStrIW + 155 77F739B2 27 Bytes [ 65, 00, 78, 00, 65, 00, 63, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrRStrIW + 171 77F739CE 1 Byte [ 65 ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!AssocIsDangerous + 11 77F73CA4 57 Bytes [ 72, 00, 00, 00, 90, 90, 90, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!AssocIsDangerous + 4C 77F73CDF 76 Bytes [ 89, 45, FC, EB, 2F, 6A, 00, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!AssocIsDangerous + 99 77F73D2C 20 Bytes [ 63, 00, 00, 00, 90, 90, 90, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!AssocIsDangerous + AE 77F73D41 22 Bytes [ 74, 03, 83, 0F, FF, 8B, 75, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!AssocIsDangerous + C5 77F73D58 58 Bytes [ FF, 66, 83, 38, 00, 0F, 84, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathGetArgsW + 35 77F74206 21 Bytes [ 00, 00, 85, C0, 0F, 84, D5, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathRemoveArgsW + 11 77F7421C 65 Bytes [ 55, 8B, EC, 81, EC, 0C, 02, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathRemoveArgsW + 53 77F7425E 12 Bytes [ 4D, FC, F7, D8, 1B, C0, 5F, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathRemoveArgsW + 60 77F7426B 19 Bytes [ FF, C9, C2, 04, 00, 56, FF, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathRemoveArgsW + 74 77F7427F 14 Bytes [ 90, 90, 90, 90, 90, B8, 80, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathRemoveArgsW + 83 77F7428E 47 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsPrefixW + 86 77F74392 92 Bytes [ 8B, FF, 55, 8B, EC, 81, EC, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsPrefixW + E3 77F743EF 70 Bytes [ D2, FC, 77, 8D, 85, EC, FD, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsPrefixW + 12A 77F74436 45 Bytes [ FF, 50, 6A, 01, FF, B5, F0, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsPrefixW + 158 77F74464 25 Bytes [ A1, 80, D2, FC, 77, 89, 45, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsPrefixW + 172 77F7447E 1 Byte [ 75 ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrStrA + 58 77F74F3E 177 Bytes [ C7, 45, FC, 02, 00, 07, 80, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegWriteUSValueW + 73 77F74FF0 225 Bytes CALL 586F4730
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegEnumUSKeyW + 71 77F750D2 33 Bytes [ FF, 75, 24, FF, 75, 20, FF, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHEnumKeyExW + 5 77F750FD 5 Bytes [ 51, 51, 83, 7D, 08 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHEnumKeyExW + B 77F75103 26 Bytes [ 57, BF, 57, 00, 07, 80, 0F, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHEnumKeyExW + 26 77F7511E 10 Bytes [ 28, 50, BE, 14, 77, F6, 77, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHEnumKeyExW + 31 77F75129 82 Bytes [ 00, 00, 8B, F8, 85, FF, 7C, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHEnumKeyExW + 84 77F7517C 12 Bytes [ 75, 1C, FF, 75, 08, 50, FF, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegQueryUSValueA + 4 77F75192 16 Bytes [ 45, 28, 8B, 08, 50, FF, 51, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegQueryUSValueA + 15 77F751A3 5 Bytes [ 90, 90, 90, 90, 90 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegQueryUSValueA + 1B 77F751A9 151 Bytes [ FF, 55, 8B, EC, A1, 00, D8, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegQueryUSValueA + B3 77F75241 6 Bytes [ 90, 90, 90, 90, 90, 8B ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegQueryUSValueA + BA 77F75248 118 Bytes [ 55, 8B, EC, 81, EC, 1C, 02, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathAddExtensionW + 18 77F75303 108 Bytes [ C9, C2, 0C, 00, 90, 90, 90, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathAddExtensionW + 85 77F75370 20 Bytes [ 89, 48, 08, 89, 48, 14, 89, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathAddExtensionW + 9A 77F75385 88 Bytes [ 48, 30, 89, 48, 34, 5E, 5D, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathAddExtensionW + F3 77F753DE 53 Bytes [ 83, 61, 08, 00, 83, 61, 0C, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathAddExtensionW + 129 77F75414 7 Bytes [ FF, 55, 8B, EC, 53, 56, 57 ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!IsCharSpaceW 77F758A5 61 Bytes [ 6A, 00, 6A, 23, 6A, 3F, E8, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!IsCharSpaceW + 4D 77F758F2 13 Bytes [ 83, 7D, FC, 00, 0F, 84, 4E, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!IsCharSpaceW + 6F 77F75914 29 Bytes [ 33, C0, 40, EB, C6, 90, 90, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!IsCharSpaceW + 8D 77F75932 26 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!IsCharSpaceW + A8 77F7594D 61 Bytes CALL 387C6859
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlCombineA + 1C 77F7668C 5 Bytes [ 00, 00, 00, 00, 26 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlCombineA + 22 77F76692 14 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlCombineA + 31 77F766A1 36 Bytes [ 56, 57, 58, 00, 13, 59, 59, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlCombineA + 58 77F766C8 65 Bytes [ 00, 00, 5F, 00, 60, 06, 44, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlCombineA + 9B 77F7670B 255 Bytes [ 00, 00, 00, 00, 7B, 00, 00, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlCanonicalizeA + 33 77F76858 153 Bytes [ 00, 00, 00, 00, 71, CA, CB, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHSetValueA + 57 77F768F2 12 Bytes [ 3F, FC, FF, FF, FF, 00, 00, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHSetValueA + 64 77F768FF 28 Bytes [ 00, 40, D7, FF, FF, FB, FF, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHSetValueA + 81 77F7691C 22 Bytes [ 9F, 19, FF, FF, FF, CF, 3F, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHSetValueA + 98 77F76933 13 Bytes [ 00, FF, 07, 07, 00, FE, 07, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHSetValueA + A6 77F76941 8 Bytes [ 7F, 2F, 00, E0, FF, FF, FF, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrToIntA + 12 77F76A47 45 Bytes [ 00, 00, 00, 04, 00, FF, FF, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrToIntA + 40 77F76A75 10 Bytes [ 00, D0, FF, 0E, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrToIntA + 4B 77F76A80 1 Byte [ 3C ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrToIntA + 4D 77F76A82 1 Byte [ 01 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrToIntA + 4F 77F76A84 1 Byte [ 00 ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHDeleteKeyW + 5 77F76F99 46 Bytes [ 30, 8B, 45, 0C, 89, 45, D4, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHDeleteKeyW + 34 77F76FC8 3 Bytes [ 8D, FD, FF ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHDeleteKeyW + 3A 77F76FCE 1 Byte [ 14 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHDeleteKeyW + 46 77F76FDA 84 Bytes [ 8B, 45, 08, 85, C0, 56, BE, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHDeleteKeyW + 9B 77F7702F 7 Bytes [ 3F, 00, 75, 13, 83, 7E, 40 ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!GetMenuPosFromID + 32 77F772EB 6 Bytes [ 90, 42, 00, 61, 00, 67 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!GetMenuPosFromID + 39 77F772F2 1 Byte [ 73 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!GetMenuPosFromID + 3B 77F772F4 58 Bytes [ 5C, 00, 41, 00, 6C, 00, 6C, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!GetMenuPosFromID + 76 77F7732F 119 Bytes [ 55, 8B, EC, 81, EC, 5C, 02, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHCreateThread + 21 77F773C7 22 Bytes CALL 77F8185F C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation)
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHCreateThread + 38 77F773DE 29 Bytes [ 15, 70, D1, FC, 77, 8B, F0, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHCreateThread + 56 77F773FC 23 Bytes [ FF, FF, FF, B5, 74, FF, FF, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHCreateThread + 6E 77F77414 21 Bytes [ 0F, 84, 55, F7, 01, 00, 8B, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHCreateThread + 85 77F7742B 4 Bytes [ FF, 8B, 08, 50 ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegCreateUSKeyW + B 77F77692 31 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegCreateUSKeyW + 2B 77F776B2 21 Bytes [ 85, C8, FB, FF, FF, 8B, 45, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegCreateUSKeyW + 41 77F776C8 11 Bytes [ 20, 85, DE, 57, 8B, 7D, 08, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegCreateUSKeyW + 4D 77F776D4 5 Bytes [ FF, 74, 0A, F7, C3 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegCreateUSKeyW + 55 77F776DC 8 Bytes [ 04, 74, 02, 33, DE, 8D, 8D, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegCreateUSKeyA + 3B 77F7772A 20 Bytes [ 81, A5, C8, FB, FF, FF, 00, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegCreateUSKeyA + 50 77F7773F 17 Bytes [ B5, 90, FE, FF, FF, 8D, 8D, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegCreateUSKeyA + 62 77F77751 42 Bytes [ FF, B5, 1C, FF, FF, FF, 8D, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegCreateUSKeyA + 8D 77F7777C 120 Bytes [ 50, 8D, 85, A4, FB, FF, FF, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegCreateUSKeyA + 10B 77F777FA 69 Bytes [ 8B, 4D, FC, 5F, 8B, C6, 5E, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHCreateThreadRef + D 77F77CCD 35 Bytes [ 50, 68, 01, 00, 00, 80, 8B, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHCreateThreadRef + 6B 77F77D2B 14 Bytes [ FF, 51, 6A, 00, 89, 45, FC, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHCreateThreadRef + 7A 77F77D3A 48 Bytes [ FF, FF, FF, A0, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHCreateThreadRef + B3 77F77D73 26 Bytes [ F8, 85, FF, 7C, 2A, 68, B4, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHCreateThreadRef + CE 77F77D8E 82 Bytes [ 8D, 85, 5C, FF, FF, FF, 50, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHDeleteKeyA + 131 77F78642 41 Bytes [ 8B, 45, FC, 89, 45, 08, 0F, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHDeleteKeyA + 18C 77F7869D 83 Bytes [ 7D, 14, 33, C9, 51, 51, 68, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathFindOnPathW + 12 77F786F1 18 Bytes [ 55, 8B, EC, 81, EC, 18, 01, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathFindOnPathW + 25 77F78704 70 Bytes [ 8B, 75, 10, 57, 89, 45, FC, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathFindOnPathW + 6C 77F7874B 114 Bytes [ FF, 0F, 84, 1B, 07, 00, 00, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathFindOnPathW + E0 77F787BF 44 Bytes [ 00, 80, 83, BD, F8, FE, FF, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathFindOnPathW + 10D 77F787EC 27 Bytes [ B3, 10, 01, 00, 00, 8D, 43, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegSetUSValueW + 7 77F78A92 33 Bytes [ FF, FF, 85, C0, 0F, 85, 1E, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegSetUSValueW + 29 77F78AB4 162 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!ColorRGBToHLS + 80 77F78B57 21 Bytes [ 10, F6, 77, 8B, 45, FC, 5F, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!ColorRGBToHLS + 96 77F78B6D 104 Bytes [ EC, 83, EC, 50, A1, 80, D2, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!ColorHLSToRGB + 54 77F78BD6 51 Bytes [ 45, 08, 8B, 08, 0F, 84, F3, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!ColorHLSToRGB + 88 77F78C0A 71 Bytes [ 08, 57, FF, 76, 04, FF, 15, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!ColorHLSToRGB + D0 77F78C52 7 Bytes [ FF, 75, 0C, FF, 75, 08, 68 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!ColorHLSToRGB + 10A 77F78C8C 26 Bytes [ 75, 08, FF, 35, 78, D6, FC, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!ColorHLSToRGB + 125 77F78CA7 28 Bytes [ 80, 5D, C2, 04, 00, 90, 90, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsUNCA + 1B 77F78F50 36 Bytes [ A1, 80, D2, FC, 77, 57, 89, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsUNCA + 40 77F78F75 8 Bytes [ 00, 00, FF, 15, EC, 13, F6, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsUNCA + 49 77F78F7E 8 Bytes [ 4D, FC, 33, C0, 83, BD, 78, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsUNCA + 52 77F78F87 170 Bytes [ FF, 02, 5F, 0F, 94, C0, E8, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathCanonicalizeA + 47 77F79032 5 Bytes [ 0F, 87, 00, C9, FE ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathCanonicalizeA + 92 77F7907D 34 Bytes [ 00, 50, 56, FF, 75, 10, 68, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathCanonicalizeA + B7 77F790A2 36 Bytes [ EB, F8, 25, 00, 64, 00, 78, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathCanonicalizeA + DC 77F790C7 91 Bytes [ 85, C0, 0F, 84, C9, D7, 01, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathAppendA + 27 77F79123 25 Bytes [ D6, 3B, C3, A3, 8C, D8, FC, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathAppendA + 41 77F7913D 71 Bytes [ D8, FC, 77, 0F, 84, 17, D7, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathCombineA + 45 77F79185 20 Bytes [ 68, D0, 81, F7, 77, 57, FF, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathCombineA + 5A 77F7919A 193 Bytes [ 68, BC, 81, F7, 77, 57, FF, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathCombineA + 11C 77F7925C 57 Bytes [ 74, 2E, 8B, 75, 10, 85, F6, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsRelativeA + 37 77F79298 6 Bytes [ 8B, FF, 55, 8B, EC, 81 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsRelativeA + 3E 77F7929F 130 Bytes [ 10, 02, 00, 00, A1, 80, D2, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsRelativeA + C1 77F79322 2 Bytes [ 00, 00 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsRelativeA + C4 77F79325 34 Bytes [ C0, 7C, 22, 53, 68, 74, 7E, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsRelativeA + E7 77F79348 1 Byte [ 00 ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHCreateStreamOnFileEx + 17 77F7A1BD 7 Bytes [ FF, D3, 8D, 85, F8, FE, FF ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHCreateStreamOnFileEx + 1F 77F7A1C5 5 Bytes [ 50, E8, 82, 73, FF ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHCreateStreamOnFileEx + 25 77F7A1CB 11 Bytes [ 85, C0, 89, 85, EC, FE, FF, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHCreateStreamOnFileEx + 31 77F7A1D7 1 Byte [ FC ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHCreateStreamOnFileEx + 33 77F7A1D9 19 Bytes [ 2B, F8, FF, 15, 6C, 14, F6, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!AssocQueryStringW + 7A 77F7A808 4 Bytes [ 75, 08, E8, 09 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!AssocQueryStringW + 7F 77F7A80D 39 Bytes [ 00, 00, 5D, C2, 10, 00, 90, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!AssocQueryStringW + A7 77F7A835 80 Bytes [ 75, 08, 89, 45, FC, 8B, 45, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegGetUSValueA + 34 77F7A886 21 Bytes [ 47, 83, 7D, E4, FF, 0F, 84, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegGetUSValueA + 5B 77F7A8AD 42 Bytes [ 06, 2D, 00, 46, 46, FF, 4D, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegGetUSValueA + 139 77F7A98B 11 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegGetUSValueA + 145 77F7A997 22 Bytes [ 8B, 4D, 08, C7, 00, 9C, 96, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegGetUSValueA + 15C 77F7A9AE 6 Bytes [ 89, 48, 0C, 5D, C2, 04 ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrChrA + 55 77F7AA27 16 Bytes [ 10, 8B, F8, 8B, 06, 56, FF, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrChrA + 66 77F7AA38 39 Bytes [ 33, F6, EB, C6, 90, 90, 90, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrChrA + 8E 77F7AA60 116 Bytes [ F8, 7F, 23, DE, BA, 05, 00, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrChrA + 103 77F7AAD5 10 Bytes [ 75, 08, 6A, 05, FF, 71, 14, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrChrA + 10E 77F7AAE0 7 Bytes [ 48, 01, 00, 00, E9, 79, 1C ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathStripPathW 77F7AAED 63 Bytes [ 90, 8B, FF, 55, 8B, EC, 81, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathStripPathW + 4C 77F7AB39 4 Bytes [ 02, 00, E9, 44 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathStripPathW + 51 77F7AB3E 25 Bytes [ FF, FF, 56, 51, 56, 53, 56, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathStripPathW + 6B 77F7AB58 30 Bytes [ 90, 90, 90, 90, 8B, FF, 55, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathStripPathW + 8C 77F7AB79 46 Bytes [ 5D, C2, 04, 00, 90, 90, 90, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsDirectoryW + 33 77F7AE8C 14 Bytes [ 52, 00, 55, 00, 00, 00, 90, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsDirectoryW + 42 77F7AE9B 11 Bytes [ EC, 51, 8D, 45, FC, 50, 8D, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsDirectoryW + 4E 77F7AEA7 111 Bytes [ 68, CC, 9E, F7, 77, 6A, 00, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsDirectoryW + BE 77F7AF17 45 Bytes [ 51, 89, 45, FC, 8B, 45, 08, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsDirectoryW + EC 77F7AF45 38 Bytes [ B5, EC, FD, FF, FF, 50, FF, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHOpenRegStream2A + 11 77F7B095 57 Bytes [ 10, 00, 00, 3B, F7, 76, 35, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHOpenRegStream2A + 4C 77F7B0D0 34 Bytes [ 00, 8B, 75, 10, 85, F6, 0F, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHOpenRegStream2A + 6F 77F7B0F3 215 Bytes [ 73, 08, FF, 15, 94, 13, F6, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHOpenRegStream2A + 147 77F7B1CB 173 Bytes [ FF, 3B, C6, 7C, 6A, 53, 8B, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHOpenRegStream2A + 1F6 77F7B27A 56 Bytes [ 74, 4F, F6, 45, 10, 01, 0F, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHGetViewStatePropertyBag + 16 77F7B684 25 Bytes [ 85, C0, 0F, 85, AE, DE, FE, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHGetViewStatePropertyBag + 30 77F7B69E 4 Bytes JMP 77F905F5 C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation)
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHGetViewStatePropertyBag + 35 77F7B6A3 24 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHGetViewStatePropertyBag + 61 77F7B6CF 15 Bytes [ 00, 00, 0F, B7, C0, 5E, C9, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHGetViewStatePropertyBag + 71 77F7B6DF 22 Bytes [ FF, 55, 8B, EC, 81, EC, 34, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrToInt64ExW + 7E 77F7BBAE 65 Bytes [ F7, 77, C3, AC, F7, 77, 33, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrToInt64ExW + C0 77F7BBF0 22 Bytes [ A1, 80, D2, FC, 77, 53, 56, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrToInt64ExW + D7 77F7BC07 9 Bytes [ 68, 04, 01, 00, 00, 8D, 85, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHOpenRegStreamA + 55 77F7BC71 10 Bytes [ FF, 55, 8B, EC, FF, 75, 10, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHOpenRegStreamA + 60 77F7BC7C 41 Bytes [ 75, 08, 68, A4, AC, F7, 77, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHOpenRegStreamA + 8A 77F7BCA6 102 Bytes [ 70, 00, 70, 00, 6C, 00, 69, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHOpenRegStreamA + 103 77F7BD1F 7 Bytes [ FF, FF, F7, DA, E9, 8C, 02 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHOpenRegStreamA + 10B 77F7BD27 3 Bytes [ FF, 41, 41 ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathFindNextComponentW + 1B 77F7BEF4 65 Bytes [ 55, 8B, EC, 56, 57, 6A, 01, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathRelativePathToW + 15 77F7BF36 18 Bytes [ C6, 5F, 5E, 5D, C2, 18, 00, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathRelativePathToW + 28 77F7BF49 36 Bytes [ 85, ED, E2, FE, FF, 66, 39, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathRelativePathToW + 4D 77F7BF6E 47 Bytes [ 3B, CA, 0F, 84, E2, E2, FE, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathRelativePathToW + 7D 77F7BF9E 35 Bytes [ 56, 00, 61, 00, 72, 00, 46, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathRelativePathToW + A1 77F7BFC2 1 Byte [ 61 ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathGetCharTypeW + 8C 77F7C272 14 Bytes [ 56, 8B, F1, 8B, 46, 08, 85, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathGetCharTypeW + 9B 77F7C281 24 Bytes [ 75, 08, 6A, 40, FF, 15, 84, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHLockShared + 14 77F7C29B 1 Byte [ 04 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHLockShared + 16 77F7C29D 6 Bytes [ 90, 90, 90, 90, 90, 8B ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHLockShared + 1D 77F7C2A4 24 Bytes [ 55, 8B, EC, 8B, 45, 14, 83, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHLockShared + 36 77F7C2BD 40 Bytes [ 89, 41, 14, 8B, 4D, 18, 85, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHLockShared + 5F 77F7C2E6 113 Bytes [ 10, 00, 00, 50, 8B, CB, E8, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHDeleteValueW + 17 77F7C358 26 Bytes [ 8B, 45, 14, 85, C0, 75, 08, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHDeleteValueW + 32 77F7C373 11 Bytes [ 76, 1C, FF, 15, 00, 10, F6, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHDeleteValueW + 3F 77F7C380 27 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHDeleteValueW + 5B 77F7C39C 38 Bytes [ 8B, 4E, 08, 52, 51, 8D, 46, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHDeleteValueW + 82 77F7C3C3 70 Bytes [ 15, 74, 14, F6, 77, 83, F8, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrFormatByteSizeW 77F7C4AB 6 Bytes [ 90, 90, 8B, FF, 55, 8B ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrFormatByteSizeW + 7 77F7C4B2 40 Bytes [ FF, 75, 10, FF, 75, 0C, 68, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrFormatByteSizeW + 31 77F7C4DC 3 Bytes [ 00, 00, 00 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrFormatByteSizeW + 35 77F7C4E0 1 Byte [ 00 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrFormatByteSizeW + 38 77F7C4E3 1 Byte [ 00 ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlCreateFromPathW + A 77F7D3BC 26 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlCreateFromPathW + 25 77F7D3D7 55 Bytes [ 77, 89, 45, FC, 8B, 45, 0C, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlCreateFromPathW + 5D 77F7D40F 14 Bytes [ 77, 6A, 01, 8B, CE, E8, 24, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlCreateFromPathW + 6C 77F7D41E 129 Bytes [ 75, 10, 8B, 46, 38, FF, 75, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegGetBoolUSValueA + 11 77F7D4A0 11 Bytes [ C6, 5E, C9, C2, 08, 00, 90, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegGetBoolUSValueA + 1D 77F7D4AC 33 Bytes [ FF, 55, 8B, EC, 81, EC, 9C, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegGetBoolUSValueA + 3F 77F7D4CE 65 Bytes [ 00, 8B, 55, 0C, 85, D2, 7F, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegGetBoolUSValueA + 81 77F7D510 74 Bytes [ FF, FF, 83, BD, 68, FF, FF, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHEnumValueW + B 77F7D55C 64 Bytes CALL D1CA086B
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHEnumValueW + 79 77F7D5CA 51 Bytes [ FF, FF, 50, 8B, 85, 68, FF, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHEnumValueW + AD 77F7D5FE 6 Bytes [ 4D, FC, 8B, 85, 64, FF ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHEnumValueW + BA 77F7D60B 256 Bytes [ C9, C2, 10, 00, 90, 03, 01, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHAutoComplete + CD 77F7D70C 127 Bytes [ 79, FE, FF, C9, C3, 90, 90, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHAutoComplete + 14D 77F7D78C 62 Bytes [ 33, ED, 8B, 44, 24, 14, 0B, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHAutoComplete + 18C 77F7D7CB 104 Bytes [ C8, 8B, C6, F7, 64, 24, 18, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHAutoComplete + 1FF 77F7D83E 37 Bytes [ 8D, 45, F0, 89, 45, 98, 89, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHAutoComplete + 229 77F7D868 1 Byte [ 00 ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathCreateFromUrlW + E5 77F7F05A 357 Bytes [ 43, 61, 63, 68, 65, 45, 6E, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathCreateFromUrlW + 24B 77F7F1C0 72 Bytes [ 49, 6E, 74, 65, 72, 6E, 65, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathCreateFromUrlW + 294 77F7F209 446 Bytes [ 79, 73, 74, 65, 6D, 54, 69, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathCreateFromUrlW + 453 77F7F3C8 41 Bytes [ 49, 6E, 69, 74, 69, 61, 6C, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathCreateFromUrlW + 47D 77F7F3F2 149 Bytes [ 90, 90, 49, 6E, 74, 65, 72, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlUnescapeW 77F7F4FC 323 Bytes [ 49, 6E, 74, 65, 72, 6E, 65, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlUnescapeW + 144 77F7F640 132 Bytes [ 49, 6E, 74, 65, 72, 6E, 65, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlCanonicalizeW + 84 77F7F6C5 203 Bytes [ 90, 90, 90, 49, 6E, 74, 65, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlCombineW + 48 77F7F791 449 Bytes [ 6E, 64, 52, 65, 71, 75, 65, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlCombineW + 20B 77F7F954 17 Bytes [ 46, 74, 70, 46, 69, 6E, 64, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlCombineW + 21D 77F7F966 15 Bytes [ 90, 90, 46, 74, 70, 44, 65, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlCombineW + 22D 77F7F976 88 Bytes [ 00, 90, 46, 74, 70, 44, 65, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlCombineW + 286 77F7F9CF 25 Bytes [ 90, 46, 69, 6E, 64, 4E, 65, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrFormatKBSizeW + 12 77F7FC93 41 Bytes [ 08, 50, FF, 51, 08, 39, 75, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrFormatKBSizeW + 3C 77F7FCBD 122 Bytes [ F1, 89, 46, 10, 8B, 45, 0C, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrFormatKBSizeW + B7 77F7FD38 59 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrFormatKBSizeW + F3 77F7FD74 30 Bytes [ 71, 14, FF, 75, 08, FF, 71, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrFormatKBSizeW + 113 77F7FD94 52 Bytes [ B5, ED, F7, 77, F9, EE, F7, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHSkipJunction + 38 77F801D8 37 Bytes [ FF, 8B, D8, 66, 8B, 03, 66, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHSkipJunction + 5E 77F801FE 13 Bytes [ 00, 83, F8, 02, 0F, 85, C0, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHSkipJunction + 6C 77F8020C 3 Bytes [ DE, 54, FF ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHSkipJunction + 72 77F80212 26 Bytes [ 74, 07, 81, 4F, 24, 00, 10, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHSkipJunction + 8D 77F8022D 7 Bytes [ 53, 8B, CE, E8, B9, 54, FF ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrCmpNA + 17 77F80A7C 20 Bytes [ E0, 53, 33, DB, 6A, 02, 43, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrCmpNA + 2C 77F80A91 157 Bytes CALL 7CE0508C C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrCmpNA + CA 77F80B2F 30 Bytes JMP AA7D1A35
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrCmpNA + E9 77F80B4E 13 Bytes CALL 77F80954 C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation)
