[3136]CLCapSvc.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x76E048A6-->00000000 [guard32.dll]
[3136]CLCapSvc.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x76DBA8F5-->00000000 [guard32.dll]
[3136]CLCapSvc.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x76E26C71-->00000000 [guard32.dll]
[3136]CLCapSvc.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x76E26C76 [unknown_code_page]
[3136]CLCapSvc.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x76E26C77 [unknown_code_page]
[3136]CLCapSvc.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76DE38FF-->00000000 [guard32.dll]
[3136]CLCapSvc.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x76DE3904 [unknown_code_page]
[3136]CLCapSvc.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x76DE3905 [unknown_code_page]
[3136]CLCapSvc.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x76DBA383-->00000000 [guard32.dll]
[3136]CLCapSvc.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x76DBA388 [unknown_code_page]
[3136]CLCapSvc.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x76DBA389 [unknown_code_page]
[3136]CLCapSvc.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x76DBFFC3-->00000000 [guard32.dll]
[3136]CLCapSvc.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x76DBFFC8 [unknown_code_page]
[3136]CLCapSvc.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x76DBFFC9 [unknown_code_page]
[3136]CLCapSvc.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x75891F87-->00000000 [guard32.dll]
[3136]CLCapSvc.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x758D1161-->00000000 [guard32.dll]
[3136]CLCapSvc.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7584BFA1-->00000000 [guard32.dll]
[3136]CLCapSvc.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7584BFA6 [unknown_code_page]
[3136]CLCapSvc.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7584BFA7 [unknown_code_page]
[3136]CLCapSvc.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x75846FAD-->00000000 [guard32.dll]
[3136]CLCapSvc.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7588CF71-->00000000 [guard32.dll]
[3136]CLCapSvc.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7588CC4E-->00000000 [guard32.dll]
[3136]CLCapSvc.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x75841C36-->00000000 [guard32.dll]
[3136]CLCapSvc.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x75841C01-->00000000 [guard32.dll]
[3136]CLCapSvc.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7585C6E4-->00000000 [guard32.dll]
[3136]CLCapSvc.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7585C5C8-->00000000 [guard32.dll]
[3136]CLCapSvc.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7588BB4D-->00000000 [guard32.dll]
[3136]CLCapSvc.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7588B91E-->00000000 [guard32.dll]
[3136]CLCapSvc.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7588B8B6-->00000000 [guard32.dll]
[3136]CLCapSvc.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x75869491-->00000000 [guard32.dll]
[3136]CLCapSvc.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x75869469-->00000000 [guard32.dll]
[3136]CLCapSvc.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x758630C3-->00000000 [guard32.dll]
[3136]CLCapSvc.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x758630C8 [unknown_code_page]
[3136]CLCapSvc.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x758630C9 [unknown_code_page]
[3136]CLCapSvc.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7586361F-->00000000 [guard32.dll]
[3136]CLCapSvc.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x758D5657-->00000000 [guard32.dll]
[3136]CLCapSvc.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x758424CD-->00000000 [guard32.dll]
[3136]CLCapSvc.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x75890926-->00000000 [guard32.dll]
[3136]CLCapSvc.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x75861070-->00000000 [guard32.dll]
[3136]CLCapSvc.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7584A672-->00000000 [guard32.dll]
[3136]CLCapSvc.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x75845883-->00000000 [guard32.dll]
[3136]CLCapSvc.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7586104C-->00000000 [guard32.dll]
[3136]CLCapSvc.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x75843569-->00000000 [guard32.dll]
[3136]CLCapSvc.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x75841DD1-->00000000 [guard32.dll]
[3136]CLCapSvc.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x758D54FF-->00000000 [guard32.dll]
[3136]CLCapSvc.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x770A4F09-->00000000 [guard32.dll]
[3136]CLCapSvc.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77087933-->00000000 [guard32.dll]
[3136]CLCapSvc.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7709E89C-->00000000 [guard32.dll]
[3136]CLCapSvc.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - SEH 0x7709E8A1 [unknown_code_page]
[3136]CLCapSvc.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - SEH 0x7709E8A2 [unknown_code_page]
[3136]CLCapSvc.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x770B7D68-->00000000 [guard32.dll]
