GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-06-10 14:35:09 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD12 rev.01.0 Running: g3tlxpoi.exe; Driver: C:\DOCUME~1\PawelS\USTAWI~1\Temp\kgldapow.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xA1A20DF8] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xA1AADA5A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0xA1A2185E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xA1A4DD5D] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xA1A262E4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xA1A26330] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xA1A26422] SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwCreateKey [0xB9DAAA1C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xA1A26252] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xA1A26374] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xA1A2629A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xA1A263DC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xA1A20E44] SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwDeleteKey [0xB9DAAC10] SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwDeleteValueKey [0xB9DAACB6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xA1A239A8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xA1A4E28E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xA1A4E0F9] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xA1AADB34] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xA1A20AD6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xA1A20E90] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xA1A23D1C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xA1A21B02] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xA1A2630E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xA1A26352] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xA1A26446] SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwOpenKey [0xB9DAA90C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xA1A26278] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xA1A23518] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xA1A263AE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xA1A262C2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xA1A2374C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xA1A26400] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xA1AADCA0] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xA1A4DF74] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xA1A219CE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xA1A4DDC6] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xA1AB7B68] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xA1A4CD84] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xA1A20EDC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xA1A20F28] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xA1A20B46] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xA1A20CEA] SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwSetValueKey [0xB9DAAE52] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xA1A20C92] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xA1A20D5A] SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwTerminateProcess [0xB9DACB30] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xA1A20F74] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwWriteVirtualMemory [0xA1AADBE0] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xA1AC3D92] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject ---- Kernel code sections - GMER 1.0.15 ---- PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 805A64B0 4 Bytes CALL A1A2219F \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BC55E 5 Bytes JMP A1AC0C8C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ObInsertObject 805C2FE2 5 Bytes JMP A1AC274C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D119A 7 Bytes JMP A1AC3D96 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) .text win32k.sys!EngFreeUserMem + 674 BF8098E2 5 Bytes JMP A1A25180 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngFreeUserMem + 35D0 BF80C83E 5 Bytes JMP A1A2507C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngDeleteSurface + 45 BF8138D6 5 Bytes JMP A1A25036 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!BRUSHOBJ_pvAllocRbrush + 11D3 BF81C540 5 Bytes JMP A1A24724 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngSetLastError + 79A8 BF8240B0 5 Bytes JMP A1A23F84 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateBitmap + F9C BF828A1A 5 Bytes JMP A1A252EA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngUnmapFontFileFD + 2C50 BF831465 5 Bytes JMP A1A254F2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngUnmapFontFileFD + B687 BF839E9C 5 Bytes JMP A1A24F3C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!FONTOBJ_pxoGetXform + C2CF BF85173B 5 Bytes JMP A1A23E66 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XLATEOBJ_iXlate + F17 BF85BC5A 5 Bytes JMP A1A247E6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XLATEOBJ_iXlate + 3581 BF85E2C4 5 Bytes JMP A1A24384 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XLATEOBJ_iXlate + 360C BF85E34F 5 Bytes JMP A1A24562 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreatePalette + 88 BF85F5C2 5 Bytes JMP A1A23E4E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreatePalette + 5457 BF864991 5 Bytes JMP A1A250BA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGetCurrentCodePage + 4128 BF873CC4 5 Bytes JMP A1A2451C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGetLastError + 1606 BF890F01 5 Bytes JMP A1A247FE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGradientFill + 26EE BF8944AC 5 Bytes JMP A1A25232 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngStretchBltROP + 583 BF894F84 5 Bytes JMP A1A25450 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCopyBits + 3857 BF89C32B 5 Bytes JMP A1A2470C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCopyBits + 4DEC BF89D8C0 5 Bytes JMP A1A23FF4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngEraseSurface + A9DB BF8C1E40 5 Bytes JMP A1A24104 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngFillPath + 1517 BF8CA2A2 5 Bytes JMP A1A241AC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngFillPath + 1797 BF8CA522 5 Bytes JMP A1A242E4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngDeleteSemaphore + 3B3E BF8EBEF7 5 Bytes JMP A1A23D52 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngDeleteSemaphore + CB46 BF8F4EFF 5 Bytes JMP A1A2473C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 1A2D BF9136C2 5 Bytes JMP A1A23F22 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 2601 BF914296 5 Bytes JMP A1A240B0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 4F7A BF916C0F 5 Bytes JMP A1A2467C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngPlgBlt + 194D BF946CFD 5 Bytes JMP A1A253A8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[148] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[148] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP } .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[148] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\System32\smss.exe[208] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\spoolsv.exe[264] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\spoolsv.exe[264] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [20, 71] .text C:\WINDOWS\system32\spoolsv.exe[264] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\spoolsv.exe[264] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [38, 71] .text C:\WINDOWS\system32\spoolsv.exe[264] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\spoolsv.exe[264] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\spoolsv.exe[264] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\spoolsv.exe[264] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70A6000A .text C:\WINDOWS\system32\spoolsv.exe[264] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70D9000A .text C:\WINDOWS\system32\spoolsv.exe[264] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7124000A .text C:\WINDOWS\system32\spoolsv.exe[264] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70CD000A .text C:\WINDOWS\system32\spoolsv.exe[264] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 716B000A .text C:\WINDOWS\system32\spoolsv.exe[264] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 715F000A .text C:\WINDOWS\system32\spoolsv.exe[264] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7165000A .text C:\WINDOWS\system32\spoolsv.exe[264] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7162000A .text C:\WINDOWS\system32\spoolsv.exe[264] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 714E000A .text C:\WINDOWS\system32\spoolsv.exe[264] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7151000A .text C:\WINDOWS\system32\spoolsv.exe[264] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 70D0000A .text C:\WINDOWS\system32\spoolsv.exe[264] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 707F000A .text C:\WINDOWS\system32\spoolsv.exe[264] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70BB000A .text C:\WINDOWS\system32\spoolsv.exe[264] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 705E000A .text C:\WINDOWS\system32\spoolsv.exe[264] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 710F000A .text C:\WINDOWS\system32\spoolsv.exe[264] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 715C000A .text C:\WINDOWS\system32\spoolsv.exe[264] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 7088000A .text C:\WINDOWS\system32\spoolsv.exe[264] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 708B000A .text C:\WINDOWS\system32\spoolsv.exe[264] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 7082000A .text C:\WINDOWS\system32\spoolsv.exe[264] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 7085000A .text C:\WINDOWS\system32\spoolsv.exe[264] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 7109000A .text C:\WINDOWS\system32\spoolsv.exe[264] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\spoolsv.exe[264] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [6D, 71] .text C:\WINDOWS\system32\spoolsv.exe[264] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 70D3000A .text C:\WINDOWS\system32\spoolsv.exe[264] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 70DC000A .text C:\WINDOWS\system32\spoolsv.exe[264] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 709D000A .text C:\WINDOWS\system32\spoolsv.exe[264] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 7136000A .text C:\WINDOWS\system32\spoolsv.exe[264] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 7058000A .text C:\WINDOWS\system32\spoolsv.exe[264] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70A3000A .text C:\WINDOWS\system32\spoolsv.exe[264] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 710C000A .text C:\WINDOWS\system32\spoolsv.exe[264] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70AF000A .text C:\WINDOWS\system32\spoolsv.exe[264] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70B8000A .text C:\WINDOWS\system32\spoolsv.exe[264] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70B5000A .text C:\WINDOWS\system32\spoolsv.exe[264] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 704F000A .text C:\WINDOWS\system32\spoolsv.exe[264] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 7070000A .text C:\WINDOWS\system32\spoolsv.exe[264] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 706D000A .text C:\WINDOWS\system32\spoolsv.exe[264] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 70A0000A .text C:\WINDOWS\system32\spoolsv.exe[264] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 7052000A .text C:\WINDOWS\system32\spoolsv.exe[264] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 705B000A .text C:\WINDOWS\system32\spoolsv.exe[264] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 7133000A .text C:\WINDOWS\system32\spoolsv.exe[264] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 7055000A .text C:\WINDOWS\system32\spoolsv.exe[264] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70B2000A .text C:\WINDOWS\system32\spoolsv.exe[264] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 713F000A .text C:\WINDOWS\system32\spoolsv.exe[264] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 709A000A .text C:\WINDOWS\system32\spoolsv.exe[264] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 70D6000A .text C:\WINDOWS\system32\spoolsv.exe[264] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\spoolsv.exe[264] ADVAPI32.dll!RegOpenKeyExW 77DC6AAF 6 Bytes JMP 70F1000A .text C:\WINDOWS\system32\spoolsv.exe[264] ADVAPI32.dll!RegQueryValueExW 77DC6FFF 6 Bytes JMP 70DF000A .text C:\WINDOWS\system32\spoolsv.exe[264] ADVAPI32.dll!RegCreateKeyExW 77DC776C 6 Bytes JMP 7103000A .text C:\WINDOWS\system32\spoolsv.exe[264] ADVAPI32.dll!RegOpenKeyExA 77DC7852 6 Bytes JMP 70F4000A .text C:\WINDOWS\system32\spoolsv.exe[264] ADVAPI32.dll!RegOpenKeyW 77DC7946 6 Bytes JMP 70F7000A .text C:\WINDOWS\system32\spoolsv.exe[264] ADVAPI32.dll!OpenProcessToken 77DC798B 6 Bytes JMP 7097000A .text C:\WINDOWS\system32\spoolsv.exe[264] ADVAPI32.dll!RegQueryValueExA 77DC7ABB 6 Bytes JMP 70E2000A .text C:\WINDOWS\system32\spoolsv.exe[264] ADVAPI32.dll!RegSetValueExW 77DCD767 6 Bytes JMP 70EB000A .text C:\WINDOWS\system32\spoolsv.exe[264] ADVAPI32.dll!RegQueryValueW 77DCD87A 6 Bytes JMP 70E5000A .text C:\WINDOWS\system32\spoolsv.exe[264] ADVAPI32.dll!RegCreateKeyExA 77DCE9F4 6 Bytes JMP 7106000A .text C:\WINDOWS\system32\spoolsv.exe[264] ADVAPI32.dll!RegSetValueExA 77DCEAE7 6 Bytes JMP 70EE000A .text C:\WINDOWS\system32\spoolsv.exe[264] ADVAPI32.dll!RegOpenKeyA 77DCEFC8 6 Bytes JMP 70FA000A .text C:\WINDOWS\system32\spoolsv.exe[264] ADVAPI32.dll!AdjustTokenPrivileges 77DCF00C 6 Bytes JMP 708E000A .text C:\WINDOWS\system32\spoolsv.exe[264] ADVAPI32.dll!RegDeleteKeyA 77DD42A0 6 Bytes JMP 706A000A .text C:\WINDOWS\system32\spoolsv.exe[264] ADVAPI32.dll!RegDeleteKeyW 77DD559B 6 Bytes JMP 7067000A .text C:\WINDOWS\system32\spoolsv.exe[264] ADVAPI32.dll!OpenSCManagerW 77DD6F55 6 Bytes JMP 70C7000A .text C:\WINDOWS\system32\spoolsv.exe[264] ADVAPI32.dll!OpenSCManagerA 77DE69AE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\spoolsv.exe[264] ADVAPI32.dll!OpenSCManagerA + 4 77DE69B2 2 Bytes [C9, 70] .text C:\WINDOWS\system32\spoolsv.exe[264] ADVAPI32.dll!LookupPrivilegeValueW 77DEB8DF 6 Bytes JMP 7091000A .text C:\WINDOWS\system32\spoolsv.exe[264] ADVAPI32.dll!RegCreateKeyW 77DEBA55 6 Bytes JMP 70FD000A .text C:\WINDOWS\system32\spoolsv.exe[264] ADVAPI32.dll!RegQueryValueA 77DEBB8D 6 Bytes JMP 70E8000A .text C:\WINDOWS\system32\spoolsv.exe[264] ADVAPI32.dll!RegCreateKeyA 77DEBCF3 6 Bytes JMP 7100000A .text C:\WINDOWS\system32\spoolsv.exe[264] ADVAPI32.dll!LookupPrivilegeValueA 77DEC238 6 Bytes JMP 7094000A .text C:\WINDOWS\system32\spoolsv.exe[264] ADVAPI32.dll!LsaRemoveAccountRights 77E0AC91 6 Bytes JMP 7168000A .text C:\WINDOWS\system32\spoolsv.exe[264] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\spoolsv.exe[264] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\spoolsv.exe[264] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\spoolsv.exe[264] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\spoolsv.exe[264] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\spoolsv.exe[264] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\spoolsv.exe[264] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\spoolsv.exe[264] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\spoolsv.exe[264] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\spoolsv.exe[264] USER32.dll!SetWindowTextW 7E37960E 6 Bytes JMP 7061000A .text C:\WINDOWS\system32\spoolsv.exe[264] USER32.dll!GetKeyState 7E379ED9 6 Bytes JMP 7130000A .text C:\WINDOWS\system32\spoolsv.exe[264] USER32.dll!GetWindowTextW 7E37A5CD 6 Bytes JMP 70C1000A .text C:\WINDOWS\system32\spoolsv.exe[264] USER32.dll!GetAsyncKeyState 7E37A78F 6 Bytes JMP 712D000A .text C:\WINDOWS\system32\spoolsv.exe[264] USER32.dll!ShowWindow 7E37AF56 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\spoolsv.exe[264] USER32.dll!ShowWindow + 4 7E37AF5A 2 Bytes [BD, 70] .text C:\WINDOWS\system32\spoolsv.exe[264] USER32.dll!CreateWindowExW 7E37D0A3 6 Bytes JMP 7073000A .text C:\WINDOWS\system32\spoolsv.exe[264] USER32.dll!GetKeyboardState 7E37D226 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\spoolsv.exe[264] USER32.dll!GetKeyboardState + 4 7E37D22A 2 Bytes [29, 71] .text C:\WINDOWS\system32\spoolsv.exe[264] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\spoolsv.exe[264] USER32.dll!DrawTextW 7E37D7E2 6 Bytes JMP 7079000A .text C:\WINDOWS\system32\spoolsv.exe[264] USER32.dll!CreateWindowExA 7E37E4A9 6 Bytes JMP 7076000A .text C:\WINDOWS\system32\spoolsv.exe[264] USER32.dll!SetWindowTextA 7E37F56B 6 Bytes JMP 7064000A .text C:\WINDOWS\system32\spoolsv.exe[264] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\spoolsv.exe[264] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\spoolsv.exe[264] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\spoolsv.exe[264] USER32.dll!GetWindowTextA 