by strelok31 » November 6th, 2010, 10:15 pm
Part 5
[2540]ccApp.exe-->kernel32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77E01074-->00000000 [unknown_code_page]
[2540]ccApp.exe-->kernel32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77E014BC-->00000000 [unknown_code_page]
[2540]ccApp.exe-->mswsock.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x6C9410B8-->00000000 [unknown_code_page]
[2540]ccApp.exe-->mswsock.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x6C94111C-->00000000 [unknown_code_page]
[2540]ccApp.exe-->ntdll.dll+0x0004A2E4, Type: Inline - RelativeCall 0x7718A2E4-->00000000 [unknown_code_page]
[2540]ccApp.exe-->ntdll.dll+0x0004A33C, Type: Inline - RelativeJump 0x7718A33C-->00000000 [ntdll.dll]
[2540]ccApp.exe-->ntdll.dll+0x0004A6D8, Type: Inline - RelativeJump 0x7718A6D8-->00000000 [ntdll.dll]
[2540]ccApp.exe-->ntdll.dll+0x0004B498, Type: Inline - RelativeCall 0x7718B498-->00000000 [unknown_code_page]
[2540]ccApp.exe-->ntdll.dll+0x0004B4F0, Type: Inline - RelativeJump 0x7718B4F0-->00000000 [ntdll.dll]
[2540]ccApp.exe-->ntdll.dll+0x0004B884, Type: Inline - RelativeJump 0x7718B884-->00000000 [ntdll.dll]
[2540]ccApp.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x77197F48-->00000000 [unknown_code_page]
[2540]ccApp.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7719800D-->00000000 [sysfer.dll]
[2540]ccApp.exe-->ntdll.dll-->NtCreateKey, Type: Inline - RelativeJump 0x7719804D-->00000000 [sysfer.dll]
[2540]ccApp.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - DirectJump 0x771980C8-->00000000 [unknown_code_page]
[2540]ccApp.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - DirectJump 0x771980D8-->00000000 [unknown_code_page]
[2540]ccApp.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x771980F8-->00000000 [unknown_code_page]
[2540]ccApp.exe-->ntdll.dll-->NtCreateUserProcess, Type: Inline - RelativeJump 0x7719943D-->00000000 [sysfer.dll]
[2540]ccApp.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x771983ED-->00000000 [sysfer.dll]
[2540]ccApp.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x771983F8-->00000000 [unknown_code_page]
[2540]ccApp.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - RelativeJump 0x7719842D-->00000000 [sysfer.dll]
[2540]ccApp.exe-->ntdll.dll-->NtMapViewOfSection, Type: Inline - RelativeJump 0x7719875D-->00000000 [sysfer.dll]
[2540]ccApp.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x771987ED-->00000000 [sysfer.dll]
[2540]ccApp.exe-->ntdll.dll-->NtOpenKey, Type: Inline - RelativeJump 0x7719881D-->00000000 [sysfer.dll]
[2540]ccApp.exe-->ntdll.dll-->NtRenameKey, Type: Inline - RelativeJump 0x77198CFD-->00000000 [sysfer.dll]
[2540]ccApp.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - RelativeJump 0x77198F1D-->00000000 [sysfer.dll]
[2540]ccApp.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - RelativeJump 0x7719908D-->00000000 [sysfer.dll]
[2540]ccApp.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - RelativeJump 0x7719912D-->00000000 [sysfer.dll]
[2540]ccApp.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x77199278-->00000000 [unknown_code_page]
[2540]ccApp.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x77199288-->00000000 [unknown_code_page]
[2540]ccApp.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x771992A8-->00000000 [unknown_code_page]
[2540]ccApp.exe-->shell32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x080E2260-->00000000 [unknown_code_page]
[2540]ccApp.exe-->shell32.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x080E2278-->00000000 [unknown_code_page]
[2540]ccApp.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x772D13E2-->00000000 [unknown_code_page]
[2540]ccApp.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x772EA981-->00000000 [unknown_code_page]
[2540]ccApp.exe-->user32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77D510BC-->00000000 [unknown_code_page]
[2540]ccApp.exe-->user32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77D510C4-->00000000 [unknown_code_page]
[2540]ccApp.exe-->user32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77D510C0-->00000000 [unknown_code_page]
[2540]ccApp.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x772AB5F5-->00000000 [unknown_code_page]
[2540]ccApp.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x772B21FE-->00000000 [unknown_code_page]
[2540]ccApp.exe-->ws2_32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x4B0D1284-->00000000 [unknown_code_page]
[2592]iTunesHelper.exe-->advapi32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77C81150-->00000000 [unknown_code_page]
[2592]iTunesHelper.exe-->advapi32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77C811E4-->00000000 [unknown_code_page]
[2592]iTunesHelper.exe-->advapi32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77C81094-->00000000 [unknown_code_page]
[2592]iTunesHelper.exe-->advapi32.dll-->ntdll.dll-->NtRenameKey, Type: IAT modification 0x77C81088-->00000000 [unknown_code_page]
[2592]iTunesHelper.exe-->advapi32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77C811E0-->00000000 [unknown_code_page]
[2592]iTunesHelper.exe-->advapi32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77C81284-->00000000 [unknown_code_page]
[2592]iTunesHelper.exe-->kernel32.dll-->ntdll.dll-->LdrLoadDll, Type: IAT modification 0x77E0144C-->00000000 [unknown_code_page]
[2592]iTunesHelper.exe-->kernel32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77E01018-->00000000 [unknown_code_page]
[2592]iTunesHelper.exe-->kernel32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77E01078-->00000000 [unknown_code_page]
[2592]iTunesHelper.exe-->kernel32.dll-->ntdll.dll-->NtCreateUserProcess, Type: IAT modification 0x77E014F8-->00000000 [unknown_code_page]
[2592]iTunesHelper.exe-->kernel32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77E011D4-->00000000 [unknown_code_page]
[2592]iTunesHelper.exe-->kernel32.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x77E01048-->00000000 [unknown_code_page]
[2592]iTunesHelper.exe-->kernel32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77E01074-->00000000 [unknown_code_page]
[2592]iTunesHelper.exe-->kernel32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77E014BC-->00000000 [unknown_code_page]
[2592]iTunesHelper.exe-->mswsock.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x6C9410B8-->00000000 [unknown_code_page]
[2592]iTunesHelper.exe-->mswsock.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x6C94111C-->00000000 [unknown_code_page]
[2592]iTunesHelper.exe-->ntdll.dll+0x0004A2E4, Type: Inline - RelativeCall 0x7718A2E4-->00000000 [unknown_code_page]
[2592]iTunesHelper.exe-->ntdll.dll+0x0004A33C, Type: Inline - RelativeJump 0x7718A33C-->00000000 [ntdll.dll]
[2592]iTunesHelper.exe-->ntdll.dll+0x0004A6D8, Type: Inline - RelativeJump 0x7718A6D8-->00000000 [ntdll.dll]
[2592]iTunesHelper.exe-->ntdll.dll+0x0004B498, Type: Inline - RelativeCall 0x7718B498-->00000000 [unknown_code_page]
[2592]iTunesHelper.exe-->ntdll.dll+0x0004B4F0, Type: Inline - RelativeJump 0x7718B4F0-->00000000 [ntdll.dll]
[2592]iTunesHelper.exe-->ntdll.dll+0x0004B884, Type: Inline - RelativeJump 0x7718B884-->00000000 [ntdll.dll]
[2592]iTunesHelper.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x77197F48-->00000000 [unknown_code_page]
[2592]iTunesHelper.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7719800D-->00000000 [sysfer.dll]
[2592]iTunesHelper.exe-->ntdll.dll-->NtCreateKey, Type: Inline - RelativeJump 0x7719804D-->00000000 [sysfer.dll]
[2592]iTunesHelper.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - DirectJump 0x771980C8-->00000000 [unknown_code_page]
[2592]iTunesHelper.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - DirectJump 0x771980D8-->00000000 [unknown_code_page]
[2592]iTunesHelper.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x771980F8-->00000000 [unknown_code_page]
[2592]iTunesHelper.exe-->ntdll.dll-->NtCreateUserProcess, Type: Inline - RelativeJump 0x7719943D-->00000000 [sysfer.dll]
[2592]iTunesHelper.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x771983ED-->00000000 [sysfer.dll]
[2592]iTunesHelper.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x771983F8-->00000000 [unknown_code_page]
[2592]iTunesHelper.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - RelativeJump 0x7719842D-->00000000 [sysfer.dll]
[2592]iTunesHelper.exe-->ntdll.dll-->NtMapViewOfSection, Type: Inline - RelativeJump 0x7719875D-->00000000 [sysfer.dll]
[2592]iTunesHelper.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x771987ED-->00000000 [sysfer.dll]
[2592]iTunesHelper.exe-->ntdll.dll-->NtOpenKey, Type: Inline - RelativeJump 0x7719881D-->00000000 [sysfer.dll]
[2592]iTunesHelper.exe-->ntdll.dll-->NtRenameKey, Type: Inline - RelativeJump 0x77198CFD-->00000000 [sysfer.dll]
[2592]iTunesHelper.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - RelativeJump 0x77198F1D-->00000000 [sysfer.dll]
[2592]iTunesHelper.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - RelativeJump 0x7719908D-->00000000 [sysfer.dll]
[2592]iTunesHelper.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - RelativeJump 0x7719912D-->00000000 [sysfer.dll]
[2592]iTunesHelper.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x77199278-->00000000 [unknown_code_page]
[2592]iTunesHelper.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x77199288-->00000000 [unknown_code_page]
[2592]iTunesHelper.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x771992A8-->00000000 [unknown_code_page]
[2592]iTunesHelper.exe-->shell32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x080E2260-->00000000 [unknown_code_page]
[2592]iTunesHelper.exe-->shell32.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x080E2278-->00000000 [unknown_code_page]
[2592]iTunesHelper.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x772D13E2-->00000000 [unknown_code_page]
[2592]iTunesHelper.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x772EA981-->00000000 [unknown_code_page]
