heres the gmer.log part 1
GMER 1.0.14.14536 -
http://www.gmer.netRootkit scan 2008-11-28 15:13:39
Windows 5.1.2600 Service Pack 3
---- Kernel code sections - GMER 1.0.14 ----
? C:\WINDOWS\TEMP\mc21.tmp The system cannot find the file specified. !
---- User code sections - GMER 1.0.14 ----
.text C:\WINDOWS\system32\csrss.exe[616] KERNEL32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\csrss.exe[616] KERNEL32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F110F5A
.text C:\WINDOWS\system32\csrss.exe[616] KERNEL32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\csrss.exe[616] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\csrss.exe[616] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\winlogon.exe[644] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\winlogon.exe[644] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F110F5A
.text C:\WINDOWS\system32\winlogon.exe[644] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\winlogon.exe[644] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\winlogon.exe[644] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F040F5A
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[672] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[672] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F110F5A
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[672] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0D0F5A
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[672] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0A0F5A
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[672] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlEnterCriticalSection 7C901000 5 Bytes [ 4D, 5A, 90, 00, 03 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlEnterCriticalSection + 7 7C901007 7 Bytes [ 00, 04, 00, 00, 00, FF, FF ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlEnterCriticalSection + F 7C90100F 18 Bytes [ 00, B8, 00, 00, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlEnterCriticalSection + 24 7C901024 4 Bytes [ 00, 00, 00, 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlEnterCriticalSection + 29 7C901029 3 Bytes [ 00, 00, 00 ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlLeaveCriticalSection 7C9010E0 28 Bytes [ 50, 45, 00, 00, 4C, 01, 04, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlLeaveCriticalSection + 1D 7C9010FD 8 Bytes [ A0, 07, 00, 00, 3A, 03, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlLeaveCriticalSection + 28 7C901108 4 Bytes [ 28, 2C, 01, 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlLeaveCriticalSection + 2D 7C90110D 1 Byte [ 10 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlLeaveCriticalSection + 30 7C901110 19 Bytes [ 00, 60, 07, 00, 00, 00, 90, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlTryEnterCriticalSection + C 7C901124 1 Byte [ 05 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlTryEnterCriticalSection + E 7C901126 10 Bytes [ 01, 00, 04, 00, 0A, 00, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlTryEnterCriticalSection + 19 7C901131 10 Bytes [ F0, 0A, 00, 00, 04, 00, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlTryEnterCriticalSection + 24 7C90113C 3 Bytes [ 03, 00, 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlTryEnterCriticalSection + 2A 7C901142 2 Bytes [ 04, 00 ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrInitializeThunk 7C901166 14 Bytes [ 00, 00, 00, 00, 08, 00, 68, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrInitializeThunk + F 7C901175 29 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrInitializeThunk + 2D 7C901193 15 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlActivateActivationContextUnsafeFast + D 7C9011A5 15 Bytes [ 00, 00, 00, 70, F3, 04, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlActivateActivationContextUnsafeFast + 1E 7C9011B6 6 Bytes [ 00, 00, 00, 00, 00, 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlActivateActivationContextUnsafeFast + 26 7C9011BE 6 Bytes [ 00, 00, 00, 00, 00, 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlActivateActivationContextUnsafeFast + 2D 7C9011C5 4 Bytes [ 00, 00, 00, 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlActivateActivationContextUnsafeFast + 33 7C9011CB 12 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDeactivateActivationContextUnsafeFast + F 7C9011EC 6 Bytes [ 00, 04, 00, 00, 00, 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDeactivateActivationContextUnsafeFast + 16 7C9011F3 10 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDeactivateActivationContextUnsafeFast + 22 7C9011FF 8 Bytes [ 60, 2E, 64, 61, 74, 61, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDeactivateActivationContextUnsafeFast + 2C 7C901209 20 Bytes [ 4A, 00, 00, 00, B0, 07, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtCurrentTeb 7C90121E 3 Bytes [ 00, 00, 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtCurrentTeb + 6 7C901224 15 Bytes [ 40, 00, 00, C0, 2E, 72, 73, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInitString + F 7C901234 20 Bytes [ 00, 00, 08, 00, 00, C0, 02, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInitString + 25 7C90124A 18 Bytes [ 00, 00, 40, 00, 00, 40, 2E, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInitAnsiString 7C90125D 11 Bytes [ C0, 0A, 00, 00, 30, 00, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInitAnsiString + F 7C90126C 20 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInitAnsiString + 25 7C901282 5 Bytes [ 00, 00, 00, 00, 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInitAnsiString + 2C 7C901289 11 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInitUnicodeString 7C901295 11 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInitUnicodeString + F 7C9012A4 23 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInitUnicodeString + 28 7C9012BD 5 Bytes [ 00, 00, 00, 00, 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInitUnicodeString + 2F 7C9012C4 12 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_CIsin 7C9012D1 9 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_CIsin + B 7C9012DC 2 Bytes [ 00, 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_CIsin + 10 7C9012E1 11 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!sin + 9 7C9012EE 35 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!sin + 2D 7C901312 4 Bytes [ 00, 00, 00, 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!sin + 33 7C901318 2 Bytes [ 00, 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!sin + 38 7C90131D 9 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!sin + 43 7C901328 25 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_CIsqrt + B 7C90138A 2 Bytes [ 00, 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_CIsqrt + 10 7C90138F 11 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!sqrt + 9 7C90139C 22 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!sqrt + 21 7C9013B4 1 Byte [ 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!sqrt + 25 7C9013B8 11 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!sqrt + 31 7C9013C4 4 Bytes [ 00, 00, 00, 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!sqrt + 37 7C9013CA 2 Bytes [ 00, 00 ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_alldiv + 19 7C901454 27 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_alldiv + 35 7C901470 110 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_alldiv + A4 7C9014DF 5 Bytes [ 00, 00, 00, 00, 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_alldvrm 7C9014E5 27 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_alldvrm + 1C 7C901501 27 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_alldvrm + 38 7C90151D 140 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_alldvrm + C5 7C9015AA 19 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_alldvrm + D9 7C9015BE 5 Bytes [ 00, 00, 00, 00, 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_allmul 7C9015C4 24 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_allmul + 19 7C9015DD 26 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_alloca_probe 7C9015F8 1 Byte [ 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_alloca_probe + 2 7C9015FA 1 Byte [ 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_alloca_probe + 5 7C9015FD 10 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_alloca_probe + 10 7C901608 2 Bytes [ 00, 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_alloca_probe + 13 7C90160B 9 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_allrem + 18 7C90164D 26 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_allrem + 33 7C901668 123 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_allrem + AF 7C9016E4 4 Bytes [ 00, 00, 00, 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_allshl 7C9016E9 167 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_aulldvrm 7C901791 134 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_aulldvrm + 87 7C901818 13 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_aullrem 7C901826 112 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_aullrem + 71 7C901897 3 Bytes [ 00, 00, 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_aullshr 7C90189B 87 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_memccpy + 14 7C9018F5 76 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!atan + F 7C901943 2 Bytes [ 00, 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!atan + 14 7C901948 11 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!atan + 21 7C901955 31 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!atan + 41 7C901975 4 Bytes [ 00, 00, 00, 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!atan + 47 7C90197B 2 Bytes [ 00, 00 ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!ceil + 5 7C9019DC 3 Bytes [ 00, 00, 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!ceil + C 7C9019E3 3 Bytes [ 00, 00, 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!ceil + 10 7C9019E7 35 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!ceil + 34 7C901A0B 12 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!ceil + 41 7C901A18 1 Byte [ 00 ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!floor + 5 7C901B1D 3 Bytes [ 00, 00, 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!floor + C 7C901B24 3 Bytes [ 00, 00, 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!floor + 10 7C901B28 48 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!floor + 41 7C901B59 1 Byte [ 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!floor + 44 7C901B5C 5 Bytes [ 00, 00, 00, 00, 00 ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!memchr 7C901C60 22 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!memchr + 19 7C901C79 15 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!memchr + 2B 7C901C8B 68 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!memchr + 70 7C901CD0 84 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!memcmp + 20 7C901D27 86 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!memcmp + 7A 7C901D81 32 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!memcmp + 9C 7C901DA3 1 Byte [ 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!memcmp + 9E 7C901DA5 2 Bytes [ 00, 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!memcmp + A2 7C901DA9 1 Byte [ 00 ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!memcpy + 20 7C901DD3 3 Bytes [ 00, 00, 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!memcpy + 26 7C901DD9 18 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!memcpy + 39 7C901DEC 7 Bytes [ 00, 00, 00, 00, 00, 00, 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!memcpy + 43 7C901DF6 83 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!memcpy + 97 7C901E4A 5 Bytes [ 00, 00, 00, 00, 00 ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!memmove + 7F 7C902174 102 Bytes [ 00, 90, 55, 8B, EC, 56, 57, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!memmove + E6 7C9021DB 57 Bytes [ 90, 90, 8B, FF, 55, 8B, EC, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!memmove + 120 7C902215 27 Bytes [ FF, 8B, 44, 24, 04, CC, C2, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!memmove + 13E 7C902233 135 Bytes [ 00, 89, 7A, 04, 0B, FF, 74, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!memmove + 1C6 7C9022BB 8 Bytes [ 00, 00, 76, 05, B9, FE, FF, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!memset + 1B 7C902450 1 Byte [ DA ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!memset + 1D 7C902452 19 Bytes [ D8, 00, 89, 44, 24, 14, 89, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!memset + 31 7C902466 34 Bytes [ 54, 24, 18, F7, D8, F7, DA, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!memset + 54 7C902489 9 Bytes [ D8, 8B, 44, 24, 10, F7, F1, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!strcpy + 6 7C902493 75 Bytes [ 41, 8B, D8, 8B, 4C, 24, 18, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!strcat + 42 7C9024DF 5 Bytes [ 5B, 5E, 5F, C2, 10 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!strcat + 48 7C9024E5 49 Bytes [ 57, 56, 55, 33, FF, 33, ED, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!strcat + 7A 7C902517 30 Bytes [ D8, F7, DA, 83, D8, 00, 89, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!strcat + 99 7C902536 19 Bytes [ D8, 8B, 44, 24, 10, F7, F1, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!strcat + AD 7C90254A 43 Bytes [ 64, 24, 18, 03, D1, EB, 47, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!strcmp + 7 7C90258A 43 Bytes [ 10, 76, 09, 4E, 2B, 44, 24, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!strcmp + 33 7C9025B6 24 Bytes [ 07, F7, DA, F7, D8, 83, DA, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!strcmp + 4C 7C9025CF 52 Bytes [ 4C, 24, 0C, 75, 09, 8B, 44, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!strcmp + 81 7C902604 5 Bytes [ C0, 04, 85, 00, 94 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!strcspn + 2 7C90260A 30 Bytes [ 00, 50, C3, 51, 8D, 4C, 24, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!strcspn + 21 7C902629 35 Bytes [ C4, 85, 01, 8B, E1, 8B, 08, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!strlen + 8 7C90264D 78 Bytes [ 89, 44, 24, 10, 89, 54, 24, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!strlen + 57 7C90269C 1 Byte [ 44 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!strlen + 59 7C90269E 19 Bytes [ 0C, D1, EB, D1, D9, D1, EA, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!strlen + 6D 7C9026B2 42 Bytes [ 18, 91, F7, 64, 24, 14, 03, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!strncat + 1D 7C9026DD 47 Bytes [ F7, DA, F7, D8, 83, DA, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!strncat + 4D 7C90270D 30 Bytes [ 80, F9, 20, 73, 06, 0F, AD, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!strncat + 6C 7C90272C 1 Byte [ 44 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!strncat + 6E 7C90272E 9 Bytes [ 18, 0B, C0, 75, 18, 8B, 4C, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!strncat + 78 7C902738 34 Bytes [ 44, 24, 10, 33, D2, F7, F1, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!strncmp + 2 7C9027E7 268 Bytes [ 44, 24, 10, F7, E6, 03, D1, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!strncpy + D8 7C9028F5 169 Bytes [ 8B, 44, 24, 0C, 8B, 74, 24, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!strspn + 22 7C90299F 36 Bytes [ EB, DD, D8, DB, 2D, 72, B0, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!strspn + 48 7C9029C5 2 Bytes [ BA, 0F ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!strspn + 4D 7C9029CA 67 Bytes [ 8D, 0D, 50, B0, 97, 7C, E8, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!tan + 40 7C902A0E 205 Bytes [ 66, 0F, FA, D0, 66, 0F, D3, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInterlockedPushListSList + C 7C902ADC 8 Bytes [ 00, 00, F0, 3F, 33, 04, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInterlockedPushListSList + 16 7C902AE6 1 Byte [ 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInterlockedPushListSList + 18 7C902AE8 8 Bytes [ 33, 04, 00, 00, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInterlockedPushListSList + 21 7C902AF1 6 Bytes [ 00, 00, 00, 00, 00, 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFirstEntrySList 7C902AF8 5 Bytes [ 00, 00, 00, 00, 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFirstEntrySList + 6 7C902AFE 5 Bytes [ 00, 00, FF, 07, 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFirstEntrySList + C 7C902B04 68 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUlonglongByteSwap + 9 7C902B49 30 Bytes [ 54, 05, 50, 1C, 90, 7C, 66, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCompareMemory + 15 7C902B68 52 Bytes [ CA, 3D, 32, 04, 00, 00, 7F, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCompareMemory + 4A 7C902B9D 16 Bytes CALL 7C971475 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCompareMemoryUlong + C 7C902BAF 24 Bytes [ 04, 66, 0F, F3, CA, 66, 0F, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCompareMemoryUlong + 26 7C902BC9 61 Bytes [ 7F, B0, 66, 0F, 54, 05, 10, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFillMemory + 34 7C902C07 9 Bytes [ 04, C3, 90, 90, 90, 90, 90, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFillMemory + 3F 7C902C12 39 Bytes [ 00, 00, 00, 00, F0, 3F, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFillMemory + 67 7C902C3A 3 Bytes [ 00, 00, 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFillMemory + 6B 7C902C3E 2 Bytes [ 30, 43 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFillMemory + 6E 7C902C41 23 Bytes [ 00, 00, 00, 00, 00, 00, 80, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFillMemoryUlong + 16 7C902C59 4 Bytes [ 00, 00, 00, 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFillMemoryUlong + 1D 7C902C60 9 Bytes [ 8B, 44, 24, 0C, 53, 85, C0, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlZeroMemory + 6 7C902C6A 1 Byte [ 54 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlZeroMemory + 8 7C902C6C 1 Byte [ 08 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlZeroMemory + A 7C902C6E 44 Bytes [ DB, 8A, 5C, 24, 0C, F7, C2, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlMoveMemory + 7 7C902C9B 183 Bytes [ FB, C1, E3, 10, 03, DF, EB, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlMoveMemory + BF 7C902D53 60 Bytes [ C3, 8B, C8, 83, E0, 03, C1, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlMoveMemory + FC 7C902D90 95 Bytes [ 0F, 3A, D1, 75, E7, 48, 74, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlMoveMemory + 15C 7C902DF0 109 Bytes [ C7, BA, 03, 00, 00, 00, 83, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlMoveMemory + 1CA 7C902E5E 37 Bytes [ 01, 83, C6, 02, 83, C7, 02, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlLargeIntegerShiftRight + 1F 7C9031D9 95 Bytes [ 22, 90, 7C, 1C, 22, 90, 7C, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlConvertLongToLargeInteger + 3 7C903239 5 Bytes [ 95, 40, 22, 90, 7C ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlConvertUlongToLargeInteger + 1 7C90323F 11 Bytes [ FF, 50, 22, 90, 7C, 58, 22, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlConvertUlongToLargeInteger + E 7C90324C 2 Bytes [ 78, 22 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlConvertUlongToLargeInteger + 11 7C90324F 40 Bytes [ 7C, 8B, 45, 08, 5E, 5F, C9, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlConvertUlongToLargeInteger + 3A 7C903278 38 Bytes [ 8A, 06, 88, 07, 8A, 46, 01, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlConvertUlongToLargeInteger + 61 7C90329F 23 Bytes JMP 8072B5A6
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCaptureContext + 52 7C90336C 80 Bytes [ 8C, 23, 90, 7C, 94, 23, 90, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCaptureContext + A3 7C9033BD 10 Bytes [ 44, 8E, 04, 89, 44, 8F, 04, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCaptureContext + AE 7C9033C8 19 Bytes [ 00, 00, 00, 03, F0, 03, F8, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCaptureContext + C2 7C9033DC 27 Bytes [ 90, 90, 90, 90, F0, 23, 90, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCaptureContext + DE 7C9033F8 49 Bytes [ 8A, 46, 03, 88, 47, 03, 8B, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtAreMappedFilesTheSame + F 7C90CF6F 20 Bytes [ 5A, 77, 51, 75, 65, 72, 79, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtCallbackReturn + 4 7C90CF84 98 Bytes [ 5A, 77, 51, 75, 65, 72, 79, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtCloseObjectAuditAlarm + 7 7C90CFE7 124 Bytes [ 5A, 77, 51, 75, 65, 72, 79, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtCreateDirectoryObject + 4 7C90D064 48 Bytes [ 5A, 77, 51, 75, 65, 72, 79, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtCreateFile + 5 7C90D095 77 Bytes [ 5A, 77, 51, 75, 65, 72, 79, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtCreateMailslotFile + 3 7C90D0E3 27 Bytes [ 5A, 77, 51, 75, 65, 72, 79, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtCreateMutant + F 7C90D0FF 117 Bytes [ 5A, 77, 51, 75, 65, 72, 79, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtCreateSemaphore + 5 7C90D175 94 Bytes [ 5A, 77, 51, 75, 65, 72, 79, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtDebugActiveProcess + 4 7C90D1D4 31 Bytes [ 5A, 77, 51, 75, 65, 72, 79, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtDelayExecution + 4 7C90D1F4 42 Bytes [ 5A, 77, 51, 75, 65, 72, 79, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtDeleteBootEntry + F 7C90D21F 35 Bytes [ 5A, 77, 51, 75, 65, 72, 79, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtDeleteObjectAuditAlarm + 3 7C90D243 15 Bytes [ 5A, 77, 51, 75, 65, 72, 79, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtDeleteValueKey + 3 7C90D253 49 Bytes [ 5A, 77, 51, 75, 65, 72, 79, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtDuplicateObject + 5 7C90D285 33 Bytes [ 5A, 77, 51, 75, 65, 75, 65, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtEnumerateBootEntries + 7 7C90D2A7 27 Bytes [ 5A, 77, 52, 61, 69, 73, 65, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtEnumerateSystemEnvironmentValuesEx + 3 7C90D2C3 17 Bytes [ 5A, 77, 52, 65, 61, 64, 46, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtEnumerateValueKey + 5 7C90D2D5 17 Bytes [ 5A, 77, 52, 65, 61, 64, 52, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtExtendSection + 7 7C90D2E7 125 Bytes [ 5A, 77, 52, 65, 61, 64, 56, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtFreeUserPhysicalPages + 5 7C90D365 45 Bytes [ 5A, 77, 52, 65, 6D, 6F, 76, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtGetContextThread + 3 7C90D393 11 Bytes [ 5A, 77, 52, 65, 70, 6C, 79, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtGetContextThread + F 7C90D39F 47 Bytes [ 5A, 77, 52, 65, 70, 6C, 79, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtGetWriteWatch + F 7C90D3CF 20 Bytes [ 5A, 77, 52, 65, 70, 6C, 79, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtImpersonateClientOfPort + 4 7C90D3E4 58 Bytes [ 5A, 77, 52, 65, 71, 75, 65, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtInitiatePowerAction + F 7C90D41F 35 Bytes [ 5A, 77, 52, 65, 71, 75, 65, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtListenPort + 3 7C90D443 17 Bytes [ 5A, 77, 52, 65, 73, 65, 74, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtLoadDriver + 5 7C90D455 65 Bytes [ 5A, 77, 52, 65, 73, 74, 6F, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtLockProductActivationKeys + 7 7C90D497 92 Bytes [ 5A, 77, 53, 61, 76, 65, 4D, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtMapUserPhysicalPagesScatter + 4 7C90D4F4 47 Bytes [ 5A, 77, 53, 65, 74, 44, 65, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtNotifyChangeDirectoryFile + 4 7C90D524 13 Bytes [ 5A, 77, 53, 65, 74, 44, 65, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtNotifyChangeKey + 2 7C90D532 4 Bytes [ 63, 61, 6C, 65 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtNotifyChangeKey + 7 7C90D537 45 Bytes [ 5A, 77, 53, 65, 74, 44, 65, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtOpenEvent + 5 7C90D565 28 Bytes [ 5A, 77, 53, 65, 74, 45, 76, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtOpenFile + 2 7C90D582 31 Bytes [ 48, 69, 67, 68, 45, 76, 65, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtOpenJobObject + 2 7C90D5A2 82 Bytes [ 65, 6E, 74, 50, 61, 69, 72, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtOpenProcessToken + 5 7C90D5F5 89 Bytes [ 5A, 77, 53, 65, 74, 49, 6E, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtOpenThread + F 7C90D64F 21 Bytes [ 5A, 77, 53, 65, 74, 49, 6E, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtOpenThreadTokenEx + 5 7C90D665 225 Bytes [ 5A, 77, 53, 65, 74, 49, 6E, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtQueryDefaultUILanguage + 7 7C90D747 63 Bytes [ 5A, 77, 53, 65, 74, 53, 79, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtQueryEvent + 7 7C90D787 31 Bytes [ 5A, 77, 53, 65, 74, 54, 69, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtQueryInformationAtom + 7 7C90D7A7 13 Bytes [ 5A, 77, 53, 65, 74, 55, 75, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtQueryInformationFile + 5 7C90D7B5 13 Bytes [ 5A, 77, 53, 65, 74, 56, 61, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtQueryInformationJobObject + 3 7C90D7C3 43 Bytes [ 5A, 77, 53, 65, 74, 56, 6F, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtQueryInformationProcess + F 7C90D7EF 183 Bytes [ 5A, 77, 53, 69, 67, 6E, 61, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtQueryQuotaInformationFile + 7 7C90D8A7 12 Bytes [ 5A, 77, 54, 72, 61, 63, 65, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtQuerySection + 4 7C90D8B4 34 Bytes [ 5A, 77, 54, 72, 61, 6E, 73, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtQuerySemaphore + 7 7C90D8D7 11 Bytes [ 5A, 77, 55, 6E, 6C, 6F, 61, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtQuerySymbolicLinkObject + 3 7C90D8E3 48 Bytes [ 5A, 77, 55, 6E, 6C, 6F, 61, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtQuerySystemInformation + 4 7C90D914 98 Bytes [ 5A, 77, 55, 6E, 6D, 61, 70, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtQueryVolumeInformationFile + 7 7C90D977 60 Bytes [ 5A, 77, 57, 61, 69, 74, 46, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtReadFile + 4 7C90D9B4 48 Bytes [ 5A, 77, 57, 72, 69, 74, 65, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtReadVirtualMemory + 5 7C90D9E5 65 Bytes [ 5A, 77, 57, 72, 69, 74, 65, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtRemoveIoCompletion + 7 7C90DA27 7 Bytes [ 5F, 43, 49, 73, 71, 72, 74 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtRemoveIoCompletion + F 7C90DA2F 55 Bytes [ 5F, 5F, 69, 73, 61, 73, 63, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtReplyPort + 7 7C90DA67 7 Bytes [ 5F, 61, 6C, 6C, 6D, 75, 6C ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtReplyPort + F 7C90DA6F 21 Bytes [ 5F, 61, 6C, 6C, 6F, 63, 61, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtReplyWaitReceivePortEx + 5 7C90DA85 15 Bytes [ 5F, 61, 6C, 6C, 73, 68, 6C, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtReplyWaitReplyPort + 5 7C90DA95 61 Bytes [ 5F, 61, 74, 6F, 69, 36, 34, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtRequestWakeupLatency + 3 7C90DAD3 27 Bytes [ 5F, 66, 74, 6F, 6C, 00, 5F, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtResetEvent + F 7C90DAEF 5 Bytes [ 5F, 69, 74, 6F, 77 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtResetWriteWatch + 5 7C90DAF5 46 Bytes [ 5F, 6C, 66, 69, 6E, 64, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtResumeThread + 4 7C90DB24 10 Bytes [ 5F, 73, 6E, 77, 70, 72, 69, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtResumeThread + F 7C90DB2F 19 Bytes [ 5F, 73, 70, 6C, 69, 74, 70, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtSaveKeyEx + 3 7C90DB43 16 Bytes [ 5F, 73, 74, 72, 69, 63, 6D, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtSaveMergedKeys + 4 7C90DB54 26 Bytes [ 5F, 73, 74, 72, 6E, 69, 63, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtSecureConnectPort + F 7C90DB6F 51 Bytes [ 5F, 74, 6F, 75, 70, 70, 65, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtSetDebugFilterState + 3 7C90DBA3 11 Bytes [ 5F, 76, 73, 6E, 77, 70, 72, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtSetDebugFilterState + F 7C90DBAF 63 Bytes [ 5F, 77, 63, 73, 69, 63, 6D, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtSetEaFile + F 7C90DBEF 4 Bytes [ 61, 74, 6F, 69 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtSetEvent + 4 7C90DBF4 26 Bytes [ 61, 74, 6F, 6C, 00, 62, 73, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtSetEventBoostPriority + F 7C90DC0F 5 Bytes [ 66, 6C, 6F, 6F, 72 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtSetHighEventPair + 5 7C90DC15 15 Bytes [ 69, 73, 61, 6C, 6E, 75, 6D, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtSetHighWaitLowEventPair + 5 7C90DC25 15 Bytes [ 69, 73, 63, 6E, 74, 72, 6C, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtSetInformationDebugObject + 5 7C90DC35 15 Bytes [ 69, 73, 67, 72, 61, 70, 68, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtSetInformationFile + 5 7C90DC45 15 Bytes [ 69, 73, 70, 72, 69, 6E, 74, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtSetInformationJobObject + 5 7C90DC55 15 Bytes [ 69, 73, 73, 70, 61, 63, 65, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtSetInformationKey + 5 7C90DC65 17 Bytes [ 69, 73, 77, 61, 6C, 70, 68, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtSetInformationObject + 7 7C90DC77 45 Bytes [ 69, 73, 77, 64, 69, 67, 69, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtSetInformationToken + 5 7C90DCA5 17 Bytes [ 6C, 61, 62, 73, 00, 6C, 6F, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtSetIntervalProfile + 7 7C90DCB7 13 Bytes [ 6D, 65, 6D, 63, 68, 72, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtSetIoCompletion + 5 7C90DCC5 14 Bytes [ 6D, 65, 6D, 63, 70, 79, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtSetLdtEntries + 4 7C90DCD4 10 Bytes [ 6D, 65, 6D, 73, 65, 74, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtSetLdtEntries + F 7C90DCDF 5 Bytes [ 71, 73, 6F, 72, 74 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtSetLowEventPair + 5 7C90DCE5 30 Bytes [ 73, 69, 6E, 00, 73, 70, 72, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtSetQuotaInformationFile + 4 7C90DD04 82 Bytes [ 73, 74, 72, 63, 68, 72, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtSetSystemPowerState + 7 7C90DD57 13 Bytes [ 73, 74, 72, 73, 74, 72, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtSetSystemTime + 5 7C90DD65 45 Bytes [ 73, 74, 72, 74, 6F, 75, 6C, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtSetTimerResolution + 3 7C90DD93 51 Bytes [ 74, 6F, 77, 75, 70, 70, 65, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtSetVolumeInformationFile + 7 7C90DDC7 13 Bytes [ 77, 63, 73, 63, 61, 74, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtShutdownSystem + 5 7C90DDD5 13 Bytes [ 77, 63, 73, 63, 6D, 70, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtSignalAndWaitForSingleObject + 3 7C90DDE3 75 Bytes [ 77, 63, 73, 63, 73, 70, 6E, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtSuspendThread + F 7C90DE2F 17 Bytes [ 77, 63, 73, 74, 6F, 6D, 62, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtTerminateJobObject + 2 7C90DE42 1 Byte [ 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtTerminateJobObject + D 7C90DE4D 1 Byte [ 18 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtTerminateProcess + 2 7C90DE52 1 Byte [ 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtTerminateProcess + D 7C90DE5D 1 Byte [ 20 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtTerminateThread + 2 7C90DE62 1 Byte [ 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtTerminateThread + D 7C90DE6D 1 Byte [ 2C ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtTestAlert + 2 7C90DE72 1 Byte [ 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtTestAlert + C 7C90DE7C 4 Bytes [ C2, 2C, 00, 90 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtTraceEvent + 2 7C90DE82 1 Byte [ 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtTraceEvent + D 7C90DE8D 1 Byte [ 40 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtTranslateFilePath + 2 7C90DE92 1 Byte [ 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtTranslateFilePath + D 7C90DE9D 1 Byte [ 2C ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtUnloadDriver + 2 7C90DEA2 1 Byte [ 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtUnloadDriver + D 7C90DEAD 1 Byte [ 40 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtUnloadKey + 2 7C90DEB2 1 Byte [ 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtUnloadKey + D 7C90DEBD 1 Byte [ 44 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtUnloadKeyEx + 2 7C90DEC2 1 Byte [ 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtUnloadKeyEx + D 7C90DECD 1 Byte [ 0C ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtUnlockFile + 2 7C90DED2 1 Byte [ 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtUnlockFile + D 7C90DEDD 1 Byte [ 08 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtUnlockVirtualMemory + 2 7C90DEE2 1 Byte [ 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtUnlockVirtualMemory + D 7C90DEED 1 Byte [ 18 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtUnmapViewOfSection + 2 7C90DEF2 1 Byte [ 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtUnmapViewOfSection + D 7C90DEFD 1 Byte [ 18 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtVdmControl + 2 7C90DF02 1 Byte [ 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtWaitForDebugEvent + 2 7C90DF12 1 Byte [ 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtWaitForDebugEvent + D 7C90DF1D 1 Byte [ 04 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtWaitForMultipleObjects + 2 7C90DF22 1 Byte [ 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtWaitForMultipleObjects + D 7C90DF2D 1 Byte [ 04 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtWaitForSingleObject + 2 7C90DF32 1 Byte [ 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtWaitHighEventPair + 2 7C90DF42 1 Byte [ 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtWaitHighEventPair + D 7C90DF4D 1 Byte [ 10 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtWaitLowEventPair + 2 7C90DF52 1 Byte [ 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtWaitLowEventPair + D 7C90DF5D 1 Byte [ 18 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtWriteFile + 2 7C90DF62 1 Byte [ 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtWriteFile + D 7C90DF6D 1 Byte [ 08 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtWriteFileGather + 2 7C90DF72 1 Byte [ 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtWriteFileGather + D 7C90DF7D 1 Byte [ 08 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtWriteRequestData + 2 7C90DF82 1 Byte [ 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtWriteRequestData + D 7C90DF8D 1 Byte [ 0C ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtWriteVirtualMemory + 2 7C90DF92 1 Byte [ 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtWriteVirtualMemory + D 7C90DF9D 1 Byte [ 04 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtYieldExecution + 2 7C90DFA2 1 Byte [ 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtYieldExecution + C 7C90DFAC 4 Bytes [ C2, 08, 00, 90 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtCreateKeyedEvent + 2 7C90DFB2 1 Byte [ 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtCreateKeyedEvent + D 7C90DFBD 1 Byte [ 08 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtOpenKeyedEvent + 2 7C90DFC2 1 Byte [ 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtOpenKeyedEvent + D 7C90DFCD 1 Byte [ 04 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtReleaseKeyedEvent + 2 7C90DFD2 1 Byte [ 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtReleaseKeyedEvent + D 7C90DFDD 1 Byte [ 04 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtWaitForKeyedEvent + 2 7C90DFE2 1 Byte [ 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtWaitForKeyedEvent + D 7C90DFED 1 Byte [ 0C ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtQueryPortInformationProcess + 2 7C90DFF2 1 Byte [ 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!NtQueryPortInformationProcess + C 7C90DFFC 3 Bytes [ C2, 08, 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!pow + 3 7C90E000 3 Bytes [ B8, 1C, 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_CIpow + 2 7C90E004 18 Bytes [ 00, BA, 00, 03, FE, 7F, FF, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_CIpow + 15 7C90E017 13 Bytes [ 03, FE, 7F, FF, 12, C2, 04, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_CIpow + 23 7C90E025 33 Bytes [ BA, 00, 03, FE, 7F, FF, 12, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_CIpow + 45 7C90E047 2 Bytes [ 03, FE ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_CIpow + 48 7C90E04A 4 Bytes [ FF, 12, C2, 08 ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!KiUserApcDispatcher 7C90E430 98 Bytes [ B8, 5F, 00, 00, 00, BA, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!KiUserExceptionDispatcher + 37 7C90E493 11 Bytes [ 00, 00, BA, 00, 03, FE, 7F, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!KiUserExceptionDispatcher + 43 7C90E49F 3 Bytes [ 90, B8, 66 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!KiUserExceptionDispatcher + 49 7C90E4A5 17 Bytes [ BA, 00, 03, FE, 7F, FF, 12, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!KiRaiseUserExceptionDispatcher + F 7C90E4B7 15 Bytes [ 03, FE, 7F, FF, 12, C2, 10, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!KiRaiseUserExceptionDispatcher + 1F 7C90E4C7 7 Bytes [ 03, FE, 7F, FF, 12, C2, 04 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!KiRaiseUserExceptionDispatcher + 27 7C90E4CF 7 Bytes [ 90, B8, 69, 00, 00, 00, BA ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!KiRaiseUserExceptionDispatcher + 2F 7C90E4D7 7 Bytes [ 03, FE, 7F, FF, 12, C2, 04 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!KiRaiseUserExceptionDispatcher + 37 7C90E4DF 83 Bytes [ 90, B8, 6A, 00, 00, 00, BA, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlRaiseException + 2B 7C90E533 3 Bytes [ 00, 00, BA ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlRaiseException + 2F 7C90E537 7 Bytes [ 03, FE, 7F, FF, 12, C2, 28 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlRaiseException + 37 7C90E53F 3 Bytes [ 90, B8, 70 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlRaiseException + 3D 7C90E545 13 Bytes [ BA, 00, 03, FE, 7F, FF, 12, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlRaiseException + 4C 7C90E554 2 Bytes [ 00, BA ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_CIcos + F 7C90E5D5 49 Bytes [ BA, 00, 03, FE, 7F, FF, 12, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!cos + 2D 7C90E607 13 Bytes [ 03, FE, 7F, FF, 12, C2, 10, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!cos + 3B 7C90E615 41 Bytes [ BA, 00, 03, FE, 7F, FF, 12, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!cos + 65 7C90E63F 17 Bytes [ 90, B8, 80, 00, 00, 00, BA, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!cos + 77 7C90E651 1 Byte [ 81 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!cos + 7B 7C90E655 15 Bytes [ BA, 00, 03, FE, 7F, FF, 12, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_CIlog + 2 7C90E684 14 Bytes [ 00, BA, 00, 03, FE, 7F, FF, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_CIlog + 12 7C90E694 46 Bytes [ 00, BA, 00, 03, FE, 7F, FF, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_CIlog + 43 7C90E6C5 15 Bytes [ BA, 00, 03, FE, 7F, FF, 12, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_CIlog + 53 7C90E6D5 5 Bytes [ BA, 00, 03, FE, 7F ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_CIlog + 59 7C90E6DB 8 Bytes [ 12, C2, 14, 00, 90, B8, 8A, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!strstr + 89 7C90E7E7 27 Bytes [ 03, FE, 7F, FF, 12, C2, 14, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!strchr + 16 7C90E803 16 Bytes [ 00, 00, BA, 00, 03, FE, 7F, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!strchr + 28 7C90E815 19 Bytes [ BA, 00, 03, FE, 7F, FF, 12, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!strchr + 3C 7C90E829 26 Bytes [ 7F, FF, 12, C2, 08, 00, 90, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!strchr + 57 7C90E844 84 Bytes [ 00, BA, 00, 03, FE, 7F, FF, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!strchr + AC 7C90E899 25 Bytes [ 7F, FF, 12, C2, 08, 00, 90, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAnsiStringToUnicodeString + 18 7C90EB33 11 Bytes [ 00, 00, BA, 00, 03, FE, 7F, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAnsiStringToUnicodeString + 24 7C90EB3F 5 Bytes [ 90, B8, D0, 00, 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAnsiStringToUnicodeString + 2A 7C90EB45 17 Bytes [ BA, 00, 03, FE, 7F, FF, 12, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAnsiStringToUnicodeString + 3C 7C90EB57 43 Bytes [ 03, FE, 7F, FF, 12, C2, 0C, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAnsiStringToUnicodeString + 68 7C90EB83 43 Bytes [ 00, 00, BA, 00, 03, FE, 7F, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlMultiByteToUnicodeN + 25 7C90ECBF 68 Bytes CALL 3690ECC4
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlMultiByteToUnicodeN + 6B 7C90ED05 254 Bytes [ BA, 00, 03, FE, 7F, FF, 12, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlMultiByteToUnicodeN + 16B 7C90EE05 30 Bytes [ BA, 00, 03, FE, 7F, FF, 12, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlMultiByteToUnicodeN + 18A 7C90EE24 31 Bytes [ 00, BA, 00, 03, FE, 7F, FF, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlMultiByteToUnicodeN + 1AA 7C90EE44 15 Bytes [ 00, BA, 00, 03, FE, 7F, FF, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlNtStatusToDosError + 43 7C90F650 20 Bytes [ B8, 01, 00, 00, 00, 83, 3D, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlNtStatusToDosErrorNoTeb + C 7C90F665 4 Bytes [ 00, 00, 8D, 0D ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlNtStatusToDosErrorNoTeb + 11 7C90F66A 144 Bytes CALL 7C90F3EC C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlNtStatusToDosErrorNoTeb + A2 7C90F6FB 25 Bytes [ 75, 1D, 83, 7C, 24, 08, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlNtStatusToDosErrorNoTeb + BD 7C90F716 1 Byte [ 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlNtStatusToDosErrorNoTeb + BF 7C90F718 13 Bytes CALL 7C90F23D C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAddRefActivationContext + 6 7C90FBB8 24 Bytes [ B0, 00, C1, 97, 7C, 4F, FF, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAddRefActivationContext + 20 7C90FBD2 13 Bytes [ F6, 03, C6, 66, 8B, 04, 43, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAddRefActivationContext + 2E 7C90FBE0 11 Bytes [ 4D, 18, EB, 10, 8B, 35, C0, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAddRefActivationContext + 3A 7C90FBEC 28 Bytes [ 04, 30, 66, 89, 01, 41, 41, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAddRefActivationContext + 57 7C90FC09 62 Bytes [ 00, 00, 2B, 4D, 08, 89, 08, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlQueryInformationActivationContext + 4F 7C90FD01 109 Bytes [ 26, 43, 00, 00, 5F, 5E, 33, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlQueryInformationActivationContext + BD 7C90FD6F 106 Bytes [ 34, 71, 66, 89, 70, 08, 0F, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlQueryInformationActivationContext + 128 7C90FDDA 15 Bytes JMP 15051400
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlQueryInformationActivationContext + 138 7C90FDEA 17 Bytes [ 17, 05, 60, 04, F6, 03, 61, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlQueryInformationActivationContext + 14A 7C90FDFC 8 Bytes [ 00, 80, E6, 03, 00, 00, 03, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGetLastWin32Error + 4 7C90FE05 20 Bytes [ 80, 04, 00, 00, 80, EA, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlRestoreLastWin32Error + A 7C90FE1A 127 Bytes [ 15, 00, AA, 00, 03, 01, FE, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInitUnicodeStringEx + 25 7C90FE9A 3 Bytes [ E6, 03, E7 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInitUnicodeStringEx + 29 7C90FE9E 20 Bytes JMP D391BFA6
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInitUnicodeStringEx + 3E 7C90FEB3 15 Bytes [ 00, 01, 00, 00, 00, 26, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInitUnicodeStringEx + 4E 7C90FEC3 12 Bytes [ 00, F9, 06, 00, 00, 1B, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInitUnicodeStringEx + 5B 7C90FED0 11 Bytes [ 08, 00, 00, 00, E7, 01, 00, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGetNtGlobalFlags + 5 7C90FF00 17 Bytes [ 7A, 00, 00, 00, 06, 00, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFreeHeap + 5 7C90FF12 32 Bytes [ 00, 00, 2B, 00, 00, C0, E7, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFreeHeap + 26 7C90FF33 2 Bytes [ 00, A1 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFreeHeap + 29 7C90FF36 4 Bytes [ 00, 00, 5D, 04 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFreeHeap + 2F 7C90FF3C 6 Bytes [ 5D, 04, 00, 00, 17, 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFreeHeap + 36 7C90FF43 27 Bytes [ 00, 17, 00, 00, 00, 08, 00, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAllocateHeap + 4 7C9100A8 25 Bytes [ EE, 03, 00, 00, 40, 05, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAllocateHeap + 1E 7C9100C2 21 Bytes [ 00, 00, E7, 01, 00, 00, E7, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAllocateHeap + 34 7C9100D8 6 Bytes [ 41, 05, 00, 00, 42, 05 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAllocateHeap + 3C 7C9100E0 6 Bytes [ 43, 05, 00, 00, 44, 05 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAllocateHeap + 44 7C9100E8 5 Bytes [ 45, 05, 00, 00, 57 ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAcquirePebLock + 5 7C9103F2 12 Bytes [ 00, 00, E7, 04, 00, 00, E6, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAcquirePebLock + 12 7C9103FF 55 Bytes [ 00, 74, 10, 00, 00, 6E, 10, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlReleasePebLock + 6 7C910437 35 Bytes [ 00, 43, 03, 09, 80, 7D, 17, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFreeAnsiString + 15 7C91045B 4 Bytes [ 00, EC, 04, EC ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFreeAnsiString + 1A 7C910460 9 Bytes [ EC, 04, EC, 04, FB, 04, FB, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFreeAnsiString + 24 7C91046A 17 Bytes [ 6B, 00, 10, 80, 6C, 00, 10, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFreeAnsiString + 36 7C91047C 7 Bytes [ 09, 80, 2C, 00, 10, 80, 16 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFreeAnsiString + 3E 7C910484 29 Bytes [ 09, 80, 2F, 00, 10, 80, F1, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlReleaseActivationContext + 13 7C91053A 25 Bytes [ 1B, 07, 1C, 07, 1D, 07, 1E, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlReleaseActivationContext + 2D 7C910554 66 Bytes [ 06, 00, F1, 06, F2, 06, F3, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!wcsncpy + 38 7C910597 241 Bytes [ 1B, 6E, 1B, 6F, 1B, 70, 1B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!wcsncpy + 12A 7C910689 79 Bytes [ F0, 81, F9, 00, 00, 00, D0, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!wcsncpy + 17A 7C9106D9 34 Bytes [ 7C, 3B, D3, 0F, 83, 24, DD, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!wcsncpy + 19D 7C9106FC 27 Bytes [ B7, 04, 75, D8, ED, 90, 7C, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!wcsncpy + 1B9 7C910718 53 Bytes [ 03, 01, 00, 00, 01, 00, 01, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDeleteCriticalSection + 6D 7C9113C7 7 Bytes [ 55, 08, 66, 83, FA, 61, 72 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDeleteCriticalSection + 75 7C9113CF 25 Bytes [ 66, 83, FA, 7A, 0F, 87, 18, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDeleteCriticalSection + 8F 7C9113E9 90 Bytes [ 90, 90, 90, 90, 6A, 18, 68, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDeleteCriticalSection + EC 7C911446 91 Bytes [ 8B, FF, 55, 8B, EC, 57, 8B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDeleteCriticalSection + 148 7C9114A2 32 Bytes [ 00, 00, FF, 75, 08, 8B, 40, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInitializeCriticalSectionAndSpinCount + 4E 7C911548 102 Bytes [ 0F, C1, 06, 48, 89, 45, 08, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInitializeCriticalSectionAndSpinCount + B5 7C9115AF 37 Bytes [ BF, 20, B4, 97, 7C, 33, DB, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlLogStackBackTrace + 21 7C9115D5 2 Bytes [ 17, CC ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlLogStackBackTrace + 25 7C9115D9 8 Bytes [ 85, C0, 75, D9, 57, E8, 1D, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlLogStackBackTrace + 2F 7C9115E3 38 Bytes [ F6, 46, 0C, 40, 0F, 84, 16, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInitializeCriticalSection + D 7C91160A 20 Bytes CALL 7C90E7F0 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInitializeCriticalSection + 22 7C91161F 47 Bytes [ FF, FF, 0D, F0, B0, 97, 7C, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInitializeCriticalSection + 52 7C91164F 3 Bytes [ 86, 58, FC ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInitializeCriticalSection + 57 7C911654 16 Bytes [ 83, F8, 01, 0F, 86, 4F, FC, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInitializeCriticalSection + 68 7C911665 4 Bytes [ FF, 55, 8B, EC ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlTimeToTimeFields + 18 7C911EF5 124 Bytes [ 8B, 4A, 04, 89, 8D, EC, FE, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlTimeToTimeFields + 95 7C911F72 76 Bytes [ 84, B1, FC, FF, FF, 8B, 45, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlTimeToTimeFields + E2 7C911FBF 11 Bytes [ B5, 20, FF, FF, FF, 83, B8, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlTimeToTimeFields + EE 7C911FCB 5 Bytes [ 0F, 85, E0, 0D, 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlTimeToTimeFields + F4 7C911FD1 58 Bytes [ 8B, 06, 8B, C8, 89, 8D, 70, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrFindResource_U + 11 7C912778 28 Bytes [ FF, 89, 39, 89, 4F, 04, 3B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrAccessResource + D 7C912795 6 Bytes [ 47, D3, E7, 89, BD, 50 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrAccessResource + 15 7C91279D 17 Bytes [ FF, 8D, BC, 1A, 58, 01, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrAccessResource + 27 7C9127AF 33 Bytes [ 88, 0F, 8B, 4D, 9C, 29, 4B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrAccessResource + 4A 7C9127D2 36 Bytes [ 00, 0F, 83, 23, 9A, 02, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrLoadAlternateResourceModule + F 7C9127F7 28 Bytes [ 55, 8B, EC, 51, 51, 53, 56, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrLoadAlternateResourceModule + 2C 7C912814 30 Bytes [ 45, F8, 8A, 46, 05, 88, 45, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrLoadAlternateResourceModule + 4B 7C912833 4 Bytes [ 87, 00, C0, 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrLoadAlternateResourceModule + 50 7C912838 39 Bytes [ 8B, D8, 8A, 45, 0F, 89, 5D, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrLoadAlternateResourceModule + 78 7C912860 18 Bytes [ 0F, 82, 93, A0, 02, 00, 83, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlImageRvaToSection + 1D 7C9128D4 35 Bytes [ 55, 08, 0F, 85, 46, BF, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlImageRvaToSection + 41 7C9128F8 130 Bytes JMP 5E52F888
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlImageRvaToSection + C4 7C91297B 11 Bytes [ 44, 86, 58, 89, 45, E4, 8D, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlImageRvaToSection + D0 7C912987 3 Bytes [ BA, 00, F0 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlImageRvaToSection + D4 7C91298B 212 Bytes [ FF, 23, C2, 8B, C8, 2B, CF, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUnicodeToMultiByteN + 16 7C912A83 106 Bytes [ C0, 75, 05, 39, 45, F8, 74, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUnicodeToMultiByteN + 81 7C912AEE 220 Bytes [ 84, 1D, FB, FF, FF, 0F, B7, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUnicodeStringToAnsiString + 33 7C912BCB 139 Bytes [ 50, 60, 8B, CF, C1, E9, 03, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrLockLoaderLock + 14 7C912C57 128 Bytes [ 2B, 8B, 16, 4A, 3B, FA, 73, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrLockLoaderLock + 95 7C912CD8 16 Bytes [ 91, 7C, 83, C0, 10, E9, B0, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrLockLoaderLock + A6 7C912CE9 26 Bytes [ 01, 8D, 49, 01, 89, 48, 20, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrUnlockLoaderLock + C 7C912D05 6 Bytes [ 57, 53, E8, CA, FD, FF ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrUnlockLoaderLock + 13 7C912D0C 44 Bytes [ 89, 45, 94, 39, 45, D8, 0F, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrUnlockLoaderLock + 40 7C912D39 41 Bytes [ 87, BB, FB, FF, FF, 56, 53, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrUnlockLoaderLock + 6B 7C912D64 314 Bytes [ 0F, B6, C4, 0F, BE, 80, 28, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlEqualUnicodeString + 4 7C912E9F 65 Bytes [ F0, FF, 35, D0, 1E, 91, 7C, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlEqualUnicodeString + 46 7C912EE1 15 Bytes [ EC, 51, 53, 56, 57, 8D, 45, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlEqualUnicodeString + 56 7C912EF1 62 Bytes CALL 7C912E76 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlEqualUnicodeString + 95 7C912F30 32 Bytes [ F8, 8B, C1, F7, F3, 33, D2, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!wcscpy + 11 7C912F51 380 Bytes [ 5B, F7, F3, 85, D2, 0F, 84, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIsDosDeviceName_U + 46 7C9130CE 13 Bytes [ 08, 08, 08, 08, 08, 08, 08, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIsDosDeviceName_U + 54 7C9130DC 39 Bytes [ 08, 08, 08, 08, 08, 08, 09, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIsDosDeviceName_U + 7C 7C913104 70 Bytes [ 0A, 0A, 0A, 0A, 0A, 0A, 0A, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCopySid + 1 7C91314B 26 Bytes [ 4D, 08, 53, 33, D2, 56, 8B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCopySid + 1C 7C913166 14 Bytes [ 00, 8B, F0, 69, C0, 4F, C5, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCopySid + 2B 7C913175 31 Bytes [ 64, 83, C0, 4B, F7, F7, 33, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlLengthSid + 17 7C913195 140 Bytes [ 8B, C1, 2B, C2, 6B, C0, 64, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlLockHeap + 37 7C913222 98 Bytes [ FF, FF, 89, 45, 88, 85, C0, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUnlockHeap + 32 7C913285 16 Bytes CALL 7C911324 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUnlockHeap + 43 7C913296 93 Bytes [ 00, 8B, 45, B0, 89, 45, B8, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIsValidHandle + 37 7C9132F4 37 Bytes [ 75, 11, 0F, B7, 55, B4, 8D, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIsValidHandle + 5D 7C91331A 5 Bytes [ 00, 00, 89, 45, B8 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFreeHandle + 1 7C913320 13 Bytes [ 5D, B4, 0F, B7, C3, 8D, 44, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFreeHandle + F 7C91332E 128 Bytes [ 90, 0F, 87, 0C, FF, FF, FF, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIsValidIndexHandle + 1 7C9133AF 4 Bytes [ 0E, 89, 4D, E4 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIsValidIndexHandle + 6 7C9133B4 50 Bytes [ 76, 04, 03, 75, B0, 89, 75, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlEncodePointer + 8 7C9133E7 31 Bytes [ C7, 45, CC, 04, 02, 00, C0, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDecodePointer + 2 7C913407 12 Bytes [ C2, 14, 00, 83, 7D, 98, 03, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCreateUnicodeString + 2 7C913414 118 Bytes JMP 7C9132CD C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCreateUnicodeString + 79 7C91348B 8 Bytes [ 00, 90, 90, 90, 90, FF, FF, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCreateUnicodeString + 82 7C913494 37 Bytes [ 11, 67, 94, 7C, 24, 67, 94, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCreateUnicodeString + A8 7C9134BA 70 Bytes JMP 7C914509 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCreateUnicodeString + EF 7C913501 94 Bytes [ 8B, 07, 89, 45, BC, 8B, 47, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlQueryInformationActiveActivationContext + 6 7C913597 141 Bytes [ 01, 26, 91, 7C, AB, 26, 91, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlEqualString + 6F 7C913625 3 Bytes [ 98, 2E, 02 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlEqualString + 74 7C91362A 66 Bytes [ B7, 4D, E0, 89, 4D, E4, 8D, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlEqualString + B7 7C91366D 8 Bytes [ EB, 98, 84, DB, 0F, 84, A6, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlEqualString + C1 7C913677 4 Bytes [ 64, A1, 18, 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlEqualString + C7 7C91367D 20 Bytes [ 89, 85, 74, FF, FF, FF, 8B, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlLengthRequiredSid + E 7C9136A6 27 Bytes JMP 7C913604 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSubAuthorityCountSid + 2 7C9136C2 77 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSubAuthorityCountSid + 51 7C913711 37 Bytes [ 40, 50, 39, 75, 0C, 0F, 82, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSubAuthorityCountSid + 77 7C913737 20 Bytes CALL 7C91341E C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSubAuthorityCountSid + 8D 7C91374D 4 Bytes [ 89, 50, 65, 01 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSubAuthorityCountSid + 92 7C913752 6 Bytes [ 25, FF, FF, FF, 7F, 03 ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGetDaclSecurityDescriptor + 9A 7C913819 25 Bytes [ 89, 9D, 74, F3, FF, FF, 88, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGetDaclSecurityDescriptor + B5 7C913834 35 Bytes [ BF, 43, 03, 00, 33, C0, 8B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGetUserInfoHeap + 16 7C913858 7 Bytes [ C4, 72, 94, 7C, 00, 00, 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGetUserInfoHeap + 1F 7C913861 279 Bytes [ 00, 00, 00, 47, 6E, 94, 7C, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrShutdownThread + 44 7C91397A 12 Bytes [ 8B, F8, 89, 7D, D4, 85, FF, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrShutdownThread + 51 7C913987 82 Bytes [ FF, 77, 0C, FF, 75, 08, 53, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrShutdownThread + A4 7C9139DA 148 Bytes [ 38, 8B, 7D, 0C, 85, FF, 74, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrShutdownThread + 139 7C913A6F 73 Bytes [ 55, 8B, EC, 53, 56, 8B, 75, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCheckForOrphanedCriticalSections + 26 7C913AB9 4 Bytes [ 0F, 0F, 87, C1 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCheckForOrphanedCriticalSections + 2D 7C913AC0 87 Bytes [ FF, 24, BD, 28, 2A, 91, 7C, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCheckForOrphanedCriticalSections + 85 7C913B18 11 Bytes [ B7, 58, 12, 8A, 1C, 33, 88, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCheckForOrphanedCriticalSections + 91 7C913B24 171 Bytes [ B7, 58, 0E, 8A, 1C, 33, 88, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDetermineDosPathNameType_U + 66 7C913BD0 63 Bytes [ 66, 89, 0E, 0F, 84, C9, 1D, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDetermineDosPathNameType_U + A6 7C913C10 194 Bytes [ 8B, 46, 04, 8B, 4D, 0C, 88, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDetermineDosPathNameType_U + 169 7C913CD3 89 Bytes [ 00, C1, E0, 10, 0B, D8, 89, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDetermineDosPathNameType_U + 1C3 7C913D2D 51 Bytes JMP A0D97042