[3136]CLCapSvc.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x770B7F48-->00000000 [guard32.dll]
[3136]CLCapSvc.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x770B8008-->00000000 [guard32.dll]
[3136]CLCapSvc.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x770B80C8-->00000000 [guard32.dll]
[3136]CLCapSvc.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x770B80D8-->00000000 [guard32.dll]
[3136]CLCapSvc.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x770B83E8-->00000000 [guard32.dll]
[3136]CLCapSvc.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x770B8578-->00000000 [guard32.dll]
[3136]CLCapSvc.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x770B8698-->00000000 [guard32.dll]
[3136]CLCapSvc.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x770B87E8-->00000000 [guard32.dll]
[3136]CLCapSvc.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x770B8968-->00000000 [guard32.dll]
[3136]CLCapSvc.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x770B8F58-->00000000 [guard32.dll]
[3136]CLCapSvc.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x770B91A8-->00000000 [guard32.dll]
[3136]CLCapSvc.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x770B92A8-->00000000 [guard32.dll]
[3136]CLCapSvc.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x770C58A6-->00000000 [guard32.dll]
[3136]CLCapSvc.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x757EACCF-->00000000 [guard32.dll]
[3152]eDSService.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x76E048A6-->00000000 [guard32.dll]
[3152]eDSService.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x76DBA8F5-->00000000 [guard32.dll]
[3152]eDSService.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x76E26C71-->00000000 [guard32.dll]
[3152]eDSService.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x76E26C76 [unknown_code_page]
[3152]eDSService.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x76E26C77 [unknown_code_page]
[3152]eDSService.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76DE38FF-->00000000 [guard32.dll]
[3152]eDSService.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x76DE3904 [unknown_code_page]
[3152]eDSService.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x76DE3905 [unknown_code_page]
[3152]eDSService.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x76DBA383-->00000000 [guard32.dll]
[3152]eDSService.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x76DBA388 [unknown_code_page]
[3152]eDSService.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x76DBA389 [unknown_code_page]
[3152]eDSService.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x76DBFFC3-->00000000 [guard32.dll]
[3152]eDSService.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x76DBFFC8 [unknown_code_page]
[3152]eDSService.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x76DBFFC9 [unknown_code_page]
[3152]eDSService.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x75891F87-->00000000 [guard32.dll]
[3152]eDSService.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x758D1161-->00000000 [guard32.dll]
[3152]eDSService.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7584BFA1-->00000000 [guard32.dll]
[3152]eDSService.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7584BFA6 [unknown_code_page]
[3152]eDSService.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7584BFA7 [unknown_code_page]
[3152]eDSService.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x75846FAD-->00000000 [guard32.dll]
[3152]eDSService.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7588CF71-->00000000 [guard32.dll]
[3152]eDSService.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7588CC4E-->00000000 [guard32.dll]
[3152]eDSService.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x75841C36-->00000000 [guard32.dll]
[3152]eDSService.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x75841C01-->00000000 [guard32.dll]
[3152]eDSService.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7585C6E4-->00000000 [guard32.dll]
[3152]eDSService.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7585C5C8-->00000000 [guard32.dll]
[3152]eDSService.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7588BB4D-->00000000 [guard32.dll]
[3152]eDSService.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7588B91E-->00000000 [guard32.dll]
[3152]eDSService.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7588B8B6-->00000000 [guard32.dll]
[3152]eDSService.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x75869491-->00000000 [guard32.dll]
[3152]eDSService.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x75869469-->00000000 [guard32.dll]
[3152]eDSService.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x758630C3-->00000000 [guard32.dll]
[3152]eDSService.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x758630C8 [unknown_code_page]
[3152]eDSService.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x758630C9 [unknown_code_page]
[3152]eDSService.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7586361F-->00000000 [guard32.dll]
[3152]eDSService.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x758D5657-->00000000 [guard32.dll]
[3152]eDSService.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x758424CD-->00000000 [guard32.dll]