[2592]iTunesHelper.exe-->user32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77D510BC-->00000000 [unknown_code_page]
[2592]iTunesHelper.exe-->user32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77D510C4-->00000000 [unknown_code_page]
[2592]iTunesHelper.exe-->user32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77D510C0-->00000000 [unknown_code_page]
[2592]iTunesHelper.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x772AB5F5-->00000000 [unknown_code_page]
[2592]iTunesHelper.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x772B21FE-->00000000 [unknown_code_page]
[2592]iTunesHelper.exe-->ws2_32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x4B0D1284-->00000000 [unknown_code_page]
[2608]AdobeARM.exe-->advapi32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77C81150-->00000000 [unknown_code_page]
[2608]AdobeARM.exe-->advapi32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77C811E4-->00000000 [unknown_code_page]
[2608]AdobeARM.exe-->advapi32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77C81094-->00000000 [unknown_code_page]
[2608]AdobeARM.exe-->advapi32.dll-->ntdll.dll-->NtRenameKey, Type: IAT modification 0x77C81088-->00000000 [unknown_code_page]
[2608]AdobeARM.exe-->advapi32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77C811E0-->00000000 [unknown_code_page]
[2608]AdobeARM.exe-->advapi32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77C81284-->00000000 [unknown_code_page]
[2608]AdobeARM.exe-->kernel32.dll-->ntdll.dll-->LdrLoadDll, Type: IAT modification 0x77E0144C-->00000000 [unknown_code_page]
[2608]AdobeARM.exe-->kernel32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77E01018-->00000000 [unknown_code_page]
[2608]AdobeARM.exe-->kernel32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77E01078-->00000000 [unknown_code_page]
[2608]AdobeARM.exe-->kernel32.dll-->ntdll.dll-->NtCreateUserProcess, Type: IAT modification 0x77E014F8-->00000000 [unknown_code_page]
[2608]AdobeARM.exe-->kernel32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77E011D4-->00000000 [unknown_code_page]
[2608]AdobeARM.exe-->kernel32.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x77E01048-->00000000 [unknown_code_page]
[2608]AdobeARM.exe-->kernel32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77E01074-->00000000 [unknown_code_page]
[2608]AdobeARM.exe-->kernel32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77E014BC-->00000000 [unknown_code_page]
[2608]AdobeARM.exe-->mswsock.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x6C9410B8-->00000000 [unknown_code_page]
[2608]AdobeARM.exe-->mswsock.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x6C94111C-->00000000 [unknown_code_page]
[2608]AdobeARM.exe-->ntdll.dll+0x0004A2E4, Type: Inline - RelativeCall 0x7718A2E4-->00000000 [unknown_code_page]
[2608]AdobeARM.exe-->ntdll.dll+0x0004A33C, Type: Inline - RelativeJump 0x7718A33C-->00000000 [ntdll.dll]
[2608]AdobeARM.exe-->ntdll.dll+0x0004A6D8, Type: Inline - RelativeJump 0x7718A6D8-->00000000 [ntdll.dll]
[2608]AdobeARM.exe-->ntdll.dll+0x0004B498, Type: Inline - RelativeCall 0x7718B498-->00000000 [unknown_code_page]
[2608]AdobeARM.exe-->ntdll.dll+0x0004B4F0, Type: Inline - RelativeJump 0x7718B4F0-->00000000 [ntdll.dll]
[2608]AdobeARM.exe-->ntdll.dll+0x0004B884, Type: Inline - RelativeJump 0x7718B884-->00000000 [ntdll.dll]
[2608]AdobeARM.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x77197F48-->00000000 [unknown_code_page]
[2608]AdobeARM.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7719800D-->00000000 [sysfer.dll]
[2608]AdobeARM.exe-->ntdll.dll-->NtCreateKey, Type: Inline - RelativeJump 0x7719804D-->00000000 [sysfer.dll]
[2608]AdobeARM.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - DirectJump 0x771980C8-->00000000 [unknown_code_page]
[2608]AdobeARM.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - DirectJump 0x771980D8-->00000000 [unknown_code_page]
[2608]AdobeARM.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x771980F8-->00000000 [unknown_code_page]
[2608]AdobeARM.exe-->ntdll.dll-->NtCreateUserProcess, Type: Inline - RelativeJump 0x7719943D-->00000000 [sysfer.dll]
[2608]AdobeARM.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x771983ED-->00000000 [sysfer.dll]
[2608]AdobeARM.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x771983F8-->00000000 [unknown_code_page]
[2608]AdobeARM.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - RelativeJump 0x7719842D-->00000000 [sysfer.dll]
[2608]AdobeARM.exe-->ntdll.dll-->NtMapViewOfSection, Type: Inline - RelativeJump 0x7719875D-->00000000 [sysfer.dll]
[2608]AdobeARM.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x771987ED-->00000000 [sysfer.dll]
[2608]AdobeARM.exe-->ntdll.dll-->NtOpenKey, Type: Inline - RelativeJump 0x7719881D-->00000000 [sysfer.dll]
[2608]AdobeARM.exe-->ntdll.dll-->NtRenameKey, Type: Inline - RelativeJump 0x77198CFD-->00000000 [sysfer.dll]
[2608]AdobeARM.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - RelativeJump 0x77198F1D-->00000000 [sysfer.dll]
[2608]AdobeARM.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - RelativeJump 0x7719908D-->00000000 [sysfer.dll]
[2608]AdobeARM.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - RelativeJump 0x7719912D-->00000000 [sysfer.dll]
[2608]AdobeARM.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x77199278-->00000000 [unknown_code_page]
[2608]AdobeARM.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x77199288-->00000000 [unknown_code_page]
[2608]AdobeARM.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x771992A8-->00000000 [unknown_code_page]
[2608]AdobeARM.exe-->shell32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x080E2260-->00000000 [unknown_code_page]
[2608]AdobeARM.exe-->shell32.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x080E2278-->00000000 [unknown_code_page]
[2608]AdobeARM.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x772D13E2-->00000000 [unknown_code_page]
[2608]AdobeARM.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x772EA981-->00000000 [unknown_code_page]
[2608]AdobeARM.exe-->user32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77D510BC-->00000000 [unknown_code_page]
[2608]AdobeARM.exe-->user32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77D510C4-->00000000 [unknown_code_page]
[2608]AdobeARM.exe-->user32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77D510C0-->00000000 [unknown_code_page]
[2608]AdobeARM.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x772AB5F5-->00000000 [unknown_code_page]
[2608]AdobeARM.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x772B21FE-->00000000 [unknown_code_page]
[2608]AdobeARM.exe-->ws2_32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x4B0D1284-->00000000 [unknown_code_page]
[2688]pctsTray.exe-->kernel32.dll+0x000446E2, Type: Inline - RelativeJump 0x76BC46E2-->00000000 [kernel32.dll]
[2688]pctsTray.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7719800D-->00000000 [sysfer.dll]
[2688]pctsTray.exe-->ntdll.dll-->NtCreateKey, Type: Inline - RelativeJump 0x7719804D-->00000000 [sysfer.dll]
[2688]pctsTray.exe-->ntdll.dll-->NtCreateUserProcess, Type: Inline - RelativeJump 0x7719943D-->00000000 [sysfer.dll]
[2688]pctsTray.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x771983ED-->00000000 [sysfer.dll]
[2688]pctsTray.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - RelativeJump 0x7719842D-->00000000 [sysfer.dll]
[2688]pctsTray.exe-->ntdll.dll-->NtMapViewOfSection, Type: Inline - RelativeJump 0x7719875D-->00000000 [sysfer.dll]
[2688]pctsTray.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x771987ED-->00000000 [sysfer.dll]
[2688]pctsTray.exe-->ntdll.dll-->NtOpenKey, Type: Inline - RelativeJump 0x7719881D-->00000000 [sysfer.dll]
[2688]pctsTray.exe-->ntdll.dll-->NtRenameKey, Type: Inline - RelativeJump 0x77198CFD-->00000000 [sysfer.dll]
[2688]pctsTray.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - RelativeJump 0x77198F1D-->00000000 [sysfer.dll]
[2688]pctsTray.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - RelativeJump 0x7719908D-->00000000 [sysfer.dll]
[2688]pctsTray.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - RelativeJump 0x7719912D-->00000000 [sysfer.dll]
[2688]pctsTray.exe-->shell32.dll-->kernel32.dll-->QueueUserWorkItem, Type: IAT modification 0x080E11B0-->00000000 [pctsTray.exe]
[2732]GoogleToolbarNotifier.exe-->advapi32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77C81150-->00000000 [unknown_code_page]
[2732]GoogleToolbarNotifier.exe-->advapi32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77C811E4-->00000000 [unknown_code_page]
[2732]GoogleToolbarNotifier.exe-->advapi32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77C81094-->00000000 [unknown_code_page]
[2732]GoogleToolbarNotifier.exe-->advapi32.dll-->ntdll.dll-->NtRenameKey, Type: IAT modification 0x77C81088-->00000000 [unknown_code_page]
[2732]GoogleToolbarNotifier.exe-->advapi32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77C811E0-->00000000 [unknown_code_page]
[2732]GoogleToolbarNotifier.exe-->advapi32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77C81284-->00000000 [unknown_code_page]
[2732]GoogleToolbarNotifier.exe-->kernel32.dll-->ntdll.dll-->LdrLoadDll, Type: IAT modification 0x77E0144C-->00000000 [unknown_code_page]
[2732]GoogleToolbarNotifier.exe-->kernel32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77E01018-->00000000 [unknown_code_page]
[2732]GoogleToolbarNotifier.exe-->kernel32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77E01078-->00000000 [unknown_code_page]
[2732]GoogleToolbarNotifier.exe-->kernel32.dll-->ntdll.dll-->NtCreateUserProcess, Type: IAT modification 0x77E014F8-->00000000 [unknown_code_page]
[2732]GoogleToolbarNotifier.exe-->kernel32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77E011D4-->00000000 [unknown_code_page]
[2732]GoogleToolbarNotifier.exe-->kernel32.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x77E01048-->00000000 [unknown_code_page]