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrCmpNA + F7 77F80B5C 11 Bytes [ E0, 85, C0, 74, 05, 8B, 4D, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathMakePrettyW + 7 77F80C93 81 Bytes [ 7D, 10, 85, FF, 89, 45, FC, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathMakePrettyW + 59 77F80CE5 7 Bytes [ 75, 14, 57, E8, F9, 96, FE ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathMakePrettyW + 61 77F80CED 4 Bytes [ 83, C4, 10, 5E ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathMakePrettyW + 66 77F80CF2 29 Bytes [ 4D, FC, 8B, C7, 5F, E8, 24, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathMakePrettyW + 84 77F80D10 48 Bytes [ 00, 8B, 44, 24, 1C, 0B, C0, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathFindExtensionA + 7 77F80FB5 157 Bytes [ 0C, 50, 89, 3E, 66, 89, 46, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathSearchAndQualifyW + 61 77F81054 17 Bytes [ 3D, 01, 00, 00, 80, 0F, 84, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrPBrkW + 64 77F810BD 21 Bytes [ 15, 38, 14, F6, 77, A3, 74, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrPBrkW + 7A 77F810D3 192 Bytes [ 66, A1, 78, D9, FC, 77, E9, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrPBrkW + 158 77F811B1 56 Bytes [ 45, 08, 85, C0, 74, 17, 8B, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrPBrkW + 191 77F811EA 17 Bytes [ 6E, 00, 64, 00, 69, 00, 6E, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrPBrkW + 1A3 77F811FC 26 Bytes [ 49, 00, 44, 00, 00, 00, 33, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsSystemFolderA + 16 77F8143E 24 Bytes [ 50, 8D, 85, F4, EF, FF, FF, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsSystemFolderA + 2F 77F81457 4 Bytes [ 85, C0, 75, 57 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsSystemFolderA + 34 77F8145C 22 Bytes [ 85, F8, EF, FF, FF, 50, 8D, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsSystemFolderA + 4C 77F81474 15 Bytes CALL 77F8158C C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation)
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsSystemFolderA + 5C 77F81484 17 Bytes [ 50, 8D, 85, F4, EF, FF, FF, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrNCatA + 4 77F815D3 55 Bytes [ 3D, 88, 14, F6, 77, C7, 06, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrNCatA + 3C 77F8160B 60 Bytes [ 55, 8B, EC, 56, FF, 75, 08, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrNCatA + 7B 77F8164A 4 Bytes [ 10, 8B, 46, 2C ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrNCatA + 81 77F81650 17 Bytes [ 0C, 8B, 08, FF, 75, 08, 50, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrNCatA + 95 77F81664 58 Bytes [ B8, D4, D0, FC, 77, E9, 31, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlEscapeW + B 77F81A40 67 Bytes [ 85, C0, 0F, 84, 85, 00, 00, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlEscapeW + 4F 77F81A84 5 Bytes [ 15, B0, 11, F6, 77 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlEscapeW + 55 77F81A8A 16 Bytes [ C0, 74, 0A, 80, 7D, EE, 00, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlEscapeW + 70 77F81AA5 4 Bytes [ 4D, FC, 5F, 5E ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlEscapeW + 76 77F81AAB 1 Byte [ 35 ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlGetLocationA + 65 77F81F22 6 Bytes [ 89, BD, EC, FD, FF, FF ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlGetLocationA + 6C 77F81F29 2 Bytes [ 3B, F9 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlGetLocationA + 70 77F81F2D 31 Bytes [ 3B, C6, 89, 85, E0, FD, FF, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlGetLocationA + 90 77F81F4D 49 Bytes CALL 77F81F4F C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation)
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlGetLocationA + C2 77F81F7F 126 Bytes CALL 77F81EC8 C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation)
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlGetLocationW + 2 77F825A9 23 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlGetLocationW + 1A 77F825C1 3 Bytes [ 74, 31, FF ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlGetLocationW + 1E 77F825C5 69 Bytes [ 66, 8B, 00, 5E, C3, 90, 90, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlGetLocationW + 64 77F8260B 50 Bytes [ 33, C0, 40, C3, 33, C0, E9, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlGetLocationW + 97 77F8263E 10 Bytes [ 83, 7D, 1C, 00, 0F, 84, 48, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrCmpCA + 6E 77F82ECC 56 Bytes [ 75, 08, 89, 45, FC, 57, 8D, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrCmpCA + A7 77F82F05 16 Bytes CALL 77F82D47 C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation)
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrCmpCA + B8 77F82F16 53 Bytes [ F8, 09, 0F, 94, C1, 51, 57, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrCmpCA + EE 77F82F4C 17 Bytes [ FF, 8B, F0, 85, F6, 0F, 85, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrCmpCA + 100 77F82F5E 9 Bytes [ 90, 90, 3A, 00, 2F, 00, 2F, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathCreateFromUrlA + 26 77F82F9B 22 Bytes [ 55, 8B, EC, 56, 8B, 75, 08, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathCreateFromUrlA + 3D 77F82FB2 4 Bytes [ 5E, 5D, C2, 04 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathCreateFromUrlA + 42 77F82FB7 159 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathCreateFromUrlA + E2 77F83057 4 Bytes [ EB, 65, 90, 90 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathCreateFromUrlA + E9 77F8305E 34 Bytes [ 8B, FF, 55, 8B, EC, 51, 51, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsContentTypeW + B 77F830AC 61 Bytes [ 66, 83, 3E, 08, 0F, 84, E0, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsContentTypeW + 49 77F830EA 44 Bytes CALL 77F82F97 C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation)
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsContentTypeW + 76 77F83117 93 Bytes [ FF, FF, 8B, 46, 1C, 85, C0, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsContentTypeW + D4 77F83175 55 Bytes CALL 77F8041C C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation)
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsContentTypeW + 14C 77F831ED 5 Bytes [ 57, E8, 7C, 4C, FE ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlIsOpaqueW + 19 77F8322B 63 Bytes [ 6A, 02, 59, 2B, C1, 0F, 84, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlIsOpaqueW + 59 77F8326B 34 Bytes [ FF, B5, 1C, FD, FF, FF, E8, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrCatBuffA + 1C 77F832A8 11 Bytes JMP 77F80863 C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation)
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrCatBuffA + 28 77F832B4 50 Bytes [ 55, 8B, EC, 81, EC, 98, 01, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrCatBuffA + 88 77F83314 4 Bytes [ 8C, ED, 23, 01 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrCatBuffA + 8D 77F83319 44 Bytes [ 68, 60, 1F, F8, 77, FF, 75, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrCatBuffA + BB 77F83347 4 Bytes CALL 77F82FBB C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation)
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsUNCServerA + 6 77F835FF 24 Bytes [ FF, 55, 8B, EC, 8D, 45, 14, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsUNCServerA + 20 77F83619 36 Bytes [ 90, 90, 90, 8B, FF, 55, 8B, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsUNCServerA + 45 77F8363E 43 Bytes [ 75, 08, 50, FF, 75, 0C, E8, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsUNCServerA + 71 77F8366A 71 Bytes [ EC, 0F, B7, 4D, 08, 8B, C1, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsUNCServerA + BB 77F836B4 71 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!HashData + 82 77F838C4 310 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlCompareW + 2E 77F839FB 10 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlCompareW + 39 77F83A06 60 Bytes [ 75, 0C, 68, 4D, 2A, F8, 77, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlCompareW + 76 77F83A43 135 Bytes [ 25, 10, 15, F6, 77, 90, 90, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlCompareW + FE 77F83ACB 50 Bytes [ FF, 90, 90, 90, 90, 90, 8B, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlCompareW + 131 77F83AFE 17 Bytes [ 41, 41, 66, 8B, 01, 66, 85, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHGetInverseCMAP + 2 77F84276 14 Bytes [ 51, 08, 8B, C6, 5E, 5D, C2, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHGetInverseCMAP + 11 77F84285 168 Bytes [ EB, F1, 90, 90, 90, 90, 90, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHGetInverseCMAP + BC 77F84330 15 Bytes [ 90, 8B, FF, 55, 8B, EC, 51, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHGetInverseCMAP + CC 77F84340 239 Bytes [ 84, C7, CE, 00, 00, FF, 75, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHGetInverseCMAP + 1BC 77F84430 35 Bytes [ 15, 38, 14, F6, 77, 33, C9, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrStrIA + 5B2 77F8CA80 541 Bytes [ 94, 94, 94, 94, 94, 94, B7, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!GetAcceptLanguagesW + 1AC 77F8CC9E 1 Byte [ 6A ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!GetAcceptLanguagesW + 1AE 77F8CCA0 408 Bytes [ 8F, 8F, 8F, 8F, 8F, 8F, AB, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrNCatW + E4 77F8CE39 565 Bytes [ 53, 75, 75, 75, 16, 16, 16, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathUndecorateW + 15A 77F8D06F 62 Bytes [ FD, F9, F9, F9, 41, 41, 41, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathUndecorateW + 199 77F8D0AE 71 Bytes [ CC, CC, 26, 26, 26, 47, 47, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathUndecorateW + 1E1 77F8D0F6 752 Bytes [ 47, 47, 47, 47, 6A, 6A, 6A, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathUndecorateW + 4D2 77F8D3E7 399 Bytes [ C3, C3, C3, C3, 1B, F4, F4, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathUndecorateW + 662 77F8D577 20 Bytes [ EC, 81, EC, 38, 02, 00, 00, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!ColorAdjustLuma + 5B 77FA12DF 87 Bytes [ 90, 43, 65, 72, 74, 43, 6C, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!ColorAdjustLuma + B4 77FA1338 43 Bytes [ 40, 01, 00, 00, B1, 83, FC, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!ColorAdjustLuma + E0 77FA1364 25 Bytes [ E0, 83, FC, 77, 49, 01, 00, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!ColorAdjustLuma + FA 77FA137E 9 Bytes [ FC, 77, 50, 01, 00, 00, B1, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!ColorAdjustLuma + 104 77FA1388 52 Bytes [ 51, 01, 00, 00, E0, 83, FC, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHCopyKeyA + 10 77FA1604 151 Bytes [ 7C, 7E, FC, 77, CC, 08, FA, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHCopyKeyA + A8 77FA169C 445 Bytes [ 7C, 7E, FC, 77, 44, 07, FA, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHCopyKeyW 77FA185A 22 Bytes [ 90, 90, 43, 41, 45, 6E, 75, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHCopyKeyW + 17 77FA1871 144 Bytes [ 6D, 43, 65, 72, 74, 54, 79, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHDeleteEmptyKeyW + 1D 77FA1902 17 Bytes [ 00, 00, 7C, 7E, FC, 77, DB, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHDeleteEmptyKeyW + 2F 77FA1914 7 Bytes [ 74, 7E, FC, 77, 38, 09, FA ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHDeleteEmptyKeyW + 37 77FA191C 282 Bytes [ D4, 79, FC, 77, 28, 09, FA, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHQueryInfoKeyA + 9D 77FA1A37 92 Bytes [ 77, 34, 0B, FA, 77, E0, 83, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHQueryInfoKeyA + FA 77FA1A94 89 Bytes [ 53, 64, 62, 52, 65, 61, 64, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegDeleteUSValueA + 57 77FA1AEE 15 Bytes [ 69, 6F, 6E, 00, 90, 90, 53, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegDeleteUSValueA + 67 77FA1AFE 90 Bytes [ 61, 62, 61, 73, 65, 00, 53, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegDeleteUSValueW + 19 77FA1B59 45 Bytes [ 65, 63, 6B, 53, 68, 65, 6C, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegDeleteUSValueW + 47 77FA1B87 79 Bytes [ 77, 52, 75, 6E, 53, 65, 74, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegDeleteEmptyUSKeyA + 34 77FA1BD7 95 Bytes [ 77, E0, 10, FA, 77, E0, 83, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegDeleteEmptyUSKeyA + 94 77FA1C37 304 Bytes [ 77, F8, 0F, FA, 77, F8, 72, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegEnumUSValueA + 31 77FA1D68 66 Bytes [ 50, 6F, 6C, 69, 63, 79, 49, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegEnumUSValueA + 74 77FA1DAB 170 Bytes [ 90, 53, 61, 66, 65, 72, 47, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegEnumUSValueW + 7F 77FA1E56 122 Bytes [ 65, 45, 78, 57, 00, 90, 52, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegQueryInfoUSKeyA + 5A 77FA1ED1 42 Bytes [ 65, 72, 79, 49, 6E, 66, 6F, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegQueryInfoUSKeyA + 85 77FA1EFC 13 Bytes [ 52, 65, 67, 4F, 70, 65, 6E, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegSetPathW + A 77FA1F0A 79 Bytes [ 90, 90, 52, 65, 67, 4F, 70, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegSetPathW + 5A 77FA1F5A 48 Bytes [ 90, 90, 52, 65, 67, 44, 65, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegSetPathW + 8C 77FA1F8C 46 Bytes [ 52, 65, 67, 43, 72, 65, 61, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegSetPathA + 2D 77FA1FBB 48 Bytes [ 90, 4F, 70, 65, 6E, 54, 68, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegSetPathA + 5E 77FA1FEC 165 Bytes [ 65, 67, 65, 56, 61, 6C, 75, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegWriteUSValueA + 25 77FA2092 239 Bytes [ 72, 63, 65, 00, 90, 90, 43, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegWriteUSValueA + 115 77FA2182 48 Bytes [ 00, 00, 6D, 85, FC, 77, 0D, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegWriteUSValueA + 146 77FA21B3 27 Bytes [ 00, C0, 00, 00, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegWriteUSValueA + 164 77FA21D1 22 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegWriteUSValueA + 17C 77FA21E9 1 Byte [ 00 ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegGetPathA + 13 77FA22E7 72 Bytes [ 99, F7, F9, 50, EB, 25, 8B, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegGetPathW + 2F 77FA2330 13 Bytes [ 75, 08, FF, 35, 60, D4, FC, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegGetPathW + 3D 77FA233E 37 Bytes [ 5D, C2, 0C, 00, 90, 90, 90, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegGetPathW + 63 77FA2364 12 Bytes [ 07, 80, EB, 30, 56, 57, FF, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegGetPathW + 70 77FA2371 24 Bytes [ 75, 10, 8D, 70, FF, 56, 57, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegGetPathW + 89 77FA238A 98 Bytes [ 07, EB, 09, BB, 7A, 00, 07, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegSetUSValueA + 37 77FA2756 102 Bytes [ FF, 6A, 40, FF, 15, 84, 14, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegSetUSValueA + 9E 77FA27BD 17 Bytes [ FF, 15, 40, 10, F6, 77, 8B, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegSetUSValueA + B0 77FA27CF 5 Bytes [ 8D, 85, F8, FE, FF ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegSetUSValueA + B6 77FA27D5 4 Bytes [ FF, B5, E8, FD ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegSetUSValueA + BB 77FA27DA 177 Bytes [ FF, FF, B5, CC, FD, FF, FF, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrRChrIA + B 77FA44DA 8 Bytes [ 8D, 85, F0, FA, FF, FF, 50, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrRChrIA + 14 77FA44E3 37 Bytes [ F8, FA, FF, FF, 50, FF, 15, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrRChrIA + 3A 77FA4509 61 Bytes [ 41, 18, 33, D2, F7, 71, 1C, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrPBrkA + 13 77FA4547 57 Bytes [ E2, FA, FF, FF, 50, 0F, B7, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrPBrkA + 4D 77FA4581 54 Bytes [ 11, F6, 77, 50, 8D, 85, F8, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrToInt64ExA + 34 77FA45B8 6 Bytes [ FA, FF, FF, 50, 0F, B7 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrToInt64ExA + 3B 77FA45BF 11 Bytes [ E6, FA, FF, FF, 50, 0F, B7, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrToInt64ExA + 47 77FA45CB 57 Bytes [ 50, 0F, B7, 85, E0, FA, FF, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrToIntExA + 2 77FA4605 9 Bytes [ 50, FF, B5, F4, FA, FF, FF, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrToIntExA + C 77FA460F 324 Bytes [ B5, F4, FA, FF, FF, FF, 15, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrCSpnIA + 16 77FA4754 47 Bytes [ 6C, 75, 2C, 25, 6C, 75, 09, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrCSpnIA + 46 77FA4784 62 Bytes [ 5C, 73, 68, 70, 65, 72, 66, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrRStrIA + 4C 77FA47D4 27 Bytes [ 81, A5, F4, FE, FF, FF, FF, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrRStrIA + 68 77FA47F0 22 Bytes [ FF, A1, AC, D3, FC, 77, 39, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrRStrIA + 7F 77FA4807 96 Bytes [ CB, 23, 08, 66, F7, C1, 49, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrStrNW + 4C 77FA4868 11 Bytes [ FF, FF, 89, 06, 8B, 45, 1C, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrStrNW + 58 77FA4874 7 Bytes [ 15, A4, 11, F6, 77, 84, DB ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrStrNW + 60 77FA487C 29 Bytes [ BD, F0, FE, FF, FF, 89, 46, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!IntlStrEqWorkerA + D 77FA489A 70 Bytes [ 51, FF, B5, F0, FE, FF, FF, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!IntlStrEqWorkerA + 54 77FA48E1 5 Bytes [ 57, FF, B5, F8, FE ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!IntlStrEqWorkerA + 5A 77FA48E7 4 Bytes [ FF, FF, 70, 60 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!IntlStrEqWorkerA + 5F 77FA48EC 40 Bytes [ D1, A1, AC, D3, FC, 77, 83, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!IntlStrEqWorkerA + 88 77FA4915 108 Bytes [ 15, 57, FF, B5, F8, FE, FF, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrTrimA + 2 77FA4982 40 Bytes [ 08, 00, 00, 00, A1, AC, D3, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrTrimA + 2B 77FA49AB 61 Bytes [ 4D, FC, 8B, 85, EC, FE, FF, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrTrimA + 69 77FA49E9 40 Bytes [ 75, 10, FF, 75, 0C, FF, 75, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrTrimA + 92 77FA4A12 83 Bytes [ 56, 56, 68, 00, 01, 00, 00, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrRetToBSTR + 2D 77FA4A66 15 Bytes [ FF, 55, 8B, EC, 5D, E9, 25, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrRetToBSTR + 3D 77FA4A76 57 Bytes [ FF, 55, 8B, EC, 81, EC, 04, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrRetToBSTR + 77 77FA4AB0 6 Bytes [ 75, 1C, 8D, 85, FC, FE ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrRetToBSTR + 7E 77FA4AB7 4 Bytes [ FF, FF, 75, 18 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrRetToBSTR + 83 77FA4ABC 9 Bytes [ 75, 14, FF, 75, 10, 50, FF, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrRetToBufA + 15 77FA4B06 1 Byte [ 48 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrRetToBufA + 17 77FA4B08 56 Bytes [ 47, 48, 0F, 85, 60, 01, 00, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrRetToBufA + 50 77FA4B41 111 Bytes [ 15, F4, 17, F6, 77, A3, D0, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHStrDupA + 41 77FA4BB1 28 Bytes [ 83, C4, 10, 33, DB, 53, FF, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrCatChainW + 2 77FA4BCE 105 Bytes [ FF, A1, AC, D3, FC, 77, 8B, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrChrNIW + 1D 77FA4C38 73 Bytes [ 15, 68, 14, F6, 77, 85, C0, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrRChrIW + 23 77FA4C82 120 Bytes [ 00, 90, 53, 68, 65, 6C, 6C, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrStrNIW + E 77FA4CFB 39 Bytes [ 06, 83, 7D, 14, 08, 75, 32, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrStrNIW + 36 77FA4D23 62 Bytes [ 53, 53, 6A, 03, 6A, 01, 8D, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrStrNIW + 75 77FA4D62 69 Bytes [ 41, 20, EB, 0D, 33, D2, F7, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrStrNIW + BB 77FA4DA8 6 Bytes [ 53, 61, 6D, 65, 25, 73 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrStrNIW + C2 77FA4DAF 42 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrFormatByteSize64A + 4 77FA4F73 69 Bytes [ 80, A4, 00, 00, 00, 89, 58, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrFormatByteSizeA + 4 77FA4FB9 9 Bytes [ 4D, FC, 5F, 5E, 5B, E8, 5D, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrFormatByteSizeA + E 77FA4FC3 42 Bytes [ C9, C2, 04, 00, 90, 25, 73, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrFormatByteSizeA + 39 77FA4FEE 29 Bytes [ 45, 08, 8B, 0D, AC, D3, FC, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrFormatByteSizeA + 57 77FA500C 50 Bytes [ 00, A1, 80, D2, FC, 77, 53, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrRetToStrA + 2F 77FA5040 8 Bytes [ 75, 07, 6A, 01, E8, 88, EE, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrRetToStrA + 38 77FA5049 80 Bytes [ 56, FF, 75, 28, 68, 02, 04, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrRetToStrA + 89 77FA509A 16 Bytes [ 00, 00, 6A, 27, 8D, 45, C0, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrRetToStrA + 9A 77FA50AB 11 Bytes [ 18, F6, 77, A1, AC, D3, FC, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrRetToStrA + A6 77FA50B7 47 Bytes [ C0, 74, 12, 6A, 13, 57, FF, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrFromTimeIntervalA + 46 77FA5296 88 Bytes [ EB, FF, FF, 8B, F8, E8, D1, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrFromTimeIntervalW + 34 77FA52EF 174 Bytes [ 12, 56, 57, 6A, 42, 6A, 01, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrFromTimeIntervalW + E5 77FA53A0 38 Bytes [ 8D, 85, 24, FF, FF, FF, 50, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrFromTimeIntervalW + 119 77FA53D4 1 Byte [ 6A ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrFromTimeIntervalW + 11B 77FA53D6 32 Bytes [ 6A, 03, 6A, 03, 8D, 85, 4C, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrFromTimeIntervalW + 13C 77FA53F7 2 Bytes [ 90, 41 ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!IsCharSpaceA + 4B 77FA60C8 3 Bytes [ 85, 7C, FF ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!IsCharSpaceA + 4F 77FA60CC 6 Bytes [ FF, 56, 50, E8, 8C, FC ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!IsCharSpaceA + 56 77FA60D3 5 Bytes [ FF, 8D, 85, 7C, FF ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!IsCharSpaceA + 5C 77FA60D9 62 Bytes [ FF, 50, FF, 75, 0C, 57, E8, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!IsCharSpaceA + 9B 77FA6118 15 Bytes [ FF, 6A, 01, 8D, 45, 14, 50, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathRemoveArgsA + 2 77FA7018 19 Bytes [ FF, FF, FF, FF, FF, FF, FF, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathRemoveArgsA + 16 77FA702C 5 Bytes [ 00, 00, 00, C0, 00 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathRemoveArgsA + 1C 77FA7032 18 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathRemoveArgsA + 30 77FA7046 3 Bytes [ 00, 00, 00 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathRemoveArgsA + 34 77FA704A 136 Bytes [ 00, 00, 01, 00, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathFindSuffixArrayA + 19 77FA70D4 98 Bytes [ 0C, 8D, 45, FC, FF, 75, 08, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathFindSuffixArrayA + 7C 77FA7137 70 Bytes [ 8B, DE, 57, FF, 15, 88, 14, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathRemoveExtensionA + 21 77FA717F 3 Bytes [ 8B, FF, 55 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathRemoveExtensionA + 25 77FA7183 4 Bytes [ EC, 51, 51, 53 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathRemoveExtensionA + 2A 77FA7188 321 Bytes [ 5D, 14, 56, 57, 8B, 7D, 18, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsPrefixA + 1E 77FA72CA 82 Bytes [ 15, 78, 14, F6, 77, 3B, C6, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathRemoveFileSpecA + 11 77FA731D 114 Bytes [ 56, 68, 88, D3, FC, 77, FF, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsFileSpecA + 6 77FA7390 117 Bytes [ 00, 89, 45, E4, 53, FF, 15, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathGetDriveNumberA + 2 77FA7406 5 Bytes [ 75, D0, FF, D6, FF ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathGetDriveNumberA + 8 77FA740C 113 Bytes [ D4, FF, D6, FF, 75, B4, 89, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathSearchAndQualifyA + 2 77FA747E 31 Bytes [ 75, B4, FF, 75, B0, FF, 74, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathSearchAndQualifyA + 23 77FA749F 38 Bytes CALL 4EA2AAA3
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathSearchAndQualifyA + 4A 77FA74C6 7 Bytes [ F8, 89, 44, 0D, D8, FF, D6 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathSearchAndQualifyA + 53 77FA74CF 1 Byte [ F4 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathSearchAndQualifyA + 55 77FA74D1 168 Bytes [ D6, 83, 45, FC, 04, 83, 7D, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsDirectoryA + 2 77FA757A 34 Bytes [ FF, 66, 8C, 85, BC, FD, FF, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsDirectoryA + 25 77FA759D 12 Bytes [ 01, 00, 01, 00, 8B, 45, 04, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsDirectoryA + 32 77FA75AA 19 Bytes [ 8D, 45, 04, 89, 85, EC, FD, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsDirectoryA + 46 77FA75BE 19 Bytes [ FF, 6A, 14, 59, 33, C0, 8D, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsDirectoryA + 5A 77FA75D2 41 Bytes [ 09, 04, 00, C0, 8B, 45, 04, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathUnquoteSpacesA + 1D 77FA76AB 22 Bytes [ 57, 8B, F0, FF, 15, 00, 10, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathUnquoteSpacesA + 34 77FA76C2 4 Bytes [ 81, E6, FF, FF ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathUnquoteSpacesA + 39 77FA76C7 11 Bytes [ 00, 81, CE, 00, 00, 07, 80, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathQuoteSpacesA + 39 77FA7705 33 Bytes [ 75, 0C, FF, 75, 08, E8, B4, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathFindNextComponentA + 7 77FA7727 24 Bytes [ D8, 85, DB, 74, 2A, 8D, 45, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathFindNextComponentA + 20 77FA7740 3 Bytes [ 8B, F0, 85 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathFindNextComponentA + 24 77FA7744 16 Bytes [ 75, 07, 8B, 45, 14, 89, 18, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathFindNextComponentA + 35 77FA7755 20 Bytes [ 03, 6A, 0E, 5E, 85, F6, 7E, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathFindNextComponentA + 4A 77FA776A 70 Bytes [ C6, 5E, 5B, C9, C2, 10, 00, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathMatchSpecA + 2 77FA789A 95 Bytes [ 75, 0C, FF, 75, 08, 57, FF, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathSkipRootA + 12 77FA78FA 77 Bytes CALL 77F82C98 C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation)