[3152]eDSService.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x75890926-->00000000 [guard32.dll]
[3152]eDSService.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x75861070-->00000000 [guard32.dll]
[3152]eDSService.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7584A672-->00000000 [guard32.dll]
[3152]eDSService.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x75845883-->00000000 [guard32.dll]
[3152]eDSService.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7586104C-->00000000 [guard32.dll]
[3152]eDSService.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x75843569-->00000000 [guard32.dll]
[3152]eDSService.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x75841DD1-->00000000 [guard32.dll]
[3152]eDSService.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x758D54FF-->00000000 [guard32.dll]
[3152]eDSService.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x770A4F09-->00000000 [guard32.dll]
[3152]eDSService.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77087933-->00000000 [guard32.dll]
[3152]eDSService.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7709E89C-->00000000 [guard32.dll]
[3152]eDSService.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - SEH 0x7709E8A1 [unknown_code_page]
[3152]eDSService.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - SEH 0x7709E8A2 [unknown_code_page]
[3152]eDSService.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x770B7D68-->00000000 [guard32.dll]
[3152]eDSService.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x770B7F48-->00000000 [guard32.dll]
[3152]eDSService.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x770B8008-->00000000 [guard32.dll]
[3152]eDSService.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x770B80C8-->00000000 [guard32.dll]
[3152]eDSService.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x770B80D8-->00000000 [guard32.dll]
[3152]eDSService.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x770B83E8-->00000000 [guard32.dll]
[3152]eDSService.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x770B8578-->00000000 [guard32.dll]
[3152]eDSService.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x770B8698-->00000000 [guard32.dll]
[3152]eDSService.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x770B87E8-->00000000 [guard32.dll]
[3152]eDSService.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x770B8968-->00000000 [guard32.dll]
[3152]eDSService.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x770B8F58-->00000000 [guard32.dll]
[3152]eDSService.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x770B91A8-->00000000 [guard32.dll]
[3152]eDSService.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x770B92A8-->00000000 [guard32.dll]
[3152]eDSService.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x770C58A6-->00000000 [guard32.dll]
[3152]eDSService.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x75E588AD-->00000000 [guard32.dll]
[3152]eDSService.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x75E58812-->00000000 [guard32.dll]
[3152]eDSService.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x75CAFFBD-->00000000 [guard32.dll]
[3152]eDSService.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x75C5A2C5-->00000000 [guard32.dll]
[3152]eDSService.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x757EACCF-->00000000 [guard32.dll]
[3152]eDSService.exe-->wininet.dll-->InternetConnectA, Type: Inline - RelativeJump 0x75B6DEAE-->00000000 [guard32.dll]
[3152]eDSService.exe-->wininet.dll-->InternetConnectW, Type: Inline - RelativeJump 0x75B6F862-->00000000 [guard32.dll]
[3260]LSSrvc.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x76E048A6-->00000000 [guard32.dll]
[3260]LSSrvc.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x76DBA8F5-->00000000 [guard32.dll]
[3260]LSSrvc.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x76E26C71-->00000000 [guard32.dll]
[3260]LSSrvc.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x76E26C76 [unknown_code_page]
[3260]LSSrvc.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x76E26C77 [unknown_code_page]
[3260]LSSrvc.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76DE38FF-->00000000 [guard32.dll]
[3260]LSSrvc.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x76DE3904 [unknown_code_page]
[3260]LSSrvc.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x76DE3905 [unknown_code_page]
[3260]LSSrvc.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x76DBA383-->00000000 [guard32.dll]
[3260]LSSrvc.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x76DBA388 [unknown_code_page]
[3260]LSSrvc.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x76DBA389 [unknown_code_page]
[3260]LSSrvc.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x76DBFFC3-->00000000 [guard32.dll]
[3260]LSSrvc.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x76DBFFC8 [unknown_code_page]
[3260]LSSrvc.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x76DBFFC9 [unknown_code_page]
[3260]LSSrvc.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x75891F87-->00000000 [guard32.dll]
[3260]LSSrvc.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x758D1161-->00000000 [guard32.dll]
[3260]LSSrvc.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7584BFA1-->00000000 [guard32.dll]
