here's the Rootkit Unhooker log, it reported that there were possible infections. Took me 3 complete runs before being able to save the logfile so haven't started the GMER scan again yet.
/** Rootkit Unhooker log
RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>Drivers
==============================================
0xB59B4000 C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 10235904 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 197.45 )
0xBD012000 C:\WINDOWS\System32\nv4_disp.dll 6434816 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Display driver, Version 197.45 )
0xAE3DB000 C:\WINDOWS\system32\drivers\RtkHDAud.sys 4227072 bytes (Realtek Semiconductor Corp., Realtek(r) High Definition Audio Function Driver)
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2150400 bytes (Microsoft Corporation, NT kjerne og system)
0x804D7000 PnpManager 2150400 bytes
0x804D7000 RAW 2150400 bytes
0x804D7000 WMIxWDM 2150400 bytes
0xBF800000 Win32k 1851392 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1851392 bytes (Microsoft Corporation, Win32-driver for flere brukere)
0xB7DCB000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xA87EE000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys 503808 bytes (Microsoft Corporation, WDF Dynamic)
0xAE1D0000 C:\WINDOWS\System32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xB578E000 C:\WINDOWS\System32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xAE303000 C:\WINDOWS\System32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xB58EE000 C:\WINDOWS\system32\DRIVERS\RT61.sys 356352 bytes (Ralink Technology Inc., Ralink 802.11 Wireless Adapter Driver)
0xA81EB000 C:\WINDOWS\System32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)
0xB587B000 C:\WINDOWS\System32\DRIVERS\NVNRM.SYS 307200 bytes (NVIDIA Corporation, NVIDIA Network Resource Manager.)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xA7977000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xB7E6F000 PCTCore.sys 233472 bytes (PC Tools, PC Tools KDS Core Driver)
0xB5844000 C:\WINDOWS\System32\DRIVERS\NVSNPU.SYS 225280 bytes (NVIDIA Corporation, NVIDIA Networking Soft-NPU Driver.)
0xB57EC000 C:\WINDOWS\System32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xB7F79000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI-driver for NT)
0xA836B000 C:\WINDOWS\System32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xB7D9E000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xAE240000 C:\WINDOWS\System32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xB58C6000 C:\WINDOWS\System32\DRIVERS\HDAudBus.sys 163840 bytes (Windows (R) Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xAE2DB000 C:\WINDOWS\System32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xB7F03000 dmio.sys 155648 bytes (Microsoft Corporation, VERITAS Software, NT Disk Manager I/U-driver)
0xAE2B5000 C:\WINDOWS\System32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xAE3B7000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB5968000 C:\WINDOWS\System32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xB5945000 C:\WINDOWS\System32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xA7DE6000 C:\WINDOWS\System32\Drivers\RDPWD.SYS 143360 bytes (Microsoft Corporation, RDP Terminal Stack Driver (US/Canada Only, Not for Export))
0xAE26B000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x806E4000 ACPI_HAL 134400 bytes
0x806E4000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xB7F59000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xB7F29000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT-diskdriver)
0xB7D84000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xA87D5000 C:\WINDOWS\System32\Drivers\dump_nvata.sys 102400 bytes
0xB7ED2000 nvata.sys 102400 bytes (NVIDIA Corporation, NVIDIA® nForce(TM) IDE Performance Driver)
0xB7EEB000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xB7EBA000 C:\WINDOWS\System32\DRIVERS\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)
0xB7E58000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB582D000 C:\WINDOWS\System32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xA84D0000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xB598C000 C:\WINDOWS\System32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Driver for parallell port)
0xB59A0000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xAE35C000 C:\WINDOWS\System32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBD000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xB7EA8000 sr.sys 73728 bytes (Microsoft Corporation, Filsystemfilterdriver for Systemgjenoppretting)
0xA8332000 C:\WINDOWS\System32\Drivers\adfs.SYS 69632 bytes (Adobe Systems, Inc., Adobe Drive File System Driver)
0xB7F48000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI-enumerator)
0xB581C000 C:\WINDOWS\System32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xA9522000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xB7683000 C:\WINDOWS\System32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xB80A8000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xB76A3000 C:\WINDOWS\System32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Driver for serielle enheter)
0xB1482000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xB7673000 C:\WINDOWS\System32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio filterdriver)
0xB8268000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xB0958000 C:\WINDOWS\System32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xB80B8000 C:\WINDOWS\System32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xB8118000 C:\WINDOWS\System32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xB7663000 C:\WINDOWS\System32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xB80E8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volumdriver for skyggekopi)
0xA9532000 C:\WINDOWS\system32\DRIVERS\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0xB8288000 C:\WINDOWS\System32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xB0908000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS-kryptografidriver)
0xB7693000 C:\WINDOWS\System32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xB80F8000 jraid.sys 45056 bytes (JMicron Technology Corp., JMicron JMB36X RAID Driver)
0xB80D8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xB8278000 C:\WINDOWS\System32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xB82B8000 C:\WINDOWS\system32\DRIVERS\tap0801.sys 45056 bytes (The OpenVPN Project, TAP-Win32 Virtual Network Driver)
0xB76B3000 C:\WINDOWS\System32\DRIVERS\intelppm.sys 40960 bytes (Microsoft Corporation, Prosessorenhetsdriver)
0xB80C8000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA-bussdriver)
0xB82D8000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xB82A8000 C:\WINDOWS\System32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xB8108000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xA9542000 C:\WINDOWS\System32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xB8298000 C:\WINDOWS\System32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xB0938000 C:\WINDOWS\System32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xB0275000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xB82C8000 C:\WINDOWS\System32\DRIVERS\NVENETFD.sys 36864 bytes (NVIDIA Corporation, NVIDIA Networking Function Driver.)
0xB0928000 C:\WINDOWS\System32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xA959A000 C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys 32768 bytes (Logitech, Inc., Logitech Mouse Filter Driver.)
0xB055B000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xB054B000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xB8340000 C:\WINDOWS\System32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xB84A8000 C:\WINDOWS\System32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xB0E42000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xA95A2000 C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys 28672 bytes (Logitech, Inc., Logitech HID Filter Driver.)
0xB8328000 C:\WINDOWS\System32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xA91D2000 C:\Programfiler\Spyware Doctor\PCTSDInj32.sys 28672 bytes
0xB8380000 C:\WINDOWS\System32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Driver for tastaturklasse)
0xB8388000 C:\WINDOWS\System32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Driver for musklasse)
0xB83A0000 C:\WINDOWS\System32\Drivers\TDTCP.SYS 24576 bytes (Microsoft Corporation, TCP Transport Driver)
0xB056B000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xB0E5A000 C:\WINDOWS\System32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
0xB0563000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xB8330000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xB8370000 C:\WINDOWS\System32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xB8378000 C:\WINDOWS\System32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
0xB8368000 C:\WINDOWS\System32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xB84B0000 C:\WINDOWS\System32\DRIVERS\usbohci.sys 20480 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
0xA91CA000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xAA1A1000 C:\WINDOWS\system32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, HID-musfilterdriver)
0xB8578000 C:\WINDOWS\System32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xAA4CE000 C:\WINDOWS\System32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xB8558000 C:\WINDOWS\System32\DRIVERS\nvnetbus.sys 16384 bytes (NVIDIA Corporation, NVIDIA Networking Bus Driver.)