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDetermineDosPathNameType_U + 1F7 7C913D61 84 Bytes [ FF, FF, FF, F3, CA, 93, 7C, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDosPathNameToNtPathName_U + 6E 7C914343 259 Bytes [ 42, 10, 89, 06, 5F, 89, 72, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlPrefixUnicodeString + 5F 7C914447 11 Bytes [ E1, 03, F3, A4, 66, 89, 5A, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlPrefixUnicodeString + 6B 7C914453 17 Bytes [ 89, 1A, B0, 01, 5F, 5E, 5B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlPrefixUnicodeString + 7D 7C914465 1 Byte [ 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlPrefixUnicodeString + 7F 7C914467 133 Bytes [ 00, 89, 85, 5C, FF, FF, FF, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGetCurrentDirectory_U + 7 7C9144ED 125 Bytes [ 1C, 64, A1, 18, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGetCurrentDirectory_U + 86 7C91456C 106 Bytes [ 83, F8, FC, 74, 11, 83, F8, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlQueryEnvironmentVariable_U + 5E 7C9145D7 80 Bytes [ 8B, 71, 04, 8B, 7A, 04, 03, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlQueryEnvironmentVariable_U + AF 7C914628 152 Bytes [ 00, 0F, BE, 81, 28, 0B, 91, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlExpandEnvironmentStrings_U + 17 7C9146C1 38 Bytes [ FF, 55, 8B, EC, 8B, 45, 08, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlExpandEnvironmentStrings_U + 3E 7C9146E8 97 Bytes JMP 7C91AE23 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlExpandEnvironmentStrings_U + A0 7C91474A 1 Byte [ 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlExpandEnvironmentStrings_U + A2 7C91474C 39 Bytes [ 0F, 84, 67, 10, 00, 00, E9, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlExpandEnvironmentStrings_U + CB 7C914775 87 Bytes JMP 7C91F939 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGetLongestNtPathLength + 11 7C9149CA 26 Bytes [ 46, 1C, 89, 45, E0, 85, C0, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGetLongestNtPathLength + 2C 7C9149E5 117 Bytes [ 00, 00, C7, 45, B0, 01, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGetLongestNtPathLength + A2 7C914A5B 143 Bytes [ 5E, C3, 80, 3D, DC, B0, 97, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGetLongestNtPathLength + 132 7C914AEB 65 Bytes [ 00, 89, 5E, 04, 89, 5E, 08, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGetLongestNtPathLength + 174 7C914B2D 150 Bytes [ 00, C6, 85, D7, FD, FF, FF, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlConvertSidToUnicodeString + EF 7C914D24 1 Byte [ 33 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlConvertSidToUnicodeString + F1 7C914D26 44 Bytes [ 5F, 5E, 5B, C9, C2, 04, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlConvertSidToUnicodeString + 11E 7C914D53 52 Bytes [ 4D, 14, 89, 4D, 94, 8B, 4D, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlConvertSidToUnicodeString + 153 7C914D88 21 Bytes [ 45, 9C, 0F, B7, C9, 8B, D1, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlConvertSidToUnicodeString + 16A 7C914D9F 63 Bytes [ 66, 39, 30, 0F, 84, 1B, CA, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCopyUnicodeString + 14 7C914ECD 121 Bytes [ 89, 7D, A4, 89, 55, C0, 89, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAppendUnicodeToString + 2D 7C914F47 36 Bytes [ 75, D8, EB, DE, 90, 90, 90, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAppendUnicodeToString + 52 7C914F6C 69 Bytes [ 83, 3A, 2E, 75, 8B, E9, FB, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAppendUnicodeStringToString + 23 7C914FB2 35 Bytes [ 84, 59, F7, FF, FF, 66, 83, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAppendUnicodeStringToString + 47 7C914FD6 9 Bytes [ 39, 19, 74, 77, 49, 49, 89, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAppendUnicodeStringToString + 51 7C914FE0 71 Bytes [ 4D, C8, 77, F1, 33, C9, 3B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFormatCurrentUserKeyPath + 2F 7C915028 30 Bytes [ FF, C3, 66, 39, 59, FE, 74, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFormatCurrentUserKeyPath + 4E 7C915047 55 Bytes [ 85, B0, FE, FF, FF, E9, 17, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFormatCurrentUserKeyPath + 86 7C91507F 83 Bytes [ 89, 45, E4, 8B, 45, 08, 8B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFormatCurrentUserKeyPath + DA 7C9150D3 56 Bytes [ 00, 8D, 85, D8, FD, FF, FF, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFormatCurrentUserKeyPath + 113 7C91510C 75 Bytes CALL 7C9113ED C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!bsearch + 34 7C915207 12 Bytes [ D0, FD, FF, FF, 89, 4E, 04, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!bsearch + 41 7C915214 38 Bytes [ 03, C0, 8B, 95, B0, FD, FF, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!bsearch + 68 7C91523B 18 Bytes [ FF, 66, 83, 24, 71, 00, 8B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!bsearch + 7B 7C91524E 9 Bytes [ FF, 85, DB, 74, 1C, 33, C0, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!bsearch + 85 7C915258 10 Bytes [ 66, 89, 43, 02, 89, 43, 04, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFindActivationContextSectionString + 54 7C915545 28 Bytes [ 66, 89, 5C, 77, FE, 4E, 89, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFindActivationContextSectionString + 71 7C915562 17 Bytes [ 90, 90, 90, 90, 90, 90, FF, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFindActivationContextSectionString + 83 7C915574 41 Bytes [ 90, 90, 90, 90, 90, 6A, 34, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFindActivationContextSectionString + AD 7C91559E 12 Bytes [ 89, 7D, FC, 8B, 75, 08, 3B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFindActivationContextSectionString + BB 7C9155AC 30 Bytes CALL 7C9113ED C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlHashUnicodeString + 53 7C915690 91 Bytes [ 39, 08, 75, F5, 66, 8B, 10, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlHashUnicodeString + AF 7C9156EC 4 Bytes [ 86, 90, 57, 01 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlHashUnicodeString + B4 7C9156F1 100 Bytes [ 8B, 4D, FC, 66, 8B, 06, 83, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlHashUnicodeString + 13D 7C91577A 246 Bytes [ 63, FF, FF, FF, 66, 3B, C2, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlHashUnicodeString + 234 7C915871 12 Bytes [ 45, C6, EB, 13, 66, 83, F8, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDosApplyFileIsolationRedirection_Ustr + F0 7C915A6B 11 Bytes [ FF, C7, 45, CC, 8A, 00, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDosApplyFileIsolationRedirection_Ustr + FD 7C915A78 5 Bytes [ 6A, 05, E9, 2F, F1 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDosApplyFileIsolationRedirection_Ustr + 103 7C915A7E 66 Bytes [ FF, C7, 45, CC, 8B, 00, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDosApplyFileIsolationRedirection_Ustr + 146 7C915AC1 366 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDosApplyFileIsolationRedirection_Ustr + 2B5 7C915C30 22 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFindCharInUnicodeString + 2D 7C915D6E 35 Bytes [ 89, 8D, F4, FD, FF, FF, 8D, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFindCharInUnicodeString + 51 7C915D92 50 Bytes [ 33, C0, 5B, 5F, 8B, 4D, FC, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFindCharInUnicodeString + 84 7C915DC5 44 Bytes CALL 2B156CCA
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFindCharInUnicodeString + B1 7C915DF2 50 Bytes [ 5D, 94, 8D, 75, E0, 66, 83, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFindCharInUnicodeString + E5 7C915E26 1 Byte [ 10 ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlValidateUnicodeString + 1 7C915E4B 92 Bytes [ CB, 83, E1, 03, F3, A4, 3B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlValidateUnicodeString + 5E 7C915EA8 11 Bytes [ 41, 00, 42, 00, 43, 00, 44, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlValidateUnicodeString + 6A 7C915EB4 2 Bytes [ 90, 90 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlValidateUnicodeString + 6D 7C915EB7 51 Bytes [ 90, 90, 8B, FF, 55, 8B, EC, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlValidateUnicodeString + A1 7C915EEB 37 Bytes JMP 7F1AC4F2
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrLoadDll + DC 7C91647F 29 Bytes [ 83, 7E, 10, 03, 0F, 86, 87, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrLoadDll + FA 7C91649D 11 Bytes [ 85, C0, 0F, 84, 9B, FD, FF, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrLoadDll + 106 7C9164A9 55 Bytes [ 75, 08, FF, 55, 18, F7, D8, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrLoadDll + 13E 7C9164E1 28 Bytes [ 46, 10, 01, 00, 00, 00, E9, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrLoadDll + 15D 7C916500 40 Bytes [ 8B, 48, 30, 33, DB, 39, 99, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrGetDllHandleEx + 1C 7C9166BD 23 Bytes [ 5F, 5E, C9, C2, 10, 00, 90, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrGetDllHandleEx + 34 7C9166D5 21 Bytes [ 14, 85, FF, 74, 03, 83, 27, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrGetDllHandleEx + 4A 7C9166EB 12 Bytes [ 0F, 82, 73, 0A, 00, 00, F7, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrGetDllHandleEx + 57 7C9166F8 10 Bytes [ 0F, 85, 66, 0A, 00, 00, 83, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrGetDllHandleEx + 63 7C916704 3 Bytes [ 5C, 0A, 00 ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlMultiAppendUnicodeStringBuffer + 7A 7C91696F 78 Bytes [ C7, 5F, 5B, C9, C2, 08, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlMultiAppendUnicodeStringBuffer + C9 7C9169BE 13 Bytes [ FF, 8B, 45, 20, 3B, C3, 57, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlMultiAppendUnicodeStringBuffer + D7 7C9169CC 23 Bytes [ B5, CC, FE, FF, FF, 89, 85, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlMultiAppendUnicodeStringBuffer + EF 7C9169E4 19 Bytes [ 66, 89, 9D, EE, FE, FF, FF, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlMultiAppendUnicodeStringBuffer + 103 7C9169F8 2 Bytes [ 66, C7 ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDosSearchPath_U + 43 7C91701C 19 Bytes CALL 7C917FD7 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDosSearchPath_U + 57 7C917030 21 Bytes [ 3D, 14, 02, 00, 00, 0F, 87, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDosSearchPath_U + 6D 7C917046 26 Bytes [ 89, 1C, 41, 66, 89, B5, C0, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDosSearchPath_U + 88 7C917061 69 Bytes [ 0F, 85, 67, 12, 00, 00, 33, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDosSearchPath_U + CE 7C9170A7 8 Bytes [ 00, 0F, 84, FA, D1, 02, 00, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrUnloadDll + 5 7C917370 26 Bytes [ 00, 39, 9D, C4, FD, FF, FF, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrUnloadDll + 20 7C91738B 64 Bytes [ FD, FF, FF, 8B, 4D, E4, E8, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrUnloadDll + 61 7C9173CC 7 Bytes [ 8B, 45, 10, 89, 85, D8, FD ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrUnloadDll + 69 7C9173D4 35 Bytes [ FF, 8B, 45, 14, 89, 85, B8, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrUnloadDll + 8D 7C9173F8 5 Bytes [ 89, 9D, BC, FD, FF ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlActivateActivationContextEx + 2 7C91765F 160 Bytes [ FF, 66, FF, 40, 38, 6A, 01, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlActivateActivationContextEx + A3 7C917700 7 Bytes [ 3B, F7, 0F, 84, AE, 64, 02 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlActivateActivationContextEx + AB 7C917708 15 Bytes [ F6, C2, 02, 0F, 85, AA, 64, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlActivateActivationContextEx + BB 7C917718 46 Bytes [ 00, 66, 89, 7D, BC, 66, C7, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlActivateActivationContextEx + EA 7C917747 17 Bytes [ FF, 89, 45, DC, 3B, C7, 0F, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlActivateActivationContext + 8E 7C917871 55 Bytes [ A3, 24, B2, 97, 7C, 83, 65, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlActivateActivationContext + C6 7C9178A9 17 Bytes CALL 7C9178BE C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlActivateActivationContext + DB 7C9178BE 11 Bytes [ 80, 7D, E7, 00, 75, 20, C3, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDeactivateActivationContext + B 7C9178CA 88 Bytes CALL 7C913C42 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDeactivateActivationContext + 64 7C917923 128 Bytes [ 0F, 87, 16, 55, 02, 00, 53, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCompareUnicodeString + 1C 7C9179A4 147 Bytes [ 3D, 25, 02, 00, C0, 0F, 84, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCompareUnicodeString + B0 7C917A38 21 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCompareUnicodeString + C6 7C917A4E 18 Bytes [ 83, A5, EC, FD, FF, FF, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCompareUnicodeString + D9 7C917A61 22 Bytes [ 8D, 8D, EC, FD, FF, FF, 51, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCompareUnicodeString + F1 7C917A79 30 Bytes CALL 7C917A8F C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrGetProcedureAddress + 1F 7C917EA7 42 Bytes [ 00, 00, 00, 8B, 40, 30, 57, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrGetProcedureAddress + 4A 7C917ED2 103 Bytes [ 66, 8B, 40, 04, 66, 83, F8, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrGetProcedureAddress + B2 7C917F3A 59 Bytes [ C2, 0F, 85, 2D, 1E, 00, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrGetProcedureAddress + EE 7C917F76 161 Bytes [ 75, 1C, 8D, 45, E0, 50, FF, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrGetProcedureAddress + 190 7C918018 80 Bytes [ 89, 55, FC, 53, 8B, 5D, 08, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_wcsnicmp + 3D 7C91820A 63 Bytes [ FF, 8B, F0, FF, B5, B4, FD, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlEqualSid + 1E 7C91824A 60 Bytes CALL 7C90E500 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInitializeSid + 12 7C918287 37 Bytes [ 78, 0C, 83, C7, 0C, 8B, 07, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInitializeSid + 38 7C9182AD 52 Bytes [ FF, 39, 5E, 08, 74, E1, 89, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInitializeSid + 6D 7C9182E2 16 Bytes JMP 7C918115 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInitializeSid + 7E 7C9182F3 62 Bytes [ 84, C0, 0F, 84, E2, E2, 01, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInitializeSid + BD 7C918332 20 Bytes [ 8B, 7D, F8, 8B, 07, 8B, 57, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!swprintf + 37 7C9184F2 26 Bytes [ 49, 04, 89, 4D, B8, 89, 01, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!swprintf + 52 7C91850D 37 Bytes [ 90, 8B, 0D, 2C, B2, 97, 7C, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!swprintf + 78 7C918533 10 Bytes [ FF, 00, 00, 00, 00, BC, 75, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!swprintf + 84 7C91853F 2 Bytes [ 00, 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!swprintf + 87 7C918542 1 Byte [ 00 ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlValidAcl + 63 7C918610 8 Bytes [ 00, 80, 4E, 35, 20, E9, 6F, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlValidAcl + 6C 7C918619 9 Bytes [ FF, 48, 0F, 85, 2D, 85, 02, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlValidAcl + 76 7C918623 8 Bytes [ 4F, 38, C7, 45, C8, 32, 76, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlValidAcl + 7F 7C91862C 46 Bytes JMP 7C917E23 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCreateSecurityDescriptor + 2C 7C91865D 81 Bytes [ 8B, FF, 55, 8B, EC, 51, 53, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetDaclSecurityDescriptor + 50 7C9186AF 1 Byte [ 85 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetDaclSecurityDescriptor + 52 7C9186B1 23 Bytes [ 7C, 7C, F6, 45, 08, 01, 56, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFirstFreeAce + F 7C9186C9 50 Bytes [ C0, 39, 05, D0, B1, 97, 7C, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFirstFreeAce + 42 7C9186FC 15 Bytes [ AC, 01, 00, 00, 8B, 43, 24, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFirstFreeAce + 52 7C91870C 1 Byte [ 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFirstFreeAce + 54 7C91870E 101 Bytes [ D1, C1, E0, 10, 81, E2, FF, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFirstFreeAce + BA 7C918774 39 Bytes [ 85, F2, CC, FF, FF, 64, A1, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCreateAcl + 4B 7C918814 17 Bytes [ 5D, C2, 0C, 00, B8, 0D, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAddAccessAllowedAce + B 7C918826 14 Bytes [ 55, 8B, EC, 57, 64, A1, 18, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAddAccessAllowedAce + 1A 7C918835 82 Bytes [ 74, 7A, F6, 47, 08, 04, 75, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAllocateAndInitializeSid + 1D 7C918888 1 Byte [ 04 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAllocateAndInitializeSid + 20 7C91888B 52 Bytes [ 00, 83, 79, 04, 00, 75, 1E, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAllocateAndInitializeSid + 55 7C9188C0 340 Bytes [ FF, 55, 8B, EC, 83, EC, 54, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetGroupSecurityDescriptor + 3 7C918A15 37 Bytes [ 0C, 75, 0D, 3B, 75, FC, 72, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetGroupSecurityDescriptor + 29 7C918A3B 1 Byte [ 45 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetGroupSecurityDescriptor + 2B 7C918A3D 8 Bytes [ 66, 83, FF, 61, 73, 1B, 8B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetGroupSecurityDescriptor + 34 7C918A46 132 Bytes [ 89, 45, 10, 66, 8B, 7D, 10, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlOpenCurrentUser + 13 7C918ACC 85 Bytes [ 8B, 75, F4, 8D, 46, FF, 83, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!wcsncat 7C918B24 5 Bytes [ 90, 90, 8B, FF, 55 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!wcsncat + 6 7C918B2A 2 Bytes [ EC, 53 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!wcsncat + 9 7C918B2D 69 Bytes [ 5D, 14, 85, DB, 0F, 84, 08, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!wcsncat + 4F 7C918B73 50 Bytes [ 02, 0F, 85, 78, 78, 00, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInitializeHandleTable + 2C 7C918BA6 24 Bytes [ 4D, EE, 8B, 40, 04, 03, C6, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInitializeHandleTable + 45 7C918BBF 206 Bytes [ 85, 55, DC, FF, FF, 8B, 7D, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDosSearchPath_Ustr + 9D 7C918C8E 50 Bytes [ CE, 8B, 7D, 14, 89, 0F, 0F, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDosSearchPath_Ustr + D1 7C918CC2 20 Bytes [ A1, C8, B0, 97, 7C, 89, 45, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDosSearchPath_Ustr + E6 7C918CD7 90 Bytes [ 45, 80, 80, 3D, C1, B1, 97, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDosSearchPath_Ustr + 141 7C918D32 19 Bytes [ 89, 5D, 8C, 83, 65, A0, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDosSearchPath_Ustr + 155 7C918D46 85 Bytes [ 00, 00, 89, 7D, FC, 8D, 45, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAllocateHandle + 38 7C9193AC 152 Bytes [ 8B, EC, 56, 8B, 75, 0C, 33, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetUserValueHeap + 7D 7C919446 14 Bytes JMP 7C91C74F C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetUserValueHeap + 8C 7C919455 1 Byte [ 8B ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetUserValueHeap + 8E 7C919457 19 Bytes [ D4, FB, FF, FF, 0F, B7, CB, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetUserValueHeap + A2 7C91946B 51 Bytes JMP 7C91CA9D C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetUserValueHeap + D6 7C91949F 1 Byte [ 83 ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGetVersion + C 7C919657 11 Bytes [ C0, EB, F5, 90, 90, 90, 90, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGetVersion + 18 7C919663 28 Bytes [ EC, 8B, 45, 08, 80, 38, 01, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGetVersion + 35 7C919680 36 Bytes [ 0F, 84, FD, D4, 01, 00, 8B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGetVersion + 5A 7C9196A5 15 Bytes [ 66, 89, 48, 02, 0F, 84, C8, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGetVersion + 6A 7C9196B5 51 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGetNtProductType + 32 7C91976A 95 Bytes [ 00, 00, 00, 0F, 84, 69, 71, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGetNtProductType + 92 7C9197CA 125 Bytes [ FF, 55, 8B, EC, 8B, 4D, 0C, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGetNtProductType + 111 7C919849 7 Bytes [ FF, 75, 08, 8B, 40, 30, 6A ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGetNtProductType + 119 7C919851 71 Bytes CALL 7C910F0A C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_strnicmp + 1C 7C919899 227 Bytes [ 3E, 8A, 4D, 0C, 56, 8B, 75, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrUnloadAlternateResourceModule + 4C 7C91997D 66 Bytes [ 39, 45, DC, 72, 0E, 8B, 45, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDoesFileExists_U + 8 7C9199C0 11 Bytes JMP 90909090
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDoesFileExists_U + 14 7C9199CC 58 Bytes [ EC, 8B, 45, 08, 80, 38, 01, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDoesFileExists_U + 4F 7C919A07 22 Bytes [ 33, C0, 5D, C2, 0C, 00, 90, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDoesFileExists_U + 66 7C919A1E 4 Bytes [ 85, 03, F5, 02 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDoesFileExists_U + 6B 7C919A23 31 Bytes [ 66, 8B, 48, 02, 84, ED, 0F, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlPushFrame + 1B 7C919AFB 120 Bytes CALL 7C90E5AF C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlPushFrame + 95 7C919B75 56 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlReAllocateHeap + 2F 7C919BAF 37 Bytes [ 90, 00, 00, 83, F8, 65, 0F, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlReAllocateHeap + 56 7C919BD6 20 Bytes [ CE, 89, 4D, 14, 3B, C3, 0F, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlReAllocateHeap + 6B 7C919BEB 15 Bytes [ 00, 90, 90, 90, 90, 90, 8B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlReAllocateHeap + 7B 7C919BFB 4 Bytes [ 00, A1, C8, B0 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlReAllocateHeap + 80 7C919C00 14 Bytes [ 7C, 8B, 4D, 28, 89, 45, FC, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlTimeFieldsToTime + 10 7C91AB29 111 Bytes [ 40, 20, 85, C0, 75, 05, 5F, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlTimeFieldsToTime + 80 7C91AB99 64 Bytes [ 33, DB, 89, 5D, 8C, 8B, 75, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlTimeFieldsToTime + C2 7C91ABDB 50 Bytes [ FF, 7F, 0F, 87, C9, 22, 03, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlTimeFieldsToTime + F5 7C91AC0E 89 Bytes [ FF, F6, 46, FD, 02, 0F, 85, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlTimeFieldsToTime + 14F 7C91AC68 18 Bytes [ 83, 07, 23, 03, 00, 0F, B6, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIntegerToChar + B 7C91ACF3 74 Bytes [ 8B, D8, 89, 9D, 5C, FE, FF, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIntegerToChar + 56 7C91AD3E 27 Bytes [ 0F, 85, 65, A7, FF, FF, FF, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIntegerToChar + 72 7C91AD5A 8 Bytes [ 8C, 89, 5D, 10, 83, 7D, 10, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIntegerToChar + 7B 7C91AD63 4 Bytes [ 84, 1C, 3B, 01 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIntegerToChar + 80 7C91AD68 11 Bytes [ 83, 65, FC, 00, 83, 4D, FC, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUnicodeStringToInteger + 30 7C91AEA1 4 Bytes [ 85, 96, 22, 03 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUnicodeStringToInteger + 36 7C91AEA7 124 Bytes [ 4D, D4, 8D, 3C, CE, 89, BD, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUnicodeStringToInteger + B4 7C91AF25 236 Bytes [ 8B, 85, 2C, FF, FF, FF, 8B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUnicodeStringToInteger + 1A2 7C91B013 40 Bytes [ 0F, B7, 0E, 03, C8, 3B, CA, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUnicodeStringToInteger + 1CB 7C91B03C 39 Bytes [ 3B, C8, 0F, 85, 21, 38, 01, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!CsrNewThread + 43 7C91B0CD 10 Bytes [ 0F, 83, 78, 19, 03, 00, 88, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!CsrNewThread + 4E 7C91B0D8 25 Bytes [ 45, 18, 8D, 34, 1A, 66, 89, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!CsrNewThread + 68 7C91B0F2 88 Bytes [ 8B, 4D, F8, 8D, 0C, CE, 8A, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!CsrNewThread + C1 7C91B14B 38 Bytes [ 03, 8D, 84, 38, 58, 01, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!CsrNewThread + E8 7C91B172 45 Bytes CALL 7C911698 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlpWaitForCriticalSection + 1 7C91B1A0 2 Bytes [ 45, 0C ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlpWaitForCriticalSection + 4 7C91B1A3 82 Bytes JMP 81DCE3AC
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlpWaitForCriticalSection + 57 7C91B1F6 13 Bytes [ 53, 8B, 5D, 0C, 8D, 43, 30, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlpWaitForCriticalSection + 66 7C91B205 92 Bytes [ F8, 0F, 84, 05, 02, 00, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlpWaitForCriticalSection + C3 7C91B262 16 Bytes [ 00, 04, 00, F7, D8, 1B, C0, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlpUnWaitCriticalSection + C 7C91B273 76 Bytes [ 00, 00, 57, 6A, 00, 8D, 45, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlpUnWaitCriticalSection + 59 7C91B2C0 23 Bytes [ 00, 80, 67, 05, EF, 8B, 4D, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlpUnWaitCriticalSection + 71 7C91B2D8 13 Bytes [ C6, 40, 05, 10, 89, 43, 38, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlpUnWaitCriticalSection + 7F 7C91B2E6 54 Bytes JMP 81D2A8EE
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlpUnWaitCriticalSection + B6 7C91B31D 10 Bytes [ F0, 02, FE, 7F, 02, 0F, 85, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_snwprintf + 58 7C91BC22 10 Bytes [ C3, F7, F6, 8B, 75, EC, 33, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_snwprintf + 63 7C91BC2D 46 Bytes [ C3, 69, C0, 6D, 01, 00, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_snwprintf + 92 7C91BC5C 20 Bytes [ D2, 0F, 84, 7C, FE, FF, FF, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_snwprintf + A7 7C91BC71 12 Bytes [ BF, 80, C0, 21, 91, 7C, 6B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_snwprintf + B4 7C91BC7E 14 Bytes [ 75, 0C, 6B, C9, 3C, 03, 4D, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrFindResourceDirectory_U + 77 7C91C2C4 17 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrFindResourceDirectory_U + 89 7C91C2D6 1 Byte [ 03 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrFindResourceDirectory_U + 8B 7C91C2D8 1 Byte [ 10 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrFindResourceDirectory_U + 8D 7C91C2DA 8 Bytes [ 8D, 45, FC, 50, E8, 8D, 1D, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrFindResourceDirectory_U + 96 7C91C2E3 43 Bytes [ 85, C0, 8B, 45, 08, 8D, 50, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGetActiveActivationContext + 11 7C91C5BC 42 Bytes [ FF, B8, A3, 00, 00, 00, 39, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGetActiveActivationContext + 3C 7C91C5E7 14 Bytes [ 89, 85, F4, FB, FF, FF, 8B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGetActiveActivationContext + 4B 7C91C5F6 14 Bytes [ 0F, BE, C3, 50, 8D, 85, FC, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGetActiveActivationContext + 5A 7C91C605 40 Bytes [ FF, FF, 50, 89, 8D, A0, FB, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGetActiveActivationContext + 83 7C91C62E 3 Bytes [ 85, FC, FB ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrQueryImageFileExecutionOptions + 1C 7C91CC9F 28 Bytes [ 0F, 84, E3, 06, 00, 00, C3, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrQueryImageFileExecutionOptions + 39 7C91CCBC 4 Bytes [ 68, 16, 00, 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrQueryImageFileExecutionOptions + 3E 7C91CCC1 171 Bytes [ F8, 3B, FB, 0F, 8C, 6D, 49, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrQueryImageFileExecutionOptions + EA 7C91CD6D 22 Bytes [ 00, 38, 5D, 18, 0F, 85, 47, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrQueryImageFileExecutionOptions + 101 7C91CD84 5 Bytes [ 89, 46, 28, 66, 89 ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAppendPathElement + 135 7C91D5F2 8 Bytes [ 45, C4, 50, FF, 75, 18, 56, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAppendPathElement + 13E 7C91D5FB 105 Bytes CALL 7C91D672 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAppendPathElement + 1A8 7C91D665 2 Bytes [ A4, 38 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAppendPathElement + 1AC 7C91D669 5 Bytes JMP 7C91CCD7 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAppendPathElement + 1B3 7C91D670 205 Bytes [ 90, 90, 90, 8B, FF, 55, 8B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrDisableThreadCalloutsForDll + 63 7C91D73E 17 Bytes CALL 7C917FD7 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrDisableThreadCalloutsForDll + 75 7C91D750 202 Bytes [ B9, FE, FF, 00, 00, 3B, C1, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrDisableThreadCalloutsForDll + 140 7C91D81B 238 Bytes [ EC, 10, 53, 56, 8B, 75, 0C, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrDisableThreadCalloutsForDll + 22F 7C91D90A 12 Bytes [ 83, 7D, B4, 00, 66, 8B, 0E, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrDisableThreadCalloutsForDll + 23C 7C91D917 13 Bytes [ 66, 85, FF, 77, B9, EB, CA, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlpEnsureBufferSize + 8 7C91E26F 5 Bytes CALL 7C91E281 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlpEnsureBufferSize + E 7C91E275 12 Bytes [ C0, 7D, D3, 5D, C2, 10, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlpEnsureBufferSize + 1B 7C91E282 108 Bytes [ FF, 55, 8B, EC, 51, 51, 8B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlpEnsureBufferSize + 88 7C91E2EF 55 Bytes [ 6A, 00, 57, 53, FF, 75, F8, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlEnumerateGenericTableWithoutSplaying + 34 7C91E328 3 Bytes [ 8B, FF, 55 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlRealSuccessor + 1 7C91E32C 4 Bytes [ EC, 83, EC, 3C ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlRealSuccessor + 6 7C91E331 71 Bytes [ 45, 14, 33, C9, 3B, C1, 89, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIsGenericTableEmpty + D 7C91E379 26 Bytes [ 84, 2F, 03, 00, 00, 3B, F1, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIsGenericTableEmpty + 28 7C91E394 86 Bytes [ 3E, FE, FF, 64, A1, 18, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!CsrCaptureMessageBuffer + 3C 7C91E3EB 3 Bytes [ EC, 8D, 44 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!CsrCaptureMessageBuffer + 40 7C91E3EF 122 Bytes [ 02, 3D, FE, FF, 00, 00, 0F, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!wcsncmp + 5B 7C91E46A 9 Bytes [ FF, 8B, F8, 85, FF, 0F, 8C, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!wcsncmp + 65 7C91E474 57 Bytes [ 00, 8B, 45, EC, 8D, 48, 02, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!wcsncmp + 9F 7C91E4AE 47 Bytes [ 90, 90, 02, 00, 04, 00, 70, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!wcsncmp + D0 7C91E4DF 6 Bytes [ FF, 89, 45, FC, A1, 20 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!wcsncmp + D7 7C91E4E6 45 Bytes [ 92, 7C, 89, 45, D4, 89, 45, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetCurrentDirectory_U + A 7C91E798 28 Bytes [ 6A, 00, FF, 70, 04, FF, B5, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetCurrentDirectory_U + 27 7C91E7B5 2 Bytes [ B5, EA ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetCurrentDirectory_U + 2B 7C91E7B9 33 Bytes [ FF, 36, FF, B5, EC, FD, FF, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetCurrentDirectory_U + 4D 7C91E7DB 14 Bytes [ 8B, 40, 0C, 8B, 50, 20, 83, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetCurrentDirectory_U + 5C 7C91E7EA 50 Bytes [ 51, 04, 89, 0A, 89, 48, 04, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!vDbgPrintExWithPrefix + 24 7C91EA7F 23 Bytes [ 55, 14, 90, 90, 90, 90, 90, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!vDbgPrintExWithPrefix + 3C 7C91EA97 1 Byte [ 4D ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!vDbgPrintExWithPrefix + 3E 7C91EA99 4 Bytes [ 8B, C8, 81, E1 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!vDbgPrintExWithPrefix + 43 7C91EA9E 50 Bytes [ 0F, 00, 00, 03, 4D, 08, C1, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!vDbgPrintExWithPrefix + 77 7C91EAD2 3 Bytes [ 8B, FF, 55 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!DbgPrintEx + 1 7C91EAD6 140 Bytes [ EC, 83, EC, 10, 53, 56, FF, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!CsrAllocateCaptureBuffer + B 7C91EB63 86 Bytes [ 45, FC, 39, 45, FC, 72, 9B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!CsrAllocateMessagePointer + 1 7C91EBBA 4 Bytes [ 09, 8B, 7A, 18 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!CsrAllocateMessagePointer + 6 7C91EBBF 21 Bytes [ 5A, 20, 03, DF, 89, 5D, 88, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!CsrAllocateMessagePointer + 1C 7C91EBD5 2 Bytes [ 7A, 18 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!CsrAllocateMessagePointer + 1F 7C91EBD8 4 Bytes [ 5D, 94, 3B, DF ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!CsrAllocateMessagePointer + 25 7C91EBDE 20 Bytes [ 72, FC, FF, FF, 8B, 7A, 18, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrFindCreateProcessManifest + 3 7C91FE08 32 Bytes [ 3D, FE, FF, 00, 00, 0F, 87, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrFindCreateProcessManifest + 24 7C91FE29 10 Bytes [ 07, 51, 0F, B7, 0E, FF, 75, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrFindCreateProcessManifest + 2F 7C91FE34 10 Bytes [ 46, 04, 8D, 04, 48, 50, E8, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrFindCreateProcessManifest + 3A 7C91FE3F 41 Bytes [ 66, 8B, 45, C4, 33, C9, 66, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrFindCreateProcessManifest + 64 7C91FE69 54 Bytes [ 04, 0F, 85, 56, 73, 02, 00, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrCreateOutOfProcessImage + 41 7C9201E4 63 Bytes [ 0F, 84, F5, 5D, 02, 00, 8D, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrCreateOutOfProcessImage + 81 7C920224 45 Bytes [ FF, 89, 85, 8C, FB, FF, FF, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrCreateOutOfProcessImage + AF 7C920252 28 Bytes [ 39, 9D, 88, FB, FF, FF, 0F, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrCreateOutOfProcessImage + CC 7C92026F 62 Bytes [ 90, 53, 58, 53, 3A, 20, 41, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrCreateOutOfProcessImage + 10C 7C9202AF 129 Bytes [ 00, 53, 58, 53, 3A, 20, 53, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlReleaseMemoryStream + 2 7C920331 12 Bytes [ FF, 3B, FB, 0F, 85, DC, 70, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlReleaseMemoryStream + F 7C92033E 22 Bytes CALL 7C92036F C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlReleaseMemoryStream + 26 7C920355 16 Bytes [ 3B, C3, 0F, 85, EE, 70, 02, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlReleaseMemoryStream + 39 7C920368 2 Bytes [ 28, 68 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlReleaseMemoryStream + 3D 7C92036C 88 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!qsort + D 7C9203C5 30 Bytes [ 4F, 24, 89, 08, 33, D2, 6A, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!qsort + 2C 7C9203E4 75 Bytes CALL 7C910BB1 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!qsort + 78 7C920430 215 Bytes [ 89, 85, D4, FD, FF, FF, 33, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlpApplyLengthFunction + 52 7C920508 14 Bytes [ 85, E4, FD, FF, FF, 89, 13, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlpApplyLengthFunction + 61 7C920517 8 Bytes [ 8B, 8D, DC, FD, FF, FF, 89, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlReadOutOfProcessMemoryStream + 1 7C920520 8 Bytes [ 85, D4, FD, FF, FF, 3B, C6, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlReadOutOfProcessMemoryStream + B 7C92052A 28 Bytes [ 8D, E4, FD, FF, FF, 89, 08, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlReadOutOfProcessMemoryStream + 28 7C920547 11 Bytes [ 0F, 85, 60, 58, 02, 00, 8B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlReadOutOfProcessMemoryStream + 34 7C920553 135 Bytes CALL 7C910E55 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlQueryInterfaceMemoryStream + 3E 7C9205DB 40 Bytes [ 00, 8B, 45, 0C, 83, F8, 01, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlQueryInterfaceMemoryStream + 69 7C920606 27 Bytes [ 39, 7E, 04, 0F, 84, B0, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlQueryInterfaceMemoryStream + 85 7C920622 31 Bytes [ 0F, 87, 36, 50, 02, 00, 64, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!CsrCaptureMessageMultiUnicodeStringsInPlace + 15 7C920642 17 Bytes [ D8, 3B, DF, 0F, 84, 1D, 50, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!CsrCaptureMessageMultiUnicodeStringsInPlace + 27 7C920654 62 Bytes [ 8D, 7B, 10, 89, 7B, 08, 66, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!CsrCaptureMessageMultiUnicodeStringsInPlace + 66 7C920693 43 Bytes [ 8B, 45, 08, 8B, 40, 08, 8D, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!CsrCaptureMessageMultiUnicodeStringsInPlace + 92 7C9206BF 64 Bytes [ 3B, F7, 0F, 85, AB, 4F, 02, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!CsrCaptureMessageString + 12 7C920700 33 Bytes [ 45, 08, 48, 56, 8B, 75, 10, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!CsrCaptureMessageString + 34 7C920722 26 Bytes [ 8B, 43, 04, 83, C4, 10, 85, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!CsrCaptureMessageString + 50 7C92073E 21 Bytes [ 50, 38, 8D, 42, 10, 3D, FE, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!CsrCaptureMessageString + 66 7C920754 107 Bytes [ 0F, B7, 4B, 0E, 3B, C1, 0F, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGetLengthWithoutLastFullDosOrNtPathElement + 67 7C9207C0 81 Bytes CALL 7C91A9B8 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGetLengthWithoutLastFullDosOrNtPathElement + B9 7C920812 49 Bytes [ 20, 23, 25, 49, 75, 0A, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGetLengthWithoutLastFullDosOrNtPathElement + EB 7C920844 223 Bytes [ C4, 14, 8D, 85, D4, FB, FF, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGetLengthWithoutLastFullDosOrNtPathElement + 1CC 7C920925 39 Bytes [ 00, 90, 90, 90, 90, 90, 8B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGetLengthWithoutLastFullDosOrNtPathElement + 1F4 7C92094D 31 Bytes [ 45, 10, 89, 85, DC, FD, FF, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrAccessOutOfProcessResource + 2 7C92099A 44 Bytes [ FF, 89, BD, E4, FD, FF, FF, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrAccessOutOfProcessResource + 2F 7C9209C7 12 Bytes [ FF, 0F, 84, C4, 4F, 02, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInitOutOfProcessMemoryStream + 2 7C9209D4 163 Bytes [ 0F, 84, B8, 4F, 02, 00, 39, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlStatMemoryStream + 43 7C920A78 76 Bytes [ BD, E4, FD, FF, FF, 0F, 85, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCreateActivationContext + 10 7C920AC5 7 Bytes [ 50, 57, 8D, 85, D4, FD, FF ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCreateActivationContext + 18 7C920ACD 18 Bytes [ 50, FF, B5, F0, FD, FF, FF, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCreateActivationContext + 2B 7C920AE0 79 Bytes [ 84, C0, 0F, 84, 9E, 4D, 02, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCreateActivationContext + 7B 7C920B30 6 Bytes [ 85, 9C, FD, FF, FF, 18 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCreateActivationContext + 83 7C920B38 21 Bytes [ 00, C7, 85, A8, FD, FF, FF, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFinalReleaseOutOfProcessMemoryStream + 6F 7C920E8D 17 Bytes [ 0F, 85, DF, 69, 02, 00, 33, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFinalReleaseOutOfProcessMemoryStream + 82 7C920EA0 73 Bytes [ 83, 7D, 14, 03, 0F, 85, C8, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSplay + 32 7C920EEA 91 Bytes [ FF, 89, B5, B8, FE, FF, FF, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDuplicateUnicodeString + 2B 7C920F46 23 Bytes [ 89, B5, 9C, FE, FF, FF, C7, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDuplicateUnicodeString + 43 7C920F5E 5 Bytes [ FF, B8, 00, 01, 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDuplicateUnicodeString + 49 7C920F64 80 Bytes [ 89, 85, 80, FE, FF, FF, 8D, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDuplicateUnicodeString + 9A 7C920FB5 66 Bytes [ 85, B4, FE, FF, FF, 8D, 8D, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDuplicateUnicodeString + DD 7C920FF8 57 Bytes [ 8D, BC, FE, FF, FF, 0F, B7, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlLookupElementGenericTable + 23 7C921032 72 Bytes [ 0F, 87, 62, 68, 02, 00, 8D, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlLookupElementGenericTable + 6C 7C92107B 27 Bytes [ FF, 3B, B5, 9C, FE, FF, FF, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlLookupElementGenericTable + 88 7C921097 4 Bytes [ 84, 94, 00, 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlLookupElementGenericTable + 8D 7C92109C 20 Bytes [ 89, B5, 98, FE, FF, FF, 89, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlLookupElementGenericTable + A2 7C9210B1 66 Bytes [ 83, A5, 94, FE, FF, FF, 01, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!CsrClientConnectToServer + 44 7C92122B 147 Bytes [ 80, 0F, 84, 39, 65, 02, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!CsrClientConnectToServer + D8 7C9212BF 34 Bytes [ 55, 8B, EC, 51, 51, 56, 8B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!CsrClientConnectToServer + FB 7C9212E2 80 Bytes [ FF, 8B, 46, 04, 89, 06, 8B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGetNtVersionNumbers + 24 7C921333 29 Bytes [ EC, 8B, 45, 08, 56, 8D, 48, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGetNtVersionNumbers + 42 7C921351 132 Bytes [ 85, EC, FB, FF, FF, 0A, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGetNtVersionNumbers + C7 7C9213D6 1 Byte [ AF ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGetNtVersionNumbers + C9 7C9213D8 164 Bytes [ 53, 8B, 5D, 08, 03, F3, C7, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrEnumerateLoadedModules + 9B 7C921480 22 Bytes [ 90, 64, A1, 18, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInitializeGenericTable + 6 7C921497 228 Bytes [ F2, 8D, 24, 24, 8A, 10, 8A, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInitMemoryStream + 68 7C92157C 5 Bytes [ 90, 90, 90, 90, 90 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInitMemoryStream + 6E 7C921582 153 Bytes [ FF, 55, 8B, EC, 8B, 45, 08, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInitMemoryStream + 109 7C92161D 42 Bytes [ 00, 00, 00, C0, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInitMemoryStream + 134 7C921648 30 Bytes [ F1, 75, 2F, 33, D2, 39, 4D, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInitMemoryStream + 153 7C921667 6 Bytes [ 75, 0C, E8, EA, E4, FF ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCreateTagHeap + 3C 7C922270 35 Bytes [ 00, 8B, 45, 0C, 89, 85, 48, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetThreadPoolStartFunc + 1B 7C922294 11 Bytes [ 8D, 85, 4C, FF, FF, FF, 50, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetThreadPoolStartFunc + 28 7C9222A1 4 Bytes CALL 7C91FBB8 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetThreadPoolStartFunc + 2D 7C9222A6 16 Bytes [ FF, FF, B5, 50, FF, FF, FF, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetThreadPoolStartFunc + 3E 7C9222B7 2 Bytes [ 3A, 0E ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetThreadPoolStartFunc + 42 7C9222BB 96 Bytes [ 8B, 85, 50, FF, FF, FF, 83, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlNormalizeProcessParams + 6 7C92231C 7 Bytes [ 0D, 18, D0, 97, 7C, 89, 08 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlNormalizeProcessParams + E 7C922324 95 Bytes [ 45, 0C, 85, C0, 74, 08, 8B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlNormalizeProcessParams + 6E 7C922384 136 Bytes [ 45, E4, 50, 57, 57, 57, FF, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlNormalizeProcessParams + F7 7C92240D 3 Bytes [ 32, 18, FF ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlNormalizeProcessParams + FB 7C922411 7 Bytes [ 8B, F0, 3B, F3, 7C, 48, C6 ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlResetRtlTranslations + 1 7C9224DC 24 Bytes [ 5D, 10, 56, 8B, 72, 0C, 2B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlResetRtlTranslations + 1A 7C9224F5 31 Bytes [ F3, A5, 8B, C8, 8B, 45, 14, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlResetRtlTranslations + 3A 7C922515 70 Bytes [ FF, 55, 8B, EC, 8B, 55, 08, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlResetRtlTranslations + 81 7C92255C 7 Bytes [ 4F, 18, 95, 7C, 4F, 18, 95 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlResetRtlTranslations + 89 7C922564 7 Bytes [ 35, 0A, 92, 7C, D0, 18, 95 ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInitCodePageTable + 12 7C922668 148 Bytes [ 48, 40, 89, 8D, 4C, FF, FF, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInitCodePageTable + A7 7C9226FD 146 Bytes [ 4D, 90, 83, F9, 18, 72, 0B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInitCodePageTable + 13A 7C922790 83 Bytes [ 6A, 20, 59, B8, 60, B2, 97, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInitCodePageTable + 18F 7C9227E5 256 Bytes CALL 7C919A5A C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInitCodePageTable + 291 7C9228E7 18 Bytes [ 01, 00, 56, 68, 02, 10, 00, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDestroyProcessParameters + 2 7C922DA6 11 Bytes [ 57, 57, 57, 66, C7, 85, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDestroyProcessParameters + E 7C922DB2 73 Bytes [ 66, C7, 85, 02, FF, FF, FF, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDeNormalizeProcessParams + 31 7C922DFC 141 Bytes [ 44, FF, FF, FF, 50, FF, 75, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCreateProcessParameters + 12 7C922E8B 257 Bytes [ 00, 42, 61, 73, 65, 51, 75, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCreateProcessParameters + 114 7C922F8D 8 Bytes [ 00, 00, 00, 5C, 00, 73, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCreateProcessParameters + 11D 7C922F96 19 Bytes [ 73, 00, 74, 00, 65, 00, 6D, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCreateProcessParameters + 131 7C922FAA 17 Bytes [ 4B, 00, 6E, 00, 6F, 00, 77, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCreateProcessParameters + 143 7C922FBC 13 Bytes [ 00, 00, 00, 00, 4B, 00, 6E, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!wcsstr + 3A 7C923849 13 Bytes [ 85, 18, AF, 01, 00, 38, 5E, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!wcsstr + 48 7C923857 32 Bytes [ 8B, 4D, FC, 8A, 45, DB, 5F, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!wcsstr + 6A 7C923879 36 Bytes JMP 7C922303 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!wcsstr + 8F 7C92389E 25 Bytes [ 88, 5D, F4, 88, 5D, F5, 88, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!wcsstr + AA 7C9238B9 32 Bytes [ 00, 12, 50, FF, 35, 34, B2, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDestroyEnvironment + 4 7C923946 11 Bytes [ 45, EC, 89, 45, B0, 8B, 45, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDestroyEnvironment + 11 7C923953 1 Byte [ F0 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDestroyEnvironment + 13 7C923955 21 Bytes [ 53, 53, 53, 53, 53, 53, 53, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDestroyEnvironment + 29 7C92396B 259 Bytes [ 89, 5D, B4, 89, 5D, BC, 89, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDestroyEnvironment + 12D 7C923A6F 13 Bytes [ 8B, 4D, FC, 5E, 5B, E8, DE, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDestroyHandleTable + 1E 7C923B43 43 Bytes [ 48, 08, 66, 83, 39, 00, 0F, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlNumberGenericTableElements + 16 7C923B6F 176 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrShutdownProcess + 68 7C923C20 77 Bytes [ 30, 18, 89, 5D, 08, 76, 5C, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrShutdownProcess + B6 7C923C6E 70 Bytes [ 0F, 84, 46, A6, 01, 00, 0F, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrShutdownProcess + FD 7C923CB5 87 Bytes [ 00, 00, 00, 2E, 74, 78, 74, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDeleteResource + 32 7C923D0D 29 Bytes [ 03, C7, 3B, 45, EC, 76, 03, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!toupper + 18 7C923D2B 95 Bytes [ 1C, 33, D2, 5F, F7, F7, 8B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!toupper + 78 7C923D8B 121 Bytes [ 00, 3B, 45, A4, 0F, 82, 32, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!toupper + F2 7C923E05 41 Bytes [ 48, 44, 85, C9, 74, 05, 2B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!toupper + 11C 7C923E2F 89 Bytes [ 0A, 85, C9, 74, 04, 2B, C8, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!toupper + 177 7C923E8A 89 Bytes [ 00, 8B, 70, 30, 89, 75, C4, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUpcaseUnicodeToMultiByteN + 68 7C924225 40 Bytes [ 5F, 02, 8B, 47, 04, 85, C0, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUpcaseUnicodeToMultiByteN + 91 7C92424E 109 Bytes [ 48, 04, 66, 8B, 0F, 66, 89, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUpcaseUnicodeToMultiByteN + FF 7C9242BC 6 Bytes [ 57, 0F, 85, C1, C5, 01 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUpcaseUnicodeToMultiByteN + 106 7C9242C3 16 Bytes [ 33, C9, 41, BA, 14, D0, 97, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUpcaseUnicodeToMultiByteN + 117 7C9242D4 36 Bytes [ 85, F6, 01, 00, 00, 8D, 85, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlNtPathNameToDosPathName + 46 7C924442 3 Bytes [ D4, 1A, FF ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlNtPathNameToDosPathName + 4A 7C924446 1 Byte [ 85 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlNtPathNameToDosPathName + 4C 7C924448 19 Bytes [ 7C, 4F, 8D, 85, 60, FE, FF, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlNtPathNameToDosPathName + 60 7C92445C 56 Bytes [ 50, 6A, 01, 8D, 85, 70, FE, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlNtPathNameToDosPathName + 99 7C924495 7 Bytes [ E7, C2, 01, 00, 64, A1, 18 ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_wcslwr + 1C 7C924865 76 Bytes [ 85, D2, 75, C7, 33, C0, 5B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!atol + 1C 7C9248B2 107 Bytes [ B7, CB, 8D, 04, 80, 8D, 44, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!mbstowcs + 12 7C92491E 25 Bytes [ 0F, 85, 14, FF, FF, FF, E9, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!mbstowcs + 2C 7C924938 23 Bytes JMP 7C92275E C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!mbstowcs + 44 7C924950 6 Bytes [ 00, 8D, 45, FC, 50, 8D ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!mbstowcs + 4C 7C924958 31 Bytes [ 50, 6A, FF, C6, 05, F4, B1, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!mbstowcs + 6C 7C924978 34 Bytes [ 8B, 45, DC, 66, 8B, 00, 83, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInsertElementGenericTable + 2 7C924A21 35 Bytes CALL 7C9030F2 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInsertElementGenericTable + 26 7C924A45 61 Bytes [ 8B, 47, 0C, 83, C0, 1C, 3B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInsertElementGenericTable + 64 7C924A83 21 Bytes [ 00, 00, 33, C0, 8D, 7D, A8, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInsertElementGenericTable + 7A 7C924A99 5 Bytes [ C7, 45, FC, 01, 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInsertElementGenericTable + 80 7C924A9F 12 Bytes [ 00, 33, FF, 66, 39, 7E, 3A, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDeleteElementGenericTable + 2 7C924C62 35 Bytes [ FF, 90, 90, 90, 90, 90, FF, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDeleteElementGenericTable + 28 7C924C88 160 Bytes [ 8A, 61, 93, 7C, 90, 90, 90, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDelete + 68 7C924D29 4 Bytes [ FF, 6A, 02, 89 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDelete + 6D 7C924D2E 44 Bytes [ F4, 8D, 45, F4, 50, 8D, 45, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDelete + 9A 7C924D5B 21 Bytes [ 0D, E0, B0, 97, 7C, 0F, B7, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDelete + B0 7C924D71 30 Bytes [ 83, E3, 0F, 03, FB, 0F, B7, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDelete + CF 7C924D90 14 Bytes [ 0D, E0, B0, 97, 7C, 8B, F2, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlConsoleMultiByteToUnicodeN + 13 7C924E98 188 Bytes [ 08, 0F, B7, 34, 71, 8B, DA, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlConsoleMultiByteToUnicodeN + D2 7C924F57 9 Bytes [ B7, 55, 18, 8B, 0D, E0, B0, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlConsoleMultiByteToUnicodeN + DC 7C924F61 100 Bytes [ F2, C1, EE, 08, 0F, B7, 34, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlConsoleMultiByteToUnicodeN + 141 7C924FC6 83 Bytes [ 8B, F2, C1, EE, 08, 0F, B7, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlConsoleMultiByteToUnicodeN + 195 7C92501A 240 Bytes JMP 7C9253A6 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!sprintf + 37 7C925BDB 35 Bytes [ 70, 04, 85, F6, 89, 72, 08, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!sprintf + 5B 7C925BFF 55 Bytes [ FF, FF, 8B, 70, 04, 85, F6, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!sprintf + 93 7C925C37 17 Bytes [ FF, 90, 90, 90, 90, 90, 8B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!sprintf + A5 7C925C49 20 Bytes [ C0, 74, 07, 8B, 48, 08, 85, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!sprintf + BC 7C925C60 83 Bytes [ 8B, FF, 55, 8B, EC, 57, 8B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCreateHeap + 52 7C925CB4 76 Bytes [ C0, 75, 26, 8B, 46, 08, EB, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCreateHeap + 9F 7C925D01 29 Bytes [ 31, 0F, 85, EC, 7F, 02, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCreateHeap + BE 7C925D20 157 Bytes [ EB, B4, 90, 90, 90, 90, 90, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCreateHeap + 15C 7C925DBE 97 Bytes [ FF, 00, 00, 8B, 9D, 7C, FF, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCreateHeap + 1BE 7C925E20 36 Bytes [ 00, 00, 8A, 51, 04, 80, FA, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFindClearBitsAndSet + A 7C92640F 8 Bytes [ FF, 40, 33, FF, 39, BD, E8, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFindClearBitsAndSet + 14 7C926419 4 Bytes [ 8D, 85, F4, FD ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFindClearBitsAndSet + 19 7C92641E 6 Bytes [ FF, 89, 85, E4, FD, FF ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFindClearBitsAndSet + 20 7C926425 4 Bytes [ 0F, 8D, 07, 01 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFindClearBitsAndSet + 26 7C92642B 7 Bytes CALL 8392642D
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetBits + 5B 7C926493 53 Bytes [ 8B, 01, 8B, 51, 04, 83, C1, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetBits + 91 7C9264C9 6 Bytes [ 00, 83, 85, EC, FD, FF ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDestroyHeap + 2 7C9264D0 1 Byte [ 04 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDestroyHeap + 4 7C9264D2 5 Bytes [ 85, EC, FD, FF, FF ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDestroyHeap + A 7C9264D8 2 Bytes [ 40, FC ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDestroyHeap + D 7C9264DB 54 Bytes [ C0, 74, 39, 8B, 48, 04, 85, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDestroyHeap + 44 7C926512 60 Bytes JMP 7C92676B C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlClearBits + 30 7C9266D1 64 Bytes [ 8B, 85, EC, FD, FF, FF, 8B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAreBitsSet + 2B 7C926712 21 Bytes [ 01, 8C, 00, 00, F7, D8, 83, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAreBitsSet + 41 7C926728 58 Bytes [ 00, 83, A5, F0, FD, FF, FF, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAreBitsSet + 7C 7C926763 32 Bytes [ E4, FD, FF, FF, C6, 01, 30, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAreBitsSet + 9D 7C926784 6 Bytes [ FF, 2B, 89, 85, D0, FD ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAreBitsSet + A4 7C92678B 90 Bytes JMP 7C926A8C C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!iswctype + A 7C9269DB 10 Bytes [ 04, F6, C3, 20, 8B, 85, EC, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!iswctype + 15 7C9269E6 59 Bytes [ 85, 14, FD, FF, FF, F6, C3, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!iswctype + 51 7C926A22 15 Bytes [ FF, 01, 00, 00, 00, 8B, C3, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!iswctype + 61 7C926A32 7 Bytes [ 75, F3, 8B, 85, E8, FD, FF ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!iswctype + 69 7C926A3A 60 Bytes CALL 02926A3C
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!iswdigit + 2 7C926A77 5 Bytes [ 00, 0F, 85, C2, FE ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!iswdigit + 8 7C926A7D 5 Bytes [ FF, 8B, 9D, F0, FD ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!iswdigit + F 7C926A84 7 Bytes [ F6, C3, 40, 0F, 85, AB, 88 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!iswdigit + 17 7C926A8C 40 Bytes [ 00, 8B, B5, CC, FD, FF, FF, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!iswdigit + 40 7C926AB5 60 Bytes [ 85, DC, FD, FF, FF, 8D, 8D, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUpcaseUnicodeString + 9B 7C926BFE 40 Bytes CALL 67167B06