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathSkipRootA + 60 77FA7948 19 Bytes [ 00, 53, 6A, 40, 89, 5D, F4, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsSameRootA + F 77FA795C 10 Bytes [ 39, 7D, FC, 74, 1B, 8B, 75, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsSameRootA + 1A 77FA7967 53 Bytes [ 8B, F8, 8B, C1, C1, E9, 02, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsURLA + 8 77FA799D 50 Bytes [ 3B, 08, 75, 13, 6A, 00, 53, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsContentTypeA + 4 77FA79D0 16 Bytes [ FB, 8B, 5D, F4, 89, 45, FC, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsContentTypeA + 15 77FA79E1 13 Bytes [ 20, 85, FF, 74, 51, 8D, 45, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsContentTypeA + 23 77FA79EF 3 Bytes [ 8E, FE, FF ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsContentTypeA + 27 77FA79F3 41 Bytes [ 39, 5D, 18, 89, 45, 20, 76, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsContentTypeA + 52 77FA7A1E 15 Bytes [ 75, 08, 39, 4D, 14, 75, 03, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathGetCharTypeA + C 77FA7A58 158 Bytes [ F3, 74, 6B, 8B, 45, 0C, 8B, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathGetCharTypeA + AC 77FA7AF8 160 Bytes [ 14, 53, 8B, 5D, 18, 56, 8B, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathGetCharTypeA + 14D 77FA7B99 17 Bytes [ 85, B4, FE, FF, FF, 0F, 84, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathGetCharTypeA + 15F 77FA7BAB 40 Bytes [ FF, 8D, 85, BC, FE, FF, FF, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathGetCharTypeA + 189 77FA7BD5 1 Byte [ B0 ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathUnmakeSystemFolderA + 1C 77FA7C57 184 Bytes [ B5, B4, FE, FF, FF, E8, 2C, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathUndecorateA + 18 77FA7D10 78 Bytes CALL 77FA7775 C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation)
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathUndecorateA + 67 77FA7D5F 34 Bytes [ 15, 88, 14, F6, 77, 33, C0, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathUndecorateA + 8A 77FA7D82 252 Bytes [ 65, 49, 6E, 66, 6F, 5C, 30, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathUndecorateA + 187 77FA7E7F 6 Bytes [ 07, 80, 74, 41, 3B, FB ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathUndecorateA + 18E 77FA7E86 52 Bytes [ 0C, 3B, D3, 75, 05, 39, 5D, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathMakePrettyA + 1 77FA805E 78 Bytes [ 35, D8, 11, F6, 77, 57, 6A, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathMakePrettyA + 50 77FA80AD 7 Bytes [ 5D, C2, 08, 00, 33, C0, 40 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathMakePrettyA + 63 77FA80C0 1 Byte [ 83 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathMakePrettyA + 65 77FA80C2 51 Bytes [ 0C, 53, 56, 33, F6, 39, 75, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathMakePrettyA + 99 77FA80F6 60 Bytes [ D7, 8B, 75, F8, 3B, F0, 7C, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathRemoveBlanksA + 33 77FA822B 25 Bytes [ D8, 8B, CB, 2B, 4D, 0C, 8B, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathRemoveBlanksA + 4D 77FA8245 84 Bytes [ 85, C0, 74, 16, 80, 3F, 00, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathRemoveBackslashA + 45 77FA829A 14 Bytes [ 10, 00, 5F, EB, 02, 33, C0, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathRemoveBackslashA + 57 77FA82AC 9 Bytes [ 8B, FF, 55, 8B, EC, 33, C0, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathStripToRootA + 9 77FA82B6 9 Bytes [ 74, 27, 39, 45, 0C, 74, 22, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathStripToRootA + 13 77FA82C0 5 Bytes [ 75, 08, FF, 75, 0C ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathStripToRootA + 19 77FA82C6 2 Bytes [ DD, FE ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathStripToRootA + 1D 77FA82CA 45 Bytes [ FF, 75, 08, 8B, F0, FF, 15, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsNetworkPathA + 19 77FA82F8 3 Bytes [ 04, 90, FC ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsNetworkPathA + 1D 77FA82FC 33 Bytes [ 85, C0, 75, 03, 8B, 45, 08, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathStripPathA + 7 77FA831E 76 Bytes [ C7, 8B, F7, 74, 29, 8A, 08, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsDirectoryEmptyA + 27 77FA836B 32 Bytes [ 38, 46, 01, 74, 0F, 88, 46, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsDirectoryEmptyA + 48 77FA838C 27 Bytes [ 55, 8B, EC, 8B, 45, 08, 85, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsDirectoryEmptyA + 64 77FA83A8 91 Bytes [ 15, EC, 17, F6, 77, 8A, 08, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsDirectoryEmptyA + C0 77FA8404 82 Bytes [ 8B, FF, 55, 8B, EC, 56, 8B, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathCompactPathA + 4A 77FA8457 2 Bytes [ 55, 8B ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathCompactPathA + 4D 77FA845A 34 Bytes [ 8B, 45, 08, EB, 0F, 80, 38, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathCompactPathA + 70 77FA847D 25 Bytes [ FF, 55, 8B, EC, 56, 33, F6, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathCompactPathA + 8A 77FA8497 24 Bytes [ 74, 4D, 68, F0, 74, FA, 77, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathCompactPathA + A3 77FA84B0 29 Bytes [ 6A, 00, FF, 75, 08, 6A, 00, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathSetDlgItemPathA + 5D 77FA8722 13 Bytes [ 55, 8B, EC, 56, 8B, 75, 08, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathSetDlgItemPathA + 6B 77FA8730 2 Bytes [ 74, 28 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathSetDlgItemPathA + 6E 77FA8733 1 Byte [ 5C ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathSetDlgItemPathA + D2 77FA8797 91 Bytes [ 00, 00, 3C, 3F, 74, 4E, 0F, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathParseIconLocationA + 57 77FA87F3 295 Bytes [ 00, 75, 91, 80, 3F, 00, 75, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathMakeSystemFolderA + 109 77FA891B 91 Bytes [ F0, 85, F6, 74, 21, 46, EB, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathMakeSystemFolderA + 165 77FA8977 145 Bytes [ 0C, 2B, F7, 40, 3B, F0, 7F, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathMakeSystemFolderA + 1F7 77FA8A09 15 Bytes [ 51, 56, 50, 6A, 0E, 56, C7, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathMakeSystemFolderA + 214 77FA8A26 66 Bytes [ FE, FF, FF, 50, FF, 15, 68, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathMakeSystemFolderA + 257 77FA8A69 129 Bytes [ 3B, 48, 48, 74, 0E, 83, E8, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathRelativePathToA + 27 77FA8FB1 16 Bytes [ 15, 6C, 14, F6, 77, 8B, D8, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathRelativePathToA + 38 77FA8FC2 32 Bytes [ 8D, 85, F8, FE, FF, FF, 50, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathRelativePathToA + 59 77FA8FE3 30 Bytes [ 15, EC, 11, F6, 77, EB, 02, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathRelativePathToA + 78 77FA9002 12 Bytes [ 55, 8B, EC, 6A, 00, 6A, 00, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathRelativePathToA + 85 77FA900F 2 Bytes [ FF, FF ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathCompactPathExA + 43 77FA913C 63 Bytes [ FF, 50, 8D, 85, D0, FE, FF, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathCompactPathExA + 83 77FA917C 24 Bytes [ 03, 33, FF, 47, FF, B5, F8, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathCompactPathExA + 9C 77FA9195 3 Bytes [ 87, BE, FB ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathCompactPathExA + A0 77FA9199 17 Bytes [ C9, C2, 08, 00, 90, 90, 90, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathCompactPathExA + B2 77FA91AB 50 Bytes [ 56, 57, 74, 3C, 83, 7D, 0C, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathUnExpandEnvStringsA + 2 77FA9479 5 Bytes [ FF, FF, D7, 8B, 45 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathUnExpandEnvStringsA + 8 77FA947F 49 Bytes [ 39, 85, E0, FE, FF, FF, 0F, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathUnExpandEnvStringsA + 3A 77FA94B1 167 Bytes [ B5, F0, FE, FF, FF, 8D, 85, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathUnExpandEnvStringsA + E2 77FA9559 2 Bytes [ FF, 56 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathUnExpandEnvStringsA + E5 77FA955C 4 Bytes [ B5, F0, FE, FF ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!AssocQueryStringA + 29 77FAFE46 17 Bytes [ B5, 80, F3, FF, FF, FF, 75, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!AssocQueryStringA + 3B 77FAFE58 5 Bytes [ B5, 78, F3, FF, FF ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!AssocQueryStringA + 41 77FAFE5E 8 Bytes [ B5, C4, F9, FF, FF, FF, B5, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!AssocQueryStringA + 4B 77FAFE68 17 Bytes [ FF, FF, 15, 54, 13, F6, 77, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!AssocQueryStringA + 5D 77FAFE7A 36 Bytes [ 73, 04, 8B, F3, 8D, BD, 30, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!AssocQueryStringByKeyA + B 77FAFF63 70 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!AssocQueryStringByKeyA + 52 77FAFFAA 4 Bytes [ B5, EC, FD, FF ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!AssocQueryStringByKeyA + 57 77FAFFAF 8 Bytes [ 56, FF, 15, E0, D1, FC, 77, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!AssocQueryStringByKeyA + 60 77FAFFB8 2 Bytes CALL 03FAFFBA
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!AssocQueryStringByKeyA + 64 77FAFFBC 5 Bytes [ 8B, F0, E8, D2, A4 ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!AssocQueryKeyA + 2 77FB006F 30 Bytes [ 75, 14, 56, 57, FF, 75, 08, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!AssocQueryKeyA + 21 77FB008E 18 Bytes [ 8B, 45, F8, 68, EC, 03, 00, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!AssocQueryKeyA + 3F 77FB00AC 11 Bytes [ 74, 16, 85, F6, 74, 12, 8D, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!AssocQueryKeyA + 4B 77FB00B8 21 Bytes CALL 77FAA700 C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation)
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!AssocQueryKeyA + 61 77FB00CE 23 Bytes [ FF, 8B, 4D, FC, 8B, C7, 5F, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathFindSuffixArrayW + 2F 77FB100C 23 Bytes [ FF, FF, 75, 0C, FF, 75, 08, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathFindSuffixArrayW + 70 77FB104D 2 Bytes [ FF, E8 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathFindSuffixArrayW + 73 77FB1050 29 Bytes [ C5, FB, FF, 8B, 85, DC, FE, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathQuoteSpacesW + 7 77FB106E 52 Bytes [ FF, 55, 8B, EC, 81, EC, 20, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathSkipRootW + 13 77FB10D5 94 Bytes [ FF, FF, 75, 0C, FF, 75, 08, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsSameRootW + 15 77FB1134 47 Bytes [ BF, 04, 01, 00, 00, 57, 8D, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsSameRootW + 45 77FB1164 184 Bytes [ 00, 8B, 86, 84, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathUnmakeSystemFolderW + 11 77FB1237 25 Bytes [ 90, 25, 00, 25, 00, 25, 00, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathUnmakeSystemFolderW + 2B 77FB1251 3 Bytes [ 55, 8B, EC ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathUnmakeSystemFolderW + 30 77FB1256 73 Bytes [ 39, 05, 68, DA, FC, 77, 56, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsLFNFileSpecW + 6 77FB12A0 1 Byte [ 45 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsLFNFileSpecW + 8 77FB12A2 9 Bytes [ 57, 8B, 7D, 0C, 8D, 8D, 70, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsLFNFileSpecW + 12 77FB12AC 92 Bytes [ 89, 85, 6C, FF, FF, FF, 89, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsLFNFileSpecW + F6 77FB1390 7 Bytes [ 75, 11, 6A, FF, FF, B5, 68 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsLFNFileSpecW + 108 77FB13A2 35 Bytes [ F8, 8D, 8D, 70, FF, FF, FF, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathRenameExtensionW + 2E 77FB1440 192 Bytes [ 8D, 70, FF, FF, FF, E8, 08, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsDirectoryEmptyW + 97 77FB1501 21 Bytes [ D3, 8D, 44, 00, 02, 50, FF, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsDirectoryEmptyW + AD 77FB1517 5 Bytes [ FF, E8, 42, 92, FB ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsDirectoryEmptyW + B3 77FB151D 44 Bytes [ 6A, 00, 8D, 85, F0, FD, FF, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathCompactPathW + 15 77FB154A 116 Bytes [ F4, FD, FF, FF, 50, FF, B5, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathCompactPathW + 8C 77FB15C1 22 Bytes [ 89, 85, E0, FD, FF, FF, FF, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathCompactPathW + A3 77FB15D8 16 Bytes [ FF, 83, 85, E4, FD, FF, FF, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathCompactPathW + B4 77FB15E9 10 Bytes [ 5E, 5B, 8B, 4D, FC, 8B, 85, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathCompactPathW + D0 77FB1605 46 Bytes [ 55, 8B, EC, 8B, 45, 08, 53, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathSetDlgItemPathW + 14 77FB17FD 12 Bytes [ FB, 77, 89, 85, E4, FD, FF, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathSetDlgItemPathW + 21 77FB180A 9 Bytes [ FF, 68, 04, 01, 00, 00, 33, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathSetDlgItemPathW + 2B 77FB1814 1 Byte [ BD ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathSetDlgItemPathW + 33 77FB181C 9 Bytes [ FB, FF, 83, C4, 10, 8D, 85, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathSetDlgItemPathW + 3D 77FB1826 22 Bytes [ FF, 50, 8D, 85, F0, FD, FF, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathCompactPathExW + 34 77FB1B26 79 Bytes [ EB, 03, 33, DB, 43, 8B, 4D, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathCompactPathExW + CC 77FB1BBE 83 Bytes [ 98, FB, FF, 8B, 4D, FC, 5F, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathCompactPathExW + 120 77FB1C12 14 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathCompactPathExW + 130 77FB1C22 62 Bytes [ A1, 80, D2, FC, 77, 53, 56, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathCompactPathExW + 16F 77FB1C61 60 Bytes [ 83, 04, 07, 80, 83, E3, 40, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathUnExpandEnvStringsW + 5F 77FB1EC8 7 Bytes [ 55, 8B, EC, 81, EC, 0C, 02 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathUnExpandEnvStringsW + 67 77FB1ED0 59 Bytes [ 00, A1, 80, D2, FC, 77, 56, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathUnExpandEnvStringsW + A3 77FB1F0C 11 Bytes [ 8B, F8, 85, FF, 74, 3A, 85, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathUnExpandEnvStringsW + AF 77FB1F18 26 Bytes [ 15, 70, 14, F6, 77, 8D, 44, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathUnExpandEnvStringsW + CA 77FB1F33 13 Bytes [ 0D, 68, 24, 62, F9, 77, 6A, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegisterValidateTemplate + 3B 77FB6158 64 Bytes [ 85, C0, 74, 4D, 83, 7D, 10, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegisterValidateTemplate + 7C 77FB6199 11 Bytes [ 75, 14, FF, 75, 10, FF, 75, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegisterValidateTemplate + 88 77FB61A5 30 Bytes [ 50, 14, 8B, D8, 5F, 8B, C3, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegisterValidateTemplate + A7 77FB61C4 21 Bytes [ 39, 7D, 14, 75, 0A, B8, 57, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegisterValidateTemplate + BD 77FB61DA 12 Bytes [ 08, F6, 86, 18, 02, 00, 00, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHReleaseThreadRef + 40 77FB6EA8 10 Bytes [ 15, 70, 13, F6, 77, 8B, 4D, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHReleaseThreadRef + 4B 77FB6EB3 2 Bytes [ 69, E1 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHReleaseThreadRef + 4F 77FB6EB7 1 Byte [ C9 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHReleaseThreadRef + 51 77FB6EB9 1 Byte [ 08 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHReleaseThreadRef + 54 77FB6EBC 75 Bytes [ 41, 64, 64, 49, 6E, 74, 65, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHIsLowMemoryMachine + 3F 77FB6F08 4 Bytes [ 56, 68, 02, 00 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHIsLowMemoryMachine + 60 77FB6F29 1 Byte [ 56 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHIsLowMemoryMachine + 7C 77FB6F45 7 Bytes [ FF, 55, 8B, EC, 56, 6A, 04 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHIsLowMemoryMachine + 84 77FB6F4D 36 Bytes [ 75, 0C, BE, F8, 62, F9, 77, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHIsLowMemoryMachine + A9 77FB6F72 1 Byte [ 56 ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!GetAcceptLanguagesA + 41 77FBDE36 1 Byte [ 10 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!GetAcceptLanguagesA + 43 77FBDE38 2 Bytes [ 4B, 01 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!GetAcceptLanguagesA + 46 77FBDE3B 74 Bytes [ 00, 57, FF, 15, C4, 17, F6, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!GetAcceptLanguagesA + D3 77FBDEC8 37 Bytes [ FF, 75, 14, FF, 75, 10, 50, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!GetAcceptLanguagesA + FA 77FBDEEF 107 Bytes [ 10, FF, 35, 80, DC, FC, 77, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlCompareA + 24 77FBED91 1 Byte [ 01 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlCompareA + 26 77FBED93 12 Bytes CALL 77FADA37 C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation)
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlCompareA + 33 77FBEDA0 9 Bytes [ 15, 88, 14, F6, 77, EB, 03, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlCompareA + 3D 77FBEDAA 12 Bytes [ 8B, 4D, FC, 5F, 8B, C6, 5E, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlCompareA + 4A 77FBEDB7 133 Bytes [ C9, C3, 90, 90, 90, 70, 73, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlHashA 77FBEE82 54 Bytes [ 90, 90, 8B, FF, 55, 8B, EC, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlHashA + 3A 77FBEEBC 77 Bytes [ 8B, FF, 55, 8B, EC, 56, 8B, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlHashW + 4D 77FBEF0A 71 Bytes [ 5D, C2, 0C, 00, 90, 90, 4D, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlHashW + 95 77FBEF52 43 Bytes [ FF, 55, 8B, EC, 81, EC, 0C, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlHashW + C1 77FBEF7E 214 Bytes [ 45, 08, 50, 57, 57, FF, 15, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlHashW + 198 77FBF055 99 Bytes [ FF, 89, 45, FC, 8B, 45, 0C, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlHashW + 1FC 77FBF0B9 58 Bytes [ 8D, 8D, F8, FE, FF, FF, 89, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlEscapeA + 1 77FBF73E 7 Bytes [ 00, 25, 00, FF, 00, 00, 09 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlEscapeA + 9 77FBF746 29 Bytes [ 83, 7B, 14, 00, 74, 0A, 8B, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlEscapeA + 27 77FBF764 36 Bytes [ 55, 8B, EC, 8B, 45, 08, 8B, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlEscapeA + 4C 77FBF789 40 Bytes [ 85, C0, 74, 12, 6A, 0A, 59, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlEscapeA + 75 77FBF7B2 35 Bytes [ 41, 24, 85, C0, 75, 13, 39, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlGetPartA + 2D 77FBF857 1 Byte [ 02 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlGetPartA + 2F 77FBF859 76 Bytes [ 00, 23, C3, 50, FF, 76, 14, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlGetPartA + 7C 77FBF8A6 8 Bytes [ 76, 14, FF, 76, 10, E8, 46, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlGetPartA + 87 77FBF8B1 34 Bytes [ 75, F8, 89, 45, 08, 8D, 45, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlGetPartA + AA 77FBF8D4 24 Bytes [ 55, 8B, EC, 56, 8B, 75, 08, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlUnescapeA + 13 77FBF943 100 Bytes [ FF, 55, 8B, EC, 51, 83, 65, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlUnescapeA + 78 77FBF9A8 16 Bytes [ F4, C7, 45, FC, 05, 40, 00, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlUnescapeA + 89 77FBF9B9 34 Bytes [ 55, 8B, EC, 8B, 45, 08, 66, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlCreateFromPathA + 1A 77FBF9DC 68 Bytes [ EC, 81, EC, 34, 04, 00, 00, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlCreateFromPathA + 5F 77FBFA21 39 Bytes [ 50, 01, 00, 00, 56, BE, 04, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlCreateFromPathA + 87 77FBFA49 35 Bytes [ 50, 8D, 85, F4, FD, FF, FF, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlCreateFromPathA + AB 77FBFA6D 33 Bytes [ FF, 89, BD, D8, FB, FF, FF, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlCreateFromPathA + CD 77FBFA8F 69 Bytes [ 50, 6A, FF, 8D, 85, F8, FE, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlApplySchemeA + 27 77FBFAD6 17 Bytes [ FF, 50, 8D, 85, F4, FD, FF, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlApplySchemeA + 39 77FBFAE8 3 Bytes CALL C8FBFAE8
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlApplySchemeA + 3E 77FBFAED 8 Bytes [ 50, 8D, 85, F8, FE, FF, FF, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlApplySchemeA + 47 77FBFAF6 11 Bytes [ B5, D8, FB, FF, FF, 89, B5, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlApplySchemeA + 53 77FBFB02 11 Bytes [ B5, DC, FB, FF, FF, 89, B5, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlApplySchemeW 77FBFB8A 56 Bytes [ 90, 90, 53, 6F, 66, 74, 77, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlApplySchemeW + 39 77FBFBC3 81 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlApplySchemeW + B4 77FBFC3E 1 Byte [ 53 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlApplySchemeW + F9 77FBFC83 38 Bytes [ 00, 5C, 00, 57, 00, 69, 00, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlApplySchemeW + 120 77FBFCAA 48 Bytes [ 73, 00, 69, 00, 6F, 00, 6E, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlIsNoHistoryA + 1C 77FC0002 36 Bytes [ C7, 5F, 5E, C3, 90, 90, 90, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlIsNoHistoryA + 41 77FC0027 1 Byte [ 6A ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlIsNoHistoryA + 43 77FC0029 1 Byte [ 6A ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlIsNoHistoryA + 45 77FC002B 6 Bytes [ 6A, 2F, 53, FF, 76, 04 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlIsNoHistoryA + 4C 77FC0032 113 Bytes CALL 77F83B77 C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation)
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHCreateStreamOnFileA + 1D 77FC024E 72 Bytes [ 4C, 4D, BC, 66, 85, C9, 74, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHCreateStreamOnFileA + 66 77FC0297 12 Bytes [ A8, EF, FF, FF, 01, 00, 00, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHCreateStreamOnFileA + 73 77FC02A4 75 Bytes [ FF, 8B, 8D, A0, EF, FF, FF, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHCreateStreamOnFileA + BF 77FC02F0 18 Bytes [ FF, 83, BD, A4, EF, FF, FF, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHCreateStreamOnFileA + D2 77FC0303 16 Bytes [ FF, B5, AC, EF, FF, FF, FF, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHOpenRegStreamW 77FC23BE 128 Bytes [ 90, 8B, FF, 55, 8B, EC, 83, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHOpenRegStreamW + 81 77FC243F 23 Bytes CALL BDC32DB9
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHOpenRegStreamW + 99 77FC2457 100 Bytes [ 56, FF, 15, 8C, 13, F6, 77, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHOpenRegStreamW + FE 77FC24BC 11 Bytes [ 68, D2, 12, FC, 77, 89, 75, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHOpenRegStreamW + 10A 77FC24C8 63 Bytes [ 15, E4, 13, F6, 77, 85, C0, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!DllGetVersion + 47 77FC5B30 20 Bytes [ 8B, FF, 55, 8B, EC, 83, EC, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!DllGetVersion + 5C 77FC5B45 20 Bytes [ FF, 75, 10, 89, 45, E8, FF, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!DllGetVersion + 10F 77FC5BF8 51 Bytes [ 55, 8B, EC, 8B, 45, 08, 6A, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!DllGetVersion + 143 77FC5C2C 146 Bytes [ 55, 8B, EC, 53, 56, 8B, F1, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!DllGetVersion + 1D6 77FC5CBF 100 Bytes [ 8B, 46, 24, 2B, C7, C1, E0, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!DelayLoadFailureHook + 20 77FC6BB5 82 Bytes [ 55, 8B, EC, 8B, 45, 08, 56, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!DelayLoadFailureHook + 74 77FC6C09 6 Bytes [ 5E, 0F, 95, C1, 8B, C1 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!DelayLoadFailureHook + 7C 77FC6C11 1 Byte [ 08 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!DelayLoadFailureHook + 83 77FC6C18 58 Bytes [ 8B, FF, 55, 8B, EC, 51, 83, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!DelayLoadFailureHook + BE 77FC6C53 94 Bytes [ 55, 8B, EC, 56, 33, F6, 39, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHCreateStreamWrapper + B 77FC7B36 3 Bytes [ 6F, 00, 66 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHCreateStreamWrapper + F 77FC7B3A 29 Bytes [ 74, 00, 5C, 00, 57, 00, 69, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHCreateStreamWrapper + 2D 77FC7B58 19 Bytes [ 6E, 00, 74, 00, 56, 00, 65, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHCreateStreamWrapper + 41 77FC7B6C 3 Bytes [ 45, 00, 78 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHCreateStreamWrapper + 45 77FC7B70 15 Bytes [ 70, 00, 6C, 00, 6F, 00, 72, ... ]
.text ...
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F110F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, 7F, E2 ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!TranslateNameA + FFFF502D 77FE1185 1 Byte [ 08 ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!TranslateNameA + FFFF5030 77FE1188 5 Bytes [ 7C, D1, 00, 00, 38 ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!TranslateNameA + FFFF5038 77FE1190 2 Bytes [ 00, 00 ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!TranslateNameA + FFFF503C 77FE1194 1 Byte [ 00 ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!TranslateNameA + FFFF5040 77FE1198 1 Byte [ 00 ]
.text ...
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!GetUserNameExW + 29 77FE1C99 8 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!GetUserNameExW + 33 77FE1CA3 17 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!GetUserNameExW + 46 77FE1CB6 11 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!GetUserNameExW + 53 77FE1CC3 5 Bytes [ 00, 00, 00, 00, 00 ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!GetUserNameExW + 59 77FE1CC9 11 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text ...
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!GetUserNameExA + 11 77FE1DDB 31 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!GetUserNameExA + 32 77FE1DFC 33 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!GetUserNameExA + 55 77FE1E1F 36 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!GetUserNameExA + 7C 77FE1E46 22 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!GetUserNameExA + 93 77FE1E5D 32 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text ...
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!CredMarshalTargetInfo + 8A 77FE1F79 17 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!CredMarshalTargetInfo + 9D 77FE1F8C 29 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!CredMarshalTargetInfo + BB 77FE1FAA 52 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!CredMarshalTargetInfo + F0 77FE1FDF 87 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!CredMarshalTargetInfo + 148 77FE2037 235 Bytes [ 00, 10, FE, 90, 7C, FD, 49, ... ]
.text ...