0xB7741000 C:\WINDOWS\System32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xB84B8000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xA9B8B000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xB7739000 C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 12288 bytes (GEAR Software Inc., CD DVD Filter)
0xAA1A9000 C:\WINDOWS\System32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xAA19D000 C:\WINDOWS\System32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID-musfilterdriver)
0xB855C000 C:\WINDOWS\System32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xB05DA000 C:\WINDOWS\System32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xB05C2000 C:\WINDOWS\System32\drivers\ws2ifsl.sys 12288 bytes (Microsoft Corporation, Winsock2 IFS Layer)
0xB860E000 C:\WINDOWS\System32\DRIVERS\ASACPI.sys 8192 bytes (-, ATK0110 ACPI Utility)
0xB8604000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xB85AC000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xB85DC000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xB8602000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xB85AE000 JGOGO.sys 8192 bytes (JMicron , SCSI Port upper filter driver)
0xB85A8000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xB8606000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xB861A000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM parallelldriver)
0xB8608000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xB8610000 C:\WINDOWS\System32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xB8600000 C:\WINDOWS\System32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xB85AA000 C:\WINDOWS\System32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xB8724000 C:\WINDOWS\System32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xA8C93000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xAFFA5000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xB8670000 pciide.sys 4096 bytes (Microsoft Corporation, Generisk PCI IDE-bussdriver)
==============================================
>Stealth
==============================================
0x88A75914 Unknown page with executable code, 1772 bytes
0x88A7A78F Unknown page with executable code, 2161 bytes
0x88A73702 Unknown page with executable code, 2302 bytes
0x88A5B66A Unknown page with executable code, 2454 bytes
0x88A7C48A Unknown page with executable code, 2934 bytes
0x88A09453 Unknown page with executable code, 2989 bytes
0x88A74373 Unknown page with executable code, 3213 bytes
0x88A8C136 Unknown page with executable code, 3786 bytes
0x88A440AD Unknown page with executable code, 3923 bytes
0x88A8CE4C Unknown page with executable code, 436 bytes
0x88A73E14 Unknown page with executable code, 492 bytes
0x88C0651C Unknown thread object [ ETHREAD 0x89B11DA8 ] , 600 bytes
0x88A2C641 Unknown thread object [ ETHREAD 0x89292DA8 ] , 600 bytes
==============================================
>Files
==============================================
!-->[Hidden] C:\Programfiler\Spyware Doctor\avdb\temp\JDK-6U11-95f\applets.zip
!-->[Hidden] C:\Programfiler\Spyware Doctor\avdb\temp\JDK-6U11-95f\COPYRIGHT
!-->[Hidden] C:\Programfiler\Spyware Doctor\avdb\temp\JDK-6U11-95f\demos.zip
!-->[Hidden] C:\Programfiler\Spyware Doctor\avdb\temp\JDK-6U11-95f\javadb.msi
!-->[Hidden] C:\Programfiler\Spyware Doctor\avdb\temp\JDK-6U11-95f\jre.msi
!-->[Hidden] C:\Programfiler\Spyware Doctor\avdb\temp\JDK-6U11-95f\jre1041.MST
!-->[Hidden] C:\Programfiler\Spyware Doctor\avdb\temp\JDK-6U11-95f\jre2052.MST
!-->[Hidden] C:\Programfiler\Spyware Doctor\avdb\temp\JDK-6U11-95f\RegUtils
!-->[Hidden] C:\Programfiler\Spyware Doctor\avdb\temp\JDK-6U11-95f\src.zip
!-->[Hidden] C:\Programfiler\Spyware Doctor\avdb\temp\JDK-6U11-95f\tools.zip
!-->[Hidden] C:\Programfiler\Spyware Doctor\avdb\temp\JDK-6U11-95f\zipper.exe
!-->[Hidden] C:\Programfiler\Spyware Doctor\avdb\temp\TEMPLATEWIZARD2$FORMLISTENER.CLASS0\sym.sdupk
!-->[Hidden] C:\Programfiler\Spyware Doctor\avdb\temp\TOOLS.ZI-33bc\jvmti.h
==============================================
>Hooks
==============================================
ntkrnlpa.exe+0x0002D570, Type: Inline - RelativeJump 0x80504570-->D7E2902E [unknown_code_page]
ntkrnlpa.exe+0x0002D76C, Type: Inline - RelativeJump 0x8050476C-->E2A8E42A [unknown_code_page]
ntkrnlpa.exe+0x0006ECAE, Type: Inline - RelativeJump 0x80545CAE-->80545CB5 [ntkrnlpa.exe]
[1000]lsass.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x7C90CFEE-->00000000 [unknown_code_page]
[1000]lsass.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x7C90D0AE-->00000000 [unknown_code_page]
[1000]lsass.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x7C90D0EE-->00000000 [unknown_code_page]
[1000]lsass.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x7C90D17E-->00000000 [unknown_code_page]
[1000]lsass.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x7C90D24E-->00000000 [unknown_code_page]
[1000]lsass.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x7C90D26E-->00000000 [unknown_code_page]
[1000]lsass.exe-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x7C90DA5E-->00000000 [unknown_code_page]
[1000]lsass.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x7C90DC5E-->00000000 [unknown_code_page]
[1000]lsass.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x7C90DDCE-->00000000 [unknown_code_page]
[1000]lsass.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x7C90DE6E-->00000000 [unknown_code_page]
[1000]lsass.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x7C90DF7E-->00000000 [unknown_code_page]
[1000]lsass.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x7C90DF8E-->00000000 [unknown_code_page]
[1000]lsass.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x7C90DFAE-->00000000 [unknown_code_page]
[1124]PrintCtrl.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x7C90CFEE-->00000000 [unknown_code_page]
[1124]PrintCtrl.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x7C90D0AE-->00000000 [unknown_code_page]
[1124]PrintCtrl.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x7C90D0EE-->00000000 [unknown_code_page]
[1124]PrintCtrl.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x7C90D17E-->00000000 [unknown_code_page]
[1124]PrintCtrl.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x7C90D24E-->00000000 [unknown_code_page]
[1124]PrintCtrl.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x7C90D26E-->00000000 [unknown_code_page]
[1124]PrintCtrl.exe-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x7C90DA5E-->00000000 [unknown_code_page]
[1124]PrintCtrl.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x7C90DC5E-->00000000 [unknown_code_page]
[1124]PrintCtrl.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x7C90DDCE-->00000000 [unknown_code_page]
[1124]PrintCtrl.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x7C90DE6E-->00000000 [unknown_code_page]
[1124]PrintCtrl.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x7C90DF7E-->00000000 [unknown_code_page]
[1124]PrintCtrl.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x7C90DF8E-->00000000 [unknown_code_page]
[1124]PrintCtrl.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x7C90DFAE-->00000000 [unknown_code_page]
[1152]nvsvc32.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x7C90CFEE-->00000000 [unknown_code_page]
[1152]nvsvc32.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x7C90D0AE-->00000000 [unknown_code_page]
[1152]nvsvc32.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x7C90D0EE-->00000000 [unknown_code_page]
[1152]nvsvc32.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x7C90D17E-->00000000 [unknown_code_page]
[1152]nvsvc32.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x7C90D24E-->00000000 [unknown_code_page]
[1152]nvsvc32.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x7C90D26E-->00000000 [unknown_code_page]
[1152]nvsvc32.exe-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x7C90DA5E-->00000000 [unknown_code_page]
[1152]nvsvc32.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x7C90DC5E-->00000000 [unknown_code_page]
[1152]nvsvc32.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x7C90DDCE-->00000000 [unknown_code_page]
[1152]nvsvc32.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x7C90DE6E-->00000000 [unknown_code_page]
[1152]nvsvc32.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x7C90DF7E-->00000000 [unknown_code_page]
[1152]nvsvc32.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x7C90DF8E-->00000000 [unknown_code_page]
[1152]nvsvc32.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x7C90DFAE-->00000000 [unknown_code_page]
[1188]pctsTray.exe-->kernel32.dll+0x000106F1, Type: Inline - PushRet 0x7C8106F1-->00000000 [unknown_code_page]
[1188]pctsTray.exe-->wsock32.dll-->recv, Type: IAT modification 0x004C22F0-->00000000 [wsock32.dll]
[1188]pctsTray.exe-->wsock32.dll-->recvfrom, Type: IAT modification 0x004C22EC-->00000000 [wsock32.dll]
[1188]pctsTray.exe-->wsock32.dll-->setsockopt, Type: IAT modification 0x004C22DC-->00000000 [wsock32.dll]
[1192]svchost.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x7C90CFEE-->00000000 [unknown_code_page]
[1192]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x7C90D0AE-->00000000 [unknown_code_page]
[1192]svchost.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x7C90D0EE-->00000000 [unknown_code_page]
[1192]svchost.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x7C90D17E-->00000000 [unknown_code_page]
[1192]svchost.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x7C90D24E-->00000000 [unknown_code_page]
[1192]svchost.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x7C90D26E-->00000000 [unknown_code_page]
[1192]svchost.exe-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x7C90DA5E-->00000000 [unknown_code_page]
[1192]svchost.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x7C90DC5E-->00000000 [unknown_code_page]
[1192]svchost.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x7C90DDCE-->00000000 [unknown_code_page]
[1192]svchost.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x7C90DE6E-->00000000 [unknown_code_page]