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUpcaseUnicodeString + C4 7C926C27 15 Bytes JMP 7C92693E C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUpcaseUnicodeString + D4 7C926C37 32 Bytes [ 8B, 85, CC, FD, FF, FF, 0F, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUpcaseUnicodeString + F6 7C926C59 95 Bytes [ E2, FE, FF, FF, 90, 90, 90, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGUIDFromString + 39 7C926CB9 23 Bytes [ 4D, 98, F6, C1, 10, 0F, 85, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGUIDFromString + 51 7C926CD1 1 Byte [ 20 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGUIDFromString + 53 7C926CD3 10 Bytes [ 0F, 85, 59, 44, 01, 00, 64, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGUIDFromString + 5F 7C926CDF 117 Bytes [ 8B, 40, 30, F6, C1, 40, 0F, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGUIDFromString + D5 7C926D55 41 Bytes [ 05, 00, F0, FE, FF, 89, 45, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUnicodeToOemN + 31 7C9270F9 71 Bytes [ 88, 00, 00, 00, 66, 89, 48, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUnicodeToOemN + 79 7C927141 15 Bytes [ 04, 04, 04, 04, 04, 04, 04, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUnicodeToOemN + 89 7C927151 193 Bytes [ 03, 03, 03, 03, 03, 03, 03, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUnicodeStringToOemString + 29 7C927213 23 Bytes [ 01, 02, 01, 01, 01, 05, 04, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUnicodeStringToOemString + 41 7C92722B 4 Bytes [ 02, 02, 01, 01 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUnicodeStringToOemString + 46 7C927230 18 Bytes [ 03, 02, 01, 01, 02, 01, 01, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUnicodeStringToOemString + 59 7C927243 109 Bytes [ 04, 04, 04, 04, 04, 03, 03, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUnicodeStringToOemString + C7 7C9272B1 36 Bytes [ 01, 01, 01, 01, 01, 01, 01, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlOemToUnicodeN 7C92733C 335 Bytes [ 90, 8B, FF, 55, 8B, EC, 83, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlOemStringToUnicodeString + 27 7C92748C 36 Bytes JMP 7C9273B3 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlOemStringToUnicodeString + 4C 7C9274B1 48 Bytes [ 55, 8B, EC, 56, 8B, 75, 08, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlOemStringToUnicodeString + 7D 7C9274E2 46 Bytes [ F6, 46, 13, 01, 0F, 85, AD, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlOemStringToUnicodeString + AC 7C927511 27 Bytes [ 00, 02, 0F, 84, AB, 29, 02, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlOemStringToUnicodeString + C8 7C92752D 6 Bytes [ 50, 8B, 38, BB, 00, 80 ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetEnvironmentVariable + 52 7C9277EA 1 Byte [ 20 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetEnvironmentVariable + 54 7C9277EC 5 Bytes [ 20, 00, 20, 00, 20 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetEnvironmentVariable + 5A 7C9277F2 1 Byte [ 20 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetEnvironmentVariable + 5C 7C9277F4 35 Bytes [ 20, 00, 20, 00, 20, 00, 20, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetEnvironmentVariable + 80 7C927818 9 Bytes [ 10, 00, 10, 00, 10, 00, 10, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlQueueWorkItem + 12 7C927C4A 193 Bytes [ 00, 8B, 75, D8, 66, 39, 7E, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlQueueWorkItem + D4 7C927D0C 26 Bytes [ 1D, 34, 00, 00, 03, DF, FF, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlQueueWorkItem + EF 7C927D27 3 Bytes [ 49, FF, FF ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlQueueWorkItem + F3 7C927D2B 40 Bytes [ 66, 89, 01, FF, 45, F4, 33, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlQueueWorkItem + 11C 7C927D54 11 Bytes [ FF, 55, 8B, EC, 83, EC, 0C, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlLookupAtomInAtomTable + 4D 7C9284D7 17 Bytes [ 1C, 41, 33, C0, 5E, 5F, 5B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlLookupAtomInAtomTable + 60 7C9284EA 8 Bytes [ 00, 83, C8, 10, C1, E0, 04, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlLookupAtomInAtomTable + 69 7C9284F3 34 Bytes CALL 7C9142F0 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlLookupAtomInAtomTable + 8C 7C928516 5 Bytes [ 00, 00, E9, C6, 27 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlLookupAtomInAtomTable + 92 7C92851C 14 Bytes CALL 7C9142F0 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFindActivationContextSectionGuid + 46 7C928D34 5 Bytes [ 75, 08, E8, 24, 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFindActivationContextSectionGuid + 4D 7C928D3B 21 Bytes [ 8B, D8, 68, 20, B4, 97, 7C, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFindActivationContextSectionGuid + 64 7C928D52 322 Bytes [ 5E, 8B, C3, 5B, C9, C2, 0C, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlStringFromGUID 7C928E96 15 Bytes [ 90, 90, 90, 8D, 45, D0, 50, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlStringFromGUID + 10 7C928EA6 24 Bytes [ 00, 00, 83, B8, 9C, 0F, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlStringFromGUID + 29 7C928EBF 74 Bytes [ EC, 51, 51, 64, A1, 18, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlStringFromGUID + 74 7C928F0A 20 Bytes [ FF, 55, 8B, EC, 51, 51, 53, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlStringFromGUID + 89 7C928F1F 50 Bytes [ 7D, 0C, 8B, 75, 10, B8, 00, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIsTextUnicode + 9 7C929054 68 Bytes [ 1A, 89, 18, 89, 50, 04, 89, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIsTextUnicode + 4E 7C929099 5 Bytes [ 51, 04, 8D, 70, D0 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIsTextUnicode + 54 7C92909F 2 Bytes [ 40, 04 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIsTextUnicode + 57 7C9290A2 136 Bytes [ 00, F6, 46, 10, 08, 75, 3C, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIsTextUnicode + E0 7C92912B 50 Bytes [ 00, 33, D2, 39, 13, 75, 65, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlMultiByteToUnicodeSize + 4 7C92937E 27 Bytes [ 45, 08, 83, C0, 04, 50, E8, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlMultiByteToUnicodeSize + 20 7C92939A 70 Bytes [ 0C, 33, C0, F7, C3, 00, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFormatMessage + 1D 7C9293E1 104 Bytes [ 0C, 0F, 87, 97, F7, 01, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFormatMessage + 86 7C92944A 118 Bytes [ 0F, 84, 6E, F6, 01, 00, 66, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFormatMessage + FD 7C9294C1 107 Bytes [ 39, 3E, 0F, 84, 6C, F7, 01, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFormatMessage + 169 7C92952D 113 Bytes [ EC, 8D, 45, 0C, 50, FF, 75, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFormatMessage + 1DB 7C92959F 61 Bytes CALL 7C90F8E3 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlpNtQueryValueKey + 19 7C92979F 1 Byte [ 08 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlpNtQueryValueKey + 1B 7C9297A1 7 Bytes [ 85, F4, FD, FF, FF, 3D, FF ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlpNtQueryValueKey + 23 7C9297A9 14 Bytes [ 00, 00, 0F, 83, AF, 0F, 02, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlpNtQueryValueKey + 32 7C9297B8 24 Bytes [ FF, 0F, B7, 03, 8B, 4C, C3, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlpNtQueryValueKey + 4B 7C9297D1 13 Bytes [ F6, C4, 08, 0F, 84, D6, 18, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlpNtOpenKey + 52 7C929899 45 Bytes [ 89, 55, D4, 89, 4D, B4, 8B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlpNtOpenKey + 80 7C9298C7 39 Bytes [ 8B, 02, 89, 45, BC, 83, C2, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlpNtOpenKey + A8 7C9298EF 31 Bytes [ 0F, 85, 71, 01, 00, 00, C1, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlpNtOpenKey + C8 7C92990F 34 Bytes JMP 7C91A03F C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlMakeSelfRelativeSD + 3 7C929932 95 Bytes [ D4, 85, C0, 0F, 85, D9, 06, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlMakeSelfRelativeSD + 63 7C929992 19 Bytes [ C8, 83, C0, 40, 3B, C1, 0F, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlMakeSelfRelativeSD + 77 7C9299A6 63 Bytes JMP 7C9161C5 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlMakeSelfRelativeSD + B7 7C9299E6 142 Bytes [ 74, 09, 0F, BE, 81, 28, 0B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAdjustPrivilege + 28 7C929A75 108 Bytes [ 0F, B6, C4, 0F, BE, 80, 28, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAdjustPrivilege + 95 7C929AE2 3 Bytes [ 75, 18, 88 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAdjustPrivilege + 99 7C929AE6 21 Bytes [ 13, 0F, B7, 0B, 03, CA, 3B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDowncaseUnicodeString + 2 7C929AFC 18 Bytes [ 39, 46, 04, 0F, 84, 20, 17, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDowncaseUnicodeString + 15 7C929B0F 4 Bytes [ 83, 5C, 4D, 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDowncaseUnicodeString + 1A 7C929B14 76 Bytes [ 0F, B6, 43, 07, 8B, 44, 87, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDowncaseUnicodeString + 67 7C929B61 124 Bytes JMP 7C92B401 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDowncaseUnicodeString + E5 7C929BDF 30 Bytes [ 94, 8B, 06, 89, 45, 90, 8B, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlImpersonateSelf + 7A 7C929E01 25 Bytes [ 53, 14, 85, D2, 0F, 84, 1F, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlImpersonateSelf + 94 7C929E1B 10 Bytes [ 32, C0, 84, C0, 57, 0F, 85, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlImpersonateSelf + 9F 7C929E26 115 Bytes [ F6, 43, 10, 01, 0F, 84, 5F, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlImpersonateSelf + 113 7C929E9A 17 Bytes [ EC, 56, 8B, 75, 0C, 6A, 4E, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlImpersonateSelf + 125 7C929EAC 26 Bytes [ FF, 15, 90, 04, 91, 7C, 85, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlReleaseResource + 1A 7C929F7E 76 Bytes [ 53, 57, 56, 8D, 85, C0, FD, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAcquireResourceShared + 2C 7C929FCB 3 Bytes [ D5, 70, FE ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAcquireResourceShared + 30 7C929FCF 58 Bytes [ 8B, F0, 3B, F3, 0F, 84, 6E, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlMapGenericMask + 2D 7C92A00A 60 Bytes [ B7, 08, 83, C7, 02, D1, E9, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetCriticalSectionSpinCount 7C92A047 33 Bytes [ 90, 90, 90, 90, 8B, FF, 55, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetCriticalSectionSpinCount + 22 7C92A069 29 Bytes [ 5D, D0, 89, 5D, D4, 89, 5D, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAcquireResourceExclusive + 12 7C92A088 84 Bytes [ E0, 89, 5D, B4, 89, 5D, B8, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAcquireResourceExclusive + 67 7C92A0DD 5 Bytes [ 00, 39, 5D, F8, 57 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAcquireResourceExclusive + 6E 7C92A0E4 38 Bytes [ 92, CF, 00, 00, 8B, 45, 08, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAcquireResourceExclusive + 95 7C92A10B 82 Bytes CALL C4BA1538
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlTimeToSecondsSince1980 + 1A 7C92A15E 232 Bytes [ 0F, 94, C2, 03, 55, E0, 03, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDeleteSecurityObject + 84 7C92A247 69 Bytes [ 00, 8B, 45, C8, 8B, 4D, C4, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIdentifierAuthoritySid + 41 7C92A28D 102 Bytes [ 66, 3D, FF, FE, 0F, 84, E1, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIdentifierAuthoritySid + A9 7C92A2F5 10 Bytes [ 8A, 0E, 8A, 17, 46, 47, 3A, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIdentifierAuthoritySid + B4 7C92A300 20 Bytes CALL 64A31904
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIdentifierAuthoritySid + CA 7C92A316 53 Bytes [ 00, 3A, C3, 0F, 85, AF, A2, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIdentifierAuthoritySid + 100 7C92A34C 253 Bytes [ 0F, 84, 00, CD, 00, 00, 83, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!towlower + CB 7C92A8F1 35 Bytes [ CA, 8B, 5D, 14, 89, 0B, 0F, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!towlower + EF 7C92A915 76 Bytes [ 4D, 24, 89, 01, 0F, 85, 6E, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!towlower + 13C 7C92A962 59 Bytes [ F0, 8B, 4D, F8, 8B, 75, F4, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!towlower + 178 7C92A99E 15 Bytes [ 42, 14, 0F, 87, 16, 66, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!towlower + 188 7C92A9AE 82 Bytes [ C9, 0F, 86, D5, 19, 00, 00, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUnwind + A 7C92ABAF 14 Bytes [ 8B, 40, 24, 6A, 40, 89, 85, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUnwind + 19 7C92ABBE 2 Bytes [ BD, 7C ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUnwind + 1E 7C92ABC3 54 Bytes [ F3, AB, 6A, 40, 59, 8D, BD, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUnwind + 55 7C92ABFA 6 Bytes [ 50, 6A, FF, FF, B5, 7C ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUnwind + 5C 7C92AC01 42 Bytes [ FF, FF, 89, 75, D4, E8, FE, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUpdateTimer + 23 7C92AE60 74 Bytes JMP 7C92A764 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUpdateTimer + 6E 7C92AEAB 88 Bytes [ 00, 8B, C1, 89, 75, FC, E9, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUpdateTimer + C7 7C92AF04 91 Bytes [ FF, 55, 8B, EC, 6A, 00, FF, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUpdateTimer + 124 7C92AF61 15 Bytes [ 90, 90, 90, 8B, FF, 55, 8B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUpdateTimer + 134 7C92AF71 47 Bytes [ FD, FF, 8B, 46, 28, 85, C0, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlStartRXact + 1A 7C92B14A 16 Bytes [ 45, 08, 6A, 17, FF, 35, 84, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlStartRXact + 2B 7C92B15B 52 Bytes CALL 7C9040A6 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAbortRXact + D 7C92B190 42 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAbortRXact + 39 7C92B1BC 1 Byte [ 0C ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlTimeToSecondsSince1970 + 5 7C92B1C8 119 Bytes [ 64, A1, 18, 00, 00, 00, 8B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlTimeToSecondsSince1970 + 7D 7C92B240 60 Bytes JMP 7C92BD6B C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlTimeToSecondsSince1970 + BA 7C92B27D 3 Bytes [ 94, 97, FE ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlTimeToSecondsSince1970 + BE 7C92B281 93 Bytes JMP 7C92A8EE C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlLengthSecurityDescriptor + 44 7C92B2DF 55 Bytes [ CF, FD, FF, FF, 01, 8B, 85, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlLengthSecurityDescriptor + 7C 7C92B317 10 Bytes JMP 7C92BA1E C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlLengthSecurityDescriptor + 87 7C92B322 42 Bytes [ 83, D4, 8B, FE, FF, 66, 8B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlLengthSecurityDescriptor + B2 7C92B34D 65 Bytes JMP 7C90FCBD C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlLengthSecurityDescriptor + F4 7C92B38F 3 Bytes [ 10, 77, FE ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGetGroupSecurityDescriptor + 16 7C92B40D 30 Bytes [ 4A, 04, 89, 8D, BC, FE, FF, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGetGroupSecurityDescriptor + 35 7C92B42C 10 Bytes [ F6, 46, D3, E6, 89, B5, 10, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlEqualDomainName + 1 7C92B437 83 Bytes [ 4D, 08, 8D, B4, 08, 58, 01, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlEqualDomainName + 55 7C92B48B 24 Bytes [ 8A, 0E, 0B, C8, 88, 0E, E9, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFreeOemString + 11 7C92B4A4 74 Bytes [ 83, E1, 07, 33, D2, 42, D3, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFreeOemString + 5D 7C92B4F0 96 Bytes [ 8B, 46, 04, 0F, B7, 00, 50, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAddAce + 1 7C92B551 11 Bytes [ 4C, 8F, 58, 89, 71, 38, 88, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAddAce + D 7C92B55D 51 Bytes [ F8, 24, F8, 66, 89, 0E, 88, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAddAce + 41 7C92B591 16 Bytes [ 3B, C8, 0F, 84, 1C, 62, FE, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAddAce + 52 7C92B5A2 23 Bytes [ 86, 0E, 62, FE, FF, 8B, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAddAce + 6A 7C92B5BA 53 Bytes [ A6, FB, FE, FF, 0F, B7, 0E, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUpcaseUnicodeToOemN 7C92BD75 7 Bytes [ 90, 90, 8B, FF, 55, 8B, EC ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUpcaseUnicodeToOemN + 8 7C92BD7D 21 Bytes [ 55, 08, 33, C0, 39, 12, 74, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUpcaseUnicodeToOemN + 1E 7C92BD93 12 Bytes [ 03, 42, 08, 5D, C2, 04, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUpcaseUnicodeToOemN + 2B 7C92BDA0 88 Bytes [ FF, 55, 8B, EC, 8B, 55, 0C, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUpcaseUnicodeToOemN + 84 7C92BDF9 103 Bytes [ 7D, 14, 57, 56, 53, FF, 75, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUpcaseUnicodeStringToOemString + 52 7C92C0EB 5 Bytes [ 00, 50, E8, B5, CE ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUpcaseUnicodeStringToOemString + 58 7C92C0F1 53 Bytes [ FF, 03, C7, 13, D3, 89, 86, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUpcaseUnicodeStringToOemString + 8E 7C92C127 2 Bytes [ 5D, C2 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUpcaseUnicodeStringToOemString + 91 7C92C12A 106 Bytes [ 00, 90, 90, 90, 90, 90, 8B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUpcaseUnicodeStringToOemString + FD 7C92C196 6 Bytes [ 64, A1, 18, 00, 00, 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlClearAllBits + 2 7C92C19D 26 Bytes [ 76, 0C, 8B, 40, 30, 6A, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlClearAllBits + 1E 7C92C1B9 20 Bytes [ 5E, 5D, C2, 04, 00, 90, 90, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetAllBits + 2 7C92C1CE 20 Bytes [ 35, 84, A7, 92, 7C, FF, 35, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetAllBits + 17 7C92C1E3 16 Bytes [ 8B, 0D, 08, B2, 92, 7C, 2B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetAllBits + 28 7C92C1F4 3 Bytes [ 85, 5B, F1 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetAllBits + 2D 7C92C1F9 25 Bytes [ 8B, 4D, 0C, 89, 01, B0, 01, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetAllBits + 47 7C92C213 44 Bytes [ 5D, C3, 8A, 06, 46, 3C, 78, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCopySecurityDescriptor 7C92C3B4 123 Bytes [ 90, 8B, FF, 55, 8B, EC, 8B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCopySecurityDescriptor + 7C 7C92C430 37 Bytes [ 00, 90, 90, 90, 90, 90, 8B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCopySecurityDescriptor + A2 7C92C456 9 Bytes [ 75, 0C, 8D, 45, F8, 50, E8, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCopySecurityDescriptor + AD 7C92C461 36 Bytes [ 85, C0, 7C, 19, 53, 8D, 45, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetSecurityObject + 1A 7C92C486 9 Bytes [ 00, 8A, C3, 5B, C9, C2, 08, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetSecurityObject + 27 7C92C493 44 Bytes [ 8B, FF, 55, 8B, EC, 8B, 45, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetSecurityObject + 54 7C92C4C0 2 Bytes [ EC, 53 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetSecurityObject + 57 7C92C4C3 9 Bytes [ 5D, 08, 85, DB, 74, 4D, 83, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetSecurityObject + 62 7C92C4CE 91 Bytes [ 83, 7B, 04, 00, 56, 8D, 73, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!isdigit + 13 7C92C88C 2 Bytes [ 50, 04 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!isdigit + 16 7C92C88F 87 Bytes [ 08, 8B, 32, 3B, 71, 04, 75, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!__isascii + 45 7C92C8E7 58 Bytes [ B7, D6, 8B, FA, C1, EF, 08, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!__isascii + 81 7C92C923 104 Bytes [ 0F, B7, 55, 18, 8B, 0D, E0, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIpv4StringToAddressA + 3B 7C92C98C 68 Bytes [ 03, F2, 66, 8B, 0C, 71, 66, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIpv4StringToAddressA + 80 7C92C9D1 276 Bytes [ 03, F2, 66, 8B, 0C, 71, 66, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrAddRefDll + 11 7C92CAE6 70 Bytes [ B0, 97, 7C, 8B, F2, C1, EE, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrAddRefDll + 58 7C92CB2D 124 Bytes [ 03, F3, 0F, B7, 34, 71, 83, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlConvertSharedToExclusive + C 7C92CBAA 16 Bytes [ 00, 0F, B7, 55, 18, 8B, 0D, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlConvertSharedToExclusive + 1D 7C92CBBB 135 Bytes [ B7, 34, 71, 8B, DA, C1, EB, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlConvertExclusiveToShared + 64 7C92CC44 11 Bytes [ 85, C0, 8B, 7D, 08, 89, 7D, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlConvertExclusiveToShared + 70 7C92CC50 26 Bytes [ 00, 00, 83, 7D, 0C, 00, 0F, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlConvertExclusiveToShared + 8B 7C92CC6B 134 Bytes [ 42, 83, 45, 14, 02, 0F, B6, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlConvertExclusiveToShared + 112 7C92CCF2 4 Bytes [ C2, 66, C1, E8 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlConvertExclusiveToShared + 117 7C92CCF7 34 Bytes [ 84, C0, 74, 0E, 8B, 4D, 0C, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCreateTimer + 59 7C92CD89 2 Bytes [ 56, 57 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCreateTimer + 5D 7C92CD8D 1 Byte [ F8 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCreateTimer + 5F 7C92CD8F 28 Bytes [ 85, B0, FE, FF, FF, 8B, 4D, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCreateTimer + 7C 7C92CDAC 24 Bytes [ 55, 14, A1, F0, B1, 97, 7C, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCreateTimer + 95 7C92CDC5 18 Bytes [ 05, 00, 00, FF, 24, 8D, 30, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetSaclSecurityDescriptor + 20 7C92CF36 59 Bytes [ 4A, 66, 83, F9, 61, 89, 4D, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetSaclSecurityDescriptor + 5D 7C92CF73 3 Bytes [ 89, 4D, 18 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetSaclSecurityDescriptor + 61 7C92CF77 18 Bytes [ B7, 4D, 18, 8A, 0C, 01, 8B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetSaclSecurityDescriptor + 74 7C92CF8A 22 Bytes [ 01, 8B, 15, EC, B1, 97, 7C, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetSaclSecurityDescriptor + 8C 7C92CFA2 20 Bytes [ 89, 4D, 18, 0F, B7, 4D, 18, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSelfRelativeToAbsoluteSD + 10 7C92CFB7 79 Bytes [ B6, 0C, 01, 8B, 15, EC, B1, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSelfRelativeToAbsoluteSD + 60 7C92D007 17 Bytes [ 8A, 0C, 01, 8B, 55, 08, 88, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSelfRelativeToAbsoluteSD + 72 7C92D019 30 Bytes [ 15, EC, B1, 97, 7C, 0F, B7, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSelfRelativeToAbsoluteSD + 91 7C92D038 157 Bytes [ 01, 8B, 55, 08, 88, 4A, FE, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSelfRelativeToAbsoluteSD + 12F 7C92D0D6 2 Bytes [ 66, 89 ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCopyString + 1F 7C92D1CD 33 Bytes [ FF, 55, 8B, EC, 8B, 45, 08, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCopyString + 42 7C92D1F0 36 Bytes [ 7D, 18, 7A, 0F, 87, 4C, F9, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlValidRelativeSecurityDescriptor + 1C 7C92D215 54 Bytes JMP 7C92D000 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlValidRelativeSecurityDescriptor + 53 7C92D24C 32 Bytes [ 87, 27, F9, FF, FF, 81, C1, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlValidRelativeSecurityDescriptor + 74 7C92D26D 12 Bytes JMP 7C92CF73 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlValidRelativeSecurityDescriptor + 81 7C92D27A 99 Bytes [ 00, 8B, 48, 0C, 3B, CA, 0F, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlValidRelativeSecurityDescriptor + E6 7C92D2DF 62 Bytes [ 0C, 4A, 83, 45, 08, 10, 83, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlRunEncodeUnicodeString + E 7C92D773 112 Bytes [ 8B, 4D, E0, 8B, 55, 18, 8B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlRunDecodeUnicodeString + 31 7C92D7E4 48 Bytes [ 45, 14, 8B, 00, 0F, B6, 40, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlRunDecodeUnicodeString + 62 7C92D815 12 Bytes [ 85, DF, C0, 01, 00, 80, 7D, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlRunDecodeUnicodeString + 6F 7C92D822 14 Bytes [ 01, 00, 5B, 5F, 8B, C6, 5E, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlRunDecodeUnicodeString + 7E 7C92D831 20 Bytes JMP 7C92D4FB C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlRunDecodeUnicodeString + 93 7C92D846 23 Bytes JMP 7C92D5A3 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIpv4AddressToStringExW + 3A 7C92D98C 62 Bytes CALL 7C92D89F C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIpv4AddressToStringW + 1 7C92D9CB 66 Bytes [ 75, F8, 80, 3B, 2E, 0F, 85, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIpv4AddressToStringW + 44 7C92DA0E 1 Byte [ 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIpv4AddressToStringW + 46 7C92DA10 16 Bytes JMP 7C92D97A C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIpv4AddressToStringW + 57 7C92DA21 16 Bytes CALL 7C91EB0F C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIpv4AddressToStringW + 68 7C92DA32 37 Bytes [ FF, 85, C0, 59, 74, 12, 0F, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCreateTimerQueue 7C92DAD3 79 Bytes [ 90, 90, 6A, 18, 68, 78, CB, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCreateTimerQueue + 50 7C92DB23 2 Bytes [ 75, 0C ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCreateTimerQueue + 53 7C92DB26 2 Bytes [ BD, 62 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCreateTimerQueue + 57 7C92DB2A 16 Bytes [ 84, C0, 0F, 84, 60, 98, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCreateTimerQueue + 68 7C92DB3B 142 Bytes [ 01, 00, 66, 83, 78, 38, FF, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAddAccessDeniedAce + F 7C92DBCA 32 Bytes [ 8B, 40, 24, 89, 46, 2C, 56, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAddAccessDeniedAce + 30 7C92DBEB 7 Bytes [ 11, 44, FD, FF, 83, 7E, 28 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAddAccessDeniedAce + 38 7C92DBF3 80 Bytes [ 75, 1C, 8B, 46, 1C, 83, 66, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlPrefixString + 1F 7C92DC44 88 Bytes [ 00, 89, 45, DC, FF, B3, 90, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_itow + 1C 7C92DC9D 105 Bytes [ 7D, 08, 8B, 77, 14, E8, 35, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_itow + 86 7C92DD07 90 Bytes [ 84, C0, 74, 10, 6A, 00, FF, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_itow + E1 7C92DD62 34 Bytes [ F7, 45, 22, FF, FF, 0F, 85, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetIoCompletionCallback + 1C 7C92DD85 4 Bytes [ 3B, 66, 00, 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetIoCompletionCallback + 22 7C92DD8B 67 Bytes [ 89, 45, 08, 0F, 8C, D7, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetIoCompletionCallback + 67 7C92DDD0 3 Bytes [ 35, DD, 01 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetIoCompletionCallback + 6B 7C92DDD4 147 Bytes [ 89, 4E, 38, 8B, 45, 18, 89, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetIoCompletionCallback + FF 7C92DE68 49 Bytes [ 30, 5F, 5E, 83, 7D, FC, 00, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCreateUserThread + 9A 7C92E004 37 Bytes [ 8B, 7D, 18, 8B, 5D, F0, 3B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCreateUserThread + C0 7C92E02A 48 Bytes [ FD, FF, 8B, 45, EC, 80, 66, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCreateUserThread + F3 7C92E05D 4 Bytes [ 85, 3A, A8, 01 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCreateUserThread + F9 7C92E063 84 Bytes [ 45, E0, 3B, C3, 74, 15, 0F, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInitializeContext + F 7C92E0B8 48 Bytes [ 00, 8B, 45, 0C, 8B, 56, 1C, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInitializeContext + 41 7C92E0EA 39 Bytes [ 33, C0, 8B, 56, 14, 89, 42, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInitializeContext + 69 7C92E112 9 Bytes [ 00, 89, 41, 14, FF, B7, 1C, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInitializeContext + 73 7C92E11C 31 Bytes CALL 7C92BD0B C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInitializeContext + 94 7C92E13D 8 Bytes [ 57, FF, 75, 0C, FF, B7, 1C, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlpNtEnumerateSubKey + 1D 7C92E58E 6 Bytes [ 4D, FC, FF, C7, 45, F8 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlpNtEnumerateSubKey + 24 7C92E595 16 Bytes [ D8, 94, 11, 8D, 45, F8, E9, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlpNtEnumerateSubKey + 35 7C92E5A6 1 Byte [ C0 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlpNtEnumerateSubKey + 37 7C92E5A8 4 Bytes [ 8D, 1B, 5C, 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlpNtEnumerateSubKey + 3C 7C92E5AD 11 Bytes JMP 7C94DF46 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAddAttributeActionToRXact + 14 7C92E642 2 Bytes JMP 6592E83F
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAddAttributeActionToRXact + 18 7C92E646 198 Bytes JMP 7C94DF35 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAddAttributeActionToRXact + DF 7C92E70D 20 Bytes [ 57, 8D, 46, 08, 50, 56, 68, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAddAttributeActionToRXact + F4 7C92E722 2 Bytes [ F8, 85 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAddAttributeActionToRXact + F7 7C92E725 163 Bytes [ 0F, 8C, C0, 07, 02, 00, BA, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlApplyRXact + 28 7C92E831 156 Bytes JMP 7C936AFA C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAddActionToRXact + 41 7C92E8CE 110 Bytes [ FB, 04, 0F, 85, 25, 82, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlNewSecurityObject + 16 7C92E93D 14 Bytes [ 89, 38, 8B, 45, 14, 0F, C9, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlNewSecurityObject + 25 7C92E94C 90 Bytes [ 00, 90, 90, 90, 90, 90, 8B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_itoa + 43 7C92E9A7 22 Bytes [ D0, 66, F3, A5, 33, C0, 89, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_itoa + 5A 7C92E9BE 61 Bytes [ B8, 0D, 00, 00, C0, EB, EB, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_itoa + 98 7C92E9FC 25 Bytes [ 04, 46, 5E, 5D, C2, 08, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_itoa + B2 7C92EA16 60 Bytes [ 25, 00, 75, 00, 00, 00, CC, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_itoa + EF 7C92EA53 84 Bytes [ 0F, 84, CF, 3D, 01, 00, 3B, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetProcessIsCritical + 18 7C92EB84 6 Bytes [ 0F, 85, 2C, CF, 01, 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetProcessIsCritical + 1F 7C92EB8B 11 Bytes [ C6, 5E, C9, C2, 04, 00, 56, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetProcessIsCritical + 2B 7C92EB97 21 Bytes [ 68, C9, 7A, 92, 7C, FF, 35, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetProcessIsCritical + 41 7C92EBAD 43 Bytes JMP 7C94F03D C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetThreadIsCritical + 19 7C92EBD9 5 Bytes CALL 7C9355E2 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetThreadIsCritical + 1F 7C92EBDF 2 Bytes [ F0, 85 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetThreadIsCritical + 22 7C92EBE2 72 Bytes [ 0F, 8D, 1F, FF, FF, FF, EB, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUniform + 2A 7C92EC2B 38 Bytes [ 45, 08, 8B, 4D, 0C, 8B, 51, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUniform + 51 7C92EC52 24 Bytes [ 74, 1F, 8A, 06, 8A, 0A, 46, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUniform + 6A 7C92EC6B 141 Bytes [ 81, C7, FF, FF, 00, 00, EB, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUniform + F8 7C92ECF9 25 Bytes [ 56, 6A, 10, 8D, 45, EC, 50, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUniform + 112 7C92ED13 80 Bytes [ FF, 81, 7D, F4, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrFlushAlternateResourceModules + 42 7C92ED64 231 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCreateUserSecurityObject + B 7C92EE4C 22 Bytes [ 8B, 40, 30, FF, 70, 08, E8, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCreateUserSecurityObject + 22 7C92EE63 24 Bytes [ 06, 8B, 48, 60, 89, 4D, 0C, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCreateUserSecurityObject + 3B 7C92EE7C 30 Bytes [ 40, 30, 8B, 80, 08, 02, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCreateUserSecurityObject + 5A 7C92EE9B 5 Bytes [ 45, D0, 8D, 54, 10 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCreateUserSecurityObject + 60 7C92EEA1 42 Bytes [ 48, F7, D0, 23, D0, 8B, 45, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCreateAndSetSD + 13 7C92EECC 119 Bytes CALL 7C90DF4E C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCreateAndSetSD + 8B 7C92EF44 18 Bytes [ 8D, 45, F8, 50, 8D, 45, FC, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCreateAndSetSD + 9E 7C92EF57 74 Bytes [ 45, F8, 01, 46, 0C, 33, C0, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCreateAndSetSD + E9 7C92EFA2 106 Bytes [ 8B, 45, 2C, 89, 85, 00, FD, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCreateAndSetSD + 154 7C92F00D 12 Bytes [ 89, BD, F0, FC, FF, FF, 89, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGetLengthWithoutTrailingPathSeperators + 2 7C92F2DF 112 Bytes [ 83, F8, 58, 0F, 8E, 8A, 70, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGetLengthWithoutTrailingPathSeperators + 73 7C92F350 117 Bytes [ 84, 38, 77, FF, FF, E9, 37, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGetLengthWithoutTrailingPathSeperators + E9 7C92F3C6 67 Bytes [ 75, DA, 33, C0, 33, D2, 8B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlQueryRegistryValues + 3C 7C92F40A 13 Bytes JMP 7C935D39 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlQueryRegistryValues + 4A 7C92F418 53 Bytes [ 68, 00, 00, 8B, 45, 0C, 85, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlQueryRegistryValues + 80 7C92F44E 37 Bytes CALL 7C9030F2 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlQueryRegistryValues + A6 7C92F474 7 Bytes [ C7, 89, 45, FC, 0F, 85, 0A ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlQueryRegistryValues + AE 7C92F47C 27 Bytes JMP 7C94BBFC C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetControlSecurityDescriptor + 33 7C92FAE3 28 Bytes [ 8D, 45, F8, 50, FF, 75, F8, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetControlSecurityDescriptor + 50 7C92FB00 18 Bytes [ 39, 1E, 0F, 8C, 97, 95, 01, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetControlSecurityDescriptor + 63 7C92FB13 10 Bytes [ 47, 04, 89, 45, 10, 8B, 45, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetControlSecurityDescriptor + 6E 7C92FB1E 6 Bytes [ 75, 0C, E8, 07, 97, FE ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetControlSecurityDescriptor + 75 7C92FB25 74 Bytes [ 84, C0, 0F, 84, 7A, 95, 01, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_vsnprintf + 9 7C92FB70 98 Bytes [ EC, 56, 8B, 75, 0C, 33, C9, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_vsnprintf + 6C 7C92FBD3 69 Bytes [ 64, A1, 18, 00, 00, 00, 38, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_vsnprintf + B3 7C92FC1A 21 Bytes [ FF, 7F, 33, D2, F7, F6, 5E, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_vsnprintf + C9 7C92FC30 21 Bytes [ C0, 75, F6, 8B, C7, 2B, 45, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_vsnprintf + DF 7C92FC46 11 Bytes [ 72, 0C, FF, 75, 14, 50, FF, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInitializeRXact + 45 7C92FE5F 22 Bytes [ 75, 0C, FF, 75, 08, E8, 50, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInitializeRXact + 5C 7C92FE76 7 Bytes CALL 7C90E5F0 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInitializeRXact + 64 7C92FE7E 3 Bytes [ DB, 7C, 20 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInitializeRXact + 68 7C92FE82 11 Bytes [ 75, 1C, FF, 75, FC, FF, 75, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInitializeRXact + 74 7C92FE8E 114 Bytes CALL 7C92F923 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAddAuditAccessAce + 1D 7C93001A 195 Bytes [ FF, 8B, D8, 85, DB, 0F, 8C, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 86 7C9300DF 53 Bytes [ 88, 48, 01, 8B, 4D, 18, 89, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + BC 7C930115 13 Bytes JMP 7C9213EA C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + CA 7C930123 22 Bytes [ F8, 57, 53, FF, 55, 14, 83, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + E1 7C93013A 69 Bytes [ CB, 2B, CF, 89, 55, FC, 8A, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInitializeGenericTableAvl + 1F 7C930180 83 Bytes [ CF, 2B, CE, 89, 55, FC, 8A, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCheckProcessParameters + 3D 7C9301D4 69 Bytes [ 83, C4, 08, 85, C0, 7E, ED, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCheckProcessParameters + 83 7C93021A 18 Bytes [ C4, 08, 85, C0, 7F, BF, EB, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCheckProcessParameters + 96 7C93022D 57 Bytes [ 8D, 24, 24, 2B, 75, 10, 3B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCheckProcessParameters + D0 7C930267 5 Bytes [ 89, 94, 8D, 00, FF ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCheckProcessParameters + D6 7C93026D 37 Bytes [ FF, 41, 89, 4D, F0, 3B, C6, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlLockBootStatusData + 24 7C9302D7 144 Bytes [ FF, 90, 90, 90, 90, 90, 8B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlLockBootStatusData + B6 7C930369 52 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlLockBootStatusData + EB 7C93039E 1 Byte [ 10 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlLockBootStatusData + ED 7C9303A0 23 Bytes [ 00, FF, 75, 08, 8D, 45, FC, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlLockBootStatusData + 105 7C9303B8 17 Bytes [ 8B, 4D, 14, 3B, CE, 5E, 74, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUnlockBootStatusData 7C9303CB 3 Bytes [ 90, 90, 90 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUnlockBootStatusData + 4 7C9303CF 106 Bytes [ FF, 55, 8B, EC, 83, EC, 3C, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGetSetBootStatusData + 29 7C93043A 8 Bytes [ F0, 53, 8B, 5D, 10, 83, C7, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGetSetBootStatusData + 32 7C930443 22 Bytes [ 45, F4, 8B, 0B, 85, C9, 0F, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGetSetBootStatusData + 49 7C93045A 6 Bytes [ A8, 03, 0F, 85, 52, 04 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGetSetBootStatusData + 51 7C930462 39 Bytes [ 8B, 4B, 04, F6, C1, 01, 8B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGetSetBootStatusData + 79 7C93048A 36 Bytes [ 45, 0C, FF, 45, 0C, 83, F8, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCreateUserProcess + 5 7C930580 31 Bytes [ 83, E0, F8, 8D, 51, 02, 2B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCreateUserProcess + 25 7C9305A0 184 Bytes [ CA, 8B, 55, 08, 83, E1, 03, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCreateUserProcess + DF 7C93065A 84 Bytes [ FF, 8B, 45, 08, 5F, 5E, C9, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCreateUserProcess + 134 7C9306AF 55 Bytes [ CB, B8, 01, 00, 53, 33, DB, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCreateUserProcess + 16C 7C9306E7 60 Bytes CALL CD9306E9
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrVerifyImageMatchesChecksum + 15 7C930A21 73 Bytes [ 84, C0, 0F, 85, 24, E8, FF, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrVerifyImageMatchesChecksum + 5F 7C930A6B 72 Bytes JMP 7C930627 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrVerifyImageMatchesChecksum + A8 7C930AB4 201 Bytes [ EC, 8B, 45, 0C, 0F, B7, C8, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlImageRvaToVa + 45 7C930B7F 32 Bytes [ 10, 8D, 45, E0, 50, C7, 45, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlImageRvaToVa + 66 7C930BA0 55 Bytes [ 4D, E4, 0F, 88, 5E, F4, 01, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlImageRvaToVa + 9E 7C930BD8 45 Bytes [ C7, 8D, 48, 01, 8A, 10, 40, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlImageRvaToVa + CC 7C930C06 80 Bytes [ B5, CC, FD, FF, FF, B8, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlImageRvaToVa + 11E 7C930C58 24 Bytes [ 00, 8B, 40, 30, 80, 78, 02, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDnsHostNameToComputerName + 2 7C930EA5 49 Bytes [ C0, 00, 00, 00, 89, 9D, 30, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDnsHostNameToComputerName + 34 7C930ED7 29 Bytes [ C3, FF, B5, 78, FF, FF, FF, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDnsHostNameToComputerName + 53 7C930EF6 32 Bytes [ 0F, 84, A9, 77, 01, 00, 8D, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDnsHostNameToComputerName + 74 7C930F17 5 Bytes [ 50, FF, B5, 78, FF ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDnsHostNameToComputerName + 7A 7C930F1D 11 Bytes CALL 7C92A785 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlWriteRegistryValue + 11 7C930F81 43 Bytes [ 85, C0, 0F, 8D, EF, 77, 01, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlWriteRegistryValue + 3D 7C930FAD 7 Bytes [ 00, CC, CC, CC, CC, CC, CC ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlWriteRegistryValue + 45 7C930FB5 52 Bytes JMP 7C92A910 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDeleteRegistryValue + 1E 7C930FEA 48 Bytes [ FF, 85, C0, 0F, 84, 49, 87, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDeleteRegistryValue + 4F 7C93101B 5 Bytes [ 14, FF, 75, 10, 50 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDeleteRegistryValue + 55 7C931021 28 Bytes [ 75, 0C, FF, 75, 08, E8, CA, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDeleteRegistryValue + 72 7C93103E 1 Byte [ 45 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDeleteRegistryValue + 74 7C931040 13 Bytes [ 74, 04, 83, 60, 20, 00, 8D, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDeregisterWaitEx + 13 7C931295 30 Bytes [ 83, 7D, 08, 00, 0F, 84, 1E, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDeregisterWaitEx + 32 7C9312B4 9 Bytes [ FF, 55, 8B, EC, 81, EC, 34, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDeregisterWaitEx + 3C 7C9312BE 83 Bytes [ A1, C8, B0, 97, 7C, 56, 57, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDeregisterWaitEx + 90 7C931312 3 Bytes CALL 7C902294 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDeregisterWaitEx + 94 7C931316 53 Bytes [ FD, FF, 6A, 20, 33, F6, 8D, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDeregisterWait + 2 7C9315AC 12 Bytes [ FF, FF, 33, DB, 3B, C3, 0F, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDeregisterWait + F 7C9315B9 3 Bytes [ 75, D0, 68 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDeregisterWait + 13 7C9315BD 9 Bytes [ 00, 00, 01, 6A, 10, 53, 53, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDeregisterWait + 1D 7C9315C7 6 Bytes [ 0F, 00, 8D, 45, DC, 50 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDeregisterWait + 24 7C9315CE 3 Bytes [ 8E, CB, FD ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCutoverTimeToSystemTime + 126 7C931B73 13 Bytes [ 0C, 03, C7, 5F, 5E, 5D, C2, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCutoverTimeToSystemTime + 134 7C931B81 19 Bytes CALL 7C9138B5 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCutoverTimeToSystemTime + 148 7C931B95 3 Bytes [ 01, EB, 08 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCutoverTimeToSystemTime + 14C 7C931B99 140 Bytes JMP 7C9222F5 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCutoverTimeToSystemTime + 1D9 7C931C26 18 Bytes [ 8B, 7B, 04, 0F, B7, CE, 8B, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlNewSecurityObjectEx + 10 7C932700 8 Bytes [ 01, 00, 81, F9, E8, 03, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlNewSecurityObjectEx + 19 7C932709 36 Bytes [ 83, 98, 21, 00, 00, 8B, F1, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlNewSecurityObjectEx + 3E 7C93272E 37 Bytes [ C9, 0F, 84, A8, C9, 01, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlNewSecurityObjectEx + 64 7C932754 17 Bytes [ 75, 10, FF, 75, 0C, FF, 75, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlNewSecurityObjectEx + 76 7C932766 84 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlEqualPrefixSid + 49 7C932FAD 1 Byte [ 18 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlEqualPrefixSid + 4B 7C932FAF 2 Bytes [ BF, 17 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlEqualPrefixSid + 4E 7C932FB2 26 Bytes [ 00, C0, 8B, 45, 0C, 8B, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlEqualPrefixSid + 69 7C932FCD 7 Bytes [ 55, 8B, EC, 81, EC, B4, 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlEqualPrefixSid + 71 7C932FD5 30 Bytes [ 00, 53, 56, 33, F6, 89, 75, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlRegisterWait + 38 7C93323B 65 Bytes [ FF, 75, 14, 6A, 00, FF, 75, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlRegisterWait + 7B 7C93327E 140 Bytes [ 83, C8, 04, 09, 45, F4, C6, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlRegisterWait + 108 7C93330B 56 Bytes [ 08, 00, 00, 00, 8D, 70, 03, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlRegisterWait + 142 7C933345 65 Bytes [ 45, F8, 0F, B7, 40, 02, 83, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlRegisterWait + 184 7C933387 132 Bytes [ 45, F4, 66, 09, 43, 02, 83, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDeleteTimer + 34 7C933466 3 Bytes [ A3, DA, FD ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDeleteTimer + 38 7C93346A 28 Bytes [ FF, 75, C0, 53, 57, E8, 99, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDeleteTimer + 55 7C933487 24 Bytes [ 80, 7D, FE, 00, 74, 0F, 39, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDeleteTimer + 6E 7C9334A0 89 Bytes [ 4D, E0, 89, 08, 8B, C6, 5F, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDeleteTimer + C8 7C9334FA 21 Bytes [ 00, FF, 75, 48, FF, 75, 44, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCharToInteger + 60 7C933BF0 107 Bytes [ FF, FF, F6, 47, 01, 01, 75, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInterlockedPushEntrySList + 1B 7C933C5C 15 Bytes CALL 7C933D2B C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInterlockedPushEntrySList + 2B 7C933C6C 9 Bytes [ 80, 7D, FF, 00, 75, 19, 83, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInterlockedPushEntrySList + 35 7C933C76 78 Bytes [ 76, 13, 85, FF, 74, 0F, 57, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInterlockedPopEntrySList + 42 7C933CC5 229 Bytes [ 7D, 08, 8D, 77, 08, 1B, D2, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlQueryDepthSList + BB 7C933DAB 14 Bytes CALL 7C919271 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlQueryDepthSList + CA 7C933DBA 10 Bytes [ 00, 00, 8B, 45, 1C, 83, A5, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlQueryDepthSList + D5 7C933DC5 6 Bytes [ 00, 85, C0, 89, 45, D4 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlQueryDepthSList + DC 7C933DCC 18 Bytes [ 84, 2F, 53, 01, 00, 8B, 45, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlQueryDepthSList + EF 7C933DDF 36 Bytes [ 45, A4, C6, 07, 00, 74, 03, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDeleteAtomFromAtomTable + 35 7C934083 158 Bytes [ F6, 46, 01, 01, 0F, 85, C9, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDeleteAtomFromAtomTable + D4 7C934122 6 Bytes [ 75, 08, 0F, B6, 0E, 89 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDeleteAtomFromAtomTable + DB 7C934129 61 Bytes [ EC, 0F, B6, 02, 8A, 98, A0, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDeleteAtomFromAtomTable + 119 7C934167 119 Bytes [ B6, 42, 01, 8B, C8, F7, D1, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDeleteAtomFromAtomTable + 191 7C9341DF 22 Bytes [ 33, D2, 8D, 48, 10, 42, F0, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlPcToFileHeader + 27 7C93438A 14 Bytes [ 56, 04, 89, 54, 8F, 1C, 8B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlPcToFileHeader + 37 7C93439A 23 Bytes [ FF, 47, 14, FF, 47, 18, 6A, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlPcToFileHeader + 4F 7C9343B2 83 Bytes [ 00, 0F, 85, 00, 9D, FF, FF, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlPcToFileHeader + A3 7C934406 3 Bytes [ D6, DC, FC ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlPcToFileHeader + A7 7C93440A 29 Bytes [ 5E, 8B, C7, 5F, 5D, C2, 04, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAddAtomToAtomTable + C 7C934706 6 Bytes JMP 7C91C1D7 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAddAtomToAtomTable + 13 7C93470D 110 Bytes CALL 7C90EFDE C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAddAtomToAtomTable + 83 7C93477D 95 Bytes [ 89, 5D, 0C, 0F, 85, 75, E9, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAddAtomToAtomTable + E3 7C9347DD 10 Bytes [ 8B, 45, AC, 85, C0, 0F, 84, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAddAtomToAtomTable + EE 7C9347E8 19 Bytes [ 83, 4D, F4, 04, 89, 45, F8, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCreateAtomTable + 2 7C9348EC 136 Bytes JMP 7C928967 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCreateAtomTable + 8B 7C934975 78 Bytes [ 81, E1, FF, 03, FF, FF, E9, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlQueryAtomInAtomTable + 37 7C9349C4 4 Bytes [ 89, 45, 80, 66 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlQueryAtomInAtomTable + 3C 7C9349C9 4 Bytes [ 80, C4, 00, 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlQueryAtomInAtomTable + 41 7C9349CE 88 Bytes [ 66, 3B, 05, CC, B0, 97, 7C, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlQueryAtomInAtomTable + 9A 7C934A27 2 Bytes [ 00, 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlQueryAtomInAtomTable + 9D 7C934A2A 122 Bytes JMP 7C92AC6F C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!VerSetConditionMask + 1C 7C934AA5 35 Bytes CALL 7C928F09 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlVerifyVersionInfo + 2 7C934AC9 54 Bytes JMP 7C929194 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlVerifyVersionInfo + 39 7C934B00 18 Bytes [ 0F, B7, 13, 03, D0, 89, 85, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlVerifyVersionInfo + 4D 7C934B14 4 Bytes [ 89, 85, B8, FD ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlVerifyVersionInfo + 52 7C934B19 34 Bytes [ FF, 0F, 87, AB, 89, 00, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlVerifyVersionInfo + 76 7C934B3D 7 Bytes [ 0F, 85, B8, 01, 00, 00, BE ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!wcstoul + 4 7C934D95 3 Bytes [ 8D, E4, FD ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!wcstoul + 8 7C934D99 11 Bytes [ FF, 66, 85, C9, 74, 10, 66, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!wcstoul + 15 7C934DA6 54 Bytes [ 74, 07, 66, C7, 00, 5C, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!wcstoul + 4C 7C934DDD 31 Bytes [ 66, 89, 38, 2B, 85, F0, FD, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlValidSecurityDescriptor + 1B 7C934DFD 15 Bytes [ 84, C0, 0F, 84, 0E, 01, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlValidSecurityDescriptor + 2B 7C934E0D 17 Bytes [ D4, FD, FF, FF, 50, 57, FF, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlValidSecurityDescriptor + 3D 7C934E1F 6 Bytes [ FF, B5, C8, FD, FF, FF ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlValidSecurityDescriptor + 44 7C934E26 113 Bytes [ B5, C0, FD, FF, FF, FF, B5, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlValidSecurityDescriptor + B6 7C934E98 9 Bytes [ FA, 2E, 75, E5, 83, A5, CC, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGetAce + 16 7C934ECF 4 Bytes [ C1, D1, E8, 8D ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGetAce + 1B 7C934ED4 96 Bytes [ 46, EB, 34, 3B, CE, 0F, 84, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGetAce + 7C 7C934F35 3 Bytes [ 0A, FC, FF ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGetAce + 80 7C934F39 71 Bytes [ FF, B5, C4, FD, FF, FF, 83, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGetAce + C8 7C934F81 4 Bytes JMP 7C934E60 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFindMessage + D2 7C9350CB 86 Bytes [ C2, 08, 00, 90, 90, FF, FF, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFindMessage + 129 7C935122 59 Bytes [ EC, 56, 8B, 75, 08, 8D, 45, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFindMessage + 165 7C93515E 46 Bytes [ E1, F9, FF, FF, F6, 45, 08, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFindMessage + 194 7C93518D 81 Bytes [ 82, 00, 00, 0F, B7, 0B, 8B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFindMessage + 1E7 7C9351E0 74 Bytes JMP C6B7D54B
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!wcscmp + 2 7C935426 60 Bytes [ FF, FF, AD, DD, 94, 7C, B6, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!wcscmp + 3F 7C935463 61 Bytes JMP 7C913CD8 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!wcscmp + 7D 7C9354A1 57 Bytes [ FF, 89, 45, CC, 3B, C3, 0F, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!wcscmp + B7 7C9354DB 50 Bytes [ 1F, 00, 8D, 77, 04, 56, E8, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!wcscmp + EA 7C93550E 156 Bytes [ 90, 8B, FF, 55, 8B, EC, 83, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!wcscspn + 2 7C9356F0 48 Bytes JMP 7C928D48 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!wcscspn + 33 7C935721 50 Bytes CALL 7C929438 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!wcscspn + 66 7C935754 14 Bytes [ 00, 39, 7D, D8, 0F, 84, DD, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!wcscspn + 75 7C935763 87 Bytes [ 00, C0, 68, 41, 74, 6D, 41, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!wcscspn + CE 7C9357BC 2 Bytes [ 43, 04 ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIpv4StringToAddressW + 2B 7C935A8F 101 Bytes [ 65, 14, 07, 33, C0, 39, 45, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIpv4StringToAddressW + 91 7C935AF5 29 Bytes [ 57, 6A, 47, 59, 33, C0, 8D, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIpv4StringToAddressW + B0 7C935B14 19 Bytes CALL 7C91A64B C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIpv4StringToAddressW + C5 7C935B29 3 Bytes [ 68, 96, FF ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIpv4StringToAddressW + C9 7C935B2D 15 Bytes [ 66, 8B, 86, 18, 01, 00, 00, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCompactHeap + 17 7C9361BE 100 Bytes JMP 708BECC5