[2732]GoogleToolbarNotifier.exe-->kernel32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77E01074-->00000000 [unknown_code_page]
[2732]GoogleToolbarNotifier.exe-->kernel32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77E014BC-->00000000 [unknown_code_page]
[2732]GoogleToolbarNotifier.exe-->mswsock.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x6C9410B8-->00000000 [unknown_code_page]
[2732]GoogleToolbarNotifier.exe-->mswsock.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x6C94111C-->00000000 [unknown_code_page]
[2732]GoogleToolbarNotifier.exe-->ntdll.dll+0x0004A2E4, Type: Inline - RelativeCall 0x7718A2E4-->00000000 [unknown_code_page]
[2732]GoogleToolbarNotifier.exe-->ntdll.dll+0x0004A33C, Type: Inline - RelativeJump 0x7718A33C-->00000000 [ntdll.dll]
[2732]GoogleToolbarNotifier.exe-->ntdll.dll+0x0004A6D8, Type: Inline - RelativeJump 0x7718A6D8-->00000000 [ntdll.dll]
[2732]GoogleToolbarNotifier.exe-->ntdll.dll+0x0004B498, Type: Inline - RelativeCall 0x7718B498-->00000000 [unknown_code_page]
[2732]GoogleToolbarNotifier.exe-->ntdll.dll+0x0004B4F0, Type: Inline - RelativeJump 0x7718B4F0-->00000000 [ntdll.dll]
[2732]GoogleToolbarNotifier.exe-->ntdll.dll+0x0004B884, Type: Inline - RelativeJump 0x7718B884-->00000000 [ntdll.dll]
[2732]GoogleToolbarNotifier.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x77197F48-->00000000 [unknown_code_page]
[2732]GoogleToolbarNotifier.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7719800D-->00000000 [sysfer.dll]
[2732]GoogleToolbarNotifier.exe-->ntdll.dll-->NtCreateKey, Type: Inline - RelativeJump 0x7719804D-->00000000 [sysfer.dll]
[2732]GoogleToolbarNotifier.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - DirectJump 0x771980C8-->00000000 [unknown_code_page]
[2732]GoogleToolbarNotifier.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - DirectJump 0x771980D8-->00000000 [unknown_code_page]
[2732]GoogleToolbarNotifier.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x771980F8-->00000000 [unknown_code_page]
[2732]GoogleToolbarNotifier.exe-->ntdll.dll-->NtCreateUserProcess, Type: Inline - RelativeJump 0x7719943D-->00000000 [sysfer.dll]
[2732]GoogleToolbarNotifier.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x771983ED-->00000000 [sysfer.dll]
[2732]GoogleToolbarNotifier.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x771983F8-->00000000 [unknown_code_page]
[2732]GoogleToolbarNotifier.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - RelativeJump 0x7719842D-->00000000 [sysfer.dll]
[2732]GoogleToolbarNotifier.exe-->ntdll.dll-->NtMapViewOfSection, Type: Inline - RelativeJump 0x7719875D-->00000000 [sysfer.dll]
[2732]GoogleToolbarNotifier.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x771987ED-->00000000 [sysfer.dll]
[2732]GoogleToolbarNotifier.exe-->ntdll.dll-->NtOpenKey, Type: Inline - RelativeJump 0x7719881D-->00000000 [sysfer.dll]
[2732]GoogleToolbarNotifier.exe-->ntdll.dll-->NtRenameKey, Type: Inline - RelativeJump 0x77198CFD-->00000000 [sysfer.dll]
[2732]GoogleToolbarNotifier.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - RelativeJump 0x77198F1D-->00000000 [sysfer.dll]
[2732]GoogleToolbarNotifier.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - RelativeJump 0x7719908D-->00000000 [sysfer.dll]
[2732]GoogleToolbarNotifier.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - RelativeJump 0x7719912D-->00000000 [sysfer.dll]
[2732]GoogleToolbarNotifier.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x77199278-->00000000 [unknown_code_page]
[2732]GoogleToolbarNotifier.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x77199288-->00000000 [unknown_code_page]
[2732]GoogleToolbarNotifier.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x771992A8-->00000000 [unknown_code_page]
[2732]GoogleToolbarNotifier.exe-->shell32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x080E2260-->00000000 [unknown_code_page]
[2732]GoogleToolbarNotifier.exe-->shell32.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x080E2278-->00000000 [unknown_code_page]
[2732]GoogleToolbarNotifier.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x772D13E2-->00000000 [unknown_code_page]
[2732]GoogleToolbarNotifier.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x772EA981-->00000000 [unknown_code_page]
[2732]GoogleToolbarNotifier.exe-->user32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77D510BC-->00000000 [unknown_code_page]
[2732]GoogleToolbarNotifier.exe-->user32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77D510C4-->00000000 [unknown_code_page]
[2732]GoogleToolbarNotifier.exe-->user32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77D510C0-->00000000 [unknown_code_page]
[2732]GoogleToolbarNotifier.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x772AB5F5-->00000000 [unknown_code_page]
[2732]GoogleToolbarNotifier.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x772B21FE-->00000000 [unknown_code_page]
[2732]GoogleToolbarNotifier.exe-->ws2_32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x4B0D1284-->00000000 [unknown_code_page]
[2748]aim6.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77C814C0-->00000000 [tbdiag.dll]
[2748]aim6.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77C81500-->00000000 [tbdiag.dll]
[2748]aim6.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77C816EC-->00000000 [tbdiag.dll]
[2748]aim6.exe-->advapi32.dll-->kernel32.dll-->SetUnhandledExceptionFilter, Type: IAT modification 0x77C816A8-->00000000 [tbdiag.dll]
[2748]aim6.exe-->advapi32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77C81150-->00000000 [unknown_code_page]
[2748]aim6.exe-->advapi32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77C811E4-->00000000 [unknown_code_page]
[2748]aim6.exe-->advapi32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77C81094-->00000000 [unknown_code_page]
[2748]aim6.exe-->advapi32.dll-->ntdll.dll-->NtRenameKey, Type: IAT modification 0x77C81088-->00000000 [unknown_code_page]
[2748]aim6.exe-->advapi32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77C811E0-->00000000 [unknown_code_page]
[2748]aim6.exe-->advapi32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77C81284-->00000000 [unknown_code_page]
[2748]aim6.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77B7111C-->00000000 [tbdiag.dll]
[2748]aim6.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77B71110-->00000000 [tbdiag.dll]
[2748]aim6.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77B71174-->00000000 [tbdiag.dll]
[2748]aim6.exe-->gdi32.dll-->kernel32.dll-->SetUnhandledExceptionFilter, Type: IAT modification 0x77B710B4-->00000000 [tbdiag.dll]
[2748]aim6.exe-->kernel32.dll-->ntdll.dll-->LdrLoadDll, Type: IAT modification 0x77E0144C-->00000000 [unknown_code_page]
[2748]aim6.exe-->kernel32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77E01018-->00000000 [unknown_code_page]
[2748]aim6.exe-->kernel32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77E01078-->00000000 [unknown_code_page]
[2748]aim6.exe-->kernel32.dll-->ntdll.dll-->NtCreateUserProcess, Type: IAT modification 0x77E014F8-->00000000 [unknown_code_page]
[2748]aim6.exe-->kernel32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77E011D4-->00000000 [unknown_code_page]
[2748]aim6.exe-->kernel32.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x77E01048-->00000000 [unknown_code_page]
[2748]aim6.exe-->kernel32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77E01074-->00000000 [unknown_code_page]
[2748]aim6.exe-->kernel32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77E014BC-->00000000 [unknown_code_page]
[2748]aim6.exe-->mswsock.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x6C941248-->00000000 [tbdiag.dll]
[2748]aim6.exe-->mswsock.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x6C9411F8-->00000000 [tbdiag.dll]
[2748]aim6.exe-->mswsock.dll-->kernel32.dll-->SetUnhandledExceptionFilter, Type: IAT modification 0x6C941154-->00000000 [tbdiag.dll]
[2748]aim6.exe-->mswsock.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x6C9410B8-->00000000 [unknown_code_page]
[2748]aim6.exe-->mswsock.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x6C94111C-->00000000 [unknown_code_page]
[2748]aim6.exe-->ntdll.dll+0x0004A2E4, Type: Inline - RelativeCall 0x7718A2E4-->00000000 [unknown_code_page]
[2748]aim6.exe-->ntdll.dll+0x0004A33C, Type: Inline - RelativeJump 0x7718A33C-->00000000 [ntdll.dll]
[2748]aim6.exe-->ntdll.dll+0x0004A6D8, Type: Inline - RelativeJump 0x7718A6D8-->00000000 [ntdll.dll]
[2748]aim6.exe-->ntdll.dll+0x0004B498, Type: Inline - RelativeCall 0x7718B498-->00000000 [unknown_code_page]
[2748]aim6.exe-->ntdll.dll+0x0004B4F0, Type: Inline - RelativeJump 0x7718B4F0-->00000000 [ntdll.dll]
[2748]aim6.exe-->ntdll.dll+0x0004B884, Type: Inline - RelativeJump 0x7718B884-->00000000 [ntdll.dll]
[2748]aim6.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x77197F48-->00000000 [unknown_code_page]
[2748]aim6.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7719800D-->00000000 [sysfer.dll]
[2748]aim6.exe-->ntdll.dll-->NtCreateKey, Type: Inline - RelativeJump 0x7719804D-->00000000 [sysfer.dll]
[2748]aim6.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - DirectJump 0x771980C8-->00000000 [unknown_code_page]
[2748]aim6.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - DirectJump 0x771980D8-->00000000 [unknown_code_page]
[2748]aim6.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x771980F8-->00000000 [unknown_code_page]
[2748]aim6.exe-->ntdll.dll-->NtCreateUserProcess, Type: Inline - RelativeJump 0x7719943D-->00000000 [sysfer.dll]
[2748]aim6.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x771983ED-->00000000 [sysfer.dll]
[2748]aim6.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x771983F8-->00000000 [unknown_code_page]
[2748]aim6.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - RelativeJump 0x7719842D-->00000000 [sysfer.dll]