[1192]svchost.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x7C90DF7E-->00000000 [unknown_code_page]
[1192]svchost.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x7C90DF8E-->00000000 [unknown_code_page]
[1192]svchost.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x7C90DFAE-->00000000 [unknown_code_page]
[1244]svchost.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x7C90CFEE-->00000000 [unknown_code_page]
[1244]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x7C90D0AE-->00000000 [unknown_code_page]
[1244]svchost.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x7C90D0EE-->00000000 [unknown_code_page]
[1244]svchost.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x7C90D17E-->00000000 [unknown_code_page]
[1244]svchost.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x7C90D24E-->00000000 [unknown_code_page]
[1244]svchost.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x7C90D26E-->00000000 [unknown_code_page]
[1244]svchost.exe-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x7C90DA5E-->00000000 [unknown_code_page]
[1244]svchost.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x7C90DC5E-->00000000 [unknown_code_page]
[1244]svchost.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x7C90DDCE-->00000000 [unknown_code_page]
[1244]svchost.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x7C90DE6E-->00000000 [unknown_code_page]
[1244]svchost.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x7C90DF7E-->00000000 [unknown_code_page]
[1244]svchost.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x7C90DF8E-->00000000 [unknown_code_page]
[1244]svchost.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x7C90DFAE-->00000000 [unknown_code_page]
[1284]NMBgMonitor.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x7C90CFEE-->00000000 [unknown_code_page]
[1284]NMBgMonitor.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x7C90D0AE-->00000000 [unknown_code_page]
[1284]NMBgMonitor.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x7C90D0EE-->00000000 [unknown_code_page]
[1284]NMBgMonitor.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x7C90D17E-->00000000 [unknown_code_page]
[1284]NMBgMonitor.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x7C90D24E-->00000000 [unknown_code_page]
[1284]NMBgMonitor.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x7C90D26E-->00000000 [unknown_code_page]
[1284]NMBgMonitor.exe-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x7C90DA5E-->00000000 [unknown_code_page]
[1284]NMBgMonitor.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x7C90DC5E-->00000000 [unknown_code_page]
[1284]NMBgMonitor.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x7C90DDCE-->00000000 [unknown_code_page]
[1284]NMBgMonitor.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x7C90DE6E-->00000000 [unknown_code_page]
[1284]NMBgMonitor.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x7C90DF7E-->00000000 [unknown_code_page]
[1284]NMBgMonitor.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x7C90DF8E-->00000000 [unknown_code_page]
[1284]NMBgMonitor.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x7C90DFAE-->00000000 [unknown_code_page]
[1284]NMBgMonitor.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x7E42384E-->00000000 [unknown_code_page]
[1284]NMBgMonitor.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x7E4595BD-->00000000 [unknown_code_page]
[1284]NMBgMonitor.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x7E4242ED-->00000000 [unknown_code_page]
[1284]NMBgMonitor.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x7E4299F3-->00000000 [unknown_code_page]
[1292]ctfmon.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x7C90CFEE-->00000000 [unknown_code_page]
[1292]ctfmon.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x7C90D0AE-->00000000 [unknown_code_page]
[1292]ctfmon.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x7C90D0EE-->00000000 [unknown_code_page]
[1292]ctfmon.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x7C90D17E-->00000000 [unknown_code_page]
[1292]ctfmon.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x7C90D24E-->00000000 [unknown_code_page]
[1292]ctfmon.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x7C90D26E-->00000000 [unknown_code_page]
[1292]ctfmon.exe-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x7C90DA5E-->00000000 [unknown_code_page]
[1292]ctfmon.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x7C90DC5E-->00000000 [unknown_code_page]
[1292]ctfmon.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x7C90DDCE-->00000000 [unknown_code_page]
[1292]ctfmon.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x7C90DE6E-->00000000 [unknown_code_page]
[1292]ctfmon.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x7C90DF7E-->00000000 [unknown_code_page]
[1292]ctfmon.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x7C90DF8E-->00000000 [unknown_code_page]
[1292]ctfmon.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x7C90DFAE-->00000000 [unknown_code_page]
[1292]ctfmon.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x7E42384E-->00000000 [unknown_code_page]
[1292]ctfmon.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x7E4595BD-->00000000 [unknown_code_page]
[1292]ctfmon.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x7E4242ED-->00000000 [unknown_code_page]
[1292]ctfmon.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x7E4299F3-->00000000 [unknown_code_page]
[1340]svchost.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x7C90CFEE-->00000000 [unknown_code_page]
[1340]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x7C90D0AE-->00000000 [unknown_code_page]
[1340]svchost.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x7C90D0EE-->00000000 [unknown_code_page]
[1340]svchost.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x7C90D17E-->00000000 [unknown_code_page]
[1340]svchost.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x7C90D24E-->00000000 [unknown_code_page]
[1340]svchost.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x7C90D26E-->00000000 [unknown_code_page]
[1340]svchost.exe-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x7C90DA5E-->00000000 [unknown_code_page]
[1340]svchost.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x7C90DC5E-->00000000 [unknown_code_page]
[1340]svchost.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x7C90DDCE-->00000000 [unknown_code_page]
[1340]svchost.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x7C90DE6E-->00000000 [unknown_code_page]
[1340]svchost.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x7C90DF7E-->00000000 [unknown_code_page]
[1340]svchost.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x7C90DF8E-->00000000 [unknown_code_page]
[1340]svchost.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x7C90DFAE-->00000000 [unknown_code_page]
[1492]svchost.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x7C90CFEE-->00000000 [unknown_code_page]
[1492]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x7C90D0AE-->00000000 [unknown_code_page]
[1492]svchost.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x7C90D0EE-->00000000 [unknown_code_page]
[1492]svchost.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x7C90D17E-->00000000 [unknown_code_page]
[1492]svchost.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x7C90D24E-->00000000 [unknown_code_page]
[1492]svchost.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x7C90D26E-->00000000 [unknown_code_page]
[1492]svchost.exe-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x7C90DA5E-->00000000 [unknown_code_page]
[1492]svchost.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x7C90DC5E-->00000000 [unknown_code_page]
[1492]svchost.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x7C90DDCE-->00000000 [unknown_code_page]
[1492]svchost.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x7C90DE6E-->00000000 [unknown_code_page]
[1492]svchost.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x7C90DF7E-->00000000 [unknown_code_page]
[1492]svchost.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x7C90DF8E-->00000000 [unknown_code_page]
[1492]svchost.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x7C90DFAE-->00000000 [unknown_code_page]
[1500]pctsAuxs.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x7C90CFEE-->00000000 [unknown_code_page]
[1500]pctsAuxs.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x7C90D0AE-->00000000 [unknown_code_page]
[1500]pctsAuxs.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x7C90D0EE-->00000000 [unknown_code_page]
[1500]pctsAuxs.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x7C90D17E-->00000000 [unknown_code_page]
[1500]pctsAuxs.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x7C90D24E-->00000000 [unknown_code_page]
[1500]pctsAuxs.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x7C90D26E-->00000000 [unknown_code_page]
[1500]pctsAuxs.exe-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x7C90DA5E-->00000000 [unknown_code_page]
[1500]pctsAuxs.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x7C90DC5E-->00000000 [unknown_code_page]
[1500]pctsAuxs.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x7C90DDCE-->00000000 [unknown_code_page]
[1500]pctsAuxs.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x7C90DE6E-->00000000 [unknown_code_page]
[1500]pctsAuxs.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x7C90DF7E-->00000000 [unknown_code_page]
[1500]pctsAuxs.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x7C90DF8E-->00000000 [unknown_code_page]
[1500]pctsAuxs.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x7C90DFAE-->00000000 [unknown_code_page]
[1536]svchost.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x7C90CFEE-->00000000 [unknown_code_page]
[1536]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x7C90D0AE-->00000000 [unknown_code_page]
[1536]svchost.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x7C90D0EE-->00000000 [unknown_code_page]
[1536]svchost.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x7C90D17E-->00000000 [unknown_code_page]
[1536]svchost.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x7C90D24E-->00000000 [unknown_code_page]