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCompactHeap + 7C 7C936223 31 Bytes CALL 7C91CBC7 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCompactHeap + 9D 7C936244 11 Bytes [ 25, 00, 25, 00, 25, 00, 75, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCompactHeap + A9 7C936250 64 Bytes [ 0F, B7, 4F, E4, 0F, B6, 0C, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCompactHeap + EA 7C936291 33 Bytes [ EB, D8, 83, 7D, 1C, 01, 0F, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_wtol + 10 7C93685A 36 Bytes [ 89, 50, 38, 8A, 51, 1B, 80, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_wtol + 35 7C93687F 61 Bytes [ FF, 0F, B6, D2, 66, 8B, 14, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_wtol + 73 7C9368BD 59 Bytes [ 3A, EB, 86, 8A, 51, 1F, 80, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_wtol + AF 7C9368F9 7 Bytes [ 00, 3B, D6, 0F, 85, F0, F3 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_wtol + B7 7C936901 25 Bytes [ 00, 8D, 81, F8, 01, 00, 00, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIpv4StringToAddressExW + 2 7C936B71 8 Bytes JMP 7C91CA9C C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIpv4StringToAddressExW + B 7C936B7A 86 Bytes JMP 7C9196AB C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIpv4StringToAddressExW + 62 7C936BD1 7 Bytes [ FF, 20, 89, B5, D8, FB, FF ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIpv4StringToAddressExW + 6A 7C936BD9 92 Bytes [ 89, 85, B8, FB, FF, FF, 0F, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAddVectoredExceptionHandler + 3C 7C936C36 73 Bytes [ 00, 89, 45, D4, 6A, 03, 8B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlRemoveVectoredExceptionHandler + 1A 7C936C80 131 Bytes JMP 7C919FB0 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlRemoveVectoredExceptionHandler + 9E 7C936D04 56 Bytes JMP 7C91A039 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlRemoveVectoredExceptionHandler + D7 7C936D3D 81 Bytes JMP 7C91799D C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlRemoveVectoredExceptionHandler + 129 7C936D8F 35 Bytes [ FF, 80, 3D, C4, B0, 97, 7C, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlRemoveVectoredExceptionHandler + 14D 7C936DB3 12 Bytes [ FF, 70, 48, 8D, 45, C4, 50, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetHeapInformation + 19 7C937CCE 14 Bytes [ 8D, B0, 78, 01, 00, 00, 89, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetHeapInformation + 29 7C937CDE 20 Bytes [ 74, 32, 0F, B7, C3, 50, FF, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetHeapInformation + 3F 7C937CF4 61 Bytes [ 3B, F2, 74, 12, 8D, 42, F8, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlRandomEx + 2A 7C937D32 48 Bytes [ 8B, BB, 80, 05, 00, 00, E9, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlRandomEx + 5C 7C937D64 196 Bytes [ 80, 00, 0F, 85, 91, 93, FD, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlRandomEx + 122 7C937E2A 42 Bytes [ 83, 65, FC, 00, 8B, 75, E0, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlRandomEx + 14D 7C937E55 55 Bytes [ 85, C9, 0F, 84, 7A, 06, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlRandomEx + 185 7C937E8D 10 Bytes [ 00, 0B, C8, 0B, DA, 89, 8D, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAreAnyAccessesGranted + 1D 7C938111 9 Bytes [ B5, 74, FF, FF, FF, 8B, 85, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAreAnyAccessesGranted + 28 7C93811C 5 Bytes [ FF, 30, 56, 8B, D7 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDeleteAce + 1 7C938122 81 Bytes CALL 7C9385EF C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDeleteAce + 53 7C938174 118 Bytes [ 00, 00, 8B, 31, 8B, D7, 8B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDeleteAce + CA 7C9381EB 10 Bytes [ E6, F8, FF, 07, 00, 03, F1, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDeleteAce + D5 7C9381F6 14 Bytes [ FF, FF, 8D, 7E, 08, 0F, B7, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDeleteAce + E4 7C938205 5 Bytes [ FF, 83, D2, FF, 25 ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrAlternateResourcesEnabled + 52 7C946AB1 50 Bytes [ 65, 72, 73, 20, 41, 73, 73, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrAlternateResourcesEnabled + 85 7C946AE4 444 Bytes [ 65, 72, 2D, 3E, 45, 6E, 74, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrAlternateResourcesEnabled + 242 7C946CA1 340 Bytes [ 8B, 47, 04, 89, 41, 04, 8B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrAlternateResourcesEnabled + 397 7C946DF6 69 Bytes [ 49, 6E, 74, 65, 72, 6E, 61, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrAlternateResourcesEnabled + 3DD 7C946E3C 340 Bytes [ 69, 6E, 67, 2D, 3E, 4D, 61, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!CsrIdentifyAlertableThread + 29 7C94FDD3 5 Bytes [ 00, E8, D7, 3C, FB ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!CsrIdentifyAlertableThread + 2F 7C94FDD9 32 Bytes [ B0, 01, 8B, 7D, AC, E9, 7A, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!CsrSetPriorityClass + 14 7C94FDFA 39 Bytes [ 88, 00, 00, 00, 83, 65, D0, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!CsrSetPriorityClass + 3C 7C94FE22 56 Bytes [ 42, 50, EB, 64, F6, 41, 1C, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!CsrCaptureTimeout + 21 7C94FE5B 108 Bytes [ 32, 8B, C6, 83, E0, FD, 8B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!CsrProbeForRead + D 7C94FEC8 56 Bytes [ C2, F0, 0F, B1, 3B, 3B, C2, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!DbgUiConnectToDbg + 10 7C94FF01 14 Bytes [ 83, 42, 0C, 01, 8B, 4D, F4, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!DbgUiConnectToDbg + 1F 7C94FF10 73 Bytes JMP 7C938BE3 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!DbgUiSetThreadDebugObject + 2 7C94FF5A 46 Bytes JMP 7C92BB0B C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!DbgUiWaitStateChange + 14 7C94FF89 57 Bytes JMP 7C92587F C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!DbgUiStopDebugging + 2 7C94FFC3 14 Bytes JMP 7C92EC98 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!DbgUiStopDebugging + 11 7C94FFD2 91 Bytes CALL 7C97145F C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!DbgUiRemoteBreakin + 4B 7C95002E 4 Bytes [ 00, 00, 83, C8 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!DbgUiRemoteBreakin + 50 7C950033 118 Bytes JMP 7C925961 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!DbgUiDebugActiveProcess + 28 7C9500AA 11 Bytes [ C7, 45, 10, 08, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!DbgUiDebugActiveProcess + 34 7C9500B6 26 Bytes [ 75, 09, 3B, 45, F8, 0F, 86, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!DbgUiConvertStateChangeStructure + D 7C9500D1 76 Bytes [ 7D, 08, 83, 65, FC, 00, E9, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!DbgUiConvertStateChangeStructure + 5A 7C95011E 29 Bytes JMP 7C935D83 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!DbgUiConvertStateChangeStructure + 78 7C95013C 85 Bytes JMP 7C9261D2 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!DbgUiConvertStateChangeStructure + CF 7C950193 17 Bytes [ 66, 3B, C1, 0F, 82, B3, 5A, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!DbgUiConvertStateChangeStructure + E1 7C9501A5 4 Bytes [ 00, B9, 66, 0A ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrHotPatchRoutine + 85 7C950433 46 Bytes [ 90, 48, 65, 61, 70, 46, 72, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrHotPatchRoutine + B4 7C950462 52 Bytes [ 90, 90, 4C, 6F, 63, 61, 6C, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrHotPatchRoutine + E9 7C950497 33 Bytes [ 6F, 63, 00, 90, 90, 47, 6C, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrHotPatchRoutine + 10C 7C9504BA 312 Bytes [ 00, 00, A8, D3, 97, 7C, 08, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrHotPatchRoutine + 246 7C9505F4 46 Bytes [ FF, 1F, 00, 00, FF, 3F, 00, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGetUnloadEventTrace + B 7C9506A6 56 Bytes [ 90, 90, 46, 72, 6F, 6E, 74, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGetUnloadEventTrace + 44 7C9506DF 72 Bytes [ 90, 4C, 6F, 63, 6B, 56, 61, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGetUnloadEventTrace + 8D 7C950728 117 Bytes [ 41, 6C, 6C, 6F, 63, 61, 74, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGetUnloadEventTrace + 103 7C95079E 6 Bytes [ 00, 90, 55, 6E, 75, 73 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGetUnloadEventTrace + 10A 7C9507A5 52 Bytes [ 64, 55, 6E, 43, 6F, 6D, 6D, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrQueryProcessModuleInformation + 9 7C950C0A 125 Bytes [ 83, C4, 1C, 80, 7D, 0F, 01, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrSetAppCompatDllRedirectionCallback + 67 7C950C88 6 Bytes [ CC, CC, CC, CC, CC, CC ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIsThreadWithinLoaderCallout 7C950C91 141 Bytes [ 90, 90, 8B, FF, 55, 8B, EC, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIsThreadWithinLoaderCallout + 8E 7C950D1F 12 Bytes [ 6F, 72, 20, 25, 77, 73, 20, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIsThreadWithinLoaderCallout + 9B 7C950D2C 181 Bytes [ 6E, 20, 69, 6E, 20, 25, 77, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIsThreadWithinLoaderCallout + 152 7C950DE3 3 Bytes [ 90, 90, 90 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIsThreadWithinLoaderCallout + 156 7C950DE7 7 Bytes [ FF, 55, 8B, EC, 81, EC, C8 ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrInitShimEngineDynamic + 45 7C950ED7 88 Bytes CALL 7C965766 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrInitShimEngineDynamic + 9E 7C950F30 25 Bytes [ 05, 24, 0F, 00, 00, 50, E8, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrInitShimEngineDynamic + B9 7C950F4B 13 Bytes [ 00, 8B, 80, 24, 0F, 00, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrInitShimEngineDynamic + C7 7C950F59 42 Bytes [ FF, 55, 8B, EC, 64, A1, 18, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrInitShimEngineDynamic + F2 7C950F84 34 Bytes [ 75, 0C, 6A, 01, FF, B0, 24, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlComputePrivatizedDllName_U + 3B 7C951506 6 Bytes JMP 7C9515EB C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlComputePrivatizedDllName_U + 42 7C95150D 107 Bytes JMP 7C95143E C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlComputePrivatizedDllName_U + AE 7C951579 60 Bytes [ 01, 00, 00, 00, EB, 15, 8B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlComputePrivatizedDllName_U + EB 7C9515B6 97 Bytes [ 45, E0, 8B, 48, 28, 89, 41, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlComputePrivatizedDllName_U + 14D 7C951618 112 Bytes [ 39, 5D, D0, 75, 0D, 39, 5D, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSeekMemoryStream + 1E 7C9517FE 15 Bytes [ FF, 55, 8B, EC, 81, EC, 18, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSeekMemoryStream + 30 7C951810 169 Bytes [ 56, 89, 45, FC, 8B, 45, 0C, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCopyMemoryStreamTo + 5E 7C9518BA 18 Bytes [ 47, 1A, 33, C0, 8B, 4D, FC, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCloneMemoryStream 7C9518D0 16 Bytes [ 90, 8B, FF, 55, 8B, EC, 83, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDumpResource + 77 7C95196B 127 Bytes [ 0C, 8D, 51, 0C, 89, 16, 8B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlpNotOwnerCriticalSection + 2B 7C9519EB 252 Bytes [ CA, 56, BE, 00, 28, 00, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlQuerySecurityObject + 2E 7C951AE8 39 Bytes [ 75, 05, 8B, 75, D8, EB, 66, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlQuerySecurityObject + 56 7C951B10 6 Bytes [ 00, 00, 8B, 4D, D0, FF ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlQuerySecurityObject + 5D 7C951B17 53 Bytes [ D0, 85, C9, 75, 07, BE, 29, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlQuerySecurityObject + 93 7C951B4D 54 Bytes [ 45, E0, 85, C0, 7D, 13, 8B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlQuerySecurityObject + CA 7C951B84 130 Bytes [ 45, E0, 85, C0, 0F, 8D, 78, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlNewInstanceSecurityObject + 2F 7C951CEB 94 Bytes [ 4D, 08, 8B, 01, 6A, 00, 68, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlNewSecurityGrantedAccess + 18 7C951D4A 163 Bytes [ 00, 00, 00, 00, 4C, 44, 52, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlNewSecurityGrantedAccess + BC 7C951DEE 31 Bytes [ 00, 00, 8B, 70, 30, E8, 34, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlNewSecurityGrantedAccess + DC 7C951E0E 49 Bytes [ C7, 00, 68, B1, 97, 7C, 89, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlNewSecurityGrantedAccess + 10E 7C951E40 42 Bytes [ 45, FC, 7D, 06, 50, E8, 1E, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlNewSecurityGrantedAccess + 139 7C951E6B 14 Bytes [ 00, 68, 00, 00, 01, 00, 6A, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlConvertToAutoInheritSecurityObject 7C951E90 119 Bytes [ 90, 90, 8B, FF, 55, 8B, EC, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDefaultNpAcl + 68 7C951F08 158 Bytes [ 8D, 04, 80, 8D, 44, 47, D0, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDefaultNpAcl + 107 7C951FA7 6 Bytes [ 90, 90, 90, 90, 90, 8B ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDefaultNpAcl + 10E 7C951FAE 40 Bytes [ 55, 8B, EC, 53, 33, DB, 38, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDefaultNpAcl + 137 7C951FD7 5 Bytes [ 75, 08, FF, 75, 10 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDefaultNpAcl + 13D 7C951FDD 46 Bytes [ EF, 4F, 00, 00, F6, 46, 6B, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlConvertUiListToApiList + 50 7C9521F2 41 Bytes [ 75, 00, 74, 00, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlConvertUiListToApiList + 7A 7C95221C 23 Bytes [ 74, 00, 61, 00, 72, 00, 74, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlConvertUiListToApiList + 92 7C952234 7 Bytes [ 70, 00, 44, 00, 6C, 00, 6C ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlConvertUiListToApiList + 9A 7C95223C 7 Bytes [ 52, 00, 61, 00, 6E, 00, 67 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlConvertUiListToApiList + A2 7C952244 5 Bytes [ 65, 00, 45, 00, 6E ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCreateQueryDebugBuffer + B 7C95274B 1 Byte [ 55 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCreateQueryDebugBuffer + D 7C95274D 107 Bytes [ 03, D0, 66, 89, 51, 02, 8B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCreateQueryDebugBuffer + 7A 7C9527BA 78 Bytes [ 2E, 00, 4C, 00, 6F, 00, 63, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCreateQueryDebugBuffer + C9 7C952809 84 Bytes [ 41, 0C, EB, 06, 8B, 4D, 08, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDestroyQueryDebugBuffer + 36 7C95285E 7 Bytes [ 55, 8B, EC, 51, 8B, 45, 08 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDestroyQueryDebugBuffer + 3E 7C952866 20 Bytes [ 48, 0C, 8B, 40, 14, 56, 33, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDestroyQueryDebugBuffer + 53 7C95287B 12 Bytes [ EB, 03, 8B, 55, 10, 3B, C2, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDestroyQueryDebugBuffer + 60 7C952888 131 Bytes [ 0C, 53, 57, 8B, 38, 8D, 5D, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlQueryProcessBackTraceInformation + 3 7C95290C 2 Bytes [ 48, 19 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlQueryProcessBackTraceInformation + 8 7C952911 3 Bytes [ 2A, E2, FD ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlQueryProcessBackTraceInformation + C 7C952915 176 Bytes [ FF, 76, 24, 68, 68, 19, 95, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlQueryProcessBackTraceInformation + BD 7C9529C6 96 Bytes [ 4D, 08, 81, F9, 78, B1, 97, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlQueryProcessBackTraceInformation + 11E 7C952A27 122 Bytes [ 5D, C2, 04, 00, 90, 4E, 54, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlQueryProcessHeapInformation + 8A 7C952B3B 159 Bytes [ 89, 45, 08, 74, 0C, 0F, B7, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlQueryProcessHeapInformation + 12B 7C952BDC 62 Bytes [ 00, 8B, 75, 10, 6A, 01, 56, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlQueryProcessHeapInformation + 16A 7C952C1B 40 Bytes [ 30, 66, 09, 46, 02, 83, 7D, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlQueryProcessHeapInformation + 193 7C952C44 44 Bytes [ 10, 33, C0, 8A, 43, 02, 83, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlQueryProcessHeapInformation + 1C0 7C952C71 18 Bytes [ 7D, F0, 89, 46, 04, 33, C0, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlQueryProcessLockInformation + 1D 7C952FFA 102 Bytes [ 6A, 02, 8D, 45, E4, 50, 8D, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlQueryProcessLockInformation + 84 7C953061 84 Bytes [ 18, 8D, 45, EC, 50, BF, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlQueryProcessLockInformation + D9 7C9530B6 162 Bytes [ 40, 30, 53, FF, 70, 18, E8, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlQueryProcessDebugInformation + 6 7C953159 111 Bytes [ FA, 09, 74, 30, 66, 83, FA, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlQueryProcessDebugInformation + 76 7C9531C9 5 Bytes [ B4, C6, 45, C3, 01 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlQueryProcessDebugInformation + 7C 7C9531CF 35 Bytes [ 45, FC, 3B, F8, 74, 21, 0F, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlQueryProcessDebugInformation + A0 7C9531F3 40 Bytes [ C0, EB, 03, 8B, 5D, B8, 50, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlQueryProcessDebugInformation + CA 7C95321D 62 Bytes [ C0, 83, 4D, FC, FF, 8B, 5D, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlApplicationVerifierStop 7C9548B5 9 Bytes [ 90, 8B, FF, 55, 8B, EC, 6A, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlApplicationVerifierStop + A 7C9548BF 10 Bytes [ 10, FF, 75, 0C, FF, 75, 08, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlApplicationVerifierStop + 15 7C9548CA 11 Bytes [ FF, 5D, C2, 0C, 00, 90, 90, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlApplicationVerifierStop + 21 7C9548D6 16 Bytes [ 55, 8B, EC, 6A, 2D, FF, 75, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlApplicationVerifierStop + 33 7C9548E8 64 Bytes [ FF, 5D, C2, 0C, 00, 90, 90, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlZombifyActivationContext + 10 7C956285 12 Bytes CALL 7C91D02F C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlZombifyActivationContext + 1D 7C956292 3 Bytes [ 17, FF, 76 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlZombifyActivationContext + 21 7C956296 48 Bytes [ 68, 5C, 54, 95, 7C, E8, 9F, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIsActivationContextActive + 1 7C9562C7 37 Bytes [ 7D, E0, 85, FF, 74, 67, 89, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIsActivationContextActive + 27 7C9562ED 42 Bytes [ 00, F6, 05, B8, E6, 97, 7C, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIsActivationContextActive + 52 7C956318 120 Bytes CALL 7C9557A9 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIsActivationContextActive + CB 7C956391 65 Bytes [ 38, 45, E7, 0F, 94, C0, E8, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIsActivationContextActive + 10D 7C9563D3 21 Bytes [ 00, 5C, 00, 53, 00, 79, 00, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlComputeImportTableHash + 31 7C9578D0 362 Bytes [ 20, 73, 74, 72, 75, 63, 74, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlComputeImportTableHash + 19D 7C957A3C 16 Bytes [ 00, 00, 00, 00, 53, 58, 53, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlComputeImportTableHash + 1AE 7C957A4D 225 Bytes [ 6E, 64, 20, 61, 73, 73, 65, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlComputeImportTableHash + 290 7C957B2F 124 Bytes [ 65, 6E, 64, 69, 6E, 67, 20, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlComputeImportTableHash + 30E 7C957BAD 23 Bytes [ 8B, FF, 55, 8B, EC, 83, EC, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlConvertPropertyToVariant + 2C 7C957E8F 13 Bytes [ 55, 8B, EC, 83, EC, 10, 8B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlConvertPropertyToVariant + 3A 7C957E9D 113 Bytes [ 3B, C7, C7, 45, F4, E5, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!PropertyLengthAsVariant + 14 7C957F0F 119 Bytes [ 00, 8B, 45, FC, 8B, 53, 04, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!PropertyLengthAsVariant + 8C 7C957F87 197 Bytes [ 8D, 04, 40, 8D, 14, C2, 8B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetUnicodeCallouts + BC 7C95804D 373 Bytes [ 4D, 14, 8B, 09, 03, F2, 8B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!DbgSetDebugFilterState + 5 7C9581CC 128 Bytes [ 81, EC, 40, 02, 00, 00, A1, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrFindEntryForAddress + 2 7C95824D 278 Bytes [ FF, 89, BD, D4, FD, FF, FF, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrEnumResources + 84 7C958364 154 Bytes [ 39, BD, E0, FD, FF, FF, 74, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrEnumResources + 11F 7C9583FF 251 Bytes [ 20, 73, 75, 62, 6B, 65, 79, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrEnumResources + 21B 7C9584FB 91 Bytes [ 55, 8B, EC, 53, 56, 8B, 75, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrEnumResources + 277 7C958557 110 Bytes [ 00, 56, 00, 41, 00, 50, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrEnumResources + 2E6 7C9585C6 84 Bytes [ FF, 55, 8B, EC, 83, EC, 14, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrFindResourceEx_U + 2 7C959010 12 Bytes [ FF, 8D, 45, 04, 8B, 40, FC, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrFindResourceEx_U + F 7C95901D 9 Bytes [ 6A, 14, 59, 33, C0, 8D, BD, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrFindResourceEx_U + 19 7C959027 20 Bytes [ FF, F3, AB, C7, 85, D0, FC, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrFindResourceEx_U + 2E 7C95903C 8 Bytes [ FF, 8D, 85, D0, FC, FF, FF, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!LdrFindResourceEx_U + 37 7C959045 30 Bytes [ F8, 8D, 85, 28, FD, FF, FF, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCustomCPToUnicodeN + 22 7C959740 18 Bytes [ 00, 00, 68, C8, 8A, 95, 7C, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCustomCPToUnicodeN + 35 7C959753 1 Byte [ E4 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCustomCPToUnicodeN + 37 7C959755 7 Bytes [ 75, 08, 89, B5, 20, FD, FF ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCustomCPToUnicodeN + 3F 7C95975D 34 Bytes [ 8B, 45, 0C, 89, 85, 54, FD, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCustomCPToUnicodeN + 62 7C959780 35 Bytes [ A1, CE, B0, 97, 7C, 66, 3D, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUnicodeToCustomCPN + 2 7C959904 1 Byte [ FF ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUnicodeToCustomCPN + 4 7C959906 19 Bytes [ BD, 38, FD, FF, FF, EB, 20, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUnicodeToCustomCPN + 18 7C95991A 232 Bytes CALL 7C9131DE C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUnicodeToCustomCPN + 102 7C959A04 65 Bytes CALL 7C913421 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUnicodeToCustomCPN + 144 7C959A46 7 Bytes [ 83, 85, 64, FD, FF, FF, 08 ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUpcaseUnicodeToCustomCPN + 29 7C959ADA 16 Bytes [ FF, 55, 8B, EC, 81, EC, 20, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUpcaseUnicodeToCustomCPN + 3A 7C959AEB 113 Bytes [ 5D, 1C, 56, 8B, 75, 08, 57, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUpcaseUnicodeToCustomCPN + AC 7C959B5D 41 Bytes [ E1, 03, 85, DB, F3, A4, 74, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUpcaseUnicodeToCustomCPN + D6 7C959B87 153 Bytes [ EC, 18, 8B, 45, 0C, 8B, 4D, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUpcaseUnicodeToCustomCPN + 170 7C959C21 102 Bytes [ 45, FC, 8B, 45, 0C, 53, 56, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!PfxInitialize + 11 7C95A332 64 Bytes [ 8D, 85, 8C, FE, FF, FF, 50, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!PfxRemovePrefix + 34 7C95A373 179 Bytes CALL 7C902293 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!PfxRemovePrefix + E8 7C95A427 18 Bytes [ DE, 8D, 85, A0, FE, FF, FF, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!PfxRemovePrefix + FB 7C95A43A 75 Bytes [ BD, 8C, FE, FF, FF, 8B, B5, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!PfxRemovePrefix + 147 7C95A486 12 Bytes [ FF, 74, 41, 8D, 45, C8, 50, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!PfxRemovePrefix + 154 7C95A493 47 Bytes CALL 7C902294 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!PfxInsertPrefix + 52 7C95A5D8 1 Byte [ 72 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!PfxInsertPrefix + 54 7C95A5DA 84 Bytes [ 6F, 00, 6C, 00, 5C, 00, 4E, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!PfxInsertPrefix + A9 7C95A62F 15 Bytes [ A1, CC, B0, 97, 7C, 66, 85, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!PfxInsertPrefix + B9 7C95A63F 83 Bytes [ 00, 8D, 4D, F0, 51, 50, FF, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!PfxFindPrefix + 2A 7C95A693 66 Bytes [ 4D, F8, 51, 50, 56, E8, C3, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!PfxFindPrefix + 6D 7C95A6D6 23 Bytes [ 04, B0, 01, EB, 17, FF, 75, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!PfxFindPrefix + 85 7C95A6EE 17 Bytes [ 9F, FB, FF, FF, 5E, C9, C2, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!PfxFindPrefix + 97 7C95A700 73 Bytes [ EC, 8B, 45, 14, 99, 52, 50, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSelfRelativeToAbsoluteSD2 + 42 7C95A74A 8 Bytes [ 0C, 36, 89, 08, 8B, 53, 1C, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSelfRelativeToAbsoluteSD2 + 4B 7C95A753 25 Bytes [ 18, 8B, 4D, 0C, 83, FE, 0F, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSelfRelativeToAbsoluteSD2 + 65 7C95A76D 11 Bytes [ 59, 1E, 0F, B6, 58, 0E, 66, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSelfRelativeToAbsoluteSD2 + 71 7C95A779 19 Bytes [ 59, 1C, 0F, B6, 58, 0D, 66, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetInformationAcl + 6 7C95A78D 45 Bytes [ 1C, 5A, 66, 89, 59, 18, 0F, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetInformationAcl + 34 7C95A7BB 49 Bytes [ 66, 8B, 1C, 5A, 66, 89, 59, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAddCompoundAce + 1A 7C95A7ED 385 Bytes [ 1C, 5A, 66, 89, 59, 08, 0F, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAddCompoundAce + 19C 7C95A96F 180 Bytes [ B7, 58, 02, 8A, 1C, 33, 88, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAddAccessDeniedAceEx + D 7C95AA24 58 Bytes [ 46, 83, 45, 18, 02, 66, 8B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAddAuditAccessAceEx + 24 7C95AA5F 111 Bytes [ 5F, 1B, C0, 25, 05, 00, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAddAccessDeniedObjectAce + F 7C95AACF 121 Bytes [ 07, 00, 00, 8B, 55, 10, 3B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAddAuditAccessObjectAce + 3B 7C95AB49 65 Bytes [ 5A, 89, 7D, 18, C1, EF, 04, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAddAuditAccessObjectAce + 7D 7C95AB8B 37 Bytes [ 1C, 73, 05, 89, 55, 1C, EB, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDestroyAtomTable + F 7C95ABB1 270 Bytes [ 0F, B7, 1C, 5A, 89, 7D, 18, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlEmptyAtomTable + 47 7C95ACC0 246 Bytes [ 7E, 1C, 0F, B7, 14, 57, 66, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlPinAtomInAtomTable + 76 7C95ADB7 12 Bytes [ EB, EC, 0F, B7, 7D, 1C, 8B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlPinAtomInAtomTable + 83 7C95ADC4 71 Bytes [ DF, C1, EB, 08, 0F, B7, 1C, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInitializeRangeList + 13 7C95AE0C 54 Bytes [ 55, 1C, 73, 05, 89, 55, 1C, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInitializeRangeList + 4A 7C95AE43 66 Bytes [ B7, 1C, 5A, 8B, 7D, 18, 83, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInitializeRangeList + 8D 7C95AE86 61 Bytes [ 08, 81, C2, E0, FF, 00, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInitializeRangeList + CB 7C95AEC4 4 Bytes [ 1C, 8A, 14, 02 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInitializeRangeList + D0 7C95AEC9 46 Bytes [ 7D, 0C, 88, 57, F8, 0F, B7, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFreeRangeList + 4 7C95B018 45 Bytes [ 7E, 1C, 0F, B7, 14, 57, 66, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFreeRangeList + 32 7C95B046 213 Bytes [ DF, C1, EB, 08, 0F, B7, 1C, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGetNextRange + B 7C95B11C 109 Bytes [ DF, C1, EB, 08, 0F, B7, 1C, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGetNextRange + 79 7C95B18A 26 Bytes [ 08, 0F, B7, 1C, 5A, 89, 7D, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGetNextRange + 94 7C95B1A5 68 Bytes [ DF, 66, 8B, 14, 5A, 66, 01, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGetNextRange + D9 7C95B1EA 1 Byte [ CA ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGetNextRange + DC 7C95B1ED 29 Bytes [ 00, 83, 7D, 10, 00, 0F, 84, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCopyRangeList + 3C 7C95B2B9 12 Bytes [ 4D, 14, 85, C9, 74, 08, 8B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCopyRangeList + 49 7C95B2C6 202 Bytes [ 01, 8B, 45, FC, 39, 45, 10, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCopyRangeList + 114 7C95B391 233 Bytes [ 27, 8B, 4E, 04, 83, C0, F8, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFindRange + AB 7C95B47B 102 Bytes [ 3B, DA, 89, 5D, 08, 72, 03, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFindRange + 112 7C95B4E2 45 Bytes [ 75, F8, 0F, B6, 34, 31, 8B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFindRange + 140 7C95B510 30 Bytes [ 5C, 75, 3A, 83, 65, 08, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFindRange + 15F 7C95B52F 2 Bytes [ 55, F8 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFindRange + 162 7C95B532 82 Bytes [ D2, 66, 39, 14, 4E, 0F, 95, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIsRangeAvailable + E 7C95B761 71 Bytes [ 08, 80, 66, 03, 7F, 89, 46, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIsRangeAvailable + 56 7C95B7A9 84 Bytes [ 04, 73, 07, B8, 23, 00, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIsRangeAvailable + AB 7C95B7FE 38 Bytes [ 7D, 08, 8A, 07, 3C, 04, 0F, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIsRangeAvailable + D2 7C95B825 150 Bytes [ 03, 88, 4D, 1B, 57, E8, 7E, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIsRangeAvailable + 169 7C95B8BC 152 Bytes CALL 7C914149 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlMergeRangeLists + A2 7C95BA28 35 Bytes [ 75, 0C, FF, 75, 08, E8, C3, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlMergeRangeLists + C6 7C95BA4C 26 Bytes [ 20, 00, 74, 04, 80, 4D, 10, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAddRange + 1 7C95BA67 30 Bytes [ DC, FB, FF, 5D, C2, 1C, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAddRange + 21 7C95BA87 1 Byte [ 20 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAddRange + 24 7C95BA8A 1 Byte [ 14 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAddRange + 27 7C95BA8D 348 Bytes [ 10, FF, 75, 0C, FF, 75, 08, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDeleteRange + F9 7C95BBEA 155 Bytes [ 7D, E0, 8B, C6, 89, 45, D0, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDeleteOwnersRanges + 58 7C95BC86 5 Bytes [ 5D, 08, 33, F6, 89 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDeleteOwnersRanges + 5E 7C95BC8C 14 Bytes CALL 7C92934A C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDeleteOwnersRanges + 6D 7C95BC9B 198 Bytes JMP 7C95BD25 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInvertRangeList + 83 7C95BD62 97 Bytes [ 89, 7D, FC, C7, 45, E4, 08, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInvertRangeList + E5 7C95BDC4 58 Bytes CALL 06760354
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCopySidAndAttributesArray + 2E 7C95BDFF 63 Bytes [ 45, 08, 33, C9, 89, 40, 04, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCopySidAndAttributesArray + 6E 7C95BE3F 46 Bytes [ F3, 88, 55, 0F, 89, 5D, 08, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlEqualLuid + 9 7C95BE6E 1 Byte [ 51 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlEqualLuid + B 7C95BE70 44 Bytes [ 3B, 50, 04, 77, 19, 72, 06, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCopyLuidAndAttributesArray + F 7C95BE9D 102 Bytes [ 01, 74, 54, 80, 48, 19, 02, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGetSaclSecurityDescriptor + 47 7C95BF04 30 Bytes [ 30, 89, 46, 04, 89, 02, 8A, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGetSaclSecurityDescriptor + 66 7C95BF23 310 Bytes [ 41, 08, 8B, 49, 0C, 3B, 4F, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGetSaclSecurityDescriptor + 19D 7C95C05A 97 Bytes [ FF, 55, 8B, EC, 8B, 55, 08, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGetSaclSecurityDescriptor + 201 7C95C0BE 63 Bytes [ 0C, 89, 11, 56, 8B, 72, 10, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGetSaclSecurityDescriptor + 241 7C95C0FE 29 Bytes [ 4D, 10, 89, 01, B8, 1A, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGetSecurityDescriptorRMControl + 4 7C95C11C 14 Bytes [ 40, 10, 3B, 41, 0C, 74, 0A, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGetSecurityDescriptorRMControl + 14 7C95C12C 121 Bytes [ 00, 8B, 41, 08, 53, 33, DB, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlMapSecurityErrorToNtStatus + 1 7C95C1A6 41 Bytes CALL 84D74AC7
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlMapSecurityErrorToNtStatus + 2B 7C95C1D0 27 Bytes [ 8B, 40, 30, 6A, 28, 68, 52, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlMapSecurityErrorToNtStatus + 48 7C95C1ED 198 Bytes [ 8B, 55, 08, 6A, 0A, 59, 8B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetAttributesSecurityDescriptor + 24 7C95C2B4 20 Bytes [ 85, C0, 74, 25, 8B, 4E, 04, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetAttributesSecurityDescriptor + 39 7C95C2C9 54 Bytes CALL 990E4FEA
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetAttributesSecurityDescriptor + 70 7C95C300 9 Bytes [ 08, 74, 20, 8B, 7D, 10, 80, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetAttributesSecurityDescriptor + 7A 7C95C30A 95 Bytes [ 74, 1F, 83, 7E, 04, 00, 75, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetAttributesSecurityDescriptor + DA 7C95C36A 17 Bytes [ 3B, CF, 72, 39, 77, 08, 8B, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlZeroHeap + 7 7C95D266 17 Bytes [ 00, 01, 02, 03, 04, 05, 06, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlZeroHeap + 19 7C95D278 74 Bytes [ 0E, 0E, 0E, 0E, 05, 0E, 0E, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlZeroHeap + 64 7C95D2C3 28 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlZeroHeap + 81 7C95D2E0 93 Bytes [ 2C, 89, 5D, F4, 89, 5D, F0, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlZeroHeap + DF 7C95D33E 32 Bytes [ 18, 6A, 01, 6A, 10, 57, FF, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDowncaseUnicodeChar + B 7C95D519 144 Bytes [ 7D, FC, 02, 73, 1B, EB, A3, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAnsiStringToUnicodeSize + 1A 7C95D5AA 328 Bytes [ E4, 23, CF, 83, 65, E4, 02, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUnicodeStringToCountedOemString + 8D 7C95D6F3 40 Bytes CALL 7C933F60 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUnicodeStringToCountedOemString + B6 7C95D71C 31 Bytes [ FF, FF, 75, EC, EB, 0C, 39, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUpcaseUnicodeStringToCountedOemString + 2 7C95D73C 12 Bytes JMP 7C95D604 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUpcaseUnicodeStringToCountedOemString + F 7C95D749 30 Bytes [ FF, 55, 8B, EC, 81, EC, C8, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUpcaseUnicodeStringToCountedOemString + 2E 7C95D768 5 Bytes [ 45, 9C, 8B, 45, 1C ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUpcaseUnicodeStringToCountedOemString + 34 7C95D76E 29 Bytes [ 45, A4, 8B, 45, 20, 53, 89, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUpcaseUnicodeStringToCountedOemString + 52 7C95D78C 79 Bytes [ A8, 89, 55, B4, 89, 45, C0, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlEqualComputerName + 2 7C95D810 80 Bytes [ 01, 00, 00, 00, 74, 0C, FF, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCompareString + 43 7C95D861 6 Bytes [ 51, 8D, 8D, 38, FF, FF ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCompareString + 4A 7C95D868 116 Bytes [ 51, 8D, 8D, 68, FF, FF, FF, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUpperString + 2C 7C95D8DD 140 Bytes [ 83, C6, 04, 8A, 03, 3C, 08, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAppendStringToString + 15 7C95D96A 44 Bytes [ 74, 08, 89, 56, 04, 89, 56, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAppendStringToString + 42 7C95D997 53 Bytes [ 65, A0, 00, 66, 83, 79, 04, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFindSetBits + 24 7C95D9CD 45 Bytes [ 56, FC, 0B, 56, 04, 0B, 16, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFindSetBits + 53 7C95D9FC 161 Bytes [ 8B, 45, EC, 8A, 18, 80, FB, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFindSetBits + F5 7C95DA9E 96 Bytes [ 98, EB, 05, 33, DB, 89, 55, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFindSetBits + 156 7C95DAFF 136 Bytes [ 45, DC, 0F, B7, 40, 02, 01, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFindSetBits + 1DF 7C95DB88 46 Bytes [ 0F, 8C, 3E, FE, FF, FF, 8D, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFindClearRuns + 16 7C95DC70 10 Bytes JMP 08916777
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFindClearRuns + 21 7C95DC7B 14 Bytes [ CA, 83, E1, 03, F3, A4, 80, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFindClearRuns + 30 7C95DC8A 58 Bytes [ F3, 03, D9, 8B, 4D, B4, 8B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFindClearRuns + 6B 7C95DCC5 81 Bytes [ BC, 50, 89, 7D, BC, E8, 0E, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFindClearRuns + BD 7C95DD17 87 Bytes JMP 3E676824
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlNumberOfSetBits + 4 7C95DF2C 83 Bytes [ 47, 0C, 79, 0A, 85, C0, 75, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAreBitsClear + 1 7C95DF80 28 Bytes [ 7D, 08, 25, 10, 20, 00, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAreBitsClear + 1E 7C95DF9D 27 Bytes [ 4E, 10, 89, 45, 0C, 81, 65, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAreBitsClear + 3A 7C95DFB9 197 Bytes [ 0D, 83, E0, 04, 0D, 00, 14, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFindNextForwardRunClear + 7D 7C95E07F 138 Bytes CALL 8923DCEE
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFindLastBackwardRunClear + E 7C95E10A 173 Bytes [ 4D, F4, 66, 81, C9, 00, 80, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFindLastBackwardRunClear + BC 7C95E1B8 47 Bytes JMP 708E6CBF
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFindMostSignificantBit + 1C 7C95E1E8 70 Bytes [ 75, F8, 6A, 00, FF, 75, E0, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFindMostSignificantBit + 63 7C95E22F 89 Bytes [ 5D, C2, 04, 00, 90, 48, 65, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFindLeastSignificantBit + 12 7C95E289 9 Bytes CALL 7C96F157 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFindLeastSignificantBit + 1D 7C95E294 180 Bytes [ 00, 33, F6, 89, 75, D4, 89, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFindSetBitsAndClear + 29 7C95E349 19 Bytes [ EB, 93, FF, 45, DC, E9, 67, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAssert2 + A 7C95E35D 130 Bytes [ 8B, 00, 89, 45, CC, 33, C0, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAssert2 + 8D 7C95E3E0 52 Bytes [ 55, 8B, EC, 53, 56, 8B, 75, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAssert2 + C2 7C95E415 10 Bytes [ F8, 08, 89, 45, 08, 74, 3C, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAssert2 + CE 7C95E421 105 Bytes [ 00, 8B, 40, 30, 8B, 40, 0C, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAssert2 + 138 7C95E48B 15 Bytes [ 64, 69, 66, 69, 65, 64, 20, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAssert + 17 7C95E578 57 Bytes [ 70, 04, 8D, 45, 08, 50, E8, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlAssert + 51 7C95E5B2 43 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDebugPrintTimes + 1A 7C95E5DE 70 Bytes [ 00, 76, 07, B8, F0, 00, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDebugPrintTimes + 61 7C95E625 47 Bytes [ 45, 0C, 50, 0F, B7, 06, 50, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDebugPrintTimes + 91 7C95E655 77 Bytes [ 88, 1C, 01, 33, C0, 5E, 5F, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDeleteTimerQueueEx + 2A 7C95E6A3 194 Bytes [ 3D, FF, FF, 00, 00, 76, 07, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDeleteTimerQueueEx + ED 7C95E766 21 Bytes [ 66, 89, 18, 66, 89, 58, 02, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDeleteTimerQueueEx + 103 7C95E77C 112 Bytes [ 76, 07, B8, F0, 00, 00, C0, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCancelTimer + 44 7C95E7ED 7 Bytes [ 74, 0D, FF, 76, 04, FF, 15 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlWalkFrameChain + 3 7C95E7F5 6 Bytes [ 04, 91, 7C, 83, 66, 04 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlWalkFrameChain + A 7C95E7FC 55 Bytes [ 8B, C3, EB, 02, 33, C0, 5E, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlWalkFrameChain + 42 7C95E834 15 Bytes [ 79, 04, 0F, B7, 09, 3B, C1, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlWalkFrameChain + 52 7C95E844 35 Bytes [ C1, 80, 7D, 10, 00, 8D, 1C, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlWalkFrameChain + 77 7C95E869 116 Bytes [ 75, 08, 88, 45, 10, E8, 2F, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCaptureStackContext + 7C 7C95E9E5 24 Bytes [ 00, 8B, 45, 10, 8B, 75, 0C, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCaptureStackContext + 95 7C95E9FE 1 Byte [ 09 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCaptureStackContext + 98 7C95EA01 33 Bytes [ 10, 8B, 5D, E4, 8B, 4D, E0, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCaptureStackContext + BA 7C95EA23 28 Bytes [ 03, 83, FE, 02, 73, 05, 89, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCaptureStackContext + D7 7C95EA40 98 Bytes [ 4D, F8, 33, C0, 21, 45, 10, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCaptureStackBackTrace + 3A 7C95EAA3 67 Bytes [ 00, 00, 8B, 45, EC, 0F, BE, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCaptureStackBackTrace + 7E 7C95EAE7 181 Bytes [ 3B, F8, C6, 45, 0F, 00, 88, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlLargeIntegerToChar + 31 7C95EB9D 16 Bytes [ 65, F4, 00, 8D, 4E, F9, C1, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlLargeIntegerToChar + 42 7C95EBAE 9 Bytes [ 89, 4D, DC, 8D, 04, C5, F8, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlLargeIntegerToChar + 4C 7C95EBB8 12 Bytes [ 8B, 4D, F4, 3B, 4D, DC, 72, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlLargeIntegerToChar + 59 7C95EBC5 95 Bytes [ 33, DB, 8A, 5D, 0F, F7, D1, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlLargeIntegerToChar + BB 7C95EC27 1 Byte [ 8A ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCreateRegistryKey + 66 7C95F01E 1 Byte [ 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCreateRegistryKey + 68 7C95F020 21 Bytes [ 8B, 43, 04, 49, C1, E9, 05, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCreateRegistryKey + 7E 7C95F036 3 Bytes [ 3B, D6, 57 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlQueryTimeZoneInformation + 1 7C95F03A 22 Bytes [ F9, 74, 32, 8B, C1, 83, E0, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlQueryTimeZoneInformation + 18 7C95F051 8 Bytes [ 75, 1C, 2B, 4D, 0C, 83, C1, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlQueryTimeZoneInformation + 21 7C95F05A 67 Bytes [ F9, 83, C2, 04, EB, 0B, 83, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlQueryTimeZoneInformation + 65 7C95F09E 88 Bytes [ 4D, 08, 8B, 0C, 8D, C0, F5, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlQueryTimeZoneInformation + BE 7C95F0F7 87 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetTimeZoneInformation + 2E 7C95F18F 230 Bytes JMP 20EF8304
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetTimeZoneInformation + 116 7C95F277 3 Bytes [ 8B, FF, 55 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlProtectHeap + 1 7C95F27B 29 Bytes [ EC, 8B, 45, 08, 33, D2, 8B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlProtectHeap + 1F 7C95F299 48 Bytes [ C8, 74, 12, 81, E1, FF, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlProtectHeap + 50 7C95F2CA 76 Bytes [ 33, C9, 0B, CE, 8B, F2, 74, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlProtectHeap + 9D 7C95F317 33 Bytes [ 5D, C2, 08, 00, 90, 90, 90, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlProtectHeap + BF 7C95F339 125 Bytes [ 74, 0C, FF, 75, 0C, 56, FF, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetUserFlagsHeap + 43 7C95F420 11 Bytes CALL 7C90EE5C C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetUserFlagsHeap + 4F 7C95F42C 4 Bytes [ FF, FF, 68, 01 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetUserFlagsHeap + 54 7C95F431 173 Bytes CALL 7C90EE4C C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetUserFlagsHeap + 102 7C95F4DF 130 Bytes [ 61, 6B, 20, 72, 65, 70, 65, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlQueryTagHeap + 35 7C95F562 22 Bytes [ FF, 55, 8B, EC, 6A, 00, FF, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlQueryTagHeap + 4C 7C95F579 51 Bytes [ 5D, C2, 10, 00, 90, 90, 90, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlQueryTagHeap + 80 7C95F5AD 34 Bytes [ 40, 30, 56, 6A, 00, FF, 70, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlQueryTagHeap + A3 7C95F5D0 167 Bytes CALL 7C928FD8 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlQueryTagHeap + 14B 7C95F678 2 Bytes [ 90, 8B ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlExtendHeap + 31 7C95F6C2 15 Bytes [ F0, 09, 03, 64, A1, 18, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlExtendHeap + 41 7C95F6D2 137 Bytes [ 45, 0C, 83, F8, FF, 75, 16, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlExtendHeap + CB 7C95F75C 4 Bytes [ 00, 83, 7D, 08 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlExtendHeap + D0 7C95F761 18 Bytes [ 74, 10, FF, 75, 08, E8, E1, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlExtendHeap + E3 7C95F774 59 Bytes [ C6, 5E, 5B, 5F, C9, C2, 08, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGetProcessHeaps + 8 7C95F8A1 3 Bytes [ 41, 00, FB ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGetProcessHeaps + C 7C95F8A5 80 Bytes [ C2, 0C, 00, FF, FF, FF, FF, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGetProcessHeaps + 5D 7C95F8F6 2 Bytes [ D0, 3B ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGetProcessHeaps + 60 7C95F8F9 47 Bytes [ E0, 73, 4B, 8B, 3B, 89, 7D, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGetProcessHeaps + 90 7C95F929 22 Bytes [ 45, 08, 8B, 4D, E4, 89, 34, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlEnumProcessHeaps + 3D 7C95F98E 28 Bytes [ 00, 89, 7B, 08, 89, 45, F0, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlEnumProcessHeaps + 5A 7C95F9AB 77 Bytes [ 94, 47, 00, 00, 84, C0, 75, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlWalkHeap + 20 7C95F9F9 25 Bytes [ 45, F0, 03, C3, EB, 0A, 8B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlWalkHeap + 3A 7C95FA13 28 Bytes [ 01, 00, 76, 32, 3B, 7D, F8, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlWalkHeap + 57 7C95FA30 114 Bytes [ 45, F4, 89, 70, FC, 89, 38, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlWalkHeap + CA 7C95FAA3 27 Bytes CALL 7C95F7EE C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlWalkHeap + E6 7C95FABF 25 Bytes [ 8B, 45, 10, 74, 08, 83, 08, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlQueryHeapInformation + 2 7C960265 24 Bytes CALL 7C90DFCE C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlQueryHeapInformation + 1B 7C96027E 54 Bytes [ EC, 83, EC, 2C, 53, 8B, 5D, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlQueryHeapInformation + 52 7C9602B5 176 Bytes [ 66, 81, 7D, E4, 00, 10, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlValidateHeap + 96 7C960366 3 Bytes [ B2, F3, 95 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlValidateHeap + 9A 7C96036A 17 Bytes CALL 7C930B3F C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlValidateHeap + AC 7C96037C 9 Bytes [ 41, 50, 5B, 25, 77, 5A, 5D, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlValidateHeap + B6 7C960386 35 Bytes [ 56, 69, 72, 74, 75, 61, 6C, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlValidateHeap + DA 7C9603AA 100 Bytes [ 5B, 25, 77, 5A, 5D, 3A, 20, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlValidateProcessHeaps + B 7C9604FE 18 Bytes [ 74, 0E, 8B, 45, DC, FF, B0, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlValidateProcessHeaps + 1E 7C960511 103 Bytes [ FF, FF, FF, 00, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlValidateProcessHeaps + 86 7C960579 7 Bytes [ 75, 10, 50, 56, E8, 19, EE ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlValidateProcessHeaps + 8E 7C960581 43 Bytes JMP 7C96063F C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUsageHeap + D 7C9605AD 65 Bytes [ 4E, 3C, 3B, CB, 74, 37, 0F, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUsageHeap + 4F 7C9605EF 29 Bytes [ 66, 85, C1, 74, 4F, 33, C1, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUsageHeap + 6D 7C96060D 39 Bytes [ 04, 40, 8D, 04, 86, 89, 45, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUsageHeap + 95 7C960635 70 Bytes [ 18, 89, 58, 04, 89, 58, 08, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUsageHeap + DC 7C96067C 3 Bytes [ 00, 00, 00 ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGetCompressionWorkSpaceSize + 4F 7C960B48 45 Bytes [ 02, 0F, 85, F2, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCompressBuffer + 11 7C960B76 61 Bytes [ 00, F6, 47, 05, 10, 74, B2, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCompressBuffer + 50 7C960BB5 47 Bytes JMP 7C960B32 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDecompressBuffer + 4 7C960BE5 46 Bytes [ 48, 20, F6, 41, 05, 01, 74, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDecompressBuffer + 33 7C960C14 63 Bytes [ F5, 85, C0, 75, 09, C7, 45, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDecompressFragment + 7 7C960C54 5 Bytes [ 0F, 85, 78, 01, 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDecompressFragment + D 7C960C5A 58 Bytes [ F6, 47, 05, 01, 0F, 84, E5, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDecompressFragment + 48 7C960C95 19 Bytes [ EB, 24, 80, 7F, 07, FF, 75, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDecompressFragment + 5C 7C960CA9 2 Bytes [ B0, 97 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDecompressFragment + 5F 7C960CAC 67 Bytes [ 33, C3, 0F, B7, 40, 10, EB, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlComputeCrc32 + 37 7C960DE0 123 Bytes [ 90, 8B, FF, 55, 8B, EC, 83, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlComputeCrc32 + B3 7C960E5C 675 Bytes [ FF, 85, C0, 7D, 07, 33, C0, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlComputeCrc32 + 357 7C961100 220 Bytes [ 74, 02, 33, C0, 8B, BB, 74, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlComputeCrc32 + 434 7C9611DD 23 Bytes [ 45, 08, 50, 6A, 00, 8D, 45, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCreateBootStatusDataFile + 10 7C9611F5 4 Bytes [ 3B, 8B, 4D, 08 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCreateBootStatusDataFile + 15 7C9611FA 191 Bytes [ 4E, 08, 85, C9, 8B, 45, FC, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCreateBootStatusDataFile + D5 7C9612BA 33 Bytes [ C3, 90, 90, 90, 90, 90, 68, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCreateBootStatusDataFile + F7 7C9612DC 127 Bytes [ 8B, 7D, 08, 8B, DF, 89, 5D, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCreateBootStatusDataFile + 177 7C96135C 41 Bytes [ EB, DF, 46, EB, D1, C6, 45, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetCurrentEnvironment 7C9613BD 38 Bytes [ 90, 8B, 45, EC, 8B, 00, 8B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetCurrentEnvironment + 27 7C9613E4 95 Bytes [ 45, C8, 89, 01, 64, A1, 18, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetCurrentEnvironment + 87 7C961444 31 Bytes [ 50, 8D, 45, DC, 50, 8D, 45, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetCurrentEnvironment + A7 7C961464 27 Bytes [ D4, 66, 89, 50, 04, 8B, 45, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSetCurrentEnvironment + C3 7C961480 2 Bytes [ 62, E4 ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlExitUserThread + 25 7C9614C0 76 Bytes [ BE, 03, 96, 7C, D1, 03, 96, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFreeUserThreadStack + 48 7C96150D 2 Bytes [ 56, C6 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFreeUserThreadStack + 4B 7C961510 3 Bytes [ FF, 01, 89 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFreeUserThreadStack + 4F 7C961514 110 Bytes CALL 7C960898 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFreeUserThreadStack + BF 7C961584 61 Bytes [ 8D, 45, F4, 50, 8D, 45, F8, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFreeUserThreadStack + FD 7C9615C2 222 Bytes [ 00, 02, 69, 74, 17, F7, C1, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCreateSystemVolumeInformationFolder + 1 7C9619B2 115 Bytes [ 43, 0A, 66, 89, 47, 0E, 8B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCreateSystemVolumeInformationFolder + 75 7C961A26 19 Bytes [ FF, FF, 89, 45, D8, EB, D1, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCreateSystemVolumeInformationFolder + 89 7C961A3A 2 Bytes [ 4D, D4 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCreateSystemVolumeInformationFolder + 8C 7C961A3D 37 Bytes [ 01, 8B, 00, 89, 45, D8, 8B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlCreateSystemVolumeInformationFolder + B2 7C961A63 43 Bytes [ 3F, 89, 7D, C4, 83, 27, 00, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlTimeToElapsedTimeFields + 48 7C961BF3 59 Bytes [ 83, F8, 01, 74, 26, A8, F0, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSecondsSince1980ToTime + 1D 7C961C2F 25 Bytes [ 00, 76, EB, 96, 7C, DB, 0C, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSecondsSince1970ToTime 7C961C49 12 Bytes [ 90, 90, 90, 90, 8B, FF, 55, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSecondsSince1970ToTime + E 7C961C57 42 Bytes [ 25, FF, 00, 00, 00, 74, 32, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlLocalTimeToSystemTime + 2 7C961C82 88 Bytes [ 75, 10, FF, 75, 0C, FF, 14, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlSubtreeSuccessor + 1F 7C961CDB 209 Bytes [ B8, 5F, 02, 00, C0, C2, 14, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGetElementGenericTable + 11 7C961DAD 335 Bytes [ EC, 8B, 45, 08, 33, C9, 39, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlEnumerateGenericTable + D8 7C961EFD 285 Bytes CALL F49DE8A4
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlEnumerateGenericTable + 1F6 7C96201B 551 Bytes [ 0A, B1, 9E, 07, 7D, 44, 93, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGetElementGenericTableAvl + B4 7C962243 4 Bytes [ 8D, 85, B4, FD ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGetElementGenericTableAvl + B9 7C962248 75 Bytes CALL 7C902293 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlNumberGenericTableElementsAvl + 30 7C962294 71 Bytes [ FF, C7, 85, C8, FD, FF, FF, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInsertElementGenericTableAvl + B 7C9622DC 8 Bytes [ FF, 50, 6A, 01, 8D, 85, F7, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInsertElementGenericTableAvl + 16 7C9622E7 42 Bytes [ 8D, 85, D4, FD, FF, FF, 50, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDeleteElementGenericTableAvl + E 7C962312 31 Bytes CALL 7C91A738 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDeleteElementGenericTableAvl + 2E 7C962332 3 Bytes CALL 05962334
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDeleteElementGenericTableAvl + 32 7C962336 44 Bytes [ FF, 88, 9D, E4, FD, FF, FF, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDeleteElementGenericTableAvl + 5F 7C962363 6 Bytes [ F0, FF, B5, E8, FD, FF ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlDeleteElementGenericTableAvl + 66 7C96236A 4 Bytes CALL 7C90DFD0 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlLookupElementGenericTableAvl 7C96245D 94 Bytes [ 90, 90, 90, 90, 8B, FF, 55, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFlushSecureMemoryCache + 2 7C9624BC 29 Bytes [ 5D, C2, 04, 00, 90, 90, 90, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFlushSecureMemoryCache + 20 7C9624DA 27 Bytes CALL 7C90E7EF C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFlushSecureMemoryCache + 3C 7C9624F6 23 Bytes [ 00, 50, FF, 75, 08, E8, E0, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFlushSecureMemoryCache + 54 7C96250E 249 Bytes [ 8D, 45, FC, 50, 8D, 45, 0C, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlFlushSecureMemoryCache + 14E 7C962608 59 Bytes [ F8, 85, FF, 7C, 2A, 8D, 45, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIsNameLegalDOS8Dot3 + 2 7C9627A9 1 Byte [ FF ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIsNameLegalDOS8Dot3 + 4 7C9627AB 37 Bytes [ 45, C0, 89, 45, C4, 8D, 45, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIsNameLegalDOS8Dot3 + 2A 7C9627D1 3 Bytes [ 00, 8B, 4D ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIsNameLegalDOS8Dot3 + 2E 7C9627D5 98 Bytes [ 8B, 75, C8, FF, 75, C8, 8B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIsNameLegalDOS8Dot3 + 91 7C962838 16 Bytes [ 8C, 96, FE, FF, FF, 8D, 45, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGenerate8dot3Name + 17 7C96293F 3 Bytes [ 75, B8, C7 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGenerate8dot3Name + 1B 7C962943 5 Bytes [ C0, 40, 02, 00, 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGenerate8dot3Name + 21 7C962949 2 Bytes [ 5D, BC ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGenerate8dot3Name + 24 7C96294C 102 Bytes [ 75, C4, 89, 75, C8, E8, 2A, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlGenerate8dot3Name + 8B 7C9629B3 30 Bytes [ 55, 8B, EC, 83, EC, 38, 53, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlRemoteCall + 68 7C962DB0 4 Bytes [ 8B, 7D, 0C, 83 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlRemoteCall + 6E 7C962DB6 2 Bytes [ 8D, 5F ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlRemoteCall + 71 7C962DB9 198 Bytes [ 74, 5C, 3B, DA, 77, 58, 3B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlRemoteCall + 138 7C962E80 66 Bytes [ 55, 8B, EC, 8B, 4D, 08, 8B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInterlockedFlushSList + 1B 7C962ED0 13 Bytes [ 51, 53, 56, 57, 8B, 7D, 08, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInterlockedFlushSList + 29 7C962EDE 11 Bytes [ 05, 8B, 77, 08, EB, 03, 8B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInterlockedFlushSList + 35 7C962EEA 126 Bytes [ 3A, CB, 75, 12, 56, E8, 8A, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInterlockedFlushSList + B4 7C962F69 72 Bytes [ FF, 55, 8B, EC, 8B, 4D, 0C, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInitializeStackTraceDataBase + 1B 7C962FB2 73 Bytes [ 05, 89, 48, 04, EB, 05, 89, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInitializeStackTraceDataBase + 65 7C962FFC 60 Bytes [ 85, C0, 75, 20, 8B, 3F, 8B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInitializeStackTraceDataBase + A2 7C963039 29 Bytes [ 89, 58, 04, EB, 03, 89, 58, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInitializeStackTraceDataBase + C0 7C963057 25 Bytes [ C2, 08, 00, 90, 90, 90, 90, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlInitializeStackTraceDataBase + DA 7C963071 108 Bytes [ C1, 8B, 48, 08, 85, C9, 74, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIpv6AddressToStringA + 15 7C96317E 43 Bytes [ 33, C0, 39, 41, 18, 0F, 94, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIpv6AddressToStringA + 42 7C9631AB 1 Byte [ A7 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIpv6AddressToStringA + 46 7C9631AF 27 Bytes [ 8D, 53, 01, 3B, D7, 0F, 87, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIpv6AddressToStringA + 62 7C9631CB 161 Bytes [ F7, 21, 4E, 14, 89, 46, 10, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIpv6AddressToStringA + 104 7C96326D 137 Bytes [ 40, 18, 5D, C2, 04, 00, 90, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIpv6AddressToStringExA + 84 7C963419 13 Bytes [ 57, FF, 55, 0C, 8B, D8, 81, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIpv6AddressToStringExA + 92 7C963427 25 Bytes CALL 7C91F32A C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIpv6AddressToStringExA + AC 7C963441 56 Bytes [ 4D, 1C, 89, 30, 8B, 47, 24, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIpv4AddressToStringA 7C96347B 3 Bytes [ 90, 90, 90 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIpv4AddressToStringA + 4 7C96347F 211 Bytes [ FF, 55, 8B, EC, 6A, 00, 6A, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIpv4AddressToStringExA + 8A 7C963553 116 Bytes [ EC, 51, 80, 3D, A8, B0, 97, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIpv6AddressToStringW + 59 7C9635C8 21 Bytes [ 8B, 55, FC, 0F, B7, C2, 66, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIpv6AddressToStringW + 6F 7C9635DE 10 Bytes [ 66, 8B, 04, 46, 8B, 15, BC, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIpv6AddressToStringW + 7B 7C9635EA 168 Bytes [ CC, 66, 8B, 0C, 4A, 66, 85, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIpv6AddressToStringW + 124 7C963693 161 Bytes [ 06, 8B, 4B, 04, 33, FF, 66, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIpv6AddressToStringW + 1C6 7C963735 17 Bytes [ FE, 02, 75, 08, 8B, 42, 04, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIpv6AddressToStringExW + 2D 7C963804 106 Bytes [ 66, 8B, 0E, 66, 83, F9, 01, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIpv6AddressToStringExW + 98 7C96386F 7 Bytes [ 07, 0F, 83, 9C, 00, 00, 00 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIpv6AddressToStringExW + A0 7C963877 57 Bytes [ 50, FF, 3B, DA, 0F, 84, 91, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIpv6AddressToStringExW + DA 7C9638B1 13 Bytes [ 04, C6, 45, ED, 01, 80, F9, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIpv6AddressToStringExW + E8 7C9638BF 67 Bytes [ 75, 51, 85, DB, 74, 4D, 80, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIpv6StringToAddressA + 39 7C963904 15 Bytes [ 28, FF, FF, FF, 8A, 45, ED, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIpv6StringToAddressA + 49 7C963914 98 Bytes [ 5B, 8B, 4D, FC, 5F, 5E, E8, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIpv6StringToAddressA + AC 7C963977 24 Bytes [ 65, D8, 00, 66, 85, F6, 76, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIpv6StringToAddressA + C5 7C963990 17 Bytes [ FF, 75, 0C, FF, 75, D0, EB, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIpv6StringToAddressA + D7 7C9639A2 1 Byte [ 45 ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIpv6StringToAddressExA + 2B 7C963C15 114 Bytes [ D0, 8A, 4B, 03, 84, C9, 66, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIpv6StringToAddressExA + 9E 7C963C88 3 Bytes [ 10, 74, 1B ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIpv6StringToAddressExA + A2 7C963C8C 79 Bytes [ 78, 04, 0F, B7, D2, D1, EA, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIpv6StringToAddressExA + F2 7C963CDC 85 Bytes [ 74, 05, 6A, 02, 59, EB, 03, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIpv6StringToAddressExA + 148 7C963D32 7 Bytes [ FA, FF, 8B, C8, 64, A1, 18 ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIpv4StringToAddressExA + 2D 7C963E54 2 Bytes [ 50, 53 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIpv4StringToAddressExA + 30 7C963E57 23 Bytes [ B5, 24, FD, FF, FF, E8, 2F, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIpv4StringToAddressExA + 48 7C963E6F 33 Bytes CALL 0A963E71
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIpv4StringToAddressExA + 6A 7C963E91 30 Bytes [ 75, 0C, 57, FF, B5, 2C, FD, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIpv4StringToAddressExA + 89 7C963EB0 81 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIpv6StringToAddressW + 8A 7C96404A 83 Bytes [ 00, 53, 8D, 45, FC, 50, 6A, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIpv6StringToAddressW + DE 7C96409E 27 Bytes [ 50, 6A, FF, 89, 5D, FC, E8, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIpv6StringToAddressW + FA 7C9640BA 49 Bytes [ 5E, 54, 80, 7E, 44, 00, 8B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIpv6StringToAddressW + 12C 7C9640EC 73 Bytes [ 83, C4, 0C, FF, 46, 60, 66, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIpv6StringToAddressW + 176 7C964136 29 Bytes [ EB, 02, 33, C0, 5D, C2, 04, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIpv6StringToAddressExW + F 7C9642CD 107 Bytes [ FA, 74, 14, 3B, 7D, 08, 74, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIpv6StringToAddressExW + 7B 7C964339 141 Bytes [ 90, 00, 00, 00, 00, 66, 66, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIpv6StringToAddressExW + 109 7C9643C7 169 Bytes [ 00, 00, 66, 83, 7D, 10, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIpv6StringToAddressExW + 1B3 7C964471 120 Bytes [ CC, CC, CC, CC, CC, 90, 90, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlIpv6StringToAddressExW + 22C 7C9644EA 192 Bytes [ 74, 61, 85, DB, 74, 5D, 56, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlLargeIntegerDivide + 8A 7C9645AB 7 Bytes [ 66, 39, 56, 0C, 0F, 84, 8A ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlLargeIntegerDivide + 92 7C9645B3 240 Bytes [ 00, 00, 66, 8B, 4E, 08, 66, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlLargeIntegerDivide + 183 7C9646A4 61 Bytes [ 7D, 0C, 33, DB, 39, 55, F8, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlLargeIntegerDivide + 1C1 7C9646E2 3 Bytes [ D5, 4D, FB ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlLargeIntegerDivide + 1C5 7C9646E6 68 Bytes [ 59, 59, 8D, 3C, 47, 66, 8B, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlRaiseStatus + 20 7C964788 9 Bytes [ 2E, 00, 25, 00, 75, 00, 2E, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlRaiseStatus + 2A 7C964792 86 Bytes [ 75, 00, 2E, 00, 25, 00, 75, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlRandom + 52 7C9647E9 261 Bytes [ 5D, 18, 56, 8B, 75, 08, 85, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlRandom + 158 7C9648EF 33 Bytes [ 55, E4, 89, 55, F0, 75, 07, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlRandom + 17A 7C964911 91 Bytes JMP 7C964A87 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlRandom + 1D6 7C96496D 179 Bytes [ 7D, EC, 00, 0F, 87, 8E, 01, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlTraceDatabaseEnumerate + 5F 7C964A21 35 Bytes [ 4D, F4, EB, 6B, 0F, BE, DB, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlTraceDatabaseEnumerate + 83 7C964A45 27 Bytes CALL 068A8FD3