[3260]LSSrvc.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7584BFA6 [unknown_code_page]
[3260]LSSrvc.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7584BFA7 [unknown_code_page]
[3260]LSSrvc.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x75846FAD-->00000000 [guard32.dll]
[3260]LSSrvc.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7588CF71-->00000000 [guard32.dll]
[3260]LSSrvc.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7588CC4E-->00000000 [guard32.dll]
[3260]LSSrvc.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x75841C36-->00000000 [guard32.dll]
[3260]LSSrvc.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x75841C01-->00000000 [guard32.dll]
[3260]LSSrvc.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7585C6E4-->00000000 [guard32.dll]
[3260]LSSrvc.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7585C5C8-->00000000 [guard32.dll]
[3260]LSSrvc.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7588BB4D-->00000000 [guard32.dll]
[3260]LSSrvc.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7588B91E-->00000000 [guard32.dll]
[3260]LSSrvc.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7588B8B6-->00000000 [guard32.dll]
[3260]LSSrvc.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x75869491-->00000000 [guard32.dll]
[3260]LSSrvc.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x75869469-->00000000 [guard32.dll]
[3260]LSSrvc.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x758630C3-->00000000 [guard32.dll]
[3260]LSSrvc.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x758630C8 [unknown_code_page]
[3260]LSSrvc.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x758630C9 [unknown_code_page]
[3260]LSSrvc.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7586361F-->00000000 [guard32.dll]
[3260]LSSrvc.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x758D5657-->00000000 [guard32.dll]
[3260]LSSrvc.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x758424CD-->00000000 [guard32.dll]
[3260]LSSrvc.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x75890926-->00000000 [guard32.dll]
[3260]LSSrvc.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x75861070-->00000000 [guard32.dll]
[3260]LSSrvc.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7584A672-->00000000 [guard32.dll]
[3260]LSSrvc.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x75845883-->00000000 [guard32.dll]
[3260]LSSrvc.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7586104C-->00000000 [guard32.dll]
[3260]LSSrvc.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x75843569-->00000000 [guard32.dll]
[3260]LSSrvc.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x75841DD1-->00000000 [guard32.dll]
[3260]LSSrvc.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x758D54FF-->00000000 [guard32.dll]
[3260]LSSrvc.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x770A4F09-->00000000 [guard32.dll]
[3260]LSSrvc.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77087933-->00000000 [guard32.dll]
[3260]LSSrvc.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7709E89C-->00000000 [guard32.dll]
[3260]LSSrvc.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - SEH 0x7709E8A1 [unknown_code_page]
[3260]LSSrvc.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - SEH 0x7709E8A2 [unknown_code_page]
[3260]LSSrvc.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x770B7D68-->00000000 [guard32.dll]
[3260]LSSrvc.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x770B7F48-->00000000 [guard32.dll]
[3260]LSSrvc.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x770B8008-->00000000 [guard32.dll]
[3260]LSSrvc.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x770B80C8-->00000000 [guard32.dll]
[3260]LSSrvc.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x770B80D8-->00000000 [guard32.dll]
[3260]LSSrvc.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x770B83E8-->00000000 [guard32.dll]
[3260]LSSrvc.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x770B8578-->00000000 [guard32.dll]
[3260]LSSrvc.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x770B8698-->00000000 [guard32.dll]
[3260]LSSrvc.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x770B87E8-->00000000 [guard32.dll]
[3260]LSSrvc.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x770B8968-->00000000 [guard32.dll]
[3260]LSSrvc.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x770B8F58-->00000000 [guard32.dll]
[3260]LSSrvc.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x770B91A8-->00000000 [guard32.dll]
[3260]LSSrvc.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x770B92A8-->00000000 [guard32.dll]
[3260]LSSrvc.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x770C58A6-->00000000 [guard32.dll]
[3260]LSSrvc.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x75E588AD-->00000000 [guard32.dll]
[3260]LSSrvc.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x75E58812-->00000000 [guard32.dll]
[3260]LSSrvc.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x75CAFFBD-->00000000 [guard32.dll]
[3260]LSSrvc.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x75C5A2C5-->00000000 [guard32.dll]
[3260]LSSrvc.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x757EACCF-->00000000 [guard32.dll]