[1536]svchost.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x7C90D26E-->00000000 [unknown_code_page]
[1536]svchost.exe-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x7C90DA5E-->00000000 [unknown_code_page]
[1536]svchost.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x7C90DC5E-->00000000 [unknown_code_page]
[1536]svchost.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x7C90DDCE-->00000000 [unknown_code_page]
[1536]svchost.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x7C90DE6E-->00000000 [unknown_code_page]
[1536]svchost.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x7C90DF7E-->00000000 [unknown_code_page]
[1536]svchost.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x7C90DF8E-->00000000 [unknown_code_page]
[1536]svchost.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x7C90DFAE-->00000000 [unknown_code_page]
[1588]pctsSvc.exe-->wsock32.dll-->recv, Type: IAT modification 0x004E7590-->00000000 [wsock32.dll]
[1588]pctsSvc.exe-->wsock32.dll-->recvfrom, Type: IAT modification 0x004E758C-->00000000 [wsock32.dll]
[1588]pctsSvc.exe-->wsock32.dll-->setsockopt, Type: IAT modification 0x004E757C-->00000000 [wsock32.dll]
[1636]svchost.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x7C90CFEE-->00000000 [unknown_code_page]
[1636]svchost.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x7C90D0AE-->00000000 [unknown_code_page]
[1636]svchost.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x7C90D0EE-->00000000 [unknown_code_page]
[1636]svchost.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x7C90D17E-->00000000 [unknown_code_page]
[1636]svchost.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x7C90D24E-->00000000 [unknown_code_page]
[1636]svchost.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x7C90D26E-->00000000 [unknown_code_page]
[1636]svchost.exe-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x7C90DA5E-->00000000 [unknown_code_page]
[1636]svchost.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x7C90DC5E-->00000000 [unknown_code_page]
[1636]svchost.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x7C90DDCE-->00000000 [unknown_code_page]
[1636]svchost.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x7C90DE6E-->00000000 [unknown_code_page]
[1636]svchost.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x7C90DF7E-->00000000 [unknown_code_page]
[1636]svchost.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x7C90DF8E-->00000000 [unknown_code_page]
[1636]svchost.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x7C90DFAE-->00000000 [unknown_code_page]
[1812]spoolsv.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x7C90CFEE-->00000000 [unknown_code_page]
[1812]spoolsv.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x7C90D0AE-->00000000 [unknown_code_page]
[1812]spoolsv.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x7C90D0EE-->00000000 [unknown_code_page]
[1812]spoolsv.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x7C90D17E-->00000000 [unknown_code_page]
[1812]spoolsv.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x7C90D24E-->00000000 [unknown_code_page]
[1812]spoolsv.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x7C90D26E-->00000000 [unknown_code_page]
[1812]spoolsv.exe-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x7C90DA5E-->00000000 [unknown_code_page]
[1812]spoolsv.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x7C90DC5E-->00000000 [unknown_code_page]
[1812]spoolsv.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x7C90DDCE-->00000000 [unknown_code_page]
[1812]spoolsv.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x7C90DE6E-->00000000 [unknown_code_page]
[1812]spoolsv.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x7C90DF7E-->00000000 [unknown_code_page]
[1812]spoolsv.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x7C90DF8E-->00000000 [unknown_code_page]
[1812]spoolsv.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x7C90DFAE-->00000000 [unknown_code_page]
[1988]jqs.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x7C90CFEE-->00000000 [unknown_code_page]
[1988]jqs.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x7C90D0AE-->00000000 [unknown_code_page]
[1988]jqs.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x7C90D0EE-->00000000 [unknown_code_page]
[1988]jqs.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x7C90D17E-->00000000 [unknown_code_page]
[1988]jqs.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x7C90D24E-->00000000 [unknown_code_page]
[1988]jqs.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x7C90D26E-->00000000 [unknown_code_page]
[1988]jqs.exe-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x7C90DA5E-->00000000 [unknown_code_page]
[1988]jqs.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x7C90DC5E-->00000000 [unknown_code_page]
[1988]jqs.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x7C90DDCE-->00000000 [unknown_code_page]
[1988]jqs.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x7C90DE6E-->00000000 [unknown_code_page]
[1988]jqs.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x7C90DF7E-->00000000 [unknown_code_page]
[1988]jqs.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x7C90DF8E-->00000000 [unknown_code_page]
[1988]jqs.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x7C90DFAE-->00000000 [unknown_code_page]
[1988]jqs.exe-->ws2_32.dll-->WSACloseEvent, Type: IAT modification 0x004172A8-->00000000 [ws2_32.dll]
[1988]jqs.exe-->ws2_32.dll-->WSACreateEvent, Type: IAT modification 0x004172E8-->00000000 [ws2_32.dll]
[1988]jqs.exe-->ws2_32.dll-->WSAEventSelect, Type: IAT modification 0x004172C0-->00000000 [ws2_32.dll]
[1988]jqs.exe-->ws2_32.dll-->WSAResetEvent, Type: IAT modification 0x004172E4-->00000000 [ws2_32.dll]
[1988]jqs.exe-->ws2_32.dll-->WSASetEvent, Type: IAT modification 0x004172DC-->00000000 [ws2_32.dll]
[1988]jqs.exe-->ws2_32.dll-->WSAWaitForMultipleEvents, Type: IAT modification 0x004172E0-->00000000 [ws2_32.dll]
[2036]BDTUpdateService.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x7C90CFEE-->00000000 [unknown_code_page]
[2036]BDTUpdateService.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x7C90D0AE-->00000000 [unknown_code_page]
[2036]BDTUpdateService.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x7C90D0EE-->00000000 [unknown_code_page]
[2036]BDTUpdateService.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x7C90D17E-->00000000 [unknown_code_page]
[2036]BDTUpdateService.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x7C90D24E-->00000000 [unknown_code_page]
[2036]BDTUpdateService.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x7C90D26E-->00000000 [unknown_code_page]
[2036]BDTUpdateService.exe-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x7C90DA5E-->00000000 [unknown_code_page]
[2036]BDTUpdateService.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x7C90DC5E-->00000000 [unknown_code_page]
[2036]BDTUpdateService.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x7C90DDCE-->00000000 [unknown_code_page]
[2036]BDTUpdateService.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x7C90DE6E-->00000000 [unknown_code_page]
[2036]BDTUpdateService.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x7C90DF7E-->00000000 [unknown_code_page]
[2036]BDTUpdateService.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x7C90DF8E-->00000000 [unknown_code_page]
[2036]BDTUpdateService.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x7C90DFAE-->00000000 [unknown_code_page]
[2180]sqlbrowser.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x7C90CFEE-->00000000 [unknown_code_page]
[2180]sqlbrowser.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x7C90D0AE-->00000000 [unknown_code_page]
[2180]sqlbrowser.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x7C90D0EE-->00000000 [unknown_code_page]
[2180]sqlbrowser.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x7C90D17E-->00000000 [unknown_code_page]
[2180]sqlbrowser.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x7C90D24E-->00000000 [unknown_code_page]
[2180]sqlbrowser.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x7C90D26E-->00000000 [unknown_code_page]
[2180]sqlbrowser.exe-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x7C90DA5E-->00000000 [unknown_code_page]
[2180]sqlbrowser.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x7C90DC5E-->00000000 [unknown_code_page]
[2180]sqlbrowser.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x7C90DDCE-->00000000 [unknown_code_page]
[2180]sqlbrowser.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x7C90DE6E-->00000000 [unknown_code_page]
[2180]sqlbrowser.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x7C90DF7E-->00000000 [unknown_code_page]
[2180]sqlbrowser.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x7C90DF8E-->00000000 [unknown_code_page]
[2180]sqlbrowser.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x7C90DFAE-->00000000 [unknown_code_page]
[2180]sqlbrowser.exe-->ws2_32.dll-->WSAEnumProtocolsW, Type: IAT modification 0x010012A0-->00000000 [ws2_32.dll]
[2180]sqlbrowser.exe-->ws2_32.dll-->WSARecvFrom, Type: IAT modification 0x0100129C-->00000000 [ws2_32.dll]
[2180]sqlbrowser.exe-->ws2_32.dll-->WSASendTo, Type: IAT modification 0x010012B4-->00000000 [ws2_32.dll]
[2180]sqlbrowser.exe-->ws2_32.dll-->WSASocketW, Type: IAT modification 0x01001298-->00000000 [ws2_32.dll]
[2212]sqlwriter.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x7C90CFEE-->00000000 [unknown_code_page]
[2212]sqlwriter.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x7C90D0AE-->00000000 [unknown_code_page]
[2212]sqlwriter.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x7C90D0EE-->00000000 [unknown_code_page]
[2212]sqlwriter.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x7C90D17E-->00000000 [unknown_code_page]
[2212]sqlwriter.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x7C90D24E-->00000000 [unknown_code_page]
[2212]sqlwriter.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x7C90D26E-->00000000 [unknown_code_page]