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlTraceDatabaseCreate + 17 7C964A61 5 Bytes [ 00, 53, E8, 12, BA ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlTraceDatabaseCreate + 1E 7C964A68 17 Bytes [ 85, C0, 59, 0F, 84, 93, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlTraceDatabaseCreate + 31 7C964A7B 13 Bytes [ 33, C0, 40, C6, 45, 0B, 01, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlTraceDatabaseCreate + 3F 7C964A89 29 Bytes [ 45, F8, 39, 45, F4, 74, 69, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlTraceDatabaseCreate + 5E 7C964AA8 9 Bytes [ 6A, 10, 50, FF, 75, E8, E8, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlTraceDatabaseDestroy + 3B 7C964B77 118 Bytes [ 00, 00, 00, 77, 5D, 8B, 4D, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlTraceDatabaseValidate + 15 7C964BEE 73 Bytes [ EC, 83, EC, 10, 8B, 45, 08, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlTraceDatabaseFind + 15 7C964C38 23 Bytes [ 7D, 46, 8A, 1E, 0F, BE, FB, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlTraceDatabaseFind + 2D 7C964C50 8 Bytes [ 85, C0, 59, 75, 5D, B8, 0D, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlTraceDatabaseFind + 36 7C964C59 97 Bytes [ C0, 5F, 5E, 5B, C9, C2, 10, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlTraceDatabaseFind + 98 7C964CBB 22 Bytes [ 33, 01, 00, 00, 80, 7D, 0B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlTraceDatabaseFind + B0 7C964CD3 15 Bytes [ 46, 80, 3E, 30, C7, 45, F8, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlTraceDatabaseAdd + 12 7C964E29 219 Bytes [ 55, 8B, EC, 53, 56, 33, F6, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlTraceDatabaseAdd + EE 7C964F05 75 Bytes [ 83, 7D, 0C, 10, 0F, 85, 87, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlTraceDatabaseAdd + 13B 7C964F52 13 Bytes [ 00, 00, 77, 40, C1, 65, 08, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlTraceDatabaseAdd + 149 7C964F60 11 Bytes [ 85, C0, 59, 74, 0F, 56, E8, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlTraceDatabaseAdd + 155 7C964F6C 34 Bytes [ C0, 59, 74, 04, 6A, 61, EB, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUnhandledExceptionFilter2 + C 7C965035 5 Bytes [ 45, F4, 83, 7D, F8 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUnhandledExceptionFilter2 + 12 7C96503B 117 Bytes [ 0F, 87, 9C, 01, 00, 00, C6, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUnhandledExceptionFilter2 + 88 7C9650B1 21 Bytes [ 00, 83, 7D, FC, 06, 0F, 87, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUnhandledExceptionFilter2 + 9E 7C9650C7 162 Bytes [ 00, 00, 66, 83, FE, 3A, 75, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUnhandledExceptionFilter2 + 141 7C96516A 4 Bytes [ 62, 33, D2, 39 ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUnhandledExceptionFilter + 49 7C9659F8 66 Bytes [ 40, 04, 8B, 48, 04, 3B, 4E, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUnhandledExceptionFilter + 8C 7C965A3B 46 Bytes [ FF, FF, 5E, 8A, C3, 5B, 5D, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlUnhandledExceptionFilter + BB 7C965A6A 98 Bytes CALL 7C9658D9 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlpNtMakeTemporaryKey + 1 7C965ACD 125 Bytes [ 45, 08, 89, 46, 34, 8B, 45, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlpNtMakeTemporaryKey + 7F 7C965B4B 37 Bytes CALL 7C965963 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlpNtMakeTemporaryKey + A5 7C965B71 37 Bytes CALL 7C965915 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlpNtMakeTemporaryKey + CB 7C965B97 105 Bytes [ 5E, 0F, 94, C0, 5B, C9, C2, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!RtlpNtMakeTemporaryKey + 135 7C965C01 67 Bytes [ 01, EB, 03, 8B, 40, 18, 85, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!isxdigit + 1B 7C96F495 122 Bytes [ 00, 00, 00, 75, E4, 96, 7C, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!ispunct + 2B 7C96F510 21 Bytes [ 0D, 00, 00, C0, EB, 3B, 8B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!isalnum + E 7C96F526 4 Bytes [ FF, B6, 78, 05 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!isalnum + 13 7C96F52B 10 Bytes CALL 7C901FFF C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!isalnum + 1E 7C96F536 43 Bytes CALL 7C96D684 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!isprint + 12 7C96F562 63 Bytes [ 89, 45, DC, 33, C0, 40, C3, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!isgraph + 1B 7C96F5A3 20 Bytes CALL 7C9020E0 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!isgraph + 30 7C96F5B8 66 Bytes [ 94, E5, 96, 7C, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!__toascii + 8 7C96F5FB 81 Bytes CALL 7C9141C5 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!__iscsym + 2 7C96F64D 3 Bytes [ 89, 46, 34 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!__iscsym + 6 7C96F651 148 Bytes [ 4D, FC, FF, 8A, 45, E7, E8, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_atoi64 + 55 7C96F6E6 68 Bytes [ 84, 13, 01, 00, 00, 8B, C2, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_atoi64 + 9A 7C96F72B 92 Bytes JMP 7C787840
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_ultoa + E 7C96F788 54 Bytes [ 00, 00, 00, 74, 0C, 0F, BE, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_ultoa + 45 7C96F7BF 8 Bytes CALL 068F3D51
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_ultoa + 4E 7C96F7C8 203 Bytes CALL 146D1886
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_ultow + 1 7C96F894 262 Bytes [ C7, 0B, C1, 89, 45, EC, 8D, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_lfind + 12 7C96F99B 130 Bytes [ 53, 04, 8D, 0C, C7, 0F, B7, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_snprintf + 4C 7C96FA1E 60 Bytes [ 00, C6, 46, 08, 08, 0F, B7, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_splitpath + 2B 7C96FA5B 30 Bytes [ 5F, 08, 53, FF, 75, FC, E8, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_splitpath + 4A 7C96FA7A 57 Bytes [ 18, 89, 06, 83, C0, F8, F6, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_splitpath + 84 7C96FAB4 171 Bytes [ 8B, 4C, C8, FC, 88, 4E, 08, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_splitpath + 130 7C96FB60 3 Bytes [ C7, 00, 10 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_splitpath + 134 7C96FB64 15 Bytes [ 00, 00, EB, E0, B8, BB, 00, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_strlwr + 6 7C96FB7E 44 Bytes [ 4D, 0C, 8B, 45, 10, 53, 8B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_strupr + 6 7C96FBAB 5 Bytes [ 08, 66, 89, 4D, 10 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_strupr + C 7C96FBB1 21 Bytes [ 4D, 10, 81, E1, FF, 0F, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_strupr + 22 7C96FBC7 29 Bytes [ 74, 25, 8D, 45, 0C, 50, FF, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!tolower + 1 7C96FBE5 61 Bytes JMP 7C96FCB9 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_toupper + 4 7C96FC23 7 Bytes [ C8, 83, E1, 03, F3, A4, 03 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_toupper + C 7C96FC2B 9 Bytes [ 0C, 8B, 55, F8, 3B, 5D, FC, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_vsnwprintf + 4 7C96FC35 38 Bytes [ 45, 14, 83, C0, FE, 3B, D0, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_vsnwprintf + 2B 7C96FC5C 49 Bytes [ 74, 47, B9, 00, 10, 00, 00, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_vsnwprintf + 5D 7C96FC8E 36 Bytes [ 00, 83, C0, 03, 03, C2, 3B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_wcsupr + C 7C96FCB3 156 Bytes [ C0, EB, 07, 2B, 5D, 08, 89, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!_wtoi64 + 63 7C96FD50 58 Bytes [ 3B, F3, 89, 5D, F4, 73, BA, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!abs + 1 7C96FD8B 30 Bytes [ 4D, 0C, F6, 45, 11, 80, 89, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!fabs + B 7C96FDAA 14 Bytes [ 75, EC, FF, 75, 14, E8, 4F, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!fabs + 1A 7C96FDB9 114 Bytes JMP 7C96FE83 C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!fabs + 8D 7C96FE2C 1 Byte [ 01 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!fabs + 8F 7C96FE2E 82 Bytes [ 14, 29, 45, 0C, 74, 70, 8B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!iswlower + F 7C96FE81 55 Bytes [ FF, 8B, 55, F4, 8B, 4D, 1C, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!sscanf + A 7C96FEC7 34 Bytes [ 10, 83, 65, F8, 00, 53, 8B, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!sscanf + 2D 7C96FEEA 1 Byte [ 18 ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!sscanf + 2F 7C96FEEC 58 Bytes [ 8A, FF, 0F, 00, 00, 3B, CE, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!sscanf + 6A 7C96FF27 110 Bytes [ 00, 8D, 46, 01, C7, 45, E4, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!sscanf + DA 7C96FF97 116 Bytes [ 00, 8B, 4D, 20, 3B, 4D, F0, ... ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!strtol + 2 7C9700B4 1 Byte [ FF ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!strtol + 4 7C9700B6 153 Bytes [ 55, 14, 3B, 5D, 10, 73, 4C, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!vsprintf + 4C 7C970150 94 Bytes [ 00, 5F, 5E, 5B, C9, C2, 1C, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!wcsspn + 4 7C9701AF 205 Bytes [ 55, 0C, 56, 8B, 75, 08, 8A, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!wcstombs + 84 7C97027D 5 Bytes [ 5D, 08, 40, 3B, 5A ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!wcstombs + 8A 7C970283 108 Bytes CALL B59F4813
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!wcstombs + F7 7C9702F0 35 Bytes [ 45, 0C, 46, 39, 5D, 0C, 72, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!wcstombs + 11B 7C970314 132 Bytes [ 03, 5F, 73, 02, 33, C0, 5E, ... ]
.text C:\WINDOWS\system32\services.exe[784] ntdll.dll!wcstombs + 1A0 7C970399 1 Byte [ 10 ]
.text ...
.text C:\WINDOWS\system32\services.exe[784] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\services.exe[784] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F110F5A
.text C:\WINDOWS\system32\services.exe[784] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\services.exe[784] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\services.exe[784] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\lsass.exe[796] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\lsass.exe[796] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F110F5A
.text C:\WINDOWS\system32\lsass.exe[796] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\lsass.exe[796] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\lsass.exe[796] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHCreateStreamWrapper + FFF99CF5 77F61820 4 Bytes [ 00, 00, 00, 00 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHCreateStreamWrapper + FFF99CFD 77F61828 2 Bytes [ 00, 00 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHCreateStreamWrapper + FFF99D01 77F6182C 1 Byte [ 00 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHCreateStreamWrapper + FFF99D05 77F61830 2 Bytes [ 00, 00 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHCreateStreamWrapper + FFF99D09 77F61834 2 Bytes [ 00, 00 ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathBuildRootW + 95 77F640D3 218 Bytes [ 50, 61, 74, 68, 47, 65, 74, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathBuildRootW + 170 77F641AE 130 Bytes [ 50, 61, 74, 68, 49, 73, 46, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathBuildRootW + 1F3 77F64231 390 Bytes [ 69, 76, 65, 41, 00, 50, 61, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegGetValueW + 99 77F643B8 53 Bytes [ 50, 61, 74, 68, 51, 75, 6F, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegGetValueW + CF 77F643EE 19 Bytes [ 50, 61, 74, 68, 52, 65, 6C, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegGetValueW + E3 77F64402 15 Bytes [ 50, 61, 74, 68, 52, 65, 6D, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegGetValueW + F3 77F64412 175 Bytes [ 50, 61, 74, 68, 52, 65, 6D, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegGetValueW + 1A3 77F644C2 63 Bytes [ 50, 61, 74, 68, 52, 65, 6E, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHGetValueW + 55 77F645DC 82 Bytes [ 50, 61, 74, 68, 55, 6E, 64, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHGetValueW + A8 77F6462F 135 Bytes [ 50, 61, 74, 68, 55, 6E, 71, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHGetValueW + 130 77F646B7 9 Bytes [ 53, 48, 43, 72, 65, 61, 74, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHGetValueW + 13A 77F646C1 115 Bytes [ 72, 65, 61, 6D, 4F, 6E, 46, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHGetValueW + 1AE 77F64735 50 Bytes [ 53, 48, 44, 65, 6C, 65, 74, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathMakeSystemFolderW + 6D 77F64B1C 61 Bytes [ 61, 6C, 69, 64, 61, 74, 65, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathMakeSystemFolderW + AB 77F64B5A 46 Bytes [ 53, 48, 53, 65, 74, 56, 61, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathMakeSystemFolderW + DA 77F64B89 23 Bytes [ 53, 48, 55, 6E, 6C, 6F, 63, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathMakeSystemFolderW + F2 77F64BA1 40 Bytes [ 53, 74, 72, 43, 53, 70, 6E, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathMakeSystemFolderW + 11B 77F64BCA 11 Bytes [ 53, 74, 72, 43, 61, 74, 42, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrChrW + 93 77F66750 159 Bytes [ 09, 04, F9, EC, 8C, F3, FE, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsRelativeW + 1E 77F667F0 13 Bytes [ 6F, 00, 6C, 00, 64, 00, 65, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsRelativeW + 2C 77F667FE 175 Bytes [ 66, 00, 6F, 00, 54, 00, 69, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathFindExtensionW + 55 77F668AE 7 Bytes [ 76, 00, 69, 00, 6F, 00, 72 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathFindExtensionW + 5D 77F668B6 23 Bytes [ 00, 00, 4C, 00, 6F, 00, 77, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathFindExtensionW + 75 77F668CE 31 Bytes [ 54, 00, 79, 00, 70, 00, 65, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathFindExtensionW + 95 77F668EE 13 Bytes [ 6C, 00, 65, 00, 54, 00, 79, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathRemoveExtensionW + 9 77F668FC 13 Bytes [ 00, 00, 90, 90, 48, 00, 69, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathRemoveExtensionW + 17 77F6690A 5 Bytes [ 69, 00, 73, 00, 6B ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathRemoveExtensionW + 1D 77F66910 3 Bytes [ 46, 00, 69 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathRemoveExtensionW + 21 77F66914 67 Bytes [ 6C, 00, 65, 00, 54, 00, 79, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrCmpCW + 3F 77F66958 3 Bytes [ 48, 00, 69 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrCmpCW + 43 77F6695C 29 Bytes [ 64, 00, 65, 00, 5A, 00, 6F, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrCmpCW + 61 77F6697A 31 Bytes [ 70, 00, 65, 00, 72, 00, 74, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrCmpCW + 81 77F6699A 5 Bytes [ 74, 00, 65, 00, 64 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrCmpCW + 87 77F669A0 5 Bytes [ 48, 00, 61, 00, 6E ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrCatBuffW + 7D 77F66BCD 14 Bytes [ 8D, CD, 00, 00, 85, C0, 74, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathGetDriveNumberW + 27 77F66C01 19 Bytes [ 85, C0, 8D, 85, F4, FD, FF, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathGetDriveNumberW + 3B 77F66C15 62 Bytes [ 8B, F0, F7, DE, 1B, F6, 81, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathGetDriveNumberW + 7A 77F66C54 186 Bytes [ 85, F0, FD, FF, FF, 74, 6F, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHStrDupW + AC 77F66D0F 2 Bytes [ 68, 80 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHStrDupW + AF 77F66D12 32 Bytes [ F6, 77, 57, FF, D6, 8B, D8, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrRetToBufW + 4 77F66D33 75 Bytes [ 4D, F8, 89, 0D, C0, D6, FC, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrRetToBufW + 50 77F66D7F 81 Bytes [ 90, 43, 68, 61, 6E, 67, 65, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrRetToBufW + A2 77F66DD1 179 Bytes [ 65, 75, 65, 00, 8B, 35, EC, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsUNCW + 17 77F66E86 6 Bytes [ 8B, 4D, FC, 5F, 5E, E8 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathAddBackslashW 77F66E8D 1 Byte [ E1 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathAddBackslashW + 2 77F66E8F 148 Bytes [ FF, C9, C2, 04, 00, 90, 90, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathAddBackslashW + 97 77F66F24 55 Bytes [ 89, 45, EC, 29, 5D, EC, EB, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHQueryValueExW + 2E 77F66F5C 158 Bytes [ FF, FF, 85, C0, 8B, 45, EC, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrCmpICA + B 77F66FFB 56 Bytes CALL ED81C77E
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrCmpICA + 44 77F67034 39 Bytes [ 45, D8, 83, 78, 14, 00, 0F, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrCmpICA + 6C 77F6705C 32 Bytes [ 15, 6C, 10, F6, 77, 85, C0, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathFindFileNameW + 6 77F6707D 2 Bytes [ 7D, D0 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathFindFileNameW + 9 77F67080 18 Bytes [ FF, 74, 2D, 33, F6, 39, 75, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathFindFileNameW + 1C 77F67093 35 Bytes [ 0F, 85, DB, 0F, 85, 9B, FE, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathFindFileNameW + 40 77F670B7 90 Bytes [ 27, 89, 02, 00, 39, 75, F0, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathFindFileNameW + 9B 77F67112 104 Bytes [ 00, 00, 84, C0, 0F, 88, 38, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrCmpW + 55 77F6717B 12 Bytes [ 0F, 84, D3, 03, 00, 00, A8, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrCmpW + 62 77F67188 32 Bytes [ 66, F7, 05, 78, D7, FC, 77, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrCmpW + 84 77F671AA 61 Bytes [ 80, EB, 36, 38, 1D, 7A, D7, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrCmpW + CF 77F671F5 24 Bytes [ 0F, 85, 59, 03, 00, 00, 3B, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrCmpW + E8 77F6720E 33 Bytes [ F9, 02, 0F, 85, 3E, 03, 00, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsRootW + B 77F67471 33 Bytes [ 77, 02, 62, F6, 77, 1D, 62, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsRootW + 2D 77F67493 7 Bytes [ 63, F6, 77, 72, 63, F6, 77 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsRootW + 35 77F6749B 7 Bytes [ 63, F6, 77, A3, 63, F6, 77 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsRootW + 3D 77F674A3 39 Bytes [ 63, F6, 77, DD, 63, F6, 77, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathRemoveBackslashW + C 77F674CB 393 Bytes [ 64, F6, 77, 54, 65, F6, 77, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!IntlStrEqWorkerW + 48 77F67655 15 Bytes [ FF, 55, 8B, EC, 33, C0, 39, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!IntlStrEqWorkerW + 58 77F67665 112 Bytes [ 55, 08, 56, 8B, 75, 10, 90, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!IntlStrEqWorkerW + C9 77F676D6 113 Bytes [ 74, 0A, 66, 3B, 4D, 0C, 74, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!IntlStrEqWorkerW + 13B 77F67748 8 Bytes [ 83, 6D, 08, 02, EB, EB, 90, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!IntlStrEqWorkerW + 146 77F67753 63 Bytes [ 8B, FF, 55, 8B, EC, FF, 75, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathCanonicalizeW + 4 77F67885 6 Bytes [ 01, 66, 85, C0, 75, E4 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathCanonicalizeW + B 77F6788C 41 Bytes [ D2, 8B, C2, 75, 02, 8B, C1, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathCanonicalizeW + 35 77F678B6 127 Bytes [ A1, 80, D2, FC, 77, 89, 45, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathCanonicalizeW + B5 77F67936 76 Bytes [ ED, 0F, B7, 01, 0F, B7, 0A, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathCanonicalizeW + 102 77F67983 64 Bytes [ 14, 74, 3E, 57, 66, 89, 06, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathCombineW + 17 77F679E0 16 Bytes [ 18, 33, FF, FF, 75, 14, FF, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathCombineW + 28 77F679F1 11 Bytes [ D6, 3B, C7, 89, 45, FC, 0F, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathCombineW + 34 77F679FD 23 Bytes [ 8B, 45, FC, 5F, 5E, C9, C2, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathCombineW + 4D 77F67A16 6 Bytes [ 83, 3D, 84, D2, FC, 77 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathCombineW + 54 77F67A1D 50 Bytes [ A1, 80, D2, FC, 77, 56, 8B, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathAppendW + F8 77F67BC5 123 Bytes [ F0, 8B, 4D, FC, 8B, C6, 5E, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathRemoveFileSpecW + 42 77F67C98 32 Bytes [ F3, A5, 8B, C8, 83, E1, 03, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathRemoveFileSpecW + A1 77F67CF7 6 Bytes [ 8B, FF, 55, 8B, EC, 8B ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathRemoveFileSpecW + A8 77F67CFE 147 Bytes [ 10, 33, C9, 33, C0, 39, 4A, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathFileExistsW + 9 77F67D92 1 Byte [ 75 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathFileExistsW + B 77F67D94 14 Bytes [ 0F, 85, A3, 95, 00, 00, 8B, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathFileExistsW + 1B 77F67DA4 5 Bytes [ 0C, E8, E8, FD, FF ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathFileExistsW + 21 77F67DAA 43 Bytes [ 8B, F0, 3B, F7, 0F, 87, EB, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!ChrCmpIW 77F67E0A 9 Bytes [ 90, 90, 8B, FF, 55, 8B, EC, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!ChrCmpIW + A 77F67E14 53 Bytes [ 00, 57, 74, 45, 8B, 7D, 0C, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrChrIW + A 77F67E4A 10 Bytes [ C0, 74, 07, 53, 83, C6, 02, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrChrIW + 15 77F67E55 67 Bytes [ C6, 5E, 5B, 5F, 5D, C2, 08, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrStrIW + 1D 77F67E99 101 Bytes [ C0, 85, FF, 74, 36, 57, FF, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrStrIW + 83 77F67EFF 10 Bytes [ 17, 66, 8B, 0E, 66, 85, C9, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrStrIW + 8E 77F67F0A 13 Bytes [ 0A, 42, 42, 46, 46, 4F, FF, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrStrIW + 9C 77F67F18 11 Bytes [ FF, 5E, 0F, 84, 81, AE, 02, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrStrIW + A8 77F67F24 4 Bytes [ 5F, 5D, C2, 10 ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!wvnsprintfA + 62 77F68064 29 Bytes [ FF, 7F, 0F, 87, 78, 6B, 02, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!wvnsprintfA + 80 77F68082 19 Bytes [ C2, 74, 26, 66, 8B, 0A, 66, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!wvnsprintfA + 94 77F68096 104 Bytes [ F9, 3A, 74, 15, 66, 83, F9, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!wvnsprintfA + 177 77F68179 69 Bytes [ FC, 01, 00, 00, 00, EB, 52, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!wvnsprintfA + 1BD 77F681BF 19 Bytes [ FF, 0F, C1, E7, 04, 03, FA, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!wnsprintfA + 24 77F682A0 22 Bytes [ EB, FE, FF, FF, 85, C0, 0F, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!wnsprintfA + 3B 77F682B7 55 Bytes [ 5F, 66, 89, 46, 06, 57, 8D, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!wnsprintfA + 73 77F682EF 21 Bytes [ 00, 8A, 45, 0C, 53, 88, 46, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!wnsprintfA + 89 77F68305 85 Bytes [ 85, C0, 0F, 84, D8, A4, 00, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!wnsprintfA + DF 77F6835B 90 Bytes [ FF, 85, C0, 0F, 84, 81, A4, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathStripToRootW + E 77F68403 93 Bytes [ 20, 40, 40, 66, 39, 08, 75, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathStripToRootW + 6C 77F68461 6 Bytes [ 90, 90, 90, 90, 90, 8B ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathStripToRootW + 73 77F68468 58 Bytes [ 55, 8B, EC, 56, 8B, 75, 08, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrCmpLogicalW + E 77F684A3 20 Bytes [ 0F, 85, E5, A4, 01, 00, 33, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrCmpLogicalW + 23 77F684B8 87 Bytes [ 00, 00, 90, 90, 90, 90, 90, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrCmpLogicalW + 7B 77F68510 27 Bytes [ 8B, 08, 66, 85, C9, 74, 0A, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrCmpLogicalW + 97 77F6852C 179 Bytes [ 55, 8B, EC, 8B, 4D, 08, 85, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrCmpLogicalW + 14B 77F685E0 48 Bytes [ 00, 7D, 1E, 8B, 75, 08, 8D, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegOpenUSKeyA + 6 77F68B4F 66 Bytes CALL AA7A9A74
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegOpenUSKeyA + 4B 77F68B94 19 Bytes [ 6A, 02, 5A, 2B, C2, 0F, 84, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegOpenUSKeyA + 5F 77F68BA8 16 Bytes [ 2B, C2, 0F, 84, AE, 85, 01, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegOpenUSKeyA + 71 77F68BBA 121 Bytes [ 83, E0, 04, EB, A3, 90, 90, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegOpenUSKeyA + EC 77F68C35 2 Bytes [ EB, 07 ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegOpenUSKeyW + 56 77F68CE0 92 Bytes [ 55, 10, 3B, D0, 74, 04, 2B, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegGetUSValueW + 4B 77F68D3D 134 Bytes [ FF, FF, 7F, 0F, 87, 01, 79, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegGetUSValueW + D2 77F68DC4 54 Bytes [ FF, 55, 8B, EC, 83, 7D, 08, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegGetUSValueW + 109 77F68DFB 3 Bytes [ 25, 80, 00 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegGetUSValueW + 14F 77F68E41 2 Bytes [ FF, 55 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegGetUSValueW + 152 77F68E44 12 Bytes [ EC, 56, 8B, 75, 08, 85, F6, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegQueryUSValueW + 4D 77F68EC2 58 Bytes [ EB, E0, 8B, C6, 5E, 5B, 5F, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegQueryUSValueW + 8A 77F68EFF 36 Bytes [ 4D, 6A, 01, FF, 15, D8, 11, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegQueryUSValueW + CD 77F68F42 14 Bytes [ B5, F8, FD, FF, FF, FF, 15, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegQueryUSValueW + F4 77F68F69 128 Bytes [ 4D, 08, 85, C9, 74, 0F, 8B, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegGetBoolUSValueW + 56 77F68FEA 13 Bytes [ 15, 44, 12, F6, 77, 8B, 4D, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegGetBoolUSValueW + 64 77F68FF8 27 Bytes [ FF, C9, C2, 1C, 00, 90, 90, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegGetBoolUSValueW + 80 77F69014 16 Bytes [ 4D, 0C, 8B, 4D, 0C, 56, 8B, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegGetBoolUSValueW + 91 77F69025 13 Bytes [ 7D, 08, 89, 75, D8, 89, 4D, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegGetBoolUSValueW + 9F 77F69033 72 Bytes [ 00, 89, 45, E0, 0F, 88, 1D, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!wvnsprintfW + 6 77F691F7 6 Bytes [ 7D, D4, 00, 0F, 85, 7F ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!wvnsprintfW + D 77F691FE 34 Bytes [ 02, 00, 85, C0, 0F, 8C, 5E, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!wvnsprintfW + 30 77F69221 77 Bytes [ 39, 75, D4, 0F, 85, E8, 77, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!wvnsprintfW + 7E 77F6926F 47 Bytes [ 55, 0C, 89, 0A, 5D, C2, 08, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!wvnsprintfW + AE 77F6929F 2 Bytes CALL C37AA1AB
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!wnsprintfW + 56 77F6943C 9 Bytes [ 68, 14, 77, F6, 77, 56, FF, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!wnsprintfW + 60 77F69446 6 Bytes [ 85, FF, 0F, 8C, EB, F7 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!wnsprintfW + 67 77F6944D 25 Bytes JMP 77F93B83 C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation)
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!wnsprintfW + 81 77F69467 41 Bytes [ FF, 75, 0C, 8B, 08, 50, FF, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!wnsprintfW + AB 77F69491 198 Bytes [ 90, 90, 90, 90, 8B, FF, 55, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHSetValueW + 9 77F69768 47 Bytes [ 77, 73, 70, 49, 74, 69, 68, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHSetValueW + 3A 77F69799 71 Bytes [ 97, 06, D1, 2E, 93, CF, 11, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHSetValueW + 82 77F697E1 45 Bytes [ EE, 44, 45, 53, 54, 00, 00, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHSetValueW + B0 77F6980F 97 Bytes [ 55, 8B, EC, 83, EC, 14, A1, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHSetValueW + 112 77F69871 34 Bytes [ 0B, D8, 8B, 4D, FC, 5F, 5E, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!AssocCreate + 2 77F69E6B 12 Bytes [ 5E, 5D, C2, 1C, 00, 90, 90, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!AssocCreate + F 77F69E78 3 Bytes [ 8B, EC, 51 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!AssocCreate + 14 77F69E7D 15 Bytes [ 8B, 7D, 18, 33, C0, 3B, F8, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!AssocCreate + 24 77F69E8D 92 Bytes [ 4D, 18, 8B, 4D, 10, 3B, C8, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!AssocCreate + 81 77F69EEA 79 Bytes [ FF, 85, C0, 74, 37, 83, 7D, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegDuplicateHKey + 26 77F6A565 1 Byte [ 00 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegDuplicateHKey + 2B 77F6A56A 13 Bytes [ 90, 8B, FF, 55, 8B, EC, 8B, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegDuplicateHKey + 3A 77F6A579 9 Bytes [ 70, 08, 57, 8B, 38, 50, E8, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegDuplicateHKey + 44 77F6A583 23 Bytes [ FF, 59, 53, FF, D7, 85, F6, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegDuplicateHKey + 60 77F6A59F 9 Bytes [ 8B, FF, 55, 8B, EC, F7, 45, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!AssocQueryKeyW + 5D 77F6A60B 67 Bytes [ 45, 0C, 89, 46, 04, 8B, 45, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!AssocQueryKeyW + A2 77F6A650 1 Byte [ 8C ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!AssocQueryKeyW + A6 77F6A654 7 Bytes [ 5F, 33, C0, 40, 85, DB, 0F ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!AssocQueryKeyW + AE 77F6A65C 18 Bytes [ 0A, C0, 02, 00, 5B, 5D, C2, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!AssocQueryKeyW + C1 77F6A66F 194 Bytes [ FF, BE, 30, D4, FC, 77, 39, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrToIntW + 20 77F6AF94 73 Bytes [ 00, 68, 98, 00, 00, 00, E8, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathUnquoteSpacesW + 1F 77F6AFDE 5 Bytes [ 5B, 5D, C2, 0C, 00 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathUnquoteSpacesW + 25 77F6AFE4 33 Bytes [ DD, D0, 16, 90, 41, 7C, CC, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrRChrW + 19 77F6B077 55 Bytes [ 83, C1, 0C, 39, 75, 10, 0F, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathParseIconLocationW + 12 77F6B0AF 107 Bytes CALL 7860C128
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathParseIconLocationW + 7E 77F6B11B 25 Bytes [ CB, 07, F4, C4, 5B, 90, 90, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!AssocQueryStringByKeyW + 15 77F6B135 56 Bytes [ FF, 55, 8B, EC, 56, 8B, 75, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!AssocQueryStringByKeyW + 4F 77F6B16F 6 Bytes [ 0C, 51, 50, E8, 25, C5 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!AssocQueryStringByKeyW + 56 77F6B176 6 Bytes [ FF, 8D, 4E, F0, 8B, 01 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!AssocQueryStringByKeyW + 5D 77F6B17D 22 Bytes [ 50, 20, 5E, 5D, C2, 08, 00, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!AssocQueryStringByKeyW + 77 77F6B197 105 Bytes [ 90, 83, 6C, 24, 04, 10, E9, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHUnlockShared 77F6B53E 45 Bytes [ 90, 8B, FF, 55, 8B, EC, 51, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHFreeShared + 13 77F6B56C 17 Bytes [ 55, 8B, EC, 8B, 45, 08, 8B, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHFreeShared + 7A 77F6B5D3 40 Bytes [ F0, 85, F6, 7C, 3D, 8B, 55, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHAllocShared + C 77F6B5FD 25 Bytes [ 14, 8B, 08, FF, 75, 0C, FF, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHAllocShared + 26 77F6B617 17 Bytes [ C6, 5E, C9, C2, 14, 00, 90, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHAllocShared + 38 77F6B629 174 Bytes [ 57, 8B, 7D, 08, 33, C0, 83, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHAllocShared + E7 77F6B6D8 101 Bytes [ 00, 00, 8B, F8, 85, FF, 74, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHAllocShared + 14E 77F6B73F 14 Bytes [ 8B, 4D, 1C, 89, 01, 0F, 84, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHCreateStreamOnFileW + 15 77F6B8AE 114 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHCreateStreamOnFileW + 88 77F6B921 9 Bytes [ FF, 00, 01, 00, 00, E8, 5C, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHCreateStreamOnFileW + 92 77F6B92B 17 Bytes [ 83, 26, 00, 85, C0, 0F, 85, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHCreateStreamOnFileW + A5 77F6B93E 3 Bytes [ 85, A8, AA ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHCreateStreamOnFileW + AA 77F6B943 43 Bytes [ 85, DB, 75, 0D, 66, 39, 85, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsURLW + 9 77F6BB9A 47 Bytes [ C4, 10, 85, C0, 7C, 13, 3B, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsURLW + 39 77F6BBCA 63 Bytes [ 68, 2C, 01, 00, 00, 50, E8, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsURLW + 79 77F6BC0A 47 Bytes [ 00, 00, B8, 18, AC, F6, 77, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsURLW + A9 77F6BC3A 11 Bytes [ 74, 00, 5C, 00, 57, 00, 69, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsURLW + B5 77F6BC46 11 Bytes [ 6F, 00, 77, 00, 73, 00, 5C, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlIsW + A 77F6BCB6 116 Bytes [ 73, 00, 65, 00, 73, 00, 5C, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlIsW + 7F 77F6BD2B 5 Bytes [ A1, 80, D2, FC, 77 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlIsW + 85 77F6BD31 35 Bytes [ 4D, 1C, 53, 8B, 5D, 14, 56, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlIsW + A9 77F6BD55 95 Bytes [ FE, FF, FF, C7, 85, F8, FE, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlIsW + 109 77F6BDB5 25 Bytes [ 85, F8, FE, FF, FF, 5F, 5E, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHLoadIndirectString + A 77F6BEB8 25 Bytes [ 4E, 00, 61, 00, 6D, 00, 65, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHLoadIndirectString + 24 77F6BED2 41 Bytes [ 75, 14, 8B, 7D, 0C, FF, 75, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHLoadIndirectString + 4E 77F6BEFC 72 Bytes [ 51, 6A, 02, 68, 18, AF, F6, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHLoadIndirectString + 97 77F6BF45 26 Bytes [ FF, 00, 00, 0D, 00, 00, 07, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHLoadIndirectString + B2 77F6BF60 34 Bytes [ 75, 14, 8B, 76, 08, 8B, 06, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathFindFileNameA + 4 77F6C1A0 13 Bytes [ 45, 0C, 66, 83, 38, 40, FF, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathFindFileNameA + 12 77F6C1AE 27 Bytes [ 43, 02, 00, 00, 68, 74, 6F, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathFindFileNameA + 2E 77F6C1CA 59 Bytes [ FF, 55, 8B, EC, 81, EC, 64, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathFindFileNameA + 6A 77F6C206 14 Bytes [ 00, 68, 05, 00, 00, 41, FF, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathFindFileNameA + 79 77F6C215 5 Bytes [ B5, A0, F6, FF, FF ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlGetPartW + 27 77F6CCBC 93 Bytes [ 89, 45, FC, 8B, 45, 08, 53, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlGetPartW + 85 77F6CD1A 150 Bytes [ 75, 10, FF, 75, 0C, FF, 70, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlGetPartW + 11C 77F6CDB1 23 Bytes [ FF, 51, 24, 8B, D8, 3B, DE, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlGetPartW + 134 77F6CDC9 68 Bytes [ FF, 51, 14, 85, C0, 8B, 4D, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlGetPartW + 179 77F6CE0E 52 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegGetValueA + 2F 77F70059 193 Bytes [ 79, 6D, 46, 75, 6E, 63, 74, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHGetValueA + 58 77F7011B 270 Bytes [ 77, 77, 82, FC, 77, 50, F4, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHQueryValueExA + 3F 77F7022A 28 Bytes [ 69, 6C, 44, 72, 61, 77, 42, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHQueryValueExA + 5C 77F70247 22 Bytes [ 79, 6C, 65, 00, 90, 53, 65, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHQueryValueExA + 73 77F7025E 21 Bytes [ 90, 90, 53, 65, 74, 47, 61, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHQueryValueExA + 89 77F70274 14 Bytes [ 61, 64, 67, 65, 74, 50, 61, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHQueryValueExA + 98 77F70283 33 Bytes [ 47, 61, 64, 67, 65, 74, 4D, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrRChrA + 74 77F70374 216 Bytes [ 47, 65, 74, 47, 61, 64, 67, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrRChrA + 14D 77F7044D 54 Bytes [ 90, 90, 90, 42, 75, 69, 6C, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrRChrA + 184 77F70484 14 Bytes [ 41, 75, 74, 6F, 54, 72, 61, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrCatW + D 77F70493 319 Bytes [ 61, 63, 68, 57, 6E, 64, 50, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathAddBackslashA + 86 77F705D3 199 Bytes [ 61, 63, 68, 00, 90, 44, 6E, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegQueryInfoUSKeyW + 4E 77F7069B 17 Bytes [ 90, 44, 6E, 73, 4E, 61, 6D, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegQueryInfoUSKeyW + 60 77F706AD 251 Bytes [ 90, 90, 90, 44, 6E, 73, 4E, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrCmpNIA + 3 77F707A9 632 Bytes [ 49, 50, 72, 6F, 6D, 70, 74, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrCmpNIA + 27C 77F70A22 1 Byte [ 00 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrCmpNIA + 27E 77F70A24 5 Bytes [ E0, 83, FC, 77, 82 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrCmpNIA + 284 77F70A2A 1 Byte [ 00 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrCmpNIA + 286 77F70A2C 5 Bytes [ 74, 7E, FC, 77, 83 ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!AssocGetPerceivedType + 14 77F710B7 23 Bytes [ 00, 65, 00, 41, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!AssocGetPerceivedType + 2C 77F710CF 61 Bytes [ 75, 14, 68, FF, FF, 00, 00, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!AssocGetPerceivedType + 6A 77F7110D 138 Bytes [ 33, DB, 8B, 7D, 14, 85, FF, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!AssocGetPerceivedType + F5 77F71198 20 Bytes [ 80, 38, 00, 0F, 84, D1, FE, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!AssocGetPerceivedType + 10A 77F711AD 63 Bytes [ 15, AC, 10, F6, 77, 8B, F0, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHCreateShellPalette 77F71940 111 Bytes [ B8, 08, D2, FC, 77, EB, D7, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHCreateShellPalette + 70 77F719B0 119 Bytes [ 14, 8B, 75, 08, 89, 45, FC, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHCreateShellPalette + E8 77F71A28 44 Bytes [ 2E, 00, 73, 00, 63, 00, 72, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHCreateShellPalette + 115 77F71A55 1 Byte [ 00 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHCreateShellPalette + 118 77F71A58 115 Bytes [ 2E, 00, 65, 00, 78, 00, 65, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHOpenRegStream2W + DC 77F72596 2 Bytes [ B4, 9C ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHOpenRegStream2W + E0 77F7259A 16 Bytes [ 6A, 00, 68, AC, 15, F7, 77, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHOpenRegStream2W + F1 77F725AB 3 Bytes [ C3, 2A, 00 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHOpenRegStream2W + F5 77F725AF 119 Bytes [ 00, 90, 90, 90, 90, 90, 8B, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrRetToStrW + 14 77F72627 7 Bytes [ 89, 75, C0, 89, 4D, CC, AB ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrRetToStrW + 1C 77F7262F 50 Bytes [ 4D, D4, 89, 4D, D8, 89, 4D, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrRetToStrW + 4F 77F72662 13 Bytes [ 7D, 81, E2, FF, FF, 00, 00, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrRetToStrW + 5E 77F72671 123 Bytes [ 33, DB, 3B, C1, 0F, 85, A8, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHGetThreadRef + 59 77F726ED 6 Bytes [ 85, FF, 74, 7A, E9, 88 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHGetThreadRef + 60 77F726F4 50 Bytes [ 00, 00, 57, FF, 15, 70, 13, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHGetThreadRef + 93 77F72727 1 Byte [ FF ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHGetThreadRef + 95 77F72729 33 Bytes [ BB, 88, D3, FC, 77, 53, FF, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHGetThreadRef + B7 77F7274B 3 Bytes [ 89, 3E, 53 ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathMatchSpecW + 21 77F72847 18 Bytes [ C0, 59, 0F, 84, FD, 5A, 00, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathMatchSpecW + 34 77F7285A 104 Bytes [ FF, 90, 90, 90, 90, 90, 8B, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathMatchSpecW + 9D 77F728C3 67 Bytes [ 77, 31, 9B, F6, 77, 40, AA, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathMatchSpecW + E1 77F72907 112 Bytes [ C3, 46, 00, 6F, 00, 6C, 00, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsFileSpecW + 1A 77F72978 68 Bytes [ 00, 00, 00, 3B, F3, 74, 7F, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsFileSpecW + 5F 77F729BD 9 Bytes [ 21, 8B, 35, 04, 11, F6, 77, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsFileSpecW + 69 77F729C7 18 Bytes [ FC, FF, FF, 50, 6A, 0A, 53, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsFileSpecW + 7C 77F729DA 1 Byte [ 00 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsFileSpecW + 7E 77F729DC 44 Bytes [ 57, FF, D6, 8D, 85, FC, FB, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrTrimW + 54 77F72F3B 70 Bytes [ 00, 30, 21, F7, 77, 28, 21, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrTrimW + 9C 77F72F83 5 Bytes [ 00, CC, 21, F7, 77 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrTrimW + A2 77F72F89 64 Bytes [ 00, 00, 00, 10, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrTrimW + E3 77F72FCA 28 Bytes [ 00, 00, A4, 20, F7, 77, 8C, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrTrimW + 101 77F72FE8 53 Bytes [ 64, 20, F7, 77, 00, 02, 00, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrRStrIW + 1D 77F7387A 100 Bytes [ 66, 8B, 06, 66, 3B, C7, 74, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrRStrIW + 82 77F738DF 27 Bytes [ 85, C0, 7C, 17, 57, 6A, 04, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrRStrIW + 9E 77F738FB 182 Bytes [ 75, E4, 8B, 03, FF, 75, 10, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrRStrIW + 155 77F739B2 27 Bytes [ 65, 00, 78, 00, 65, 00, 63, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrRStrIW + 171 77F739CE 1 Byte [ 65 ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!AssocIsDangerous + 11 77F73CA4 57 Bytes [ 72, 00, 00, 00, 90, 90, 90, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!AssocIsDangerous + 4C 77F73CDF 76 Bytes [ 89, 45, FC, EB, 2F, 6A, 00, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!AssocIsDangerous + 99 77F73D2C 20 Bytes [ 63, 00, 00, 00, 90, 90, 90, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!AssocIsDangerous + AE 77F73D41 22 Bytes [ 74, 03, 83, 0F, FF, 8B, 75, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!AssocIsDangerous + C5 77F73D58 58 Bytes [ FF, 66, 83, 38, 00, 0F, 84, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathGetArgsW + 35 77F74206 21 Bytes [ 00, 00, 85, C0, 0F, 84, D5, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathRemoveArgsW + 11 77F7421C 65 Bytes [ 55, 8B, EC, 81, EC, 0C, 02, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathRemoveArgsW + 53 77F7425E 12 Bytes [ 4D, FC, F7, D8, 1B, C0, 5F, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathRemoveArgsW + 60 77F7426B 19 Bytes [ FF, C9, C2, 04, 00, 56, FF, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathRemoveArgsW + 74 77F7427F 14 Bytes [ 90, 90, 90, 90, 90, B8, 80, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathRemoveArgsW + 83 77F7428E 47 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsPrefixW + 86 77F74392 92 Bytes [ 8B, FF, 55, 8B, EC, 81, EC, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsPrefixW + E3 77F743EF 70 Bytes [ D2, FC, 77, 8D, 85, EC, FD, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsPrefixW + 12A 77F74436 45 Bytes [ FF, 50, 6A, 01, FF, B5, F0, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsPrefixW + 158 77F74464 25 Bytes [ A1, 80, D2, FC, 77, 89, 45, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsPrefixW + 172 77F7447E 1 Byte [ 75 ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrStrA + 58 77F74F3E 177 Bytes [ C7, 45, FC, 02, 00, 07, 80, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegWriteUSValueW + 73 77F74FF0 225 Bytes CALL 586F4730
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegEnumUSKeyW + 71 77F750D2 33 Bytes [ FF, 75, 24, FF, 75, 20, FF, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHEnumKeyExW + 5 77F750FD 5 Bytes [ 51, 51, 83, 7D, 08 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHEnumKeyExW + B 77F75103 26 Bytes [ 57, BF, 57, 00, 07, 80, 0F, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHEnumKeyExW + 26 77F7511E 10 Bytes [ 28, 50, BE, 14, 77, F6, 77, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHEnumKeyExW + 31 77F75129 82 Bytes [ 00, 00, 8B, F8, 85, FF, 7C, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHEnumKeyExW + 84 77F7517C 12 Bytes [ 75, 1C, FF, 75, 08, 50, FF, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegQueryUSValueA + 4 77F75192 16 Bytes [ 45, 28, 8B, 08, 50, FF, 51, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegQueryUSValueA + 15 77F751A3 5 Bytes [ 90, 90, 90, 90, 90 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegQueryUSValueA + 1B 77F751A9 151 Bytes [ FF, 55, 8B, EC, A1, 00, D8, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegQueryUSValueA + B3 77F75241 6 Bytes [ 90, 90, 90, 90, 90, 8B ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegQueryUSValueA + BA 77F75248 118 Bytes [ 55, 8B, EC, 81, EC, 1C, 02, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathAddExtensionW + 18 77F75303 108 Bytes [ C9, C2, 0C, 00, 90, 90, 90, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathAddExtensionW + 85 77F75370 20 Bytes [ 89, 48, 08, 89, 48, 14, 89, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathAddExtensionW + 9A 77F75385 88 Bytes [ 48, 30, 89, 48, 34, 5E, 5D, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathAddExtensionW + F3 77F753DE 53 Bytes [ 83, 61, 08, 00, 83, 61, 0C, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathAddExtensionW + 129 77F75414 7 Bytes [ FF, 55, 8B, EC, 53, 56, 57 ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!IsCharSpaceW 77F758A5 61 Bytes [ 6A, 00, 6A, 23, 6A, 3F, E8, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!IsCharSpaceW + 4D 77F758F2 13 Bytes [ 83, 7D, FC, 00, 0F, 84, 4E, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!IsCharSpaceW + 6F 77F75914 29 Bytes [ 33, C0, 40, EB, C6, 90, 90, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!IsCharSpaceW + 8D 77F75932 26 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!IsCharSpaceW + A8 77F7594D 61 Bytes CALL 387C6859
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlCombineA + 1C 77F7668C 5 Bytes [ 00, 00, 00, 00, 26 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlCombineA + 22 77F76692 14 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlCombineA + 31 77F766A1 36 Bytes [ 56, 57, 58, 00, 13, 59, 59, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlCombineA + 58 77F766C8 65 Bytes [ 00, 00, 5F, 00, 60, 06, 44, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlCombineA + 9B 77F7670B 255 Bytes [ 00, 00, 00, 00, 7B, 00, 00, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlCanonicalizeA + 33 77F76858 153 Bytes [ 00, 00, 00, 00, 71, CA, CB, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHSetValueA + 57 77F768F2 12 Bytes [ 3F, FC, FF, FF, FF, 00, 00, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHSetValueA + 64 77F768FF 28 Bytes [ 00, 40, D7, FF, FF, FB, FF, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHSetValueA + 81 77F7691C 22 Bytes [ 9F, 19, FF, FF, FF, CF, 3F, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHSetValueA + 98 77F76933 13 Bytes [ 00, FF, 07, 07, 00, FE, 07, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHSetValueA + A6 77F76941 8 Bytes [ 7F, 2F, 00, E0, FF, FF, FF, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrToIntA + 12 77F76A47 45 Bytes [ 00, 00, 00, 04, 00, FF, FF, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrToIntA + 40 77F76A75 10 Bytes [ 00, D0, FF, 0E, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrToIntA + 4B 77F76A80 1 Byte [ 3C ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrToIntA + 4D 77F76A82 1 Byte [ 01 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrToIntA + 4F 77F76A84 1 Byte [ 00 ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHDeleteKeyW + 5 77F76F99 46 Bytes [ 30, 8B, 45, 0C, 89, 45, D4, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHDeleteKeyW + 34 77F76FC8 3 Bytes [ 8D, FD, FF ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHDeleteKeyW + 3A 77F76FCE 1 Byte [ 14 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHDeleteKeyW + 46 77F76FDA 84 Bytes [ 8B, 45, 08, 85, C0, 56, BE, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHDeleteKeyW + 9B 77F7702F 7 Bytes [ 3F, 00, 75, 13, 83, 7E, 40 ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!GetMenuPosFromID + 32 77F772EB 6 Bytes [ 90, 42, 00, 61, 00, 67 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!GetMenuPosFromID + 39 77F772F2 1 Byte [ 73 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!GetMenuPosFromID + 3B 77F772F4 58 Bytes [ 5C, 00, 41, 00, 6C, 00, 6C, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!GetMenuPosFromID + 76 77F7732F 119 Bytes [ 55, 8B, EC, 81, EC, 5C, 02, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHCreateThread + 21 77F773C7 22 Bytes CALL 77F8185F C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation)
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHCreateThread + 38 77F773DE 29 Bytes [ 15, 70, D1, FC, 77, 8B, F0, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHCreateThread + 56 77F773FC 23 Bytes [ FF, FF, FF, B5, 74, FF, FF, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHCreateThread + 6E 77F77414 21 Bytes [ 0F, 84, 55, F7, 01, 00, 8B, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHCreateThread + 85 77F7742B 4 Bytes [ FF, 8B, 08, 50 ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegCreateUSKeyW + B 77F77692 31 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegCreateUSKeyW + 2B 77F776B2 21 Bytes [ 85, C8, FB, FF, FF, 8B, 45, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegCreateUSKeyW + 41 77F776C8 11 Bytes [ 20, 85, DE, 57, 8B, 7D, 08, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegCreateUSKeyW + 4D 77F776D4 5 Bytes [ FF, 74, 0A, F7, C3 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegCreateUSKeyW + 55 77F776DC 8 Bytes [ 04, 74, 02, 33, DE, 8D, 8D, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegCreateUSKeyA + 3B 77F7772A 20 Bytes [ 81, A5, C8, FB, FF, FF, 00, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegCreateUSKeyA + 50 77F7773F 17 Bytes [ B5, 90, FE, FF, FF, 8D, 8D, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegCreateUSKeyA + 62 77F77751 42 Bytes [ FF, B5, 1C, FF, FF, FF, 8D, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegCreateUSKeyA + 8D 77F7777C 120 Bytes [ 50, 8D, 85, A4, FB, FF, FF, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegCreateUSKeyA + 10B 77F777FA 69 Bytes [ 8B, 4D, FC, 5F, 8B, C6, 5E, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHCreateThreadRef + D 77F77CCD 35 Bytes [ 50, 68, 01, 00, 00, 80, 8B, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHCreateThreadRef + 6B 77F77D2B 14 Bytes [ FF, 51, 6A, 00, 89, 45, FC, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHCreateThreadRef + 7A 77F77D3A 48 Bytes [ FF, FF, FF, A0, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHCreateThreadRef + B3 77F77D73 26 Bytes [ F8, 85, FF, 7C, 2A, 68, B4, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHCreateThreadRef + CE 77F77D8E 82 Bytes [ 8D, 85, 5C, FF, FF, FF, 50, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHDeleteKeyA + 131 77F78642 41 Bytes [ 8B, 45, FC, 89, 45, 08, 0F, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHDeleteKeyA + 18C 77F7869D 83 Bytes [ 7D, 14, 33, C9, 51, 51, 68, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathFindOnPathW + 12 77F786F1 18 Bytes [ 55, 8B, EC, 81, EC, 18, 01, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathFindOnPathW + 25 77F78704 70 Bytes [ 8B, 75, 10, 57, 89, 45, FC, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathFindOnPathW + 6C 77F7874B 114 Bytes [ FF, 0F, 84, 1B, 07, 00, 00, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathFindOnPathW + E0 77F787BF 44 Bytes [ 00, 80, 83, BD, F8, FE, FF, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathFindOnPathW + 10D 77F787EC 27 Bytes [ B3, 10, 01, 00, 00, 8D, 43, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegSetUSValueW + 7 77F78A92 33 Bytes [ FF, FF, 85, C0, 0F, 85, 1E, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegSetUSValueW + 29 77F78AB4 162 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!ColorRGBToHLS + 80 77F78B57 21 Bytes [ 10, F6, 77, 8B, 45, FC, 5F, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!ColorRGBToHLS + 96 77F78B6D 104 Bytes [ EC, 83, EC, 50, A1, 80, D2, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!ColorHLSToRGB + 54 77F78BD6 51 Bytes [ 45, 08, 8B, 08, 0F, 84, F3, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!ColorHLSToRGB + 88 77F78C0A 71 Bytes [ 08, 57, FF, 76, 04, FF, 15, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!ColorHLSToRGB + D0 77F78C52 7 Bytes [ FF, 75, 0C, FF, 75, 08, 68 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!ColorHLSToRGB + 10A 77F78C8C 26 Bytes [ 75, 08, FF, 35, 78, D6, FC, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!ColorHLSToRGB + 125 77F78CA7 28 Bytes [ 80, 5D, C2, 04, 00, 90, 90, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsUNCA + 1B 77F78F50 36 Bytes [ A1, 80, D2, FC, 77, 57, 89, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsUNCA + 40 77F78F75 8 Bytes [ 00, 00, FF, 15, EC, 13, F6, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsUNCA + 49 77F78F7E 8 Bytes [ 4D, FC, 33, C0, 83, BD, 78, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsUNCA + 52 77F78F87 170 Bytes [ FF, 02, 5F, 0F, 94, C0, E8, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathCanonicalizeA + 47 77F79032 5 Bytes [ 0F, 87, 00, C9, FE ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathCanonicalizeA + 92 77F7907D 34 Bytes [ 00, 50, 56, FF, 75, 10, 68, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathCanonicalizeA + B7 77F790A2 36 Bytes [ EB, F8, 25, 00, 64, 00, 78, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathCanonicalizeA + DC 77F790C7 91 Bytes [ 85, C0, 0F, 84, C9, D7, 01, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathAppendA + 27 77F79123 25 Bytes [ D6, 3B, C3, A3, 8C, D8, FC, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathAppendA + 41 77F7913D 71 Bytes [ D8, FC, 77, 0F, 84, 17, D7, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathCombineA + 45 77F79185 20 Bytes [ 68, D0, 81, F7, 77, 57, FF, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathCombineA + 5A 77F7919A 193 Bytes [ 68, BC, 81, F7, 77, 57, FF, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathCombineA + 11C 77F7925C 57 Bytes [ 74, 2E, 8B, 75, 10, 85, F6, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsRelativeA + 37 77F79298 6 Bytes [ 8B, FF, 55, 8B, EC, 81 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsRelativeA + 3E 77F7929F 130 Bytes [ 10, 02, 00, 00, A1, 80, D2, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsRelativeA + C1 77F79322 2 Bytes [ 00, 00 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsRelativeA + C4 77F79325 34 Bytes [ C0, 7C, 22, 53, 68, 74, 7E, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsRelativeA + E7 77F79348 1 Byte [ 00 ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHCreateStreamOnFileEx + 17 77F7A1BD 7 Bytes [ FF, D3, 8D, 85, F8, FE, FF ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHCreateStreamOnFileEx + 1F 77F7A1C5 5 Bytes [ 50, E8, 82, 73, FF ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHCreateStreamOnFileEx + 25 77F7A1CB 11 Bytes [ 85, C0, 89, 85, EC, FE, FF, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHCreateStreamOnFileEx + 31 77F7A1D7 1 Byte [ FC ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHCreateStreamOnFileEx + 33 77F7A1D9 19 Bytes [ 2B, F8, FF, 15, 6C, 14, F6, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!AssocQueryStringW + 7A 77F7A808 4 Bytes [ 75, 08, E8, 09 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!AssocQueryStringW + 7F 77F7A80D 39 Bytes [ 00, 00, 5D, C2, 10, 00, 90, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!AssocQueryStringW + A7 77F7A835 80 Bytes [ 75, 08, 89, 45, FC, 8B, 45, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegGetUSValueA + 34 77F7A886 21 Bytes [ 47, 83, 7D, E4, FF, 0F, 84, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegGetUSValueA + 5B 77F7A8AD 42 Bytes [ 06, 2D, 00, 46, 46, FF, 4D, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegGetUSValueA + 139 77F7A98B 11 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegGetUSValueA + 145 77F7A997 22 Bytes [ 8B, 4D, 08, C7, 00, 9C, 96, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegGetUSValueA + 15C 77F7A9AE 6 Bytes [ 89, 48, 0C, 5D, C2, 04 ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrChrA + 55 77F7AA27 16 Bytes [ 10, 8B, F8, 8B, 06, 56, FF, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrChrA + 66 77F7AA38 39 Bytes [ 33, F6, EB, C6, 90, 90, 90, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrChrA + 8E 77F7AA60 116 Bytes [ F8, 7F, 23, DE, BA, 05, 00, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrChrA + 103 77F7AAD5 10 Bytes [ 75, 08, 6A, 05, FF, 71, 14, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrChrA + 10E 77F7AAE0 7 Bytes [ 48, 01, 00, 00, E9, 79, 1C ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathStripPathW 77F7AAED 63 Bytes [ 90, 8B, FF, 55, 8B, EC, 81, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathStripPathW + 4C 77F7AB39 4 Bytes [ 02, 00, E9, 44 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathStripPathW + 51 77F7AB3E 25 Bytes [ FF, FF, 56, 51, 56, 53, 56, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathStripPathW + 6B 77F7AB58 30 Bytes [ 90, 90, 90, 90, 8B, FF, 55, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathStripPathW + 8C 77F7AB79 46 Bytes [ 5D, C2, 04, 00, 90, 90, 90, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsDirectoryW + 33 77F7AE8C 14 Bytes [ 52, 00, 55, 00, 00, 00, 90, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsDirectoryW + 42 77F7AE9B 11 Bytes [ EC, 51, 8D, 45, FC, 50, 8D, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsDirectoryW + 4E 77F7AEA7 111 Bytes [ 68, CC, 9E, F7, 77, 6A, 00, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsDirectoryW + BE 77F7AF17 45 Bytes [ 51, 89, 45, FC, 8B, 45, 08, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsDirectoryW + EC 77F7AF45 38 Bytes [ B5, EC, FD, FF, FF, 50, FF, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHOpenRegStream2A + 11 77F7B095 57 Bytes [ 10, 00, 00, 3B, F7, 76, 35, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHOpenRegStream2A + 4C 77F7B0D0 34 Bytes [ 00, 8B, 75, 10, 85, F6, 0F, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHOpenRegStream2A + 6F 77F7B0F3 215 Bytes [ 73, 08, FF, 15, 94, 13, F6, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHOpenRegStream2A + 147 77F7B1CB 173 Bytes [ FF, 3B, C6, 7C, 6A, 53, 8B, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHOpenRegStream2A + 1F6 77F7B27A 56 Bytes [ 74, 4F, F6, 45, 10, 01, 0F, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHGetViewStatePropertyBag + 16 77F7B684 25 Bytes [ 85, C0, 0F, 85, AE, DE, FE, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHGetViewStatePropertyBag + 30 77F7B69E 4 Bytes JMP 77F905F5 C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation)