[3352]svchost.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x76E048A6-->00000000 [guard32.dll]
[3352]svchost.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x76DBA8F5-->00000000 [guard32.dll]
[3352]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x76E26C71-->00000000 [guard32.dll]
[3352]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x76E26C76 [unknown_code_page]
[3352]svchost.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x76E26C77 [unknown_code_page]
[3352]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76DE38FF-->00000000 [guard32.dll]
[3352]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x76DE3904 [unknown_code_page]
[3352]svchost.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x76DE3905 [unknown_code_page]
[3352]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x76DBA383-->00000000 [guard32.dll]
[3352]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x76DBA388 [unknown_code_page]
[3352]svchost.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x76DBA389 [unknown_code_page]
[3352]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x76DBFFC3-->00000000 [guard32.dll]
[3352]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x76DBFFC8 [unknown_code_page]
[3352]svchost.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x76DBFFC9 [unknown_code_page]
[3352]svchost.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x75891F87-->00000000 [guard32.dll]
[3352]svchost.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x758D1161-->00000000 [guard32.dll]
[3352]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7584BFA1-->00000000 [guard32.dll]
[3352]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7584BFA6 [unknown_code_page]
[3352]svchost.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7584BFA7 [unknown_code_page]
[3352]svchost.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x75846FAD-->00000000 [guard32.dll]
[3352]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7588CF71-->00000000 [guard32.dll]
[3352]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7588CC4E-->00000000 [guard32.dll]
[3352]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x75841C36-->00000000 [guard32.dll]
[3352]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x75841C01-->00000000 [guard32.dll]
[3352]svchost.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7585C6E4-->00000000 [guard32.dll]
[3352]svchost.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7585C5C8-->00000000 [guard32.dll]
[3352]svchost.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7588BB4D-->00000000 [guard32.dll]
[3352]svchost.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7588B91E-->00000000 [guard32.dll]
[3352]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7588B8B6-->00000000 [guard32.dll]
[3352]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x75869491-->00000000 [guard32.dll]
[3352]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x75869469-->00000000 [guard32.dll]
[3352]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x758630C3-->00000000 [guard32.dll]
[3352]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x758630C8 [unknown_code_page]
[3352]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x758630C9 [unknown_code_page]
[3352]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7586361F-->00000000 [guard32.dll]
[3352]svchost.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x758D5657-->00000000 [guard32.dll]
[3352]svchost.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x758424CD-->00000000 [guard32.dll]
[3352]svchost.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x75890926-->00000000 [guard32.dll]
[3352]svchost.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x75861070-->00000000 [guard32.dll]
[3352]svchost.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7584A672-->00000000 [guard32.dll]
[3352]svchost.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x75845883-->00000000 [guard32.dll]
[3352]svchost.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7586104C-->00000000 [guard32.dll]
[3352]svchost.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x75843569-->00000000 [guard32.dll]
[3352]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x75841DD1-->00000000 [guard32.dll]
[3352]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x758D54FF-->00000000 [guard32.dll]
[3352]svchost.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x770A4F09-->00000000 [guard32.dll]
[3352]svchost.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77087933-->00000000 [guard32.dll]
[3352]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7709E89C-->00000000 [guard32.dll]
[3352]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - SEH 0x7709E8A1 [unknown_code_page]
[3352]svchost.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - SEH 0x7709E8A2 [unknown_code_page]
[3352]svchost.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x770B7D68-->00000000 [guard32.dll]
[3352]svchost.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x770B7F48-->00000000 [guard32.dll]
[3352]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x770B8008-->00000000 [guard32.dll]
[3352]svchost.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x770B80C8-->00000000 [guard32.dll]