7E38216B 6 Bytes JMP 70C4000A .text C:\WINDOWS\system32\spoolsv.exe[264] USER32.dll!DrawTextA 7E38C702 6 Bytes JMP 707C000A .text C:\WINDOWS\system32\spoolsv.exe[264] USER32.dll!DdeConnect 7E3A81C3 6 Bytes JMP 7127000A .text C:\WINDOWS\system32\spoolsv.exe[264] USER32.dll!EndTask 7E3AA0A5 6 Bytes JMP 713C000A .text C:\WINDOWS\system32\spoolsv.exe[264] USER32.dll!RegisterRawInputDevices 7E3BCE0E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\spoolsv.exe[264] USER32.dll!RegisterRawInputDevices + 4 7E3BCE12 2 Bytes [11, 71] .text C:\WINDOWS\system32\spoolsv.exe[264] SHELL32.dll!ShellExecuteExW 7CA098CB 6 Bytes JMP 7142000A .text C:\WINDOWS\system32\spoolsv.exe[264] SHELL32.dll!Shell_NotifyIcon 7CA28BC6 6 Bytes JMP 70AC000A .text C:\WINDOWS\system32\spoolsv.exe[264] SHELL32.dll!Shell_NotifyIconW 7CA2A537 6 Bytes JMP 70A9000A .text C:\WINDOWS\system32\spoolsv.exe[264] SHELL32.dll!ShellExecuteEx 7CA40E45 6 Bytes JMP 7145000A .text C:\WINDOWS\system32\spoolsv.exe[264] SHELL32.dll!ShellExecuteA 7CA41170 6 Bytes JMP 714B000A .text C:\WINDOWS\system32\spoolsv.exe[264] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 7148000A .text C:\WINDOWS\Explorer.EXE[628] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\Explorer.EXE[628] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [1D, 71] .text C:\WINDOWS\Explorer.EXE[628] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\Explorer.EXE[628] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [35, 71] .text C:\WINDOWS\Explorer.EXE[628] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\Explorer.EXE[628] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\Explorer.EXE[628] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\Explorer.EXE[628] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70A3000A .text C:\WINDOWS\Explorer.EXE[628] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70D6000A .text C:\WINDOWS\Explorer.EXE[628] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7121000A .text C:\WINDOWS\Explorer.EXE[628] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70CA000A .text C:\WINDOWS\Explorer.EXE[628] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 7168000A .text C:\WINDOWS\Explorer.EXE[628] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 715C000A .text C:\WINDOWS\Explorer.EXE[628] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7162000A .text C:\WINDOWS\Explorer.EXE[628] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 715F000A .text C:\WINDOWS\Explorer.EXE[628] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 714B000A .text C:\WINDOWS\Explorer.EXE[628] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 714E000A .text C:\WINDOWS\Explorer.EXE[628] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 70CD000A .text C:\WINDOWS\Explorer.EXE[628] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 7076000A .text C:\WINDOWS\Explorer.EXE[628] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70B8000A .text C:\WINDOWS\Explorer.EXE[628] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 7055000A .text C:\WINDOWS\Explorer.EXE[628] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 710C000A .text C:\WINDOWS\Explorer.EXE[628] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 7159000A .text C:\WINDOWS\Explorer.EXE[628] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 707F000A .text C:\WINDOWS\Explorer.EXE[628] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 7082000A .text C:\WINDOWS\Explorer.EXE[628] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 7079000A .text C:\WINDOWS\Explorer.EXE[628] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 707C000A .text C:\WINDOWS\Explorer.EXE[628] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 7106000A .text C:\WINDOWS\Explorer.EXE[628] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\Explorer.EXE[628] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [6D, 71] .text C:\WINDOWS\Explorer.EXE[628] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 70D0000A .text C:\WINDOWS\Explorer.EXE[628] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 70D9000A .text C:\WINDOWS\Explorer.EXE[628] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 7094000A .text C:\WINDOWS\Explorer.EXE[628] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 7133000A .text C:\WINDOWS\Explorer.EXE[628] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 704F000A .text C:\WINDOWS\Explorer.EXE[628] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 709A000A .text C:\WINDOWS\Explorer.EXE[628] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 7109000A .text C:\WINDOWS\Explorer.EXE[628] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70AC000A .text C:\WINDOWS\Explorer.EXE[628] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70B5000A .text C:\WINDOWS\Explorer.EXE[628] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70B2000A .text C:\WINDOWS\Explorer.EXE[628] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 7046000A .text C:\WINDOWS\Explorer.EXE[628] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 7067000A .text C:\WINDOWS\Explorer.EXE[628] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 7064000A .text C:\WINDOWS\Explorer.EXE[628] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 7097000A .text C:\WINDOWS\Explorer.EXE[628] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 7049000A .text C:\WINDOWS\Explorer.EXE[628] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 7052000A .text C:\WINDOWS\Explorer.EXE[628] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 7130000A .text C:\WINDOWS\Explorer.EXE[628] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 704C000A .text C:\WINDOWS\Explorer.EXE[628] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70AF000A .text C:\WINDOWS\Explorer.EXE[628] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 713C000A .text C:\WINDOWS\Explorer.EXE[628] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 7091000A .text C:\WINDOWS\Explorer.EXE[628] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 70D3000A .text C:\WINDOWS\Explorer.EXE[628] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\Explorer.EXE[628] ADVAPI32.dll!RegOpenKeyExW 77DC6AAF 6 Bytes JMP 70EE000A .text C:\WINDOWS\Explorer.EXE[628] ADVAPI32.dll!RegQueryValueExW 77DC6FFF 6 Bytes JMP 70DC000A .text C:\WINDOWS\Explorer.EXE[628] ADVAPI32.dll!RegCreateKeyExW 77DC776C 6 Bytes JMP 7100000A .text C:\WINDOWS\Explorer.EXE[628] ADVAPI32.dll!RegOpenKeyExA 77DC7852 6 Bytes JMP 70F1000A .text C:\WINDOWS\Explorer.EXE[628] ADVAPI32.dll!RegOpenKeyW 77DC7946 6 Bytes JMP 70F4000A .text C:\WINDOWS\Explorer.EXE[628] ADVAPI32.dll!OpenProcessToken 77DC798B 6 Bytes JMP 708E000A .text C:\WINDOWS\Explorer.EXE[628] ADVAPI32.dll!RegQueryValueExA 77DC7ABB 6 Bytes JMP 70DF000A .text C:\WINDOWS\Explorer.EXE[628] ADVAPI32.dll!RegSetValueExW 77DCD767 6 Bytes JMP 70E8000A .text C:\WINDOWS\Explorer.EXE[628] ADVAPI32.dll!RegQueryValueW 77DCD87A 6 Bytes JMP 70E2000A .text C:\WINDOWS\Explorer.EXE[628] ADVAPI32.dll!RegCreateKeyExA 77DCE9F4 6 Bytes JMP 7103000A .text C:\WINDOWS\Explorer.EXE[628] ADVAPI32.dll!RegSetValueExA 77DCEAE7 6 Bytes JMP 70EB000A .text C:\WINDOWS\Explorer.EXE[628] ADVAPI32.dll!RegOpenKeyA 77DCEFC8 6 Bytes JMP 70F7000A .text C:\WINDOWS\Explorer.EXE[628] ADVAPI32.dll!AdjustTokenPrivileges 77DCF00C 6 Bytes JMP 7085000A .text C:\WINDOWS\Explorer.EXE[628] ADVAPI32.dll!RegDeleteKeyA 77DD42A0 6 Bytes JMP 7061000A .text C:\WINDOWS\Explorer.EXE[628] ADVAPI32.dll!RegDeleteKeyW 77DD559B 6 Bytes JMP 705E000A .text C:\WINDOWS\Explorer.EXE[628] ADVAPI32.dll!OpenSCManagerW 77DD6F55 6 Bytes JMP 70C4000A .text C:\WINDOWS\Explorer.EXE[628] ADVAPI32.dll!OpenSCManagerA 77DE69AE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\Explorer.EXE[628] ADVAPI32.dll!OpenSCManagerA + 4 77DE69B2 2 Bytes [C6, 70] .text C:\WINDOWS\Explorer.EXE[628] ADVAPI32.dll!LookupPrivilegeValueW 77DEB8DF 6 Bytes JMP 7088000A .text C:\WINDOWS\Explorer.EXE[628] ADVAPI32.dll!RegCreateKeyW 77DEBA55 6 Bytes JMP 70FA000A .text C:\WINDOWS\Explorer.EXE[628] ADVAPI32.dll!RegQueryValueA 77DEBB8D 6 Bytes JMP 70E5000A .text C:\WINDOWS\Explorer.EXE[628] ADVAPI32.dll!RegCreateKeyA 77DEBCF3 6 Bytes JMP 70FD000A .text C:\WINDOWS\Explorer.EXE[628] ADVAPI32.dll!LookupPrivilegeValueA 77DEC238 6 Bytes JMP 708B000A .text C:\WINDOWS\Explorer.EXE[628] ADVAPI32.dll!LsaRemoveAccountRights 77E0AC91 6 Bytes JMP 7165000A .text C:\WINDOWS\Explorer.EXE[628] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00381014 .text C:\WINDOWS\Explorer.EXE[628] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00380804 .text C:\WINDOWS\Explorer.EXE[628] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00380A08 .text C:\WINDOWS\Explorer.EXE[628] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00380C0C .text C:\WINDOWS\Explorer.EXE[628] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00380E10 .text C:\WINDOWS\Explorer.EXE[628] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003801F8 .text C:\WINDOWS\Explorer.EXE[628] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003803FC .text C:\WINDOWS\Explorer.EXE[628] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00380600 .text C:\WINDOWS\Explorer.EXE[628] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00390804 .text C:\WINDOWS\Explorer.EXE[628] USER32.dll!SetWindowTextW 7E37960E 6 Bytes JMP 7058000A .text C:\WINDOWS\Explorer.EXE[628] USER32.dll!GetKeyState 7E379ED9 6 Bytes JMP 712D000A .text C:\WINDOWS\Explorer.EXE[628] USER32.dll!GetWindowTextW 7E37A5CD 6 Bytes JMP 70BE000A .text C:\WINDOWS\Explorer.EXE[628] USER32.dll!GetAsyncKeyState 7E37A78F 6 Bytes JMP 712A000A .text C:\WINDOWS\Explorer.EXE[628] USER32.dll!ShowWindow 7E37AF56 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\Explorer.EXE[628] USER32.dll!ShowWindow + 4 7E37AF5A 2 Bytes [BA, 70] .text C:\WINDOWS\Explorer.EXE[628] USER32.dll!CreateWindowExW 7E37D0A3 6 Bytes JMP 706A000A .text C:\WINDOWS\Explorer.EXE[628] USER32.dll!GetKeyboardState 7E37D226 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\Explorer.EXE[628] USER32.dll!GetKeyboardState + 4 7E37D22A 2 Bytes [26, 71] .text C:\WINDOWS\Explorer.EXE[628] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00390A08 .text C:\WINDOWS\Explorer.EXE[628] USER32.dll!DrawTextW 7E37D7E2 6 Bytes JMP 7070000A .text C:\WINDOWS\Explorer.EXE[628] USER32.dll!CreateWindowExA 7E37E4A9 6 Bytes JMP 706D000A .text C:\WINDOWS\Explorer.EXE[628] USER32.dll!SetWindowTextA 7E37F56B 6 Bytes JMP 705B000A .text C:\WINDOWS\Explorer.EXE[628] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00390600 .text C:\WINDOWS\Explorer.EXE[628] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003901F8 .text C:\WINDOWS\Explorer.EXE[628] USER32.dll!UnhookWinEvent 7E3818AC 3 Bytes JMP 003903FC .text C:\WINDOWS\Explorer.EXE[628] USER32.dll!UnhookWinEvent + 4 7E3818B0 1 Byte [82] .text C:\WINDOWS\Explorer.EXE[628] USER32.dll!GetWindowTextA 7E38216B 6 Bytes JMP 70C1000A .text C:\WINDOWS\Explorer.EXE[628] USER32.dll!DrawTextA 7E38C702 6 Bytes JMP 7073000A .text C:\WINDOWS\Explorer.EXE[628] USER32.dll!DdeConnect 7E3A81C3 6 Bytes JMP 7124000A .text C:\WINDOWS\Explorer.EXE[628] USER32.dll!EndTask 7E3AA0A5 6 Bytes JMP 7139000A .text C:\WINDOWS\Explorer.EXE[628] USER32.dll!RegisterRawInputDevices 7E3BCE0E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\Explorer.EXE[628] USER32.dll!RegisterRawInputDevices + 4 7E3BCE12 2 Bytes [0E, 71] .text C:\WINDOWS\Explorer.EXE[628] WININET.dll!InternetOpenUrlA 3FD1F3BC 6 Bytes JMP 70A0000A .text C:\WINDOWS\Explorer.EXE[628] WININET.dll!InternetOpenUrlW 3FD66DFF 6 Bytes JMP 709D000A .text C:\WINDOWS\Explorer.EXE[628] SHELL32.dll!ShellExecuteExW 7CA098CB 6 Bytes JMP 713F000A .text C:\WINDOWS\Explorer.EXE[628] SHELL32.dll!Shell_NotifyIcon 7CA28BC6 6 Bytes JMP 70A9000A .text C:\WINDOWS\Explorer.EXE[628] SHELL32.dll!Shell_NotifyIconW 7CA2A537 6 Bytes JMP 70A6000A .text C:\WINDOWS\Explorer.EXE[628] SHELL32.dll!ShellExecuteEx 7CA40E45 6 Bytes JMP 7142000A .text C:\WINDOWS\Explorer.EXE[628] SHELL32.dll!ShellExecuteA 7CA41170 6 Bytes JMP 7148000A .text C:\WINDOWS\Explorer.EXE[628] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 7145000A .text C:\WINDOWS\system32\csrss.exe[848] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\csrss.exe[848] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[968] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000701F8 .text C:\WINDOWS\system32\winlogon.exe[968] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[968] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000703FC .text C:\WINDOWS\system32\winlogon.exe[968] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 7102000A .text C:\WINDOWS\system32\winlogon.exe[968] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 7135000A .text C:\WINDOWS\system32\winlogon.exe[968] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 7129000A .text C:\WINDOWS\system32\winlogon.exe[968] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 716B000A .text C:\WINDOWS\system32\winlogon.exe[968] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 712C000A .text C:\WINDOWS\system32\winlogon.exe[968] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 70DB000A .text C:\WINDOWS\system32\winlogon.exe[968] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 7117000A .text C:\WINDOWS\system32\winlogon.exe[968] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 70BA000A .text C:\WINDOWS\system32\winlogon.exe[968] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 716E000A .text C:\WINDOWS\system32\winlogon.exe[968] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 70E4000A .text C:\WINDOWS\system32\winlogon.exe[968] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 70E7000A .text C:\WINDOWS\system32\winlogon.exe[968] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 70DE000A .text C:\WINDOWS\system32\winlogon.exe[968] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 70E1000A .text C:\WINDOWS\system32\winlogon.exe[968] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 7165000A .text C:\WINDOWS\system32\winlogon.exe[968] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 712F000A .text C:\WINDOWS\system32\winlogon.exe[968] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 7138000A .text C:\WINDOWS\system32\winlogon.exe[968] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 70F9000A .text C:\WINDOWS\system32\winlogon.exe[968] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 70B4000A .text C:\WINDOWS\system32\winlogon.exe[968] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70FF000A .text C:\WINDOWS\system32\winlogon.exe[968] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 7168000A .text C:\WINDOWS\system32\winlogon.exe[968] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 710B000A .text C:\WINDOWS\system32\winlogon.exe[968] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 7114000A .text C:\WINDOWS\system32\winlogon.exe[968] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 7111000A .text C:\WINDOWS\system32\winlogon.exe[968] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 70AB000A .text C:\WINDOWS\system32\winlogon.exe[968] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 70CC000A .text C:\WINDOWS\system32\winlogon.exe[968] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 70C9000A .text C:\WINDOWS\system32\winlogon.exe[968] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 70FC000A .text C:\WINDOWS\system32\winlogon.exe[968] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 70AE000A .text C:\WINDOWS\system32\winlogon.exe[968] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 70B7000A .text C:\WINDOWS\system32\winlogon.exe[968] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 70B1000A .text C:\WINDOWS\system32\winlogon.exe[968] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 710E000A .text C:\WINDOWS\system32\winlogon.exe[968] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 70F6000A .text C:\WINDOWS\system32\winlogon.exe[968] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 7132000A .text C:\WINDOWS\system32\winlogon.exe[968] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[968] ADVAPI32.dll!RegOpenKeyExW 77DC6AAF 6 Bytes JMP 714D000A .text C:\WINDOWS\system32\winlogon.exe[968] ADVAPI32.dll!RegQueryValueExW 77DC6FFF 6 Bytes JMP 713B000A .text C:\WINDOWS\system32\winlogon.exe[968] ADVAPI32.dll!RegCreateKeyExW 77DC776C 6 Bytes JMP 715F000A .text C:\WINDOWS\system32\winlogon.exe[968] ADVAPI32.dll!RegOpenKeyExA 77DC7852 6 Bytes JMP 7150000A .text C:\WINDOWS\system32\winlogon.exe[968] ADVAPI32.dll!RegOpenKeyW 77DC7946 6 Bytes JMP 7153000A .text C:\WINDOWS\system32\winlogon.exe[968] ADVAPI32.dll!OpenProcessToken 77DC798B 6 Bytes JMP 70F3000A .text C:\WINDOWS\system32\winlogon.exe[968] ADVAPI32.dll!RegQueryValueExA 77DC7ABB 6 Bytes JMP 713E000A .text C:\WINDOWS\system32\winlogon.exe[968] ADVAPI32.dll!RegSetValueExW 77DCD767 6 Bytes JMP 7147000A .text C:\WINDOWS\system32\winlogon.exe[968] ADVAPI32.dll!RegQueryValueW 77DCD87A 6 Bytes JMP 7141000A .text C:\WINDOWS\system32\winlogon.exe[968] ADVAPI32.dll!RegCreateKeyExA 77DCE9F4 6 Bytes JMP 7162000A .text C:\WINDOWS\system32\winlogon.exe[968] ADVAPI32.dll!RegSetValueExA 77DCEAE7 6 Bytes JMP 714A000A .text C:\WINDOWS\system32\winlogon.exe[968] ADVAPI32.dll!RegOpenKeyA 77DCEFC8 6 Bytes JMP 7156000A .text C:\WINDOWS\system32\winlogon.exe[968] ADVAPI32.dll!AdjustTokenPrivileges 77DCF00C 6 Bytes JMP 70EA000A .text C:\WINDOWS\system32\winlogon.exe[968] ADVAPI32.dll!RegDeleteKeyA 77DD42A0 6 Bytes JMP 70C6000A .text C:\WINDOWS\system32\winlogon.exe[968] ADVAPI32.dll!RegDeleteKeyW 77DD559B 6 Bytes JMP 70C3000A .text C:\WINDOWS\system32\winlogon.exe[968] ADVAPI32.dll!OpenSCManagerW 77DD6F55 6 Bytes JMP 7123000A .text C:\WINDOWS\system32\winlogon.exe[968] ADVAPI32.dll!OpenSCManagerA 77DE69AE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\winlogon.exe[968] ADVAPI32.dll!OpenSCManagerA + 4 77DE69B2 2 Bytes [25, 71] .text C:\WINDOWS\system32\winlogon.exe[968] ADVAPI32.dll!LookupPrivilegeValueW 77DEB8DF 4 Bytes JMP EC001E25 .text C:\WINDOWS\system32\winlogon.exe[968] ADVAPI32.dll!LookupPrivilegeValueW + 5 77DEB8E4 1 Byte [70] .text C:\WINDOWS\system32\winlogon.exe[968] ADVAPI32.dll!RegCreateKeyW 77DEBA55 6 Bytes JMP 7159000A .text C:\WINDOWS\system32\winlogon.exe[968] ADVAPI32.dll!RegQueryValueA 77DEBB8D 6 Bytes JMP 7144000A .text C:\WINDOWS\system32\winlogon.exe[968] ADVAPI32.dll!RegCreateKeyA 77DEBCF3 6 Bytes JMP 715C000A .text C:\WINDOWS\system32\winlogon.exe[968] ADVAPI32.dll!LookupPrivilegeValueA 77DEC238 6 Bytes JMP 70F0000A .text C:\WINDOWS\system32\winlogon.exe[968] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\winlogon.exe[968] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\winlogon.exe[968] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\winlogon.exe[968] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\winlogon.exe[968] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\winlogon.exe[968] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\winlogon.exe[968] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\winlogon.exe[968] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\winlogon.exe[968] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\winlogon.exe[968] USER32.dll!SetWindowTextW 7E37960E 6 Bytes JMP 70BD000A .text C:\WINDOWS\system32\winlogon.exe[968] USER32.dll!GetWindowTextW 7E37A5CD 6 Bytes JMP 711D000A .text C:\WINDOWS\system32\winlogon.exe[968] USER32.dll!ShowWindow 7E37AF56 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\winlogon.exe[968] USER32.dll!ShowWindow + 4 7E37AF5A 2 Bytes [19, 71] .text C:\WINDOWS\system32\winlogon.exe[968] USER32.dll!CreateWindowExW 7E37D0A3 6 Bytes JMP 70CF000A .text C:\WINDOWS\system32\winlogon.exe[968] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\winlogon.exe[968] USER32.dll!DrawTextW 7E37D7E2 6 Bytes JMP 70D5000A .text C:\WINDOWS\system32\winlogon.exe[968] USER32.dll!CreateWindowExA 7E37E4A9 6 Bytes JMP 70D2000A .text C:\WINDOWS\system32\winlogon.exe[968] USER32.dll!SetWindowTextA 7E37F56B 6 Bytes JMP 70C0000A .text C:\WINDOWS\system32\winlogon.exe[968] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\winlogon.exe[968] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\winlogon.exe[968] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\winlogon.exe[968] USER32.dll!GetWindowTextA 7E38216B 6 Bytes JMP 7120000A .text C:\WINDOWS\system32\winlogon.exe[968] USER32.dll!DrawTextA 7E38C702 6 Bytes JMP 70D8000A .text C:\WINDOWS\system32\winlogon.exe[968] SHELL32.dll!Shell_NotifyIcon 7CA28BC6 6 Bytes JMP 7108000A .text C:\WINDOWS\system32\winlogon.exe[968] SHELL32.dll!Shell_NotifyIconW 7CA2A537 6 Bytes JMP 7105000A .text C:\WINDOWS\system32\services.exe[1044] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\services.exe[1044] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [20, 71] .text C:\WINDOWS\system32\services.exe[1044] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\services.exe[1044] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [38, 71] .text C:\WINDOWS\system32\services.exe[1044] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\services.exe[1044] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\services.exe[1044] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\services.exe[1044] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70A6000A .text C:\WINDOWS\system32\services.exe[1044] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70D9000A .text C:\WINDOWS\system32\services.exe[1044] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7124000A .text C:\WINDOWS\system32\services.exe[1044] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70CD000A .text C:\WINDOWS\system32\services.exe[1044] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 716B000A .text C:\WINDOWS\system32\services.exe[1044] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 715F000A .text C:\WINDOWS\system32\services.exe[1044] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7165000A .text C:\WINDOWS\system32\services.exe[1044] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7162000A .text C:\WINDOWS\system32\services.exe[1044] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 714E000A .text C:\WINDOWS\system32\services.exe[1044] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7151000A .text C:\WINDOWS\system32\services.exe[1044] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 70D0000A .text C:\WINDOWS\system32\services.exe[1044] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 707F000A .text C:\WINDOWS\system32\services.exe[1044] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70BB000A .text C:\WINDOWS\system32\services.exe[1044] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 705E000A .text C:\WINDOWS\system32\services.exe[1044] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 710F000A .text C:\WINDOWS\system32\services.exe[1044] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 715C000A .text C:\WINDOWS\system32\services.exe[1044] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 7088000A .text C:\WINDOWS\system32\services.exe[1044] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 708B000A .text C:\WINDOWS\system32\services.exe[1044] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 7082000A .text C:\WINDOWS\system32\services.exe[1044] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 7085000A .text C:\WINDOWS\system32\services.exe[1044] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 7109000A .text C:\WINDOWS\system32\services.exe[1044] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\services.exe[1044] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [6D, 71] .text C:\WINDOWS\system32\services.exe[1044] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 70D3000A .text C:\WINDOWS\system32\services.exe[1044] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 70DC000A .text C:\WINDOWS\system32\services.exe[1044] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 709D000A .text C:\WINDOWS\system32\services.exe[1044] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 7136000A .text C:\WINDOWS\system32\services.exe[1044] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 7058000A .text C:\WINDOWS\system32\services.exe[1044] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70A3000A .text C:\WINDOWS\system32\services.exe[1044] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 710C000A .text C:\WINDOWS\system32\services.exe[1044] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70AF000A .text C:\WINDOWS\system32\services.exe[1044] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70B8000A .text C:\WINDOWS\system32\services.exe[1044] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70B5000A .text C:\WINDOWS\system32\services.exe[1044] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 704F000A .text C:\WINDOWS\system32\services.exe[1044] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 7070000A .text C:\WINDOWS\system32\services.exe[1044] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 706D000A .text C:\WINDOWS\system32\services.exe[1044] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 70A0000A .text C:\WINDOWS\system32\services.exe[1044] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 7052000A .text C:\WINDOWS\system32\services.exe[1044] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 705B000A .text C:\WINDOWS\system32\services.exe[1044] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 7133000A .text C:\WINDOWS\system32\services.exe[1044] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 7055000A .text C:\WINDOWS\system32\services.exe[1044] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70B2000A .text C:\WINDOWS\system32\services.exe[1044] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 713F000A .text C:\WINDOWS\system32\services.exe[1044] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 709A000A .text C:\WINDOWS\system32\services.exe[1044] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 70D6000A .text C:\WINDOWS\system32\services.exe[1044] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\services.exe[1044] ADVAPI32.dll!RegOpenKeyExW 77DC6AAF 6 Bytes JMP 70F1000A .text C:\WINDOWS\system32\services.exe[1044] ADVAPI32.dll!RegQueryValueExW 77DC6FFF 6 Bytes JMP 70DF000A .text C:\WINDOWS\system32\services.exe[1044] ADVAPI32.dll!RegCreateKeyExW 77DC776C 6 Bytes JMP 7103000A .text C:\WINDOWS\system32\services.exe[1044] ADVAPI32.dll!RegOpenKeyExA 77DC7852 6 Bytes JMP 70F4000A .text C:\WINDOWS\system32\services.exe[1044] ADVAPI32.dll!RegOpenKeyW 77DC7946 6 Bytes JMP 70F7000A .text C:\WINDOWS\system32\services.exe[1044] ADVAPI32.dll!OpenProcessToken 77DC798B 6 Bytes JMP 7097000A .text C:\WINDOWS\system32\services.exe[1044] ADVAPI32.dll!RegQueryValueExA 77DC7ABB 6 Bytes JMP 70E2000A .text C:\WINDOWS\system32\services.exe[1044] ADVAPI32.dll!RegSetValueExW 77DCD767 6 Bytes JMP 70EB000A .text C:\WINDOWS\system32\services.exe[1044] ADVAPI32.dll!RegQueryValueW 77DCD87A 6 Bytes JMP 70E5000A .text C:\WINDOWS\system32\services.exe[1044] ADVAPI32.dll!RegCreateKeyExA 77DCE9F4 6 Bytes JMP 7106000A .text C:\WINDOWS\system32\services.exe[1044] ADVAPI32.dll!RegSetValueExA 77DCEAE7 6 Bytes JMP 70EE000A .text C:\WINDOWS\system32\services.exe[1044] ADVAPI32.dll!RegOpenKeyA 77DCEFC8 6 Bytes JMP 70FA000A .text C:\WINDOWS\system32\services.exe[1044] ADVAPI32.dll!AdjustTokenPrivileges 77DCF00C 6 Bytes JMP 708E000A .text C:\WINDOWS\system32\services.exe[1044] ADVAPI32.dll!RegDeleteKeyA 77DD42A0 6 Bytes JMP 706A000A .text C:\WINDOWS\system32\services.exe[1044] ADVAPI32.dll!RegDeleteKeyW 77DD559B 6 Bytes JMP 7067000A .text C:\WINDOWS\system32\services.exe[1044] ADVAPI32.dll!OpenSCManagerW 77DD6F55 6 Bytes JMP 70C7000A .text C:\WINDOWS\system32\services.exe[1044] ADVAPI32.dll!OpenSCManagerA 77DE69AE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\services.exe[1044] ADVAPI32.dll!OpenSCManagerA + 4 77DE69B2 2 Bytes [C9, 70] .text C:\WINDOWS\system32\services.exe[1044] ADVAPI32.dll!LookupPrivilegeValueW 77DEB8DF 6 Bytes JMP 7091000A .text C:\WINDOWS\system32\services.exe[1044] ADVAPI32.dll!RegCreateKeyW 77DEBA55 6 Bytes JMP 70FD000A .text C:\WINDOWS\system32\services.exe[1044] ADVAPI32.dll!RegQueryValueA 77DEBB8D 6 Bytes JMP 70E8000A .text C:\WINDOWS\system32\services.exe[1044] ADVAPI32.dll!RegCreateKeyA 77DEBCF3 6 Bytes JMP 7100000A .text C:\WINDOWS\system32\services.exe[1044] ADVAPI32.dll!LookupPrivilegeValueA 77DEC238 6 Bytes JMP 7094000A .text C:\WINDOWS\system32\services.exe[1044] ADVAPI32.dll!LsaRemoveAccountRights 77E0AC91 6 Bytes JMP 7168000A .text C:\WINDOWS\system32\services.exe[1044] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\services.exe[1044] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\services.exe[1044] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\services.exe[1044] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\services.exe[1044] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\services.exe[1044] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\services.exe[1044] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\services.exe[1044] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\services.exe[1044] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\services.exe[1044] USER32.dll!SetWindowTextW 7E37960E 6 Bytes JMP 7061000A .text C:\WINDOWS\system32\services.exe[1044] USER32.dll!GetKeyState 7E379ED9 6 Bytes JMP 7130000A .text C:\WINDOWS\system32\services.exe[1044] USER32.dll!GetWindowTextW 7E37A5CD 6 Bytes JMP 70C1000A .text C:\WINDOWS\system32\services.exe[1044] USER32.dll!GetAsyncKeyState 7E37A78F 6 Bytes JMP 712D000A .text C:\WINDOWS\system32\services.exe[1044] USER32.dll!ShowWindow 7E37AF56 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\services.exe[1044] USER32.dll!ShowWindow + 4 7E37AF5A 2 Bytes [BD, 70] .text C:\WINDOWS\system32\services.exe[1044] USER32.dll!CreateWindowExW 7E37D0A3 6 Bytes JMP 7073000A .text C:\WINDOWS\system32\services.exe[1044] USER32.dll!GetKeyboardState 7E37D226 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\services.exe[1044] USER32.dll!GetKeyboardState + 4 7E37D22A 2 Bytes [29, 71] .text C:\WINDOWS\system32\services.exe[1044] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\services.exe[1044] USER32.dll!DrawTextW 7E37D7E2 6 Bytes JMP 7079000A .text C:\WINDOWS\system32\services.exe[1044] USER32.dll!CreateWindowExA 7E37E4A9 6 Bytes JMP 7076000A .text C:\WINDOWS\system32\services.exe[1044] USER32.dll!SetWindowTextA 7E37F56B 6 Bytes JMP 7064000A .text C:\WINDOWS\system32\services.exe[1044] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\services.exe[1044] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\services.exe[1044] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\services.exe[1044] USER32.dll!GetWindowTextA 7E38216B 6 Bytes JMP 70C4000A .text C:\WINDOWS\system32\services.exe[1044] USER32.dll!DrawTextA 7E38C702 6 Bytes JMP 707C000A .text C:\WINDOWS\system32\services.exe[1044] USER32.dll!DdeConnect 7E3A81C3 6 Bytes JMP 7127000A .text C:\WINDOWS\system32\services.exe[1044] USER32.dll!EndTask 7E3AA0A5 6 Bytes JMP 713C000A .text C:\WINDOWS\system32\services.exe[1044] USER32.dll!RegisterRawInputDevices 7E3BCE0E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\services.exe[1044] USER32.dll!RegisterRawInputDevices + 4 7E3BCE12 2 Bytes [11, 71] .text C:\WINDOWS\system32\services.exe[1044] SHELL32.dll!ShellExecuteExW 7CA098CB 6 Bytes JMP 7142000A .text C:\WINDOWS\system32\services.exe[1044] SHELL32.dll!Shell_NotifyIcon 7CA28BC6 6 Bytes JMP 70AC000A .text C:\WINDOWS\system32\services.exe[1044] SHELL32.dll!Shell_NotifyIconW 7CA2A537 6 Bytes JMP 70A9000A .text C:\WINDOWS\system32\services.exe[1044] SHELL32.dll!ShellExecuteEx 7CA40E45 6 Bytes JMP 7145000A .text C:\WINDOWS\system32\services.exe[1044] SHELL32.dll!ShellExecuteA 7CA41170 6 Bytes JMP 714B000A .text C:\WINDOWS\system32\services.exe[1044] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 7148000A .text C:\WINDOWS\system32\lsass.exe[1060] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\lsass.exe[1060] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [20, 71] .text C:\WINDOWS\system32\lsass.exe[1060] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\lsass.exe[1060] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [38, 71] .text C:\WINDOWS\system32\lsass.exe[1060] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\lsass.exe[1060] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\lsass.exe[1060] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\lsass.exe[1060] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70A6000A .text C:\WINDOWS\system32\lsass.exe[1060] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70D9000A .text C:\WINDOWS\system32\lsass.exe[1060] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7124000A .text C:\WINDOWS\system32\lsass.exe[1060] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70CD000A .text C:\WINDOWS\system32\lsass.exe[1060] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 716B000A .text C:\WINDOWS\system32\lsass.exe[1060] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 715F000A .text C:\WINDOWS\system32\lsass.exe[1060] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7165000A .text C:\WINDOWS\system32\lsass.exe[1060] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7162000A .text C:\WINDOWS\system32\lsass.exe[1060] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 714E000A .text C:\WINDOWS\system32\lsass.exe[1060] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7151000A .text C:\WINDOWS\system32\lsass.exe[1060] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 70D0000A .text C:\WINDOWS\system32\lsass.exe[1060] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 707F000A .text C:\WINDOWS\system32\lsass.exe[1060] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70BB000A .text C:\WINDOWS\system32\lsass.exe[1060] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 705E000A .text C:\WINDOWS\system32\lsass.exe[1060] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 710F000A .text C:\WINDOWS\system32\lsass.exe[1060] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 715C000A .text