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHGetViewStatePropertyBag + 35 77F7B6A3 24 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHGetViewStatePropertyBag + 61 77F7B6CF 15 Bytes [ 00, 00, 0F, B7, C0, 5E, C9, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHGetViewStatePropertyBag + 71 77F7B6DF 22 Bytes [ FF, 55, 8B, EC, 81, EC, 34, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrToInt64ExW + 7E 77F7BBAE 65 Bytes [ F7, 77, C3, AC, F7, 77, 33, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrToInt64ExW + C0 77F7BBF0 22 Bytes [ A1, 80, D2, FC, 77, 53, 56, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrToInt64ExW + D7 77F7BC07 9 Bytes [ 68, 04, 01, 00, 00, 8D, 85, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHOpenRegStreamA + 55 77F7BC71 10 Bytes [ FF, 55, 8B, EC, FF, 75, 10, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHOpenRegStreamA + 60 77F7BC7C 41 Bytes [ 75, 08, 68, A4, AC, F7, 77, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHOpenRegStreamA + 8A 77F7BCA6 102 Bytes [ 70, 00, 70, 00, 6C, 00, 69, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHOpenRegStreamA + 103 77F7BD1F 7 Bytes [ FF, FF, F7, DA, E9, 8C, 02 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHOpenRegStreamA + 10B 77F7BD27 3 Bytes [ FF, 41, 41 ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathFindNextComponentW + 1B 77F7BEF4 65 Bytes [ 55, 8B, EC, 56, 57, 6A, 01, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathRelativePathToW + 15 77F7BF36 18 Bytes [ C6, 5F, 5E, 5D, C2, 18, 00, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathRelativePathToW + 28 77F7BF49 36 Bytes [ 85, ED, E2, FE, FF, 66, 39, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathRelativePathToW + 4D 77F7BF6E 47 Bytes [ 3B, CA, 0F, 84, E2, E2, FE, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathRelativePathToW + 7D 77F7BF9E 35 Bytes [ 56, 00, 61, 00, 72, 00, 46, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathRelativePathToW + A1 77F7BFC2 1 Byte [ 61 ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathGetCharTypeW + 8C 77F7C272 14 Bytes [ 56, 8B, F1, 8B, 46, 08, 85, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathGetCharTypeW + 9B 77F7C281 24 Bytes [ 75, 08, 6A, 40, FF, 15, 84, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHLockShared + 14 77F7C29B 1 Byte [ 04 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHLockShared + 16 77F7C29D 6 Bytes [ 90, 90, 90, 90, 90, 8B ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHLockShared + 1D 77F7C2A4 24 Bytes [ 55, 8B, EC, 8B, 45, 14, 83, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHLockShared + 36 77F7C2BD 40 Bytes [ 89, 41, 14, 8B, 4D, 18, 85, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHLockShared + 5F 77F7C2E6 113 Bytes [ 10, 00, 00, 50, 8B, CB, E8, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHDeleteValueW + 17 77F7C358 26 Bytes [ 8B, 45, 14, 85, C0, 75, 08, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHDeleteValueW + 32 77F7C373 11 Bytes [ 76, 1C, FF, 15, 00, 10, F6, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHDeleteValueW + 3F 77F7C380 27 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHDeleteValueW + 5B 77F7C39C 38 Bytes [ 8B, 4E, 08, 52, 51, 8D, 46, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHDeleteValueW + 82 77F7C3C3 70 Bytes [ 15, 74, 14, F6, 77, 83, F8, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrFormatByteSizeW 77F7C4AB 6 Bytes [ 90, 90, 8B, FF, 55, 8B ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrFormatByteSizeW + 7 77F7C4B2 40 Bytes [ FF, 75, 10, FF, 75, 0C, 68, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrFormatByteSizeW + 31 77F7C4DC 3 Bytes [ 00, 00, 00 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrFormatByteSizeW + 35 77F7C4E0 1 Byte [ 00 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrFormatByteSizeW + 38 77F7C4E3 1 Byte [ 00 ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlCreateFromPathW + A 77F7D3BC 26 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlCreateFromPathW + 25 77F7D3D7 55 Bytes [ 77, 89, 45, FC, 8B, 45, 0C, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlCreateFromPathW + 5D 77F7D40F 14 Bytes [ 77, 6A, 01, 8B, CE, E8, 24, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlCreateFromPathW + 6C 77F7D41E 129 Bytes [ 75, 10, 8B, 46, 38, FF, 75, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegGetBoolUSValueA + 11 77F7D4A0 11 Bytes [ C6, 5E, C9, C2, 08, 00, 90, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegGetBoolUSValueA + 1D 77F7D4AC 33 Bytes [ FF, 55, 8B, EC, 81, EC, 9C, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegGetBoolUSValueA + 3F 77F7D4CE 65 Bytes [ 00, 8B, 55, 0C, 85, D2, 7F, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegGetBoolUSValueA + 81 77F7D510 74 Bytes [ FF, FF, 83, BD, 68, FF, FF, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHEnumValueW + B 77F7D55C 64 Bytes CALL D1CA086B
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHEnumValueW + 79 77F7D5CA 51 Bytes [ FF, FF, 50, 8B, 85, 68, FF, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHEnumValueW + AD 77F7D5FE 6 Bytes [ 4D, FC, 8B, 85, 64, FF ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHEnumValueW + BA 77F7D60B 256 Bytes [ C9, C2, 10, 00, 90, 03, 01, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHAutoComplete + CD 77F7D70C 127 Bytes [ 79, FE, FF, C9, C3, 90, 90, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHAutoComplete + 14D 77F7D78C 62 Bytes [ 33, ED, 8B, 44, 24, 14, 0B, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHAutoComplete + 18C 77F7D7CB 104 Bytes [ C8, 8B, C6, F7, 64, 24, 18, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHAutoComplete + 1FF 77F7D83E 37 Bytes [ 8D, 45, F0, 89, 45, 98, 89, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHAutoComplete + 229 77F7D868 1 Byte [ 00 ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathCreateFromUrlW + E5 77F7F05A 357 Bytes [ 43, 61, 63, 68, 65, 45, 6E, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathCreateFromUrlW + 24B 77F7F1C0 72 Bytes [ 49, 6E, 74, 65, 72, 6E, 65, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathCreateFromUrlW + 294 77F7F209 446 Bytes [ 79, 73, 74, 65, 6D, 54, 69, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathCreateFromUrlW + 453 77F7F3C8 41 Bytes [ 49, 6E, 69, 74, 69, 61, 6C, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathCreateFromUrlW + 47D 77F7F3F2 149 Bytes [ 90, 90, 49, 6E, 74, 65, 72, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlUnescapeW 77F7F4FC 323 Bytes [ 49, 6E, 74, 65, 72, 6E, 65, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlUnescapeW + 144 77F7F640 132 Bytes [ 49, 6E, 74, 65, 72, 6E, 65, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlCanonicalizeW + 84 77F7F6C5 203 Bytes [ 90, 90, 90, 49, 6E, 74, 65, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlCombineW + 48 77F7F791 449 Bytes [ 6E, 64, 52, 65, 71, 75, 65, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlCombineW + 20B 77F7F954 17 Bytes [ 46, 74, 70, 46, 69, 6E, 64, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlCombineW + 21D 77F7F966 15 Bytes [ 90, 90, 46, 74, 70, 44, 65, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlCombineW + 22D 77F7F976 88 Bytes [ 00, 90, 46, 74, 70, 44, 65, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlCombineW + 286 77F7F9CF 25 Bytes [ 90, 46, 69, 6E, 64, 4E, 65, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrFormatKBSizeW + 12 77F7FC93 41 Bytes [ 08, 50, FF, 51, 08, 39, 75, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrFormatKBSizeW + 3C 77F7FCBD 122 Bytes [ F1, 89, 46, 10, 8B, 45, 0C, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrFormatKBSizeW + B7 77F7FD38 59 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrFormatKBSizeW + F3 77F7FD74 30 Bytes [ 71, 14, FF, 75, 08, FF, 71, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrFormatKBSizeW + 113 77F7FD94 52 Bytes [ B5, ED, F7, 77, F9, EE, F7, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHSkipJunction + 38 77F801D8 37 Bytes [ FF, 8B, D8, 66, 8B, 03, 66, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHSkipJunction + 5E 77F801FE 13 Bytes [ 00, 83, F8, 02, 0F, 85, C0, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHSkipJunction + 6C 77F8020C 3 Bytes [ DE, 54, FF ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHSkipJunction + 72 77F80212 26 Bytes [ 74, 07, 81, 4F, 24, 00, 10, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHSkipJunction + 8D 77F8022D 7 Bytes [ 53, 8B, CE, E8, B9, 54, FF ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrCmpNA + 17 77F80A7C 20 Bytes [ E0, 53, 33, DB, 6A, 02, 43, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrCmpNA + 2C 77F80A91 157 Bytes CALL 7CE0508C C:\WINDOWS\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrCmpNA + CA 77F80B2F 30 Bytes JMP AA7D1A35
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrCmpNA + E9 77F80B4E 13 Bytes CALL 77F80954 C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation)
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrCmpNA + F7 77F80B5C 11 Bytes [ E0, 85, C0, 74, 05, 8B, 4D, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathMakePrettyW + 7 77F80C93 81 Bytes [ 7D, 10, 85, FF, 89, 45, FC, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathMakePrettyW + 59 77F80CE5 7 Bytes [ 75, 14, 57, E8, F9, 96, FE ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathMakePrettyW + 61 77F80CED 4 Bytes [ 83, C4, 10, 5E ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathMakePrettyW + 66 77F80CF2 29 Bytes [ 4D, FC, 8B, C7, 5F, E8, 24, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathMakePrettyW + 84 77F80D10 48 Bytes [ 00, 8B, 44, 24, 1C, 0B, C0, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathFindExtensionA + 7 77F80FB5 157 Bytes [ 0C, 50, 89, 3E, 66, 89, 46, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathSearchAndQualifyW + 61 77F81054 17 Bytes [ 3D, 01, 00, 00, 80, 0F, 84, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrPBrkW + 64 77F810BD 21 Bytes [ 15, 38, 14, F6, 77, A3, 74, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrPBrkW + 7A 77F810D3 192 Bytes [ 66, A1, 78, D9, FC, 77, E9, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrPBrkW + 158 77F811B1 56 Bytes [ 45, 08, 85, C0, 74, 17, 8B, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrPBrkW + 191 77F811EA 17 Bytes [ 6E, 00, 64, 00, 69, 00, 6E, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrPBrkW + 1A3 77F811FC 26 Bytes [ 49, 00, 44, 00, 00, 00, 33, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsSystemFolderA + 16 77F8143E 24 Bytes [ 50, 8D, 85, F4, EF, FF, FF, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsSystemFolderA + 2F 77F81457 4 Bytes [ 85, C0, 75, 57 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsSystemFolderA + 34 77F8145C 22 Bytes [ 85, F8, EF, FF, FF, 50, 8D, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsSystemFolderA + 4C 77F81474 15 Bytes CALL 77F8158C C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation)
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsSystemFolderA + 5C 77F81484 17 Bytes [ 50, 8D, 85, F4, EF, FF, FF, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrNCatA + 4 77F815D3 55 Bytes [ 3D, 88, 14, F6, 77, C7, 06, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrNCatA + 3C 77F8160B 60 Bytes [ 55, 8B, EC, 56, FF, 75, 08, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrNCatA + 7B 77F8164A 4 Bytes [ 10, 8B, 46, 2C ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrNCatA + 81 77F81650 17 Bytes [ 0C, 8B, 08, FF, 75, 08, 50, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrNCatA + 95 77F81664 58 Bytes [ B8, D4, D0, FC, 77, E9, 31, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlEscapeW + B 77F81A40 67 Bytes [ 85, C0, 0F, 84, 85, 00, 00, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlEscapeW + 4F 77F81A84 5 Bytes [ 15, B0, 11, F6, 77 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlEscapeW + 55 77F81A8A 16 Bytes [ C0, 74, 0A, 80, 7D, EE, 00, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlEscapeW + 70 77F81AA5 4 Bytes [ 4D, FC, 5F, 5E ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlEscapeW + 76 77F81AAB 1 Byte [ 35 ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlGetLocationA + 65 77F81F22 6 Bytes [ 89, BD, EC, FD, FF, FF ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlGetLocationA + 6C 77F81F29 2 Bytes [ 3B, F9 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlGetLocationA + 70 77F81F2D 31 Bytes [ 3B, C6, 89, 85, E0, FD, FF, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlGetLocationA + 90 77F81F4D 49 Bytes CALL 77F81F4F C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation)
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlGetLocationA + C2 77F81F7F 126 Bytes CALL 77F81EC8 C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation)
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlGetLocationW + 2 77F825A9 23 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlGetLocationW + 1A 77F825C1 3 Bytes [ 74, 31, FF ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlGetLocationW + 1E 77F825C5 69 Bytes [ 66, 8B, 00, 5E, C3, 90, 90, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlGetLocationW + 64 77F8260B 50 Bytes [ 33, C0, 40, C3, 33, C0, E9, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlGetLocationW + 97 77F8263E 10 Bytes [ 83, 7D, 1C, 00, 0F, 84, 48, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrCmpCA + 6E 77F82ECC 56 Bytes [ 75, 08, 89, 45, FC, 57, 8D, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrCmpCA + A7 77F82F05 16 Bytes CALL 77F82D47 C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation)
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrCmpCA + B8 77F82F16 53 Bytes [ F8, 09, 0F, 94, C1, 51, 57, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrCmpCA + EE 77F82F4C 17 Bytes [ FF, 8B, F0, 85, F6, 0F, 85, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrCmpCA + 100 77F82F5E 9 Bytes [ 90, 90, 3A, 00, 2F, 00, 2F, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathCreateFromUrlA + 26 77F82F9B 22 Bytes [ 55, 8B, EC, 56, 8B, 75, 08, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathCreateFromUrlA + 3D 77F82FB2 4 Bytes [ 5E, 5D, C2, 04 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathCreateFromUrlA + 42 77F82FB7 159 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathCreateFromUrlA + E2 77F83057 4 Bytes [ EB, 65, 90, 90 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathCreateFromUrlA + E9 77F8305E 34 Bytes [ 8B, FF, 55, 8B, EC, 51, 51, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsContentTypeW + B 77F830AC 61 Bytes [ 66, 83, 3E, 08, 0F, 84, E0, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsContentTypeW + 49 77F830EA 44 Bytes CALL 77F82F97 C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation)
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsContentTypeW + 76 77F83117 93 Bytes [ FF, FF, 8B, 46, 1C, 85, C0, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsContentTypeW + D4 77F83175 55 Bytes CALL 77F8041C C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation)
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsContentTypeW + 14C 77F831ED 5 Bytes [ 57, E8, 7C, 4C, FE ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlIsOpaqueW + 19 77F8322B 63 Bytes [ 6A, 02, 59, 2B, C1, 0F, 84, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlIsOpaqueW + 59 77F8326B 34 Bytes [ FF, B5, 1C, FD, FF, FF, E8, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrCatBuffA + 1C 77F832A8 11 Bytes JMP 77F80863 C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation)
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrCatBuffA + 28 77F832B4 50 Bytes [ 55, 8B, EC, 81, EC, 98, 01, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrCatBuffA + 88 77F83314 4 Bytes [ 8C, ED, 23, 01 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrCatBuffA + 8D 77F83319 44 Bytes [ 68, 60, 1F, F8, 77, FF, 75, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrCatBuffA + BB 77F83347 4 Bytes CALL 77F82FBB C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation)
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsUNCServerA + 6 77F835FF 24 Bytes [ FF, 55, 8B, EC, 8D, 45, 14, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsUNCServerA + 20 77F83619 36 Bytes [ 90, 90, 90, 8B, FF, 55, 8B, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsUNCServerA + 45 77F8363E 43 Bytes [ 75, 08, 50, FF, 75, 0C, E8, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsUNCServerA + 71 77F8366A 71 Bytes [ EC, 0F, B7, 4D, 08, 8B, C1, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsUNCServerA + BB 77F836B4 71 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!HashData + 82 77F838C4 310 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlCompareW + 2E 77F839FB 10 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlCompareW + 39 77F83A06 60 Bytes [ 75, 0C, 68, 4D, 2A, F8, 77, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlCompareW + 76 77F83A43 135 Bytes [ 25, 10, 15, F6, 77, 90, 90, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlCompareW + FE 77F83ACB 50 Bytes [ FF, 90, 90, 90, 90, 90, 8B, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlCompareW + 131 77F83AFE 17 Bytes [ 41, 41, 66, 8B, 01, 66, 85, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHGetInverseCMAP + 2 77F84276 14 Bytes [ 51, 08, 8B, C6, 5E, 5D, C2, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHGetInverseCMAP + 11 77F84285 168 Bytes [ EB, F1, 90, 90, 90, 90, 90, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHGetInverseCMAP + BC 77F84330 15 Bytes [ 90, 8B, FF, 55, 8B, EC, 51, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHGetInverseCMAP + CC 77F84340 239 Bytes [ 84, C7, CE, 00, 00, FF, 75, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHGetInverseCMAP + 1BC 77F84430 35 Bytes [ 15, 38, 14, F6, 77, 33, C9, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrStrIA + 5B2 77F8CA80 541 Bytes [ 94, 94, 94, 94, 94, 94, B7, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!GetAcceptLanguagesW + 1AC 77F8CC9E 1 Byte [ 6A ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!GetAcceptLanguagesW + 1AE 77F8CCA0 408 Bytes [ 8F, 8F, 8F, 8F, 8F, 8F, AB, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrNCatW + E4 77F8CE39 565 Bytes [ 53, 75, 75, 75, 16, 16, 16, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathUndecorateW + 15A 77F8D06F 62 Bytes [ FD, F9, F9, F9, 41, 41, 41, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathUndecorateW + 199 77F8D0AE 71 Bytes [ CC, CC, 26, 26, 26, 47, 47, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathUndecorateW + 1E1 77F8D0F6 752 Bytes [ 47, 47, 47, 47, 6A, 6A, 6A, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathUndecorateW + 4D2 77F8D3E7 399 Bytes [ C3, C3, C3, C3, 1B, F4, F4, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathUndecorateW + 662 77F8D577 20 Bytes [ EC, 81, EC, 38, 02, 00, 00, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!ColorAdjustLuma + 5B 77FA12DF 87 Bytes [ 90, 43, 65, 72, 74, 43, 6C, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!ColorAdjustLuma + B4 77FA1338 43 Bytes [ 40, 01, 00, 00, B1, 83, FC, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!ColorAdjustLuma + E0 77FA1364 25 Bytes [ E0, 83, FC, 77, 49, 01, 00, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!ColorAdjustLuma + FA 77FA137E 9 Bytes [ FC, 77, 50, 01, 00, 00, B1, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!ColorAdjustLuma + 104 77FA1388 52 Bytes [ 51, 01, 00, 00, E0, 83, FC, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHCopyKeyA + 10 77FA1604 151 Bytes [ 7C, 7E, FC, 77, CC, 08, FA, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHCopyKeyA + A8 77FA169C 445 Bytes [ 7C, 7E, FC, 77, 44, 07, FA, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHCopyKeyW 77FA185A 22 Bytes [ 90, 90, 43, 41, 45, 6E, 75, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHCopyKeyW + 17 77FA1871 144 Bytes [ 6D, 43, 65, 72, 74, 54, 79, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHDeleteEmptyKeyW + 1D 77FA1902 17 Bytes [ 00, 00, 7C, 7E, FC, 77, DB, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHDeleteEmptyKeyW + 2F 77FA1914 7 Bytes [ 74, 7E, FC, 77, 38, 09, FA ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHDeleteEmptyKeyW + 37 77FA191C 282 Bytes [ D4, 79, FC, 77, 28, 09, FA, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHQueryInfoKeyA + 9D 77FA1A37 92 Bytes [ 77, 34, 0B, FA, 77, E0, 83, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHQueryInfoKeyA + FA 77FA1A94 89 Bytes [ 53, 64, 62, 52, 65, 61, 64, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegDeleteUSValueA + 57 77FA1AEE 15 Bytes [ 69, 6F, 6E, 00, 90, 90, 53, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegDeleteUSValueA + 67 77FA1AFE 90 Bytes [ 61, 62, 61, 73, 65, 00, 53, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegDeleteUSValueW + 19 77FA1B59 45 Bytes [ 65, 63, 6B, 53, 68, 65, 6C, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegDeleteUSValueW + 47 77FA1B87 79 Bytes [ 77, 52, 75, 6E, 53, 65, 74, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegDeleteEmptyUSKeyA + 34 77FA1BD7 95 Bytes [ 77, E0, 10, FA, 77, E0, 83, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegDeleteEmptyUSKeyA + 94 77FA1C37 304 Bytes [ 77, F8, 0F, FA, 77, F8, 72, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegEnumUSValueA + 31 77FA1D68 66 Bytes [ 50, 6F, 6C, 69, 63, 79, 49, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegEnumUSValueA + 74 77FA1DAB 170 Bytes [ 90, 53, 61, 66, 65, 72, 47, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegEnumUSValueW + 7F 77FA1E56 122 Bytes [ 65, 45, 78, 57, 00, 90, 52, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegQueryInfoUSKeyA + 5A 77FA1ED1 42 Bytes [ 65, 72, 79, 49, 6E, 66, 6F, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegQueryInfoUSKeyA + 85 77FA1EFC 13 Bytes [ 52, 65, 67, 4F, 70, 65, 6E, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegSetPathW + A 77FA1F0A 79 Bytes [ 90, 90, 52, 65, 67, 4F, 70, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegSetPathW + 5A 77FA1F5A 48 Bytes [ 90, 90, 52, 65, 67, 44, 65, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegSetPathW + 8C 77FA1F8C 46 Bytes [ 52, 65, 67, 43, 72, 65, 61, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegSetPathA + 2D 77FA1FBB 48 Bytes [ 90, 4F, 70, 65, 6E, 54, 68, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegSetPathA + 5E 77FA1FEC 165 Bytes [ 65, 67, 65, 56, 61, 6C, 75, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegWriteUSValueA + 25 77FA2092 239 Bytes [ 72, 63, 65, 00, 90, 90, 43, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegWriteUSValueA + 115 77FA2182 48 Bytes [ 00, 00, 6D, 85, FC, 77, 0D, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegWriteUSValueA + 146 77FA21B3 27 Bytes [ 00, C0, 00, 00, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegWriteUSValueA + 164 77FA21D1 22 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegWriteUSValueA + 17C 77FA21E9 1 Byte [ 00 ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegGetPathA + 13 77FA22E7 72 Bytes [ 99, F7, F9, 50, EB, 25, 8B, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegGetPathW + 2F 77FA2330 13 Bytes [ 75, 08, FF, 35, 60, D4, FC, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegGetPathW + 3D 77FA233E 37 Bytes [ 5D, C2, 0C, 00, 90, 90, 90, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegGetPathW + 63 77FA2364 12 Bytes [ 07, 80, EB, 30, 56, 57, FF, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegGetPathW + 70 77FA2371 24 Bytes [ 75, 10, 8D, 70, FF, 56, 57, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegGetPathW + 89 77FA238A 98 Bytes [ 07, EB, 09, BB, 7A, 00, 07, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegSetUSValueA + 37 77FA2756 102 Bytes [ FF, 6A, 40, FF, 15, 84, 14, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegSetUSValueA + 9E 77FA27BD 17 Bytes [ FF, 15, 40, 10, F6, 77, 8B, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegSetUSValueA + B0 77FA27CF 5 Bytes [ 8D, 85, F8, FE, FF ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegSetUSValueA + B6 77FA27D5 4 Bytes [ FF, B5, E8, FD ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegSetUSValueA + BB 77FA27DA 177 Bytes [ FF, FF, B5, CC, FD, FF, FF, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrRChrIA + B 77FA44DA 8 Bytes [ 8D, 85, F0, FA, FF, FF, 50, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrRChrIA + 14 77FA44E3 37 Bytes [ F8, FA, FF, FF, 50, FF, 15, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrRChrIA + 3A 77FA4509 61 Bytes [ 41, 18, 33, D2, F7, 71, 1C, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrPBrkA + 13 77FA4547 57 Bytes [ E2, FA, FF, FF, 50, 0F, B7, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrPBrkA + 4D 77FA4581 54 Bytes [ 11, F6, 77, 50, 8D, 85, F8, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrToInt64ExA + 34 77FA45B8 6 Bytes [ FA, FF, FF, 50, 0F, B7 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrToInt64ExA + 3B 77FA45BF 11 Bytes [ E6, FA, FF, FF, 50, 0F, B7, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrToInt64ExA + 47 77FA45CB 57 Bytes [ 50, 0F, B7, 85, E0, FA, FF, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrToIntExA + 2 77FA4605 9 Bytes [ 50, FF, B5, F4, FA, FF, FF, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrToIntExA + C 77FA460F 324 Bytes [ B5, F4, FA, FF, FF, FF, 15, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrCSpnIA + 16 77FA4754 47 Bytes [ 6C, 75, 2C, 25, 6C, 75, 09, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrCSpnIA + 46 77FA4784 62 Bytes [ 5C, 73, 68, 70, 65, 72, 66, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrRStrIA + 4C 77FA47D4 27 Bytes [ 81, A5, F4, FE, FF, FF, FF, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrRStrIA + 68 77FA47F0 22 Bytes [ FF, A1, AC, D3, FC, 77, 39, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrRStrIA + 7F 77FA4807 96 Bytes [ CB, 23, 08, 66, F7, C1, 49, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrStrNW + 4C 77FA4868 11 Bytes [ FF, FF, 89, 06, 8B, 45, 1C, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrStrNW + 58 77FA4874 7 Bytes [ 15, A4, 11, F6, 77, 84, DB ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrStrNW + 60 77FA487C 29 Bytes [ BD, F0, FE, FF, FF, 89, 46, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!IntlStrEqWorkerA + D 77FA489A 70 Bytes [ 51, FF, B5, F0, FE, FF, FF, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!IntlStrEqWorkerA + 54 77FA48E1 5 Bytes [ 57, FF, B5, F8, FE ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!IntlStrEqWorkerA + 5A 77FA48E7 4 Bytes [ FF, FF, 70, 60 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!IntlStrEqWorkerA + 5F 77FA48EC 40 Bytes [ D1, A1, AC, D3, FC, 77, 83, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!IntlStrEqWorkerA + 88 77FA4915 108 Bytes [ 15, 57, FF, B5, F8, FE, FF, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrTrimA + 2 77FA4982 40 Bytes [ 08, 00, 00, 00, A1, AC, D3, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrTrimA + 2B 77FA49AB 61 Bytes [ 4D, FC, 8B, 85, EC, FE, FF, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrTrimA + 69 77FA49E9 40 Bytes [ 75, 10, FF, 75, 0C, FF, 75, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrTrimA + 92 77FA4A12 83 Bytes [ 56, 56, 68, 00, 01, 00, 00, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrRetToBSTR + 2D 77FA4A66 15 Bytes [ FF, 55, 8B, EC, 5D, E9, 25, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrRetToBSTR + 3D 77FA4A76 57 Bytes [ FF, 55, 8B, EC, 81, EC, 04, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrRetToBSTR + 77 77FA4AB0 6 Bytes [ 75, 1C, 8D, 85, FC, FE ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrRetToBSTR + 7E 77FA4AB7 4 Bytes [ FF, FF, 75, 18 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrRetToBSTR + 83 77FA4ABC 9 Bytes [ 75, 14, FF, 75, 10, 50, FF, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrRetToBufA + 15 77FA4B06 1 Byte [ 48 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrRetToBufA + 17 77FA4B08 56 Bytes [ 47, 48, 0F, 85, 60, 01, 00, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrRetToBufA + 50 77FA4B41 111 Bytes [ 15, F4, 17, F6, 77, A3, D0, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHStrDupA + 41 77FA4BB1 28 Bytes [ 83, C4, 10, 33, DB, 53, FF, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrCatChainW + 2 77FA4BCE 105 Bytes [ FF, A1, AC, D3, FC, 77, 8B, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrChrNIW + 1D 77FA4C38 73 Bytes [ 15, 68, 14, F6, 77, 85, C0, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrRChrIW + 23 77FA4C82 120 Bytes [ 00, 90, 53, 68, 65, 6C, 6C, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrStrNIW + E 77FA4CFB 39 Bytes [ 06, 83, 7D, 14, 08, 75, 32, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrStrNIW + 36 77FA4D23 62 Bytes [ 53, 53, 6A, 03, 6A, 01, 8D, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrStrNIW + 75 77FA4D62 69 Bytes [ 41, 20, EB, 0D, 33, D2, F7, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrStrNIW + BB 77FA4DA8 6 Bytes [ 53, 61, 6D, 65, 25, 73 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrStrNIW + C2 77FA4DAF 42 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrFormatByteSize64A + 4 77FA4F73 69 Bytes [ 80, A4, 00, 00, 00, 89, 58, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrFormatByteSizeA + 4 77FA4FB9 9 Bytes [ 4D, FC, 5F, 5E, 5B, E8, 5D, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrFormatByteSizeA + E 77FA4FC3 42 Bytes [ C9, C2, 04, 00, 90, 25, 73, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrFormatByteSizeA + 39 77FA4FEE 29 Bytes [ 45, 08, 8B, 0D, AC, D3, FC, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrFormatByteSizeA + 57 77FA500C 50 Bytes [ 00, A1, 80, D2, FC, 77, 53, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrRetToStrA + 2F 77FA5040 8 Bytes [ 75, 07, 6A, 01, E8, 88, EE, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrRetToStrA + 38 77FA5049 80 Bytes [ 56, FF, 75, 28, 68, 02, 04, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrRetToStrA + 89 77FA509A 16 Bytes [ 00, 00, 6A, 27, 8D, 45, C0, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrRetToStrA + 9A 77FA50AB 11 Bytes [ 18, F6, 77, A1, AC, D3, FC, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrRetToStrA + A6 77FA50B7 47 Bytes [ C0, 74, 12, 6A, 13, 57, FF, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrFromTimeIntervalA + 46 77FA5296 88 Bytes [ EB, FF, FF, 8B, F8, E8, D1, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrFromTimeIntervalW + 34 77FA52EF 174 Bytes [ 12, 56, 57, 6A, 42, 6A, 01, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrFromTimeIntervalW + E5 77FA53A0 38 Bytes [ 8D, 85, 24, FF, FF, FF, 50, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrFromTimeIntervalW + 119 77FA53D4 1 Byte [ 6A ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrFromTimeIntervalW + 11B 77FA53D6 32 Bytes [ 6A, 03, 6A, 03, 8D, 85, 4C, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!StrFromTimeIntervalW + 13C 77FA53F7 2 Bytes [ 90, 41 ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!IsCharSpaceA + 4B 77FA60C8 3 Bytes [ 85, 7C, FF ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!IsCharSpaceA + 4F 77FA60CC 6 Bytes [ FF, 56, 50, E8, 8C, FC ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!IsCharSpaceA + 56 77FA60D3 5 Bytes [ FF, 8D, 85, 7C, FF ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!IsCharSpaceA + 5C 77FA60D9 62 Bytes [ FF, 50, FF, 75, 0C, 57, E8, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!IsCharSpaceA + 9B 77FA6118 15 Bytes [ FF, 6A, 01, 8D, 45, 14, 50, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathRemoveArgsA + 2 77FA7018 19 Bytes [ FF, FF, FF, FF, FF, FF, FF, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathRemoveArgsA + 16 77FA702C 5 Bytes [ 00, 00, 00, C0, 00 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathRemoveArgsA + 1C 77FA7032 18 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathRemoveArgsA + 30 77FA7046 3 Bytes [ 00, 00, 00 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathRemoveArgsA + 34 77FA704A 136 Bytes [ 00, 00, 01, 00, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathFindSuffixArrayA + 19 77FA70D4 98 Bytes [ 0C, 8D, 45, FC, FF, 75, 08, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathFindSuffixArrayA + 7C 77FA7137 70 Bytes [ 8B, DE, 57, FF, 15, 88, 14, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathRemoveExtensionA + 21 77FA717F 3 Bytes [ 8B, FF, 55 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathRemoveExtensionA + 25 77FA7183 4 Bytes [ EC, 51, 51, 53 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathRemoveExtensionA + 2A 77FA7188 321 Bytes [ 5D, 14, 56, 57, 8B, 7D, 18, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsPrefixA + 1E 77FA72CA 82 Bytes [ 15, 78, 14, F6, 77, 3B, C6, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathRemoveFileSpecA + 11 77FA731D 114 Bytes [ 56, 68, 88, D3, FC, 77, FF, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsFileSpecA + 6 77FA7390 117 Bytes [ 00, 89, 45, E4, 53, FF, 15, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathGetDriveNumberA + 2 77FA7406 5 Bytes [ 75, D0, FF, D6, FF ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathGetDriveNumberA + 8 77FA740C 113 Bytes [ D4, FF, D6, FF, 75, B4, 89, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathSearchAndQualifyA + 2 77FA747E 31 Bytes [ 75, B4, FF, 75, B0, FF, 74, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathSearchAndQualifyA + 23 77FA749F 38 Bytes CALL 4EA2AAA3
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathSearchAndQualifyA + 4A 77FA74C6 7 Bytes [ F8, 89, 44, 0D, D8, FF, D6 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathSearchAndQualifyA + 53 77FA74CF 1 Byte [ F4 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathSearchAndQualifyA + 55 77FA74D1 168 Bytes [ D6, 83, 45, FC, 04, 83, 7D, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsDirectoryA + 2 77FA757A 34 Bytes [ FF, 66, 8C, 85, BC, FD, FF, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsDirectoryA + 25 77FA759D 12 Bytes [ 01, 00, 01, 00, 8B, 45, 04, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsDirectoryA + 32 77FA75AA 19 Bytes [ 8D, 45, 04, 89, 85, EC, FD, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsDirectoryA + 46 77FA75BE 19 Bytes [ FF, 6A, 14, 59, 33, C0, 8D, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsDirectoryA + 5A 77FA75D2 41 Bytes [ 09, 04, 00, C0, 8B, 45, 04, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathUnquoteSpacesA + 1D 77FA76AB 22 Bytes [ 57, 8B, F0, FF, 15, 00, 10, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathUnquoteSpacesA + 34 77FA76C2 4 Bytes [ 81, E6, FF, FF ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathUnquoteSpacesA + 39 77FA76C7 11 Bytes [ 00, 81, CE, 00, 00, 07, 80, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathQuoteSpacesA + 39 77FA7705 33 Bytes [ 75, 0C, FF, 75, 08, E8, B4, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathFindNextComponentA + 7 77FA7727 24 Bytes [ D8, 85, DB, 74, 2A, 8D, 45, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathFindNextComponentA + 20 77FA7740 3 Bytes [ 8B, F0, 85 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathFindNextComponentA + 24 77FA7744 16 Bytes [ 75, 07, 8B, 45, 14, 89, 18, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathFindNextComponentA + 35 77FA7755 20 Bytes [ 03, 6A, 0E, 5E, 85, F6, 7E, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathFindNextComponentA + 4A 77FA776A 70 Bytes [ C6, 5E, 5B, C9, C2, 10, 00, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathMatchSpecA + 2 77FA789A 95 Bytes [ 75, 0C, FF, 75, 08, 57, FF, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathSkipRootA + 12 77FA78FA 77 Bytes CALL 77F82C98 C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation)
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathSkipRootA + 60 77FA7948 19 Bytes [ 00, 53, 6A, 40, 89, 5D, F4, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsSameRootA + F 77FA795C 10 Bytes [ 39, 7D, FC, 74, 1B, 8B, 75, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsSameRootA + 1A 77FA7967 53 Bytes [ 8B, F8, 8B, C1, C1, E9, 02, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsURLA + 8 77FA799D 50 Bytes [ 3B, 08, 75, 13, 6A, 00, 53, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsContentTypeA + 4 77FA79D0 16 Bytes [ FB, 8B, 5D, F4, 89, 45, FC, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsContentTypeA + 15 77FA79E1 13 Bytes [ 20, 85, FF, 74, 51, 8D, 45, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsContentTypeA + 23 77FA79EF 3 Bytes [ 8E, FE, FF ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsContentTypeA + 27 77FA79F3 41 Bytes [ 39, 5D, 18, 89, 45, 20, 76, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsContentTypeA + 52 77FA7A1E 15 Bytes [ 75, 08, 39, 4D, 14, 75, 03, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathGetCharTypeA + C 77FA7A58 158 Bytes [ F3, 74, 6B, 8B, 45, 0C, 8B, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathGetCharTypeA + AC 77FA7AF8 160 Bytes [ 14, 53, 8B, 5D, 18, 56, 8B, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathGetCharTypeA + 14D 77FA7B99 17 Bytes [ 85, B4, FE, FF, FF, 0F, 84, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathGetCharTypeA + 15F 77FA7BAB 40 Bytes [ FF, 8D, 85, BC, FE, FF, FF, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathGetCharTypeA + 189 77FA7BD5 1 Byte [ B0 ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathUnmakeSystemFolderA + 1C 77FA7C57 184 Bytes [ B5, B4, FE, FF, FF, E8, 2C, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathUndecorateA + 18 77FA7D10 78 Bytes CALL 77FA7775 C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation)
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathUndecorateA + 67 77FA7D5F 34 Bytes [ 15, 88, 14, F6, 77, 33, C0, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathUndecorateA + 8A 77FA7D82 252 Bytes [ 65, 49, 6E, 66, 6F, 5C, 30, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathUndecorateA + 187 77FA7E7F 6 Bytes [ 07, 80, 74, 41, 3B, FB ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathUndecorateA + 18E 77FA7E86 52 Bytes [ 0C, 3B, D3, 75, 05, 39, 5D, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathMakePrettyA + 1 77FA805E 78 Bytes [ 35, D8, 11, F6, 77, 57, 6A, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathMakePrettyA + 50 77FA80AD 7 Bytes [ 5D, C2, 08, 00, 33, C0, 40 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathMakePrettyA + 63 77FA80C0 1 Byte [ 83 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathMakePrettyA + 65 77FA80C2 51 Bytes [ 0C, 53, 56, 33, F6, 39, 75, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathMakePrettyA + 99 77FA80F6 60 Bytes [ D7, 8B, 75, F8, 3B, F0, 7C, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathRemoveBlanksA + 33 77FA822B 25 Bytes [ D8, 8B, CB, 2B, 4D, 0C, 8B, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathRemoveBlanksA + 4D 77FA8245 84 Bytes [ 85, C0, 74, 16, 80, 3F, 00, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathRemoveBackslashA + 45 77FA829A 14 Bytes [ 10, 00, 5F, EB, 02, 33, C0, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathRemoveBackslashA + 57 77FA82AC 9 Bytes [ 8B, FF, 55, 8B, EC, 33, C0, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathStripToRootA + 9 77FA82B6 9 Bytes [ 74, 27, 39, 45, 0C, 74, 22, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathStripToRootA + 13 77FA82C0 5 Bytes [ 75, 08, FF, 75, 0C ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathStripToRootA + 19 77FA82C6 2 Bytes [ DD, FE ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathStripToRootA + 1D 77FA82CA 45 Bytes [ FF, 75, 08, 8B, F0, FF, 15, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsNetworkPathA + 19 77FA82F8 3 Bytes [ 04, 90, FC ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsNetworkPathA + 1D 77FA82FC 33 Bytes [ 85, C0, 75, 03, 8B, 45, 08, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathStripPathA + 7 77FA831E 76 Bytes [ C7, 8B, F7, 74, 29, 8A, 08, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsDirectoryEmptyA + 27 77FA836B 32 Bytes [ 38, 46, 01, 74, 0F, 88, 46, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsDirectoryEmptyA + 48 77FA838C 27 Bytes [ 55, 8B, EC, 8B, 45, 08, 85, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsDirectoryEmptyA + 64 77FA83A8 91 Bytes [ 15, EC, 17, F6, 77, 8A, 08, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsDirectoryEmptyA + C0 77FA8404 82 Bytes [ 8B, FF, 55, 8B, EC, 56, 8B, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathCompactPathA + 4A 77FA8457 2 Bytes [ 55, 8B ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathCompactPathA + 4D 77FA845A 34 Bytes [ 8B, 45, 08, EB, 0F, 80, 38, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathCompactPathA + 70 77FA847D 25 Bytes [ FF, 55, 8B, EC, 56, 33, F6, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathCompactPathA + 8A 77FA8497 24 Bytes [ 74, 4D, 68, F0, 74, FA, 77, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathCompactPathA + A3 77FA84B0 29 Bytes [ 6A, 00, FF, 75, 08, 6A, 00, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathSetDlgItemPathA + 5D 77FA8722 13 Bytes [ 55, 8B, EC, 56, 8B, 75, 08, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathSetDlgItemPathA + 6B 77FA8730 2 Bytes [ 74, 28 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathSetDlgItemPathA + 6E 77FA8733 1 Byte [ 5C ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathSetDlgItemPathA + D2 77FA8797 91 Bytes [ 00, 00, 3C, 3F, 74, 4E, 0F, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathParseIconLocationA + 57 77FA87F3 295 Bytes [ 00, 75, 91, 80, 3F, 00, 75, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathMakeSystemFolderA + 109 77FA891B 91 Bytes [ F0, 85, F6, 74, 21, 46, EB, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathMakeSystemFolderA + 165 77FA8977 145 Bytes [ 0C, 2B, F7, 40, 3B, F0, 7F, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathMakeSystemFolderA + 1F7 77FA8A09 15 Bytes [ 51, 56, 50, 6A, 0E, 56, C7, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathMakeSystemFolderA + 214 77FA8A26 66 Bytes [ FE, FF, FF, 50, FF, 15, 68, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathMakeSystemFolderA + 257 77FA8A69 129 Bytes [ 3B, 48, 48, 74, 0E, 83, E8, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathRelativePathToA + 27 77FA8FB1 16 Bytes [ 15, 6C, 14, F6, 77, 8B, D8, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathRelativePathToA + 38 77FA8FC2 32 Bytes [ 8D, 85, F8, FE, FF, FF, 50, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathRelativePathToA + 59 77FA8FE3 30 Bytes [ 15, EC, 11, F6, 77, EB, 02, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathRelativePathToA + 78 77FA9002 12 Bytes [ 55, 8B, EC, 6A, 00, 6A, 00, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathRelativePathToA + 85 77FA900F 2 Bytes [ FF, FF ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathCompactPathExA + 43 77FA913C 63 Bytes [ FF, 50, 8D, 85, D0, FE, FF, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathCompactPathExA + 83 77FA917C 24 Bytes [ 03, 33, FF, 47, FF, B5, F8, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathCompactPathExA + 9C 77FA9195 3 Bytes [ 87, BE, FB ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathCompactPathExA + A0 77FA9199 17 Bytes [ C9, C2, 08, 00, 90, 90, 90, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathCompactPathExA + B2 77FA91AB 50 Bytes [ 56, 57, 74, 3C, 83, 7D, 0C, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathUnExpandEnvStringsA + 2 77FA9479 5 Bytes [ FF, FF, D7, 8B, 45 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathUnExpandEnvStringsA + 8 77FA947F 49 Bytes [ 39, 85, E0, FE, FF, FF, 0F, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathUnExpandEnvStringsA + 3A 77FA94B1 167 Bytes [ B5, F0, FE, FF, FF, 8D, 85, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathUnExpandEnvStringsA + E2 77FA9559 2 Bytes [ FF, 56 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathUnExpandEnvStringsA + E5 77FA955C 4 Bytes [ B5, F0, FE, FF ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!AssocQueryStringA + 29 77FAFE46 17 Bytes [ B5, 80, F3, FF, FF, FF, 75, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!AssocQueryStringA + 3B 77FAFE58 5 Bytes [ B5, 78, F3, FF, FF ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!AssocQueryStringA + 41 77FAFE5E 8 Bytes [ B5, C4, F9, FF, FF, FF, B5, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!AssocQueryStringA + 4B 77FAFE68 17 Bytes [ FF, FF, 15, 54, 13, F6, 77, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!AssocQueryStringA + 5D 77FAFE7A 36 Bytes [ 73, 04, 8B, F3, 8D, BD, 30, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!AssocQueryStringByKeyA + B 77FAFF63 70 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!AssocQueryStringByKeyA + 52 77FAFFAA 4 Bytes [ B5, EC, FD, FF ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!AssocQueryStringByKeyA + 57 77FAFFAF 8 Bytes [ 56, FF, 15, E0, D1, FC, 77, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!AssocQueryStringByKeyA + 60 77FAFFB8 2 Bytes CALL 03FAFFBA
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!AssocQueryStringByKeyA + 64 77FAFFBC 5 Bytes [ 8B, F0, E8, D2, A4 ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!AssocQueryKeyA + 2 77FB006F 30 Bytes [ 75, 14, 56, 57, FF, 75, 08, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!AssocQueryKeyA + 21 77FB008E 18 Bytes [ 8B, 45, F8, 68, EC, 03, 00, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!AssocQueryKeyA + 3F 77FB00AC 11 Bytes [ 74, 16, 85, F6, 74, 12, 8D, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!AssocQueryKeyA + 4B 77FB00B8 21 Bytes CALL 77FAA700 C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation)
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!AssocQueryKeyA + 61 77FB00CE 23 Bytes [ FF, 8B, 4D, FC, 8B, C7, 5F, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathFindSuffixArrayW + 2F 77FB100C 23 Bytes [ FF, FF, 75, 0C, FF, 75, 08, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathFindSuffixArrayW + 70 77FB104D 2 Bytes [ FF, E8 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathFindSuffixArrayW + 73 77FB1050 29 Bytes [ C5, FB, FF, 8B, 85, DC, FE, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathQuoteSpacesW + 7 77FB106E 52 Bytes [ FF, 55, 8B, EC, 81, EC, 20, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathSkipRootW + 13 77FB10D5 94 Bytes [ FF, FF, 75, 0C, FF, 75, 08, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsSameRootW + 15 77FB1134 47 Bytes [ BF, 04, 01, 00, 00, 57, 8D, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsSameRootW + 45 77FB1164 184 Bytes [ 00, 8B, 86, 84, 00, 00, 00, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathUnmakeSystemFolderW + 11 77FB1237 25 Bytes [ 90, 25, 00, 25, 00, 25, 00, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathUnmakeSystemFolderW + 2B 77FB1251 3 Bytes [ 55, 8B, EC ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathUnmakeSystemFolderW + 30 77FB1256 73 Bytes [ 39, 05, 68, DA, FC, 77, 56, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsLFNFileSpecW + 6 77FB12A0 1 Byte [ 45 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsLFNFileSpecW + 8 77FB12A2 9 Bytes [ 57, 8B, 7D, 0C, 8D, 8D, 70, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsLFNFileSpecW + 12 77FB12AC 92 Bytes [ 89, 85, 6C, FF, FF, FF, 89, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsLFNFileSpecW + F6 77FB1390 7 Bytes [ 75, 11, 6A, FF, FF, B5, 68 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsLFNFileSpecW + 108 77FB13A2 35 Bytes [ F8, 8D, 8D, 70, FF, FF, FF, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathRenameExtensionW + 2E 77FB1440 192 Bytes [ 8D, 70, FF, FF, FF, E8, 08, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsDirectoryEmptyW + 97 77FB1501 21 Bytes [ D3, 8D, 44, 00, 02, 50, FF, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsDirectoryEmptyW + AD 77FB1517 5 Bytes [ FF, E8, 42, 92, FB ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathIsDirectoryEmptyW + B3 77FB151D 44 Bytes [ 6A, 00, 8D, 85, F0, FD, FF, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathCompactPathW + 15 77FB154A 116 Bytes [ F4, FD, FF, FF, 50, FF, B5, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathCompactPathW + 8C 77FB15C1 22 Bytes [ 89, 85, E0, FD, FF, FF, FF, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathCompactPathW + A3 77FB15D8 16 Bytes [ FF, 83, 85, E4, FD, FF, FF, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathCompactPathW + B4 77FB15E9 10 Bytes [ 5E, 5B, 8B, 4D, FC, 8B, 85, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathCompactPathW + D0 77FB1605 46 Bytes [ 55, 8B, EC, 8B, 45, 08, 53, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathSetDlgItemPathW + 14 77FB17FD 12 Bytes [ FB, 77, 89, 85, E4, FD, FF, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathSetDlgItemPathW + 21 77FB180A 9 Bytes [ FF, 68, 04, 01, 00, 00, 33, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathSetDlgItemPathW + 2B 77FB1814 1 Byte [ BD ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathSetDlgItemPathW + 33 77FB181C 9 Bytes [ FB, FF, 83, C4, 10, 8D, 85, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathSetDlgItemPathW + 3D 77FB1826 22 Bytes [ FF, 50, 8D, 85, F0, FD, FF, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathCompactPathExW + 34 77FB1B26 79 Bytes [ EB, 03, 33, DB, 43, 8B, 4D, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathCompactPathExW + CC 77FB1BBE 83 Bytes [ 98, FB, FF, 8B, 4D, FC, 5F, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathCompactPathExW + 120 77FB1C12 14 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathCompactPathExW + 130 77FB1C22 62 Bytes [ A1, 80, D2, FC, 77, 53, 56, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathCompactPathExW + 16F 77FB1C61 60 Bytes [ 83, 04, 07, 80, 83, E3, 40, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathUnExpandEnvStringsW + 5F 77FB1EC8 7 Bytes [ 55, 8B, EC, 81, EC, 0C, 02 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathUnExpandEnvStringsW + 67 77FB1ED0 59 Bytes [ 00, A1, 80, D2, FC, 77, 56, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathUnExpandEnvStringsW + A3 77FB1F0C 11 Bytes [ 8B, F8, 85, FF, 74, 3A, 85, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathUnExpandEnvStringsW + AF 77FB1F18 26 Bytes [ 15, 70, 14, F6, 77, 8D, 44, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!PathUnExpandEnvStringsW + CA 77FB1F33 13 Bytes [ 0D, 68, 24, 62, F9, 77, 6A, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegisterValidateTemplate + 3B 77FB6158 64 Bytes [ 85, C0, 74, 4D, 83, 7D, 10, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegisterValidateTemplate + 7C 77FB6199 11 Bytes [ 75, 14, FF, 75, 10, FF, 75, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegisterValidateTemplate + 88 77FB61A5 30 Bytes [ 50, 14, 8B, D8, 5F, 8B, C3, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegisterValidateTemplate + A7 77FB61C4 21 Bytes [ 39, 7D, 14, 75, 0A, B8, 57, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHRegisterValidateTemplate + BD 77FB61DA 12 Bytes [ 08, F6, 86, 18, 02, 00, 00, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHReleaseThreadRef + 40 77FB6EA8 10 Bytes [ 15, 70, 13, F6, 77, 8B, 4D, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHReleaseThreadRef + 4B 77FB6EB3 2 Bytes [ 69, E1 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHReleaseThreadRef + 4F 77FB6EB7 1 Byte [ C9 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHReleaseThreadRef + 51 77FB6EB9 1 Byte [ 08 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHReleaseThreadRef + 54 77FB6EBC 75 Bytes [ 41, 64, 64, 49, 6E, 74, 65, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHIsLowMemoryMachine + 3F 77FB6F08 4 Bytes [ 56, 68, 02, 00 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHIsLowMemoryMachine + 60 77FB6F29 1 Byte [ 56 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHIsLowMemoryMachine + 7C 77FB6F45 7 Bytes [ FF, 55, 8B, EC, 56, 6A, 04 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHIsLowMemoryMachine + 84 77FB6F4D 36 Bytes [ 75, 0C, BE, F8, 62, F9, 77, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHIsLowMemoryMachine + A9 77FB6F72 1 Byte [ 56 ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!GetAcceptLanguagesA + 41 77FBDE36 1 Byte [ 10 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!GetAcceptLanguagesA + 43 77FBDE38 2 Bytes [ 4B, 01 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!GetAcceptLanguagesA + 46 77FBDE3B 74 Bytes [ 00, 57, FF, 15, C4, 17, F6, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!GetAcceptLanguagesA + D3 77FBDEC8 37 Bytes [ FF, 75, 14, FF, 75, 10, 50, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!GetAcceptLanguagesA + FA 77FBDEEF 107 Bytes [ 10, FF, 35, 80, DC, FC, 77, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlCompareA + 24 77FBED91 1 Byte [ 01 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlCompareA + 26 77FBED93 12 Bytes CALL 77FADA37 C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation)
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlCompareA + 33 77FBEDA0 9 Bytes [ 15, 88, 14, F6, 77, EB, 03, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlCompareA + 3D 77FBEDAA 12 Bytes [ 8B, 4D, FC, 5F, 8B, C6, 5E, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlCompareA + 4A 77FBEDB7 133 Bytes [ C9, C3, 90, 90, 90, 70, 73, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlHashA 77FBEE82 54 Bytes [ 90, 90, 8B, FF, 55, 8B, EC, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlHashA + 3A 77FBEEBC 77 Bytes [ 8B, FF, 55, 8B, EC, 56, 8B, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlHashW + 4D 77FBEF0A 71 Bytes [ 5D, C2, 0C, 00, 90, 90, 4D, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlHashW + 95 77FBEF52 43 Bytes [ FF, 55, 8B, EC, 81, EC, 0C, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlHashW + C1 77FBEF7E 214 Bytes [ 45, 08, 50, 57, 57, FF, 15, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlHashW + 198 77FBF055 99 Bytes [ FF, 89, 45, FC, 8B, 45, 0C, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlHashW + 1FC 77FBF0B9 58 Bytes [ 8D, 8D, F8, FE, FF, FF, 89, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlEscapeA + 1 77FBF73E 7 Bytes [ 00, 25, 00, FF, 00, 00, 09 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlEscapeA + 9 77FBF746 29 Bytes [ 83, 7B, 14, 00, 74, 0A, 8B, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlEscapeA + 27 77FBF764 36 Bytes [ 55, 8B, EC, 8B, 45, 08, 8B, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlEscapeA + 4C 77FBF789 40 Bytes [ 85, C0, 74, 12, 6A, 0A, 59, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlEscapeA + 75 77FBF7B2 35 Bytes [ 41, 24, 85, C0, 75, 13, 39, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlGetPartA + 2D 77FBF857 1 Byte [ 02 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlGetPartA + 2F 77FBF859 76 Bytes [ 00, 23, C3, 50, FF, 76, 14, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlGetPartA + 7C 77FBF8A6 8 Bytes [ 76, 14, FF, 76, 10, E8, 46, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlGetPartA + 87 77FBF8B1 34 Bytes [ 75, F8, 89, 45, 08, 8D, 45, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlGetPartA + AA 77FBF8D4 24 Bytes [ 55, 8B, EC, 56, 8B, 75, 08, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlUnescapeA + 13 77FBF943 100 Bytes [ FF, 55, 8B, EC, 51, 83, 65, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlUnescapeA + 78 77FBF9A8 16 Bytes [ F4, C7, 45, FC, 05, 40, 00, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlUnescapeA + 89 77FBF9B9 34 Bytes [ 55, 8B, EC, 8B, 45, 08, 66, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlCreateFromPathA + 1A 77FBF9DC 68 Bytes [ EC, 81, EC, 34, 04, 00, 00, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlCreateFromPathA + 5F 77FBFA21 39 Bytes [ 50, 01, 00, 00, 56, BE, 04, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlCreateFromPathA + 87 77FBFA49 35 Bytes [ 50, 8D, 85, F4, FD, FF, FF, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlCreateFromPathA + AB 77FBFA6D 33 Bytes [ FF, 89, BD, D8, FB, FF, FF, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlCreateFromPathA + CD 77FBFA8F 69 Bytes [ 50, 6A, FF, 8D, 85, F8, FE, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlApplySchemeA + 27 77FBFAD6 17 Bytes [ FF, 50, 8D, 85, F4, FD, FF, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlApplySchemeA + 39 77FBFAE8 3 Bytes CALL C8FBFAE8
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlApplySchemeA + 3E 77FBFAED 8 Bytes [ 50, 8D, 85, F8, FE, FF, FF, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlApplySchemeA + 47 77FBFAF6 11 Bytes [ B5, D8, FB, FF, FF, 89, B5, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlApplySchemeA + 53 77FBFB02 11 Bytes [ B5, DC, FB, FF, FF, 89, B5, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlApplySchemeW 77FBFB8A 56 Bytes [ 90, 90, 53, 6F, 66, 74, 77, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlApplySchemeW + 39 77FBFBC3 81 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlApplySchemeW + B4 77FBFC3E 1 Byte [ 53 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlApplySchemeW + F9 77FBFC83 38 Bytes [ 00, 5C, 00, 57, 00, 69, 00, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlApplySchemeW + 120 77FBFCAA 48 Bytes [ 73, 00, 69, 00, 6F, 00, 6E, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlIsNoHistoryA + 1C 77FC0002 36 Bytes [ C7, 5F, 5E, C3, 90, 90, 90, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlIsNoHistoryA + 41 77FC0027 1 Byte [ 6A ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlIsNoHistoryA + 43 77FC0029 1 Byte [ 6A ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlIsNoHistoryA + 45 77FC002B 6 Bytes [ 6A, 2F, 53, FF, 76, 04 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!UrlIsNoHistoryA + 4C 77FC0032 113 Bytes CALL 77F83B77 C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation)
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHCreateStreamOnFileA + 1D 77FC024E 72 Bytes [ 4C, 4D, BC, 66, 85, C9, 74, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHCreateStreamOnFileA + 66 77FC0297 12 Bytes [ A8, EF, FF, FF, 01, 00, 00, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHCreateStreamOnFileA + 73 77FC02A4 75 Bytes [ FF, 8B, 8D, A0, EF, FF, FF, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHCreateStreamOnFileA + BF 77FC02F0 18 Bytes [ FF, 83, BD, A4, EF, FF, FF, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHCreateStreamOnFileA + D2 77FC0303 16 Bytes [ FF, B5, AC, EF, FF, FF, FF, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHOpenRegStreamW 77FC23BE 128 Bytes [ 90, 8B, FF, 55, 8B, EC, 83, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHOpenRegStreamW + 81 77FC243F 23 Bytes CALL BDC32DB9
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHOpenRegStreamW + 99 77FC2457 100 Bytes [ 56, FF, 15, 8C, 13, F6, 77, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHOpenRegStreamW + FE 77FC24BC 11 Bytes [ 68, D2, 12, FC, 77, 89, 75, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHOpenRegStreamW + 10A 77FC24C8 63 Bytes [ 15, E4, 13, F6, 77, 85, C0, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!DllGetVersion + 47 77FC5B30 20 Bytes [ 8B, FF, 55, 8B, EC, 83, EC, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!DllGetVersion + 5C 77FC5B45 20 Bytes [ FF, 75, 10, 89, 45, E8, FF, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!DllGetVersion + 10F 77FC5BF8 51 Bytes [ 55, 8B, EC, 8B, 45, 08, 6A, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!DllGetVersion + 143 77FC5C2C 146 Bytes [ 55, 8B, EC, 53, 56, 8B, F1, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!DllGetVersion + 1D6 77FC5CBF 100 Bytes [ 8B, 46, 24, 2B, C7, C1, E0, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!DelayLoadFailureHook + 20 77FC6BB5 82 Bytes [ 55, 8B, EC, 8B, 45, 08, 56, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!DelayLoadFailureHook + 74 77FC6C09 6 Bytes [ 5E, 0F, 95, C1, 8B, C1 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!DelayLoadFailureHook + 7C 77FC6C11 1 Byte [ 08 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!DelayLoadFailureHook + 83 77FC6C18 58 Bytes [ 8B, FF, 55, 8B, EC, 51, 83, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!DelayLoadFailureHook + BE 77FC6C53 94 Bytes [ 55, 8B, EC, 56, 33, F6, 39, ... ]
.text ...