[3352]svchost.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x770B80D8-->00000000 [guard32.dll]
[3352]svchost.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x770B83E8-->00000000 [guard32.dll]
[3352]svchost.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x770B8578-->00000000 [guard32.dll]
[3352]svchost.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x770B8698-->00000000 [guard32.dll]
[3352]svchost.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x770B87E8-->00000000 [guard32.dll]
[3352]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x770B8968-->00000000 [guard32.dll]
[3352]svchost.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x770B8F58-->00000000 [guard32.dll]
[3352]svchost.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x770B91A8-->00000000 [guard32.dll]
[3352]svchost.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x770B92A8-->00000000 [guard32.dll]
[3352]svchost.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x770C58A6-->00000000 [guard32.dll]
[3352]svchost.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x757EACCF-->00000000 [guard32.dll]
[3372]taskeng.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x76E048A6-->00000000 [guard32.dll]
[3372]taskeng.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x76DBA8F5-->00000000 [guard32.dll]
[3372]taskeng.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x76E26C71-->00000000 [guard32.dll]
[3372]taskeng.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x76E26C76 [unknown_code_page]
[3372]taskeng.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x76E26C77 [unknown_code_page]
[3372]taskeng.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76DE38FF-->00000000 [guard32.dll]
[3372]taskeng.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x76DE3904 [unknown_code_page]
[3372]taskeng.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x76DE3905 [unknown_code_page]
[3372]taskeng.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x76DBA383-->00000000 [guard32.dll]
[3372]taskeng.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x76DBA388 [unknown_code_page]
[3372]taskeng.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x76DBA389 [unknown_code_page]
[3372]taskeng.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x76DBFFC3-->00000000 [guard32.dll]
[3372]taskeng.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x76DBFFC8 [unknown_code_page]
[3372]taskeng.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x76DBFFC9 [unknown_code_page]
[3372]taskeng.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x75891F87-->00000000 [guard32.dll]
[3372]taskeng.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x758D1161-->00000000 [guard32.dll]
[3372]taskeng.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7584BFA1-->00000000 [guard32.dll]
[3372]taskeng.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7584BFA6 [unknown_code_page]
[3372]taskeng.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7584BFA7 [unknown_code_page]
[3372]taskeng.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x75846FAD-->00000000 [guard32.dll]
[3372]taskeng.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7588CF71-->00000000 [guard32.dll]
[3372]taskeng.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7588CC4E-->00000000 [guard32.dll]
[3372]taskeng.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x75841C36-->00000000 [guard32.dll]
[3372]taskeng.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x75841C01-->00000000 [guard32.dll]
[3372]taskeng.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7585C6E4-->00000000 [guard32.dll]
[3372]taskeng.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7585C5C8-->00000000 [guard32.dll]
[3372]taskeng.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7588BB4D-->00000000 [guard32.dll]
[3372]taskeng.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7588B91E-->00000000 [guard32.dll]
[3372]taskeng.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7588B8B6-->00000000 [guard32.dll]
[3372]taskeng.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x75869491-->00000000 [guard32.dll]
[3372]taskeng.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x75869469-->00000000 [guard32.dll]
[3372]taskeng.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x758630C3-->00000000 [guard32.dll]
[3372]taskeng.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x758630C8 [unknown_code_page]
[3372]taskeng.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x758630C9 [unknown_code_page]
[3372]taskeng.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7586361F-->00000000 [guard32.dll]
[3372]taskeng.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x758D5657-->00000000 [guard32.dll]
[3372]taskeng.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x758424CD-->00000000 [guard32.dll]
[3372]taskeng.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x75890926-->00000000 [guard32.dll]
[3372]taskeng.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x75861070-->00000000 [guard32.dll]
[3372]taskeng.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7584A672-->00000000 [guard32.dll]
[3372]taskeng.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x75845883-->00000000 [guard32.dll]