[2748]aim6.exe-->ntdll.dll-->NtMapViewOfSection, Type: Inline - RelativeJump 0x7719875D-->00000000 [sysfer.dll]
[2748]aim6.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x771987ED-->00000000 [sysfer.dll]
[2748]aim6.exe-->ntdll.dll-->NtOpenKey, Type: Inline - RelativeJump 0x7719881D-->00000000 [sysfer.dll]
[2748]aim6.exe-->ntdll.dll-->NtRenameKey, Type: Inline - RelativeJump 0x77198CFD-->00000000 [sysfer.dll]
[2748]aim6.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - RelativeJump 0x77198F1D-->00000000 [sysfer.dll]
[2748]aim6.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - RelativeJump 0x7719908D-->00000000 [sysfer.dll]
[2748]aim6.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - RelativeJump 0x7719912D-->00000000 [sysfer.dll]
[2748]aim6.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x77199278-->00000000 [unknown_code_page]
[2748]aim6.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x77199288-->00000000 [unknown_code_page]
[2748]aim6.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x771992A8-->00000000 [unknown_code_page]
[2748]aim6.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x080E14DC-->00000000 [tbdiag.dll]
[2748]aim6.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x080E1284-->00000000 [tbdiag.dll]
[2748]aim6.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x080E1448-->00000000 [tbdiag.dll]
[2748]aim6.exe-->shell32.dll-->kernel32.dll-->SetUnhandledExceptionFilter, Type: IAT modification 0x080E1210-->00000000 [tbdiag.dll]
[2748]aim6.exe-->shell32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x080E2260-->00000000 [unknown_code_page]
[2748]aim6.exe-->shell32.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x080E2278-->00000000 [unknown_code_page]
[2748]aim6.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x772D13E2-->00000000 [unknown_code_page]
[2748]aim6.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x772EA981-->00000000 [unknown_code_page]
[2748]aim6.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77D51250-->00000000 [tbdiag.dll]
[2748]aim6.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77D5115C-->00000000 [tbdiag.dll]
[2748]aim6.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77D512FC-->00000000 [tbdiag.dll]
[2748]aim6.exe-->user32.dll-->kernel32.dll-->SetUnhandledExceptionFilter, Type: IAT modification 0x77D51260-->00000000 [tbdiag.dll]
[2748]aim6.exe-->user32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77D510BC-->00000000 [unknown_code_page]
[2748]aim6.exe-->user32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77D510C4-->00000000 [unknown_code_page]
[2748]aim6.exe-->user32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77D510C0-->00000000 [unknown_code_page]
[2748]aim6.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x772AB5F5-->00000000 [unknown_code_page]
[2748]aim6.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x772B21FE-->00000000 [unknown_code_page]
[2748]aim6.exe-->wininet.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x71721484-->00000000 [tbdiag.dll]
[2748]aim6.exe-->wininet.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x71721418-->00000000 [tbdiag.dll]
[2748]aim6.exe-->wininet.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x717213EC-->00000000 [tbdiag.dll]
[2748]aim6.exe-->wininet.dll-->kernel32.dll-->SetUnhandledExceptionFilter, Type: IAT modification 0x71721478-->00000000 [tbdiag.dll]
[2748]aim6.exe-->ws2_32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x4B0D11EC-->00000000 [tbdiag.dll]
[2748]aim6.exe-->ws2_32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x4B0D11F0-->00000000 [tbdiag.dll]
[2748]aim6.exe-->ws2_32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x4B0D1228-->00000000 [tbdiag.dll]
[2748]aim6.exe-->ws2_32.dll-->kernel32.dll-->SetUnhandledExceptionFilter, Type: IAT modification 0x4B0D1190-->00000000 [tbdiag.dll]
[2748]aim6.exe-->ws2_32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x4B0D1284-->00000000 [unknown_code_page]
[2868]taskeng.exe-->advapi32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77C81150-->00000000 [unknown_code_page]
[2868]taskeng.exe-->advapi32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77C811E4-->00000000 [unknown_code_page]
[2868]taskeng.exe-->advapi32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77C81094-->00000000 [unknown_code_page]
[2868]taskeng.exe-->advapi32.dll-->ntdll.dll-->NtRenameKey, Type: IAT modification 0x77C81088-->00000000 [unknown_code_page]
[2868]taskeng.exe-->advapi32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77C811E0-->00000000 [unknown_code_page]
[2868]taskeng.exe-->advapi32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77C81284-->00000000 [unknown_code_page]
[2868]taskeng.exe-->kernel32.dll-->ntdll.dll-->LdrLoadDll, Type: IAT modification 0x77E0144C-->00000000 [unknown_code_page]
[2868]taskeng.exe-->kernel32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77E01018-->00000000 [unknown_code_page]
[2868]taskeng.exe-->kernel32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77E01078-->00000000 [unknown_code_page]
[2868]taskeng.exe-->kernel32.dll-->ntdll.dll-->NtCreateUserProcess, Type: IAT modification 0x77E014F8-->00000000 [unknown_code_page]
[2868]taskeng.exe-->kernel32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77E011D4-->00000000 [unknown_code_page]
[2868]taskeng.exe-->kernel32.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x77E01048-->00000000 [unknown_code_page]
[2868]taskeng.exe-->kernel32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77E01074-->00000000 [unknown_code_page]
[2868]taskeng.exe-->kernel32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77E014BC-->00000000 [unknown_code_page]
[2868]taskeng.exe-->ntdll.dll+0x0004A2E4, Type: Inline - RelativeCall 0x7718A2E4-->00000000 [unknown_code_page]
[2868]taskeng.exe-->ntdll.dll+0x0004A33C, Type: Inline - RelativeJump 0x7718A33C-->00000000 [ntdll.dll]
[2868]taskeng.exe-->ntdll.dll+0x0004A6D8, Type: Inline - RelativeJump 0x7718A6D8-->00000000 [ntdll.dll]
[2868]taskeng.exe-->ntdll.dll+0x0004B498, Type: Inline - RelativeCall 0x7718B498-->00000000 [unknown_code_page]
[2868]taskeng.exe-->ntdll.dll+0x0004B4F0, Type: Inline - RelativeJump 0x7718B4F0-->00000000 [ntdll.dll]
[2868]taskeng.exe-->ntdll.dll+0x0004B884, Type: Inline - RelativeJump 0x7718B884-->00000000 [ntdll.dll]
[2868]taskeng.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x77197F48-->00000000 [unknown_code_page]
[2868]taskeng.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7719800D-->00000000 [sysfer.dll]
[2868]taskeng.exe-->ntdll.dll-->NtCreateKey, Type: Inline - RelativeJump 0x7719804D-->00000000 [sysfer.dll]
[2868]taskeng.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - DirectJump 0x771980C8-->00000000 [unknown_code_page]
[2868]taskeng.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - DirectJump 0x771980D8-->00000000 [unknown_code_page]
[2868]taskeng.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x771980F8-->00000000 [unknown_code_page]
[2868]taskeng.exe-->ntdll.dll-->NtCreateUserProcess, Type: Inline - RelativeJump 0x7719943D-->00000000 [sysfer.dll]
[2868]taskeng.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x771983ED-->00000000 [sysfer.dll]
[2868]taskeng.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x771983F8-->00000000 [unknown_code_page]
[2868]taskeng.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - RelativeJump 0x7719842D-->00000000 [sysfer.dll]
[2868]taskeng.exe-->ntdll.dll-->NtMapViewOfSection, Type: Inline - RelativeJump 0x7719875D-->00000000 [sysfer.dll]
[2868]taskeng.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x771987ED-->00000000 [sysfer.dll]
[2868]taskeng.exe-->ntdll.dll-->NtOpenKey, Type: Inline - RelativeJump 0x7719881D-->00000000 [sysfer.dll]
[2868]taskeng.exe-->ntdll.dll-->NtRenameKey, Type: Inline - RelativeJump 0x77198CFD-->00000000 [sysfer.dll]
[2868]taskeng.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - RelativeJump 0x77198F1D-->00000000 [sysfer.dll]
[2868]taskeng.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - RelativeJump 0x7719908D-->00000000 [sysfer.dll]
[2868]taskeng.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - RelativeJump 0x7719912D-->00000000 [sysfer.dll]
[2868]taskeng.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x77199278-->00000000 [unknown_code_page]
[2868]taskeng.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x77199288-->00000000 [unknown_code_page]
[2868]taskeng.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x771992A8-->00000000 [unknown_code_page]
[2868]taskeng.exe-->shell32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x080E2260-->00000000 [unknown_code_page]
[2868]taskeng.exe-->shell32.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x080E2278-->00000000 [unknown_code_page]
[2868]taskeng.exe-->user32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77D510BC-->00000000 [unknown_code_page]
[2868]taskeng.exe-->user32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77D510C4-->00000000 [unknown_code_page]
[2868]taskeng.exe-->user32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77D510C0-->00000000 [unknown_code_page]
[2868]taskeng.exe-->ws2_32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x4B0D1284-->00000000 [unknown_code_page]
[2876]Steam.exe-->advapi32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77C81150-->00000000 [unknown_code_page]
[2876]Steam.exe-->advapi32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77C811E4-->00000000 [unknown_code_page]
[2876]Steam.exe-->advapi32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77C81094-->00000000 [unknown_code_page]
[2876]Steam.exe-->advapi32.dll-->ntdll.dll-->NtRenameKey, Type: IAT modification 0x77C81088-->00000000 [unknown_code_page]
[2876]Steam.exe-->advapi32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77C811E0-->00000000 [unknown_code_page]
[2876]Steam.exe-->advapi32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77C81284-->00000000 [unknown_code_page]