C:\WINDOWS\system32\lsass.exe[1060] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 7088000A .text C:\WINDOWS\system32\lsass.exe[1060] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 708B000A .text C:\WINDOWS\system32\lsass.exe[1060] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 7082000A .text C:\WINDOWS\system32\lsass.exe[1060] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 7085000A .text C:\WINDOWS\system32\lsass.exe[1060] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 7109000A .text C:\WINDOWS\system32\lsass.exe[1060] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\lsass.exe[1060] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [6D, 71] .text C:\WINDOWS\system32\lsass.exe[1060] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 70D3000A .text C:\WINDOWS\system32\lsass.exe[1060] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 70DC000A .text C:\WINDOWS\system32\lsass.exe[1060] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 709D000A .text C:\WINDOWS\system32\lsass.exe[1060] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 7136000A .text C:\WINDOWS\system32\lsass.exe[1060] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 7058000A .text C:\WINDOWS\system32\lsass.exe[1060] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70A3000A .text C:\WINDOWS\system32\lsass.exe[1060] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 710C000A .text C:\WINDOWS\system32\lsass.exe[1060] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70AF000A .text C:\WINDOWS\system32\lsass.exe[1060] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70B8000A .text C:\WINDOWS\system32\lsass.exe[1060] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70B5000A .text C:\WINDOWS\system32\lsass.exe[1060] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 704F000A .text C:\WINDOWS\system32\lsass.exe[1060] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 7070000A .text C:\WINDOWS\system32\lsass.exe[1060] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 706D000A .text C:\WINDOWS\system32\lsass.exe[1060] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 70A0000A .text C:\WINDOWS\system32\lsass.exe[1060] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 7052000A .text C:\WINDOWS\system32\lsass.exe[1060] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 705B000A .text C:\WINDOWS\system32\lsass.exe[1060] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 7133000A .text C:\WINDOWS\system32\lsass.exe[1060] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 7055000A .text C:\WINDOWS\system32\lsass.exe[1060] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70B2000A .text C:\WINDOWS\system32\lsass.exe[1060] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 713F000A .text C:\WINDOWS\system32\lsass.exe[1060] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 709A000A .text C:\WINDOWS\system32\lsass.exe[1060] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 70D6000A .text C:\WINDOWS\system32\lsass.exe[1060] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\lsass.exe[1060] ADVAPI32.dll!RegOpenKeyExW 77DC6AAF 6 Bytes JMP 70F1000A .text C:\WINDOWS\system32\lsass.exe[1060] ADVAPI32.dll!RegQueryValueExW 77DC6FFF 6 Bytes JMP 70DF000A .text C:\WINDOWS\system32\lsass.exe[1060] ADVAPI32.dll!RegCreateKeyExW 77DC776C 6 Bytes JMP 7103000A .text C:\WINDOWS\system32\lsass.exe[1060] ADVAPI32.dll!RegOpenKeyExA 77DC7852 6 Bytes JMP 70F4000A .text C:\WINDOWS\system32\lsass.exe[1060] ADVAPI32.dll!RegOpenKeyW 77DC7946 6 Bytes JMP 70F7000A .text C:\WINDOWS\system32\lsass.exe[1060] ADVAPI32.dll!OpenProcessToken 77DC798B 6 Bytes JMP 7097000A .text C:\WINDOWS\system32\lsass.exe[1060] ADVAPI32.dll!RegQueryValueExA 77DC7ABB 6 Bytes JMP 70E2000A .text C:\WINDOWS\system32\lsass.exe[1060] ADVAPI32.dll!RegSetValueExW 77DCD767 6 Bytes JMP 70EB000A .text C:\WINDOWS\system32\lsass.exe[1060] ADVAPI32.dll!RegQueryValueW 77DCD87A 6 Bytes JMP 70E5000A .text C:\WINDOWS\system32\lsass.exe[1060] ADVAPI32.dll!RegCreateKeyExA 77DCE9F4 6 Bytes JMP 7106000A .text C:\WINDOWS\system32\lsass.exe[1060] ADVAPI32.dll!RegSetValueExA 77DCEAE7 6 Bytes JMP 70EE000A .text C:\WINDOWS\system32\lsass.exe[1060] ADVAPI32.dll!RegOpenKeyA 77DCEFC8 6 Bytes JMP 70FA000A .text C:\WINDOWS\system32\lsass.exe[1060] ADVAPI32.dll!AdjustTokenPrivileges 77DCF00C 6 Bytes JMP 708E000A .text C:\WINDOWS\system32\lsass.exe[1060] ADVAPI32.dll!RegDeleteKeyA 77DD42A0 6 Bytes JMP 706A000A .text C:\WINDOWS\system32\lsass.exe[1060] ADVAPI32.dll!RegDeleteKeyW 77DD559B 6 Bytes JMP 7067000A .text C:\WINDOWS\system32\lsass.exe[1060] ADVAPI32.dll!OpenSCManagerW 77DD6F55 6 Bytes JMP 70C7000A .text C:\WINDOWS\system32\lsass.exe[1060] ADVAPI32.dll!OpenSCManagerA 77DE69AE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\lsass.exe[1060] ADVAPI32.dll!OpenSCManagerA + 4 77DE69B2 2 Bytes [C9, 70] .text C:\WINDOWS\system32\lsass.exe[1060] ADVAPI32.dll!LookupPrivilegeValueW 77DEB8DF 6 Bytes JMP 7091000A .text C:\WINDOWS\system32\lsass.exe[1060] ADVAPI32.dll!RegCreateKeyW 77DEBA55 6 Bytes JMP 70FD000A .text C:\WINDOWS\system32\lsass.exe[1060] ADVAPI32.dll!RegQueryValueA 77DEBB8D 6 Bytes JMP 70E8000A .text C:\WINDOWS\system32\lsass.exe[1060] ADVAPI32.dll!RegCreateKeyA 77DEBCF3 6 Bytes JMP 7100000A .text C:\WINDOWS\system32\lsass.exe[1060] ADVAPI32.dll!LookupPrivilegeValueA 77DEC238 6 Bytes JMP 7094000A .text C:\WINDOWS\system32\lsass.exe[1060] ADVAPI32.dll!LsaRemoveAccountRights 77E0AC91 6 Bytes JMP 7168000A .text C:\WINDOWS\system32\lsass.exe[1060] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\lsass.exe[1060] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\lsass.exe[1060] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\lsass.exe[1060] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\lsass.exe[1060] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\lsass.exe[1060] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\lsass.exe[1060] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\lsass.exe[1060] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\lsass.exe[1060] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\lsass.exe[1060] USER32.dll!SetWindowTextW 7E37960E 6 Bytes JMP 7061000A .text C:\WINDOWS\system32\lsass.exe[1060] USER32.dll!GetKeyState 7E379ED9 6 Bytes JMP 7130000A .text C:\WINDOWS\system32\lsass.exe[1060] USER32.dll!GetWindowTextW 7E37A5CD 6 Bytes JMP 70C1000A .text C:\WINDOWS\system32\lsass.exe[1060] USER32.dll!GetAsyncKeyState 7E37A78F 6 Bytes JMP 712D000A .text C:\WINDOWS\system32\lsass.exe[1060] USER32.dll!ShowWindow 7E37AF56 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\lsass.exe[1060] USER32.dll!ShowWindow + 4 7E37AF5A 2 Bytes [BD, 70] .text C:\WINDOWS\system32\lsass.exe[1060] USER32.dll!CreateWindowExW 7E37D0A3 6 Bytes JMP 7073000A .text C:\WINDOWS\system32\lsass.exe[1060] USER32.dll!GetKeyboardState 7E37D226 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\lsass.exe[1060] USER32.dll!GetKeyboardState + 4 7E37D22A 2 Bytes [29, 71] .text C:\WINDOWS\system32\lsass.exe[1060] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\lsass.exe[1060] USER32.dll!DrawTextW 7E37D7E2 6 Bytes JMP 7079000A .text C:\WINDOWS\system32\lsass.exe[1060] USER32.dll!CreateWindowExA 7E37E4A9 6 Bytes JMP 7076000A .text C:\WINDOWS\system32\lsass.exe[1060] USER32.dll!SetWindowTextA 7E37F56B 6 Bytes JMP 7064000A .text C:\WINDOWS\system32\lsass.exe[1060] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\lsass.exe[1060] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\lsass.exe[1060] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\lsass.exe[1060] USER32.dll!GetWindowTextA 7E38216B 6 Bytes JMP 70C4000A .text C:\WINDOWS\system32\lsass.exe[1060] USER32.dll!DrawTextA 7E38C702 6 Bytes JMP 707C000A .text C:\WINDOWS\system32\lsass.exe[1060] USER32.dll!DdeConnect 7E3A81C3 6 Bytes JMP 7127000A .text C:\WINDOWS\system32\lsass.exe[1060] USER32.dll!EndTask 7E3AA0A5 6 Bytes JMP 713C000A .text C:\WINDOWS\system32\lsass.exe[1060] USER32.dll!RegisterRawInputDevices 7E3BCE0E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\lsass.exe[1060] USER32.dll!RegisterRawInputDevices + 4 7E3BCE12 2 Bytes [11, 71] .text C:\WINDOWS\system32\lsass.exe[1060] SHELL32.dll!ShellExecuteExW 7CA098CB 6 Bytes JMP 7142000A .text C:\WINDOWS\system32\lsass.exe[1060] SHELL32.dll!Shell_NotifyIcon 7CA28BC6 6 Bytes JMP 70AC000A .text C:\WINDOWS\system32\lsass.exe[1060] SHELL32.dll!Shell_NotifyIconW 7CA2A537 6 Bytes JMP 70A9000A .text C:\WINDOWS\system32\lsass.exe[1060] SHELL32.dll!ShellExecuteEx 7CA40E45 6 Bytes JMP 7145000A .text C:\WINDOWS\system32\lsass.exe[1060] SHELL32.dll!ShellExecuteA 7CA41170 6 Bytes JMP 714B000A .text C:\WINDOWS\system32\lsass.exe[1060] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 7148000A .text C:\WINDOWS\system32\hkcmd.exe[1224] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\hkcmd.exe[1224] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [20, 71] .text C:\WINDOWS\system32\hkcmd.exe[1224] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\hkcmd.exe[1224] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [38, 71] .text C:\WINDOWS\system32\hkcmd.exe[1224] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text C:\WINDOWS\system32\hkcmd.exe[1224] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\hkcmd.exe[1224] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text C:\WINDOWS\system32\hkcmd.exe[1224] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70A6000A .text C:\WINDOWS\system32\hkcmd.exe[1224] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70D9000A .text C:\WINDOWS\system32\hkcmd.exe[1224] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7124000A .text C:\WINDOWS\system32\hkcmd.exe[1224] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70CD000A .text C:\WINDOWS\system32\hkcmd.exe[1224] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 716B000A .text C:\WINDOWS\system32\hkcmd.exe[1224] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 715F000A .text C:\WINDOWS\system32\hkcmd.exe[1224] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7165000A .text C:\WINDOWS\system32\hkcmd.exe[1224] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7162000A .text C:\WINDOWS\system32\hkcmd.exe[1224] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 714E000A .text C:\WINDOWS\system32\hkcmd.exe[1224] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7151000A .text C:\WINDOWS\system32\hkcmd.exe[1224] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 70D0000A .text C:\WINDOWS\system32\hkcmd.exe[1224] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 707F000A .text C:\WINDOWS\system32\hkcmd.exe[1224] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70BB000A .text C:\WINDOWS\system32\hkcmd.exe[1224] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 705E000A .text C:\WINDOWS\system32\hkcmd.exe[1224] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 710F000A .text C:\WINDOWS\system32\hkcmd.exe[1224] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 715C000A .text C:\WINDOWS\system32\hkcmd.exe[1224] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 7088000A .text C:\WINDOWS\system32\hkcmd.exe[1224] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 708B000A .text C:\WINDOWS\system32\hkcmd.exe[1224] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 7082000A .text C:\WINDOWS\system32\hkcmd.exe[1224] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 7085000A .text C:\WINDOWS\system32\hkcmd.exe[1224] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 7109000A .text C:\WINDOWS\system32\hkcmd.exe[1224] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\hkcmd.exe[1224] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [6D, 71] .text C:\WINDOWS\system32\hkcmd.exe[1224] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 70D3000A .text C:\WINDOWS\system32\hkcmd.exe[1224] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 70DC000A .text C:\WINDOWS\system32\hkcmd.exe[1224] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 709D000A .text C:\WINDOWS\system32\hkcmd.exe[1224] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 7136000A .text C:\WINDOWS\system32\hkcmd.exe[1224] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 7058000A .text C:\WINDOWS\system32\hkcmd.exe[1224] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70A3000A .text C:\WINDOWS\system32\hkcmd.exe[1224] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 710C000A .text C:\WINDOWS\system32\hkcmd.exe[1224] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70AF000A .text C:\WINDOWS\system32\hkcmd.exe[1224] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70B8000A .text C:\WINDOWS\system32\hkcmd.exe[1224] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70B5000A .text C:\WINDOWS\system32\hkcmd.exe[1224] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 704F000A .text C:\WINDOWS\system32\hkcmd.exe[1224] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 7070000A .text C:\WINDOWS\system32\hkcmd.exe[1224] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 706D000A .text C:\WINDOWS\system32\hkcmd.exe[1224] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 70A0000A .text C:\WINDOWS\system32\hkcmd.exe[1224] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 7052000A .text C:\WINDOWS\system32\hkcmd.exe[1224] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 705B000A .text C:\WINDOWS\system32\hkcmd.exe[1224] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 7133000A .text C:\WINDOWS\system32\hkcmd.exe[1224] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 7055000A .text C:\WINDOWS\system32\hkcmd.exe[1224] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70B2000A .text C:\WINDOWS\system32\hkcmd.exe[1224] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 713F000A .text C:\WINDOWS\system32\hkcmd.exe[1224] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 709A000A .text C:\WINDOWS\system32\hkcmd.exe[1224] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 70D6000A .text C:\WINDOWS\system32\hkcmd.exe[1224] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\hkcmd.exe[1224] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003D0804 .text C:\WINDOWS\system32\hkcmd.exe[1224] USER32.dll!SetWindowTextW 7E37960E 6 Bytes JMP 7061000A .text C:\WINDOWS\system32\hkcmd.exe[1224] USER32.dll!GetKeyState 7E379ED9 6 Bytes JMP 7130000A .text C:\WINDOWS\system32\hkcmd.exe[1224] USER32.dll!GetWindowTextW 7E37A5CD 6 Bytes JMP 70C1000A .text C:\WINDOWS\system32\hkcmd.exe[1224] USER32.dll!GetAsyncKeyState 7E37A78F 6 Bytes JMP 712D000A .text C:\WINDOWS\system32\hkcmd.exe[1224] USER32.dll!ShowWindow 7E37AF56 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\hkcmd.exe[1224] USER32.dll!ShowWindow + 4 7E37AF5A 2 Bytes [BD, 70] .text C:\WINDOWS\system32\hkcmd.exe[1224] USER32.dll!CreateWindowExW 7E37D0A3 6 Bytes JMP 7073000A .text C:\WINDOWS\system32\hkcmd.exe[1224] USER32.dll!GetKeyboardState 7E37D226 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\hkcmd.exe[1224] USER32.dll!GetKeyboardState + 4 7E37D22A 2 Bytes [29, 71] .text C:\WINDOWS\system32\hkcmd.exe[1224] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003D0A08 .text C:\WINDOWS\system32\hkcmd.exe[1224] USER32.dll!DrawTextW 7E37D7E2 6 Bytes JMP 7079000A .text C:\WINDOWS\system32\hkcmd.exe[1224] USER32.dll!CreateWindowExA 7E37E4A9 6 Bytes JMP 7076000A .text C:\WINDOWS\system32\hkcmd.exe[1224] USER32.dll!SetWindowTextA 7E37F56B 6 Bytes JMP 7064000A .text C:\WINDOWS\system32\hkcmd.exe[1224] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003D0600 .text C:\WINDOWS\system32\hkcmd.exe[1224] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003D01F8 .text C:\WINDOWS\system32\hkcmd.exe[1224] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003D03FC .text C:\WINDOWS\system32\hkcmd.exe[1224] USER32.dll!GetWindowTextA 7E38216B 6 Bytes JMP 70C4000A .text C:\WINDOWS\system32\hkcmd.exe[1224] USER32.dll!DrawTextA 7E38C702 6 Bytes JMP 707C000A .text C:\WINDOWS\system32\hkcmd.exe[1224] USER32.dll!DdeConnect 7E3A81C3 6 Bytes JMP 7127000A .text C:\WINDOWS\system32\hkcmd.exe[1224] USER32.dll!EndTask 7E3AA0A5 6 Bytes JMP 713C000A .text C:\WINDOWS\system32\hkcmd.exe[1224] USER32.dll!RegisterRawInputDevices 7E3BCE0E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\hkcmd.exe[1224] USER32.dll!RegisterRawInputDevices + 4 7E3BCE12 2 Bytes [11, 71] .text C:\WINDOWS\system32\hkcmd.exe[1224] ADVAPI32.dll!RegOpenKeyExW 77DC6AAF 6 Bytes JMP 70F1000A .text C:\WINDOWS\system32\hkcmd.exe[1224] ADVAPI32.dll!RegQueryValueExW 77DC6FFF 6 Bytes JMP 70DF000A .text C:\WINDOWS\system32\hkcmd.exe[1224] ADVAPI32.dll!RegCreateKeyExW 77DC776C 6 Bytes JMP 7103000A .text C:\WINDOWS\system32\hkcmd.exe[1224] ADVAPI32.dll!RegOpenKeyExA 77DC7852 6 Bytes JMP 70F4000A .text C:\WINDOWS\system32\hkcmd.exe[1224] ADVAPI32.dll!RegOpenKeyW 77DC7946 6 Bytes JMP 70F7000A .text C:\WINDOWS\system32\hkcmd.exe[1224] ADVAPI32.dll!OpenProcessToken 77DC798B 6 Bytes JMP 7097000A .text C:\WINDOWS\system32\hkcmd.exe[1224] ADVAPI32.dll!RegQueryValueExA 77DC7ABB 6 Bytes JMP 70E2000A .text C:\WINDOWS\system32\hkcmd.exe[1224] ADVAPI32.dll!RegSetValueExW 77DCD767 6 Bytes JMP 70EB000A .text