[2212]sqlwriter.exe-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x7C90DA5E-->00000000 [unknown_code_page]
[2212]sqlwriter.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x7C90DC5E-->00000000 [unknown_code_page]
[2212]sqlwriter.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x7C90DDCE-->00000000 [unknown_code_page]
[2212]sqlwriter.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x7C90DE6E-->00000000 [unknown_code_page]
[2212]sqlwriter.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x7C90DF7E-->00000000 [unknown_code_page]
[2212]sqlwriter.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x7C90DF8E-->00000000 [unknown_code_page]
[2212]sqlwriter.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x7C90DFAE-->00000000 [unknown_code_page]
[2520]wscntfy.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x7C90CFEE-->00000000 [unknown_code_page]
[2520]wscntfy.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x7C90D0AE-->00000000 [unknown_code_page]
[2520]wscntfy.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x7C90D0EE-->00000000 [unknown_code_page]
[2520]wscntfy.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x7C90D17E-->00000000 [unknown_code_page]
[2520]wscntfy.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x7C90D24E-->00000000 [unknown_code_page]
[2520]wscntfy.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x7C90D26E-->00000000 [unknown_code_page]
[2520]wscntfy.exe-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x7C90DA5E-->00000000 [unknown_code_page]
[2520]wscntfy.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x7C90DC5E-->00000000 [unknown_code_page]
[2520]wscntfy.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x7C90DDCE-->00000000 [unknown_code_page]
[2520]wscntfy.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x7C90DE6E-->00000000 [unknown_code_page]
[2520]wscntfy.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x7C90DF7E-->00000000 [unknown_code_page]
[2520]wscntfy.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x7C90DF8E-->00000000 [unknown_code_page]
[2520]wscntfy.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x7C90DFAE-->00000000 [unknown_code_page]
[2520]wscntfy.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x7E42384E-->00000000 [unknown_code_page]
[2520]wscntfy.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x7E4595BD-->00000000 [unknown_code_page]
[2520]wscntfy.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x7E4242ED-->00000000 [unknown_code_page]
[2520]wscntfy.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x7E4299F3-->00000000 [unknown_code_page]
[284]explorer.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DC1218-->00000000 [shimeng.dll]
[284]explorer.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll]
[284]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001268-->00000000 [shimeng.dll]
[284]explorer.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x7C90CFEE-->00000000 [unknown_code_page]
[284]explorer.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x7C90D0AE-->00000000 [unknown_code_page]
[284]explorer.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x7C90D0EE-->00000000 [unknown_code_page]
[284]explorer.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x7C90D17E-->00000000 [unknown_code_page]
[284]explorer.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x7C90D24E-->00000000 [unknown_code_page]
[284]explorer.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x7C90D26E-->00000000 [unknown_code_page]
[284]explorer.exe-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x7C90DA5E-->00000000 [unknown_code_page]
[284]explorer.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x7C90DC5E-->00000000 [unknown_code_page]
[284]explorer.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x7C90DDCE-->00000000 [unknown_code_page]
[284]explorer.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x7C90DE6E-->00000000 [unknown_code_page]
[284]explorer.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x7C90DF7E-->00000000 [unknown_code_page]
[284]explorer.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x7C90DF8E-->00000000 [unknown_code_page]
[284]explorer.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x7C90DFAE-->00000000 [unknown_code_page]
[284]explorer.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll]
[284]explorer.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [shimeng.dll]
[284]explorer.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x40B414B0-->00000000 [shimeng.dll]
[284]explorer.exe-->wsock32.dll+0x00001064, Type: Inline - RelativeJump 0x01771064-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x0000111F, Type: Inline - RelativeCall 0x0177111F-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x0000113F, Type: Inline - PushRet 0x0177113F-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x00001188, Type: Inline - RelativeCall 0x01771188-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x00001199, Type: Inline - PushRet 0x01771199-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x0000119A, Type: Inline - RelativeJump 0x0177119A-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x000011A4, Type: Inline - RelativeCall 0x017711A4-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x000011BB, Type: Inline - RelativeJump 0x017711BB-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x000011D3, Type: Inline - PushRet 0x017711D3-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x000011DC, Type: Inline - RelativeCall 0x017711DC-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x00001200, Type: Inline - RelativeJump 0x01771200-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x00001216, Type: Inline - RelativeJump 0x01771216-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x0000124D, Type: Inline - RelativeJump 0x0177124D-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x0000125B, Type: Inline - RelativeJump 0x0177125B-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x00001264, Type: Inline - RelativeCall 0x01771264-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x0000126B, Type: Inline - RelativeJump 0x0177126B-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x00001272, Type: Inline - RelativeJump 0x01771272-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x00001284, Type: Inline - RelativeCall 0x01771284-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x00001290, Type: Inline - RelativeCall 0x01771290-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x000012FE, Type: Inline - RelativeJump 0x017712FE-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x00001313, Type: Inline - RelativeJump 0x01771313-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x00001330, Type: Inline - RelativeCall 0x01771330-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x0000133C, Type: Inline - RelativeCall 0x0177133C-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x00001356, Type: Inline - PushRet 0x01771356-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x00001359, Type: Inline - RelativeJump 0x01771359-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x00001366, Type: Inline - RelativeJump 0x01771366-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x0000139C, Type: Inline - RelativeJump 0x0177139C-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x000013AC, Type: Inline - RelativeJump 0x017713AC-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x000013C1, Type: Inline - RelativeJump 0x017713C1-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x000013EA, Type: Inline - RelativeJump 0x017713EA-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x0000142C, Type: Inline - RelativeJump 0x0177142C-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x0000145B, Type: Inline - RelativeJump 0x0177145B-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x0000146A, Type: Inline - RelativeCall 0x0177146A-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x000014A1, Type: Inline - RelativeJump 0x017714A1-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x000014AC, Type: Inline - PushRet 0x017714AC-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x000014CF, Type: Inline - RelativeCall 0x017714CF-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x000014D4, Type: Inline - RelativeCall 0x017714D4-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x000014DD, Type: Inline - PushRet 0x017714DD-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x000014F6, Type: Inline - RelativeCall 0x017714F6-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x00001503, Type: Inline - PushRet 0x01771503-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x0000150A, Type: Inline - RelativeCall 0x0177150A-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x00001511, Type: Inline - PushRet 0x01771511-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x00001512, Type: Inline - RelativeJump 0x01771512-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x00001545, Type: Inline - RelativeJump 0x01771545-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x00001582, Type: Inline - RelativeJump 0x01771582-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x0000159C, Type: Inline - RelativeCall 0x0177159C-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x000015A6, Type: Inline - RelativeJump 0x017715A6-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x000015AA, Type: Inline - RelativeCall 0x017715AA-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x000015DE, Type: Inline - RelativeCall 0x017715DE-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x000015EA, Type: Inline - PushRet 0x017715EA-->00000000 [kernel32.dll]