[2876]Steam.exe-->kernel32.dll-->ntdll.dll-->LdrLoadDll, Type: IAT modification 0x77E0144C-->00000000 [unknown_code_page]
[2876]Steam.exe-->kernel32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77E01018-->00000000 [unknown_code_page]
[2876]Steam.exe-->kernel32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77E01078-->00000000 [unknown_code_page]
[2876]Steam.exe-->kernel32.dll-->ntdll.dll-->NtCreateUserProcess, Type: IAT modification 0x77E014F8-->00000000 [unknown_code_page]
[2876]Steam.exe-->kernel32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77E011D4-->00000000 [unknown_code_page]
[2876]Steam.exe-->kernel32.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x77E01048-->00000000 [unknown_code_page]
[2876]Steam.exe-->kernel32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77E01074-->00000000 [unknown_code_page]
[2876]Steam.exe-->kernel32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77E014BC-->00000000 [unknown_code_page]
[2876]Steam.exe-->mswsock.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x6C9410B8-->00000000 [unknown_code_page]
[2876]Steam.exe-->mswsock.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x6C94111C-->00000000 [unknown_code_page]
[2876]Steam.exe-->ntdll.dll+0x0004A2E4, Type: Inline - RelativeCall 0x7718A2E4-->00000000 [unknown_code_page]
[2876]Steam.exe-->ntdll.dll+0x0004A33C, Type: Inline - RelativeJump 0x7718A33C-->00000000 [ntdll.dll]
[2876]Steam.exe-->ntdll.dll+0x0004A6D8, Type: Inline - RelativeJump 0x7718A6D8-->00000000 [ntdll.dll]
[2876]Steam.exe-->ntdll.dll+0x0004B498, Type: Inline - RelativeCall 0x7718B498-->00000000 [unknown_code_page]
[2876]Steam.exe-->ntdll.dll+0x0004B4F0, Type: Inline - RelativeJump 0x7718B4F0-->00000000 [ntdll.dll]
[2876]Steam.exe-->ntdll.dll+0x0004B884, Type: Inline - RelativeJump 0x7718B884-->00000000 [ntdll.dll]
[2876]Steam.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x77197F48-->00000000 [unknown_code_page]
[2876]Steam.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7719800D-->00000000 [sysfer.dll]
[2876]Steam.exe-->ntdll.dll-->NtCreateKey, Type: Inline - RelativeJump 0x7719804D-->00000000 [sysfer.dll]
[2876]Steam.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - DirectJump 0x771980C8-->00000000 [unknown_code_page]
[2876]Steam.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - DirectJump 0x771980D8-->00000000 [unknown_code_page]
[2876]Steam.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x771980F8-->00000000 [unknown_code_page]
[2876]Steam.exe-->ntdll.dll-->NtCreateUserProcess, Type: Inline - RelativeJump 0x7719943D-->00000000 [sysfer.dll]
[2876]Steam.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x771983ED-->00000000 [sysfer.dll]
[2876]Steam.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x771983F8-->00000000 [unknown_code_page]
[2876]Steam.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - RelativeJump 0x7719842D-->00000000 [sysfer.dll]
[2876]Steam.exe-->ntdll.dll-->NtMapViewOfSection, Type: Inline - RelativeJump 0x7719875D-->00000000 [sysfer.dll]
[2876]Steam.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x771987ED-->00000000 [sysfer.dll]
[2876]Steam.exe-->ntdll.dll-->NtOpenKey, Type: Inline - RelativeJump 0x7719881D-->00000000 [sysfer.dll]
[2876]Steam.exe-->ntdll.dll-->NtRenameKey, Type: Inline - RelativeJump 0x77198CFD-->00000000 [sysfer.dll]
[2876]Steam.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - RelativeJump 0x77198F1D-->00000000 [sysfer.dll]
[2876]Steam.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - RelativeJump 0x7719908D-->00000000 [sysfer.dll]
[2876]Steam.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - RelativeJump 0x7719912D-->00000000 [sysfer.dll]
[2876]Steam.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x77199278-->00000000 [unknown_code_page]
[2876]Steam.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x77199288-->00000000 [unknown_code_page]
[2876]Steam.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x771992A8-->00000000 [unknown_code_page]
[2876]Steam.exe-->shell32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x080E2260-->00000000 [unknown_code_page]
[2876]Steam.exe-->shell32.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x080E2278-->00000000 [unknown_code_page]
[2876]Steam.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x772D13E2-->00000000 [unknown_code_page]
[2876]Steam.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x772EA981-->00000000 [unknown_code_page]
[2876]Steam.exe-->user32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77D510BC-->00000000 [unknown_code_page]
[2876]Steam.exe-->user32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77D510C4-->00000000 [unknown_code_page]
[2876]Steam.exe-->user32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77D510C0-->00000000 [unknown_code_page]
[2876]Steam.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x772AB5F5-->00000000 [unknown_code_page]
[2876]Steam.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x772B21FE-->00000000 [unknown_code_page]
[2876]Steam.exe-->ws2_32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x4B0D1284-->00000000 [unknown_code_page]
[2908]PTIM.exe-->advapi32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77C81150-->00000000 [unknown_code_page]
[2908]PTIM.exe-->advapi32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77C811E4-->00000000 [unknown_code_page]
[2908]PTIM.exe-->advapi32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77C81094-->00000000 [unknown_code_page]
[2908]PTIM.exe-->advapi32.dll-->ntdll.dll-->NtRenameKey, Type: IAT modification 0x77C81088-->00000000 [unknown_code_page]
[2908]PTIM.exe-->advapi32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77C811E0-->00000000 [unknown_code_page]
[2908]PTIM.exe-->advapi32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77C81284-->00000000 [unknown_code_page]
[2908]PTIM.exe-->kernel32.dll-->ntdll.dll-->LdrLoadDll, Type: IAT modification 0x77E0144C-->00000000 [unknown_code_page]
[2908]PTIM.exe-->kernel32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77E01018-->00000000 [unknown_code_page]
[2908]PTIM.exe-->kernel32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77E01078-->00000000 [unknown_code_page]
[2908]PTIM.exe-->kernel32.dll-->ntdll.dll-->NtCreateUserProcess, Type: IAT modification 0x77E014F8-->00000000 [unknown_code_page]
[2908]PTIM.exe-->kernel32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77E011D4-->00000000 [unknown_code_page]
[2908]PTIM.exe-->kernel32.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x77E01048-->00000000 [unknown_code_page]
[2908]PTIM.exe-->kernel32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77E01074-->00000000 [unknown_code_page]
[2908]PTIM.exe-->kernel32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77E014BC-->00000000 [unknown_code_page]
[2908]PTIM.exe-->ntdll.dll+0x0004A2E4, Type: Inline - RelativeCall 0x7718A2E4-->00000000 [unknown_code_page]
[2908]PTIM.exe-->ntdll.dll+0x0004A33C, Type: Inline - RelativeJump 0x7718A33C-->00000000 [ntdll.dll]
[2908]PTIM.exe-->ntdll.dll+0x0004A6D8, Type: Inline - RelativeJump 0x7718A6D8-->00000000 [ntdll.dll]
[2908]PTIM.exe-->ntdll.dll+0x0004B498, Type: Inline - RelativeCall 0x7718B498-->00000000 [unknown_code_page]
[2908]PTIM.exe-->ntdll.dll+0x0004B4F0, Type: Inline - RelativeJump 0x7718B4F0-->00000000 [ntdll.dll]
[2908]PTIM.exe-->ntdll.dll+0x0004B884, Type: Inline - RelativeJump 0x7718B884-->00000000 [ntdll.dll]
[2908]PTIM.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x77197F48-->00000000 [unknown_code_page]
[2908]PTIM.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7719800D-->00000000 [sysfer.dll]
[2908]PTIM.exe-->ntdll.dll-->NtCreateKey, Type: Inline - RelativeJump 0x7719804D-->00000000 [sysfer.dll]
[2908]PTIM.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - DirectJump 0x771980C8-->00000000 [unknown_code_page]
[2908]PTIM.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - DirectJump 0x771980D8-->00000000 [unknown_code_page]
[2908]PTIM.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x771980F8-->00000000 [unknown_code_page]
[2908]PTIM.exe-->ntdll.dll-->NtCreateUserProcess, Type: Inline - RelativeJump 0x7719943D-->00000000 [sysfer.dll]
[2908]PTIM.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x771983ED-->00000000 [sysfer.dll]
[2908]PTIM.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x771983F8-->00000000 [unknown_code_page]
[2908]PTIM.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - RelativeJump 0x7719842D-->00000000 [sysfer.dll]
[2908]PTIM.exe-->ntdll.dll-->NtMapViewOfSection, Type: Inline - RelativeJump 0x7719875D-->00000000 [sysfer.dll]
[2908]PTIM.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x771987ED-->00000000 [sysfer.dll]
[2908]PTIM.exe-->ntdll.dll-->NtOpenKey, Type: Inline - RelativeJump 0x7719881D-->00000000 [sysfer.dll]
[2908]PTIM.exe-->ntdll.dll-->NtRenameKey, Type: Inline - RelativeJump 0x77198CFD-->00000000 [sysfer.dll]
[2908]PTIM.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - RelativeJump 0x77198F1D-->00000000 [sysfer.dll]
[2908]PTIM.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - RelativeJump 0x7719908D-->00000000 [sysfer.dll]
[2908]PTIM.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - RelativeJump 0x7719912D-->00000000 [sysfer.dll]
[2908]PTIM.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x77199278-->00000000 [unknown_code_page]
[2908]PTIM.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x77199288-->00000000 [unknown_code_page]
[2908]PTIM.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x771992A8-->00000000 [unknown_code_page]
[2908]PTIM.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x772D13E2-->00000000 [unknown_code_page]
[2908]PTIM.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x772EA981-->00000000 [unknown_code_page]
[2908]PTIM.exe-->user32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77D510BC-->00000000 [unknown_code_page]