C:\WINDOWS\system32\hkcmd.exe[1224] ADVAPI32.dll!RegQueryValueW 77DCD87A 6 Bytes JMP 70E5000A .text C:\WINDOWS\system32\hkcmd.exe[1224] ADVAPI32.dll!RegCreateKeyExA 77DCE9F4 6 Bytes JMP 7106000A .text C:\WINDOWS\system32\hkcmd.exe[1224] ADVAPI32.dll!RegSetValueExA 77DCEAE7 6 Bytes JMP 70EE000A .text C:\WINDOWS\system32\hkcmd.exe[1224] ADVAPI32.dll!RegOpenKeyA 77DCEFC8 6 Bytes JMP 70FA000A .text C:\WINDOWS\system32\hkcmd.exe[1224] ADVAPI32.dll!AdjustTokenPrivileges 77DCF00C 6 Bytes JMP 708E000A .text C:\WINDOWS\system32\hkcmd.exe[1224] ADVAPI32.dll!RegDeleteKeyA 77DD42A0 6 Bytes JMP 706A000A .text C:\WINDOWS\system32\hkcmd.exe[1224] ADVAPI32.dll!RegDeleteKeyW 77DD559B 6 Bytes JMP 7067000A .text C:\WINDOWS\system32\hkcmd.exe[1224] ADVAPI32.dll!OpenSCManagerW 77DD6F55 6 Bytes JMP 70C7000A .text C:\WINDOWS\system32\hkcmd.exe[1224] ADVAPI32.dll!OpenSCManagerA 77DE69AE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\hkcmd.exe[1224] ADVAPI32.dll!OpenSCManagerA + 4 77DE69B2 2 Bytes [C9, 70] .text C:\WINDOWS\system32\hkcmd.exe[1224] ADVAPI32.dll!LookupPrivilegeValueW 77DEB8DF 6 Bytes JMP 7091000A .text C:\WINDOWS\system32\hkcmd.exe[1224] ADVAPI32.dll!RegCreateKeyW 77DEBA55 6 Bytes JMP 70FD000A .text C:\WINDOWS\system32\hkcmd.exe[1224] ADVAPI32.dll!RegQueryValueA 77DEBB8D 6 Bytes JMP 70E8000A .text C:\WINDOWS\system32\hkcmd.exe[1224] ADVAPI32.dll!RegCreateKeyA 77DEBCF3 6 Bytes JMP 7100000A .text C:\WINDOWS\system32\hkcmd.exe[1224] ADVAPI32.dll!LookupPrivilegeValueA 77DEC238 6 Bytes JMP 7094000A .text C:\WINDOWS\system32\hkcmd.exe[1224] ADVAPI32.dll!LsaRemoveAccountRights 77E0AC91 6 Bytes JMP 7168000A .text C:\WINDOWS\system32\hkcmd.exe[1224] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014 .text C:\WINDOWS\system32\hkcmd.exe[1224] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804 .text C:\WINDOWS\system32\hkcmd.exe[1224] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08 .text C:\WINDOWS\system32\hkcmd.exe[1224] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C .text C:\WINDOWS\system32\hkcmd.exe[1224] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10 .text C:\WINDOWS\system32\hkcmd.exe[1224] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8 .text C:\WINDOWS\system32\hkcmd.exe[1224] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC .text C:\WINDOWS\system32\hkcmd.exe[1224] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600 .text C:\WINDOWS\system32\hkcmd.exe[1224] SHELL32.dll!ShellExecuteExW 7CA098CB 6 Bytes JMP 7142000A .text C:\WINDOWS\system32\hkcmd.exe[1224] SHELL32.dll!Shell_NotifyIcon 7CA28BC6 6 Bytes JMP 70AC000A .text C:\WINDOWS\system32\hkcmd.exe[1224] SHELL32.dll!Shell_NotifyIconW 7CA2A537 6 Bytes JMP 70A9000A .text C:\WINDOWS\system32\hkcmd.exe[1224] SHELL32.dll!ShellExecuteEx 7CA40E45 6 Bytes JMP 7145000A .text C:\WINDOWS\system32\hkcmd.exe[1224] SHELL32.dll!ShellExecuteA 7CA41170 6 Bytes JMP 714B000A .text C:\WINDOWS\system32\hkcmd.exe[1224] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 7148000A .text C:\WINDOWS\system32\igfxpers.exe[1232] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\igfxpers.exe[1232] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [20, 71] .text C:\WINDOWS\system32\igfxpers.exe[1232] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\igfxpers.exe[1232] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [38, 71] .text C:\WINDOWS\system32\igfxpers.exe[1232] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text C:\WINDOWS\system32\igfxpers.exe[1232] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\igfxpers.exe[1232] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text C:\WINDOWS\system32\igfxpers.exe[1232] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70A6000A .text C:\WINDOWS\system32\igfxpers.exe[1232] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70D9000A .text C:\WINDOWS\system32\igfxpers.exe[1232] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7124000A .text C:\WINDOWS\system32\igfxpers.exe[1232] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70CD000A .text C:\WINDOWS\system32\igfxpers.exe[1232] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 716B000A .text C:\WINDOWS\system32\igfxpers.exe[1232] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 715F000A .text C:\WINDOWS\system32\igfxpers.exe[1232] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7165000A .text C:\WINDOWS\system32\igfxpers.exe[1232] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7162000A .text C:\WINDOWS\system32\igfxpers.exe[1232] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 714E000A .text C:\WINDOWS\system32\igfxpers.exe[1232] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7151000A .text C:\WINDOWS\system32\igfxpers.exe[1232] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 70D0000A .text C:\WINDOWS\system32\igfxpers.exe[1232] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 707F000A .text C:\WINDOWS\system32\igfxpers.exe[1232] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70BB000A .text C:\WINDOWS\system32\igfxpers.exe[1232] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 705E000A .text C:\WINDOWS\system32\igfxpers.exe[1232] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 710F000A .text C:\WINDOWS\system32\igfxpers.exe[1232] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 715C000A .text C:\WINDOWS\system32\igfxpers.exe[1232] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 7088000A .text C:\WINDOWS\system32\igfxpers.exe[1232] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 708B000A .text C:\WINDOWS\system32\igfxpers.exe[1232] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 7082000A .text C:\WINDOWS\system32\igfxpers.exe[1232] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 7085000A .text C:\WINDOWS\system32\igfxpers.exe[1232] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 7109000A .text C:\WINDOWS\system32\igfxpers.exe[1232] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\igfxpers.exe[1232] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [6D, 71] .text C:\WINDOWS\system32\igfxpers.exe[1232] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 70D3000A .text C:\WINDOWS\system32\igfxpers.exe[1232] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 70DC000A .text C:\WINDOWS\system32\igfxpers.exe[1232] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 709D000A .text C:\WINDOWS\system32\igfxpers.exe[1232] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 7136000A .text C:\WINDOWS\system32\igfxpers.exe[1232] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 7058000A .text C:\WINDOWS\system32\igfxpers.exe[1232] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70A3000A .text C:\WINDOWS\system32\igfxpers.exe[1232] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 710C000A .text C:\WINDOWS\system32\igfxpers.exe[1232] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70AF000A .text C:\WINDOWS\system32\igfxpers.exe[1232] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70B8000A .text C:\WINDOWS\system32\igfxpers.exe[1232] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70B5000A .text C:\WINDOWS\system32\igfxpers.exe[1232] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 704F000A .text C:\WINDOWS\system32\igfxpers.exe[1232] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 7070000A .text C:\WINDOWS\system32\igfxpers.exe[1232] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 706D000A .text C:\WINDOWS\system32\igfxpers.exe[1232] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 70A0000A .text C:\WINDOWS\system32\igfxpers.exe[1232] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 7052000A .text C:\WINDOWS\system32\igfxpers.exe[1232] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 705B000A .text C:\WINDOWS\system32\igfxpers.exe[1232] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 7133000A .text C:\WINDOWS\system32\igfxpers.exe[1232] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 7055000A .text C:\WINDOWS\system32\igfxpers.exe[1232] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70B2000A .text C:\WINDOWS\system32\igfxpers.exe[1232] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 713F000A .text C:\WINDOWS\system32\igfxpers.exe[1232] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 709A000A .text C:\WINDOWS\system32\igfxpers.exe[1232] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 70D6000A .text C:\WINDOWS\system32\igfxpers.exe[1232] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\igfxpers.exe[1232] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003D0804 .text C:\WINDOWS\system32\igfxpers.exe[1232] USER32.dll!SetWindowTextW 7E37960E 6 Bytes JMP 7061000A .text C:\WINDOWS\system32\igfxpers.exe[1232] USER32.dll!GetKeyState 7E379ED9 6 Bytes JMP 7130000A .text C:\WINDOWS\system32\igfxpers.exe[1232] USER32.dll!GetWindowTextW 7E37A5CD 6 Bytes JMP 70C1000A .text C:\WINDOWS\system32\igfxpers.exe[1232] USER32.dll!GetAsyncKeyState 7E37A78F 6 Bytes JMP 712D000A .text C:\WINDOWS\system32\igfxpers.exe[1232] USER32.dll!ShowWindow 7E37AF56 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\igfxpers.exe[1232] USER32.dll!ShowWindow + 4 7E37AF5A 2 Bytes [BD, 70] .text C:\WINDOWS\system32\igfxpers.exe[1232] USER32.dll!CreateWindowExW 7E37D0A3 6 Bytes JMP 7073000A .text C:\WINDOWS\system32\igfxpers.exe[1232] USER32.dll!GetKeyboardState 7E37D226 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\igfxpers.exe[1232] USER32.dll!GetKeyboardState + 4 7E37D22A 2 Bytes [29, 71] .text C:\WINDOWS\system32\igfxpers.exe[1232] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003D0A08 .text C:\WINDOWS\system32\igfxpers.exe[1232] USER32.dll!DrawTextW 7E37D7E2 6 Bytes JMP 7079000A .text C:\WINDOWS\system32\igfxpers.exe[1232] USER32.dll!CreateWindowExA 7E37E4A9 6 Bytes JMP 7076000A .text C:\WINDOWS\system32\igfxpers.exe[1232] USER32.dll!SetWindowTextA 7E37F56B 6 Bytes JMP 7064000A .text C:\WINDOWS\system32\igfxpers.exe[1232] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003D0600 .text C:\WINDOWS\system32\igfxpers.exe[1232] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003D01F8 .text C:\WINDOWS\system32\igfxpers.exe[1232] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003D03FC .text C:\WINDOWS\system32\igfxpers.exe[1232] USER32.dll!GetWindowTextA 7E38216B 6 Bytes JMP 70C4000A .text C:\WINDOWS\system32\igfxpers.exe[1232] USER32.dll!DrawTextA 7E38C702 6 Bytes JMP 707C000A .text C:\WINDOWS\system32\igfxpers.exe[1232] USER32.dll!DdeConnect 7E3A81C3 6 Bytes JMP 7127000A .text C:\WINDOWS\system32\igfxpers.exe[1232] USER32.dll!EndTask 7E3AA0A5 6 Bytes JMP 713C000A .text C:\WINDOWS\system32\igfxpers.exe[1232] USER32.dll!RegisterRawInputDevices 7E3BCE0E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\igfxpers.exe[1232] USER32.dll!RegisterRawInputDevices + 4 7E3BCE12 2 Bytes [11, 71] .text C:\WINDOWS\system32\igfxpers.exe[1232] ADVAPI32.dll!RegOpenKeyExW 77DC6AAF 6 Bytes JMP 70F1000A .text C:\WINDOWS\system32\igfxpers.exe[1232] ADVAPI32.dll!RegQueryValueExW 77DC6FFF 6 Bytes JMP 70DF000A .text C:\WINDOWS\system32\igfxpers.exe[1232] ADVAPI32.dll!RegCreateKeyExW 77DC776C 6 Bytes JMP 7103000A .text C:\WINDOWS\system32\igfxpers.exe[1232] ADVAPI32.dll!RegOpenKeyExA 77DC7852 6 Bytes JMP 70F4000A .text C:\WINDOWS\system32\igfxpers.exe[1232] ADVAPI32.dll!RegOpenKeyW 77DC7946 6 Bytes JMP 70F7000A .text C:\WINDOWS\system32\igfxpers.exe[1232] ADVAPI32.dll!OpenProcessToken 77DC798B 6 Bytes JMP 7097000A .text C:\WINDOWS\system32\igfxpers.exe[1232] ADVAPI32.dll!RegQueryValueExA 77DC7ABB 6 Bytes JMP 70E2000A .text C:\WINDOWS\system32\igfxpers.exe[1232] ADVAPI32.dll!RegSetValueExW 77DCD767 6 Bytes JMP 70EB000A .text C:\WINDOWS\system32\igfxpers.exe[1232] ADVAPI32.dll!RegQueryValueW 77DCD87A 6 Bytes JMP 70E5000A .text C:\WINDOWS\system32\igfxpers.exe[1232] ADVAPI32.dll!RegCreateKeyExA 77DCE9F4 6 Bytes JMP 7106000A .text C:\WINDOWS\system32\igfxpers.exe[1232] ADVAPI32.dll!RegSetValueExA 77DCEAE7 6 Bytes JMP 70EE000A .text C:\WINDOWS\system32\igfxpers.exe[1232] ADVAPI32.dll!RegOpenKeyA 77DCEFC8 6 Bytes JMP 70FA000A .text C:\WINDOWS\system32\igfxpers.exe[1232] ADVAPI32.dll!AdjustTokenPrivileges 77DCF00C 6 Bytes JMP 708E000A .text C:\WINDOWS\system32\igfxpers.exe[1232] ADVAPI32.dll!RegDeleteKeyA 77DD42A0 6 Bytes JMP 706A000A .text C:\WINDOWS\system32\igfxpers.exe[1232] ADVAPI32.dll!RegDeleteKeyW 77DD559B 6 Bytes JMP 7067000A .text C:\WINDOWS\system32\igfxpers.exe[1232] ADVAPI32.dll!OpenSCManagerW 77DD6F55 6 Bytes JMP 70C7000A .text C:\WINDOWS\system32\igfxpers.exe[1232] ADVAPI32.dll!OpenSCManagerA 77DE69AE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\igfxpers.exe[1232] ADVAPI32.dll!OpenSCManagerA + 4 77DE69B2 2 Bytes [C9, 70] .text C:\WINDOWS\system32\igfxpers.exe[1232] ADVAPI32.dll!LookupPrivilegeValueW 77DEB8DF 6 Bytes JMP 7091000A .text C:\WINDOWS\system32\igfxpers.exe[1232] ADVAPI32.dll!RegCreateKeyW 77DEBA55 6 Bytes JMP 70FD000A .text C:\WINDOWS\system32\igfxpers.exe[1232] ADVAPI32.dll!RegQueryValueA 77DEBB8D 6 Bytes JMP 70E8000A .text C:\WINDOWS\system32\igfxpers.exe[1232] ADVAPI32.dll!RegCreateKeyA 77DEBCF3 6 Bytes JMP 7100000A .text C:\WINDOWS\system32\igfxpers.exe[1232] ADVAPI32.dll!LookupPrivilegeValueA 77DEC238 6 Bytes JMP 7094000A .text C:\WINDOWS\system32\igfxpers.exe[1232] ADVAPI32.dll!LsaRemoveAccountRights 77E0AC91 6 Bytes JMP 7168000A .text C:\WINDOWS\system32\igfxpers.exe[1232] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014 .text C:\WINDOWS\system32\igfxpers.exe[1232] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804 .text C:\WINDOWS\system32\igfxpers.exe[1232] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08 .text C:\WINDOWS\system32\igfxpers.exe[1232] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C .text C:\WINDOWS\system32\igfxpers.exe[1232] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10 .text C:\WINDOWS\system32\igfxpers.exe[1232] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8 .text C:\WINDOWS\system32\igfxpers.exe[1232] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC .text C:\WINDOWS\system32\igfxpers.exe[1232] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600 .text C:\WINDOWS\system32\igfxpers.exe[1232] SHELL32.dll!ShellExecuteExW 7CA098CB 6 Bytes JMP 7142000A .text C:\WINDOWS\system32\igfxpers.exe[1232] SHELL32.dll!Shell_NotifyIcon 7CA28BC6 6 Bytes JMP 70AC000A .text C:\WINDOWS\system32\igfxpers.exe[1232] SHELL32.dll!Shell_NotifyIconW 7CA2A537 6 Bytes JMP 70A9000A .text C:\WINDOWS\system32\igfxpers.exe[1232] SHELL32.dll!ShellExecuteEx 7CA40E45 6 Bytes JMP 7145000A .text C:\WINDOWS\system32\igfxpers.exe[1232] SHELL32.dll!ShellExecuteA 7CA41170 6 Bytes JMP 714B000A .text C:\WINDOWS\system32\igfxpers.exe[1232] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 7148000A .text C:\WINDOWS\system32\svchost.exe[1260] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1260] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [20, 71] .text C:\WINDOWS\system32\svchost.exe[1260] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1260] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [38, 71] .text C:\WINDOWS\system32\svchost.exe[1260] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\svchost.exe[1260] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1260] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70A6000A .text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70D9000A .text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7124000A .text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70CD000A .text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 716B000A .text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 715F000A .text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7165000A .text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7162000A .text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 714E000A .text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7151000A .text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 70D0000A .text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 707F000A .text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70BB000A .text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 705E000A .text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 710F000A .text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 715C000A .text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 7088000A .text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 708B000A .text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 7082000A .text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 7085000A .text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 7109000A .text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [6D, 71] .text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 70D3000A .text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 70DC000A .text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 709D000A .text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 7136000A .text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 7058000A .text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70A3000A .text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 710C000A .text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70AF000A .text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70B8000A .text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70B5000A .text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 704F000A .text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 7070000A .text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 706D000A .text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 70A0000A .text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 7052000A .text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 705B000A .text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 7133000A .text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 7055000A .text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70B2000A .text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 713F000A .text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 709A000A .text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 70D6000A .text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1260] ADVAPI32.dll!RegOpenKeyExW 77DC6AAF 6 Bytes JMP 70F1000A .text C:\WINDOWS\system32\svchost.exe[1260] ADVAPI32.dll!RegQueryValueExW 77DC6FFF 6 Bytes JMP 70DF000A .text C:\WINDOWS\system32\svchost.exe[1260] ADVAPI32.dll!RegCreateKeyExW 77DC776C 6 Bytes JMP 7103000A .text C:\WINDOWS\system32\svchost.exe[1260] ADVAPI32.dll!RegOpenKeyExA 77DC7852 6 Bytes JMP 70F4000A .text C:\WINDOWS\system32\svchost.exe[1260] ADVAPI32.dll!RegOpenKeyW 77DC7946 6 Bytes JMP 70F7000A .text C:\WINDOWS\system32\svchost.exe[1260] ADVAPI32.dll!OpenProcessToken 77DC798B 6 Bytes JMP 7097000A .text C:\WINDOWS\system32\svchost.exe[1260] ADVAPI32.dll!RegQueryValueExA 77DC7ABB 6 Bytes JMP 70E2000A .text C:\WINDOWS\system32\svchost.exe[1260] ADVAPI32.dll!RegSetValueExW 77DCD767 6 Bytes JMP 70EB000A .text C:\WINDOWS\system32\svchost.exe[1260] ADVAPI32.dll!RegQueryValueW 77DCD87A 6 Bytes JMP 70E5000A .text C:\WINDOWS\system32\svchost.exe[1260] ADVAPI32.dll!RegCreateKeyExA 77DCE9F4 6 Bytes JMP 7106000A .text C:\WINDOWS\system32\svchost.exe[1260] ADVAPI32.dll!RegSetValueExA 77DCEAE7 6 Bytes JMP 70EE000A .text C:\WINDOWS\system32\svchost.exe[1260] ADVAPI32.dll!RegOpenKeyA 77DCEFC8 6 Bytes JMP 70FA000A .text C:\WINDOWS\system32\svchost.exe[1260] ADVAPI32.dll!AdjustTokenPrivileges 77DCF00C 6 Bytes JMP 708E000A .text C:\WINDOWS\system32\svchost.exe[1260] ADVAPI32.dll!RegDeleteKeyA 77DD42A0 6 Bytes JMP 706A000A .text C:\WINDOWS\system32\svchost.exe[1260] ADVAPI32.dll!RegDeleteKeyW 77DD559B 6 Bytes JMP 7067000A .text C:\WINDOWS\system32\svchost.exe[1260] ADVAPI32.dll!OpenSCManagerW 77DD6F55 6 Bytes JMP 70C7000A .text C:\WINDOWS\system32\svchost.exe[1260] ADVAPI32.dll!OpenSCManagerA 77DE69AE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1260] ADVAPI32.dll!OpenSCManagerA + 4 77DE69B2 2 Bytes [C9, 70] .text C:\WINDOWS\system32\svchost.exe[1260] ADVAPI32.dll!LookupPrivilegeValueW 77DEB8DF 6 Bytes JMP 7091000A .text C:\WINDOWS\system32\svchost.exe[1260] ADVAPI32.dll!RegCreateKeyW 77DEBA55 6 Bytes JMP 70FD000A .text C:\WINDOWS\system32\svchost.exe[1260] ADVAPI32.dll!RegQueryValueA 77DEBB8D 6 Bytes JMP 70E8000A .text C:\WINDOWS\system32\svchost.exe[1260] ADVAPI32.dll!RegCreateKeyA 77DEBCF3 6 Bytes JMP 7100000A .text C:\WINDOWS\system32\svchost.exe[1260] ADVAPI32.dll!LookupPrivilegeValueA 77DEC238 6 Bytes JMP 7094000A .text C:\WINDOWS\system32\svchost.exe[1260] ADVAPI32.dll!LsaRemoveAccountRights 77E0AC91 6 Bytes JMP 7168000A .text C:\WINDOWS\system32\svchost.exe[1260] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\svchost.exe[1260] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\svchost.exe[1260] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\svchost.exe[1260] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\svchost.exe[1260] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\svchost.exe[1260] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\svchost.exe[1260] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\svchost.exe[1260] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\svchost.exe[1260] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\svchost.exe[1260] USER32.dll!SetWindowTextW 7E37960E 6 Bytes JMP 7061000A .text C:\WINDOWS\system32\svchost.exe[1260] USER32.dll!GetKeyState 7E379ED9 6 Bytes JMP 7130000A .text C:\WINDOWS\system32\svchost.exe[1260] USER32.dll!GetWindowTextW 7E37A5CD 6 Bytes JMP 70C1000A .text C:\WINDOWS\system32\svchost.exe[1260] USER32.dll!GetAsyncKeyState 7E37A78F 6 Bytes JMP 712D000A .text C:\WINDOWS\system32\svchost.exe[1260] USER32.dll!ShowWindow 7E37AF56 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1260] USER32.dll!ShowWindow + 4 7E37AF5A 2 Bytes [BD, 70] .text C:\WINDOWS\system32\svchost.exe[1260] USER32.dll!CreateWindowExW 7E37D0A3 6 Bytes JMP 7073000A .text C:\WINDOWS\system32\svchost.exe[1260] USER32.dll!GetKeyboardState 7E37D226 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1260] USER32.dll!GetKeyboardState + 4 7E37D22A 2 Bytes [29, 71] .text C:\WINDOWS\system32\svchost.exe[1260] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\svchost.exe[1260] USER32.dll!DrawTextW 7E37D7E2 6 Bytes JMP 7079000A .text C:\WINDOWS\system32\svchost.exe[1260] USER32.dll!CreateWindowExA 7E37E4A9 6 Bytes JMP 7076000A .text C:\WINDOWS\system32\svchost.exe[1260] USER32.dll!SetWindowTextA 7E37F56B 6 Bytes JMP 7064000A .text C:\WINDOWS\system32\svchost.exe[1260] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\svchost.exe[1260] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\svchost.exe[1260] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\svchost.exe[1260] USER32.dll!GetWindowTextA 7E38216B 6 Bytes JMP 70C4000A .text C:\WINDOWS\system32\svchost.exe[1260] USER32.dll!DrawTextA 7E38C702 6 Bytes JMP 707C000A .text C:\WINDOWS\system32\svchost.exe[1260] USER32.dll!DdeConnect 7E3A81C3 6 Bytes JMP 7127000A .text C:\WINDOWS\system32\svchost.exe[1260] USER32.dll!EndTask 7E3AA0A5 6 Bytes JMP 713C000A .text C:\WINDOWS\system32\svchost.exe[1260] USER32.dll!RegisterRawInputDevices 7E3BCE0E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1260] USER32.dll!RegisterRawInputDevices + 4 7E3BCE12 2 Bytes [11, 71] .text C:\WINDOWS\system32\svchost.exe[1260] SHELL32.dll!ShellExecuteExW 7CA098CB 6 Bytes JMP 7142000A .text C:\WINDOWS\system32\svchost.exe[1260] SHELL32.dll!Shell_NotifyIcon 7CA28BC6 6 Bytes JMP 70AC000A .text C:\WINDOWS\system32\svchost.exe[1260] SHELL32.dll!Shell_NotifyIconW 7CA2A537 6 Bytes JMP 70A9000A .text C:\WINDOWS\system32\svchost.exe[1260] SHELL32.dll!ShellExecuteEx 7CA40E45 6 Bytes JMP 7145000A .text C:\WINDOWS\system32\svchost.exe[1260] SHELL32.dll!ShellExecuteA 7CA41170 6 Bytes JMP 714B000A .text C:\WINDOWS\system32\svchost.exe[1260] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 7148000A .text C:\WINDOWS\RTHDCPL.EXE[1300] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\RTHDCPL.EXE[1300] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [20, 71] .text C:\WINDOWS\RTHDCPL.EXE[1300] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\RTHDCPL.EXE[1300] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [38, 71] .text C:\WINDOWS\RTHDCPL.EXE[1300] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text C:\WINDOWS\RTHDCPL.EXE[1300] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\RTHDCPL.EXE[1300] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text C:\WINDOWS\RTHDCPL.EXE[1300] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70A6000A .text C:\WINDOWS\RTHDCPL.EXE[1300] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70D9000A .text C:\WINDOWS\RTHDCPL.EXE[1300] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7124000A .text C:\WINDOWS\RTHDCPL.EXE[1300] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70CD000A .text C:\WINDOWS\RTHDCPL.EXE[1300] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 716B000A .text C:\WINDOWS\RTHDCPL.EXE[1300] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 715F000A .text C:\WINDOWS\RTHDCPL.EXE[1300] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7165000A .text C:\WINDOWS\RTHDCPL.EXE[1300] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7162000A .text C:\WINDOWS\RTHDCPL.EXE[1300] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 714E000A .text C:\WINDOWS\RTHDCPL.EXE[1300] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7151000A .text C:\WINDOWS\RTHDCPL.EXE[1300] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 70D0000A .text C:\WINDOWS\RTHDCPL.EXE[1300] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 707F000A .text C:\WINDOWS\RTHDCPL.EXE[1300] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70BB000A .text C:\WINDOWS\RTHDCPL.EXE[1300] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 705E000A .text C:\WINDOWS\RTHDCPL.EXE[1300] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 710F000A .text C:\WINDOWS\RTHDCPL.EXE[1300] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 715C000A .text C:\WINDOWS\RTHDCPL.EXE[1300] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 7088000A .text C:\WINDOWS\RTHDCPL.EXE[1300] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 708B000A .text C:\WINDOWS\RTHDCPL.EXE[1300] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 7082000A .text C:\WINDOWS\RTHDCPL.EXE[1300] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 7085000A .text C:\WINDOWS\RTHDCPL.EXE[1300] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 7109000A .text C:\WINDOWS\RTHDCPL.EXE[1300] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\RTHDCPL.EXE[1300] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [6D, 71] .text C:\WINDOWS\RTHDCPL.EXE[1300] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 70D3000A .text C:\WINDOWS\RTHDCPL.EXE[1300] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 70DC000A .text C:\WINDOWS\RTHDCPL.EXE[1300] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 709D000A .text C:\WINDOWS\RTHDCPL.EXE[1300] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 7136000A .text C:\WINDOWS\RTHDCPL.EXE[1300] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 7058000A .text C:\WINDOWS\RTHDCPL.EXE[1300] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70A3000A .text C:\WINDOWS\RTHDCPL.EXE[1300] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 710C000A .text C:\WINDOWS\RTHDCPL.EXE[1300] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70AF000A .text C:\WINDOWS\RTHDCPL.EXE[1300] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70B8000A .text C:\WINDOWS\RTHDCPL.EXE[1300] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70B5000A .text C:\WINDOWS\RTHDCPL.EXE[1300] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 704F000A .text C:\WINDOWS\RTHDCPL.EXE[1300] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 7070000A .text C:\WINDOWS\RTHDCPL.EXE[1300] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 706D000A .text C:\WINDOWS\RTHDCPL.EXE[1300] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 70A0000A .text C:\WINDOWS\RTHDCPL.EXE[1300] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 7052000A .text C:\WINDOWS\RTHDCPL.EXE[1300] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 705B000A .text C:\WINDOWS\RTHDCPL.EXE[1300] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 7133000A .text C:\WINDOWS\RTHDCPL.EXE[1300] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 7055000A .text C:\WINDOWS\RTHDCPL.EXE[1300] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70B2000A .text C:\WINDOWS\RTHDCPL.EXE[1300] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 713F000A .text C:\WINDOWS\RTHDCPL.EXE[1300] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 709A000A .text C:\WINDOWS\RTHDCPL.EXE[1300] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 70D6000A .text C:\WINDOWS\RTHDCPL.EXE[1300] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\RTHDCPL.EXE[1300] ADVAPI32.dll!RegOpenKeyExW 77DC6AAF 6 Bytes JMP 70F1000A .text C:\WINDOWS\RTHDCPL.EXE[1300] ADVAPI32.dll!RegQueryValueExW 77DC6FFF 6 Bytes JMP 70DF000A .text C:\WINDOWS\RTHDCPL.EXE[1300] ADVAPI32.dll!RegCreateKeyExW 77DC776C 6 Bytes JMP 7103000A .text C:\WINDOWS\RTHDCPL.EXE[1300] ADVAPI32.dll!RegOpenKeyExA 77DC7852 6 Bytes JMP 70F4000A .text C:\WINDOWS\RTHDCPL.EXE[1300] ADVAPI32.dll!RegOpenKeyW 77DC7946 6 Bytes JMP 70F7000A .text C:\WINDOWS\RTHDCPL.EXE[1300] ADVAPI32.dll!OpenProcessToken 77DC798B 6 Bytes JMP 7097000A .text C:\WINDOWS\RTHDCPL.EXE[1300] ADVAPI32.dll!RegQueryValueExA 77DC7ABB 6 Bytes JMP 70E2000A .text C:\WINDOWS\RTHDCPL.EXE[1300] ADVAPI32.dll!RegSetValueExW 77DCD767 6 Bytes JMP 70EB000A .text C:\WINDOWS\RTHDCPL.EXE[1300] ADVAPI32.dll!RegQueryValueW 77DCD87A 6 Bytes JMP 70E5000A .text C:\WINDOWS\RTHDCPL.EXE[1300] ADVAPI32.dll!RegCreateKeyExA 77DCE9F4 6 Bytes JMP 7106000A .text C:\WINDOWS\RTHDCPL.EXE[1300] ADVAPI32.dll!RegSetValueExA 77DCEAE7 6 Bytes JMP 70EE000A .text C:\WINDOWS\RTHDCPL.EXE[1300] ADVAPI32.dll!RegOpenKeyA 77DCEFC8 6 Bytes JMP 70FA000A .text C:\WINDOWS\RTHDCPL.EXE[1300] ADVAPI32.dll!AdjustTokenPrivileges 77DCF00C 6 Bytes JMP 708E000A .text C:\WINDOWS\RTHDCPL.EXE[1300] ADVAPI32.dll!RegDeleteKeyA 77DD42A0 6 Bytes JMP 706A000A .text C:\WINDOWS\RTHDCPL.EXE[1300] ADVAPI32.dll!RegDeleteKeyW 77DD559B 6 Bytes JMP 7067000A .text C:\WINDOWS\RTHDCPL.EXE[1300] ADVAPI32.dll!OpenSCManagerW 77DD6F55 6 Bytes JMP 70C7000A .text C:\WINDOWS\RTHDCPL.EXE[1300] ADVAPI32.dll!OpenSCManagerA 77DE69AE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\RTHDCPL.EXE[1300] ADVAPI32.dll!OpenSCManagerA + 4 77DE69B2 2 Bytes [C9, 70] .text C:\WINDOWS\RTHDCPL.EXE[1300] ADVAPI32.dll!LookupPrivilegeValueW 77DEB8DF 6 Bytes JMP 7091000A .text C:\WINDOWS\RTHDCPL.EXE[1300] ADVAPI32.dll!RegCreateKeyW 77DEBA55 6 Bytes JMP 70FD000A .text C:\WINDOWS\RTHDCPL.EXE[1300] ADVAPI32.dll!RegQueryValueA 77DEBB8D 6 Bytes JMP 70E8000A .text C:\WINDOWS\RTHDCPL.EXE[1300] ADVAPI32.dll!RegCreateKeyA 77DEBCF3 6 Bytes JMP 7100000A .text C:\WINDOWS\RTHDCPL.EXE[1300] ADVAPI32.dll!LookupPrivilegeValueA 77DEC238 6 Bytes JMP 7094000A .text C:\WINDOWS\RTHDCPL.EXE[1300] ADVAPI32.dll!LsaRemoveAccountRights 77E0AC91 6 Bytes JMP 7168000A .text C:\WINDOWS\RTHDCPL.EXE[1300] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003D1014 .text C:\WINDOWS\RTHDCPL.EXE[1300] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003D0804 .text C:\WINDOWS\RTHDCPL.EXE[1300] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003D0A08 .text C:\WINDOWS\RTHDCPL.EXE[1300] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003D0C0C .text C:\WINDOWS\RTHDCPL.EXE[1300] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003D0E10 .text C:\WINDOWS\RTHDCPL.EXE[1300] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003D01F8 .text C:\WINDOWS\RTHDCPL.EXE[1300] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003D03FC .text C:\WINDOWS\RTHDCPL.EXE[1300] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003D0600 .text C:\WINDOWS\RTHDCPL.EXE[1300] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003E0804 .text C:\WINDOWS\RTHDCPL.EXE[1300] USER32.dll!SetWindowTextW 7E37960E 6 Bytes JMP 7061000A .text C:\WINDOWS\RTHDCPL.EXE[1300] USER32.dll!GetKeyState 7E379ED9 6 Bytes JMP 7130000A .text C:\WINDOWS\RTHDCPL.EXE[1300] USER32.dll!GetWindowTextW 7E37A5CD 6 Bytes JMP 70C1000A .text C:\WINDOWS\RTHDCPL.EXE[1300] USER32.dll!GetAsyncKeyState 7E37A78F 6 Bytes JMP 712D000A .text C:\WINDOWS\RTHDCPL.EXE[1300] USER32.dll!ShowWindow 7E37AF56 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\RTHDCPL.EXE[1300] USER32.dll!ShowWindow + 4 7E37AF5A 2 Bytes [BD, 70] .text C:\WINDOWS\RTHDCPL.EXE[1300] USER32.dll!CreateWindowExW 7E37D0A3 6 Bytes JMP 7073000A .text C:\WINDOWS\RTHDCPL.EXE[1300] USER32.dll!GetKeyboardState 7E37D226 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\RTHDCPL.EXE[1300] USER32.dll!GetKeyboardState + 4 7E37D22A 2 Bytes [29, 71] .text C:\WINDOWS\RTHDCPL.EXE[1300] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003E0A08 .text C:\WINDOWS\RTHDCPL.EXE[1300] USER32.dll!DrawTextW 7E37D7E2 6 Bytes JMP 7079000A .text C:\WINDOWS\RTHDCPL.EXE[1300] USER32.dll!CreateWindowExA 7E37E4A9 6 Bytes JMP 7076000A .text C:\WINDOWS\RTHDCPL.EXE[1300] USER32.dll!SetWindowTextA 7E37F56B 6 Bytes JMP 7064000A .text C:\WINDOWS\RTHDCPL.EXE[1300] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003E0600 .text C:\WINDOWS\RTHDCPL.EXE[1300] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003E01F8 .text C:\WINDOWS\RTHDCPL.EXE[1300] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003E03FC .text C:\WINDOWS\RTHDCPL.EXE[1300] USER32.dll!GetWindowTextA 7E38216B 6 Bytes JMP 70C4000A .text C:\WINDOWS\RTHDCPL.EXE[1300] USER32.dll!DrawTextA 7E38C702 6 Bytes JMP 707C000A .text C:\WINDOWS\RTHDCPL.EXE[1300] USER32.dll!DdeConnect 7E3A81C3 6 Bytes JMP 7127000A .text C:\WINDOWS\RTHDCPL.EXE[1300] USER32.dll!EndTask 7E3AA0A5 6 Bytes JMP 713C000A .text C:\WINDOWS\RTHDCPL.EXE[1300] USER32.dll!RegisterRawInputDevices 7E3BCE0E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\RTHDCPL.EXE[1300] USER32.dll!RegisterRawInputDevices + 4 7E3BCE12 2 Bytes [11, 71] .text C:\WINDOWS\RTHDCPL.EXE[1300] SHELL32.dll!ShellExecuteExW 7CA098CB 6 Bytes JMP 7142000A .text C:\WINDOWS\RTHDCPL.EXE[1300] SHELL32.dll!Shell_NotifyIcon 7CA28BC6 6 Bytes JMP 70AC000A .text C:\WINDOWS\RTHDCPL.EXE[1300] SHELL32.dll!Shell_NotifyIconW 7CA2A537 6 Bytes JMP 70A9000A .text C:\WINDOWS\RTHDCPL.EXE[1300] SHELL32.dll!ShellExecuteEx 7CA40E45 6 Bytes JMP 7145000A .text C:\WINDOWS\RTHDCPL.EXE[1300] SHELL32.dll!ShellExecuteA 7CA41170 6 Bytes JMP 714B000A .text C:\WINDOWS\RTHDCPL.EXE[1300] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 7148000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1304] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1304] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [20, 71] .