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!LsaFreeReturnBuffer + 1C 77FE217C 6 Bytes [ 70, D3, 90, 7C, 00, 00 ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!LsaFreeReturnBuffer + 23 77FE2183 15 Bytes [ 00, 00, 00, 00, 00, F1, 5B, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!LsaCallAuthenticationPackage + B 77FE2193 47 Bytes [ 00, 01, 00, 00, 00, 4C, 00, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!LsaCallAuthenticationPackage + 3B 77FE21C3 8 Bytes [ 00, B6, A2, 00, 00, EC, 8B, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!LsaCallAuthenticationPackage + 44 77FE21CC 110 Bytes [ AD, 8B, 00, 00, 60, A3, 00, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!LsaCallAuthenticationPackage + B3 77FE223B 4 Bytes [ 00, 93, 4E, 00 ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!LsaCallAuthenticationPackage + B8 77FE2240 82 Bytes [ 85, 7C, 00, 00, 1F, A2, 00, ... ]
.text ...
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!FreeContextBuffer + 17 77FE2895 312 Bytes [ 4D, 61, 6B, 65, 53, 69, 67, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!FreeContextBuffer + 150 77FE29CE 52 Bytes [ 53, 61, 73, 6C, 47, 65, 74, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!FreeContextBuffer + 185 77FE2A03 383 Bytes [ 69, 66, 79, 50, 61, 63, 6B, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!EnumerateSecurityPackagesW + 16D 77FE2B83 8 Bytes [ 00, 8B, 75, 10, 8B, 7D, 08, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!EnumerateSecurityPackagesW + 176 77FE2B8C 160 Bytes [ 75, 0C, FF, 77, 0C, FF, 15, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!FreeCredentialsHandle + 9C 77FE2C2D 23 Bytes [ FF, FF, 89, 45, F8, 8D, 45, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!FreeCredentialsHandle + B5 77FE2C46 139 Bytes [ 59, 5F, 5E, 5B, C9, 51, C3, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!FreeCredentialsHandle + 142 77FE2CD3 1 Byte [ 0C ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!FreeCredentialsHandle + 14E 77FE2CDF 59 Bytes [ 81, EC, 04, 01, 00, 00, 56, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!DeleteSecurityContext + E 77FE2D1B 7 Bytes [ FF, 8B, 47, 04, 89, 85, 2C ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!DeleteSecurityContext + 17 77FE2D24 2 Bytes [ FF, 8D ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!DeleteSecurityContext + 1A 77FE2D27 23 Bytes [ FC, FE, FF, FF, 50, 50, FF, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!DeleteSecurityContext + 32 77FE2D3F 15 Bytes [ FF, 34, 00, 89, B5, 00, FF, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!DeleteSecurityContext + 42 77FE2D4F 19 Bytes [ 85, 14, FF, FF, FF, 1F, 00, ... ]
.text ...
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!AcquireCredentialsHandleW + 53 77FE3156 106 Bytes [ 00, 5D, C2, 0C, 00, 90, 90, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!AcquireCredentialsHandleW + BE 77FE31C1 6 Bytes [ 00, 00, 66, C7, 85, 58 ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!AcquireCredentialsHandleW + C5 77FE31C8 8 Bytes [ FF, FF, 20, 00, 66, C7, 85, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!AcquireCredentialsHandleW + CE 77FE31D1 29 Bytes [ FF, FF, A8, 00, 75, 43, 8D, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!AcquireCredentialsHandleW + EC 77FE31EF 186 Bytes [ 8B, 55, 88, 89, 11, 8B, 4D, ... ]
.text ...
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!MakeSignature + 6A 77FE3341 103 Bytes [ 15, 2C, 11, FE, 77, 5F, 5E, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!VerifySignature + 1E 77FE33A9 27 Bytes [ 55, 8B, EC, 83, 25, 44, E0, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!VerifySignature + 3A 77FE33C5 117 Bytes [ D6, A3, 90, E0, FE, 77, FF, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!LsaLogonUser + 63 77FE343B 64 Bytes [ 15, 18, 11, FE, 77, B8, 4C, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!LsaLogonUser + A5 77FE347D 2 Bytes [ 43, 4D ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!LsaLogonUser + A9 77FE3481 260 Bytes [ 33, C0, A3, 18, E1, FE, 77, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!QueryCredentialsAttributesW + BE 77FE3586 58 Bytes [ 00, 00, 83, 7D, FC, 00, 8B, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!QueryCredentialsAttributesW + F9 77FE35C1 58 Bytes [ 53, 56, 68, B0, E0, FE, 77, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!QueryCredentialsAttributesW + 134 77FE35FC 53 Bytes [ 77, 3B, C3, A3, 44, E0, FE, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!QueryCredentialsAttributesW + 16A 77FE3632 78 Bytes [ 15, 3C, 11, FE, 77, 8B, C6, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!QueryCredentialsAttributesW + 1B9 77FE3681 46 Bytes [ FF, FF, 8C, 00, 00, 00, F3, ... ]
.text ...
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!QuerySecurityPackageInfoW + 92 77FE38FE 33 Bytes [ 00, A1, E4, E0, FE, 77, 89, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!QuerySecurityPackageInfoW + B4 77FE3920 23 Bytes [ EC, 8B, 45, 08, 8B, C8, 81, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!QuerySecurityPackageInfoW + CC 77FE3938 38 Bytes [ C0, 3B, C1, 0F, 8E, B7, 45, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!QuerySecurityPackageInfoW + F3 77FE395F 13 Bytes [ C0, 74, 19, 3D, 08, 04, 00, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!QuerySecurityPackageInfoW + 101 77FE396D 37 Bytes [ 85, C0, 0F, 85, 26, 47, 00, ... ]
.text ...
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!LsaRegisterPolicyChangeNotification + 28 77FE4AE5 57 Bytes [ 90, 8B, FF, 55, 8B, EC, 83, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!LsaRegisterPolicyChangeNotification + 62 77FE4B1F 43 Bytes [ C0, 0F, 85, 4D, 36, 00, 00, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!LsaRegisterPolicyChangeNotification + 8E 77FE4B4B 15 Bytes [ D6, 83, F8, 02, 0F, 84, F0, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!LsaRegisterPolicyChangeNotification + 9E 77FE4B5B 22 Bytes [ E6, 26, 00, 00, 3B, C3, 0F, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!LsaRegisterPolicyChangeNotification + B6 77FE4B73 4 Bytes [ 03, C0, 50, 53 ]
.text ...
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!LsaLookupAuthenticationPackage + 2 77FE4B9C 72 Bytes [ 75, FC, FF, D6, FF, 75, FC, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!LsaLookupAuthenticationPackage + 4B 77FE4BE5 16 Bytes [ 45, F4, EB, E6, 90, 90, 90, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!LsaLookupAuthenticationPackage + 5C 77FE4BF6 53 Bytes [ 65, 00, 63, 00, 75, 00, 72, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!LsaLookupAuthenticationPackage + 92 77FE4C2C 21 Bytes [ 72, 00, 65, 00, 6E, 00, 74, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!LsaLookupAuthenticationPackage + A8 77FE4C42 35 Bytes [ 53, 00, 65, 00, 74, 00, 5C, ... ]
.text ...
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!LsaRegisterLogonProcess + 9 77FE4D18 1 Byte [ 43 ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!LsaRegisterLogonProcess + B 77FE4D1A 39 Bytes [ 61, 00, 70, 00, 61, 00, 62, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!LsaRegisterLogonProcess + 33 77FE4D42 18 Bytes [ 00, 00, 4E, 00, 61, 00, 6D, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!LsaRegisterLogonProcess + 46 77FE4D55 11 Bytes [ 55, 8B, EC, 56, 8B, 75, 0C, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!LsaRegisterLogonProcess + 52 77FE4D61 34 Bytes [ 50, 6A, 00, FF, 15, BC, 10, ... ]
.text ...
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!LsaConnectUntrusted + 49 77FE4EDC 18 Bytes [ 5F, 5E, C9, C3, 90, 90, 90, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!LsaConnectUntrusted + 5C 77FE4EEF 47 Bytes [ 39, 45, 08, 0F, 82, F9, 3B, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!LsaConnectUntrusted + 8C 77FE4F1F 16 Bytes [ 15, B8, 10, FE, 77, E9, 79, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!LsaConnectUntrusted + 9D 77FE4F30 21 Bytes [ 55, 8B, EC, 81, EC, 34, 02, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!LsaConnectUntrusted + B3 77FE4F46 3 Bytes [ 85, E4, FD ]
.text ...
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!AcceptSecurityContext + 36 77FE5387 160 Bytes [ 8D, 45, F8, 50, 53, 68, DC, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!AcceptSecurityContext + D7 77FE5428 143 Bytes [ 11, FE, 77, A1, 00, 11, FE, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!QueryContextAttributesW + 7A 77FE54B9 29 Bytes [ EB, D9, 33, C0, EB, EE, 90, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!QueryContextAttributesW + 98 77FE54D7 61 Bytes [ 77, 8B, 0D, 50, E0, FE, 77, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!QueryContextAttributesW + D7 77FE5516 80 Bytes [ 57, FF, 15, 10, 11, FE, 77, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!RevertSecurityContext + 4 77FE5567 5 Bytes [ 34, B0, EB, E7, 8B ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!RevertSecurityContext + A 77FE556D 45 Bytes [ 84, 89, 45, F4, 8B, 45, 88, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!RevertSecurityContext + 38 77FE559B 66 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!RevertSecurityContext + 7B 77FE55DE 1 Byte [ 56 ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!RevertSecurityContext + 7D 77FE55E0 43 Bytes [ 35, BC, 10, FE, 77, FF, D6, ... ]
.text ...
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!InitializeSecurityContextW + B 77FE5BDE 8 Bytes [ FF, FF, 00, 83, A5, 5C, FF, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!InitializeSecurityContextW + 14 77FE5BE7 11 Bytes [ 00, 83, C4, 0C, 85, C0, 66, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!InitializeSecurityContextW + 20 77FE5BF3 8 Bytes [ FF, 90, 00, 66, C7, 85, 5A, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!InitializeSecurityContextW + 29 77FE5BFC 47 Bytes [ FF, A8, 00, 75, 2B, 8D, 85, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!InitializeSecurityContextW + 59 77FE5C2C 55 Bytes [ 8D, 8D, 58, FF, FF, FF, 51, ... ]
.text ...
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!SecCacheSspiPackages + 2 77FE5F56 23 Bytes [ FF, FF, 50, C7, 85, 5C, FF, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!SecCacheSspiPackages + 1A 77FE5F6E 5 Bytes [ FF, FF, C7, 85, 64 ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!SecCacheSspiPackages + 21 77FE5F75 41 Bytes [ FF, 8C, 00, 00, 00, FF, D6, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!SecCacheSspiPackages + 4B 77FE5F9F 47 Bytes [ FF, FF, FF, 15, 78, 11, FE, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!SecCacheSspiPackages + 7B 77FE5FCF 41 Bytes [ 8B, 1D, 1C, 11, FE, 77, BF, ... ]
.text ...
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!InitSecurityInterfaceA + 6A 77FE6AA6 8 Bytes [ 85, 4C, FF, FF, FF, 8B, 7B, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!InitSecurityInterfaceA + 73 77FE6AAF 29 Bytes [ 75, FC, 8D, 0C, 40, C1, E1, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!InitSecurityInterfaceA + 91 77FE6ACD 30 Bytes [ 85, 54, FF, FF, FF, 8B, 4D, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!InitSecurityInterfaceA + B0 77FE6AEC 100 Bytes [ 8D, 44, FF, FF, FF, 89, 48, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!InitSecurityInterfaceA + 115 77FE6B51 133 Bytes [ 42, 83, C0, 0C, 3B, 95, 30, ... ]
.text ...
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!LsaDeregisterLogonProcess + 2 77FE7C87 6 Bytes [ 83, A5, 38, FF, FF, FF ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!LsaDeregisterLogonProcess + 9 77FE7C8E 10 Bytes [ 83, A5, 34, FF, FF, FF, 00, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!LsaDeregisterLogonProcess + 15 77FE7C9A 2 Bytes [ 66, C7 ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!LsaDeregisterLogonProcess + 18 77FE7C9D 40 Bytes [ 1C, FF, FF, FF, 00, 01, E9, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!LsaDeregisterLogonProcess + 41 77FE7CC6 17 Bytes [ FF, A1, 14, E4, FE, 77, E9, ... ]
.text ...
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!CredUnmarshalTargetInfo + 2 77FE8556 64 Bytes [ 89, 85, D8, FD, FF, FF, 51, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!CredUnmarshalTargetInfo + 43 77FE8597 97 Bytes [ 4D, F8, 89, 45, F8, 56, 89, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!CredUnmarshalTargetInfo + A5 77FE85F9 124 Bytes [ 84, 65, C2, FF, FF, 8B, 46, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!CredUnmarshalTargetInfo + 122 77FE8676 107 Bytes [ C3, F7, D8, 1B, C0, 5E, 23, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!CredUnmarshalTargetInfo + 18E 77FE86E2 86 Bytes [ C4, 33, C0, 8B, F9, AB, AB, ... ]
.text ...
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!GetSecurityUserInfo + A 77FE8AF1 97 Bytes [ B8, 0D, 00, 00, C0, E9, 16, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!SecGetLocaleSpecificEncryptionRules + 5C 77FE8B53 84 Bytes [ F8, FF, 15, 4C, 10, FE, 77, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!SecGetLocaleSpecificEncryptionRules + B1 77FE8BA8 33 Bytes [ 5C, 00, 4D, 00, 69, 00, 63, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!AddSecurityPackageW + 1D 77FE8BCA 53 Bytes [ 67, 00, 72, 00, 61, 00, 70, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!AddSecurityPackageA + 14 77FE8C00 7 Bytes [ 00, 00, 90, 90, 72, 00, 70 ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!AddSecurityPackageA + 1C 77FE8C08 1 Byte [ 63 ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!AddSecurityPackageA + 1E 77FE8C0A 42 Bytes [ 72, 00, 74, 00, 34, 00, 2E, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!AddSecurityPackageA + 49 77FE8C35 9 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!AddSecurityPackageA + 53 77FE8C3F 12 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!DeleteSecurityPackageA + 8 77FE8C4C 107 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!DeleteSecurityPackageA + 74 77FE8CB8 106 Bytes [ FF, A8, 00, 75, 13, 8D, 85, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!DeleteSecurityPackageA + DF 77FE8D23 36 Bytes [ 00, 57, 33, C0, 6A, 2C, 59, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!DeleteSecurityPackageA + 104 77FE8D48 56 Bytes [ 8B, 45, 10, 3B, C3, 66, C7, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!DeleteSecurityPackageA + 13E 77FE8D82 10 Bytes [ 8B, 48, 04, 89, 8D, 2C, FF, ... ]
.text ...
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!SecInitUserModeContext + 7 77FE9F8E 80 Bytes [ 4D, 0C, 8B, 36, 8D, 44, 01, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!SecDeleteUserModeContext + B 77FE9FDF 16 Bytes [ 7F, 66, 83, 65, F4, 00, 6A, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!SecDeleteUserModeContext + 1D 77FE9FF1 2 Bytes [ 08, 11 ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!SecDeleteUserModeContext + 21 77FE9FF5 111 Bytes [ 0F, B7, 45, F4, 8B, 36, 83, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!SecDeleteUserModeContext + 91 77FEA065 21 Bytes [ 00, 8D, 4C, 11, 02, 3B, C6, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!SecDeleteUserModeContext + A7 77FEA07B 48 Bytes [ D0, 85, D2, 89, 55, FC, 75, ... ]
.text ...
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!LsaGetLogonSessionData + 2 77FEA240 29 Bytes [ 8B, C7, 5F, C9, C2, 04, 00, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!LsaGetLogonSessionData + 20 77FEA25E 5 Bytes [ FA, 0F, B7, C0, 50 ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!LsaGetLogonSessionData + 26 77FEA264 2 Bytes [ E3, A6 ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!LsaGetLogonSessionData + 2C 77FEA26A 32 Bytes [ 89, 45, FC, 74, 23, 66, 83, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!LsaGetLogonSessionData + 53 77FEA291 14 Bytes [ FF, 33, C0, 5E, C9, C2, 04, ... ]
.text ...
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!AddCredentialsW + 19 77FEA2CF 85 Bytes [ C0, 74, 24, 80, 38, 00, 74, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!AddCredentialsA + 1A 77FEA325 51 Bytes [ 75, 20, FF, 75, 1C, FF, 75, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!AddCredentialsA + 4E 77FEA359 42 Bytes [ D6, 85, FF, 7C, 0E, 8B, 4D, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!ApplyControlToken + 24 77FEA384 33 Bytes [ 7D, 0E, 57, FF, 15, F0, 10, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!EnumerateSecurityPackagesA 77FEA3A7 3 Bytes [ 90, 90, 90 ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!EnumerateSecurityPackagesA + 4 77FEA3AB 12 Bytes [ FF, 55, 8B, EC, 83, EC, 18, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!EnumerateSecurityPackagesA + 11 77FEA3B8 89 Bytes [ 0A, BE, 0D, 00, 00, D0, E9, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!CompleteAuthToken + 1E 77FEA412 5 Bytes [ 75, 20, 89, 4D, F0 ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!CompleteAuthToken + 24 77FEA418 5 Bytes [ 75, 1C, FF, 75, 18 ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!CompleteAuthToken + 2B 77FEA41F 9 Bytes [ 14, 50, 8D, 45, F8, 50, 8D, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!QuerySecurityContextToken + 2 77FEA43D 172 Bytes [ 35, 90, E0, FE, 77, FF, 15, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!SetContextAttributesW + E 77FEA4EB 35 Bytes [ 20, C7, 45, 10, 10, 00, 00, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!SetContextAttributesW + 32 77FEA50F 49 Bytes [ 8B, 35, 4C, 11, FE, 77, 8B, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!SetContextAttributesA + 2 77FEA541 9 Bytes [ 7D, 0E, 57, FF, 15, F0, 10, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!SetContextAttributesA + D 77FEA54C 261 Bytes [ 15, 38, 10, FE, 77, 68, 04, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!DecryptMessage + 8 77FEA652 39 Bytes [ FF, 35, 90, E0, FE, 77, FF, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!DecryptMessage + 30 77FEA67A 12 Bytes [ FF, 5E, C9, C2, 08, 00, 90, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!DecryptMessage + 3D 77FEA687 74 Bytes [ 55, 8B, EC, 56, 8B, 75, 0C, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!ExportSecurityContext + 3A 77FEA6D3 1 Byte [ 08 ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!ExportSecurityContext + 3C 77FEA6D5 1 Byte [ 45 ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!ExportSecurityContext + 3E 77FEA6D7 32 Bytes [ 50, FF, 15, 64, 11, FE, 77, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!ImportSecurityContextW + 2 77FEA6F8 26 Bytes [ F6, 05, 43, E0, FE, 77, 20, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!ImportSecurityContextW + 1E 77FEA714 6 Bytes [ 15, F0, 10, FE, 77, 50 ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!ImportSecurityContextW + 25 77FEA71B 42 Bytes [ 15, 38, 10, FE, 77, 68, 04, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!ImportSecurityContextW + 50 77FEA746 30 Bytes [ 85, C0, 75, 07, BE, 01, 03, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!ImportSecurityContextW + 6F 77FEA765 43 Bytes [ FF, D0, 8B, F0, EB, 05, BE, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!ImportSecurityContextA + 20 77FEA791 28 Bytes [ 00, 90, 90, 90, 90, 90, 8B, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!ImportSecurityContextA + 3D 77FEA7AE 13 Bytes [ 3B, C7, 75, 07, BE, 01, 03, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!ImportSecurityContextA + 4B 77FEA7BC 10 Bytes [ E3, FE, 77, 74, 12, 68, 5B, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!ImportSecurityContextA + 56 77FEA7C7 6 Bytes [ 15, 38, 10, FE, 77, B8 ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!ImportSecurityContextA + 5D 77FEA7CE 11 Bytes [ 03, 09, 80, EB, 63, 8B, 40, ... ]
.text ...
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!AcquireCredentialsHandleA + 1B 77FEA807 46 Bytes [ FC, 6A, FF, FF, 15, EC, 10, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!InitializeSecurityContextA + 1A 77FEA836 21 Bytes [ 5F, 5E, C9, C2, 08, 00, 90, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!InitializeSecurityContextA + 30 77FEA84C 22 Bytes [ 39, 3D, 58, E3, FE, 77, 89, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!InitializeSecurityContextA + 48 77FEA864 78 Bytes [ 00, FF, 15, 38, 10, FE, 77, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!InitializeSecurityContextA + 97 77FEA8B3 136 Bytes [ 45, DC, 8B, 46, 04, 89, 45, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!InitializeSecurityContextA + 121 77FEA93D 23 Bytes [ F0, 8B, 40, 64, 3B, C7, 74, ... ]
.text ...
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!SaslEnumerateProfilesA 77FEADF8 3 Bytes [ 90, 90, 90 ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!SaslEnumerateProfilesA + 4 77FEADFC 40 Bytes [ FF, 55, 8B, EC, 83, 3D, 58, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!SaslGetProfilePackageA + D 77FEAE25 32 Bytes [ FF, 85, C0, 75, 07, BE, 01, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!SaslGetProfilePackageW + 2 77FEAE46 25 Bytes [ EB, 42, 8B, 40, 64, 85, C0, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!SaslGetProfilePackageW + 1C 77FEAE60 126 Bytes [ 76, 04, FF, D0, 8B, F0, EB, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!SaslGetProfilePackageW + 9B 77FEAEDF 16 Bytes [ EB, 42, 8B, 40, 64, 85, C0, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!SaslGetProfilePackageW + AC 77FEAEF0 5 Bytes [ 75, 14, FF, 75, 10 ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!SaslGetProfilePackageW + B3 77FEAEF7 20 Bytes [ 0C, FF, 76, 04, FF, D0, 8B, ... ]
.text ...
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!SaslIdentifyPackageW + 32 77FEB1A0 17 Bytes [ 43, 64, 85, C0, 74, 23, 8B, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!SaslIdentifyPackageW + 44 77FEB1B2 147 Bytes [ 04, 51, FF, 75, 10, FF, 75, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!SaslIdentifyPackageW + 102 77FEB270 8 Bytes [ 55, FC, 89, 11, C9, C2, 08, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!SaslIdentifyPackageW + 10D 77FEB27B 21 Bytes [ 90, 90, 8B, FF, 55, 8B, EC, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!SaslIdentifyPackageW + 123 77FEB291 227 Bytes [ 75, 24, FF, 75, 20, FF, 75, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!SaslInitializeSecurityContextW + 8E 77FEB375 23 Bytes [ FF, 8B, F0, 85, F6, 74, 1C, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!SaslInitializeSecurityContextW + A6 77FEB38D 83 Bytes [ 46, 60, 8D, 4D, F8, 51, FF, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!SaslInitializeSecurityContextW + FA 77FEB3E1 14 Bytes [ FF, FF, 75, 0C, 50, E8, 0C, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!SaslInitializeSecurityContextA 77FEB3F0 21 Bytes [ 90, 90, 90, 90, 8B, FF, 55, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!SaslInitializeSecurityContextA + 16 77FEB406 2 Bytes [ 7D, 85 ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!SaslInitializeSecurityContextA + 1E 77FEB40E 16 Bytes [ 74, 1C, 56, FF, 35, 8C, E0, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!SaslInitializeSecurityContextA + 2F 77FEB41F 28 Bytes [ 0C, 8B, 46, 60, 8D, 4D, F8, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!SaslInitializeSecurityContextA + 4C 77FEB43C 108 Bytes [ FF, 55, 8B, EC, 51, 51, 56, ... ]
.text ...
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!SaslAcceptSecurityContext + 1 77FEB4FA 90 Bytes [ 46, 5C, 83, 38, 02, 72, 28, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!SaslAcceptSecurityContext + 5C 77FEB555 114 Bytes [ 8B, F0, 85, F6, 74, 37, 8B, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!SaslAcceptSecurityContext + CF 77FEB5C8 229 Bytes [ 35, 8C, E0, FE, 77, FF, 15, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!SaslAcceptSecurityContext + 1B5 77FEB6AE 101 Bytes [ FF, 8B, F0, 85, F6, 74, 32, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!SaslAcceptSecurityContext + 21C 77FEB715 1 Byte [ 08 ]
.text ...
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!SecpFreeMemory + 2B 77FEB7B3 14 Bytes [ FF, 15, 7C, 10, FE, 77, 8B, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!SecpFreeMemory + 3A 77FEB7C2 4 Bytes [ 10, FF, 75, 0C ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!SecpFreeMemory + 3F 77FEB7C7 44 Bytes [ 75, 08, FF, 50, 54, EB, 05, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!SecpFreeMemory + 6C 77FEB7F4 27 Bytes [ 75, 28, FF, 75, 24, FF, 75, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!SecpFreeMemory + 88 77FEB810 13 Bytes [ 89, FF, FF, 5D, C2, 24, 00, ... ]
.text ...
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!SecpTranslateNameEx + 17 77FEBB25 5 Bytes [ 8B, 85, 68, FF, FF ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!SecpTranslateNameEx + 1D 77FEBB2B 8 Bytes [ 39, 06, 73, 16, C7, 85, 78, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!SecpTranslateNameEx + 27 77FEBB35 19 Bytes [ 00, 03, 09, 80, EB, 0A, C7, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!SecpTranslateNameEx + 3B 77FEBB49 18 Bytes [ FF, FF, 00, 0F, 8C, 87, 00, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!SecpTranslateNameEx + 4E 77FEBB5C 21 Bytes [ FF, FF, 8B, BD, 74, FF, FF, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!SecpTranslateName + D 77FEBB72 46 Bytes [ FF, 83, E1, 03, F3, A4, 03, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!SecpTranslateName + 3C 77FEBBA1 11 Bytes [ 8D, 5C, FF, FF, FF, 8B, B5, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!SecpTranslateName + 48 77FEBBAD 90 Bytes [ 3C, 02, 8B, C1, C1, E9, 02, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!SecpTranslateName + A3 77FEBC08 21 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!SecpTranslateName + B9 77FEBC1E 29 Bytes [ C6, 45, FC, 01, 74, 04, C6, ... ]
.text ...
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!GetComputerObjectNameW + 26 77FEBEFA 11 Bytes [ 15, BC, 10, FE, 77, 8B, D8, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!GetComputerObjectNameW + 32 77FEBF06 5 Bytes [ 75, FC, E8, 53, 72 ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!GetComputerObjectNameW + 39 77FEBF0D 82 Bytes [ BE, 00, 03, 09, 80, EB, 76, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!GetComputerObjectNameW + 8C 77FEBF60 2 Bytes [ 1B, 57 ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!GetComputerObjectNameW + F9 77FEBFCD 10 Bytes [ 32, 8A, 1E, 46, 89, 32, FF, ... ]
.text ...