[284]explorer.exe-->wsock32.dll+0x000015FA, Type: Inline - RelativeJump 0x017715FA-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x00001607, Type: Inline - RelativeJump 0x01771607-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x0000161A, Type: Inline - RelativeCall 0x0177161A-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x00001632, Type: Inline - RelativeCall 0x01771632-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x00001637, Type: Inline - PushRet 0x01771637-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x0000163A, Type: Inline - RelativeCall 0x0177163A-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x0000166B, Type: Inline - RelativeCall 0x0177166B-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x00001672, Type: Inline - RelativeJump 0x01771672-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x0000168C, Type: Inline - RelativeCall 0x0177168C-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x00001698, Type: Inline - PushRet 0x01771698-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x0000169E, Type: Inline - RelativeJump 0x0177169E-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x000016B0, Type: Inline - RelativeJump 0x017716B0-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x000016EA, Type: Inline - RelativeCall 0x017716EA-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x000016FA, Type: Inline - PushRet 0x017716FA-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x00001703, Type: Inline - RelativeJump 0x01771703-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x00001718, Type: Inline - PushRet 0x01771718-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x00001719, Type: Inline - RelativeJump 0x01771719-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x00001727, Type: Inline - RelativeJump 0x01771727-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x0000177D, Type: Inline - RelativeJump 0x0177177D-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x000017B7, Type: Inline - SEH 0x017717B7 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x000017B8, Type: Inline - RelativeCall 0x017717B8-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x00001806, Type: Inline - RelativeCall 0x01771806-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x0000180E, Type: Inline - RelativeJump 0x0177180E-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x00001827, Type: Inline - PushRet 0x01771827-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x0000183D, Type: Inline - RelativeJump 0x0177183D-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x0000187F, Type: Inline - PushRet 0x0177187F-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x00001884, Type: Inline - RelativeCall 0x01771884-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x00001891, Type: Inline - RelativeCall 0x01771891-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x000018B8, Type: Inline - RelativeJump 0x017718B8-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x000018CD, Type: Inline - RelativeJump 0x017718CD-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x00001904, Type: Inline - SEH 0x01771904 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x00001905, Type: Inline - RelativeCall 0x01771905-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x00001916, Type: Inline - PushRet 0x01771916-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x0000191E, Type: Inline - RelativeCall 0x0177191E-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x0000192F, Type: Inline - PushRet 0x0177192F-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x00001937, Type: Inline - RelativeCall 0x01771937-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x00001943, Type: Inline - PushRet 0x01771943-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x0000194F, Type: Inline - RelativeCall 0x0177194F-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x00001966, Type: Inline - RelativeCall 0x01771966-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x00001970, Type: Inline - RelativeJump 0x01771970-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x00001983, Type: Inline - RelativeJump 0x01771983-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x0000199E, Type: Inline - PushRet 0x0177199E-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x000019A3, Type: Inline - RelativeJump 0x017719A3-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x000019B4, Type: Inline - RelativeCall 0x017719B4-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x000019B9, Type: Inline - SEH 0x017719B9 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x000019BA, Type: Inline - RelativeCall 0x017719BA-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x000019C4, Type: Inline - RelativeCall 0x017719C4-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x000019D4, Type: Inline - RelativeJump 0x017719D4-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x000019EC, Type: Inline - PushRet 0x017719EC-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x000019EF, Type: Inline - RelativeCall 0x017719EF-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x00001A28, Type: Inline - RelativeJump 0x01771A28-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x00001A69, Type: Inline - RelativeJump 0x01771A69-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x00001A76, Type: Inline - RelativeCall 0x01771A76-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x00001A7E, Type: Inline - RelativeJump 0x01771A7E-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x00001AD3, Type: Inline - PushRet 0x01771AD3-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x00001B4C, Type: Inline - RelativeCall 0x01771B4C-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x00001BB0, Type: Inline - RelativeJump 0x01771BB0-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x00001BC1, Type: Inline - RelativeCall 0x01771BC1-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x00001BD1, Type: Inline - PushRet 0x01771BD1-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x00001BFE, Type: Inline - RelativeJump 0x01771BFE-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x00001C26, Type: Inline - RelativeJump 0x01771C26-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x00001C33, Type: Inline - RelativeJump 0x01771C33-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x00001C4A, Type: Inline - PushRet 0x01771C4A-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x00001C79, Type: Inline - PushRet 0x01771C79-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x00001C8A, Type: Inline - RelativeJump 0x01771C8A-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x00001C91, Type: Inline - RelativeCall 0x01771C91-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x00001C98, Type: Inline - RelativeJump 0x01771C98-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x00001CA5, Type: Inline - RelativeCall 0x01771CA5-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x00001CF9, Type: Inline - RelativeCall 0x01771CF9-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x00001D00, Type: Inline - RelativeJump 0x01771D00-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x00001D36, Type: Inline - RelativeCall 0x01771D36-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x00001DA7, Type: Inline - RelativeCall 0x01771DA7-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x00001DB2, Type: Inline - RelativeCall 0x01771DB2-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x00001DBF, Type: Inline - RelativeCall 0x01771DBF-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x00001E0A, Type: Inline - RelativeJump 0x01771E0A-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x00001E51, Type: Inline - RelativeJump 0x01771E51-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x00001E6A, Type: Inline - RelativeJump 0x01771E6A-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x00001E7B, Type: Inline - RelativeCall 0x01771E7B-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x00001E86, Type: Inline - RelativeJump 0x01771E86-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x00001E8F, Type: Inline - RelativeCall 0x01771E8F-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x00001EA5, Type: Inline - PushRet 0x01771EA5-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x00001EAA, Type: Inline - RelativeCall 0x01771EAA-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x00001EB4, Type: Inline - RelativeCall 0x01771EB4-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x00001EEB, Type: Inline - SEH 0x01771EEB [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x00001EEC, Type: Inline - RelativeJump 0x01771EEC-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x00001F43, Type: Inline - PushRet 0x01771F43-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x00001F4B, Type: Inline - RelativeCall 0x01771F4B-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x00001F6B, Type: Inline - RelativeJump 0x01771F6B-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x00001F95, Type: Inline - RelativeJump 0x01771F95-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x00001F99, Type: Inline - RelativeCall 0x01771F99-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x00001FAA, Type: Inline - PushRet 0x01771FAA-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x00001FAD, Type: Inline - RelativeCall 0x01771FAD-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x00001FBE, Type: Inline - RelativeJump 0x01771FBE-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x00001FD5, Type: Inline - PushRet 0x01771FD5-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x00001FD9, Type: Inline - RelativeCall 0x01771FD9-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x0000204B, Type: Inline - RelativeCall 0x0177204B-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x00002064, Type: Inline - PushRet 0x01772064-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x00002070, Type: Inline - DirectCall 0x01772070-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x0000207B, Type: Inline - RelativeJump 0x0177207B-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x00002088, Type: Inline - RelativeJump 0x01772088-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x00002094, Type: Inline - RelativeCall 0x01772094-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x000020CA, Type: Inline - RelativeJump 0x017720CA-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x000020DD, Type: Inline - RelativeCall 0x017720DD-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x000020E2, Type: Inline - RelativeJump 0x017720E2-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x000020F9, Type: Inline - RelativeCall 