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHCreateStreamWrapper + B 77FC7B36 3 Bytes [ 6F, 00, 66 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHCreateStreamWrapper + F 77FC7B3A 29 Bytes [ 74, 00, 5C, 00, 57, 00, 69, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHCreateStreamWrapper + 2D 77FC7B58 19 Bytes [ 6E, 00, 74, 00, 56, 00, 65, ... ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHCreateStreamWrapper + 41 77FC7B6C 3 Bytes [ 45, 00, 78 ]
.text C:\WINDOWS\system32\lsass.exe[796] SHLWAPI.dll!SHCreateStreamWrapper + 45 77FC7B70 15 Bytes [ 70, 00, 6C, 00, 6F, 00, 72, ... ]
.text ...
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F110F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, 7F, E2 ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!TranslateNameA + FFFF502D 77FE1185 1 Byte [ 08 ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!TranslateNameA + FFFF5030 77FE1188 5 Bytes [ 7C, D1, 00, 00, 38 ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!TranslateNameA + FFFF5038 77FE1190 2 Bytes [ 00, 00 ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!TranslateNameA + FFFF503C 77FE1194 1 Byte [ 00 ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!TranslateNameA + FFFF5040 77FE1198 1 Byte [ 00 ]
.text ...
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!GetUserNameExW + 29 77FE1C99 8 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!GetUserNameExW + 33 77FE1CA3 17 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!GetUserNameExW + 46 77FE1CB6 11 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!GetUserNameExW + 53 77FE1CC3 5 Bytes [ 00, 00, 00, 00, 00 ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!GetUserNameExW + 59 77FE1CC9 11 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text ...
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!GetUserNameExA + 11 77FE1DDB 31 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!GetUserNameExA + 32 77FE1DFC 33 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!GetUserNameExA + 55 77FE1E1F 36 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!GetUserNameExA + 7C 77FE1E46 22 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!GetUserNameExA + 93 77FE1E5D 32 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text ...
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!CredMarshalTargetInfo + 8A 77FE1F79 17 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!CredMarshalTargetInfo + 9D 77FE1F8C 29 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!CredMarshalTargetInfo + BB 77FE1FAA 52 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!CredMarshalTargetInfo + F0 77FE1FDF 87 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!CredMarshalTargetInfo + 148 77FE2037 235 Bytes [ 00, 10, FE, 90, 7C, FD, 49, ... ]
.text ...
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!LsaFreeReturnBuffer + 1C 77FE217C 6 Bytes [ 70, D3, 90, 7C, 00, 00 ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!LsaFreeReturnBuffer + 23 77FE2183 15 Bytes [ 00, 00, 00, 00, 00, F1, 5B, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!LsaCallAuthenticationPackage + B 77FE2193 47 Bytes [ 00, 01, 00, 00, 00, 4C, 00, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!LsaCallAuthenticationPackage + 3B 77FE21C3 8 Bytes [ 00, B6, A2, 00, 00, EC, 8B, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!LsaCallAuthenticationPackage + 44 77FE21CC 110 Bytes [ AD, 8B, 00, 00, 60, A3, 00, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!LsaCallAuthenticationPackage + B3 77FE223B 4 Bytes [ 00, 93, 4E, 00 ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!LsaCallAuthenticationPackage + B8 77FE2240 82 Bytes [ 85, 7C, 00, 00, 1F, A2, 00, ... ]
.text ...
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!FreeContextBuffer + 17 77FE2895 312 Bytes [ 4D, 61, 6B, 65, 53, 69, 67, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!FreeContextBuffer + 150 77FE29CE 52 Bytes [ 53, 61, 73, 6C, 47, 65, 74, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!FreeContextBuffer + 185 77FE2A03 383 Bytes [ 69, 66, 79, 50, 61, 63, 6B, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!EnumerateSecurityPackagesW + 16D 77FE2B83 8 Bytes [ 00, 8B, 75, 10, 8B, 7D, 08, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!EnumerateSecurityPackagesW + 176 77FE2B8C 160 Bytes [ 75, 0C, FF, 77, 0C, FF, 15, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!FreeCredentialsHandle + 9C 77FE2C2D 23 Bytes [ FF, FF, 89, 45, F8, 8D, 45, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!FreeCredentialsHandle + B5 77FE2C46 139 Bytes [ 59, 5F, 5E, 5B, C9, 51, C3, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!FreeCredentialsHandle + 142 77FE2CD3 1 Byte [ 0C ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!FreeCredentialsHandle + 14E 77FE2CDF 59 Bytes [ 81, EC, 04, 01, 00, 00, 56, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!DeleteSecurityContext + E 77FE2D1B 7 Bytes [ FF, 8B, 47, 04, 89, 85, 2C ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!DeleteSecurityContext + 17 77FE2D24 2 Bytes [ FF, 8D ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!DeleteSecurityContext + 1A 77FE2D27 23 Bytes [ FC, FE, FF, FF, 50, 50, FF, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!DeleteSecurityContext + 32 77FE2D3F 15 Bytes [ FF, 34, 00, 89, B5, 00, FF, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!DeleteSecurityContext + 42 77FE2D4F 19 Bytes [ 85, 14, FF, FF, FF, 1F, 00, ... ]
.text ...
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!AcquireCredentialsHandleW + 53 77FE3156 106 Bytes [ 00, 5D, C2, 0C, 00, 90, 90, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!AcquireCredentialsHandleW + BE 77FE31C1 6 Bytes [ 00, 00, 66, C7, 85, 58 ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!AcquireCredentialsHandleW + C5 77FE31C8 8 Bytes [ FF, FF, 20, 00, 66, C7, 85, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!AcquireCredentialsHandleW + CE 77FE31D1 29 Bytes [ FF, FF, A8, 00, 75, 43, 8D, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!AcquireCredentialsHandleW + EC 77FE31EF 186 Bytes [ 8B, 55, 88, 89, 11, 8B, 4D, ... ]
.text ...
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!MakeSignature + 6A 77FE3341 103 Bytes [ 15, 2C, 11, FE, 77, 5F, 5E, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!VerifySignature + 1E 77FE33A9 27 Bytes [ 55, 8B, EC, 83, 25, 44, E0, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!VerifySignature + 3A 77FE33C5 117 Bytes [ D6, A3, 90, E0, FE, 77, FF, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!LsaLogonUser + 63 77FE343B 64 Bytes [ 15, 18, 11, FE, 77, B8, 4C, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!LsaLogonUser + A5 77FE347D 2 Bytes [ 43, 4D ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!LsaLogonUser + A9 77FE3481 260 Bytes [ 33, C0, A3, 18, E1, FE, 77, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!QueryCredentialsAttributesW + BE 77FE3586 58 Bytes [ 00, 00, 83, 7D, FC, 00, 8B, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!QueryCredentialsAttributesW + F9 77FE35C1 58 Bytes [ 53, 56, 68, B0, E0, FE, 77, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!QueryCredentialsAttributesW + 134 77FE35FC 53 Bytes [ 77, 3B, C3, A3, 44, E0, FE, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!QueryCredentialsAttributesW + 16A 77FE3632 78 Bytes [ 15, 3C, 11, FE, 77, 8B, C6, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!QueryCredentialsAttributesW + 1B9 77FE3681 46 Bytes [ FF, FF, 8C, 00, 00, 00, F3, ... ]
.text ...
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!QuerySecurityPackageInfoW + 92 77FE38FE 33 Bytes [ 00, A1, E4, E0, FE, 77, 89, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!QuerySecurityPackageInfoW + B4 77FE3920 23 Bytes [ EC, 8B, 45, 08, 8B, C8, 81, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!QuerySecurityPackageInfoW + CC 77FE3938 38 Bytes [ C0, 3B, C1, 0F, 8E, B7, 45, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!QuerySecurityPackageInfoW + F3 77FE395F 13 Bytes [ C0, 74, 19, 3D, 08, 04, 00, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!QuerySecurityPackageInfoW + 101 77FE396D 37 Bytes [ 85, C0, 0F, 85, 26, 47, 00, ... ]
.text ...
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!LsaRegisterPolicyChangeNotification + 28 77FE4AE5 57 Bytes [ 90, 8B, FF, 55, 8B, EC, 83, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!LsaRegisterPolicyChangeNotification + 62 77FE4B1F 43 Bytes [ C0, 0F, 85, 4D, 36, 00, 00, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!LsaRegisterPolicyChangeNotification + 8E 77FE4B4B 15 Bytes [ D6, 83, F8, 02, 0F, 84, F0, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!LsaRegisterPolicyChangeNotification + 9E 77FE4B5B 22 Bytes [ E6, 26, 00, 00, 3B, C3, 0F, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!LsaRegisterPolicyChangeNotification + B6 77FE4B73 4 Bytes [ 03, C0, 50, 53 ]
.text ...
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!LsaLookupAuthenticationPackage + 2 77FE4B9C 72 Bytes [ 75, FC, FF, D6, FF, 75, FC, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!LsaLookupAuthenticationPackage + 4B 77FE4BE5 16 Bytes [ 45, F4, EB, E6, 90, 90, 90, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!LsaLookupAuthenticationPackage + 5C 77FE4BF6 53 Bytes [ 65, 00, 63, 00, 75, 00, 72, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!LsaLookupAuthenticationPackage + 92 77FE4C2C 21 Bytes [ 72, 00, 65, 00, 6E, 00, 74, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!LsaLookupAuthenticationPackage + A8 77FE4C42 35 Bytes [ 53, 00, 65, 00, 74, 00, 5C, ... ]
.text ...
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!LsaRegisterLogonProcess + 9 77FE4D18 1 Byte [ 43 ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!LsaRegisterLogonProcess + B 77FE4D1A 39 Bytes [ 61, 00, 70, 00, 61, 00, 62, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!LsaRegisterLogonProcess + 33 77FE4D42 18 Bytes [ 00, 00, 4E, 00, 61, 00, 6D, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!LsaRegisterLogonProcess + 46 77FE4D55 11 Bytes [ 55, 8B, EC, 56, 8B, 75, 0C, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!LsaRegisterLogonProcess + 52 77FE4D61 34 Bytes [ 50, 6A, 00, FF, 15, BC, 10, ... ]
.text ...
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!LsaConnectUntrusted + 49 77FE4EDC 18 Bytes [ 5F, 5E, C9, C3, 90, 90, 90, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!LsaConnectUntrusted + 5C 77FE4EEF 47 Bytes [ 39, 45, 08, 0F, 82, F9, 3B, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!LsaConnectUntrusted + 8C 77FE4F1F 16 Bytes [ 15, B8, 10, FE, 77, E9, 79, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!LsaConnectUntrusted + 9D 77FE4F30 21 Bytes [ 55, 8B, EC, 81, EC, 34, 02, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!LsaConnectUntrusted + B3 77FE4F46 3 Bytes [ 85, E4, FD ]
.text ...
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!AcceptSecurityContext + 36 77FE5387 160 Bytes [ 8D, 45, F8, 50, 53, 68, DC, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!AcceptSecurityContext + D7 77FE5428 143 Bytes [ 11, FE, 77, A1, 00, 11, FE, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!QueryContextAttributesW + 7A 77FE54B9 29 Bytes [ EB, D9, 33, C0, EB, EE, 90, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!QueryContextAttributesW + 98 77FE54D7 61 Bytes [ 77, 8B, 0D, 50, E0, FE, 77, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!QueryContextAttributesW + D7 77FE5516 80 Bytes [ 57, FF, 15, 10, 11, FE, 77, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!RevertSecurityContext + 4 77FE5567 5 Bytes [ 34, B0, EB, E7, 8B ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!RevertSecurityContext + A 77FE556D 45 Bytes [ 84, 89, 45, F4, 8B, 45, 88, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!RevertSecurityContext + 38 77FE559B 66 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!RevertSecurityContext + 7B 77FE55DE 1 Byte [ 56 ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!RevertSecurityContext + 7D 77FE55E0 43 Bytes [ 35, BC, 10, FE, 77, FF, D6, ... ]
.text ...
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!InitializeSecurityContextW + B 77FE5BDE 8 Bytes [ FF, FF, 00, 83, A5, 5C, FF, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!InitializeSecurityContextW + 14 77FE5BE7 11 Bytes [ 00, 83, C4, 0C, 85, C0, 66, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!InitializeSecurityContextW + 20 77FE5BF3 8 Bytes [ FF, 90, 00, 66, C7, 85, 5A, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!InitializeSecurityContextW + 29 77FE5BFC 47 Bytes [ FF, A8, 00, 75, 2B, 8D, 85, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!InitializeSecurityContextW + 59 77FE5C2C 55 Bytes [ 8D, 8D, 58, FF, FF, FF, 51, ... ]
.text ...
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!SecCacheSspiPackages + 2 77FE5F56 23 Bytes [ FF, FF, 50, C7, 85, 5C, FF, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!SecCacheSspiPackages + 1A 77FE5F6E 5 Bytes [ FF, FF, C7, 85, 64 ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!SecCacheSspiPackages + 21 77FE5F75 41 Bytes [ FF, 8C, 00, 00, 00, FF, D6, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!SecCacheSspiPackages + 4B 77FE5F9F 47 Bytes [ FF, FF, FF, 15, 78, 11, FE, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!SecCacheSspiPackages + 7B 77FE5FCF 41 Bytes [ 8B, 1D, 1C, 11, FE, 77, BF, ... ]
.text ...
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!InitSecurityInterfaceA + 6A 77FE6AA6 8 Bytes [ 85, 4C, FF, FF, FF, 8B, 7B, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!InitSecurityInterfaceA + 73 77FE6AAF 29 Bytes [ 75, FC, 8D, 0C, 40, C1, E1, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!InitSecurityInterfaceA + 91 77FE6ACD 30 Bytes [ 85, 54, FF, FF, FF, 8B, 4D, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!InitSecurityInterfaceA + B0 77FE6AEC 100 Bytes [ 8D, 44, FF, FF, FF, 89, 48, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!InitSecurityInterfaceA + 115 77FE6B51 133 Bytes [ 42, 83, C0, 0C, 3B, 95, 30, ... ]
.text ...
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!LsaDeregisterLogonProcess + 2 77FE7C87 6 Bytes [ 83, A5, 38, FF, FF, FF ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!LsaDeregisterLogonProcess + 9 77FE7C8E 10 Bytes [ 83, A5, 34, FF, FF, FF, 00, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!LsaDeregisterLogonProcess + 15 77FE7C9A 2 Bytes [ 66, C7 ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!LsaDeregisterLogonProcess + 18 77FE7C9D 40 Bytes [ 1C, FF, FF, FF, 00, 01, E9, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!LsaDeregisterLogonProcess + 41 77FE7CC6 17 Bytes [ FF, A1, 14, E4, FE, 77, E9, ... ]
.text ...
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!CredUnmarshalTargetInfo + 2 77FE8556 64 Bytes [ 89, 85, D8, FD, FF, FF, 51, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!CredUnmarshalTargetInfo + 43 77FE8597 97 Bytes [ 4D, F8, 89, 45, F8, 56, 89, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!CredUnmarshalTargetInfo + A5 77FE85F9 124 Bytes [ 84, 65, C2, FF, FF, 8B, 46, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!CredUnmarshalTargetInfo + 122 77FE8676 107 Bytes [ C3, F7, D8, 1B, C0, 5E, 23, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!CredUnmarshalTargetInfo + 18E 77FE86E2 86 Bytes [ C4, 33, C0, 8B, F9, AB, AB, ... ]
.text ...
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!GetSecurityUserInfo + A 77FE8AF1 97 Bytes [ B8, 0D, 00, 00, C0, E9, 16, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!SecGetLocaleSpecificEncryptionRules + 5C 77FE8B53 84 Bytes [ F8, FF, 15, 4C, 10, FE, 77, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!SecGetLocaleSpecificEncryptionRules + B1 77FE8BA8 33 Bytes [ 5C, 00, 4D, 00, 69, 00, 63, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!AddSecurityPackageW + 1D 77FE8BCA 53 Bytes [ 67, 00, 72, 00, 61, 00, 70, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!AddSecurityPackageA + 14 77FE8C00 7 Bytes [ 00, 00, 90, 90, 72, 00, 70 ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!AddSecurityPackageA + 1C 77FE8C08 1 Byte [ 63 ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!AddSecurityPackageA + 1E 77FE8C0A 42 Bytes [ 72, 00, 74, 00, 34, 00, 2E, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!AddSecurityPackageA + 49 77FE8C35 9 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!AddSecurityPackageA + 53 77FE8C3F 12 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!DeleteSecurityPackageA + 8 77FE8C4C 107 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!DeleteSecurityPackageA + 74 77FE8CB8 106 Bytes [ FF, A8, 00, 75, 13, 8D, 85, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!DeleteSecurityPackageA + DF 77FE8D23 36 Bytes [ 00, 57, 33, C0, 6A, 2C, 59, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!DeleteSecurityPackageA + 104 77FE8D48 56 Bytes [ 8B, 45, 10, 3B, C3, 66, C7, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!DeleteSecurityPackageA + 13E 77FE8D82 10 Bytes [ 8B, 48, 04, 89, 8D, 2C, FF, ... ]
.text ...
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!SecInitUserModeContext + 7 77FE9F8E 80 Bytes [ 4D, 0C, 8B, 36, 8D, 44, 01, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!SecDeleteUserModeContext + B 77FE9FDF 16 Bytes [ 7F, 66, 83, 65, F4, 00, 6A, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!SecDeleteUserModeContext + 1D 77FE9FF1 2 Bytes [ 08, 11 ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!SecDeleteUserModeContext + 21 77FE9FF5 111 Bytes [ 0F, B7, 45, F4, 8B, 36, 83, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!SecDeleteUserModeContext + 91 77FEA065 21 Bytes [ 00, 8D, 4C, 11, 02, 3B, C6, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!SecDeleteUserModeContext + A7 77FEA07B 48 Bytes [ D0, 85, D2, 89, 55, FC, 75, ... ]
.text ...
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!LsaGetLogonSessionData + 2 77FEA240 29 Bytes [ 8B, C7, 5F, C9, C2, 04, 00, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!LsaGetLogonSessionData + 20 77FEA25E 5 Bytes [ FA, 0F, B7, C0, 50 ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!LsaGetLogonSessionData + 26 77FEA264 2 Bytes [ E3, A6 ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!LsaGetLogonSessionData + 2C 77FEA26A 32 Bytes [ 89, 45, FC, 74, 23, 66, 83, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!LsaGetLogonSessionData + 53 77FEA291 14 Bytes [ FF, 33, C0, 5E, C9, C2, 04, ... ]
.text ...
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!AddCredentialsW + 19 77FEA2CF 85 Bytes [ C0, 74, 24, 80, 38, 00, 74, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!AddCredentialsA + 1A 77FEA325 51 Bytes [ 75, 20, FF, 75, 1C, FF, 75, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!AddCredentialsA + 4E 77FEA359 42 Bytes [ D6, 85, FF, 7C, 0E, 8B, 4D, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!ApplyControlToken + 24 77FEA384 33 Bytes [ 7D, 0E, 57, FF, 15, F0, 10, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!EnumerateSecurityPackagesA 77FEA3A7 3 Bytes [ 90, 90, 90 ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!EnumerateSecurityPackagesA + 4 77FEA3AB 12 Bytes [ FF, 55, 8B, EC, 83, EC, 18, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!EnumerateSecurityPackagesA + 11 77FEA3B8 89 Bytes [ 0A, BE, 0D, 00, 00, D0, E9, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!CompleteAuthToken + 1E 77FEA412 5 Bytes [ 75, 20, 89, 4D, F0 ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!CompleteAuthToken + 24 77FEA418 5 Bytes [ 75, 1C, FF, 75, 18 ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!CompleteAuthToken + 2B 77FEA41F 9 Bytes [ 14, 50, 8D, 45, F8, 50, 8D, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!QuerySecurityContextToken + 2 77FEA43D 172 Bytes [ 35, 90, E0, FE, 77, FF, 15, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!SetContextAttributesW + E 77FEA4EB 35 Bytes [ 20, C7, 45, 10, 10, 00, 00, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!SetContextAttributesW + 32 77FEA50F 49 Bytes [ 8B, 35, 4C, 11, FE, 77, 8B, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!SetContextAttributesA + 2 77FEA541 9 Bytes [ 7D, 0E, 57, FF, 15, F0, 10, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!SetContextAttributesA + D 77FEA54C 261 Bytes [ 15, 38, 10, FE, 77, 68, 04, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!DecryptMessage + 8 77FEA652 39 Bytes [ FF, 35, 90, E0, FE, 77, FF, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!DecryptMessage + 30 77FEA67A 12 Bytes [ FF, 5E, C9, C2, 08, 00, 90, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!DecryptMessage + 3D 77FEA687 74 Bytes [ 55, 8B, EC, 56, 8B, 75, 0C, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!ExportSecurityContext + 3A 77FEA6D3 1 Byte [ 08 ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!ExportSecurityContext + 3C 77FEA6D5 1 Byte [ 45 ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!ExportSecurityContext + 3E 77FEA6D7 32 Bytes [ 50, FF, 15, 64, 11, FE, 77, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!ImportSecurityContextW + 2 77FEA6F8 26 Bytes [ F6, 05, 43, E0, FE, 77, 20, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!ImportSecurityContextW + 1E 77FEA714 6 Bytes [ 15, F0, 10, FE, 77, 50 ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!ImportSecurityContextW + 25 77FEA71B 42 Bytes [ 15, 38, 10, FE, 77, 68, 04, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!ImportSecurityContextW + 50 77FEA746 30 Bytes [ 85, C0, 75, 07, BE, 01, 03, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!ImportSecurityContextW + 6F 77FEA765 43 Bytes [ FF, D0, 8B, F0, EB, 05, BE, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!ImportSecurityContextA + 20 77FEA791 28 Bytes [ 00, 90, 90, 90, 90, 90, 8B, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!ImportSecurityContextA + 3D 77FEA7AE 13 Bytes [ 3B, C7, 75, 07, BE, 01, 03, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!ImportSecurityContextA + 4B 77FEA7BC 10 Bytes [ E3, FE, 77, 74, 12, 68, 5B, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!ImportSecurityContextA + 56 77FEA7C7 6 Bytes [ 15, 38, 10, FE, 77, B8 ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!ImportSecurityContextA + 5D 77FEA7CE 11 Bytes [ 03, 09, 80, EB, 63, 8B, 40, ... ]
.text ...
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!AcquireCredentialsHandleA + 1B 77FEA807 46 Bytes [ FC, 6A, FF, FF, 15, EC, 10, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!InitializeSecurityContextA + 1A 77FEA836 21 Bytes [ 5F, 5E, C9, C2, 08, 00, 90, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!InitializeSecurityContextA + 30 77FEA84C 22 Bytes [ 39, 3D, 58, E3, FE, 77, 89, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!InitializeSecurityContextA + 48 77FEA864 78 Bytes [ 00, FF, 15, 38, 10, FE, 77, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!InitializeSecurityContextA + 97 77FEA8B3 136 Bytes [ 45, DC, 8B, 46, 04, 89, 45, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!InitializeSecurityContextA + 121 77FEA93D 23 Bytes [ F0, 8B, 40, 64, 3B, C7, 74, ... ]
.text ...
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!SaslEnumerateProfilesA 77FEADF8 3 Bytes [ 90, 90, 90 ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!SaslEnumerateProfilesA + 4 77FEADFC 40 Bytes [ FF, 55, 8B, EC, 83, 3D, 58, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!SaslGetProfilePackageA + D 77FEAE25 32 Bytes [ FF, 85, C0, 75, 07, BE, 01, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!SaslGetProfilePackageW + 2 77FEAE46 25 Bytes [ EB, 42, 8B, 40, 64, 85, C0, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!SaslGetProfilePackageW + 1C 77FEAE60 126 Bytes [ 76, 04, FF, D0, 8B, F0, EB, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!SaslGetProfilePackageW + 9B 77FEAEDF 16 Bytes [ EB, 42, 8B, 40, 64, 85, C0, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!SaslGetProfilePackageW + AC 77FEAEF0 5 Bytes [ 75, 14, FF, 75, 10 ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!SaslGetProfilePackageW + B3 77FEAEF7 20 Bytes [ 0C, FF, 76, 04, FF, D0, 8B, ... ]
.text ...
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!SaslIdentifyPackageW + 32 77FEB1A0 17 Bytes [ 43, 64, 85, C0, 74, 23, 8B, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!SaslIdentifyPackageW + 44 77FEB1B2 147 Bytes [ 04, 51, FF, 75, 10, FF, 75, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!SaslIdentifyPackageW + 102 77FEB270 8 Bytes [ 55, FC, 89, 11, C9, C2, 08, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!SaslIdentifyPackageW + 10D 77FEB27B 21 Bytes [ 90, 90, 8B, FF, 55, 8B, EC, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!SaslIdentifyPackageW + 123 77FEB291 227 Bytes [ 75, 24, FF, 75, 20, FF, 75, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!SaslInitializeSecurityContextW + 8E 77FEB375 23 Bytes [ FF, 8B, F0, 85, F6, 74, 1C, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!SaslInitializeSecurityContextW + A6 77FEB38D 83 Bytes [ 46, 60, 8D, 4D, F8, 51, FF, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!SaslInitializeSecurityContextW + FA 77FEB3E1 14 Bytes [ FF, FF, 75, 0C, 50, E8, 0C, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!SaslInitializeSecurityContextA 77FEB3F0 21 Bytes [ 90, 90, 90, 90, 8B, FF, 55, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!SaslInitializeSecurityContextA + 16 77FEB406 2 Bytes [ 7D, 85 ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!SaslInitializeSecurityContextA + 1E 77FEB40E 16 Bytes [ 74, 1C, 56, FF, 35, 8C, E0, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!SaslInitializeSecurityContextA + 2F 77FEB41F 28 Bytes [ 0C, 8B, 46, 60, 8D, 4D, F8, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!SaslInitializeSecurityContextA + 4C 77FEB43C 108 Bytes [ FF, 55, 8B, EC, 51, 51, 56, ... ]
.text ...
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!SaslAcceptSecurityContext + 1 77FEB4FA 90 Bytes [ 46, 5C, 83, 38, 02, 72, 28, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!SaslAcceptSecurityContext + 5C 77FEB555 114 Bytes [ 8B, F0, 85, F6, 74, 37, 8B, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!SaslAcceptSecurityContext + CF 77FEB5C8 229 Bytes [ 35, 8C, E0, FE, 77, FF, 15, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!SaslAcceptSecurityContext + 1B5 77FEB6AE 101 Bytes [ FF, 8B, F0, 85, F6, 74, 32, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!SaslAcceptSecurityContext + 21C 77FEB715 1 Byte [ 08 ]
.text ...
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!SecpFreeMemory + 2B 77FEB7B3 14 Bytes [ FF, 15, 7C, 10, FE, 77, 8B, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!SecpFreeMemory + 3A 77FEB7C2 4 Bytes [ 10, FF, 75, 0C ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!SecpFreeMemory + 3F 77FEB7C7 44 Bytes [ 75, 08, FF, 50, 54, EB, 05, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!SecpFreeMemory + 6C 77FEB7F4 27 Bytes [ 75, 28, FF, 75, 24, FF, 75, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!SecpFreeMemory + 88 77FEB810 13 Bytes [ 89, FF, FF, 5D, C2, 24, 00, ... ]
.text ...
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!SecpTranslateNameEx + 17 77FEBB25 5 Bytes [ 8B, 85, 68, FF, FF ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!SecpTranslateNameEx + 1D 77FEBB2B 8 Bytes [ 39, 06, 73, 16, C7, 85, 78, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!SecpTranslateNameEx + 27 77FEBB35 19 Bytes [ 00, 03, 09, 80, EB, 0A, C7, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!SecpTranslateNameEx + 3B 77FEBB49 18 Bytes [ FF, FF, 00, 0F, 8C, 87, 00, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!SecpTranslateNameEx + 4E 77FEBB5C 21 Bytes [ FF, FF, 8B, BD, 74, FF, FF, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!SecpTranslateName + D 77FEBB72 46 Bytes [ FF, 83, E1, 03, F3, A4, 03, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!SecpTranslateName + 3C 77FEBBA1 11 Bytes [ 8D, 5C, FF, FF, FF, 8B, B5, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!SecpTranslateName + 48 77FEBBAD 90 Bytes [ 3C, 02, 8B, C1, C1, E9, 02, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!SecpTranslateName + A3 77FEBC08 21 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!SecpTranslateName + B9 77FEBC1E 29 Bytes [ C6, 45, FC, 01, 74, 04, C6, ... ]
.text ...
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!GetComputerObjectNameW + 26 77FEBEFA 11 Bytes [ 15, BC, 10, FE, 77, 8B, D8, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!GetComputerObjectNameW + 32 77FEBF06 5 Bytes [ 75, FC, E8, 53, 72 ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!GetComputerObjectNameW + 39 77FEBF0D 82 Bytes [ BE, 00, 03, 09, 80, EB, 76, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!GetComputerObjectNameW + 8C 77FEBF60 2 Bytes [ 1B, 57 ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!GetComputerObjectNameW + F9 77FEBFCD 10 Bytes [ 32, 8A, 1E, 46, 89, 32, FF, ... ]
.text ...
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!GetComputerObjectNameA + 45 77FEC0EB 79 Bytes [ 0F, 3B, C1, 7C, 13, 85, C9, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!GetComputerObjectNameA + 95 77FEC13B 6 Bytes [ 90, 90, 90, 90, 90, 8B ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!GetComputerObjectNameA + 9C 77FEC142 84 Bytes [ 55, 8B, EC, 51, 83, 65, FC, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!TranslateNameA + 3F 77FEC197 239 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!TranslateNameA + 12F 77FEC287 85 Bytes [ 57, 74, 1D, BF, CC, E0, FE, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!TranslateNameA + 185 77FEC2DD 70 Bytes [ FF, 5D, C2, 04, 00, 90, 90, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!TranslateNameA + 1CC 77FEC324 22 Bytes [ C0, 7C, 1B, 8B, 4E, 20, 8B, ... ]
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] Secur32.dll!TranslateNameA + 203 77FEC35B 5 Bytes [ 75, 24, FF, 75, 20 ]
.text ...