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!GetComputerObjectNameA + 45 77FEC0EB 79 Bytes [ 0F, 3B, C1, 7C, 13, 85, C9, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!GetComputerObjectNameA + 95 77FEC13B 6 Bytes [ 90, 90, 90, 90, 90, 8B ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!GetComputerObjectNameA + 9C 77FEC142 84 Bytes [ 55, 8B, EC, 51, 83, 65, FC, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!TranslateNameA + 3F 77FEC197 239 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!TranslateNameA + 12F 77FEC287 85 Bytes [ 57, 74, 1D, BF, CC, E0, FE, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!TranslateNameA + 185 77FEC2DD 70 Bytes [ FF, 5D, C2, 04, 00, 90, 90, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!TranslateNameA + 1CC 77FEC324 22 Bytes [ C0, 7C, 1B, 8B, 4E, 20, 8B, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!TranslateNameA + 203 77FEC35B 5 Bytes [ 75, 24, FF, 75, 20 ]
.text ...
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F040F5A
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!CreateProcessInternalWSecure + FFF80F2D 7C801625 14 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!DeviceIoControl + C 7C801635 6 Bytes [ 00, 00, 00, 00, 00, 00 ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!DeviceIoControl + 14 7C80163D 3 Bytes [ 00, 00, 00 ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!DeviceIoControl + 19 7C801642 1 Byte [ 00 ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!DeviceIoControl + 1B 7C801644 40 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!DeviceIoControl + 46 7C80166F 9 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetSystemTime + B 7C80177A 8 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetSystemTime + 14 7C801783 8 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetSystemTime + 1D 7C80178C 87 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetSystemTime + 75 7C8017E4 12 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetSystemTimeAsFileTime + 8 7C8017F1 5 Bytes [ 00, 00, 00, 00, 00 ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetSystemTimeAsFileTime + E 7C8017F7 5 Bytes [ 00, 00, 00, 00, 00 ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetSystemTimeAsFileTime + 14 7C8017FD 15 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetSystemTimeAsFileTime + 24 7C80180D 15 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!ReadFile + C 7C80181E 14 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!ReadFile + 1D 7C80182F 13 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!ReadFile + 2C 7C80183E 7 Bytes [ 00, 00, 00, 00, 00, 00, 00 ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!ReadFile + 35 7C801847 9 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!ReadFile + 40 7C801852 14 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!CreateFileA + D 7C801A35 28 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!CreateFileA + 2B 7C801A53 3 Bytes [ 00, 00, 00 ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!CreateFileA + 2F 7C801A57 56 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!VirtualProtectEx + 2F 7C801A90 3 Bytes [ 00, 00, 00 ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!VirtualProtectEx + 34 7C801A95 19 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!VirtualProtectEx + 48 7C801AA9 32 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!VirtualProtectEx + 6A 7C801ACB 36 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!VirtualProtect + 1C 7C801AF0 15 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!LoadLibraryExW + C 7C801B01 23 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!LoadLibraryExW + 26 7C801B1B 6 Bytes [ 00, 00, 00, 00, 00, 00 ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!LoadLibraryExW + 2F 7C801B24 24 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!LoadLibraryExW + 49 7C801B3E 27 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!LoadLibraryExW + 66 7C801B5B 24 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!LoadLibraryExA + D 7C801D60 21 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!LoadLibraryExA + 23 7C801D76 13 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!LoadLibraryA + 9 7C801D84 25 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!LoadLibraryA + 23 7C801D9E 1 Byte [ 00 ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!LoadLibraryA + 25 7C801DA0 13 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!LoadLibraryA + 33 7C801DAE 3 Bytes [ 00, 00, 00 ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!LoadLibraryA + 39 7C801DB4 6 Bytes [ 00, 00, 00, 00, 00, 00 ]
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!TerminateProcess + 9 7C801E23 7 Bytes [ 00, 00, 00, 00, 00, 00, 00 ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!TerminateProcess + 12 7C801E2C 27 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!TerminateProcess + 2F 7C801E49 5 Bytes [ 00, 00, 00, 00, 00 ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!TerminateProcess + 35 7C801E4F 13 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetStartupInfoW + B 7C801E5F 10 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetStartupInfoW + 16 7C801E6A 1 Byte [ 00 ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetStartupInfoW + 1A 7C801E6E 3 Bytes [ 00, 00, 00 ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetStartupInfoW + 20 7C801E74 79 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetStartupInfoW + 72 7C801EC6 7 Bytes [ 00, 00, 00, 00, 00, 00, 00 ]
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetStartupInfoA + C 7C801EFE 3 Bytes [ 00, 00, 00 ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetStartupInfoA + 12 7C801F04 26 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetStartupInfoA + 2F 7C801F21 7 Bytes [ 00, 00, 00, 00, 00, 00, 00 ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetStartupInfoA + 38 7C801F2A 192 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetStartupInfoA + FA 7C801FEC 79 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!ReadProcessMemory + D 7C8021DD 49 Bytes JMP 06EE7C91
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!ReadProcessMemory + 3F 7C80220F 3 Bytes [ 7C, 30, D6 ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!WriteProcessMemory 7C802213 20 Bytes [ 7C, 50, D5, 90, 7C, A0, D0, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!WriteProcessMemory + 15 7C802228 535 Bytes [ 50, D7, 90, 7C, 5A, 13, 91, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!SleepEx + A0 7C802440 2 Bytes [ 20, DB ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!SleepEx + A3 7C802443 27 Bytes [ 7C, 70, CF, 90, 7C, 2D, 06, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!Sleep + 19 7C80245F 12 Bytes [ 7C, C0, D7, 90, 7C, 10, D9, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!Sleep + 26 7C80246C 2 Bytes [ 60, D5 ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!Sleep + 29 7C80246F 3 Bytes [ 7C, 80, D7 ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!Sleep + 2D 7C802473 3 Bytes [ 7C, 60, DE ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!Sleep + 31 7C802477 59 Bytes [ 7C, 71, 46, 91, 7C, A8, B0, ... ]
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!ReleaseMutex 7C8024B7 115 Bytes [ 7C, C0, D5, 90, 7C, 00, DA, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!ReleaseMutex + 74 7C80252B 3 Bytes [ 7C, A0, DF ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!ReleaseMutex + 78 7C80252F 34 Bytes [ 7C, 03, 32, 93, 7C, AA, 15, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!WaitForSingleObjectEx + 2 7C802552 143 Bytes [ 93, 7C, 79, E6, 95, 7C, AA, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!WaitForSingleObjectEx + 92 7C8025E2 36 Bytes JMP 78FCB5FD
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!WaitForSingleObjectEx + B7 7C802607 12 Bytes [ 7C, 49, 48, 92, 7C, 4A, 68, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!WaitForSingleObjectEx + C4 7C802614 2 Bytes [ 30, D7 ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!WaitForSingleObjectEx + C7 7C802617 29 Bytes [ 7C, 78, FB, 96, 7C, A5, AB, ... ]
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetTickCount + 3C 7C80936A 73 Bytes [ 53, 65, 74, 45, 6E, 64, 4F, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetTickCount + 86 7C8093B4 3 Bytes [ 53, 65, 74 ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetTickCount + 8A 7C8093B8 4 Bytes [ 76, 65, 6E, 74 ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetTickCount + 8F 7C8093BD 140 Bytes [ 53, 65, 74, 46, 69, 6C, 65, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!CreateFileMappingW + 2A 7C80944A 393 Bytes [ 53, 65, 74, 46, 69, 6C, 65, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!WaitForMultipleObjectsEx + 18 7C8095D4 153 Bytes [ 53, 65, 74, 50, 72, 6F, 63, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!WaitForMultipleObjectsEx + B2 7C80966E 199 Bytes [ 53, 65, 74, 53, 79, 73, 74, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!SetWaitableTimer + AD 7C809736 60 Bytes [ 53, 65, 74, 54, 68, 72, 65, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!SetWaitableTimer + EA 7C809773 139 Bytes [ 53, 65, 74, 54, 69, 6D, 65, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!InterlockedIncrement + 9 7C8097FF 106 Bytes [ 53, 65, 74, 56, 6F, 6C, 75, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!MulDiv + 14 7C80986A 20 Bytes [ 53, 69, 7A, 65, 6F, 66, 52, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!MulDiv + 29 7C80987F 236 Bytes [ 53, 6C, 65, 65, 70, 45, 78, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!MulDiv + 116 7C80996C 71 Bytes [ 53, 65, 74, 56, 61, 6C, 75, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetCurrentProcessId + 4 7C8099B4 24 Bytes [ 54, 72, 69, 6D, 56, 69, 72, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!LocalFree + E 7C8099CD 16 Bytes [ 72, 43, 72, 69, 74, 69, 63, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!LocalFree + 1F 7C8099DE 104 Bytes [ 54, 7A, 53, 70, 65, 63, 69, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!LocalAlloc + 2A 7C809A47 425 Bytes [ 55, 6E, 6D, 61, 70, 56, 69, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!CloseHandle + 1A 7C809BF1 112 Bytes [ 56, 69, 72, 74, 75, 61, 6C, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!TlsSetValue + D 7C809C62 287 Bytes [ 57, 61, 69, 74, 46, 6F, 72, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!MultiByteToWideChar + FA 7C809D82 185 Bytes [ 68, 61, 72, 61, 63, 74, 65, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!MultiByteToWideChar + 1B4 7C809E3C 107 Bytes [ 53, 74, 72, 69, 6E, 67, 41, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!IsBadReadPtr + 17 7C809EA8 148 Bytes [ 57, 72, 69, 74, 65, 50, 72, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!IsBadWritePtr + 34 7C809F3D 47 Bytes [ 5F, 6C, 6F, 70, 65, 6E, 00, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!IsBadWritePtr + 64 7C809F6D 62 Bytes [ 6C, 73, 74, 72, 63, 6D, 70, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetUserDefaultLCID + C 7C809FAC 46 Bytes [ 6C, 73, 74, 72, 63, 70, 79, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetUserDefaultLCID + 3B 7C809FDB 25 Bytes [ 6C, 73, 74, 72, 6C, 65, 6E, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetUserDefaultLCID + 55 7C809FF5 155 Bytes [ 4E, 54, 44, 4C, 4C, 2E, 52, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!LoadResource + 4C 7C80A091 45 Bytes [ 64, 65, 53, 79, 73, 74, 65, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!SetEvent + 18 7C80A0BF 90 Bytes [ 4E, 54, 44, 4C, 4C, 2E, 52, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!WaitForMultipleObjects + 2D 7C80A11A 354 Bytes [ 4E, 54, 44, 4C, 4C, 2E, 52, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!WideCharToMultiByte + 119 7C80A27D 198 Bytes [ 74, 6C, 4D, 6F, 76, 65, 4D, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!WideCharToMultiByte + 1E0 7C80A344 14 Bytes [ 55, 8B, EC, 56, 57, 64, A1, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!WideCharToMultiByte + 1EF 7C80A353 193 Bytes [ F8, A1, C4, 56, 88, 7C, 85, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!CompareStringW + 27 7C80A415 44 Bytes [ C6, 5E, 5D, C2, 04, 00, 90, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!CompareStringW + 54 7C80A442 77 Bytes [ 89, 45, 10, 75, 05, BE, 00, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!CompareStringW + A2 7C80A490 61 Bytes [ 8B, 55, 14, 57, 8B, 7D, 18, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!QueryPerformanceCounter + 17 7C80A4CE 3 Bytes [ 85, CC, 39 ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!QueryPerformanceCounter + 1C 7C80A4D3 45 Bytes [ 85, F6, 0F, 8D, D9, 24, 00, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!QueryPerformanceCounter + 4A 7C80A501 9 Bytes [ 00, 00, FF, 75, 1C, 8D, B0, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!QueryPerformanceCounter + 54 7C80A50B 72 Bytes [ 00, 8D, 45, F8, 50, FF, 15, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetStringTypeW + 34 7C80A554 242 Bytes [ 89, 45, D8, FF, 75, D8, FF, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetStringTypeW + 127 7C80A647 32 Bytes [ 84, 33, A8, 03, 00, 8B, 06, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetStringTypeW + 148 7C80A668 74 Bytes [ FF, FF, FF, FF, 00, 00, 00, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!IsBadStringPtrW + 47 7C80A6B3 34 Bytes CALL 7C80A709 C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!ActivateActCtx + 2 7C80A6D6 20 Bytes [ 75, 0C, FF, 75, 08, FF, 15, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!ActivateActCtx + 17 7C80A6EB 251 Bytes [ 81, FE, 25, 00, 00, 40, 0F, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetQueuedCompletionStatus + 3A 7C80A7E7 21 Bytes [ 83, 60, 34, 00, 8B, 84, 88, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetQueuedCompletionStatus + 50 7C80A7FD 41 Bytes [ 00, 00, F0, 0F, C1, 01, 40, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetThreadPriority + 4 7C80A827 31 Bytes [ 01, F0, 0F, B1, 11, 75, FA, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetThreadPriority + 24 7C80A847 232 Bytes [ 4C, 24, 04, 8B, 44, 24, 08, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetLocalTime + CC 7C80A930 45 Bytes [ 54, 24, 0C, 73, 0B, F7, 74, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetLocalTime + FA 7C80A95E 9 Bytes [ F7, D9, 51, D1, F9, 03, C1, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetLocalTime + 104 7C80A968 166 Bytes [ 59, 3B, D1, 73, D3, F7, F1, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetLocalTime + 1AC 7C80AA10 23 Bytes [ BA, 9E, 83, 7C, CD, 9E, 83, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!lstrcmpiW + 2 7C80AA28 15 Bytes [ FF, F7, 45, 08, 8D, F0, FF, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!lstrcmpiW + 12 7C80AA38 190 Bytes [ 89, 7D, E4, F6, 45, 08, 40, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!lstrcmpW + 9B 7C80AAF7 33 Bytes [ 00, 00, 5D, C2, 10, 00, 90, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!lstrcmpW + BD 7C80AB19 13 Bytes [ FF, 75, 18, FF, 75, 14, 8D, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!lstrcmpW + CB 7C80AB27 64 Bytes [ 0C, 50, FF, 75, 08, FF, 15, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!lstrcmpW + 10C 7C80AB68 30 Bytes JMP 7C8414FC C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!lstrcmpW + 12B 7C80AB87 90 Bytes [ 00, 00, 5D, C2, 0C, 00, 90, ... ]
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetProcessHeap 7C80AC51 235 Bytes [ 90, 90, 90, 90, 8B, FF, 55, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!FindResourceExW + 25 7C80AD3D 116 Bytes [ FF, 0F, 85, F2, 21, 02, 00, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!FindResourceExW + 9A 7C80ADB2 12 Bytes [ 8C, 17, 24, 04, 00, 85, C0, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetSystemWindowsDirectoryW + 6 7C80ADBF 6 Bytes [ B6, 07, 8B, 4D, E0, 66 ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetSystemWindowsDirectoryW + D 7C80ADC6 213 Bytes [ 04, 41, 66, 89, 06, 8B, 4B, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetProcAddress + 6C 7C80AE9C 47 Bytes [ FF, A1, 3C, 50, 88, 7C, 8B, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!IsProcessorFeaturePresent + 12 7C80AECC 23 Bytes [ 8D, 46, FF, F7, D0, 8B, C8, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!LoadLibraryW + 9 7C80AEE4 15 Bytes [ 00, 83, 4D, FC, FF, 33, C0, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetVersionExW 7C80AEF5 156 Bytes [ 90, 90, 90, FF, FF, FF, FF, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetVersionExW + 9D 7C80AF92 4 Bytes [ 8C, F3, 9C, 03 ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetVersionExW + A2 7C80AF97 3 Bytes [ 5D, C2, 04 ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetVersionExW + A6 7C80AF9B 14 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetVersionExW + B6 7C80AFAB 25 Bytes [ 00, 8B, 80, 98, 0F, 00, 00, ... ]
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetDriveTypeW 7C80B360 225 Bytes [ 90, 90, 90, 90, 8B, C1, 33, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetDriveTypeW + E2 7C80B442 105 Bytes [ 83, 7A, 2C, 01, 0F, 84, 9A, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetModuleFileNameW + 47 7C80B4AC 11 Bytes [ 80, C4, 00, 00, 00, C3, 90, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetModuleFileNameW + 53 7C80B4B8 10 Bytes [ FF, 55, 8B, EC, 51, 51, 8D, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetModuleFileNameW + 5E 7C80B4C3 59 Bytes [ 75, 08, FF, 15, D8, 13, 80, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetModuleFileNameW + 9A 7C80B4FF 1 Byte [ 08 ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetModuleFileNameW + 9C 7C80B501 19 Bytes [ 83, 7D, 94, 00, 0F, 84, 29, ... ]
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetModuleFileNameA + CB 7C80B62A 78 Bytes [ 0F, B6, 02, 0F, B7, 3C, 7E, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetModuleFileNameA + 11A 7C80B679 22 Bytes [ 4D, 0C, 85, C9, 74, 41, 8B, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetModuleFileNameA + 131 7C80B690 86 Bytes [ 0F, B7, 00, 89, 45, E4, 66, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetModuleFileNameA + 188 7C80B6E7 17 Bytes [ 75, 08, 6A, 00, FF, 15, A0, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetModuleFileNameA + 19A 7C80B6F9 23 Bytes [ 33, C0, 40, 5D, C2, 08, 00, ... ]
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetModuleHandleA + 1F 7C80B750 82 Bytes [ 00, 57, FF, 75, 08, 8D, 45, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetModuleHandleA + 73 7C80B7A4 100 Bytes [ C9, C2, 10, 00, 90, 90, 90, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetFileAttributesW + 2D 7C80B809 43 Bytes [ 55, 14, 83, 22, 00, 3B, C1, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetFileAttributesW + 59 7C80B835 161 Bytes [ FF, 75, 08, FF, 15, 38, 11, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!InitializeCriticalSectionAndSpinCount + 1E 7C80B8D7 79 Bytes [ 4D, F6, 66, 89, 48, 04, 66, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!MapViewOfFileEx + 1 7C80B927 15 Bytes [ 7D, 10, 33, C9, 66, 8B, 0F, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!MapViewOfFileEx + 11 7C80B937 131 Bytes [ 75, 1C, 0F, 85, BD, 02, 00, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!MapViewOfFile + 26 7C80B9BB 22 Bytes [ 46, 46, 66, 3B, 0E, 89, 7D, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!MapViewOfFile + 3D 7C80B9D2 94 Bytes [ 46, 46, 66, 3B, 0E, 89, 7D, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!VirtualQueryEx + 1 7C80BA31 19 Bytes [ 7D, 0C, 6A, FF, 57, 6A, FF, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!VirtualQueryEx + 15 7C80BA45 42 Bytes [ FF, 85, C0, 0F, 84, B1, 1F, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!VirtualQuery + F 7C80BA70 1 Byte [ 00 ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!VirtualQuery + 11 7C80BA72 2 Bytes [ 2F, FA ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!VirtualQuery + 15 7C80BA76 38 Bytes CALL 7C80B3ED C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!lstrcpynW + 1E 7C80BA9D 106 Bytes [ 5A, 20, 89, 5D, BC, 0F, 95, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!lstrcpyW + 14 7C80BB08 78 Bytes [ 8B, 75, 1C, 66, 8B, 16, 33, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!lstrcmpi + 27 7C80BB58 3 Bytes [ A7, 61, 02 ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!lstrcmpi + 2C 7C80BB5D 166 Bytes [ 65, D8, 00, 84, D2, 0F, 84, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!OpenFileMappingA 7C80BC06 17 Bytes [ 90, 90, 6A, 28, 68, 40, AC, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!OpenFileMappingA + 12 7C80BC18 5 Bytes [ 8B, 7D, 08, 81, FF ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!OpenFileMappingA + 18 7C80BC1E 8 Bytes [ 00, 01, 00, 0F, 83, 3B, 79, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!OpenFileMappingA + 21 7C80BC27 155 Bytes [ 89, 7D, E4, 83, 4D, FC, FF, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!FindResourceW + 65 7C80BCC3 7 Bytes [ 8D, 45, FC, 50, 6A, 0C, 6A ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!FindResourceW + 6E 7C80BCCC 17 Bytes [ 15, 24, 12, 80, 7C, 8B, C6, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!FindResourceW + 80 7C80BCDE 101 Bytes [ FF, 55, 8B, EC, 51, 6A, 00, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!SizeofResource + 4B 7C80BD44 41 Bytes CALL 7C80BC06 C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!IsBadCodePtr + F 7C80BD6E 56 Bytes CALL 7C80A982 C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!IsBadCodePtr + 49 7C80BDA8 2 Bytes [ FF, FF ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!IsBadCodePtr + 4C 7C80BDAB 17 Bytes [ FF, 1E, 0F, 84, 7C, 31, 0F, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!IsBadCodePtr + 5E 7C80BDBD 58 Bytes [ EC, 0F, B7, 05, 22, 51, 88, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!IsBadCodePtr + 99 7C80BDF8 72 Bytes [ 0F, B7, 05, 20, 51, 88, 7C, ... ]
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!lstrcpy + B 7C80BE9C 24 Bytes JMP 7C80A39C C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!lstrcpy + 24 7C80BEB5 6 Bytes [ 90, 90, 90, 90, 90, 8B ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!lstrcpy + 2B 7C80BEBC 32 Bytes [ 55, 8B, EC, 8B, 45, 08, 83, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!lstrcpy + 4C 7C80BEDD 114 Bytes [ 55, 8B, EC, 6A, 00, 6A, 00, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!FindResourceA + 37 7C80BF50 19 Bytes [ 45, F4, 02, FF, 4D, F0, FF, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!FindResourceA + 4B 7C80BF64 91 Bytes [ 00, 00, 80, 7D, FD, 05, 75, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!FindResourceA + A7 7C80BFC0 39 Bytes [ FF, FF, 3B, C1, 0F, 82, 42, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetSystemDefaultLCID + 1B 7C80BFE8 1 Byte [ 00 ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetSystemDefaultLCID + 1D 7C80BFEA 173 Bytes [ 8B, 55, 10, 8B, 4D, 0C, 8B, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetStringTypeExW + 19 7C80C098 70 Bytes [ 89, 85, 74, FF, FF, FF, 8B, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetStringTypeExW + 60 7C80C0DF 24 Bytes [ FF, FF, E7, 8B, 45, 08, 33, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!ExitThread + 11 7C80C0F9 42 Bytes [ 03, 00, 23, C2, 3D, 00, 00, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!ExitThread + 3C 7C80C124 18 Bytes [ 8B, 75, F8, 66, 8B, 16, 66, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!ExitThread + 4F 7C80C137 53 Bytes [ 0F, 84, 0B, 11, 00, 00, 8B, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!ExitThread + 85 7C80C16D 281 Bytes [ 75, 0F, 0F, B7, C1, 8B, 4F, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!FreeLibraryAndExitThread + 87 7C80C287 8 Bytes [ C9, C2, 1C, 00, 42, 42, 43, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!FreeLibraryAndExitThread + 90 7C80C290 109 Bytes CALL 06713FCE
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!FreeLibraryAndExitThread + FE 7C80C2FE 112 Bytes [ 00, 46, 46, 4A, 75, D4, 8B, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!FreeLibraryAndExitThread + 170 7C80C370 130 Bytes [ 53, 8B, 5D, 08, 85, DB, 56, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!FreeLibraryAndExitThread + 1F3 7C80C3F3 39 Bytes [ FB, FF, FF, 50, 6A, 17, 6A, ... ]
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!LockResource + 2 7C80CD29 95 Bytes [ 85, C0, 0F, 8C, 79, 51, 03, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!LCMapStringW + 51 7C80CD89 26 Bytes [ 00, 90, 90, 73, 00, 54, 00, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!LCMapStringW + 6C 7C80CDA4 62 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!LCMapStringW + AC 7C80CDE4 65 Bytes [ 8B, 7D, 10, 2B, FE, D1, FF, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!LCMapStringW + EE 7C80CE26 122 Bytes [ 46, 46, 41, FF, 4D, 0C, 75, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!LCMapStringW + 169 7C80CEA1 27 Bytes [ 8B, 4D, 0C, 8B, 55, 08, 8A, ... ]
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!CompareStringA + 4F 7C80D156 28 Bytes [ 00, 00, 93, 49, 84, 7C, 90, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!CompareStringA + 6C 7C80D173 4 Bytes JMP 7C80C6C6 C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!CompareStringA + 71 7C80D178 66 Bytes [ 90, 90, 90, 90, 90, 64, A1, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!CompareStringA + B4 7C80D1BB 48 Bytes [ 6A, 03, FF, 75, 08, FF, 15, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!CompareStringA + E5 7C80D1EC 8 Bytes [ 68, 0D, 00, 00, C0, E8, 07, ... ]
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetLocaleInfoA + D6 7C80D3C8 4 Bytes [ B8, C7, 80, 7C ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetLocaleInfoA + DB 7C80D3CD 2 Bytes [ FB, 87 ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetLocaleInfoA + DE 7C80D3D0 7 Bytes [ A4, C7, 80, 7C, 08, FD, 87 ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetLocaleInfoA + E6 7C80D3D8 7 Bytes [ 90, C7, 80, 7C, 08, FD, 87 ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetLocaleInfoA + EE 7C80D3E0 6 Bytes [ 78, C7, 80, 7C, D4, FC ]
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!DuplicateHandle + 10 7C80DE9E 55 Bytes [ 2D, FA, 00, 00, 00, 0F, 85, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!DuplicateHandle + 48 7C80DED6 94 Bytes [ C1, 5F, 5E, 5B, 5D, C2, 18, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!DuplicateHandle + A7 7C80DF35 36 Bytes [ 04, 46, 66, 03, 02, 66, 89, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!DuplicateHandle + CC 7C80DF5A 50 Bytes [ 83, 7D, 14, 00, 0F, 85, A2, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!DuplicateHandle + FF 7C80DF8D 85 Bytes [ A1, A8, 50, 88, 7C, 8B, 98, ... ]