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1304] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1304] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [38, 71] .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1304] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000501F8 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1304] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1304] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000503FC .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1304] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70A6000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1304] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70D9000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1304] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7124000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1304] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70CD000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1304] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 716B000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1304] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 715F000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1304] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7165000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1304] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7162000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1304] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 714E000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1304] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7151000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1304] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 70D0000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1304] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 707F000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1304] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70BB000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1304] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 705E000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1304] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 710F000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1304] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 715C000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1304] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 7088000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1304] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 708B000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1304] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 7082000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1304] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 7085000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1304] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 7109000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1304] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E] .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1304] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [6D, 71] .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1304] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 70D3000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1304] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 70DC000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1304] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 709D000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1304] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 7136000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1304] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 7058000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1304] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70A3000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1304] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 710C000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1304] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70AF000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1304] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70B8000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1304] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70B5000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1304] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 704F000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1304] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 7070000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1304] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 706D000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1304] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 70A0000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1304] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 7052000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1304] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 705B000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1304] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 7133000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1304] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 7055000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1304] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70B2000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1304] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 713F000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1304] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 709A000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1304] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 70D6000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1304] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1304] ADVAPI32.dll!RegOpenKeyExW 77DC6AAF 6 Bytes JMP 70F1000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1304] ADVAPI32.dll!RegQueryValueExW 77DC6FFF 6 Bytes JMP 70DF000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1304] ADVAPI32.dll!RegCreateKeyExW 77DC776C 6 Bytes JMP 7103000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1304] ADVAPI32.dll!RegOpenKeyExA 77DC7852 6 Bytes JMP 70F4000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1304] ADVAPI32.dll!RegOpenKeyW 77DC7946 6 Bytes JMP 70F7000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1304] ADVAPI32.dll!OpenProcessToken 77DC798B 6 Bytes JMP 7097000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1304] ADVAPI32.dll!RegQueryValueExA 77DC7ABB 6 Bytes JMP 70E2000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1304] ADVAPI32.dll!RegSetValueExW 77DCD767 6 Bytes JMP 70EB000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1304] ADVAPI32.dll!RegQueryValueW 77DCD87A 6 Bytes JMP 70E5000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1304] ADVAPI32.dll!RegCreateKeyExA 77DCE9F4 6 Bytes JMP 7106000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1304] ADVAPI32.dll!RegSetValueExA 77DCEAE7 6 Bytes JMP 70EE000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1304] ADVAPI32.dll!RegOpenKeyA 77DCEFC8 6 Bytes JMP 70FA000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1304] ADVAPI32.dll!AdjustTokenPrivileges 77DCF00C 6 Bytes JMP 708E000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1304] ADVAPI32.dll!RegDeleteKeyA 77DD42A0 6 Bytes JMP 706A000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1304] ADVAPI32.dll!RegDeleteKeyW 77DD559B 6 Bytes JMP 7067000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1304] ADVAPI32.dll!OpenSCManagerW 77DD6F55 6 Bytes JMP 70C7000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1304] ADVAPI32.dll!OpenSCManagerA 77DE69AE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1304] ADVAPI32.dll!OpenSCManagerA + 4 77DE69B2 2 Bytes [C9, 70] .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1304] ADVAPI32.dll!LookupPrivilegeValueW 77DEB8DF 6 Bytes JMP 7091000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1304] ADVAPI32.dll!RegCreateKeyW 77DEBA55 6 Bytes JMP 70FD000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1304] ADVAPI32.dll!RegQueryValueA 77DEBB8D 6 Bytes JMP 70E8000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1304] ADVAPI32.dll!RegCreateKeyA 77DEBCF3 6 Bytes JMP 7100000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1304] ADVAPI32.dll!LookupPrivilegeValueA 77DEC238 6 Bytes JMP 7094000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1304] ADVAPI32.dll!LsaRemoveAccountRights 77E0AC91 6 Bytes JMP 7168000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1304] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 01081014 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1304] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 01080804 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1304] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 01080A08 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1304] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 01080C0C .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1304] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 01080E10 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1304] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 010801F8 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1304] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 010803FC .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1304] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 01080600 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1304] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 01090804 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1304] USER32.dll!SetWindowTextW 7E37960E 6 Bytes JMP 7061000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1304] USER32.dll!GetKeyState 7E379ED9 6 Bytes JMP 7130000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1304] USER32.dll!GetWindowTextW 7E37A5CD 6 Bytes JMP 70C1000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1304] USER32.dll!GetAsyncKeyState 7E37A78F 6 Bytes JMP 712D000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1304] USER32.dll!ShowWindow 7E37AF56 3 Bytes [FF, 25, 1E] .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1304] USER32.dll!ShowWindow + 4 7E37AF5A 2 Bytes [BD, 70] .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1304] USER32.dll!CreateWindowExW 7E37D0A3 6 Bytes JMP 7073000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1304] USER32.dll!GetKeyboardState 7E37D226 3 Bytes [FF, 25, 1E] .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1304] USER32.dll!GetKeyboardState + 4 7E37D22A 2 Bytes [29, 71] .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1304] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 01090A08 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1304] USER32.dll!DrawTextW 7E37D7E2 6 Bytes JMP 7079000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1304] USER32.dll!CreateWindowExA 7E37E4A9 6 Bytes JMP 7076000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1304] USER32.dll!SetWindowTextA 7E37F56B 6 Bytes JMP 7064000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1304] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 01090600 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1304] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 010901F8 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1304] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 010903FC .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1304] USER32.dll!GetWindowTextA 7E38216B 6 Bytes JMP 70C4000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1304] USER32.dll!DrawTextA 7E38C702 6 Bytes JMP 707C000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1304] USER32.dll!DdeConnect 7E3A81C3 6 Bytes JMP 7127000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1304] USER32.dll!EndTask 7E3AA0A5 6 Bytes JMP 713C000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1304] USER32.dll!RegisterRawInputDevices 7E3BCE0E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1304] USER32.dll!RegisterRawInputDevices + 4 7E3BCE12 2 Bytes [11, 71] .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1304] SHELL32.dll!ShellExecuteExW 7CA098CB 6 Bytes JMP 7142000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1304] SHELL32.dll!Shell_NotifyIcon 7CA28BC6 6 Bytes JMP 70AC000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1304] SHELL32.dll!Shell_NotifyIconW 7CA2A537 6 Bytes JMP 70A9000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1304] SHELL32.dll!ShellExecuteEx 7CA40E45 6 Bytes JMP 7145000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1304] SHELL32.dll!ShellExecuteA 7CA41170 6 Bytes JMP 714B000A .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1304] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 7148000A .text C:\WINDOWS\system32\svchost.exe[1352] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1352] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [20, 71] .text C:\WINDOWS\system32\svchost.exe[1352] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1352] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [38, 71] .text C:\WINDOWS\system32\svchost.exe[1352] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\svchost.exe[1352] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1352] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70A6000A .text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70D9000A .text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7124000A .text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70CD000A .text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 716B000A .text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 715F000A .text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7165000A .text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7162000A .text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 714E000A .text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7151000A .text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 70D0000A .text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 707F000A .text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70BB000A .text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 705E000A .text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 710F000A .text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 715C000A .text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 7088000A .text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 708B000A .text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 7082000A .text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 7085000A .text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 7109000A .text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [6D, 71] .text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 70D3000A .text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 70DC000A .text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 709D000A .text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 7136000A .text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 7058000A .text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70A3000A .text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 710C000A .text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70AF000A .text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70B8000A .text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70B5000A .text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 704F000A .text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 7070000A .text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 706D000A .text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 70A0000A .text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 7052000A .text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 705B000A .text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 7133000A .text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 7055000A .text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70B2000A .text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 713F000A .text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 709A000A .text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 70D6000A .text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1352] ADVAPI32.dll!RegOpenKeyExW 