[3372]taskeng.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7586104C-->00000000 [guard32.dll]
[3372]taskeng.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x75843569-->00000000 [guard32.dll]
[3372]taskeng.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x75841DD1-->00000000 [guard32.dll]
[3372]taskeng.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x758D54FF-->00000000 [guard32.dll]
[3372]taskeng.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x770A4F09-->00000000 [guard32.dll]
[3372]taskeng.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77087933-->00000000 [guard32.dll]
[3372]taskeng.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7709E89C-->00000000 [guard32.dll]
[3372]taskeng.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - SEH 0x7709E8A1 [unknown_code_page]
[3372]taskeng.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - SEH 0x7709E8A2 [unknown_code_page]
[3372]taskeng.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x770B7D68-->00000000 [guard32.dll]
[3372]taskeng.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x770B7F48-->00000000 [guard32.dll]
[3372]taskeng.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x770B8008-->00000000 [guard32.dll]
[3372]taskeng.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x770B80C8-->00000000 [guard32.dll]
[3372]taskeng.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x770B80D8-->00000000 [guard32.dll]
[3372]taskeng.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x770B83E8-->00000000 [guard32.dll]
[3372]taskeng.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x770B8578-->00000000 [guard32.dll]
[3372]taskeng.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x770B8698-->00000000 [guard32.dll]
[3372]taskeng.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x770B87E8-->00000000 [guard32.dll]
[3372]taskeng.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x770B8968-->00000000 [guard32.dll]
[3372]taskeng.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x770B8F58-->00000000 [guard32.dll]
[3372]taskeng.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x770B91A8-->00000000 [guard32.dll]
[3372]taskeng.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x770B92A8-->00000000 [guard32.dll]
[3372]taskeng.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x770C58A6-->00000000 [guard32.dll]
[3372]taskeng.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x75E588AD-->00000000 [guard32.dll]
[3372]taskeng.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x75E58812-->00000000 [guard32.dll]
[3372]taskeng.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x75CAFFBD-->00000000 [guard32.dll]
[3372]taskeng.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x75C5A2C5-->00000000 [guard32.dll]
[3372]taskeng.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x757EACCF-->00000000 [guard32.dll]
[3380]RichVideo.exe-->advapi32.dll-->CreateProcessAsUserA, Type: Inline - RelativeJump 0x76E048A6-->00000000 [guard32.dll]
[3380]RichVideo.exe-->advapi32.dll-->CreateProcessAsUserW, Type: Inline - RelativeJump 0x76DBA8F5-->00000000 [guard32.dll]
[3380]RichVideo.exe-->advapi32.dll-->CreateServiceA, Type: Inline - RelativeJump 0x76E26C71-->00000000 [guard32.dll]
[3380]RichVideo.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x76E26C76 [unknown_code_page]
[3380]RichVideo.exe-->advapi32.dll-->CreateServiceA, Type: Inline - SEH 0x76E26C77 [unknown_code_page]
[3380]RichVideo.exe-->advapi32.dll-->CreateServiceW, Type: Inline - RelativeJump 0x76DE38FF-->00000000 [guard32.dll]
[3380]RichVideo.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x76DE3904 [unknown_code_page]
[3380]RichVideo.exe-->advapi32.dll-->CreateServiceW, Type: Inline - SEH 0x76DE3905 [unknown_code_page]
[3380]RichVideo.exe-->advapi32.dll-->OpenServiceA, Type: Inline - RelativeJump 0x76DBA383-->00000000 [guard32.dll]
[3380]RichVideo.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x76DBA388 [unknown_code_page]
[3380]RichVideo.exe-->advapi32.dll-->OpenServiceA, Type: Inline - SEH 0x76DBA389 [unknown_code_page]
[3380]RichVideo.exe-->advapi32.dll-->OpenServiceW, Type: Inline - RelativeJump 0x76DBFFC3-->00000000 [guard32.dll]
[3380]RichVideo.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x76DBFFC8 [unknown_code_page]
[3380]RichVideo.exe-->advapi32.dll-->OpenServiceW, Type: Inline - SEH 0x76DBFFC9 [unknown_code_page]
[3380]RichVideo.exe-->kernel32.dll-->CopyFileA, Type: Inline - RelativeJump 0x75891F87-->00000000 [guard32.dll]
[3380]RichVideo.exe-->kernel32.dll-->CopyFileExA, Type: Inline - RelativeJump 0x758D1161-->00000000 [guard32.dll]
[3380]RichVideo.exe-->kernel32.dll-->CopyFileExW, Type: Inline - RelativeJump 0x7584BFA1-->00000000 [guard32.dll]
[3380]RichVideo.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7584BFA6 [unknown_code_page]
[3380]RichVideo.exe-->kernel32.dll-->CopyFileExW, Type: Inline - SEH 0x7584BFA7 [unknown_code_page]
[3380]RichVideo.exe-->kernel32.dll-->CopyFileW, Type: Inline - RelativeJump 0x75846FAD-->00000000 [guard32.dll]
[3380]RichVideo.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7588CF71-->00000000 [guard32.dll]
[3380]RichVideo.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7588CC4E-->00000000 [guard32.dll]