[2908]PTIM.exe-->user32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77D510C4-->00000000 [unknown_code_page]
[2908]PTIM.exe-->user32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77D510C0-->00000000 [unknown_code_page]
[2908]PTIM.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x772AB5F5-->00000000 [unknown_code_page]
[2908]PTIM.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x772B21FE-->00000000 [unknown_code_page]
[2960]ptoneclk.exe-->advapi32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77C81150-->00000000 [unknown_code_page]
[2960]ptoneclk.exe-->advapi32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77C811E4-->00000000 [unknown_code_page]
[2960]ptoneclk.exe-->advapi32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77C81094-->00000000 [unknown_code_page]
[2960]ptoneclk.exe-->advapi32.dll-->ntdll.dll-->NtRenameKey, Type: IAT modification 0x77C81088-->00000000 [unknown_code_page]
[2960]ptoneclk.exe-->advapi32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77C811E0-->00000000 [unknown_code_page]
[2960]ptoneclk.exe-->advapi32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77C81284-->00000000 [unknown_code_page]
[2960]ptoneclk.exe-->kernel32.dll-->ntdll.dll-->LdrLoadDll, Type: IAT modification 0x77E0144C-->00000000 [unknown_code_page]
[2960]ptoneclk.exe-->kernel32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77E01018-->00000000 [unknown_code_page]
[2960]ptoneclk.exe-->kernel32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77E01078-->00000000 [unknown_code_page]
[2960]ptoneclk.exe-->kernel32.dll-->ntdll.dll-->NtCreateUserProcess, Type: IAT modification 0x77E014F8-->00000000 [unknown_code_page]
[2960]ptoneclk.exe-->kernel32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77E011D4-->00000000 [unknown_code_page]
[2960]ptoneclk.exe-->kernel32.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x77E01048-->00000000 [unknown_code_page]
[2960]ptoneclk.exe-->kernel32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77E01074-->00000000 [unknown_code_page]
[2960]ptoneclk.exe-->kernel32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77E014BC-->00000000 [unknown_code_page]
[2960]ptoneclk.exe-->ntdll.dll+0x0004A2E4, Type: Inline - RelativeCall 0x7718A2E4-->00000000 [unknown_code_page]
[2960]ptoneclk.exe-->ntdll.dll+0x0004A33C, Type: Inline - RelativeJump 0x7718A33C-->00000000 [ntdll.dll]
[2960]ptoneclk.exe-->ntdll.dll+0x0004A6D8, Type: Inline - RelativeJump 0x7718A6D8-->00000000 [ntdll.dll]
[2960]ptoneclk.exe-->ntdll.dll+0x0004B498, Type: Inline - RelativeCall 0x7718B498-->00000000 [unknown_code_page]
[2960]ptoneclk.exe-->ntdll.dll+0x0004B4F0, Type: Inline - RelativeJump 0x7718B4F0-->00000000 [ntdll.dll]
[2960]ptoneclk.exe-->ntdll.dll+0x0004B884, Type: Inline - RelativeJump 0x7718B884-->00000000 [ntdll.dll]
[2960]ptoneclk.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x77197F48-->00000000 [unknown_code_page]
[2960]ptoneclk.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7719800D-->00000000 [sysfer.dll]
[2960]ptoneclk.exe-->ntdll.dll-->NtCreateKey, Type: Inline - RelativeJump 0x7719804D-->00000000 [sysfer.dll]
[2960]ptoneclk.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - DirectJump 0x771980C8-->00000000 [unknown_code_page]
[2960]ptoneclk.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - DirectJump 0x771980D8-->00000000 [unknown_code_page]
[2960]ptoneclk.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x771980F8-->00000000 [unknown_code_page]
[2960]ptoneclk.exe-->ntdll.dll-->NtCreateUserProcess, Type: Inline - RelativeJump 0x7719943D-->00000000 [sysfer.dll]
[2960]ptoneclk.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x771983ED-->00000000 [sysfer.dll]
[2960]ptoneclk.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x771983F8-->00000000 [unknown_code_page]
[2960]ptoneclk.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - RelativeJump 0x7719842D-->00000000 [sysfer.dll]
[2960]ptoneclk.exe-->ntdll.dll-->NtMapViewOfSection, Type: Inline - RelativeJump 0x7719875D-->00000000 [sysfer.dll]
[2960]ptoneclk.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x771987ED-->00000000 [sysfer.dll]
[2960]ptoneclk.exe-->ntdll.dll-->NtOpenKey, Type: Inline - RelativeJump 0x7719881D-->00000000 [sysfer.dll]
[2960]ptoneclk.exe-->ntdll.dll-->NtRenameKey, Type: Inline - RelativeJump 0x77198CFD-->00000000 [sysfer.dll]
[2960]ptoneclk.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - RelativeJump 0x77198F1D-->00000000 [sysfer.dll]
[2960]ptoneclk.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - RelativeJump 0x7719908D-->00000000 [sysfer.dll]
[2960]ptoneclk.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - RelativeJump 0x7719912D-->00000000 [sysfer.dll]
[2960]ptoneclk.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x77199278-->00000000 [unknown_code_page]
[2960]ptoneclk.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x77199288-->00000000 [unknown_code_page]
[2960]ptoneclk.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x771992A8-->00000000 [unknown_code_page]
[2960]ptoneclk.exe-->shell32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x080E2260-->00000000 [unknown_code_page]
[2960]ptoneclk.exe-->shell32.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x080E2278-->00000000 [unknown_code_page]
[2960]ptoneclk.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x772D13E2-->00000000 [unknown_code_page]
[2960]ptoneclk.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x772EA981-->00000000 [unknown_code_page]
[2960]ptoneclk.exe-->user32.dll-->GetScrollInfo, Type: Inline - RelativeJump 0x772B0804-->00000000 [ptSknMgr.dll]
[2960]ptoneclk.exe-->user32.dll-->GetWindowLongA, Type: Inline - RelativeJump 0x772B93DA-->00000000 [ptSknMgr.dll]
[2960]ptoneclk.exe-->user32.dll-->GetWindowLongW, Type: Inline - RelativeJump 0x772BF67F-->00000000 [ptSknMgr.dll]
[2960]ptoneclk.exe-->user32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77D510BC-->00000000 [unknown_code_page]
[2960]ptoneclk.exe-->user32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77D510C4-->00000000 [unknown_code_page]
[2960]ptoneclk.exe-->user32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77D510C0-->00000000 [unknown_code_page]
[2960]ptoneclk.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x772AB5F5-->00000000 [unknown_code_page]
[2960]ptoneclk.exe-->user32.dll-->SetScrollInfo, Type: Inline - RelativeJump 0x772B8663-->00000000 [ptSknMgr.dll]
[2960]ptoneclk.exe-->user32.dll-->SetScrollPos, Type: Inline - RelativeJump 0x772D3A1E-->00000000 [ptSknMgr.dll]
[2960]ptoneclk.exe-->user32.dll-->SetScrollRange, Type: Inline - RelativeJump 0x772AE173-->00000000 [ptSknMgr.dll]
[2960]ptoneclk.exe-->user32.dll-->SetWindowLongA, Type: Inline - RelativeJump 0x772B0736-->00000000 [ptSknMgr.dll]
[2960]ptoneclk.exe-->user32.dll-->SetWindowLongW, Type: Inline - RelativeJump 0x772B1F35-->00000000 [ptSknMgr.dll]
[2960]ptoneclk.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x772B21FE-->00000000 [unknown_code_page]
[2960]ptoneclk.exe-->ws2_32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x4B0D1284-->00000000 [unknown_code_page]
[3228]unsecapp.exe-->advapi32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77C81150-->00000000 [unknown_code_page]
[3228]unsecapp.exe-->advapi32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77C811E4-->00000000 [unknown_code_page]
[3228]unsecapp.exe-->advapi32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77C81094-->00000000 [unknown_code_page]
[3228]unsecapp.exe-->advapi32.dll-->ntdll.dll-->NtRenameKey, Type: IAT modification 0x77C81088-->00000000 [unknown_code_page]
[3228]unsecapp.exe-->advapi32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77C811E0-->00000000 [unknown_code_page]
[3228]unsecapp.exe-->advapi32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77C81284-->00000000 [unknown_code_page]
[3228]unsecapp.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - DirectJump 0x76BA30C3-->00000000 [unknown_code_page]
[3228]unsecapp.exe-->kernel32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77E01018-->00000000 [unknown_code_page]
[3228]unsecapp.exe-->kernel32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77E01078-->00000000 [unknown_code_page]
[3228]unsecapp.exe-->kernel32.dll-->ntdll.dll-->NtCreateUserProcess, Type: IAT modification 0x77E014F8-->00000000 [unknown_code_page]
[3228]unsecapp.exe-->kernel32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77E011D4-->00000000 [unknown_code_page]
[3228]unsecapp.exe-->kernel32.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x77E01048-->00000000 [unknown_code_page]
[3228]unsecapp.exe-->kernel32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77E01074-->00000000 [unknown_code_page]
[3228]unsecapp.exe-->kernel32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77E014BC-->00000000 [unknown_code_page]
[3228]unsecapp.exe-->ntdll.dll+0x0004A2E4, Type: Inline - RelativeCall 0x7718A2E4-->00000000 [unknown_code_page]
[3228]unsecapp.exe-->ntdll.dll+0x0004A33C, Type: Inline - RelativeJump 0x7718A33C-->00000000 [ntdll.dll]
[3228]unsecapp.exe-->ntdll.dll+0x0004A6D8, Type: Inline - RelativeJump 0x7718A6D8-->00000000 [ntdll.dll]
[3228]unsecapp.exe-->ntdll.dll+0x0004B498, Type: Inline - RelativeCall 0x7718B498-->00000000 [unknown_code_page]
[3228]unsecapp.exe-->ntdll.dll+0x0004B4F0, Type: Inline - RelativeJump 0x7718B4F0-->00000000 [ntdll.dll]
[3228]unsecapp.exe-->ntdll.dll+0x0004B884, Type: Inline - RelativeJump 0x7718B884-->00000000 [ntdll.dll]
[3228]unsecapp.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x77197F48-->00000000 [unknown_code_page]
[3228]unsecapp.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7719800D-->00000000 [sysfer.dll]
[3228]unsecapp.exe-->ntdll.dll-->NtCreateKey, Type: Inline - RelativeJump 0x7719804D-->00000000 [sysfer.dll]
[3228]unsecapp.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - DirectJump 0x771980C8-->00000000 [unknown_code_page]