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetModuleHandleW + 3C 7C80E509 54 Bytes [ D9, 80, 7C, 86, F5, 87, 7C, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetModuleHandleW + 73 7C80E540 3 Bytes [ A0, D8, 80 ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetModuleHandleW + 77 7C80E544 4 Bytes [ 86, F5, 87, 7C ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetModuleHandleW + 7C 7C80E549 139 Bytes [ D8, 80, 7C, B9, F5, 87, 7C, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetModuleHandleW + 108 7C80E5D5 233 Bytes [ F6, 87, 7C, 74, D7, 80, 7C, ... ]
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!SearchPathW + 1F 7C80E78B 81 Bytes [ 90, 52, 65, 67, 69, 73, 74, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!SearchPathW + 71 7C80E7DD 145 Bytes [ 90, 90, 90, 4F, 65, 6D, 54, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!SearchPathW + 103 7C80E86F 285 Bytes [ 90, 47, 65, 74, 57, 69, 6E, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!CreateMutexW + 46 7C80E98D 3 Bytes [ 90, 90, 90 ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!CreateMutexW + 4A 7C80E991 17 Bytes [ 6E, 75, 6D, 44, 65, 73, 6B, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!CreateMutexW + 5C 7C80E9A3 20 Bytes [ 90, 45, 6E, 64, 50, 61, 69, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!CreateMutexW + 71 7C80E9B8 41 Bytes [ 4D, 65, 73, 73, 61, 67, 65, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!CreateMutexA + 13 7C80E9E2 223 Bytes [ 90, 90, 44, 65, 66, 57, 69, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!OpenMutexA + 18 7C80EAC3 7 Bytes [ 00, 9D, F9, 87, 7C, 03, 00 ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!OpenMutexA + 21 7C80EACC 30 Bytes [ C1, FD, 87, 7C, 04, 00, 00, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!OpenMutexA + 40 7C80EAEB 87 Bytes [ 00, AA, 60, 82, 7C, 11, 00, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!FindFirstFileExW + 36 7C80EB43 14 Bytes [ 00, B4, FD, 87, 7C, 2B, 00, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!FindFirstFileExW + 45 7C80EB52 13 Bytes [ 00, 00, 4F, F1, 87, 7C, 3B, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!FindFirstFileExW + 53 7C80EB60 55 Bytes [ 3E, 00, 00, 00, 88, F9, 87, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!FindFirstFileExW + 8B 7C80EB98 35 Bytes [ 48, 00, 00, 00, E0, 01, 88, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!FindFirstFileExW + AF 7C80EBBC 126 Bytes [ E0, 01, 88, 7C, 55, 00, 00, ... ]
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!FindClose + 4 7C80EE6B 125 Bytes [ 00, 04, FB, 87, 7C, D0, 00, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!FindClose + 82 7C80EEE9 24 Bytes [ 50, FF, 75, 08, FF, 15, CC, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!FindClose + 9C 7C80EF03 25 Bytes [ C2, 1C, 00, 90, 90, FF, FF, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!FindClose + B6 7C80EF1D 6 Bytes [ 6A, 00, 68, 2C, DF, 80 ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!FindClose + BD 7C80EF24 7 Bytes [ FF, 75, 08, E8, 76, 2C, 07 ]
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!FindFirstFileW + 1A 7C80EF8B 217 Bytes [ 00, 00, 8B, 44, 24, 24, 8B, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!FindNextFileW + 9B 7C80F065 74 Bytes [ 15, 8C, 11, 80, 7C, 8B, 35, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!FindNextFileW + E6 7C80F0B0 6 Bytes [ 05, 00, 00, 00, 03, 00 ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!FindNextFileW + EE 7C80F0B8 11 Bytes [ 04, 00, 00, 00, 00, 00, 00, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!FindNextFileW + FA 7C80F0C4 9 Bytes [ 00, 00, 00, 00, 02, 00, 00, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!FindNextFileW + 106 7C80F0D0 41 Bytes [ 05, 00, 00, 00, 04, 00, 00, ... ]
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetEnvironmentVariableW + 64 7C80F1E8 12 Bytes [ A1, 4C, 53, 88, 7C, 3B, C6, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetEnvironmentVariableW + 71 7C80F1F5 267 Bytes JMP 7C8449D9 C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetEnvironmentVariableW + 17E 7C80F302 253 Bytes [ 90, 90, 90, 6A, 44, 68, 08, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!SetCurrentDirectoryW + 82 7C80F400 14 Bytes [ FF, FF, 90, 90, 90, 90, 90, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!SetCurrentDirectoryW + 91 7C80F40F 3 Bytes [ 00, 76, 3A ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!SetCurrentDirectoryW + 95 7C80F413 3 Bytes [ 7C, 00, 00 ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!SetCurrentDirectoryW + 99 7C80F417 18 Bytes [ 00, 00, 00, 00, 00, AD, 39, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!SetCurrentDirectoryW + AC 7C80F42A 2 Bytes [ 75, E4 ]
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetPrivateProfileStringW + 25 7C80FA12 1 Byte [ 0C ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetPrivateProfileStringW + 28 7C80FA15 52 Bytes CALL 7C80F946 C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetPrivateProfileStringW + 5D 7C80FA4A 11 Bytes [ 45, F4, 50, FF, 15, 40, 10, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetPrivateProfileStringW + 69 7C80FA56 72 Bytes [ DC, 18, 00, 00, 00, E8, 7D, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetVolumeInformationW + 2A 7C80FA9F 17 Bytes [ FC, 5B, 5E, C9, C2, 0C, 00, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetVolumeInformationW + 3C 7C80FAB1 38 Bytes [ 51, 83, 7D, 10, 00, 56, 0F, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetVolumeInformationW + 63 7C80FAD8 1 Byte [ 8D ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetVolumeInformationW + 65 7C80FADA 60 Bytes [ F8, 50, 56, FF, 15, 88, 10, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetVolumeInformationW + A3 7C80FB18 44 Bytes [ 83, 7D, 0C, 01, A1, CC, 56, ... ]
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GlobalFree + 3E 7C80FCFD 13 Bytes [ 66, 83, F9, 2A, 0F, 84, A0, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GlobalFree + 4C 7C80FD0B 1 Byte [ FD ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GlobalFree + 4E 7C80FD0D 26 Bytes JMP EF523852
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GlobalFree + 69 7C80FD28 17 Bytes [ FD, FF, FF, 50, 6A, 01, 6A, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GlobalFree + 7B 7C80FD3A 16 Bytes [ FF, 50, 8D, 85, 64, FD, FF, ... ]
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GlobalAlloc + 6E 7C80FE2B 8 Bytes [ B5, 90, FD, FF, FF, E8, DC, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GlobalAlloc + 78 7C80FE35 43 Bytes [ 3B, C3, 0F, 84, 7E, DC, 02, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GlobalAlloc + A4 7C80FE61 40 Bytes [ FF, 90, 90, 90, 90, 90, 6A, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GlobalAlloc + CD 7C80FE8A 32 Bytes [ 89, 75, DC, 8D, 7E, 14, 57, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GlobalAlloc + EE 7C80FEAB 27 Bytes [ 15, 8C, 11, 80, 7C, 53, FF, ... ]
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GlobalUnlock + 23 7C80FF35 2 Bytes [ 0C, 10 ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GlobalUnlock + 27 7C80FF39 95 Bytes [ 8B, F0, 33, FF, 3B, F7, 74, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GlobalUnlock + 87 7C80FF99 10 Bytes [ B5, 90, FD, FF, FF, FF, 15, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GlobalUnlock + 92 7C80FFA4 102 Bytes [ 56, EB, E4, 3B, D3, 0F, 84, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GlobalLock + 62 7C81000B 62 Bytes [ 8B, 77, 08, 89, 75, CC, 39, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GlobalLock + A1 7C81004A 49 Bytes [ 47, 10, 8B, 46, 18, 89, 47, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GlobalLock + D3 7C81007C 60 Bytes [ 5C, 47, 2C, 0F, BE, 46, 44, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GlobalLock + 110 7C8100B9 16 Bytes CALL 7C80350E C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GlobalLock + 122 7C8100CB 2 Bytes [ FF, 00 ]
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!CreateSemaphoreW + 14 7C81012A 84 Bytes [ 75, E4, 53, 8B, 40, 30, FF, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!CreateSemaphoreW + 69 7C81017F 146 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!lstrcpyn + 71 7C810212 28 Bytes [ 8B, FF, 55, 8B, EC, 81, EC, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!lstrcpyn + 8E 7C81022F 66 Bytes [ 3B, C7, 0F, 84, 52, 09, 01, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!SetEnvironmentVariableW + 24 7C810272 129 Bytes [ 33, FF, 47, 8B, 4D, FC, 8B, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!SetEnvironmentVariableW + A6 7C8102F4 15 Bytes CALL 7C80A790 C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!SetEnvironmentVariableW + B6 7C810304 63 Bytes [ 55, 8B, EC, 51, 51, 56, 57, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!SetEnvironmentVariableW + F6 7C810344 177 Bytes [ F8, 66, 83, 7D, F8, 06, 8B, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!SetEnvironmentVariableW + 1A8 7C8103F6 15 Bytes [ 80, 7D, 0C, 00, C6, 85, 38, ... ]
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!CreateRemoteThread + 21 7C8104DD 102 Bytes [ 4D, FC, 5F, 5E, 5B, E8, AB, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!CreateRemoteThread + 88 7C810544 28 Bytes CALL 7C810768 C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!CreateRemoteThread + A6 7C810562 321 Bytes [ 15, C8, 11, 80, 7C, D1, E0, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!CreateRemoteThread + 1E8 7C8106A4 16 Bytes [ 47, 01, 39, 5D, 20, 0F, 84, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!CreateRemoteThread + 1F9 7C8106B5 73 Bytes [ 8D, 51, 01, 66, 89, 56, 32, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!CreateThread + 38 7C8106FF 36 Bytes [ 8B, 09, 89, 4E, 50, 38, 5D, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!SwitchToFiber + 22 7C810724 70 Bytes [ 8B, 06, 83, F8, 05, 74, 09, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!SwitchToFiber + 69 7C81076B 20 Bytes [ FF, 55, 8B, EC, 8B, 4D, 0C, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!SwitchToFiber + 7E 7C810780 110 Bytes [ 6A, 02, 5A, 66, 83, 38, 20, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!CreateFileW 7C8107F0 3 Bytes [ 90, 90, 90 ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!CreateFileW + 4 7C8107F4 98 Bytes [ FF, 55, 8B, EC, 56, 57, 8B, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!CreateFileW + 67 7C810857 9 Bytes CALL E5810859
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!CreateFileW + 71 7C810861 4 Bytes [ 85, D8, FD, FF ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!CreateFileW + 76 7C810866 277 Bytes [ 50, C7, 85, EC, FD, FF, FF, ... ]
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetFileSizeEx + 3B 7C810AD4 11 Bytes [ 34, 1C, 03, 00, C7, 45, 94, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetFileSizeEx + 47 7C810AE0 75 Bytes [ 5D, 98, C7, 45, A0, 40, 00, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetFileSize + 25 7C810B2C 10 Bytes [ 15, 14, 10, 80, 7C, 89, BE, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetFileSize + 30 7C810B37 12 Bytes [ 3B, C3, 0F, 8C, 2C, 90, 02, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetFileSize + 3D 7C810B44 18 Bytes CALL 7C810210 C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetFileSize + 50 7C810B57 12 Bytes [ 00, 00, FF, 75, D8, 53, 8B, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetFileSize + 5D 7C810B64 119 Bytes [ 15, 10, 10, 80, 7C, 39, 5D, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!SystemTimeToFileTime + 30 7C810BDC 19 Bytes [ 45, C4, 3B, C3, 0F, 8C, 9C, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!SystemTimeToFileTime + 44 7C810BF0 72 Bytes [ FC, 01, 00, 00, 00, 39, 5D, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!SetFilePointer + 1B 7C810C39 9 Bytes [ 45, 18, 3B, C3, 0F, 85, D8, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!SetFilePointer + 25 7C810C43 19 Bytes [ 8B, 45, 1C, 3B, C3, 0F, 85, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!SetFilePointer + 3A 7C810C58 6 Bytes [ 83, 4D, FC, FF, E8, 2C ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!SetFilePointer + 42 7C810C60 28 Bytes CALL 7C80350D C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!SetFilePointer + 5F 7C810C7D 156 Bytes [ 00, 00, 00, A7, 17, 84, 7C, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetFileInformationByHandle + 1D 7C810D1A 31 Bytes [ 8B, 5E, 04, 89, 5D, E4, 56, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetFileInformationByHandle + 3D 7C810D3A 35 Bytes [ 15, 10, 10, 80, 7C, 84, C0, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetFileInformationByHandle + 61 7C810D5E 10 Bytes [ FF, C2, 04, 00, 90, 90, 90, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetFileInformationByHandle + 6D 7C810D6A 62 Bytes [ FF, FF, 94, 04, 84, 7C, A7, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetFileInformationByHandle + AC 7C810DA9 94 Bytes [ 85, DB, 75, 83, EB, 98, 6A, ... ]
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!WriteFile + 1D 7C810E34 7 Bytes [ 00, 10, 00, 0B, 45, E4, 50 ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!WriteFile + 25 7C810E3C 17 Bytes [ 35, A4, 53, 88, 7C, FF, 15, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!WriteFile + 37 7C810E4E 50 Bytes [ 0F, 84, 01, 02, 03, 00, FF, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!WriteFile + 6A 7C810E81 8 Bytes [ 0F, 94, C0, 8D, 04, C5, 01, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!WriteFile + 74 7C810E8B 18 Bytes [ 66, 89, 06, F6, 45, 09, 01, ... ]
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetFileType + E 7C810EEF 51 Bytes [ 0B, 45, E4, 50, FF, 35, A4, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetFileType + 42 7C810F23 36 Bytes [ 00, 00, 8B, 5D, 08, F6, C3, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetFileType + 67 7C810F48 19 Bytes [ 88, 7C, FF, 15, B8, 12, 80, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetFileType + 7B 7C810F5C 122 Bytes [ 46, 02, 8D, 48, FF, 66, 89, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!lstrcatW + 15 7C810FD7 6 Bytes [ DC, 56, 68, E0, 50, 88 ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!lstrcatW + 1C 7C810FDE 13 Bytes [ FF, 15, B8, 12, 80, 7C, 84, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!lstrcatW + 2A 7C810FEC 7 Bytes [ 8B, 7E, 04, 89, 7D, E4, 85 ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!lstrcatW + 32 7C810FF4 16 Bytes [ 0F, 84, A2, 02, 03, 00, 33, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!lstrcatW + 43 7C811005 124 Bytes [ 4E, 02, 66, 3D, FF, 00, 0F, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!OpenConsoleW + 11 7C811082 63 Bytes [ 3B, C3, 0F, 8C, 02, A9, 02, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!OpenConsoleW + 51 7C8110C2 2 Bytes [ 66, 8B ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!OpenConsoleW + 54 7C8110C5 4 Bytes CALL 7C803510 C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!OpenConsoleW + 59 7C8110CA 6 Bytes [ FF, C2, 0C, 00, 90, 90 ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!OpenConsoleW + 60 7C8110D1 2 Bytes [ FF, FF ]
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!IsValidCodePage + 25 7C811180 82 Bytes [ 00, 00, 40, 0F, 85, 58, BE, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetFileAttributesExW + 4E 7C8111D3 50 Bytes [ E4, 41, 89, 4D, E0, FF, 4D, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetFileAttributesExW + 81 7C811206 72 Bytes [ 90, 90, 90, 90, 90, FF, 25, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetFileAttributesExW + CA 7C81124F 11 Bytes [ FF, 55, 8B, EC, 83, EC, 10, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetFileAttributesExW + D6 7C81125B 18 Bytes [ 35, C0, 13, 80, 7C, 8D, 45, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetVersion + 4 7C81126E 9 Bytes [ 75, 24, 6A, 00, 8D, 45, F8, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetVersion + E 7C811278 22 Bytes [ FF, 15, 10, 14, 80, 7C, 85, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetVersion + 25 7C81128F 41 Bytes [ 33, C0, 40, EB, F6, FF, 75, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetVersion + 51 7C8112BB 77 Bytes [ 8B, 48, 30, 64, A1, 18, 00, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetVersion + 9F 7C811309 9 Bytes [ FF, 8B, C2, 8D, 44, 06, FF, ... ]
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!DisableThreadLibraryCalls + 11 7C811337 6 Bytes [ 8B, 40, 30, 8B, 88, 08 ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!DisableThreadLibraryCalls + 19 7C81133F 21 Bytes [ 00, 85, C9, 8B, 45, 0C, 0F, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!DisableThreadLibraryCalls + 30 7C811356 43 Bytes [ 8D, 44, 06, FF, 23, C2, 89, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!DisableThreadLibraryCalls + 5C 7C811382 1 Byte [ 20 ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!DisableThreadLibraryCalls + 5E 7C811384 19 Bytes [ 00, 8D, 45, 10, 50, 6A, 00, ... ]
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetFileAttributesA + D 7C8115D9 14 Bytes [ FF, 3B, C3, 0F, 8C, B8, A5, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetFileAttributesA + 1C 7C8115E8 18 Bytes [ 0F, 85, B3, 4C, 02, 00, 80, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetLocaleInfoW + 9 7C8115FB 15 Bytes [ 8B, 85, 50, FC, FF, FF, 89, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetLocaleInfoW + 19 7C81160B 12 Bytes [ FF, FF, 89, 85, 50, FF, FF, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetLocaleInfoW + 27 7C811619 17 Bytes [ 89, 85, 54, FF, FF, FF, 6A, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetLocaleInfoW + 3B 7C81162D 82 Bytes [ 50, FF, 15, 34, 10, 80, 7C, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetLocaleInfoW + 8E 7C811680 21 Bytes [ 8B, 85, 50, FC, FF, FF, 8B, ... ]
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GlobalReAlloc + 35 7C81247E 81 Bytes [ FF, 8D, 45, F0, 50, E8, E7, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GlobalReAlloc + 87 7C8124D0 20 Bytes [ FF, 55, 8B, EC, 56, 8B, 75, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GlobalReAlloc + 9C 7C8124E5 70 Bytes [ 00, 48, 0F, 85, 34, CF, 01, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GlobalReAlloc + E3 7C81252C 46 Bytes [ 83, F8, 5C, 74, 0A, 66, 83, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GlobalReAlloc + 112 7C81255B 134 Bytes [ D8, F1, 01, 00, 8B, 55, 0C, ... ]
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!FlushFileBuffers + 18 7C8126E9 3 Bytes [ 71, 0B, 00 ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!FlushFileBuffers + 1C 7C8126ED 34 Bytes [ 3B, 85, 54, FF, FF, FF, 0F, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!FlushFileBuffers + 3F 7C812710 22 Bytes [ 83, C4, 0C, 66, 83, 64, 7E, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!FlushFileBuffers + 57 7C812728 1 Byte [ 10 ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!FlushFileBuffers + 59 7C81272A 23 Bytes [ 8B, 3D, 9C, 57, 88, 7C, E9, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!DisconnectNamedPipe + 13 7C812742 54 Bytes [ C1, E7, 10, 0B, F8, 0B, F9, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!DisconnectNamedPipe + 4A 7C812779 15 Bytes [ 0F, 84, 83, 7C, 02, 00, E9, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!PostQueuedCompletionStatus + 7 7C812789 50 Bytes [ 33, C0, EB, 8E, 8B, 47, 04, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!ChangeTimerQueueTimer + A 7C8127BD 15 Bytes [ 0F, 85, 00, 0A, 00, 00, 6A, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!ChangeTimerQueueTimer + 1A 7C8127CD 57 Bytes [ 50, 0F, B7, 45, 08, 6A, 00, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!ChangeTimerQueueTimer + 55 7C812808 11 Bytes [ FF, 0A, 00, 00, 00, 83, C6, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!SetFileAttributesA + 2 7C812814 1 Byte [ FF ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!SetFileAttributesA + 4 7C812816 7 Bytes [ 77, 08, C7, 85, 58, FF, FF ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!SetFileAttributesA + C 7C81281E 29 Bytes [ 0A, 00, 00, 00, 83, C6, 32, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetOEMCP + 5 7C81283C 81 Bytes JMP 7C8126B9 C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetSystemDefaultLangID + 4C 7C81288E 26 Bytes JMP 7C81C5F6 C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetDiskFreeSpaceExW + 16 7C8128A9 79 Bytes [ 00, 48, 74, DC, 66, 83, A5, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetDiskFreeSpaceExW + 66 7C8128F9 25 Bytes [ 83, F8, 32, 74, 8B, 83, F8, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetDiskFreeSpaceExW + 82 7C812915 114 Bytes JMP 7C8126B9 C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetDiskFreeSpaceExW + F5 7C812988 31 Bytes [ FF, FF, 30, 0F, 84, 60, 9C, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetDiskFreeSpaceExW + 115 7C8129A8 4 Bytes [ 85, AC, 9C, 00 ]
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!RaiseException + 5F 7C812AF8 193 Bytes [ 66, 3B, CA, 74, 0F, 40, 40, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetVersionExA + 4C 7C812BBA 21 Bytes [ 00, 83, F8, 64, 0F, 84, 76, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetVersionExA + 62 7C812BD0 2 Bytes [ 5C, FF ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetVersionExA + 66 7C812BD4 27 Bytes JMP 7C81C5F8 C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetVersionExA + 82 7C812BF0 29 Bytes [ C9, 75, F0, 03, C3, 68, 34, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetVersionExA + A0 7C812C0E 46 Bytes JMP 7C8126B8 C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetProcessVersion + 20 7C812CD3 34 Bytes CALL 7C81311C C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetProcessVersion + 43 7C812CF6 19 Bytes JMP 7C8126B7 C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetProcessVersion + 57 7C812D0A 156 Bytes [ FF, 8B, 47, 04, 0F, B7, 40, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetProcessVersion + F4 7C812DA7 75 Bytes [ FF, FF, 8B, 77, 08, 81, C6, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetSystemInfo + F 7C812DF5 10 Bytes [ FF, B5, 50, FF, FF, FF, 8D, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetSystemInfo + 1A 7C812E00 53 Bytes [ FF, FF, B5, 58, FF, FF, FF, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!TlsAlloc + 7 7C812E36 24 Bytes [ 8D, 17, 81, 7C, 0E, 52, 83, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!TlsAlloc + 20 7C812E4F 8 Bytes [ 18, 81, 7C, A9, 16, 81, 7C, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!TlsAlloc + 29 7C812E58 137 Bytes [ 83, 7C, 9A, 84, 83, 7C, 6A, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!CreateSemaphoreA + 35 7C812EE2 108 Bytes [ 58, C4, 81, 7C, 64, C4, 81, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetCPInfo + 8D 7C812F93 30 Bytes [ 18, 81, 7C, 86, B4, 81, 7C, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetCommandLineA + 5 7C812FB2 153 Bytes [ 89, 18, 81, 7C, 3A, B5, 81, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!ProcessIdToSessionId + 33 7C81304C 1 Byte [ 72 ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!ProcessIdToSessionId + 35 7C81304E 48 Bytes [ 79, 00, 00, 00, 90, 90, 90, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!ProcessIdToSessionId + 66 7C81307F 159 Bytes [ 8B, 77, 08, 83, C6, 3E, E9, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetUserDefaultUILanguage + 20 7C813120 33 Bytes [ 8B, FF, 55, 8B, EC, 53, 8B, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!IsDebuggerPresent + 20 7C813143 40 Bytes [ 0F, 8D, E6, 81, 01, 00, BE, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!IsDebuggerPresent + 49 7C81316C 5 Bytes [ 0F, 85, 76, A9, 03 ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!IsDebuggerPresent + 4F 7C813172 23 Bytes [ 3B, 98, 60, 18, 00, 00, 0F, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!IsDebuggerPresent + 69 7C81318C 44 Bytes [ 56, 8B, D8, FF, 15, 8C, 11, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!IsDebuggerPresent + 96 7C8131B9 138 Bytes [ 33, C0, 40, 5F, 5E, 5B, 5D, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!OpenEventW + 74 7C813244 7 Bytes [ 73, 00, 31, 00, 31, 00, 35 ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!OpenEventW + 7C 7C81324C 37 Bytes [ 39, 00, 00, 00, 39, 75, 14, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!OpenEventW + A2 7C813272 64 Bytes [ C1, 66, 8B, 32, 66, 85, F6, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!OpenEventA + 18 7C8132B4 45 Bytes [ 00, 66, 8B, 72, 08, 66, 85, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!OpenEventA + 46 7C8132E2 132 Bytes [ 0F, 84, 80, 00, 00, 00, 66, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!OpenEventA + CB 7C813367 16 Bytes [ FF, 5E, C3, 3B, DA, 74, 26, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!OpenEventA + DC 7C813378 18 Bytes [ 51, 68, A0, 23, 81, 7C, 68, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!WTSGetActiveConsoleSessionId + D 7C81338B 24 Bytes [ FF, 85, C0, 0F, 85, 2F, FE, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!WTSGetActiveConsoleSessionId + 26 7C8133A4 11 Bytes [ 65, 00, 63, 00, 69, 00, 6D, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!WTSGetActiveConsoleSessionId + 33 7C8133B1 53 Bytes [ 00, 3B, DA, 74, 26, 6A, 00, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetLongPathNameW + 5 7C8133E8 26 Bytes [ 73, 00, 54, 00, 68, 00, 6F, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetLongPathNameW + 20 7C813403 8 Bytes [ FF, 6A, 01, 6A, 50, 8D, 8D, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetLongPathNameW + 29 7C81340C 9 Bytes [ FF, FF, 51, 68, 30, 24, 81, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetLongPathNameW + 33 7C813416 23 Bytes [ 05, 00, 00, 50, FF, 75, 08, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetLongPathNameW + 4C 7C81342F 20 Bytes [ 90, 73, 00, 47, 00, 72, 00, ... ]