[3380]RichVideo.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x75841C36-->00000000 [guard32.dll]
[3380]RichVideo.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x75841C01-->00000000 [guard32.dll]
[3380]RichVideo.exe-->kernel32.dll-->DeleteFileA, Type: Inline - RelativeJump 0x7585C6E4-->00000000 [guard32.dll]
[3380]RichVideo.exe-->kernel32.dll-->DeleteFileW, Type: Inline - RelativeJump 0x7585C5C8-->00000000 [guard32.dll]
[3380]RichVideo.exe-->kernel32.dll-->GetModuleHandleA, Type: Inline - RelativeJump 0x7588BB4D-->00000000 [guard32.dll]
[3380]RichVideo.exe-->kernel32.dll-->GetModuleHandleW, Type: Inline - RelativeJump 0x7588B91E-->00000000 [guard32.dll]
[3380]RichVideo.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7588B8B6-->00000000 [guard32.dll]
[3380]RichVideo.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x75869491-->00000000 [guard32.dll]
[3380]RichVideo.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x75869469-->00000000 [guard32.dll]
[3380]RichVideo.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x758630C3-->00000000 [guard32.dll]
[3380]RichVideo.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x758630C8 [unknown_code_page]
[3380]RichVideo.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - SEH 0x758630C9 [unknown_code_page]
[3380]RichVideo.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7586361F-->00000000 [guard32.dll]
[3380]RichVideo.exe-->kernel32.dll-->LoadModule, Type: Inline - RelativeJump 0x758D5657-->00000000 [guard32.dll]
[3380]RichVideo.exe-->kernel32.dll-->MoveFileA, Type: Inline - RelativeJump 0x758424CD-->00000000 [guard32.dll]
[3380]RichVideo.exe-->kernel32.dll-->MoveFileExA, Type: Inline - RelativeJump 0x75890926-->00000000 [guard32.dll]
[3380]RichVideo.exe-->kernel32.dll-->MoveFileExW, Type: Inline - RelativeJump 0x75861070-->00000000 [guard32.dll]
[3380]RichVideo.exe-->kernel32.dll-->MoveFileW, Type: Inline - RelativeJump 0x7584A672-->00000000 [guard32.dll]
[3380]RichVideo.exe-->kernel32.dll-->MoveFileWithProgressA, Type: Inline - RelativeJump 0x75845883-->00000000 [guard32.dll]
[3380]RichVideo.exe-->kernel32.dll-->MoveFileWithProgressW, Type: Inline - RelativeJump 0x7586104C-->00000000 [guard32.dll]
[3380]RichVideo.exe-->kernel32.dll-->OpenFile, Type: Inline - RelativeJump 0x75843569-->00000000 [guard32.dll]
[3380]RichVideo.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x75841DD1-->00000000 [guard32.dll]
[3380]RichVideo.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x758D54FF-->00000000 [guard32.dll]
[3380]RichVideo.exe-->ntdll.dll-->LdrGetProcedureAddress, Type: Inline - RelativeJump 0x770A4F09-->00000000 [guard32.dll]
[3380]RichVideo.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77087933-->00000000 [guard32.dll]
[3380]RichVideo.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7709E89C-->00000000 [guard32.dll]
[3380]RichVideo.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - SEH 0x7709E8A1 [unknown_code_page]
[3380]RichVideo.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - SEH 0x7709E8A2 [unknown_code_page]
[3380]RichVideo.exe-->ntdll.dll-->NtAllocateVirtualMemory, Type: Inline - RelativeJump 0x770B7D68-->00000000 [guard32.dll]
[3380]RichVideo.exe-->ntdll.dll-->NtClose, Type: Inline - RelativeJump 0x770B7F48-->00000000 [guard32.dll]
[3380]RichVideo.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x770B8008-->00000000 [guard32.dll]
[3380]RichVideo.exe-->ntdll.dll-->NtCreateProcess, Type: Inline - RelativeJump 0x770B80C8-->00000000 [guard32.dll]
[3380]RichVideo.exe-->ntdll.dll-->NtCreateProcessEx, Type: Inline - RelativeJump 0x770B80D8-->00000000 [guard32.dll]
[3380]RichVideo.exe-->ntdll.dll-->NtDeleteFile, Type: Inline - RelativeJump 0x770B83E8-->00000000 [guard32.dll]
[3380]RichVideo.exe-->ntdll.dll-->NtFreeVirtualMemory, Type: Inline - RelativeJump 0x770B8578-->00000000 [guard32.dll]
[3380]RichVideo.exe-->ntdll.dll-->NtLoadDriver, Type: Inline - RelativeJump 0x770B8698-->00000000 [guard32.dll]
[3380]RichVideo.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x770B87E8-->00000000 [guard32.dll]
[3380]RichVideo.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x770B8968-->00000000 [guard32.dll]
[3380]RichVideo.exe-->ntdll.dll-->NtSetInformationProcess, Type: Inline - RelativeJump 0x770B8F58-->00000000 [guard32.dll]
[3380]RichVideo.exe-->ntdll.dll-->NtUnloadDriver, Type: Inline - RelativeJump 0x770B91A8-->00000000 [guard32.dll]
[3380]RichVideo.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x770B92A8-->00000000 [guard32.dll]
[3380]RichVideo.exe-->ntdll.dll-->RtlAllocateHeap, Type: Inline - RelativeJump 0x770C58A6-->00000000 [guard32.dll]
[3380]RichVideo.exe-->shell32.dll-->ShellExecuteA, Type: Inline - RelativeJump 0x75E588AD-->00000000 [guard32.dll]
[3380]RichVideo.exe-->shell32.dll-->ShellExecuteEx, Type: Inline - RelativeJump 0x75E58812-->00000000 [guard32.dll]
[3380]RichVideo.exe-->shell32.dll-->ShellExecuteExW, Type: Inline - RelativeJump 0x75CAFFBD-->00000000 [guard32.dll]
[3380]RichVideo.exe-->shell32.dll-->ShellExecuteW, Type: Inline - RelativeJump 0x75C5A2C5-->00000000 [guard32.dll]
[3380]RichVideo.exe-->user32.dll-->EndTask, Type: Inline - RelativeJump 0x757EACCF-->00000000 [guard32.dll]