[3228]unsecapp.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - DirectJump 0x771980D8-->00000000 [unknown_code_page]
[3228]unsecapp.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x771980F8-->00000000 [unknown_code_page]
[3228]unsecapp.exe-->ntdll.dll-->NtCreateUserProcess, Type: Inline - RelativeJump 0x7719943D-->00000000 [sysfer.dll]
[3228]unsecapp.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x771983ED-->00000000 [sysfer.dll]
[3228]unsecapp.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x771983F8-->00000000 [unknown_code_page]
[3228]unsecapp.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - RelativeJump 0x7719842D-->00000000 [sysfer.dll]
[3228]unsecapp.exe-->ntdll.dll-->NtMapViewOfSection, Type: Inline - RelativeJump 0x7719875D-->00000000 [sysfer.dll]
[3228]unsecapp.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x771987ED-->00000000 [sysfer.dll]
[3228]unsecapp.exe-->ntdll.dll-->NtOpenKey, Type: Inline - RelativeJump 0x7719881D-->00000000 [sysfer.dll]
[3228]unsecapp.exe-->ntdll.dll-->NtRenameKey, Type: Inline - RelativeJump 0x77198CFD-->00000000 [sysfer.dll]
[3228]unsecapp.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - RelativeJump 0x77198F1D-->00000000 [sysfer.dll]
[3228]unsecapp.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - RelativeJump 0x7719908D-->00000000 [sysfer.dll]
[3228]unsecapp.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - RelativeJump 0x7719912D-->00000000 [sysfer.dll]
[3228]unsecapp.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x77199278-->00000000 [unknown_code_page]
[3228]unsecapp.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x77199288-->00000000 [unknown_code_page]
[3228]unsecapp.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x771992A8-->00000000 [unknown_code_page]
[3228]unsecapp.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x772D13E2-->00000000 [unknown_code_page]
[3228]unsecapp.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x772EA981-->00000000 [unknown_code_page]
[3228]unsecapp.exe-->user32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77D510BC-->00000000 [unknown_code_page]
[3228]unsecapp.exe-->user32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77D510C4-->00000000 [unknown_code_page]
[3228]unsecapp.exe-->user32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77D510C0-->00000000 [unknown_code_page]
[3228]unsecapp.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x772AB5F5-->00000000 [unknown_code_page]
[3228]unsecapp.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x772B21FE-->00000000 [unknown_code_page]
[3228]unsecapp.exe-->ws2_32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x4B0D1284-->00000000 [unknown_code_page]
[3236]dwm.exe-->advapi32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77C81150-->00000000 [unknown_code_page]
[3236]dwm.exe-->advapi32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77C811E4-->00000000 [unknown_code_page]
[3236]dwm.exe-->advapi32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77C81094-->00000000 [unknown_code_page]
[3236]dwm.exe-->advapi32.dll-->ntdll.dll-->NtRenameKey, Type: IAT modification 0x77C81088-->00000000 [unknown_code_page]
[3236]dwm.exe-->advapi32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77C811E0-->00000000 [unknown_code_page]
[3236]dwm.exe-->advapi32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77C81284-->00000000 [unknown_code_page]
[3236]dwm.exe-->kernel32.dll-->ntdll.dll-->LdrLoadDll, Type: IAT modification 0x77E0144C-->00000000 [unknown_code_page]
[3236]dwm.exe-->kernel32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77E01018-->00000000 [unknown_code_page]
[3236]dwm.exe-->kernel32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77E01078-->00000000 [unknown_code_page]
[3236]dwm.exe-->kernel32.dll-->ntdll.dll-->NtCreateUserProcess, Type: IAT modification 0x77E014F8-->00000000 [unknown_code_page]
[3236]dwm.exe-->kernel32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77E011D4-->00000000 [unknown_code_page]
[3236]dwm.exe-->kernel32.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x77E01048-->00000000 [unknown_code_page]
[3236]dwm.exe-->kernel32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77E01074-->00000000 [unknown_code_page]
[3236]dwm.exe-->kernel32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77E014BC-->00000000 [unknown_code_page]
[3236]dwm.exe-->ntdll.dll+0x0004A2E4, Type: Inline - RelativeCall 0x7718A2E4-->00000000 [unknown_code_page]
[3236]dwm.exe-->ntdll.dll+0x0004A33C, Type: Inline - RelativeJump 0x7718A33C-->00000000 [ntdll.dll]
[3236]dwm.exe-->ntdll.dll+0x0004A6D8, Type: Inline - RelativeJump 0x7718A6D8-->00000000 [ntdll.dll]
[3236]dwm.exe-->ntdll.dll+0x0004B498, Type: Inline - RelativeCall 0x7718B498-->00000000 [unknown_code_page]
[3236]dwm.exe-->ntdll.dll+0x0004B4F0, Type: Inline - RelativeJump 0x7718B4F0-->00000000 [ntdll.dll]
[3236]dwm.exe-->ntdll.dll+0x0004B884, Type: Inline - RelativeJump 0x7718B884-->00000000 [ntdll.dll]
[3236]dwm.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x77197F48-->00000000 [unknown_code_page]
[3236]dwm.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7719800D-->00000000 [sysfer.dll]
[3236]dwm.exe-->ntdll.dll-->NtCreateKey, Type: Inline - RelativeJump 0x7719804D-->00000000 [sysfer.dll]
[3236]dwm.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - DirectJump 0x771980C8-->00000000 [unknown_code_page]
[3236]dwm.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - DirectJump 0x771980D8-->00000000 [unknown_code_page]
[3236]dwm.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x771980F8-->00000000 [unknown_code_page]
[3236]dwm.exe-->ntdll.dll-->NtCreateUserProcess, Type: Inline - RelativeJump 0x7719943D-->00000000 [sysfer.dll]
[3236]dwm.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x771983ED-->00000000 [sysfer.dll]
[3236]dwm.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x771983F8-->00000000 [unknown_code_page]
[3236]dwm.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - RelativeJump 0x7719842D-->00000000 [sysfer.dll]
[3236]dwm.exe-->ntdll.dll-->NtMapViewOfSection, Type: Inline - RelativeJump 0x7719875D-->00000000 [sysfer.dll]
[3236]dwm.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x771987ED-->00000000 [sysfer.dll]
[3236]dwm.exe-->ntdll.dll-->NtOpenKey, Type: Inline - RelativeJump 0x7719881D-->00000000 [sysfer.dll]
[3236]dwm.exe-->ntdll.dll-->NtRenameKey, Type: Inline - RelativeJump 0x77198CFD-->00000000 [sysfer.dll]
[3236]dwm.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - RelativeJump 0x77198F1D-->00000000 [sysfer.dll]
[3236]dwm.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - RelativeJump 0x7719908D-->00000000 [sysfer.dll]
[3236]dwm.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - RelativeJump 0x7719912D-->00000000 [sysfer.dll]
[3236]dwm.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x77199278-->00000000 [unknown_code_page]
[3236]dwm.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x77199288-->00000000 [unknown_code_page]
[3236]dwm.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x771992A8-->00000000 [unknown_code_page]
[3236]dwm.exe-->user32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77D510BC-->00000000 [unknown_code_page]
[3236]dwm.exe-->user32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77D510C4-->00000000 [unknown_code_page]
[3236]dwm.exe-->user32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77D510C0-->00000000 [unknown_code_page]
[3236]dwm.exe-->ws2_32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x4B0D1284-->00000000 [unknown_code_page]
[3256]wmpnscfg.exe-->advapi32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77C81150-->00000000 [unknown_code_page]
[3256]wmpnscfg.exe-->advapi32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77C811E4-->00000000 [unknown_code_page]
[3256]wmpnscfg.exe-->advapi32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77C81094-->00000000 [unknown_code_page]
[3256]wmpnscfg.exe-->advapi32.dll-->ntdll.dll-->NtRenameKey, Type: IAT modification 0x77C81088-->00000000 [unknown_code_page]
[3256]wmpnscfg.exe-->advapi32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77C811E0-->00000000 [unknown_code_page]
[3256]wmpnscfg.exe-->advapi32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77C81284-->00000000 [unknown_code_page]
[3256]wmpnscfg.exe-->kernel32.dll-->ntdll.dll-->LdrLoadDll, Type: IAT modification 0x77E0144C-->00000000 [unknown_code_page]
[3256]wmpnscfg.exe-->kernel32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77E01018-->00000000 [unknown_code_page]
[3256]wmpnscfg.exe-->kernel32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77E01078-->00000000 [unknown_code_page]
[3256]wmpnscfg.exe-->kernel32.dll-->ntdll.dll-->NtCreateUserProcess, Type: IAT modification 0x77E014F8-->00000000 [unknown_code_page]
[3256]wmpnscfg.exe-->kernel32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77E011D4-->00000000 [unknown_code_page]
[3256]wmpnscfg.exe-->kernel32.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x77E01048-->00000000 [unknown_code_page]
[3256]wmpnscfg.exe-->kernel32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77E01074-->00000000 [unknown_code_page]
[3256]wmpnscfg.exe-->kernel32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77E014BC-->00000000 [unknown_code_page]
[3256]wmpnscfg.exe-->ntdll.dll+0x0004A2E4, Type: Inline - RelativeCall 0x7718A2E4-->00000000 [unknown_code_page]
[3256]wmpnscfg.exe-->ntdll.dll+0x0004A33C, Type: Inline - RelativeJump 0x7718A33C-->00000000 [ntdll.dll]
[3256]wmpnscfg.exe-->ntdll.dll+0x0004A6D8, Type: Inline - RelativeJump 0x7718A6D8-->00000000 [ntdll.dll]
[3256]wmpnscfg.exe-->ntdll.dll+0x0004B498, Type: Inline - RelativeCall 0x7718B498-->00000000 [unknown_code_page]
[3256]wmpnscfg.exe-->ntdll.dll+0x0004B4F0, Type: Inline - RelativeJump 0x7718B4F0-->00000000 [ntdll.dll]
[3256]wmpnscfg.exe-->ntdll.dll+0x0004B884, Type: Inline - RelativeJump 0x7718B884-->00000000 [ntdll.dll]