0x017720F9-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x000020FE, Type: Inline - RelativeJump 0x017720FE-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x00002110, Type: Inline - RelativeJump 0x01772110-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x00002124, Type: Inline - RelativeJump 0x01772124-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x00002137, Type: Inline - RelativeJump 0x01772137-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x00002148, Type: Inline - RelativeJump 0x01772148-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x0000215A, Type: Inline - RelativeCall 0x0177215A-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x00002160, Type: Inline - PushRet 0x01772160-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x000021C0, Type: Inline - SEH 0x017721C0 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x000021D3, Type: Inline - RelativeJump 0x017721D3-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x0000241E, Type: Inline - RelativeJump 0x0177241E-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x00002428, Type: Inline - RelativeCall 0x01772428-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x0000284A, Type: Inline - RelativeJump 0x0177284A-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x00002E59, Type: Inline - RelativeJump 0x01772E59-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x00002F1A, Type: Inline - RelativeJump 0x01772F1A-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x00002F29, Type: Inline - RelativeCall 0x01772F29-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x00002F3E, Type: Inline - RelativeJump 0x01772F3E-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x00002F93, Type: Inline - RelativeCall 0x01772F93-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x00002F99, Type: Inline - RelativeJump 0x01772F99-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x00003026, Type: Inline - RelativeJump 0x01773026-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x00003071, Type: Inline - RelativeCall 0x01773071-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x00003088, Type: Inline - RelativeCall 0x01773088-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x00003095, Type: Inline - RelativeCall 0x01773095-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x000030D4, Type: Inline - RelativeJump 0x017730D4-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll+0x000030E0, Type: Inline - RelativeCall 0x017730E0-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll-->kernel32.dll-->DisableThreadLibraryCalls, Type: IAT modification 0x71AC1000-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll-->kernel32.dll-->GetCurrentProcessId, Type: IAT modification 0x71AC1008-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll-->kernel32.dll-->GetCurrentThreadId, Type: IAT modification 0x71AC100C-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll-->kernel32.dll-->GetSystemTimeAsFileTime, Type: IAT modification 0x71AC1004-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll-->kernel32.dll-->GetTickCount, Type: IAT modification 0x71AC1010-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll-->kernel32.dll-->QueryPerformanceCounter, Type: IAT modification 0x71AC1018-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll-->ws2_32.dll-->WSARecv, Type: IAT modification 0x71AC102C-->00000000 [unknown_code_page]
[284]explorer.exe-->wsock32.dll-->ws2_32.dll-->WSARecvFrom, Type: IAT modification 0x71AC1028-->00000000 [unknown_code_page]
[3664]alg.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x7C90CFEE-->00000000 [unknown_code_page]
[3664]alg.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x7C90D0AE-->00000000 [unknown_code_page]
[3664]alg.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x7C90D0EE-->00000000 [unknown_code_page]
[3664]alg.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x7C90D17E-->00000000 [unknown_code_page]
[3664]alg.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x7C90D24E-->00000000 [unknown_code_page]
[3664]alg.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x7C90D26E-->00000000 [unknown_code_page]
[3664]alg.exe-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x7C90DA5E-->00000000 [unknown_code_page]
[3664]alg.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x7C90DC5E-->00000000 [unknown_code_page]
[3664]alg.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x7C90DDCE-->00000000 [unknown_code_page]
[3664]alg.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x7C90DE6E-->00000000 [unknown_code_page]
[3664]alg.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x7C90DF7E-->00000000 [unknown_code_page]
[3664]alg.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x7C90DF8E-->00000000 [unknown_code_page]
[3664]alg.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x7C90DFAE-->00000000 [unknown_code_page]
[3664]alg.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x7E42384E-->00000000 [unknown_code_page]
[3664]alg.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x7E4595BD-->00000000 [unknown_code_page]
[3664]alg.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x7E4242ED-->00000000 [unknown_code_page]
[3664]alg.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x7E4299F3-->00000000 [unknown_code_page]
[3664]alg.exe-->ws2_32.dll-->WSAConnect, Type: IAT modification 0x010010F0-->00000000 [ws2_32.dll]
[3664]alg.exe-->ws2_32.dll-->WSAEnumNetworkEvents, Type: IAT modification 0x010010EC-->00000000 [ws2_32.dll]
[3664]alg.exe-->ws2_32.dll-->WSAEventSelect, Type: IAT modification 0x010010F4-->00000000 [ws2_32.dll]
[3664]alg.exe-->ws2_32.dll-->WSASocketW, Type: IAT modification 0x010010F8-->00000000 [ws2_32.dll]
[392]mdm.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x7C90CFEE-->00000000 [unknown_code_page]
[392]mdm.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x7C90D0AE-->00000000 [unknown_code_page]
[392]mdm.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x7C90D0EE-->00000000 [unknown_code_page]
[392]mdm.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x7C90D17E-->00000000 [unknown_code_page]
[392]mdm.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x7C90D24E-->00000000 [unknown_code_page]
[392]mdm.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x7C90D26E-->00000000 [unknown_code_page]
[392]mdm.exe-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x7C90DA5E-->00000000 [unknown_code_page]
[392]mdm.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x7C90DC5E-->00000000 [unknown_code_page]
[392]mdm.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x7C90DDCE-->00000000 [unknown_code_page]
[392]mdm.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x7C90DE6E-->00000000 [unknown_code_page]
[392]mdm.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x7C90DF7E-->00000000 [unknown_code_page]
[392]mdm.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x7C90DF8E-->00000000 [unknown_code_page]
[392]mdm.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x7C90DFAE-->00000000 [unknown_code_page]
[564]sqlservr.exe-->kernel32.dll+0x00001BB9, Type: Inline - SEH 0x7C801BB9 [unknown_code_page]
[564]sqlservr.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x7C90CFEE-->00000000 [unknown_code_page]
[564]sqlservr.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x7C90D0AE-->00000000 [unknown_code_page]
[564]sqlservr.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x7C90D0EE-->00000000 [unknown_code_page]
[564]sqlservr.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x7C90D17E-->00000000 [unknown_code_page]
[564]sqlservr.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x7C90D24E-->00000000 [unknown_code_page]
[564]sqlservr.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x7C90D26E-->00000000 [unknown_code_page]
[564]sqlservr.exe-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x7C90DA5E-->00000000 [unknown_code_page]
[564]sqlservr.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x7C90DC5E-->00000000 [unknown_code_page]
[564]sqlservr.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x7C90DDCE-->00000000 [unknown_code_page]
[564]sqlservr.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x7C90DE6E-->00000000 [unknown_code_page]
[564]sqlservr.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x7C90DF7E-->00000000 [unknown_code_page]
[564]sqlservr.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x7C90DF8E-->00000000 [unknown_code_page]
[564]sqlservr.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x7C90DFAE-->00000000 [unknown_code_page]
[688]RTHDCPL.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x7C90CFEE-->00000000 [unknown_code_page]
[688]RTHDCPL.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x7C90D0AE-->00000000 [unknown_code_page]
[688]RTHDCPL.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x7C90D0EE-->00000000 [unknown_code_page]
[688]RTHDCPL.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x7C90D17E-->00000000 [unknown_code_page]
[688]RTHDCPL.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x7C90D24E-->00000000 [unknown_code_page]
[688]RTHDCPL.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x7C90D26E-->00000000 [unknown_code_page]
[688]RTHDCPL.exe-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x7C90DA5E-->00000000 [unknown_code_page]
[688]RTHDCPL.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x7C90DC5E-->00000000 [unknown_code_page]
[688]RTHDCPL.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x7C90DDCE-->00000000 [unknown_code_page]
[688]RTHDCPL.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x7C90DE6E-->00000000 [unknown_code_page]
[688]RTHDCPL.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x7C90DF7E-->00000000 [unknown_code_page]
[688]RTHDCPL.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x7C90DF8E-->00000000 [unknown_code_page]
[688]RTHDCPL.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x7C90DFAE-->00000000 [unknown_code_page]
[688]RTHDCPL.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x7E42384E-->00000000 [unknown_code_page]
[688]RTHDCPL.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x7E4595BD-->00000000 [unknown_code_page]