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!TlsFree + 31 7C813798 43 Bytes [ 08, FF, 15, 1C, 12, 80, 7C, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!TlsFree + 5D 7C8137C4 14 Bytes [ 85, C0, 0F, 84, 7F, 26, 03, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!TlsFree + 6D 7C8137D4 15 Bytes [ 0C, 50, FF, 15, 4C, 15, 80, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!TlsFree + 7D 7C8137E4 18 Bytes [ 33, C0, 40, 5D, C2, 10, 00, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!TlsFree + 91 7C8137F8 38 Bytes JMP 7C811816 C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetFileAttributesExA 7C813841 57 Bytes [ 90, 66, A1, A8, 53, 88, 7C, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!FindFirstFileA + 12 7C81387B 40 Bytes JMP 7C814AB5 C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!FindFirstFileA + 3B 7C8138A4 6 Bytes [ C7, 45, FC, 5C, 00, 66 ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!FindFirstFileA + 42 7C8138AB 111 Bytes CALL CF813B9D
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!FindFirstFileA + B2 7C81391B 40 Bytes [ 70, 18, FF, 15, 10, 10, 80, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!FindFirstFileA + DB 7C813944 50 Bytes [ C0, 0F, 8C, C5, D9, 01, 00, ... ]
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetFullPathNameA + 2F 7C8139BB 43 Bytes [ 83, FE, 2A, 0F, 85, D7, 95, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetFullPathNameA + 5B 7C8139E7 61 Bytes [ 3C, 20, 0F, 82, 99, 95, 03, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetFullPathNameA + 99 7C813A25 90 Bytes [ D0, 01, 00, 00, 00, 33, C0, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetFullPathNameA + F4 7C813A80 47 Bytes [ 89, 2A, 81, 7C, 90, 90, 90, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetFullPathNameA + 124 7C813AB0 20 Bytes [ 75, 14, 83, E0, 01, 85, F6, ... ]
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetEnvironmentVariableA + 16 7C814B98 15 Bytes [ A5, 00, 00, 00, 40, FE, 87, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetEnvironmentVariableA + 26 7C814BA8 9 Bytes [ AA, 00, 00, 00, 88, F9, 87, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetEnvironmentVariableA + 30 7C814BB2 7 Bytes [ 00, 00, 4F, F1, 87, 7C, AC ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetEnvironmentVariableA + 39 7C814BBB 3 Bytes [ 00, D8, FA ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetEnvironmentVariableA + 3D 7C814BBF 2 Bytes [ 7C, AE ]
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetSystemDirectoryA + 16 7C814F90 252 Bytes [ 38, 40, 81, 7C, 47, F7, 87, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!NlsConvertIntegerToString + A1 7C81508D 55 Bytes [ 90, 90, 90, 53, 74, 67, 43, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!NlsConvertIntegerToString + D9 7C8150C5 154 Bytes [ 90, 90, 90, 52, 65, 67, 69, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!NlsConvertIntegerToString + 174 7C815160 169 Bytes [ 4F, 6C, 65, 52, 75, 6E, 00, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!BaseUpdateAppcompatCache + 5A 7C81520A 22 Bytes [ 90, 90, 4F, 6C, 65, 49, 6E, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!BaseUpdateAppcompatCache + 71 7C815221 101 Bytes [ 74, 43, 6C, 69, 70, 62, 6F, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!IsWow64Process + 5F 7C815288 12 Bytes [ 47, 65, 74, 48, 47, 6C, 6F, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!IsWow64Process + 6C 7C815295 89 Bytes [ 6D, 53, 74, 72, 65, 61, 6D, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!IsWow64Process + C6 7C8152EF 114 Bytes [ 90, 43, 72, 65, 61, 74, 65, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!IsWow64Process + 139 7C815362 44 Bytes [ 90, 90, 43, 72, 65, 61, 74, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!IsWow64Process + 166 7C81538F 45 Bytes [ 90, 43, 72, 65, 61, 74, 65, ... ]
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!CreateActCtxW + 20E 7C8156FA 39 Bytes [ 00, 00, F8, 06, 88, 7C, 6A, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!CreateActCtxW + 236 7C815722 72 Bytes [ 00, 00, 56, F9, 87, 7C, 7E, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!CreateActCtxW + 280 7C81576C 5 Bytes [ 18, 07, 88, 7C, 88 ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!CreateActCtxW + 286 7C815772 7 Bytes [ 00, 00, D8, FA, 87, 7C, 89 ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!CreateActCtxW + 28E 7C81577A 9 Bytes [ 00, 00, 33, FE, 87, 7C, 8A, ... ]
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!QueryActCtxW + 11 7C81637C 6 Bytes [ 24, FF, 75, 0C, E8, 5B ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!QueryActCtxW + 18 7C816383 9 Bytes [ 00, 00, 8B, F8, 3B, FE, 0F, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!QueryActCtxW + 22 7C81638D 136 Bytes [ 00, 00, 8B, C7, 5F, 5E, 5B, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!QueryActCtxW + AB 7C816416 96 Bytes [ FF, 73, 04, 89, 55, C4, FF, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!QueryActCtxW + 10C 7C816477 15 Bytes CALL 7C8164E1 C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!BaseInitAppcompatCache + C 7C816569 103 Bytes [ F3, AB, 66, AB, 89, 9D, 60, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!BaseInitAppcompatCache + 74 7C8165D1 5 Bytes [ 0F, 85, 1D, 09, 03 ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!BaseInitAppcompatCache + 7A 7C8165D7 42 Bytes [ F6, 85, 70, FD, FF, FF, 08, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!BaseInitAppcompatCache + A5 7C816602 23 Bytes [ 00, 0F, 85, 10, A7, 01, 00, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!BaseInitAppcompatCache + BD 7C81661A 32 Bytes [ 85, 74, FD, FF, FF, 3B, C3, ... ]
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!BaseCheckAppcompatCache + C 7C816873 25 Bytes [ FF, 50, FF, B5, 60, FD, FF, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!BaseCheckAppcompatCache + 26 7C81688D 25 Bytes [ FF, 10, 0F, 85, C1, 58, 01, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!BaseCheckAppcompatCache + 42 7C8168A9 21 Bytes [ 57, FF, 15, D8, 15, 80, 7C, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!BaseCheckAppcompatCache + 58 7C8168BF 12 Bytes [ FF, 33, F6, 33, FF, 39, BD, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!BaseCheckAppcompatCache + 65 7C8168CC 14 Bytes [ F7, 09, 03, 00, FF, B5, 90, ... ]
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!RegisterWaitForInputIdle + 32 7C817050 27 Bytes [ 70, 18, FF, 15, 10, 10, 80, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!RegisterWaitForInputIdle + 4E 7C81706C 52 Bytes [ 74, 1A, 3B, C8, 0F, 85, D8, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!RegisterWaitForInputIdle + 83 7C8170A1 43 Bytes [ FF, 3B, CF, 66, 89, 85, CA, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!RegisterWaitForInputIdle + B0 7C8170CE 5 Bytes [ 89, 8D, 6C, FD, FF ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!RegisterWaitForInputIdle + B6 7C8170D4 12 Bytes [ 3B, C7, 89, 85, 60, FD, FF, ... ]
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!BaseProcessInitPostImport + BA 7C81758D 12 Bytes [ 00, A1, E0, 57, 88, 7C, 3B, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!BaseProcessInitPostImport + C8 7C81759B 35 Bytes CALL 7C80352D C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!BaseProcessInitPostImport + EC 7C8175BF 39 Bytes [ 88, 7C, 0F, 84, 92, 75, 00, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!BaseProcessInitPostImport + 115 7C8175E8 2 Bytes [ 8C, 11 ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!BaseProcessInitPostImport + 119 7C8175EC 30 Bytes [ C3, 90, 90, 90, 90, 90, 6A, ... ]
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetNlsSectionName + 13 7C818020 16 Bytes [ 55, 8B, EC, 8B, 45, 08, A3, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetNlsSectionName + 24 7C818031 2 Bytes [ CF, 49 ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetNlsSectionName + 28 7C818035 160 Bytes [ BF, 7B, 00, 00, C0, E9, 32, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetNlsSectionName + C9 7C8180D6 22 Bytes [ FF, 15, 34, 10, 80, 7C, 85, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetNlsSectionName + E0 7C8180ED 1 Byte [ FF ]
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!BasepCheckWinSaferRestrictions + 19 7C8195BC 74 Bytes [ B6, 6C, 01, 00, 00, 85, F6, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!BasepCheckWinSaferRestrictions + 64 7C819607 58 Bytes [ 8B, 40, 30, 68, B0, 87, 81, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!BasepCheckWinSaferRestrictions + 9F 7C819642 2 Bytes [ C7, C7 ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!BasepCheckWinSaferRestrictions + A2 7C819645 17 Bytes [ EC, FB, FF, FF, 04, 00, 00, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!BasepCheckWinSaferRestrictions + B4 7C819657 12 Bytes [ 00, 8D, 85, FC, FD, FF, FF, ... ]
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!CreateProcessInternalW + 4 7C8197A0 238 Bytes [ 44, 00, 4C, 00, 4C, 00, 21, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!CreateProcessInternalW + F3 7C81988F 5 Bytes [ FF, 50, E8, 3B, F7 ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!CreateProcessInternalW + F9 7C819895 1 Byte [ FF ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!CreateProcessInternalW + FB 7C819897 68 Bytes [ C0, 0F, 85, 15, 7E, 02, 00, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!CreateProcessInternalW + 140 7C8198DC 21 Bytes [ 3D, 2C, 50, 88, 7C, 66, A3, ... ]
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetExitCodeProcess + 25 7C81AB60 170 Bytes [ FF, 8B, 8D, 48, FE, FF, FF, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!VerifyConsoleIoHandle + 3D 7C81AC0B 2 Bytes [ B8, FD ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!VerifyConsoleIoHandle + 41 7C81AC0F 12 Bytes [ 51, 8D, 8D, 6C, F8, FF, FF, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!VerifyConsoleIoHandle + 4F 7C81AC1D 73 Bytes [ 51, 8D, 8D, 9C, F8, FF, FF, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetConsoleMode + 2F 7C81AC67 35 Bytes [ B5, 94, F9, FF, FF, FF, 15, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetConsoleMode + 54 7C81AC8C 37 Bytes [ 39, 9D, A4, F7, FF, FF, 74, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetConsoleMode + 7A 7C81ACB2 16 Bytes [ 15, 0C, 10, 80, 7C, 8B, F8, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetConsoleMode + 8B 7C81ACC3 2 Bytes [ 5C, 8B ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetConsoleMode + 8E 7C81ACC6 15 Bytes [ 00, 8D, 85, 60, F9, FF, FF, ... ]
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetConsoleOutputCP + 3C 7C81AEEB 45 Bytes [ 66, 89, 9E, 90, 00, 00, 00, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!SetConsoleMode + A 7C81AF1A 12 Bytes [ F6, 85, 8C, F7, FF, FF, 40, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!SetConsoleMode + 17 7C81AF27 19 Bytes [ F6, 85, 8C, F7, FF, FF, 80, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!SetConsoleMode + 2B 7C81AF3B 8 Bytes [ 46, 1C, 3B, C3, 0F, 85, 70, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!SetConsoleMode + 35 7C81AF45 8 Bytes [ 6A, 26, 59, 8D, B5, 90, FC, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!SetConsoleMode + 3E 7C81AF4E 15 Bytes [ 8B, FE, F3, A5, 39, 9D, B8, ... ]
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!SetThreadUILanguage + 32 7C81AFAA 84 Bytes [ 00, F6, 45, 20, 04, 75, 13, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!SetThreadUILanguage + 87 7C81AFFF 86 Bytes [ FF, 89, 46, 04, 8B, 85, 18, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!SetThreadUILanguage + DE 7C81B056 21 Bytes [ 9D, 04, F8, FF, FF, 0F, 85, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!SetThreadUILanguage + F4 7C81B06C 29 Bytes [ FF, 0F, 85, B7, 00, 00, 00, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!SetConsoleInputExeNameW + 15 7C81B08A 10 Bytes [ FF, 39, 9D, B4, F7, FF, FF, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!SetConsoleInputExeNameW + 21 7C81B096 114 Bytes [ 00, 89, 9D, 60, F8, FF, FF, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!SetConsoleInputExeNameW + 94 7C81B109 21 Bytes [ 00, 00, 89, 85, 18, F6, FF, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!SetConsoleInputExeNameW + AA 7C81B11F 81 Bytes [ 15, 10, 10, 80, 7C, 8B, 35, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!SetConsoleInputExeNameW + FD 7C81B172 25 Bytes [ B5, 28, F8, FF, FF, 53, 8B, ... ]
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!SetConsoleCtrlHandler + 20 7C81B2CB 21 Bytes [ 8D, 85, 7C, FF, FF, FF, 50, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!SetConsoleCtrlHandler + 36 7C81B2E1 136 Bytes [ 00, 33, F6, 39, 9D, 60, FE, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!SetConsoleCtrlHandler + BF 7C81B36A 112 Bytes [ 4F, 14, 89, 8D, 5C, F7, FF, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!SetConsoleCtrlHandler + 130 7C81B3DB 57 Bytes [ FF, EB, A1, 90, 90, 90, 90, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!SetConsoleCtrlHandler + 16A 7C81B415 21 Bytes [ 8B, 5D, 18, 8B, 4D, 1C, 89, ... ]
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetConsoleTitleW + 88 7C81B7E4 1 Byte [ 50 ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetConsoleTitleW + 8A 7C81B7E6 11 Bytes [ B5, 80, FD, FF, FF, 8B, 3D, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetConsoleTitleW + 96 7C81B7F2 24 Bytes [ D7, 89, 85, 74, FD, FF, FF, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetConsoleTitleW + AF 7C81B80B 12 Bytes [ 00, 0F, 8C, 0E, 94, 02, 00, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetConsoleTitleW + BC 7C81B818 40 Bytes [ 89, 01, F6, 45, 2B, 10, 0F, ... ]
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!SetThreadLocale + 2 7C81B8DC 24 Bytes [ FF, FF, B5, 80, FD, FF, FF, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!SetThreadLocale + 1B 7C81B8F5 19 Bytes [ 6A, 04, 8D, 85, C0, FD, FF, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!SetThreadLocale + 30 7C81B90A 9 Bytes [ 50, FF, B5, 80, FD, FF, FF, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!SetThreadLocale + 3A 7C81B914 16 Bytes [ 85, 74, FD, FF, FF, 85, C0, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!SetThreadLocale + 4B 7C81B925 12 Bytes [ 0F, 85, 43, 93, 02, 00, 83, ... ]
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetConsoleScreenBufferInfo 7C81B94B 4 Bytes [ 90, 64, A1, 18 ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetConsoleScreenBufferInfo + 5 7C81B950 41 Bytes [ 00, 00, 89, 85, 30, FD, FF, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetConsoleScreenBufferInfo + 2F 7C81B97A 72 Bytes [ FF, FF, 15, 90, 14, 80, 7C, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetConsoleScreenBufferInfo + 78 7C81B9C3 111 Bytes [ 2A, 01, 00, 00, 8B, D8, 85, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetConsoleScreenBufferInfo + E8 7C81BA33 26 Bytes [ 47, 04, 8B, 08, 89, 4D, E0, ... ]
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!IsValidLocale + 17 7C81C1C2 7 Bytes [ 00, 00, 83, BD, F4, FD, FF ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!IsValidLocale + 20 7C81C1CB 12 Bytes [ 0F, 84, AD, 00, 00, 00, 8B, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!IsValidLocale + 2D 7C81C1D8 31 Bytes [ 85, EC, FD, FF, FF, 50, BB, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!IsValidLocale + 4D 7C81C1F8 79 Bytes [ FF, FF, D6, BF, 1A, 00, 00, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!IsValidLocale + 9E 7C81C249 8 Bytes [ F8, FD, FF, FF, 8D, 85, EC, ... ]
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!ExitProcess + 6 7C81CB00 289 Bytes [ 02, 5F, 03, CF, 66, 39, 31, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!TerminateThread + FF 7C81CC22 67 Bytes [ 66, 89, 79, 16, 74, 3F, 66, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!WriteConsoleA + 21 7C81CC66 35 Bytes [ FF, 5F, 5E, C3, 90, 90, 90, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetEnvironmentStrings + F 7C81CC8A 1 Byte [ 68 ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetEnvironmentStrings + 11 7C81CC8C 15 Bytes [ 69, 00, 6E, 00, 65, 00, 5C, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetEnvironmentStrings + 21 7C81CC9C 11 Bytes [ 65, 00, 6D, 00, 5C, 00, 43, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetEnvironmentStrings + 2D 7C81CCA8 5 Bytes [ 72, 00, 65, 00, 6E ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetEnvironmentStrings + 33 7C81CCAE 1 Byte [ 74 ]
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!SetFileApisToOEM + 46 7C81CDE4 83 Bytes [ 68, 40, 0B, 00, 00, 50, FF, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!SetFileApisToOEM + 9A 7C81CE38 167 Bytes [ 68, 60, 09, 00, 00, 50, FF, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!SetFileApisToOEM + 142 7C81CEE0 159 Bytes [ 68, A0, 0A, 00, 00, 50, FF, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!SetFileApisToOEM + 1E2 7C81CF80 691 Bytes [ 00, 50, FF, 75, 08, E8, 96, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!SetFileApisToOEM + 496 7C81D234 244 Bytes [ 68, 3C, BD, 81, 7C, 68, 70, ... ]
.text ...
shamoo
Active Member
 
Posts: 7
Joined: November 22nd, 2008, 5:04 pm

Re: my hijackthis report please help

Unread postby shamoo » November 28th, 2008, 12:12 pm

part 2

.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!SetStdHandle + 25 7C81D388 10 Bytes [ 75, 27, 8B, 8D, C8, F9, FF, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!SetStdHandle + 30 7C81D393 126 Bytes [ 02, 76, 1B, 8B, 41, 08, 03, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!CloseConsoleHandle + 34 7C81D412 28 Bytes [ 44, 00, 61, 00, 74, 00, 65, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!CloseConsoleHandle + 51 7C81D42F 65 Bytes JMP 7C81431C C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!CloseConsoleHandle + 93 7C81D471 71 Bytes [ 47, 04, 0F, B7, 40, 5A, E9, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!DuplicateConsoleHandle + C 7C81D4B9 150 Bytes [ 47, 04, 0F, B7, 40, 66, E9, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!CreateProcessInternalA + 1A 7C81D550 14 Bytes [ 00, 3B, C7, 0F, 84, 61, 6D, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!CreateProcessInternalA + 29 7C81D55F 110 Bytes [ 85, 95, EB, FF, FF, 57, 57, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!CreateProcessInternalA + 98 7C81D5CE 5 Bytes [ 7D, 08, 8B, 77, 0C ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!CreateProcessInternalA + 9E 7C81D5D4 40 Bytes [ F6, 74, E5, 6A, 01, FF, 75, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!CreateProcessInternalA + C7 7C81D5FD 51 Bytes [ 55, 8B, EC, 81, EC, 84, 00, ... ]
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!FreeEnvironmentStringsA + 3C 7C81D713 21 Bytes [ D5, F1, 01, 00, BE, 78, 50, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!FreeEnvironmentStringsA + 52 7C81D729 58 Bytes [ FF, 0F, 84, 5A, 02, 00, 00, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!FreeEnvironmentStringsA + 8D 7C81D764 76 Bytes [ 88, 7C, FF, 15, B8, 10, 80, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!FreeEnvironmentStringsA + DA 7C81D7B1 76 Bytes [ 75, C4, 6A, FF, FF, 35, 74, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!FreeEnvironmentStringsA + 127 7C81D7FE 133 Bytes [ C0, 57, 8B, 7D, 08, 89, 7D, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!CreatePipe + 5D 7C81D884 8 Bytes [ 6A, 02, FF, 75, DC, FF, 75, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!CreatePipe + 66 7C81D88D 29 Bytes [ D6, 8B, F8, 85, FF, 0F, 8D, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!CreatePipe + 84 7C81D8AB 48 Bytes [ 75, E0, 8B, 40, 30, FF, 35, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!CreatePipe + B5 7C81D8DC 21 Bytes [ F8, FF, 75, E4, FF, 15, 3C, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!CreatePipe + CB 7C81D8F2 9 Bytes [ 37, 5E, 01, 00, 80, 7D, EB, ... ]
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!WritePrivateProfileStringW + 10 7C81EE44 45 Bytes [ FC, 83, 25, 7C, 58, 88, 7C, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!WritePrivateProfileStringW + 3F 7C81EE73 4 Bytes JMP 7C81A585 C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!WritePrivateProfileStringW + 44 7C81EE78 1 Byte [ FF ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!WritePrivateProfileStringW + 48 7C81EE7C 17 Bytes [ 18, 00, 00, 00, 00, 00, 00, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!WritePrivateProfileStringW + 5B 7C81EE8F 20 Bytes [ 00, 00, 00, 00, 00, 9C, 00, ... ]
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!TermsrvAppInstallMode + E 7C81EFC4 15 Bytes [ 74, 00, 69, 00, 6F, 00, 6E, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!TermsrvAppInstallMode + 1E 7C81EFD4 9 Bytes [ D8, DF, 81, 7C, 5C, 00, 52, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!TermsrvAppInstallMode + 28 7C81EFDE 25 Bytes [ 67, 00, 69, 00, 73, 00, 74, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!TermsrvAppInstallMode + 42 7C81EFF8 5 Bytes [ 65, 00, 5C, 00, 53 ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!TermsrvAppInstallMode + 48 7C81EFFE 47 Bytes [ 6F, 00, 66, 00, 74, 00, 77, ... ]
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetShortPathNameW + 4 7C81F25A 57 Bytes [ 6E, 00, 61, 00, 62, 00, 6C, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetShortPathNameW + 3E 7C81F294 42 Bytes CALL 7C81F346 C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetShortPathNameW + 69 7C81F2BF 59 Bytes [ 5D, BD, 00, 00, 8B, 06, 83, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetShortPathNameW + A5 7C81F2FB 41 Bytes [ 06, 83, F8, 02, 0F, 84, 9A, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetShortPathNameW + CF 7C81F325 7 Bytes [ C0, 0F, 84, E0, 08, 00, 00 ]
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!MoveFileWithProgressW + 17 7C81F72D 34 Bytes [ FF, 70, 24, 8D, 45, EC, 50, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!MoveFileWithProgressW + 3A 7C81F750 30 Bytes [ FC, 7C, 03, 89, 45, FC, 89, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!MoveFileWithProgressW + 59 7C81F76F 22 Bytes [ FC, 5E, 5B, C9, C2, 04, 00, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!MoveFileWithProgressW + 70 7C81F786 10 Bytes [ 75, 08, 57, 6A, 01, 56, E8, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!MoveFileWithProgressW + 7B 7C81F791 103 Bytes [ BF, 05, 01, 00, 00, 3B, C7, ... ]
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GlobalMemoryStatusEx + 6D 7C81F9E7 68 Bytes CALL 7C8107F2 C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GlobalMemoryStatusEx + B2 7C81FA2C 103 Bytes CALL 7C81F877 C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GlobalMemoryStatusEx + 11B 7C81FA95 14 Bytes [ 8B, 40, 04, 80, 38, 20, 0F, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GlobalMemoryStatusEx + 12A 7C81FAA4 179 Bytes [ 00, 00, 00, 66, 8B, 11, 66, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!VerifyVersionInfoW + 4A 7C81FB58 18 Bytes [ 75, 14, 0F, B7, 10, 52, 51, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!VerifyVersionInfoW + 5D 7C81FB6B 25 Bytes JMP 7C810912 C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetVolumeNameForVolumeMountPointW + 15 7C81FB85 21 Bytes [ 00, 00, 85, C0, 0F, 84, 91, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetVolumeNameForVolumeMountPointW + 2B 7C81FB9B 46 Bytes [ 55, 8B, EC, 81, EC, C8, 02, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetVolumeNameForVolumeMountPointW + 5A 7C81FBCA 6 Bytes [ 05, 01, 89, 85, C0, FD ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetVolumeNameForVolumeMountPointW + 62 7C81FBD2 99 Bytes [ 88, 9D, EB, FD, FF, FF, E8, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetVolumeNameForVolumeMountPointW + C6 7C81FC36 3 Bytes [ 34, 08, FF ]
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetModuleHandleExW + C 7C81FCB5 19 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetModuleHandleExW + 20 7C81FCC9 30 Bytes [ 85, C0, 0F, 8C, B3, 00, 00, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetModuleHandleExW + 3F 7C81FCE8 107 Bytes [ 86, 84, 00, 00, 00, 85, C0, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetModuleHandleExW + AB 7C81FD54 27 Bytes [ B6, AC, 00, 00, 00, FF, B6, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetModuleHandleExW + C8 7C81FD71 45 Bytes JMP 7C81FCDF C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!PrivCopyFileExW + 5 7C82004C 16 Bytes [ 75, 06, 8B, 46, 5C, 89, 45, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!PrivCopyFileExW + 16 7C82005D 75 Bytes CALL 4B8B8571
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!PrivCopyFileExW + 62 7C8200A9 29 Bytes [ 4D, F8, 85, DB, 0F, 84, 6A, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!PrivCopyFileExW + 80 7C8200C7 28 Bytes [ 35, D4, 56, 88, 7C, FF, 70, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!PrivCopyFileExW + 9D 7C8200E4 15 Bytes [ 19, 00, 8B, C7, 0F, 85, FE, ... ]
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetComputerNameExW + 1 7C8201DA 75 Bytes [ 4D, 18, 83, C4, 0C, 51, FF, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetComputerNameExW + 4E 7C820227 27 Bytes [ 5D, CD, 01, 00, 83, 3E, 03, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetComputerNameExW + 6A 7C820243 22 Bytes CALL 7C82016E C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetComputerNameExW + 82 7C82025B 50 Bytes [ 68, 48, F5, 81, 7C, E8, 71, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetComputerNameExW + B5 7C82028E 10 Bytes CALL 7C80BC9F C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetVolumePathNamesForVolumeNameW + 2 7C820CFE 68 Bytes [ FF, 0F, 85, 91, 8E, 01, 00, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetVolumePathNamesForVolumeNameW + 47 7C820D43 31 Bytes [ E4, FC, FF, FF, 50, 8D, 85, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetVolumePathNamesForVolumeNameW + 67 7C820D63 19 Bytes JMP 7C819C4A C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetVolumePathNamesForVolumeNameW + 7B 7C820D77 174 Bytes [ 8B, 40, 30, 8B, 40, 10, 89, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetVolumePathNamesForVolumeNameW + 12A 7C820E26 2 Bytes [ 83, C0 ]