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[868] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F040F5A
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!CreateProcessInternalWSecure + FFF80F2D 7C801625 14 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!DeviceIoControl + C 7C801635 6 Bytes [ 00, 00, 00, 00, 00, 00 ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!DeviceIoControl + 14 7C80163D 3 Bytes [ 00, 00, 00 ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!DeviceIoControl + 19 7C801642 1 Byte [ 00 ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!DeviceIoControl + 1B 7C801644 40 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!DeviceIoControl + 46 7C80166F 9 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetSystemTime + B 7C80177A 8 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetSystemTime + 14 7C801783 8 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetSystemTime + 1D 7C80178C 87 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetSystemTime + 75 7C8017E4 12 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetSystemTimeAsFileTime + 8 7C8017F1 5 Bytes [ 00, 00, 00, 00, 00 ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetSystemTimeAsFileTime + E 7C8017F7 5 Bytes [ 00, 00, 00, 00, 00 ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetSystemTimeAsFileTime + 14 7C8017FD 15 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetSystemTimeAsFileTime + 24 7C80180D 15 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!ReadFile + C 7C80181E 14 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!ReadFile + 1D 7C80182F 13 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!ReadFile + 2C 7C80183E 7 Bytes [ 00, 00, 00, 00, 00, 00, 00 ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!ReadFile + 35 7C801847 9 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!ReadFile + 40 7C801852 14 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!CreateFileA + D 7C801A35 28 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!CreateFileA + 2B 7C801A53 3 Bytes [ 00, 00, 00 ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!CreateFileA + 2F 7C801A57 56 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!VirtualProtectEx + 2F 7C801A90 3 Bytes [ 00, 00, 00 ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!VirtualProtectEx + 34 7C801A95 19 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!VirtualProtectEx + 48 7C801AA9 32 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!VirtualProtectEx + 6A 7C801ACB 36 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!VirtualProtect + 1C 7C801AF0 15 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!LoadLibraryExW + C 7C801B01 23 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!LoadLibraryExW + 26 7C801B1B 6 Bytes [ 00, 00, 00, 00, 00, 00 ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!LoadLibraryExW + 2F 7C801B24 24 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!LoadLibraryExW + 49 7C801B3E 27 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!LoadLibraryExW + 66 7C801B5B 24 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!LoadLibraryExA + D 7C801D60 21 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!LoadLibraryExA + 23 7C801D76 13 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!LoadLibraryA + 9 7C801D84 25 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!LoadLibraryA + 23 7C801D9E 1 Byte [ 00 ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!LoadLibraryA + 25 7C801DA0 13 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!LoadLibraryA + 33 7C801DAE 3 Bytes [ 00, 00, 00 ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!LoadLibraryA + 39 7C801DB4 6 Bytes [ 00, 00, 00, 00, 00, 00 ]
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!TerminateProcess + 9 7C801E23 7 Bytes [ 00, 00, 00, 00, 00, 00, 00 ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!TerminateProcess + 12 7C801E2C 27 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!TerminateProcess + 2F 7C801E49 5 Bytes [ 00, 00, 00, 00, 00 ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!TerminateProcess + 35 7C801E4F 13 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetStartupInfoW + B 7C801E5F 10 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetStartupInfoW + 16 7C801E6A 1 Byte [ 00 ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetStartupInfoW + 1A 7C801E6E 3 Bytes [ 00, 00, 00 ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetStartupInfoW + 20 7C801E74 79 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetStartupInfoW + 72 7C801EC6 7 Bytes [ 00, 00, 00, 00, 00, 00, 00 ]
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetStartupInfoA + C 7C801EFE 3 Bytes [ 00, 00, 00 ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetStartupInfoA + 12 7C801F04 26 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetStartupInfoA + 2F 7C801F21 7 Bytes [ 00, 00, 00, 00, 00, 00, 00 ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetStartupInfoA + 38 7C801F2A 192 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetStartupInfoA + FA 7C801FEC 79 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!ReadProcessMemory + D 7C8021DD 49 Bytes JMP 06EE7C91
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!ReadProcessMemory + 3F 7C80220F 3 Bytes [ 7C, 30, D6 ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!WriteProcessMemory 7C802213 20 Bytes [ 7C, 50, D5, 90, 7C, A0, D0, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!WriteProcessMemory + 15 7C802228 535 Bytes [ 50, D7, 90, 7C, 5A, 13, 91, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!SleepEx + A0 7C802440 2 Bytes [ 20, DB ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!SleepEx + A3 7C802443 27 Bytes [ 7C, 70, CF, 90, 7C, 2D, 06, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!Sleep + 19 7C80245F 12 Bytes [ 7C, C0, D7, 90, 7C, 10, D9, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!Sleep + 26 7C80246C 2 Bytes [ 60, D5 ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!Sleep + 29 7C80246F 3 Bytes [ 7C, 80, D7 ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!Sleep + 2D 7C802473 3 Bytes [ 7C, 60, DE ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!Sleep + 31 7C802477 59 Bytes [ 7C, 71, 46, 91, 7C, A8, B0, ... ]
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!ReleaseMutex 7C8024B7 115 Bytes [ 7C, C0, D5, 90, 7C, 00, DA, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!ReleaseMutex + 74 7C80252B 3 Bytes [ 7C, A0, DF ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!ReleaseMutex + 78 7C80252F 34 Bytes [ 7C, 03, 32, 93, 7C, AA, 15, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!WaitForSingleObjectEx + 2 7C802552 143 Bytes [ 93, 7C, 79, E6, 95, 7C, AA, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!WaitForSingleObjectEx + 92 7C8025E2 36 Bytes JMP 78FCB5FD
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!WaitForSingleObjectEx + B7 7C802607 12 Bytes [ 7C, 49, 48, 92, 7C, 4A, 68, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!WaitForSingleObjectEx + C4 7C802614 2 Bytes [ 30, D7 ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!WaitForSingleObjectEx + C7 7C802617 29 Bytes [ 7C, 78, FB, 96, 7C, A5, AB, ... ]
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetTickCount + 3C 7C80936A 73 Bytes [ 53, 65, 74, 45, 6E, 64, 4F, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetTickCount + 86 7C8093B4 3 Bytes [ 53, 65, 74 ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetTickCount + 8A 7C8093B8 4 Bytes [ 76, 65, 6E, 74 ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetTickCount + 8F 7C8093BD 140 Bytes [ 53, 65, 74, 46, 69, 6C, 65, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!CreateFileMappingW + 2A 7C80944A 393 Bytes [ 53, 65, 74, 46, 69, 6C, 65, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!WaitForMultipleObjectsEx + 18 7C8095D4 153 Bytes [ 53, 65, 74, 50, 72, 6F, 63, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!WaitForMultipleObjectsEx + B2 7C80966E 199 Bytes [ 53, 65, 74, 53, 79, 73, 74, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!SetWaitableTimer + AD 7C809736 60 Bytes [ 53, 65, 74, 54, 68, 72, 65, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!SetWaitableTimer + EA 7C809773 139 Bytes [ 53, 65, 74, 54, 69, 6D, 65, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!InterlockedIncrement + 9 7C8097FF 106 Bytes [ 53, 65, 74, 56, 6F, 6C, 75, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!MulDiv + 14 7C80986A 20 Bytes [ 53, 69, 7A, 65, 6F, 66, 52, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!MulDiv + 29 7C80987F 236 Bytes [ 53, 6C, 65, 65, 70, 45, 78, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!MulDiv + 116 7C80996C 71 Bytes [ 53, 65, 74, 56, 61, 6C, 75, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetCurrentProcessId + 4 7C8099B4 24 Bytes [ 54, 72, 69, 6D, 56, 69, 72, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!LocalFree + E 7C8099CD 16 Bytes [ 72, 43, 72, 69, 74, 69, 63, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!LocalFree + 1F 7C8099DE 104 Bytes [ 54, 7A, 53, 70, 65, 63, 69, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!LocalAlloc + 2A 7C809A47 425 Bytes [ 55, 6E, 6D, 61, 70, 56, 69, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!CloseHandle + 1A 7C809BF1 112 Bytes [ 56, 69, 72, 74, 75, 61, 6C, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!TlsSetValue + D 7C809C62 287 Bytes [ 57, 61, 69, 74, 46, 6F, 72, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!MultiByteToWideChar + FA 7C809D82 185 Bytes [ 68, 61, 72, 61, 63, 74, 65, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!MultiByteToWideChar + 1B4 7C809E3C 107 Bytes [ 53, 74, 72, 69, 6E, 67, 41, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!IsBadReadPtr + 17 7C809EA8 148 Bytes [ 57, 72, 69, 74, 65, 50, 72, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!IsBadWritePtr + 34 7C809F3D 47 Bytes [ 5F, 6C, 6F, 70, 65, 6E, 00, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!IsBadWritePtr + 64 7C809F6D 62 Bytes [ 6C, 73, 74, 72, 63, 6D, 70, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetUserDefaultLCID + C 7C809FAC 46 Bytes [ 6C, 73, 74, 72, 63, 70, 79, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetUserDefaultLCID + 3B 7C809FDB 25 Bytes [ 6C, 73, 74, 72, 6C, 65, 6E, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetUserDefaultLCID + 55 7C809FF5 155 Bytes [ 4E, 54, 44, 4C, 4C, 2E, 52, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!LoadResource + 4C 7C80A091 45 Bytes [ 64, 65, 53, 79, 73, 74, 65, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!SetEvent + 18 7C80A0BF 90 Bytes [ 4E, 54, 44, 4C, 4C, 2E, 52, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!WaitForMultipleObjects + 2D 7C80A11A 354 Bytes [ 4E, 54, 44, 4C, 4C, 2E, 52, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!WideCharToMultiByte + 119 7C80A27D 198 Bytes [ 74, 6C, 4D, 6F, 76, 65, 4D, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!WideCharToMultiByte + 1E0 7C80A344 14 Bytes [ 55, 8B, EC, 56, 57, 64, A1, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!WideCharToMultiByte + 1EF 7C80A353 193 Bytes [ F8, A1, C4, 56, 88, 7C, 85, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!CompareStringW + 27 7C80A415 44 Bytes [ C6, 5E, 5D, C2, 04, 00, 90, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!CompareStringW + 54 7C80A442 77 Bytes [ 89, 45, 10, 75, 05, BE, 00, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!CompareStringW + A2 7C80A490 61 Bytes [ 8B, 55, 14, 57, 8B, 7D, 18, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!QueryPerformanceCounter + 17 7C80A4CE 3 Bytes [ 85, CC, 39 ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!QueryPerformanceCounter + 1C 7C80A4D3 45 Bytes [ 85, F6, 0F, 8D, D9, 24, 00, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!QueryPerformanceCounter + 4A 7C80A501 9 Bytes [ 00, 00, FF, 75, 1C, 8D, B0, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!QueryPerformanceCounter + 54 7C80A50B 72 Bytes [ 00, 8D, 45, F8, 50, FF, 15, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetStringTypeW + 34 7C80A554 242 Bytes [ 89, 45, D8, FF, 75, D8, FF, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetStringTypeW + 127 7C80A647 32 Bytes [ 84, 33, A8, 03, 00, 8B, 06, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetStringTypeW + 148 7C80A668 74 Bytes [ FF, FF, FF, FF, 00, 00, 00, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!IsBadStringPtrW + 47 7C80A6B3 34 Bytes CALL 7C80A709 C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!ActivateActCtx + 2 7C80A6D6 20 Bytes [ 75, 0C, FF, 75, 08, FF, 15, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!ActivateActCtx + 17 7C80A6EB 251 Bytes [ 81, FE, 25, 00, 00, 40, 0F, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetQueuedCompletionStatus + 3A 7C80A7E7 21 Bytes [ 83, 60, 34, 00, 8B, 84, 88, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetQueuedCompletionStatus + 50 7C80A7FD 41 Bytes [ 00, 00, F0, 0F, C1, 01, 40, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetThreadPriority + 4 7C80A827 31 Bytes [ 01, F0, 0F, B1, 11, 75, FA, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetThreadPriority + 24 7C80A847 232 Bytes [ 4C, 24, 04, 8B, 44, 24, 08, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetLocalTime + CC 7C80A930 45 Bytes [ 54, 24, 0C, 73, 0B, F7, 74, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetLocalTime + FA 7C80A95E 9 Bytes [ F7, D9, 51, D1, F9, 03, C1, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetLocalTime + 104 7C80A968 166 Bytes [ 59, 3B, D1, 73, D3, F7, F1, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetLocalTime + 1AC 7C80AA10 23 Bytes [ BA, 9E, 83, 7C, CD, 9E, 83, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!lstrcmpiW + 2 7C80AA28 15 Bytes [ FF, F7, 45, 08, 8D, F0, FF, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!lstrcmpiW + 12 7C80AA38 190 Bytes [ 89, 7D, E4, F6, 45, 08, 40, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!lstrcmpW + 9B 7C80AAF7 33 Bytes [ 00, 00, 5D, C2, 10, 00, 90, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!lstrcmpW + BD 7C80AB19 13 Bytes [ FF, 75, 18, FF, 75, 14, 8D, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!lstrcmpW + CB 7C80AB27 64 Bytes [ 0C, 50, FF, 75, 08, FF, 15, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!lstrcmpW + 10C 7C80AB68 30 Bytes JMP 7C8414FC C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!lstrcmpW + 12B 7C80AB87 90 Bytes [ 00, 00, 5D, C2, 0C, 00, 90, ... ]
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetProcessHeap 7C80AC51 235 Bytes [ 90, 90, 90, 90, 8B, FF, 55, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!FindResourceExW + 25 7C80AD3D 116 Bytes [ FF, 0F, 85, F2, 21, 02, 00, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!FindResourceExW + 9A 7C80ADB2 12 Bytes [ 8C, 17, 24, 04, 00, 85, C0, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetSystemWindowsDirectoryW + 6 7C80ADBF 6 Bytes [ B6, 07, 8B, 4D, E0, 66 ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetSystemWindowsDirectoryW + D 7C80ADC6 213 Bytes [ 04, 41, 66, 89, 06, 8B, 4B, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetProcAddress + 6C 7C80AE9C 47 Bytes [ FF, A1, 3C, 50, 88, 7C, 8B, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!IsProcessorFeaturePresent + 12 7C80AECC 23 Bytes [ 8D, 46, FF, F7, D0, 8B, C8, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!LoadLibraryW + 9 7C80AEE4 15 Bytes [ 00, 83, 4D, FC, FF, 33, C0, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetVersionExW 7C80AEF5 156 Bytes [ 90, 90, 90, FF, FF, FF, FF, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetVersionExW + 9D 7C80AF92 4 Bytes [ 8C, F3, 9C, 03 ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetVersionExW + A2 7C80AF97 3 Bytes [ 5D, C2, 04 ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetVersionExW + A6 7C80AF9B 14 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetVersionExW + B6 7C80AFAB 25 Bytes [ 00, 8B, 80, 98, 0F, 00, 00, ... ]
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetDriveTypeW 7C80B360 225 Bytes [ 90, 90, 90, 90, 8B, C1, 33, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetDriveTypeW + E2 7C80B442 105 Bytes [ 83, 7A, 2C, 01, 0F, 84, 9A, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetModuleFileNameW + 47 7C80B4AC 11 Bytes [ 80, C4, 00, 00, 00, C3, 90, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetModuleFileNameW + 53 7C80B4B8 10 Bytes [ FF, 55, 8B, EC, 51, 51, 8D, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetModuleFileNameW + 5E 7C80B4C3 59 Bytes [ 75, 08, FF, 15, D8, 13, 80, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetModuleFileNameW + 9A 7C80B4FF 1 Byte [ 08 ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetModuleFileNameW + 9C 7C80B501 19 Bytes [ 83, 7D, 94, 00, 0F, 84, 29, ... ]
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetModuleFileNameA + CB 7C80B62A 78 Bytes [ 0F, B6, 02, 0F, B7, 3C, 7E, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetModuleFileNameA + 11A 7C80B679 22 Bytes [ 4D, 0C, 85, C9, 74, 41, 8B, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetModuleFileNameA + 131 7C80B690 86 Bytes [ 0F, B7, 00, 89, 45, E4, 66, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetModuleFileNameA + 188 7C80B6E7 17 Bytes [ 75, 08, 6A, 00, FF, 15, A0, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetModuleFileNameA + 19A 7C80B6F9 23 Bytes [ 33, C0, 40, 5D, C2, 08, 00, ... ]
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetModuleHandleA + 1F 7C80B750 82 Bytes [ 00, 57, FF, 75, 08, 8D, 45, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetModuleHandleA + 73 7C80B7A4 100 Bytes [ C9, C2, 10, 00, 90, 90, 90, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetFileAttributesW + 2D 7C80B809 43 Bytes [ 55, 14, 83, 22, 00, 3B, C1, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetFileAttributesW + 59 7C80B835 161 Bytes [ FF, 75, 08, FF, 15, 38, 11, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!InitializeCriticalSectionAndSpinCount + 1E 7C80B8D7 79 Bytes [ 4D, F6, 66, 89, 48, 04, 66, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!MapViewOfFileEx + 1 7C80B927 15 Bytes [ 7D, 10, 33, C9, 66, 8B, 0F, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!MapViewOfFileEx + 11 7C80B937 131 Bytes [ 75, 1C, 0F, 85, BD, 02, 00, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!MapViewOfFile + 26 7C80B9BB 22 Bytes [ 46, 46, 66, 3B, 0E, 89, 7D, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!MapViewOfFile + 3D 7C80B9D2 94 Bytes [ 46, 46, 66, 3B, 0E, 89, 7D, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!VirtualQueryEx + 1 7C80BA31 19 Bytes [ 7D, 0C, 6A, FF, 57, 6A, FF, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!VirtualQueryEx + 15 7C80BA45 42 Bytes [ FF, 85, C0, 0F, 84, B1, 1F, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!VirtualQuery + F 7C80BA70 1 Byte [ 00 ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!VirtualQuery + 11 7C80BA72 2 Bytes [ 2F, FA ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!VirtualQuery + 15 7C80BA76 38 Bytes CALL 7C80B3ED C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!lstrcpynW + 1E 7C80BA9D 106 Bytes [ 5A, 20, 89, 5D, BC, 0F, 95, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!lstrcpyW + 14 7C80BB08 78 Bytes [ 8B, 75, 1C, 66, 8B, 16, 33, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!lstrcmpi + 27 7C80BB58 3 Bytes [ A7, 61, 02 ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!lstrcmpi + 2C 7C80BB5D 166 Bytes [ 65, D8, 00, 84, D2, 0F, 84, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!OpenFileMappingA 7C80BC06 17 Bytes [ 90, 90, 6A, 28, 68, 40, AC, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!OpenFileMappingA + 12 7C80BC18 5 Bytes [ 8B, 7D, 08, 81, FF ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!OpenFileMappingA + 18 7C80BC1E 8 Bytes [ 00, 01, 00, 0F, 83, 3B, 79, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!OpenFileMappingA + 21 7C80BC27 155 Bytes [ 89, 7D, E4, 83, 4D, FC, FF, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!FindResourceW + 65 7C80BCC3 7 Bytes [ 8D, 45, FC, 50, 6A, 0C, 6A ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!FindResourceW + 6E 7C80BCCC 17 Bytes [ 15, 24, 12, 80, 7C, 8B, C6, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!FindResourceW + 80 7C80BCDE 101 Bytes [ FF, 55, 8B, EC, 51, 6A, 00, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!SizeofResource + 4B 7C80BD44 41 Bytes CALL 7C80BC06 C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!IsBadCodePtr + F 7C80BD6E 56 Bytes CALL 7C80A982 C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!IsBadCodePtr + 49 7C80BDA8 2 Bytes [ FF, FF ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!IsBadCodePtr + 4C 7C80BDAB 17 Bytes [ FF, 1E, 0F, 84, 7C, 31, 0F, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!IsBadCodePtr + 5E 7C80BDBD 58 Bytes [ EC, 0F, B7, 05, 22, 51, 88, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!IsBadCodePtr + 99 7C80BDF8 72 Bytes [ 0F, B7, 05, 20, 51, 88, 7C, ... ]
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!lstrcpy + B 7C80BE9C 24 Bytes JMP 7C80A39C C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!lstrcpy + 24 7C80BEB5 6 Bytes [ 90, 90, 90, 90, 90, 8B ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!lstrcpy + 2B 7C80BEBC 32 Bytes [ 55, 8B, EC, 8B, 45, 08, 83, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!lstrcpy + 4C 7C80BEDD 114 Bytes [ 55, 8B, EC, 6A, 00, 6A, 00, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!FindResourceA + 37 7C80BF50 19 Bytes [ 45, F4, 02, FF, 4D, F0, FF, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!FindResourceA + 4B 7C80BF64 91 Bytes [ 00, 00, 80, 7D, FD, 05, 75, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!FindResourceA + A7 7C80BFC0 39 Bytes [ FF, FF, 3B, C1, 0F, 82, 42, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetSystemDefaultLCID + 1B 7C80BFE8 1 Byte [ 00 ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetSystemDefaultLCID + 1D 7C80BFEA 173 Bytes [ 8B, 55, 10, 8B, 4D, 0C, 8B, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetStringTypeExW + 19 7C80C098 70 Bytes [ 89, 85, 74, FF, FF, FF, 8B, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetStringTypeExW + 60 7C80C0DF 24 Bytes [ FF, FF, E7, 8B, 45, 08, 33, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!ExitThread + 11 7C80C0F9 42 Bytes [ 03, 00, 23, C2, 3D, 00, 00, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!ExitThread + 3C 7C80C124 18 Bytes [ 8B, 75, F8, 66, 8B, 16, 66, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!ExitThread + 4F 7C80C137 53 Bytes [ 0F, 84, 0B, 11, 00, 00, 8B, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!ExitThread + 85 7C80C16D 281 Bytes [ 75, 0F, 0F, B7, C1, 8B, 4F, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!FreeLibraryAndExitThread + 87 7C80C287 8 Bytes [ C9, C2, 1C, 00, 42, 42, 43, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!FreeLibraryAndExitThread + 90 7C80C290 109 Bytes CALL 06713FCE
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!FreeLibraryAndExitThread + FE 7C80C2FE 112 Bytes [ 00, 46, 46, 4A, 75, D4, 8B, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!FreeLibraryAndExitThread + 170 7C80C370 130 Bytes [ 53, 8B, 5D, 08, 85, DB, 56, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!FreeLibraryAndExitThread + 1F3 7C80C3F3 39 Bytes [ FB, FF, FF, 50, 6A, 17, 6A, ... ]
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!LockResource + 2 7C80CD29 95 Bytes [ 85, C0, 0F, 8C, 79, 51, 03, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!LCMapStringW + 51 7C80CD89 26 Bytes [ 00, 90, 90, 73, 00, 54, 00, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!LCMapStringW + 6C 7C80CDA4 62 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!LCMapStringW + AC 7C80CDE4 65 Bytes [ 8B, 7D, 10, 2B, FE, D1, FF, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!LCMapStringW + EE 7C80CE26 122 Bytes [ 46, 46, 41, FF, 4D, 0C, 75, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!LCMapStringW + 169 7C80CEA1 27 Bytes [ 8B, 4D, 0C, 8B, 55, 08, 8A, ... ]
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!CompareStringA + 4F 7C80D156 28 Bytes [ 00, 00, 93, 49, 84, 7C, 90, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!CompareStringA + 6C 7C80D173 4 Bytes JMP 7C80C6C6 C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!CompareStringA + 71 7C80D178 66 Bytes [ 90, 90, 90, 90, 90, 64, A1, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!CompareStringA + B4 7C80D1BB 48 Bytes [ 6A, 03, FF, 75, 08, FF, 15, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!CompareStringA + E5 7C80D1EC 8 Bytes [ 68, 0D, 00, 00, C0, E8, 07, ... ]
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetLocaleInfoA + D6 7C80D3C8 4 Bytes [ B8, C7, 80, 7C ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetLocaleInfoA + DB 7C80D3CD 2 Bytes [ FB, 87 ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetLocaleInfoA + DE 7C80D3D0 7 Bytes [ A4, C7, 80, 7C, 08, FD, 87 ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetLocaleInfoA + E6 7C80D3D8 7 Bytes [ 90, C7, 80, 7C, 08, FD, 87 ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetLocaleInfoA + EE 7C80D3E0 6 Bytes [ 78, C7, 80, 7C, D4, FC ]
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!DuplicateHandle + 10 7C80DE9E 55 Bytes [ 2D, FA, 00, 00, 00, 0F, 85, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!DuplicateHandle + 48 7C80DED6 94 Bytes [ C1, 5F, 5E, 5B, 5D, C2, 18, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!DuplicateHandle + A7 7C80DF35 36 Bytes [ 04, 46, 66, 03, 02, 66, 89, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!DuplicateHandle + CC 7C80DF5A 50 Bytes [ 83, 7D, 14, 00, 0F, 85, A2, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!DuplicateHandle + FF 7C80DF8D 85 Bytes [ A1, A8, 50, 88, 7C, 8B, 98, ... ]
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetModuleHandleW + 3C 7C80E509 54 Bytes [ D9, 80, 7C, 86, F5, 87, 7C, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetModuleHandleW + 73 7C80E540 3 Bytes [ A0, D8, 80 ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetModuleHandleW + 77 7C80E544 4 Bytes [ 86, F5, 87, 7C ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetModuleHandleW + 7C 7C80E549 139 Bytes [ D8, 80, 7C, B9, F5, 87, 7C, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetModuleHandleW + 108 7C80E5D5 233 Bytes [ F6, 87, 7C, 74, D7, 80, 7C, ... ]
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!SearchPathW + 1F 7C80E78B 81 Bytes [ 90, 52, 65, 67, 69, 73, 74, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!SearchPathW + 71 7C80E7DD 145 Bytes [ 90, 90, 90, 4F, 65, 6D, 54, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!SearchPathW + 103 7C80E86F 285 Bytes [ 90, 47, 65, 74, 57, 69, 6E, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!CreateMutexW + 46 7C80E98D 3 Bytes [ 90, 90, 90 ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!CreateMutexW + 4A 7C80E991 17 Bytes [ 6E, 75, 6D, 44, 65, 73, 6B, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!CreateMutexW + 5C 7C80E9A3 20 Bytes [ 90, 45, 6E, 64, 50, 61, 69, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!CreateMutexW + 71 7C80E9B8 41 Bytes [ 4D, 65, 73, 73, 61, 67, 65, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!CreateMutexA + 13 7C80E9E2 223 Bytes [ 90, 90, 44, 65, 66, 57, 69, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!OpenMutexA + 18 7C80EAC3 7 Bytes [ 00, 9D, F9, 87, 7C, 03, 00 ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!OpenMutexA + 21 7C80EACC 30 Bytes [ C1, FD, 87, 7C, 04, 00, 00, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!OpenMutexA + 40 7C80EAEB 87 Bytes [ 00, AA, 60, 82, 7C, 11, 00, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!FindFirstFileExW + 36 7C80EB43 14 Bytes [ 00, B4, FD, 87, 7C, 2B, 00, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!FindFirstFileExW + 45 7C80EB52 13 Bytes [ 00, 00, 4F, F1, 87, 7C, 3B, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!FindFirstFileExW + 53 7C80EB60 55 Bytes [ 3E, 00, 00, 00, 88, F9, 87, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!FindFirstFileExW + 8B 7C80EB98 35 Bytes [ 48, 00, 00, 00, E0, 01, 88, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!FindFirstFileExW + AF 7C80EBBC 126 Bytes [ E0, 01, 88, 7C, 55, 00, 00, ... ]
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!FindClose + 4 7C80EE6B 125 Bytes [ 00, 04, FB, 87, 7C, D0, 00, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!FindClose + 82 7C80EEE9 24 Bytes [ 50, FF, 75, 08, FF, 15, CC, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!FindClose + 9C 7C80EF03 25 Bytes [ C2, 1C, 00, 90, 90, FF, FF, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!FindClose + B6 7C80EF1D 6 Bytes [ 6A, 00, 68, 2C, DF, 80 ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!FindClose + BD 7C80EF24 7 Bytes [ FF, 75, 08, E8, 76, 2C, 07 ]
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!FindFirstFileW + 1A 7C80EF8B 217 Bytes [ 00, 00, 8B, 44, 24, 24, 8B, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!FindNextFileW + 9B 7C80F065 74 Bytes [ 15, 8C, 11, 80, 7C, 8B, 35, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!FindNextFileW + E6 7C80F0B0 6 Bytes [ 05, 00, 00, 00, 03, 00 ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!FindNextFileW + EE 7C80F0B8 11 Bytes [ 04, 00, 00, 00, 00, 00, 00, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!FindNextFileW + FA 7C80F0C4 9 Bytes [ 00, 00, 00, 00, 02, 00, 00, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!FindNextFileW + 106 7C80F0D0 41 Bytes [ 05, 00, 00, 00, 04, 00, 00, ... ]
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetEnvironmentVariableW + 64 7C80F1E8 12 Bytes [ A1, 4C, 53, 88, 7C, 3B, C6, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetEnvironmentVariableW + 71 7C80F1F5 267 Bytes JMP 7C8449D9 C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetEnvironmentVariableW + 17E 7C80F302 253 Bytes [ 90, 90, 90, 6A, 44, 68, 08, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!SetCurrentDirectoryW + 82 7C80F400 14 Bytes [ FF, FF, 90, 90, 90, 90, 90, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!SetCurrentDirectoryW + 91 7C80F40F 3 Bytes [ 00, 76, 3A ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!SetCurrentDirectoryW + 95 7C80F413 3 Bytes [ 7C, 00, 00 ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!SetCurrentDirectoryW + 99 7C80F417 18 Bytes [ 00, 00, 00, 00, 00, AD, 39, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!SetCurrentDirectoryW + AC 7C80F42A 2 Bytes [ 75, E4 ]
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetPrivateProfileStringW + 25 7C80FA12 1 Byte [ 0C ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetPrivateProfileStringW + 28 7C80FA15 52 Bytes CALL 7C80F946 C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetPrivateProfileStringW + 5D 7C80FA4A 11 Bytes [ 45, F4, 50, FF, 15, 40, 10, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetPrivateProfileStringW + 69 7C80FA56 72 Bytes [ DC, 18, 00, 00, 00, E8, 7D, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetVolumeInformationW + 2A 7C80FA9F 17 Bytes [ FC, 5B, 5E, C9, C2, 0C, 00, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetVolumeInformationW + 3C 7C80FAB1 38 Bytes [ 51, 83, 7D, 10, 00, 56, 0F, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetVolumeInformationW + 63 7C80FAD8 1 Byte [ 8D ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetVolumeInformationW + 65 7C80FADA 60 Bytes [ F8, 50, 56, FF, 15, 88, 10, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetVolumeInformationW + A3 7C80FB18 44 Bytes [ 83, 7D, 0C, 01, A1, CC, 56, ... ]
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GlobalFree + 3E 7C80FCFD 13 Bytes [ 66, 83, F9, 2A, 0F, 84, A0, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GlobalFree + 4C 7C80FD0B 1 Byte [ FD ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GlobalFree + 4E 7C80FD0D 26 Bytes JMP EF523852
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GlobalFree + 69 7C80FD28 17 Bytes [ FD, FF, FF, 50, 6A, 01, 6A, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GlobalFree + 7B 7C80FD3A 16 Bytes [ FF, 50, 8D, 85, 64, FD, FF, ... ]
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GlobalAlloc + 6E 7C80FE2B 8 Bytes [ B5, 90, FD, FF, FF, E8, DC, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GlobalAlloc + 78 7C80FE35 43 Bytes [ 3B, C3, 0F, 84, 7E, DC, 02, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GlobalAlloc + A4 7C80FE61 40 Bytes [ FF, 90, 90, 90, 90, 90, 6A, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GlobalAlloc + CD 7C80FE8A 32 Bytes [ 89, 75, DC, 8D, 7E, 14, 57, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GlobalAlloc + EE 7C80FEAB 27 Bytes [ 15, 8C, 11, 80, 7C, 53, FF, ... ]
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GlobalUnlock + 23 7C80FF35 2 Bytes [ 0C, 10 ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GlobalUnlock + 27 7C80FF39 95 Bytes [ 8B, F0, 33, FF, 3B, F7, 74, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GlobalUnlock + 87 7C80FF99 10 Bytes [ B5, 90, FD, FF, FF, FF, 15, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GlobalUnlock + 92 7C80FFA4 102 Bytes [ 56, EB, E4, 3B, D3, 0F, 84, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GlobalLock + 62 7C81000B 62 Bytes [ 8B, 77, 08, 89, 75, CC, 39, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GlobalLock + A1 7C81004A 49 Bytes [ 47, 10, 8B, 46, 18, 89, 47, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GlobalLock + D3 7C81007C 60 Bytes [ 5C, 47, 2C, 0F, BE, 46, 44, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GlobalLock + 110 7C8100B9 16 Bytes CALL 7C80350E C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GlobalLock + 122 7C8100CB 2 Bytes [ FF, 00 ]
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!CreateSemaphoreW + 14 7C81012A 84 Bytes [ 75, E4, 53, 8B, 40, 30, FF, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!CreateSemaphoreW + 69 7C81017F 146 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!lstrcpyn + 71 7C810212 28 Bytes [ 8B, FF, 55, 8B, EC, 81, EC, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!lstrcpyn + 8E 7C81022F 66 Bytes [ 3B, C7, 0F, 84, 52, 09, 01, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!SetEnvironmentVariableW + 24 7C810272 129 Bytes [ 33, FF, 47, 8B, 4D, FC, 8B, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!SetEnvironmentVariableW + A6 7C8102F4 15 Bytes CALL 7C80A790 C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!SetEnvironmentVariableW + B6 7C810304 63 Bytes [ 55, 8B, EC, 51, 51, 56, 57, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!SetEnvironmentVariableW + F6 7C810344 177 Bytes [ F8, 66, 83, 7D, F8, 06, 8B, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!SetEnvironmentVariableW + 1A8 7C8103F6 15 Bytes [ 80, 7D, 0C, 00, C6, 85, 38, ... ]
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!CreateRemoteThread + 21 7C8104DD 102 Bytes [ 4D, FC, 5F, 5E, 5B, E8, AB, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!CreateRemoteThread + 88 7C810544 28 Bytes CALL 7C810768 C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!CreateRemoteThread + A6 7C810562 321 Bytes [ 15, C8, 11, 80, 7C, D1, E0, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!CreateRemoteThread + 1E8 7C8106A4 16 Bytes [ 47, 01, 39, 5D, 20, 0F, 84, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!CreateRemoteThread + 1F9 7C8106B5 73 Bytes [ 8D, 51, 01, 66, 89, 56, 32, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!CreateThread + 38 7C8106FF 36 Bytes [ 8B, 09, 89, 4E, 50, 38, 5D, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!SwitchToFiber + 22 7C810724 70 Bytes [ 8B, 06, 83, F8, 05, 74, 09, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!SwitchToFiber + 69 7C81076B 20 Bytes [ FF, 55, 8B, EC, 8B, 4D, 0C, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!SwitchToFiber + 7E 7C810780 110 Bytes [ 6A, 02, 5A, 66, 83, 38, 20, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!CreateFileW 7C8107F0 3 Bytes [ 90, 90, 90 ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!CreateFileW + 4 7C8107F4 98 Bytes [ FF, 55, 8B, EC, 56, 57, 8B, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!CreateFileW + 67 7C810857 9 Bytes CALL E5810859
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!CreateFileW + 71 7C810861 4 Bytes [ 85, D8, FD, FF ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!CreateFileW + 76 7C810866 277 Bytes [ 50, C7, 85, EC, FD, FF, FF, ... ]
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetFileSizeEx + 3B 7C810AD4 11 Bytes [ 34, 1C, 03, 00, C7, 45, 94, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetFileSizeEx + 47 7C810AE0 75 Bytes [ 5D, 98, C7, 45, A0, 40, 00, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetFileSize + 25 7C810B2C 10 Bytes [ 15, 14, 10, 80, 7C, 89, BE, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetFileSize + 30 7C810B37 12 Bytes [ 3B, C3, 0F, 8C, 2C, 90, 02, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetFileSize + 3D 7C810B44 18 Bytes CALL 7C810210 C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetFileSize + 50 7C810B57 12 Bytes [ 00, 00, FF, 75, D8, 53, 8B, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetFileSize + 5D 7C810B64 119 Bytes [ 15, 10, 10, 80, 7C, 39, 5D, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!SystemTimeToFileTime + 30 7C810BDC 19 Bytes [ 45, C4, 3B, C3, 0F, 8C, 9C, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!SystemTimeToFileTime + 44 7C810BF0 72 Bytes [ FC, 01, 00, 00, 00, 39, 5D, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!SetFilePointer + 1B 7C810C39 9 Bytes [ 45, 18, 3B, C3, 0F, 85, D8, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!SetFilePointer + 25 7C810C43 19 Bytes [ 8B, 45, 1C, 3B, C3, 0F, 85, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!SetFilePointer + 3A 7C810C58 6 Bytes [ 83, 4D, FC, FF, E8, 2C ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!SetFilePointer + 42 7C810C60 28 Bytes CALL 7C80350D C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!SetFilePointer + 5F 7C810C7D 156 Bytes [ 00, 00, 00, A7, 17, 84, 7C, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetFileInformationByHandle + 1D 7C810D1A 31 Bytes [ 8B, 5E, 04, 89, 5D, E4, 56, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetFileInformationByHandle + 3D 7C810D3A 35 Bytes [ 15, 10, 10, 80, 7C, 84, C0, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetFileInformationByHandle + 61 7C810D5E 10 Bytes [ FF, C2, 04, 00, 90, 90, 90, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetFileInformationByHandle + 6D 7C810D6A 62 Bytes [ FF, FF, 94, 04, 84, 7C, A7, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetFileInformationByHandle + AC 7C810DA9 94 Bytes [ 85, DB, 75, 83, EB, 98, 6A, ... ]
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!WriteFile + 1D 7C810E34 7 Bytes [ 00, 10, 00, 0B, 45, E4, 50 ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!WriteFile + 25 7C810E3C 17 Bytes [ 35, A4, 53, 88, 7C, FF, 15, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!WriteFile + 37 7C810E4E 50 Bytes [ 0F, 84, 01, 02, 03, 00, FF, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!WriteFile + 6A 7C810E81 8 Bytes [ 0F, 94, C0, 8D, 04, C5, 01, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!WriteFile + 74 7C810E8B 18 Bytes [ 66, 89, 06, F6, 45, 09, 01, ... ]
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetFileType + E 7C810EEF 51 Bytes [ 0B, 45, E4, 50, FF, 35, A4, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetFileType + 42 7C810F23 36 Bytes [ 00, 00, 8B, 5D, 08, F6, C3, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetFileType + 67 7C810F48 19 Bytes [ 88, 7C, FF, 15, B8, 12, 80, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetFileType + 7B 7C810F5C 122 Bytes [ 46, 02, 8D, 48, FF, 66, 89, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!lstrcatW + 15 7C810FD7 6 Bytes [ DC, 56, 68, E0, 50, 88 ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!lstrcatW + 1C 7C810FDE 13 Bytes [ FF, 15, B8, 12, 80, 7C, 84, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!lstrcatW + 2A 7C810FEC 7 Bytes [ 8B, 7E, 04, 89, 7D, E4, 85 ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!lstrcatW + 32 7C810FF4 16 Bytes [ 0F, 84, A2, 02, 03, 00, 33, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!lstrcatW + 43 7C811005 124 Bytes [ 4E, 02, 66, 3D, FF, 00, 0F, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!OpenConsoleW + 11 7C811082 63 Bytes [ 3B, C3, 0F, 8C, 02, A9, 02, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!OpenConsoleW + 51 7C8110C2 2 Bytes [ 66, 8B ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!OpenConsoleW + 54 7C8110C5 4 Bytes CALL 7C803510 C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!OpenConsoleW + 59 7C8110CA 6 Bytes [ FF, C2, 0C, 00, 90, 90 ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!OpenConsoleW + 60 7C8110D1 2 Bytes [ FF, FF ]
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!IsValidCodePage + 25 7C811180 82 Bytes [ 00, 00, 40, 0F, 85, 58, BE, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetFileAttributesExW + 4E 7C8111D3 50 Bytes [ E4, 41, 89, 4D, E0, FF, 4D, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetFileAttributesExW + 81 7C811206 72 Bytes [ 90, 90, 90, 90, 90, FF, 25, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetFileAttributesExW + CA 7C81124F 11 Bytes [ FF, 55, 8B, EC, 83, EC, 10, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetFileAttributesExW + D6 7C81125B 18 Bytes [ 35, C0, 13, 80, 7C, 8D, 45, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetVersion + 4 7C81126E 9 Bytes [ 75, 24, 6A, 00, 8D, 45, F8, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetVersion + E 7C811278 22 Bytes [ FF, 15, 10, 14, 80, 7C, 85, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetVersion + 25 7C81128F 41 Bytes [ 33, C0, 40, EB, F6, FF, 75, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetVersion + 51 7C8112BB 77 Bytes [ 8B, 48, 30, 64, A1, 18, 00, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetVersion + 9F 7C811309 9 Bytes [ FF, 8B, C2, 8D, 44, 06, FF, ... ]
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!DisableThreadLibraryCalls + 11 7C811337 6 Bytes [ 8B, 40, 30, 8B, 88, 08 ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!DisableThreadLibraryCalls + 19 7C81133F 21 Bytes [ 00, 85, C9, 8B, 45, 0C, 0F, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!DisableThreadLibraryCalls + 30 7C811356 43 Bytes [ 8D, 44, 06, FF, 23, C2, 89, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!DisableThreadLibraryCalls + 5C 7C811382 1 Byte [ 20 ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!DisableThreadLibraryCalls + 5E 7C811384 19 Bytes [ 00, 8D, 45, 10, 50, 6A, 00, ... ]
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetFileAttributesA + D 7C8115D9 14 Bytes [ FF, 3B, C3, 0F, 8C, B8, A5, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetFileAttributesA + 1C 7C8115E8 18 Bytes [ 0F, 85, B3, 4C, 02, 00, 80, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetLocaleInfoW + 9 7C8115FB 15 Bytes [ 8B, 85, 50, FC, FF, FF, 89, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetLocaleInfoW + 19 7C81160B 12 Bytes [ FF, FF, 89, 85, 50, FF, FF, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetLocaleInfoW + 27 7C811619 17 Bytes [ 89, 85, 54, FF, FF, FF, 6A, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetLocaleInfoW + 3B 7C81162D 82 Bytes [ 50, FF, 15, 34, 10, 80, 7C, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetLocaleInfoW + 8E 7C811680 21 Bytes [ 8B, 85, 50, FC, FF, FF, 8B, ... ]
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GlobalReAlloc + 35 7C81247E 81 Bytes [ FF, 8D, 45, F0, 50, E8, E7, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GlobalReAlloc + 87 7C8124D0 20 Bytes [ FF, 55, 8B, EC, 56, 8B, 75, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GlobalReAlloc + 9C 7C8124E5 70 Bytes [ 00, 48, 0F, 85, 34, CF, 01, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GlobalReAlloc + E3 7C81252C 46 Bytes [ 83, F8, 5C, 74, 0A, 66, 83, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GlobalReAlloc + 112 7C81255B 134 Bytes [ D8, F1, 01, 00, 8B, 55, 0C, ... ]
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!FlushFileBuffers + 18 7C8126E9 3 Bytes [ 71, 0B, 00 ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!FlushFileBuffers + 1C 7C8126ED 34 Bytes [ 3B, 85, 54, FF, FF, FF, 0F, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!FlushFileBuffers + 3F 7C812710 22 Bytes [ 83, C4, 0C, 66, 83, 64, 7E, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!FlushFileBuffers + 57 7C812728 1 Byte [ 10 ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!FlushFileBuffers + 59 7C81272A 23 Bytes [ 8B, 3D, 9C, 57, 88, 7C, E9, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!DisconnectNamedPipe + 13 7C812742 54 Bytes [ C1, E7, 10, 0B, F8, 0B, F9, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!DisconnectNamedPipe + 4A 7C812779 15 Bytes [ 0F, 84, 83, 7C, 02, 00, E9, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!PostQueuedCompletionStatus + 7 7C812789 50 Bytes [ 33, C0, EB, 8E, 8B, 47, 04, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!ChangeTimerQueueTimer + A 7C8127BD 15 Bytes [ 0F, 85, 00, 0A, 00, 00, 6A, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!ChangeTimerQueueTimer + 1A 7C8127CD 57 Bytes [ 50, 0F, B7, 45, 08, 6A, 00, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!ChangeTimerQueueTimer + 55 7C812808 11 Bytes [ FF, 0A, 00, 00, 00, 83, C6, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!SetFileAttributesA + 2 7C812814 1 Byte [ FF ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!SetFileAttributesA + 4 7C812816 7 Bytes [ 77, 08, C7, 85, 58, FF, FF ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!SetFileAttributesA + C 7C81281E 29 Bytes [ 0A, 00, 00, 00, 83, C6, 32, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetOEMCP + 5 7C81283C 81 Bytes JMP 7C8126B9 C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetSystemDefaultLangID + 4C 7C81288E 26 Bytes JMP 7C81C5F6 C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetDiskFreeSpaceExW + 16 7C8128A9 79 Bytes [ 00, 48, 74, DC, 66, 83, A5, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetDiskFreeSpaceExW + 66 7C8128F9 25 Bytes [ 83, F8, 32, 74, 8B, 83, F8, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetDiskFreeSpaceExW + 82 7C812915 114 Bytes JMP 7C8126B9 C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetDiskFreeSpaceExW + F5 7C812988 31 Bytes [ FF, FF, 30, 0F, 84, 60, 9C, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetDiskFreeSpaceExW + 115 7C8129A8 4 Bytes [ 85, AC, 9C, 00 ]
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!RaiseException + 5F 7C812AF8 193 Bytes [ 66, 3B, CA, 74, 0F, 40, 40, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetVersionExA + 4C 7C812BBA 21 Bytes [ 00, 83, F8, 64, 0F, 84, 76, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetVersionExA + 62 7C812BD0 2 Bytes [ 5C, FF ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetVersionExA + 66 7C812BD4 27 Bytes JMP 7C81C5F8 C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetVersionExA + 82 7C812BF0 29 Bytes [ C9, 75, F0, 03, C3, 68, 34, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetVersionExA + A0 7C812C0E 46 Bytes JMP 7C8126B8 C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetProcessVersion + 20 7C812CD3 34 Bytes CALL 7C81311C C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetProcessVersion + 43 7C812CF6 19 Bytes JMP 7C8126B7 C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetProcessVersion + 57 7C812D0A 156 Bytes [ FF, 8B, 47, 04, 0F, B7, 40, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetProcessVersion + F4 7C812DA7 75 Bytes [ FF, FF, 8B, 77, 08, 81, C6, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetSystemInfo + F 7C812DF5 10 Bytes [ FF, B5, 50, FF, FF, FF, 8D, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetSystemInfo + 1A 7C812E00 53 Bytes [ FF, FF, B5, 58, FF, FF, FF, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!TlsAlloc + 7 7C812E36 24 Bytes [ 8D, 17, 81, 7C, 0E, 52, 83, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!TlsAlloc + 20 7C812E4F 8 Bytes [ 18, 81, 7C, A9, 16, 81, 7C, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!TlsAlloc + 29 7C812E58 137 Bytes [ 83, 7C, 9A, 84, 83, 7C, 6A, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!CreateSemaphoreA + 35 7C812EE2 108 Bytes [ 58, C4, 81, 7C, 64, C4, 81, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetCPInfo + 8D 7C812F93 30 Bytes [ 18, 81, 7C, 86, B4, 81, 7C, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetCommandLineA + 5 7C812FB2 153 Bytes [ 89, 18, 81, 7C, 3A, B5, 81, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!ProcessIdToSessionId + 33 7C81304C 1 Byte [ 72 ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!ProcessIdToSessionId + 35 7C81304E 48 Bytes [ 79, 00, 00, 00, 90, 90, 90, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!ProcessIdToSessionId + 66 7C81307F 159 Bytes [ 8B, 77, 08, 83, C6, 3E, E9, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetUserDefaultUILanguage + 20 7C813120 33 Bytes [ 8B, FF, 55, 8B, EC, 53, 8B, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!IsDebuggerPresent + 20 7C813143 40 Bytes [ 0F, 8D, E6, 81, 01, 00, BE, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!IsDebuggerPresent + 49 7C81316C 5 Bytes [ 0F, 85, 76, A9, 03 ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!IsDebuggerPresent + 4F 7C813172 23 Bytes [ 3B, 98, 60, 18, 00, 00, 0F, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!IsDebuggerPresent + 69 7C81318C 44 Bytes [ 56, 8B, D8, FF, 15, 8C, 11, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!IsDebuggerPresent + 96 7C8131B9 138 Bytes [ 33, C0, 40, 5F, 5E, 5B, 5D, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!OpenEventW + 74 7C813244 7 Bytes [ 73, 00, 31, 00, 31, 00, 35 ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!OpenEventW + 7C 7C81324C 37 Bytes [ 39, 00, 00, 00, 39, 75, 14, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!OpenEventW + A2 7C813272 64 Bytes [ C1, 66, 8B, 32, 66, 85, F6, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!OpenEventA + 18 7C8132B4 45 Bytes [ 00, 66, 8B, 72, 08, 66, 85, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!OpenEventA + 46 7C8132E2 132 Bytes [ 0F, 84, 80, 00, 00, 00, 66, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!OpenEventA + CB 7C813367 16 Bytes [ FF, 5E, C3, 3B, DA, 74, 26, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!OpenEventA + DC 7C813378 18 Bytes [ 51, 68, A0, 23, 81, 7C, 68, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!WTSGetActiveConsoleSessionId + D 7C81338B 24 Bytes [ FF, 85, C0, 0F, 85, 2F, FE, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!WTSGetActiveConsoleSessionId + 26 7C8133A4 11 Bytes [ 65, 00, 63, 00, 69, 00, 6D, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!WTSGetActiveConsoleSessionId + 33 7C8133B1 53 Bytes [ 00, 3B, DA, 74, 26, 6A, 00, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetLongPathNameW + 5 7C8133E8 26 Bytes [ 73, 00, 54, 00, 68, 00, 6F, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetLongPathNameW + 20 7C813403 8 Bytes [ FF, 6A, 01, 6A, 50, 8D, 8D, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetLongPathNameW + 29 7C81340C 9 Bytes [ FF, FF, 51, 68, 30, 24, 81, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetLongPathNameW + 33 7C813416 23 Bytes [ 05, 00, 00, 50, FF, 75, 08, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetLongPathNameW + 4C 7C81342F 20 Bytes [ 90, 73, 00, 47, 00, 72, 00, ... ]
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!TlsFree + 31 7C813798 43 Bytes [ 08, FF, 15, 1C, 12, 80, 7C, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!TlsFree + 5D 7C8137C4 14 Bytes [ 85, C0, 0F, 84, 7F, 26, 03, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!TlsFree + 6D 7C8137D4 15 Bytes [ 0C, 50, FF, 15, 4C, 15, 80, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!TlsFree + 7D 7C8137E4 18 Bytes [ 33, C0, 40, 5D, C2, 10, 00, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!TlsFree + 91 7C8137F8 38 Bytes JMP 7C811816 C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetFileAttributesExA 7C813841 57 Bytes [ 90, 66, A1, A8, 53, 88, 7C, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!FindFirstFileA + 12 7C81387B 40 Bytes JMP 7C814AB5 C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!FindFirstFileA + 3B 7C8138A4 6 Bytes [ C7, 45, FC, 5C, 00, 66 ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!FindFirstFileA + 42 7C8138AB 111 Bytes CALL CF813B9D
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!FindFirstFileA + B2 7C81391B 40 Bytes [ 70, 18, FF, 15, 10, 10, 80, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!FindFirstFileA + DB 7C813944 50 Bytes [ C0, 0F, 8C, C5, D9, 01, 00, ... ]
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetFullPathNameA + 2F 7C8139BB 43 Bytes [ 83, FE, 2A, 0F, 85, D7, 95, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetFullPathNameA + 5B 7C8139E7 61 Bytes [ 3C, 20, 0F, 82, 99, 95, 03, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetFullPathNameA + 99 7C813A25 90 Bytes [ D0, 01, 00, 00, 00, 33, C0, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetFullPathNameA + F4 7C813A80 47 Bytes [ 89, 2A, 81, 7C, 90, 90, 90, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetFullPathNameA + 124 7C813AB0 20 Bytes [ 75, 14, 83, E0, 01, 85, F6, ... ]
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetEnvironmentVariableA + 16 7C814B98 15 Bytes [ A5, 00, 00, 00, 40, FE, 87, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetEnvironmentVariableA + 26 7C814BA8 9 Bytes [ AA, 00, 00, 00, 88, F9, 87, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetEnvironmentVariableA + 30 7C814BB2 7 Bytes [ 00, 00, 4F, F1, 87, 7C, AC ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetEnvironmentVariableA + 39 7C814BBB 3 Bytes [ 00, D8, FA ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetEnvironmentVariableA + 3D 7C814BBF 2 Bytes [ 7C, AE ]
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetSystemDirectoryA + 16 7C814F90 252 Bytes [ 38, 40, 81, 7C, 47, F7, 87, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!NlsConvertIntegerToString + A1 7C81508D 55 Bytes [ 90, 90, 90, 53, 74, 67, 43, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!NlsConvertIntegerToString + D9 7C8150C5 154 Bytes [ 90, 90, 90, 52, 65, 67, 69, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!NlsConvertIntegerToString + 174 7C815160 169 Bytes [ 4F, 6C, 65, 52, 75, 6E, 00, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!BaseUpdateAppcompatCache + 5A 7C81520A 22 Bytes [ 90, 90, 4F, 6C, 65, 49, 6E, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!BaseUpdateAppcompatCache + 71 7C815221 101 Bytes [ 74, 43, 6C, 69, 70, 62, 6F, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!IsWow64Process + 5F 7C815288 12 Bytes [ 47, 65, 74, 48, 47, 6C, 6F, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!IsWow64Process + 6C 7C815295 89 Bytes [ 6D, 53, 74, 72, 65, 61, 6D, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!IsWow64Process + C6 7C8152EF 114 Bytes [ 90, 43, 72, 65, 61, 74, 65, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!IsWow64Process + 139 7C815362 44 Bytes [ 90, 90, 43, 72, 65, 61, 74, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!IsWow64Process + 166 7C81538F 45 Bytes [ 90, 43, 72, 65, 61, 74, 65, ... ]
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!CreateActCtxW + 20E 7C8156FA 39 Bytes [ 00, 00, F8, 06, 88, 7C, 6A, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!CreateActCtxW + 236 7C815722 72 Bytes [ 00, 00, 56, F9, 87, 7C, 7E, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!CreateActCtxW + 280 7C81576C 5 Bytes [ 18, 07, 88, 7C, 88 ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!CreateActCtxW + 286 7C815772 7 Bytes [ 00, 00, D8, FA, 87, 7C, 89 ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!CreateActCtxW + 28E 7C81577A 9 Bytes [ 00, 00, 33, FE, 87, 7C, 8A, ... ]
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!QueryActCtxW + 11 7C81637C 6 Bytes [ 24, FF, 75, 0C, E8, 5B ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!QueryActCtxW + 18 7C816383 9 Bytes [ 00, 00, 8B, F8, 3B, FE, 0F, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!QueryActCtxW + 22 7C81638D 136 Bytes [ 00, 00, 8B, C7, 5F, 5E, 5B, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!QueryActCtxW + AB 7C816416 96 Bytes [ FF, 73, 04, 89, 55, C4, FF, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!QueryActCtxW + 10C 7C816477 15 Bytes CALL 7C8164E1 C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!BaseInitAppcompatCache + C 7C816569 103 Bytes [ F3, AB, 66, AB, 89, 9D, 60, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!BaseInitAppcompatCache + 74 7C8165D1 5 Bytes [ 0F, 85, 1D, 09, 03 ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!BaseInitAppcompatCache + 7A 7C8165D7 42 Bytes [ F6, 85, 70, FD, FF, FF, 08, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!BaseInitAppcompatCache + A5 7C816602 23 Bytes [ 00, 0F, 85, 10, A7, 01, 00, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!BaseInitAppcompatCache + BD 7C81661A 32 Bytes [ 85, 74, FD, FF, FF, 3B, C3, ... ]
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!BaseCheckAppcompatCache + C 7C816873 25 Bytes [ FF, 50, FF, B5, 60, FD, FF, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!BaseCheckAppcompatCache + 26 7C81688D 25 Bytes [ FF, 10, 0F, 85, C1, 58, 01, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!BaseCheckAppcompatCache + 42 7C8168A9 21 Bytes [ 57, FF, 15, D8, 15, 80, 7C, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!BaseCheckAppcompatCache + 58 7C8168BF 12 Bytes [ FF, 33, F6, 33, FF, 39, BD, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!BaseCheckAppcompatCache + 65 7C8168CC 14 Bytes [ F7, 09, 03, 00, FF, B5, 90, ... ]
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!RegisterWaitForInputIdle + 32 7C817050 27 Bytes [ 70, 18, FF, 15, 10, 10, 80, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!RegisterWaitForInputIdle + 4E 7C81706C 52 Bytes [ 74, 1A, 3B, C8, 0F, 85, D8, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!RegisterWaitForInputIdle + 83 7C8170A1 43 Bytes [ FF, 3B, CF, 66, 89, 85, CA, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!RegisterWaitForInputIdle + B0 7C8170CE 5 Bytes [ 89, 8D, 6C, FD, FF ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!RegisterWaitForInputIdle + B6 7C8170D4 12 Bytes [ 3B, C7, 89, 85, 60, FD, FF, ... ]
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!BaseProcessInitPostImport + BA 7C81758D 12 Bytes [ 00, A1, E0, 57, 88, 7C, 3B, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!BaseProcessInitPostImport + C8 7C81759B 35 Bytes CALL 7C80352D C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!BaseProcessInitPostImport + EC 7C8175BF 39 Bytes [ 88, 7C, 0F, 84, 92, 75, 00, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!BaseProcessInitPostImport + 115 7C8175E8 2 Bytes [ 8C, 11 ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!BaseProcessInitPostImport + 119 7C8175EC 30 Bytes [ C3, 90, 90, 90, 90, 90, 6A, ... ]
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetNlsSectionName + 13 7C818020 16 Bytes [ 55, 8B, EC, 8B, 45, 08, A3, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetNlsSectionName + 24 7C818031 2 Bytes [ CF, 49 ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetNlsSectionName + 28 7C818035 160 Bytes [ BF, 7B, 00, 00, C0, E9, 32, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetNlsSectionName + C9 7C8180D6 22 Bytes [ FF, 15, 34, 10, 80, 7C, 85, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetNlsSectionName + E0 7C8180ED 1 Byte [ FF ]
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!BasepCheckWinSaferRestrictions + 19 7C8195BC 74 Bytes [ B6, 6C, 01, 00, 00, 85, F6, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!BasepCheckWinSaferRestrictions + 64 7C819607 58 Bytes [ 8B, 40, 30, 68, B0, 87, 81, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!BasepCheckWinSaferRestrictions + 9F 7C819642 2 Bytes [ C7, C7 ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!BasepCheckWinSaferRestrictions + A2 7C819645 17 Bytes [ EC, FB, FF, FF, 04, 00, 00, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!BasepCheckWinSaferRestrictions + B4 7C819657 12 Bytes [ 00, 8D, 85, FC, FD, FF, FF, ... ]
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!CreateProcessInternalW + 4 7C8197A0 238 Bytes [ 44, 00, 4C, 00, 4C, 00, 21, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!CreateProcessInternalW + F3 7C81988F 5 Bytes [ FF, 50, E8, 3B, F7 ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!CreateProcessInternalW + F9 7C819895 1 Byte [ FF ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!CreateProcessInternalW + FB 7C819897 68 Bytes [ C0, 0F, 85, 15, 7E, 02, 00, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!CreateProcessInternalW + 140 7C8198DC 21 Bytes [ 3D, 2C, 50, 88, 7C, 66, A3, ... ]
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetExitCodeProcess + 25 7C81AB60 170 Bytes [ FF, 8B, 8D, 48, FE, FF, FF, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!VerifyConsoleIoHandle + 3D 7C81AC0B 2 Bytes [ B8, FD ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!VerifyConsoleIoHandle + 41 7C81AC0F 12 Bytes [ 51, 8D, 8D, 6C, F8, FF, FF, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!VerifyConsoleIoHandle + 4F 7C81AC1D 73 Bytes [ 51, 8D, 8D, 9C, F8, FF, FF, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetConsoleMode + 2F 7C81AC67 35 Bytes [ B5, 94, F9, FF, FF, FF, 15, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetConsoleMode + 54 7C81AC8C 37 Bytes [ 39, 9D, A4, F7, FF, FF, 74, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetConsoleMode + 7A 7C81ACB2 16 Bytes [ 15, 0C, 10, 80, 7C, 8B, F8, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetConsoleMode + 8B 7C81ACC3 2 Bytes [ 5C, 8B ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetConsoleMode + 8E 7C81ACC6 15 Bytes [ 00, 8D, 85, 60, F9, FF, FF, ... ]
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetConsoleOutputCP + 3C 7C81AEEB 45 Bytes [ 66, 89, 9E, 90, 00, 00, 00, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!SetConsoleMode + A 7C81AF1A 12 Bytes [ F6, 85, 8C, F7, FF, FF, 40, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!SetConsoleMode + 17 7C81AF27 19 Bytes [ F6, 85, 8C, F7, FF, FF, 80, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!SetConsoleMode + 2B 7C81AF3B 8 Bytes [ 46, 1C, 3B, C3, 0F, 85, 70, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!SetConsoleMode + 35 7C81AF45 8 Bytes [ 6A, 26, 59, 8D, B5, 90, FC, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!SetConsoleMode + 3E 7C81AF4E 15 Bytes [ 8B, FE, F3, A5, 39, 9D, B8, ... ]
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!SetThreadUILanguage + 32 7C81AFAA 84 Bytes [ 00, F6, 45, 20, 04, 75, 13, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!SetThreadUILanguage + 87 7C81AFFF 86 Bytes [ FF, 89, 46, 04, 8B, 85, 18, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!SetThreadUILanguage + DE 7C81B056 21 Bytes [ 9D, 04, F8, FF, FF, 0F, 85, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!SetThreadUILanguage + F4 7C81B06C 29 Bytes [ FF, 0F, 85, B7, 00, 00, 00, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!SetConsoleInputExeNameW + 15 7C81B08A 10 Bytes [ FF, 39, 9D, B4, F7, FF, FF, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!SetConsoleInputExeNameW + 21 7C81B096 114 Bytes [ 00, 89, 9D, 60, F8, FF, FF, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!SetConsoleInputExeNameW + 94 7C81B109 21 Bytes [ 00, 00, 89, 85, 18, F6, FF, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!SetConsoleInputExeNameW + AA 7C81B11F 81 Bytes [ 15, 10, 10, 80, 7C, 8B, 35, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!SetConsoleInputExeNameW + FD 7C81B172 25 Bytes [ B5, 28, F8, FF, FF, 53, 8B, ... ]
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!SetConsoleCtrlHandler + 20 7C81B2CB 21 Bytes [ 8D, 85, 7C, FF, FF, FF, 50, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!SetConsoleCtrlHandler + 36 7C81B2E1 136 Bytes [ 00, 33, F6, 39, 9D, 60, FE, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!SetConsoleCtrlHandler + BF 7C81B36A 112 Bytes [ 4F, 14, 89, 8D, 5C, F7, FF, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!SetConsoleCtrlHandler + 130 7C81B3DB 57 Bytes [ FF, EB, A1, 90, 90, 90, 90, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!SetConsoleCtrlHandler + 16A 7C81B415 21 Bytes [ 8B, 5D, 18, 8B, 4D, 1C, 89, ... ]
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetConsoleTitleW + 88 7C81B7E4 1 Byte [ 50 ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetConsoleTitleW + 8A 7C81B7E6 11 Bytes [ B5, 80, FD, FF, FF, 8B, 3D, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetConsoleTitleW + 96 7C81B7F2 24 Bytes [ D7, 89, 85, 74, FD, FF, FF, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetConsoleTitleW + AF 7C81B80B 12 Bytes [ 00, 0F, 8C, 0E, 94, 02, 00, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetConsoleTitleW + BC 7C81B818 40 Bytes [ 89, 01, F6, 45, 2B, 10, 0F, ... ]
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!SetThreadLocale + 2 7C81B8DC 24 Bytes [ FF, FF, B5, 80, FD, FF, FF, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!SetThreadLocale + 1B 7C81B8F5 19 Bytes [ 6A, 04, 8D, 85, C0, FD, FF, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!SetThreadLocale + 30 7C81B90A 9 Bytes [ 50, FF, B5, 80, FD, FF, FF, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!SetThreadLocale + 3A 7C81B914 16 Bytes [ 85, 74, FD, FF, FF, 85, C0, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!SetThreadLocale + 4B 7C81B925 12 Bytes [ 0F, 85, 43, 93, 02, 00, 83, ... ]
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetConsoleScreenBufferInfo 7C81B94B 4 Bytes [ 90, 64, A1, 18 ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetConsoleScreenBufferInfo + 5 7C81B950 41 Bytes [ 00, 00, 89, 85, 30, FD, FF, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetConsoleScreenBufferInfo + 2F 7C81B97A 72 Bytes [ FF, FF, 15, 90, 14, 80, 7C, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetConsoleScreenBufferInfo + 78 7C81B9C3 111 Bytes [ 2A, 01, 00, 00, 8B, D8, 85, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetConsoleScreenBufferInfo + E8 7C81BA33 26 Bytes [ 47, 04, 8B, 08, 89, 4D, E0, ... ]
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!IsValidLocale + 17 7C81C1C2 7 Bytes [ 00, 00, 83, BD, F4, FD, FF ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!IsValidLocale + 20 7C81C1CB 12 Bytes [ 0F, 84, AD, 00, 00, 00, 8B, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!IsValidLocale + 2D 7C81C1D8 31 Bytes [ 85, EC, FD, FF, FF, 50, BB, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!IsValidLocale + 4D 7C81C1F8 79 Bytes [ FF, FF, D6, BF, 1A, 00, 00, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!IsValidLocale + 9E 7C81C249 8 Bytes [ F8, FD, FF, FF, 8D, 85, EC, ... ]
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!ExitProcess + 6 7C81CB00 289 Bytes [ 02, 5F, 03, CF, 66, 39, 31, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!TerminateThread + FF 7C81CC22 67 Bytes [ 66, 89, 79, 16, 74, 3F, 66, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!WriteConsoleA + 21 7C81CC66 35 Bytes [ FF, 5F, 5E, C3, 90, 90, 90, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetEnvironmentStrings + F 7C81CC8A 1 Byte [ 68 ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetEnvironmentStrings + 11 7C81CC8C 15 Bytes [ 69, 00, 6E, 00, 65, 00, 5C, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetEnvironmentStrings + 21 7C81CC9C 11 Bytes [ 65, 00, 6D, 00, 5C, 00, 43, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetEnvironmentStrings + 2D 7C81CCA8 5 Bytes [ 72, 00, 65, 00, 6E ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!GetEnvironmentStrings + 33 7C81CCAE 1 Byte [ 74 ]
.text ...
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!SetFileApisToOEM + 46 7C81CDE4 83 Bytes [ 68, 40, 0B, 00, 00, 50, FF, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!SetFileApisToOEM + 9A 7C81CE38 167 Bytes [ 68, 60, 09, 00, 00, 50, FF, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!SetFileApisToOEM + 142 7C81CEE0 159 Bytes [ 68, A0, 0A, 00, 00, 50, FF, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!SetFileApisToOEM + 1E2 7C81CF80 691 Bytes [ 00, 50, FF, 75, 08, E8, 96, ... ]
.text C:\Program Files\Spyware Doctor\sdhelp.exe[888] kernel32.dll!SetFileApisToOEM + 496 7C81D234 244 Bytes [ 68, 3C, BD, 81, 7C, 68, 70, ... ]
.text ...