[688]RTHDCPL.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x7E4242ED-->00000000 [unknown_code_page]
[688]RTHDCPL.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x7E4299F3-->00000000 [unknown_code_page]
[788]mDNSResponder.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x7C90CFEE-->00000000 [unknown_code_page]
[788]mDNSResponder.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x7C90D0AE-->00000000 [unknown_code_page]
[788]mDNSResponder.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x7C90D0EE-->00000000 [unknown_code_page]
[788]mDNSResponder.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x7C90D17E-->00000000 [unknown_code_page]
[788]mDNSResponder.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x7C90D24E-->00000000 [unknown_code_page]
[788]mDNSResponder.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x7C90D26E-->00000000 [unknown_code_page]
[788]mDNSResponder.exe-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x7C90DA5E-->00000000 [unknown_code_page]
[788]mDNSResponder.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x7C90DC5E-->00000000 [unknown_code_page]
[788]mDNSResponder.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x7C90DDCE-->00000000 [unknown_code_page]
[788]mDNSResponder.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x7C90DE6E-->00000000 [unknown_code_page]
[788]mDNSResponder.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x7C90DF7E-->00000000 [unknown_code_page]
[788]mDNSResponder.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x7C90DF8E-->00000000 [unknown_code_page]
[788]mDNSResponder.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x7C90DFAE-->00000000 [unknown_code_page]
[788]mDNSResponder.exe-->ws2_32.dll-->WSAEventSelect, Type: IAT modification 0x0042D268-->00000000 [ws2_32.dll]
[788]mDNSResponder.exe-->ws2_32.dll-->WSAIoctl, Type: IAT modification 0x0042D25C-->00000000 [ws2_32.dll]
[788]mDNSResponder.exe-->ws2_32.dll-->WSAStringToAddressA, Type: IAT modification 0x0042D26C-->00000000 [ws2_32.dll]
[848]jusched.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x7C90CFEE-->00000000 [unknown_code_page]
[848]jusched.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x7C90D0AE-->00000000 [unknown_code_page]
[848]jusched.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x7C90D0EE-->00000000 [unknown_code_page]
[848]jusched.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x7C90D17E-->00000000 [unknown_code_page]
[848]jusched.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x7C90D24E-->00000000 [unknown_code_page]
[848]jusched.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x7C90D26E-->00000000 [unknown_code_page]
[848]jusched.exe-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x7C90DA5E-->00000000 [unknown_code_page]
[848]jusched.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x7C90DC5E-->00000000 [unknown_code_page]
[848]jusched.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x7C90DDCE-->00000000 [unknown_code_page]
[848]jusched.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x7C90DE6E-->00000000 [unknown_code_page]
[848]jusched.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x7C90DF7E-->00000000 [unknown_code_page]
[848]jusched.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x7C90DF8E-->00000000 [unknown_code_page]
[848]jusched.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x7C90DFAE-->00000000 [unknown_code_page]
[848]jusched.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x7E42384E-->00000000 [unknown_code_page]
[848]jusched.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x7E4595BD-->00000000 [unknown_code_page]
[848]jusched.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x7E4242ED-->00000000 [unknown_code_page]
[848]jusched.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x7E4299F3-->00000000 [unknown_code_page]
[892]PrintDisp.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x7C90CFEE-->00000000 [unknown_code_page]
[892]PrintDisp.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x7C90D0AE-->00000000 [unknown_code_page]
[892]PrintDisp.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x7C90D0EE-->00000000 [unknown_code_page]
[892]PrintDisp.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x7C90D17E-->00000000 [unknown_code_page]
[892]PrintDisp.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x7C90D24E-->00000000 [unknown_code_page]
[892]PrintDisp.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x7C90D26E-->00000000 [unknown_code_page]
[892]PrintDisp.exe-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x7C90DA5E-->00000000 [unknown_code_page]
[892]PrintDisp.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x7C90DC5E-->00000000 [unknown_code_page]
[892]PrintDisp.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x7C90DDCE-->00000000 [unknown_code_page]
[892]PrintDisp.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x7C90DE6E-->00000000 [unknown_code_page]
[892]PrintDisp.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x7C90DF7E-->00000000 [unknown_code_page]
[892]PrintDisp.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x7C90DF8E-->00000000 [unknown_code_page]
[892]PrintDisp.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x7C90DFAE-->00000000 [unknown_code_page]
[892]PrintDisp.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x7E42384E-->00000000 [unknown_code_page]
[892]PrintDisp.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x7E4595BD-->00000000 [unknown_code_page]
[892]PrintDisp.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x7E4242ED-->00000000 [unknown_code_page]
[892]PrintDisp.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x7E4299F3-->00000000 [unknown_code_page]
[916]csrss.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x7C90CFEE-->00000000 [unknown_code_page]
[916]csrss.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x7C90D0AE-->00000000 [unknown_code_page]
[916]csrss.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x7C90D0EE-->00000000 [unknown_code_page]
[916]csrss.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x7C90D17E-->00000000 [unknown_code_page]
[916]csrss.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x7C90D24E-->00000000 [unknown_code_page]
[916]csrss.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x7C90D26E-->00000000 [unknown_code_page]
[916]csrss.exe-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x7C90DA5E-->00000000 [unknown_code_page]
[916]csrss.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x7C90DC5E-->00000000 [unknown_code_page]
[916]csrss.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x7C90DDCE-->00000000 [unknown_code_page]
[916]csrss.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x7C90DE6E-->00000000 [unknown_code_page]
[916]csrss.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x7C90DF7E-->00000000 [unknown_code_page]
[916]csrss.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x7C90DF8E-->00000000 [unknown_code_page]
[916]csrss.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x7C90DFAE-->00000000 [unknown_code_page]
[944]winlogon.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x7C90CFEE-->00000000 [unknown_code_page]
[944]winlogon.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x7C90D0AE-->00000000 [unknown_code_page]
[944]winlogon.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x7C90D0EE-->00000000 [unknown_code_page]
[944]winlogon.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x7C90D17E-->00000000 [unknown_code_page]
[944]winlogon.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x7C90D24E-->00000000 [unknown_code_page]
[944]winlogon.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x7C90D26E-->00000000 [unknown_code_page]
[944]winlogon.exe-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x7C90DA5E-->00000000 [unknown_code_page]
[944]winlogon.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x7C90DC5E-->00000000 [unknown_code_page]
[944]winlogon.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x7C90DDCE-->00000000 [unknown_code_page]
[944]winlogon.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x7C90DE6E-->00000000 [unknown_code_page]
[944]winlogon.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x7C90DF7E-->00000000 [unknown_code_page]
[944]winlogon.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x7C90DF8E-->00000000 [unknown_code_page]
[944]winlogon.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x7C90DFAE-->00000000 [unknown_code_page]
[944]winlogon.exe-->ws2_32.dll-->getaddrinfo, Type: IAT modification 0x01001A28-->00000000 [ws2_32.dll]
[988]services.exe-->ntdll.dll-->NtClose, Type: Inline - DirectJump 0x7C90CFEE-->00000000 [unknown_code_page]
[988]services.exe-->ntdll.dll-->NtCreateFile, Type: Inline - DirectJump 0x7C90D0AE-->00000000 [unknown_code_page]
[988]services.exe-->ntdll.dll-->NtCreateKey, Type: Inline - DirectJump 0x7C90D0EE-->00000000 [unknown_code_page]
[988]services.exe-->ntdll.dll-->NtCreateSection, Type: Inline - DirectJump 0x7C90D17E-->00000000 [unknown_code_page]
[988]services.exe-->ntdll.dll-->NtDeleteKey, Type: Inline - DirectJump 0x7C90D24E-->00000000 [unknown_code_page]
[988]services.exe-->ntdll.dll-->NtDeleteValueKey, Type: Inline - DirectJump 0x7C90D26E-->00000000 [unknown_code_page]
[988]services.exe-->ntdll.dll-->NtRenameKey, Type: Inline - DirectJump 0x7C90DA5E-->00000000 [unknown_code_page]
[988]services.exe-->ntdll.dll-->NtSetInformationFile, Type: Inline - DirectJump 0x7C90DC5E-->00000000 [unknown_code_page]
[988]services.exe-->ntdll.dll-->NtSetValueKey, Type: Inline - DirectJump 0x7C90DDCE-->00000000 [unknown_code_page]
[988]services.exe-->ntdll.dll-->NtTerminateProcess, Type: Inline - DirectJump 0x7C90DE6E-->00000000 [unknown_code_page]
[988]services.exe-->ntdll.dll-->NtWriteFile, Type: Inline - DirectJump 0x7C90DF7E-->00000000 [unknown_code_page]
[988]services.exe-->ntdll.dll-->NtWriteFileGather, Type: Inline - DirectJump 0x7C90DF8E-->00000000 [unknown_code_page]
[988]services.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - DirectJump 0x7C90DFAE-->00000000 [unknown_code_page]
**/