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!SetFilePointerEx + 1E 7C82105D 84 Bytes [ 1C, A8, 01, 0F, 85, B6, FF, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!SetFilePointerEx + 73 7C8210B2 74 Bytes [ 82, 7C, 90, 90, 90, 90, 90, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!SetFilePointerEx + BE 7C8210FD 15 Bytes [ 8D, 7E, FF, FF, FF, 66, 89, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!SetFilePointerEx + CE 7C82110D 35 Bytes [ 66, 89, 46, 0E, 8B, 45, 84, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!DeleteTimerQueueTimer + 19 7C821131 23 Bytes CALL 7C80A3FB C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!DeleteTimerQueueTimer + 31 7C821149 42 Bytes CALL 7C80A340 C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!CreateTimerQueueTimer + F 7C821174 10 Bytes CALL 7C831759 C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!CreateTimerQueueTimer + 1B 7C821180 2 Bytes [ 8C, E2 ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!CreateTimerQueueTimer + 1F 7C821184 103 Bytes JMP 7C82F3D2 C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!RegisterWaitForSingleObject + 37 7C8211EC 31 Bytes [ 8D, 3D, FF, FF, FF, 56, 8B, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!RegisterWaitForSingleObject + 57 7C82120C 21 Bytes [ 23, 83, F8, 03, 7F, 1E, FF, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!RegisterWaitForSingleObject + 6D 7C821222 45 Bytes [ D8, 85, DB, 0F, 85, 14, FF, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!MoveFileW + 7 7C821250 18 Bytes [ 82, 7C, 68, 98, 05, 82, 7C, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!MoveFileW + 1A 7C821263 78 Bytes [ 00, 33, C0, 40, 5F, 5E, 5B, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!MoveFileW + 69 7C8212B2 15 Bytes [ 89, 45, FC, 8B, 45, 08, 57, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!MoveFileW + 79 7C8212C2 7 Bytes [ FF, 8B, 4D, 14, 8D, 85, 54 ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!MoveFileW + 81 7C8212CA 31 Bytes [ FF, FF, 50, 89, 8D, 5C, FF, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetSystemWindowsDirectoryA + 11 7C8212EA 8 Bytes [ 89, 85, 4C, FF, FF, FF, 89, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetSystemWindowsDirectoryA + 1B 7C8212F4 52 Bytes [ FF, FF, 8D, 85, 3C, FF, FF, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetSystemWindowsDirectoryA + 50 7C821329 56 Bytes [ FF, 15, 5C, 10, 80, 7C, 85, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetWindowsDirectoryA + 18 7C821363 13 Bytes [ FF, 50, FF, B5, 70, FF, FF, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetWindowsDirectoryA + 26 7C821371 71 Bytes [ 80, 89, 85, 6C, FF, FF, FF, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetWindowsDirectoryA + 6E 7C8213B9 33 Bytes [ FF, 85, FF, 0F, 84, CA, DF, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetWindowsDirectoryA + 90 7C8213DB 12 Bytes [ FF, 66, 83, 24, 01, 00, 8B, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetProfileStringW + 8 7C8213E8 11 Bytes CALL 32811576
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetProfileStringW + 14 7C8213F4 11 Bytes [ FF, 15, 3C, 10, 80, 7C, 80, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetProfileStringW + 20 7C821400 23 Bytes [ 00, 0F, 85, 8D, AA, 01, 00, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetProfileStringW + 38 7C821418 39 Bytes [ C9, C2, 10, 00, 5F, 00, 43, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetExitCodeThread + 23 7C821440 31 Bytes [ 51, 00, 44, 00, 4E, 00, 5F, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetSystemWow64DirectoryA + C 7C821460 35 Bytes [ 45, 00, 54, 00, 57, 00, 4F, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetProfileStringA + 7 7C821484 19 Bytes [ 4C, 00, 55, 00, 53, 00, 54, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetProfileStringA + 1B 7C821498 3 Bytes [ 57, 00, 4F ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetProfileStringA + 1F 7C82149C 9 Bytes [ 52, 00, 4B, 00, 5F, 00, 48, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetProfileStringA + 29 7C8214A6 45 Bytes [ 53, 00, 54, 00, 4E, 00, 41, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetDriveTypeA + 9 7C8214D4 43 Bytes [ 80, 74, 0D, 56, 57, 53, 68, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetDriveTypeA + 35 7C821500 47 Bytes [ 79, 00, 5C, 00, 4D, 00, 61, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetDriveTypeA + 65 7C821530 5 Bytes [ 43, 00, 6F, 00, 6E ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetDriveTypeA + 6B 7C821536 1 Byte [ 74 ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetDriveTypeA + 6D 7C821538 15 Bytes [ 72, 00, 6F, 00, 6C, 00, 53, ... ]
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetComputerNameA + E 7C82169A 1 Byte [ 65 ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetComputerNameA + 10 7C82169C 35 Bytes [ 5C, 00, 50, 00, 6F, 00, 6C, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetComputerNameA + 34 7C8216C0 7 Bytes [ 74, 00, 5C, 00, 53, 00, 79 ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetComputerNameA + 3C 7C8216C8 23 Bytes [ 73, 00, 74, 00, 65, 00, 6D, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetComputerNameA + 54 7C8216E0 90 Bytes [ 6E, 00, 74, 00, 00, 00, 90, ... ]
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetProcessAffinityMask + 24 7C821771 83 Bytes [ 4D, 10, 03, C1, 89, 06, E9, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!CreateDirectoryA + 31 7C8217C5 30 Bytes [ 00, 66, 83, 7D, F8, 0E, 0F, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!SearchPathA + 12 7C8217E4 77 Bytes [ 00, 00, 33, C0, 40, 5F, 5E, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!SearchPathA + 60 7C821832 19 Bytes [ 15, 4C, 11, 80, 7C, 84, C0, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!SearchPathA + 74 7C821846 5 Bytes [ 8B, 8D, E8, FD, FF ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!SearchPathA + 88 7C82185A 67 Bytes [ 30, 66, 83, 85, E4, FD, FF, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!SearchPathA + CC 7C82189E 64 Bytes [ 50, 8D, 85, BC, FD, FF, FF, ... ]
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!OpenFile + 2F 7C821999 20 Bytes [ F3, A5, 8B, C8, 83, E1, 03, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!OpenFile + 45 7C8219AF 88 Bytes CALL BDA69D1A
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!OpenFile + 9F 7C821A09 33 Bytes CALL 08821A0B
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!OpenFile + C2 7C821A2C 6 Bytes [ 8B, 40, 30, 33, F6, 56 ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!OpenFile + C9 7C821A33 76 Bytes [ 70, 18, FF, D3, 64, A1, 18, ... ]
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetVolumeInformationA + 29 7C821BB6 11 Bytes [ 66, 83, 7E, 44, 2D, 0F, 85, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetVolumeInformationA + 35 7C821BC2 17 Bytes [ 83, 7E, 5E, 7D, 0F, 85, AE, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetVolumeInformationA + 47 7C821BD4 94 Bytes [ 02, 00, 66, 83, F9, 3F, 0F, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetVolumeInformationA + A6 7C821C33 10 Bytes [ 64, A1, 18, 00, 00, 00, FF, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetVolumeInformationA + B1 7C821C3E 41 Bytes [ FF, 8B, 40, 30, 6A, 00, FF, ... ]
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!QueryDosDeviceW + 3 7C821D78 54 Bytes [ 66, 83, 78, 08, 56, 0F, 85, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!QueryDosDeviceW + 3A 7C821DAF 9 Bytes [ 66, 83, 78, 12, 65, 0F, 85, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!QueryDosDeviceW + 45 7C821DBA 73 Bytes [ 66, 83, 78, 14, 7B, 0F, 85, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!QueryDosDeviceW + 8F 7C821E04 73 Bytes [ 00, 66, 3B, D6, 0F, 85, 0D, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!QueryDosDeviceW + D9 7C821E4E 67 Bytes JMP 0A818855
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!DefineDosDeviceW + 45 7C821F4B 74 Bytes [ 00, 8B, 4D, 14, 66, 83, 24, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!DefineDosDeviceW + 92 7C821F98 8 Bytes [ FF, 75, 08, 8B, 40, 30, 6A, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!DefineDosDeviceW + 9B 7C821FA1 2 Bytes [ 70, 18 ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!DefineDosDeviceW + 9E 7C821FA4 91 Bytes [ D6, 64, A1, 18, 00, 00, 00, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!DefineDosDeviceW + FA 7C822000 50 Bytes [ 84, 5D, FF, FF, FF, 8B, 0F, ... ]
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetCommTimeouts + 46 7C822156 107 Bytes CALL 7C80A3FC C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetCommTimeouts + B2 7C8221C2 278 Bytes [ 64, A1, 18, 00, 00, 00, 8B, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetCommTimeouts + 1C9 7C8222D9 14 Bytes [ 8B, FF, 55, 8B, EC, 83, EC, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetCommTimeouts + 1D8 7C8222E8 19 Bytes [ 50, FF, 35, 24, 51, 88, 7C, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetCommTimeouts + 1EC 7C8222FC 19 Bytes [ 45, 8B, 45, 0C, 66, 3B, 45, ... ]
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!FreeResource + 4 7C8260AE 4 Bytes [ 88, 7C, 28, 51 ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!FreeResource + A 7C8260B4 3 Bytes [ A7, 04, 88 ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!FreeResource + E 7C8260B8 2 Bytes [ 10, 51 ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!FreeResource + 12 7C8260BC 3 Bytes [ A7, 04, 88 ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!FreeResource + 16 7C8260C0 2 Bytes [ F8, 50 ]
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!CopyFileExW + 45 7C827B5F 299 Bytes [ 90, 53, 65, 74, 75, 70, 47, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!CopyFileExW + 171 7C827C8B 235 Bytes [ 90, 53, 65, 74, 75, 70, 44, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!CopyFileExW + 25D 7C827D77 97 Bytes [ 90, 53, 65, 74, 75, 70, 44, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!CopyFileExW + 2BF 7C827DD9 187 Bytes [ 90, 90, 90, 53, 65, 74, 75, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!CopyFileExW + 37B 7C827E95 137 Bytes [ 90, 90, 90, 53, 65, 74, 75, ... ]
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!CopyFileA + 35 7C82870B 17 Bytes [ 00, 89, B5, B4, FD, FF, FF, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!CopyFileA + 47 7C82871D 44 Bytes [ FF, 53, FF, B5, 98, FD, FF, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!CopyFileA + 74 7C82874A 10 Bytes [ 0F, 84, D4, 56, 00, 00, 39, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!CopyFileA + 80 7C828756 6 Bytes [ 75, 52, C7, 85, E0, FC ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!CopyFileA + 87 7C82875D 13 Bytes [ FF, 01, 00, 00, 00, 8D, 85, ... ]
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!EnumUILanguagesW + E 7C82A8D2 54 Bytes [ FF, 76, 58, FF, D3, 83, C4, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!EnumUILanguagesW + 45 7C82A909 30 Bytes [ B5, 78, FD, FF, FF, FF, D7, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!EnumUILanguagesW + 65 7C82A929 13 Bytes [ 8B, 52, 14, 89, 51, 14, 8B, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!EnumUILanguagesW + 73 7C82A937 27 Bytes [ 8B, 52, 18, 89, 51, 18, 8B, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!EnumUILanguagesW + 8F 7C82A953 96 Bytes [ 8B, 52, 20, 89, 51, 20, 8B, ... ]
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!CreateNlsSecurityDescriptor + 5D 7C82ACB1 72 Bytes CALL 7C80A791 C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!CreateNlsSecurityDescriptor + A6 7C82ACFA 8 Bytes [ 69, 00, 66, 00, 00, 00, FF, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!CreateNlsSecurityDescriptor + AF 7C82AD03 24 Bytes [ FF, 00, 00, 00, 00, 7B, 9B, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!CreateNlsSecurityDescriptor + C8 7C82AD1C 36 Bytes [ 64, A1, 18, 00, 00, 00, 89, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!CreateNlsSecurityDescriptor + ED 7C82AD41 21 Bytes JMP 7C819E9D C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!OpenDataFile + 3D 7C82ADBD 9 Bytes [ 00, 8B, 45, C4, 3B, C7, 0F, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!OpenDataFile + 47 7C82ADC7 104 Bytes [ 00, 00, 66, 39, 38, 0F, 84, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!OpenDataFile + B1 7C82AE31 93 Bytes CALL F0E0AFDE
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!OpenDataFile + 10F 7C82AE8F 25 Bytes [ 89, 43, 28, 5F, 5B, C9, C2, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!OpenDataFile + 12A 7C82AEAA 7 Bytes [ 90, 90, 68, 00, 6F, 00, 74 ]
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!QueryInformationJobObject + 17 7C82AFC8 27 Bytes [ 0F, 85, 67, F3, 00, 00, 50, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!QueryInformationJobObject + 33 7C82AFE4 12 Bytes [ B6, A4, 00, 00, 00, 8D, 46, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!QueryInformationJobObject + 40 7C82AFF1 13 Bytes [ 00, 00, FF, 15, 7C, 10, 80, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!QueryInformationJobObject + 4E 7C82AFFF 112 Bytes [ FF, FF, C7, 45, FC, 01, 00, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!RegisterWaitForSingleObjectEx + 2 7C82B070 53 Bytes [ FF, 66, 8B, 0B, 66, 83, F9, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!RegisterWaitForSingleObjectEx + 38 7C82B0A6 43 Bytes [ 34, 8B, 7E, 64, 3B, DF, 8B, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!RegisterWaitForSingleObjectEx + 64 7C82B0D2 2 Bytes [ 90, 40 ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!RegisterWaitForSingleObjectEx + 67 7C82B0D5 4 Bytes [ 3B, C7, 72, E3 ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!RegisterWaitForSingleObjectEx + 6C 7C82B0DA 57 Bytes [ E7, 85, D2, 0F, 84, 83, 16, ... ]
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!VirtualLock + 2F 7C82B156 71 Bytes [ 89, 86, AC, 00, 00, 00, 0F, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!VirtualLock + 77 7C82B19E 88 Bytes [ 00, 00, 00, 2B, C8, 83, 7D, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!VirtualLock + D0 7C82B1F7 15 Bytes [ 66, 8B, 08, 0F, B7, D2, 4A, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!VirtualLock + E0 7C82B207 2 Bytes [ B4, 48 ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!VirtualLock + E4 7C82B20B 30 Bytes [ 66, 83, F9, 22, 0F, 85, 95, ... ]
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!SetTimerQueueTimer + 51 7C82B2A7 1 Byte [ 85 ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!SetTimerQueueTimer + 53 7C82B2A9 102 Bytes [ 0F, 8D, 1F, 7E, FE, FF, E9, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!SetTimerQueueTimer + BA 7C82B310 7 Bytes [ 85, C0, 0F, 84, 50, 3E, 02 ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!SetTimerQueueTimer + C2 7C82B318 171 Bytes [ 56, FF, 15, 8C, 11, 80, 7C, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!BaseInitAppcompatCacheSupport + 4F 7C82B3C4 15 Bytes [ 00, 81, FA, 0D, 10, 00, 00, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!BaseInitAppcompatCacheSupport + 5F 7C82B3D4 11 Bytes [ 10, 00, 00, 0F, 84, 66, 07, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!BaseInitAppcompatCacheSupport + 6B 7C82B3E0 68 Bytes [ 10, 00, 00, 0F, 84, 4F, 07, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!BaseInitAppcompatCacheSupport + B1 7C82B426 19 Bytes [ 66, 89, 81, 20, 03, 00, 00, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!BaseInitAppcompatCacheSupport + C5 7C82B43A 20 Bytes [ 00, 66, 89, 81, 00, 05, 00, ... ]
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!ReadFileEx + 1D 7C82BD10 36 Bytes CALL 7C80A78F C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!ReadFileEx + 43 7C82BD36 17 Bytes [ 0C, 56, 8B, 75, 10, 6A, 0C, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!ReadFileEx + 55 7C82BD48 41 Bytes [ 00, 01, 00, 89, 85, 68, FF, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!ReadFileEx + 7F 7C82BD72 9 Bytes CALL 7C80A792 C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!ReadFileEx + 89 7C82BD7C 128 Bytes [ 90, 90, 90, 90, 8B, FF, 55, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetHandleInformation + 51 7C82BDFE 106 Bytes [ 5F, 5E, C9, C2, 08, 00, 90, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetHandleInformation + BC 7C82BE69 22 Bytes [ 15, 40, 10, 80, 7C, 6A, 00, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetHandleInformation + D3 7C82BE80 67 Bytes [ 4D, FC, F6, D8, 5F, 5E, 1B, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetHandleInformation + 117 7C82BEC4 32 Bytes [ 8D, 46, 14, 39, 46, 04, 0F, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetHandleInformation + 139 7C82BEE6 8 Bytes [ 15, AC, 13, 80, 7C, 64, A1, ... ]
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!AddRefActCtx + 23 7C82BF1C 168 Bytes [ 15, 84, 13, 80, 7C, 89, 45, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!AddRefActCtx + CC 7C82BFC5 8 Bytes [ A6, 01, 00, 83, FF, 30, 8D, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!CreateTimerQueue 7C82BFCE 82 Bytes [ 0F, 85, EB, A6, 01, 00, 53, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!UnregisterWait + 31 7C82C021 21 Bytes [ F3, A5, 8B, C8, 83, E1, 03, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!BindIoCompletionCallback + 13 7C82C037 37 Bytes [ 80, 00, 00, EB, D8, C7, 45, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!PulseEvent + 7 7C82C05D 59 Bytes [ 00, EB, B4, 83, 7D, 14, 30, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!QueueUserAPC + 1F 7C82C099 57 Bytes [ 00, 10, 83, F8, 03, 0F, 84, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!QueueUserAPC + 5A 7C82C0D4 26 Bytes [ 40, 10, 8B, 70, 20, EB, B9, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!QueueUserAPC + 75 7C82C0EF 37 Bytes JMP 7C83299A C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!QueueUserAPC + 9B 7C82C115 12 Bytes [ 70, 18, FF, 15, 10, 10, 80, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!QueueUserAPC + A8 7C82C122 92 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!DosPathToSessionPathW + C 7C82C1EB 22 Bytes [ FF, 50, 68, 98, A5, 82, 7C, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!DosPathToSessionPathW + 23 7C82C202 1 Byte [ F4 ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!DosPathToSessionPathW + 25 7C82C204 50 Bytes [ FF, 8D, 85, DC, FD, FF, FF, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!DosPathToSessionPathW + 58 7C82C237 7 Bytes JMP 7C84DACA C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!DosPathToSessionPathW + 60 7C82C23F 75 Bytes [ 08, FF, 75, 1C, 57, FF, 75, ... ]
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!SetPriorityClass + 24 7C82C354 3 Bytes [ 5C, B3, 01 ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!SetPriorityClass + 28 7C82C358 30 Bytes [ 85, F6, 7E, 0A, 8D, 7A, 10, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!SetPriorityClass + 47 7C82C377 204 Bytes [ 55, 8B, EC, 83, EC, 24, A1, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GlobalGetAtomNameW + 8E 7C82C444 37 Bytes [ 11, 80, 7C, 85, C0, 0F, 8C, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GlobalGetAtomNameW + B5 7C82C46B 16 Bytes [ 3B, C3, A3, E0, 57, 88, 7C, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GlobalGetAtomNameW + C6 7C82C47C 22 Bytes [ 3D, 02, 01, 00, 00, 0F, 84, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GlobalGetAtomNameW + DD 7C82C493 22 Bytes [ 00, 56, 53, 6A, 04, 8D, 45, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GlobalGetAtomNameW + F4 7C82C4AA 12 Bytes CALL 7C831757 C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!WaitNamedPipeW + 1D 7C82C679 2 Bytes [ 00, C7 ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!WaitNamedPipeW + 20 7C82C67C 81 Bytes [ D0, 40, 00, 00, 00, FF, 15, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!WaitNamedPipeW + 72 7C82C6CE 83 Bytes [ 65, 00, 74, 00, 77, 00, 6F, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!WaitNamedPipeW + C6 7C82C722 9 Bytes [ 52, 00, 65, 00, 67, 00, 69, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!WaitNamedPipeW + D0 7C82C72C 9 Bytes [ 74, 00, 72, 00, 79, 00, 5C, ... ]
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!CloseProfileUserMapping + 1 7C82C866 3 Bytes [ B7, F4, FF ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!CloseProfileUserMapping + 5 7C82C86A 124 Bytes [ 3B, C6, 0F, 8D, 72, C1, FE, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!SetProcessShutdownParameters + 2 7C82C8E7 26 Bytes [ FF, FF, 8D, 85, 7C, FF, FF, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!SetProcessShutdownParameters + 1E 7C82C903 32 Bytes [ FF, 50, C7, 85, 60, FF, FF, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!SetProcessShutdownParameters + 40 7C82C925 111 Bytes [ 8B, F0, FF, 15, 3C, 10, 80, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!SetProcessShutdownParameters + B0 7C82C995 54 Bytes [ 15, 14, 11, 80, 7C, 8B, F8, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!SetProcessShutdownParameters + E7 7C82C9CC 18 Bytes CALL 8D8ADFD0
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!OpenSemaphoreA + 19 7C82CA58 10 Bytes [ 50, FF, 15, 48, 14, 80, 7C, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!OpenSemaphoreA + 24 7C82CA63 1 Byte [ FF ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!OpenSemaphoreA + 26 7C82CA65 23 Bytes [ 3B, C3, 0F, 8D, F1, E4, FE, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!OpenSemaphoreA + 3E 7C82CA7D 138 Bytes [ 28, 66, 83, 26, 00, 8B, 07, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!CreateJobObjectW + D 7C82CB08 88 Bytes [ B7, 06, 8B, 4E, 04, D1, E8, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!CreateJobObjectW + 66 7C82CB61 60 Bytes JMP 7C81FEE7 C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!CreateJobObjectW + A3 7C82CB9E 170 Bytes [ 75, 14, 85, F6, 89, 45, FC, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!CancelWaitableTimer + 48 7C82CC49 26 Bytes [ 81, 1F, 00, 00, 8D, 45, E8, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!CancelWaitableTimer + 63 7C82CC64 24 Bytes CALL E75F4268
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!CancelWaitableTimer + 7C 7C82CC7D 9 Bytes [ 15, 3C, 10, 80, 7C, 3B, F3, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!CreateMailslotA + 4 7C82CC87 127 Bytes [ 45, E0, F6, 40, 0C, 01, 0F, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!CreateMailslotW + 33 7C82CD07 78 Bytes [ 75, 14, 8B, 4E, 08, 89, 4D, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!CreateMailslotW + 82 7C82CD56 198 Bytes [ 15, 9C, 11, 80, 7C, 8B, F0, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!SetMailslotInfo + 4D 7C82CE1D 67 Bytes [ 8B, 41, 10, 8B, 40, 1C, EB, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!SetMailslotInfo + 91 7C82CE61 7 Bytes [ FF, EB, DE, 89, BD, 24, F8 ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!SetMailslotInfo + 9A 7C82CE6A 5 Bytes [ C6, 85, EA, F8, FF ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!SetMailslotInfo + A0 7C82CE70 1 Byte [ 01 ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!SetMailslotInfo + A2 7C82CE72 28 Bytes [ FE, 33, 00, 00, 2B, C2, C7, ... ]
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!DnsHostnameToComputerNameW + 32 7C82CEDC 165 Bytes [ 45, 08, 3B, C6, 0F, 85, 4F, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!FindVolumeClose + 2A 7C82CF82 113 Bytes [ 15, AC, 12, 80, 7C, 89, 45, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!FindNextVolumeW + 61 7C82CFF4 42 Bytes [ EC, 83, 7D, 08, 00, 0F, 84, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!FindNextVolumeW + 8C 7C82D01F 65 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!FindNextVolumeW + CE 7C82D061 87 Bytes [ 15, A4, 14, 80, 7C, 85, C0, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!FindNextVolumeW + 126 7C82D0B9 66 Bytes [ 75, 10, FF, 75, 08, 68, DE, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!FindNextVolumeW + 169 7C82D0FC 21 Bytes [ D8, AB, AB, AB, 8B, 45, 10, ... ]
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!FindFirstVolumeW + 55 7C82D2FC 53 Bytes [ F8, 8B, 4D, F4, 8A, C3, 04, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!FindFirstVolumeW + 8B 7C82D332 64 Bytes [ 55, 8B, EC, 8B, 45, 0C, 53, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetSystemTimeAdjustment + C 7C82D373 75 Bytes [ 50, 6A, 12, FF, 75, 08, C6, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetSystemTimeAdjustment + 58 7C82D3BF 72 Bytes [ 75, 0C, FF, 75, 08, 6A, 01, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetSystemTimeAdjustment + A1 7C82D408 59 Bytes [ 75, 10, FF, 15, 70, 11, 80, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetSystemTimeAdjustment + DD 7C82D444 15 Bytes JMP 7C8341A5 C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetSystemTimeAdjustment + ED 7C82D454 2 Bytes [ 85, 04 ]
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!SetConsoleTitleW + 10 7C82D9C5 6 Bytes [ 00, 80, E9, 22, 28, FE ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!SetConsoleTitleW + 17 7C82D9CC 19 Bytes [ C7, 45, 0C, F0, FF, FF, FF, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!SetConsoleTitleW + 2B 7C82D9E0 16 Bytes JMP 7C82DB57 C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!SetConsoleTitleW + 3C 7C82D9F1 49 Bytes [ 15, 40, 10, 80, 7C, 8D, 45, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!SetConsoleTitleW + 6E 7C82DA23 64 Bytes [ C7, F7, D8, 1B, C0, E9, 24, ... ]
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!WriteFileGather + E 7C82DDAB 8 Bytes [ 70, 18, FF, 15, 10, 10, 80, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!WriteFileGather + 17 7C82DDB4 19 Bytes [ F7, 0F, 8C, 1D, 3C, 01, 00, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!WriteFileGather + 2B 7C82DDC8 8 Bytes [ C0, EB, D2, 90, 90, 90, 90, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!WriteFileGather + 34 7C82DDD1 87 Bytes [ FF, 55, 8B, EC, 83, EC, 10, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!WriteFileGather + 8C 7C82DE29 24 Bytes [ 3D, 22, 05, 00, 00, 0F, 84, ... ]
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!ReadFileScatter + 4B 7C82DE94 97 Bytes [ FF, 40, 0F, 85, C0, 29, 01, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!ReadFileScatter + AD 7C82DEF6 87 Bytes [ 00, 00, 3B, C7, 0F, 8C, 91, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!ReadFileScatter + 105 7C82DF4E 21 Bytes [ 25, 74, 10, 80, 7C, 90, 90, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!ReadFileScatter + 11B 7C82DF64 10 Bytes [ 75, 08, 8B, 40, 30, 6A, 00, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!ReadFileScatter + 126 7C82DF6F 28 Bytes [ 15, 10, 10, 80, 7C, 33, C0, ... ]
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!EnumResourceLanguagesA + 24 7C82E01C 144 Bytes [ 83, 23, 00, 33, C0, 40, 5F, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!EnumResourceLanguagesA + B5 7C82E0AD 23 Bytes [ FF, 66, 83, 78, 14, 7B, 0F, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!EnumResourceLanguagesA + CD 7C82E0C5 50 Bytes [ FF, 66, 39, 50, 30, 0F, 85, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!EnumResourceLanguagesA + 100 7C82E0F8 10 Bytes [ FF, 66, 83, 7D, F8, 3F, 0F, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!EnumResourceLanguagesA + 10C 7C82E104 27 Bytes [ 66, 8B, 41, 14, 8B, 5D, FC, ... ]
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!SetHandleInformation + B 7C82E18F 58 Bytes [ 66, 83, 78, 0C, 6C, 0F, 85, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!SetHandleInformation + 46 7C82E1CA 41 Bytes [