[3256]wmpnscfg.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x77197F48-->00000000 [unknown_code_page]
[3256]wmpnscfg.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7719800D-->00000000 [sysfer.dll]
[3256]wmpnscfg.exe-->ntdll.dll-->NtCreateKey, Type: Inline - RelativeJump 0x7719804D-->00000000 [sysfer.dll]
[3256]wmpnscfg.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - DirectJump 0x771980C8-->00000000 [unknown_code_page]
[3256]wmpnscfg.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - DirectJump 0x771980D8-->00000000 [unknown_code_page]
[3256]wmpnscfg.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x771980F8-->00000000 [unknown_code_page]
[3256]wmpnscfg.exe-->ntdll.dll-->NtCreateUserProcess, Type: Inline - RelativeJump 0x7719943D-->00000000 [sysfer.dll]
[3256]wmpnscfg.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x771983ED-->00000000 [sysfer.dll]
[3256]wmpnscfg.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x771983F8-->00000000 [unknown_code_page]
[3256]wmpnscfg.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - RelativeJump 0x7719842D-->00000000 [sysfer.dll]
[3256]wmpnscfg.exe-->ntdll.dll-->NtMapViewOfSection, Type: Inline - RelativeJump 0x7719875D-->00000000 [sysfer.dll]
[3256]wmpnscfg.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x771987ED-->00000000 [sysfer.dll]
[3256]wmpnscfg.exe-->ntdll.dll-->NtOpenKey, Type: Inline - RelativeJump 0x7719881D-->00000000 [sysfer.dll]
[3256]wmpnscfg.exe-->ntdll.dll-->NtRenameKey, Type: Inline - RelativeJump 0x77198CFD-->00000000 [sysfer.dll]
[3256]wmpnscfg.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - RelativeJump 0x77198F1D-->00000000 [sysfer.dll]
[3256]wmpnscfg.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - RelativeJump 0x7719908D-->00000000 [sysfer.dll]
[3256]wmpnscfg.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - RelativeJump 0x7719912D-->00000000 [sysfer.dll]
[3256]wmpnscfg.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x77199278-->00000000 [unknown_code_page]
[3256]wmpnscfg.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x77199288-->00000000 [unknown_code_page]
[3256]wmpnscfg.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x771992A8-->00000000 [unknown_code_page]
[3256]wmpnscfg.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x772D13E2-->00000000 [unknown_code_page]
[3256]wmpnscfg.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x772EA981-->00000000 [unknown_code_page]
[3256]wmpnscfg.exe-->user32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77D510BC-->00000000 [unknown_code_page]
[3256]wmpnscfg.exe-->user32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77D510C4-->00000000 [unknown_code_page]
[3256]wmpnscfg.exe-->user32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77D510C0-->00000000 [unknown_code_page]
[3256]wmpnscfg.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x772AB5F5-->00000000 [unknown_code_page]
[3256]wmpnscfg.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x772B21FE-->00000000 [unknown_code_page]
[3256]wmpnscfg.exe-->ws2_32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x4B0D1284-->00000000 [unknown_code_page]
[3272]taskeng.exe-->advapi32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77C81150-->00000000 [unknown_code_page]
[3272]taskeng.exe-->advapi32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77C811E4-->00000000 [unknown_code_page]
[3272]taskeng.exe-->advapi32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77C81094-->00000000 [unknown_code_page]
[3272]taskeng.exe-->advapi32.dll-->ntdll.dll-->NtRenameKey, Type: IAT modification 0x77C81088-->00000000 [unknown_code_page]
[3272]taskeng.exe-->advapi32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77C811E0-->00000000 [unknown_code_page]
[3272]taskeng.exe-->advapi32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77C81284-->00000000 [unknown_code_page]
[3272]taskeng.exe-->kernel32.dll-->ntdll.dll-->LdrLoadDll, Type: IAT modification 0x77E0144C-->00000000 [unknown_code_page]
[3272]taskeng.exe-->kernel32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77E01018-->00000000 [unknown_code_page]
[3272]taskeng.exe-->kernel32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77E01078-->00000000 [unknown_code_page]
[3272]taskeng.exe-->kernel32.dll-->ntdll.dll-->NtCreateUserProcess, Type: IAT modification 0x77E014F8-->00000000 [unknown_code_page]
[3272]taskeng.exe-->kernel32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77E011D4-->00000000 [unknown_code_page]
[3272]taskeng.exe-->kernel32.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x77E01048-->00000000 [unknown_code_page]
[3272]taskeng.exe-->kernel32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77E01074-->00000000 [unknown_code_page]
[3272]taskeng.exe-->kernel32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77E014BC-->00000000 [unknown_code_page]
[3272]taskeng.exe-->ntdll.dll+0x0004A2E4, Type: Inline - RelativeCall 0x7718A2E4-->00000000 [unknown_code_page]
[3272]taskeng.exe-->ntdll.dll+0x0004A33C, Type: Inline - RelativeJump 0x7718A33C-->00000000 [ntdll.dll]
[3272]taskeng.exe-->ntdll.dll+0x0004A6D8, Type: Inline - RelativeJump 0x7718A6D8-->00000000 [ntdll.dll]
[3272]taskeng.exe-->ntdll.dll+0x0004B498, Type: Inline - RelativeCall 0x7718B498-->00000000 [unknown_code_page]
[3272]taskeng.exe-->ntdll.dll+0x0004B4F0, Type: Inline - RelativeJump 0x7718B4F0-->00000000 [ntdll.dll]
[3272]taskeng.exe-->ntdll.dll+0x0004B884, Type: Inline - RelativeJump 0x7718B884-->00000000 [ntdll.dll]
[3272]taskeng.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x77197F48-->00000000 [unknown_code_page]
[3272]taskeng.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x7719800D-->00000000 [sysfer.dll]
[3272]taskeng.exe-->ntdll.dll-->NtCreateKey, Type: Inline - RelativeJump 0x7719804D-->00000000 [sysfer.dll]
[3272]taskeng.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - DirectJump 0x771980C8-->00000000 [unknown_code_page]
[3272]taskeng.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - DirectJump 0x771980D8-->00000000 [unknown_code_page]
[3272]taskeng.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x771980F8-->00000000 [unknown_code_page]
[3272]taskeng.exe-->ntdll.dll-->NtCreateUserProcess, Type: Inline - RelativeJump 0x7719943D-->00000000 [sysfer.dll]
[3272]taskeng.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x771983ED-->00000000 [sysfer.dll]
[3272]taskeng.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x771983F8-->00000000 [unknown_code_page]
[3272]taskeng.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - RelativeJump 0x7719842D-->00000000 [sysfer.dll]
[3272]taskeng.exe-->ntdll.dll-->NtMapViewOfSection, Type: Inline - RelativeJump 0x7719875D-->00000000 [sysfer.dll]
[3272]taskeng.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x771987ED-->00000000 [sysfer.dll]
[3272]taskeng.exe-->ntdll.dll-->NtOpenKey, Type: Inline - RelativeJump 0x7719881D-->00000000 [sysfer.dll]
[3272]taskeng.exe-->ntdll.dll-->NtRenameKey, Type: Inline - RelativeJump 0x77198CFD-->00000000 [sysfer.dll]
[3272]taskeng.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - RelativeJump 0x77198F1D-->00000000 [sysfer.dll]
[3272]taskeng.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - RelativeJump 0x7719908D-->00000000 [sysfer.dll]
[3272]taskeng.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - RelativeJump 0x7719912D-->00000000 [sysfer.dll]
[3272]taskeng.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x77199278-->00000000 [unknown_code_page]
[3272]taskeng.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x77199288-->00000000 [unknown_code_page]
[3272]taskeng.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x771992A8-->00000000 [unknown_code_page]
[3272]taskeng.exe-->shell32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x080E2260-->00000000 [unknown_code_page]
[3272]taskeng.exe-->shell32.dll-->ntdll.dll-->NtSetInformationFile, Type: IAT modification 0x080E2278-->00000000 [unknown_code_page]
[3272]taskeng.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x772D13E2-->00000000 [unknown_code_page]
[3272]taskeng.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x772EA981-->00000000 [unknown_code_page]
[3272]taskeng.exe-->user32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77D510BC-->00000000 [unknown_code_page]
[3272]taskeng.exe-->user32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77D510C4-->00000000 [unknown_code_page]
[3272]taskeng.exe-->user32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77D510C0-->00000000 [unknown_code_page]
[3272]taskeng.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x772AB5F5-->00000000 [unknown_code_page]
[3272]taskeng.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x772B21FE-->00000000 [unknown_code_page]
[3272]taskeng.exe-->ws2_32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x4B0D1284-->00000000 [unknown_code_page]
[3288]explorer.exe-->advapi32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77C81150-->00000000 [unknown_code_page]
[3288]explorer.exe-->advapi32.dll-->ntdll.dll-->NtCreateKey, Type: IAT modification 0x77C811E4-->00000000 [unknown_code_page]
[3288]explorer.exe-->advapi32.dll-->ntdll.dll-->NtDeleteValueKey, Type: IAT modification 0x77C81094-->00000000 [unknown_code_page]
[3288]explorer.exe-->advapi32.dll-->ntdll.dll-->NtRenameKey, Type: IAT modification 0x77C81088-->00000000 [unknown_code_page]
[3288]explorer.exe-->advapi32.dll-->ntdll.dll-->NtSetValueKey, Type: IAT modification 0x77C811E0-->00000000 [unknown_code_page]
[3288]explorer.exe-->advapi32.dll-->ntdll.dll-->NtTerminateProcess, Type: IAT modification 0x77C81284-->00000000 [unknown_code_page]
[3288]explorer.exe-->kernel32.dll-->ntdll.dll-->LdrLoadDll, Type: IAT modification 0x77E0144C-->00000000 [unknown_code_page]
[3288]explorer.exe-->kernel32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77E01018-->00000000 [unknown_code_page]