77DC6AAF 6 Bytes JMP 70F1000A .text C:\WINDOWS\system32\svchost.exe[1352] ADVAPI32.dll!RegQueryValueExW 77DC6FFF 6 Bytes JMP 70DF000A .text C:\WINDOWS\system32\svchost.exe[1352] ADVAPI32.dll!RegCreateKeyExW 77DC776C 6 Bytes JMP 7103000A .text C:\WINDOWS\system32\svchost.exe[1352] ADVAPI32.dll!RegOpenKeyExA 77DC7852 6 Bytes JMP 70F4000A .text C:\WINDOWS\system32\svchost.exe[1352] ADVAPI32.dll!RegOpenKeyW 77DC7946 6 Bytes JMP 70F7000A .text C:\WINDOWS\system32\svchost.exe[1352] ADVAPI32.dll!OpenProcessToken 77DC798B 6 Bytes JMP 7097000A .text C:\WINDOWS\system32\svchost.exe[1352] ADVAPI32.dll!RegQueryValueExA 77DC7ABB 6 Bytes JMP 70E2000A .text C:\WINDOWS\system32\svchost.exe[1352] ADVAPI32.dll!RegSetValueExW 77DCD767 6 Bytes JMP 70EB000A .text C:\WINDOWS\system32\svchost.exe[1352] ADVAPI32.dll!RegQueryValueW 77DCD87A 6 Bytes JMP 70E5000A .text C:\WINDOWS\system32\svchost.exe[1352] ADVAPI32.dll!RegCreateKeyExA 77DCE9F4 6 Bytes JMP 7106000A .text C:\WINDOWS\system32\svchost.exe[1352] ADVAPI32.dll!RegSetValueExA 77DCEAE7 6 Bytes JMP 70EE000A .text C:\WINDOWS\system32\svchost.exe[1352] ADVAPI32.dll!RegOpenKeyA 77DCEFC8 6 Bytes JMP 70FA000A .text C:\WINDOWS\system32\svchost.exe[1352] ADVAPI32.dll!AdjustTokenPrivileges 77DCF00C 6 Bytes JMP 708E000A .text C:\WINDOWS\system32\svchost.exe[1352] ADVAPI32.dll!RegDeleteKeyA 77DD42A0 6 Bytes JMP 706A000A .text C:\WINDOWS\system32\svchost.exe[1352] ADVAPI32.dll!RegDeleteKeyW 77DD559B 6 Bytes JMP 7067000A .text C:\WINDOWS\system32\svchost.exe[1352] ADVAPI32.dll!OpenSCManagerW 77DD6F55 6 Bytes JMP 70C7000A .text C:\WINDOWS\system32\svchost.exe[1352] ADVAPI32.dll!OpenSCManagerA 77DE69AE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1352] ADVAPI32.dll!OpenSCManagerA + 4 77DE69B2 2 Bytes [C9, 70] .text C:\WINDOWS\system32\svchost.exe[1352] ADVAPI32.dll!LookupPrivilegeValueW 77DEB8DF 6 Bytes JMP 7091000A .text C:\WINDOWS\system32\svchost.exe[1352] ADVAPI32.dll!RegCreateKeyW 77DEBA55 6 Bytes JMP 70FD000A .text C:\WINDOWS\system32\svchost.exe[1352] ADVAPI32.dll!RegQueryValueA 77DEBB8D 6 Bytes JMP 70E8000A .text C:\WINDOWS\system32\svchost.exe[1352] ADVAPI32.dll!RegCreateKeyA 77DEBCF3 6 Bytes JMP 7100000A .text C:\WINDOWS\system32\svchost.exe[1352] ADVAPI32.dll!LookupPrivilegeValueA 77DEC238 6 Bytes JMP 7094000A .text C:\WINDOWS\system32\svchost.exe[1352] ADVAPI32.dll!LsaRemoveAccountRights 77E0AC91 6 Bytes JMP 7168000A .text C:\WINDOWS\system32\svchost.exe[1352] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\svchost.exe[1352] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\svchost.exe[1352] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\svchost.exe[1352] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\svchost.exe[1352] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\svchost.exe[1352] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\svchost.exe[1352] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\svchost.exe[1352] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\svchost.exe[1352] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\svchost.exe[1352] USER32.dll!SetWindowTextW 7E37960E 6 Bytes JMP 7061000A .text C:\WINDOWS\system32\svchost.exe[1352] USER32.dll!GetKeyState 7E379ED9 6 Bytes JMP 7130000A .text C:\WINDOWS\system32\svchost.exe[1352] USER32.dll!GetWindowTextW 7E37A5CD 6 Bytes JMP 70C1000A .text C:\WINDOWS\system32\svchost.exe[1352] USER32.dll!GetAsyncKeyState 7E37A78F 6 Bytes JMP 712D000A .text C:\WINDOWS\system32\svchost.exe[1352] USER32.dll!ShowWindow 7E37AF56 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1352] USER32.dll!ShowWindow + 4 7E37AF5A 2 Bytes [BD, 70] .text C:\WINDOWS\system32\svchost.exe[1352] USER32.dll!CreateWindowExW 7E37D0A3 6 Bytes JMP 7073000A .text C:\WINDOWS\system32\svchost.exe[1352] USER32.dll!GetKeyboardState 7E37D226 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1352] USER32.dll!GetKeyboardState + 4 7E37D22A 2 Bytes [29, 71] .text C:\WINDOWS\system32\svchost.exe[1352] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\svchost.exe[1352] USER32.dll!DrawTextW 7E37D7E2 6 Bytes JMP 7079000A .text C:\WINDOWS\system32\svchost.exe[1352] USER32.dll!CreateWindowExA 7E37E4A9 6 Bytes JMP 7076000A .text C:\WINDOWS\system32\svchost.exe[1352] USER32.dll!SetWindowTextA 7E37F56B 6 Bytes JMP 7064000A .text C:\WINDOWS\system32\svchost.exe[1352] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\svchost.exe[1352] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\svchost.exe[1352] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\svchost.exe[1352] USER32.dll!GetWindowTextA 7E38216B 6 Bytes JMP 70C4000A .text C:\WINDOWS\system32\svchost.exe[1352] USER32.dll!DrawTextA 7E38C702 6 Bytes JMP 707C000A .text C:\WINDOWS\system32\svchost.exe[1352] USER32.dll!DdeConnect 7E3A81C3 6 Bytes JMP 7127000A .text C:\WINDOWS\system32\svchost.exe[1352] USER32.dll!EndTask 7E3AA0A5 6 Bytes JMP 713C000A .text C:\WINDOWS\system32\svchost.exe[1352] USER32.dll!RegisterRawInputDevices 7E3BCE0E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1352] USER32.dll!RegisterRawInputDevices + 4 7E3BCE12 2 Bytes [11, 71] .text C:\WINDOWS\system32\svchost.exe[1352] SHELL32.dll!ShellExecuteExW 7CA098CB 6 Bytes JMP 7142000A .text C:\WINDOWS\system32\svchost.exe[1352] SHELL32.dll!Shell_NotifyIcon 7CA28BC6 6 Bytes JMP 70AC000A .text C:\WINDOWS\system32\svchost.exe[1352] SHELL32.dll!Shell_NotifyIconW 7CA2A537 6 Bytes JMP 70A9000A .text C:\WINDOWS\system32\svchost.exe[1352] SHELL32.dll!ShellExecuteEx 7CA40E45 6 Bytes JMP 7145000A .text C:\WINDOWS\system32\svchost.exe[1352] SHELL32.dll!ShellExecuteA 7CA41170 6 Bytes JMP 714B000A .text C:\WINDOWS\system32\svchost.exe[1352] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 7148000A .text C:\WINDOWS\sm56hlpr.exe[1420] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\sm56hlpr.exe[1420] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [20, 71] .text C:\WINDOWS\sm56hlpr.exe[1420] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\sm56hlpr.exe[1420] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [38, 71] .text C:\WINDOWS\sm56hlpr.exe[1420] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text C:\WINDOWS\sm56hlpr.exe[1420] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\sm56hlpr.exe[1420] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text C:\WINDOWS\sm56hlpr.exe[1420] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70A6000A .text C:\WINDOWS\sm56hlpr.exe[1420] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70D9000A .text C:\WINDOWS\sm56hlpr.exe[1420] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7124000A .text C:\WINDOWS\sm56hlpr.exe[1420] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70CD000A .text C:\WINDOWS\sm56hlpr.exe[1420] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 716B000A .text C:\WINDOWS\sm56hlpr.exe[1420] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 715F000A .text C:\WINDOWS\sm56hlpr.exe[1420] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7165000A .text C:\WINDOWS\sm56hlpr.exe[1420] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7162000A .text C:\WINDOWS\sm56hlpr.exe[1420] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 714E000A .text C:\WINDOWS\sm56hlpr.exe[1420] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7151000A .text C:\WINDOWS\sm56hlpr.exe[1420] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 70D0000A .text C:\WINDOWS\sm56hlpr.exe[1420] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 707F000A .text C:\WINDOWS\sm56hlpr.exe[1420] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70BB000A .text C:\WINDOWS\sm56hlpr.exe[1420] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 705E000A .text C:\WINDOWS\sm56hlpr.exe[1420] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 710F000A .text C:\WINDOWS\sm56hlpr.exe[1420] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 715C000A .text C:\WINDOWS\sm56hlpr.exe[1420] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 7088000A .text C:\WINDOWS\sm56hlpr.exe[1420] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 708B000A .text C:\WINDOWS\sm56hlpr.exe[1420] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 7082000A .text C:\WINDOWS\sm56hlpr.exe[1420] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 7085000A .text C:\WINDOWS\sm56hlpr.exe[1420] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 7109000A .text C:\WINDOWS\sm56hlpr.exe[1420] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\sm56hlpr.exe[1420] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [6D, 71] .text C:\WINDOWS\sm56hlpr.exe[1420] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 70D3000A .text C:\WINDOWS\sm56hlpr.exe[1420] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 70DC000A .text C:\WINDOWS\sm56hlpr.exe[1420] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 709D000A .text C:\WINDOWS\sm56hlpr.exe[1420] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 7136000A .text C:\WINDOWS\sm56hlpr.exe[1420] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 7058000A .text C:\WINDOWS\sm56hlpr.exe[1420] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70A3000A .text C:\WINDOWS\sm56hlpr.exe[1420] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 710C000A .text C:\WINDOWS\sm56hlpr.exe[1420] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70AF000A .text C:\WINDOWS\sm56hlpr.exe[1420] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70B8000A .text C:\WINDOWS\sm56hlpr.exe[1420] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70B5000A .text C:\WINDOWS\sm56hlpr.exe[1420] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 704F000A .text C:\WINDOWS\sm56hlpr.exe[1420] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 7070000A .text C:\WINDOWS\sm56hlpr.exe[1420] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 706D000A .text C:\WINDOWS\sm56hlpr.exe[1420] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 70A0000A .text C:\WINDOWS\sm56hlpr.exe[1420] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 7052000A .text C:\WINDOWS\sm56hlpr.exe[1420] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 705B000A .text C:\WINDOWS\sm56hlpr.exe[1420] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 7133000A .text C:\WINDOWS\sm56hlpr.exe[1420] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 7055000A .text C:\WINDOWS\sm56hlpr.exe[1420] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70B2000A .text C:\WINDOWS\sm56hlpr.exe[1420] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 713F000A .text C:\WINDOWS\sm56hlpr.exe[1420] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 709A000A .text C:\WINDOWS\sm56hlpr.exe[1420] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 70D6000A .text C:\WINDOWS\sm56hlpr.exe[1420] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\sm56hlpr.exe[1420] ADVAPI32.dll!RegOpenKeyExW 77DC6AAF 6 Bytes JMP 70F1000A .text C:\WINDOWS\sm56hlpr.exe[1420] ADVAPI32.dll!RegQueryValueExW 77DC6FFF 6 Bytes JMP 70DF000A .text C:\WINDOWS\sm56hlpr.exe[1420] ADVAPI32.dll!RegCreateKeyExW 77DC776C 6 Bytes JMP 7103000A .text C:\WINDOWS\sm56hlpr.exe[1420] ADVAPI32.dll!RegOpenKeyExA 77DC7852 6 Bytes JMP 70F4000A .text C:\WINDOWS\sm56hlpr.exe[1420] ADVAPI32.dll!RegOpenKeyW 77DC7946 6 Bytes JMP 70F7000A .text C:\WINDOWS\sm56hlpr.exe[1420] ADVAPI32.dll!OpenProcessToken 77DC798B 6 Bytes JMP 7097000A .text C:\WINDOWS\sm56hlpr.exe[1420] ADVAPI32.dll!RegQueryValueExA 77DC7ABB 6 Bytes JMP 70E2000A .text C:\WINDOWS\sm56hlpr.exe[1420] ADVAPI32.dll!RegSetValueExW 77DCD767 6 Bytes JMP 70EB000A .text C:\WINDOWS\sm56hlpr.exe[1420] ADVAPI32.dll!RegQueryValueW 77DCD87A 6 Bytes JMP 70E5000A .text C:\WINDOWS\sm56hlpr.exe[1420] ADVAPI32.dll!RegCreateKeyExA 77DCE9F4 6 Bytes JMP 7106000A .text C:\WINDOWS\sm56hlpr.exe[1420] ADVAPI32.dll!RegSetValueExA 77DCEAE7 6 Bytes JMP 70EE000A .text C:\WINDOWS\sm56hlpr.exe[1420] ADVAPI32.dll!RegOpenKeyA 77DCEFC8 6 Bytes JMP 70FA000A .text C:\WINDOWS\sm56hlpr.exe[1420] ADVAPI32.dll!AdjustTokenPrivileges 77DCF00C 6 Bytes JMP 708E000A .text C:\WINDOWS\sm56hlpr.exe[1420] ADVAPI32.dll!RegDeleteKeyA 77DD42A0 6 Bytes JMP 706A000A .text C:\WINDOWS\sm56hlpr.exe[1420] ADVAPI32.dll!RegDeleteKeyW 77DD559B 6 Bytes JMP 7067000A .text C:\WINDOWS\sm56hlpr.exe[1420] ADVAPI32.dll!OpenSCManagerW 77DD6F55 6 Bytes JMP 70C7000A .text C:\WINDOWS\sm56hlpr.exe[1420] ADVAPI32.dll!OpenSCManagerA 77DE69AE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\sm56hlpr.exe[1420] ADVAPI32.dll!OpenSCManagerA + 4 77DE69B2 2 Bytes [C9, 70] .text C:\WINDOWS\sm56hlpr.exe[1420] ADVAPI32.dll!LookupPrivilegeValueW 77DEB8DF 6 Bytes JMP 7091000A .text C:\WINDOWS\sm56hlpr.exe[1420] ADVAPI32.dll!RegCreateKeyW 77DEBA55 6 Bytes JMP 70FD000A .text C:\WINDOWS\sm56hlpr.exe[1420] ADVAPI32.dll!RegQueryValueA 77DEBB8D 6 Bytes JMP 70E8000A .text C:\WINDOWS\sm56hlpr.exe[1420] ADVAPI32.dll!RegCreateKeyA 77DEBCF3 6 Bytes JMP 7100000A .text C:\WINDOWS\sm56hlpr.exe[1420] ADVAPI32.dll!LookupPrivilegeValueA 77DEC238 6 Bytes JMP 7094000A .text C:\WINDOWS\sm56hlpr.exe[1420] ADVAPI32.dll!LsaRemoveAccountRights 77E0AC91 6 Bytes JMP 7168000A .text C:\WINDOWS\sm56hlpr.exe[1420] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003D1014 .text C:\WINDOWS\sm56hlpr.exe[1420] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003D0804 .text C:\WINDOWS\sm56hlpr.exe[1420] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003D0A08 .text C:\WINDOWS\sm56hlpr.exe[1420] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003D0C0C .text C:\WINDOWS\sm56hlpr.exe[1420] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003D0E10 .text C:\WINDOWS\sm56hlpr.exe[1420] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003D01F8 .text C:\WINDOWS\sm56hlpr.exe[1420] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003D03FC .text C:\WINDOWS\sm56hlpr.exe[1420] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003D0600 .text C:\WINDOWS\sm56hlpr.exe[1420] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003E0804 .text C:\WINDOWS\sm56hlpr.exe[1420] USER32.dll!SetWindowTextW 7E37960E 6 Bytes JMP 7061000A .text C:\WINDOWS\sm56hlpr.exe[1420] USER32.dll!GetKeyState 7E379ED9 6 Bytes JMP 7130000A .text C:\WINDOWS\sm56hlpr.exe[1420] USER32.dll!GetWindowTextW 7E37A5CD 6 Bytes JMP 70C1000A .text C:\WINDOWS\sm56hlpr.exe[1420] USER32.dll!GetAsyncKeyState 7E37A78F 6 Bytes JMP 712D000A .text C:\WINDOWS\sm56hlpr.exe[1420] USER32.dll!ShowWindow 7E37AF56 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\sm56hlpr.exe[1420] USER32.dll!ShowWindow + 4 7E37AF5A 2 Bytes [BD, 70] .text C:\WINDOWS\sm56hlpr.exe[1420] USER32.dll!CreateWindowExW 7E37D0A3 6 Bytes JMP 7073000A .text C:\WINDOWS\sm56hlpr.exe[1420] USER32.dll!GetKeyboardState 7E37D226 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\sm56hlpr.exe[1420] USER32.dll!GetKeyboardState + 4 7E37D22A 2 Bytes [29, 71] .text C:\WINDOWS\sm56hlpr.exe[1420] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003E0A08 .text C:\WINDOWS\sm56hlpr.exe[1420] USER32.dll!DrawTextW 7E37D7E2 6 Bytes JMP 7079000A .text C:\WINDOWS\sm56hlpr.exe[1420] USER32.dll!CreateWindowExA 7E37E4A9 6 Bytes JMP 7076000A .text C:\WINDOWS\sm56hlpr.exe[1420] USER32.dll!SetWindowTextA 7E37F56B 6 Bytes JMP 7064000A .text C:\WINDOWS\sm56hlpr.exe[1420] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003E0600 .text C:\WINDOWS\sm56hlpr.exe[1420] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003E01F8 .text C:\WINDOWS\sm56hlpr.exe[1420] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003E03FC .text C:\WINDOWS\sm56hlpr.exe[1420] USER32.dll!GetWindowTextA 7E38216B 6 Bytes JMP 70C4000A .text C:\WINDOWS\sm56hlpr.exe[1420] USER32.dll!DrawTextA 7E38C702 6 Bytes JMP 707C000A .text C:\WINDOWS\sm56hlpr.exe[1420] USER32.dll!DdeConnect 7E3A81C3 6 Bytes JMP 7127000A .text C:\WINDOWS\sm56hlpr.exe[1420] USER32.dll!EndTask 7E3AA0A5 6 Bytes JMP 713C000A .text C:\WINDOWS\sm56hlpr.exe[1420] USER32.dll!RegisterRawInputDevices 7E3BCE0E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\sm56hlpr.exe[1420] USER32.dll!RegisterRawInputDevices + 4 7E3BCE12 2 Bytes [11, 71] .text C:\WINDOWS\sm56hlpr.exe[1420] SHELL32.dll!ShellExecuteExW 7CA098CB 6 Bytes JMP 7142000A .text C:\WINDOWS\sm56hlpr.exe[1420] SHELL32.dll!Shell_NotifyIcon 7CA28BC6 6 Bytes JMP 70AC000A .text C:\WINDOWS\sm56hlpr.exe[1420] SHELL32.dll!Shell_NotifyIconW 7CA2A537 6 Bytes JMP 70A9000A .text C:\WINDOWS\sm56hlpr.exe[1420] SHELL32.dll!ShellExecuteEx 7CA40E45 6 Bytes JMP 7145000A .text C:\WINDOWS\sm56hlpr.exe[1420] SHELL32.dll!ShellExecuteA 7CA41170 6 Bytes JMP 714B000A .text C:\WINDOWS\sm56hlpr.exe[1420] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 7148000A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1444] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1444] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [20, 71] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1444] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1444] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [38, 71] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1444] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1444] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1444] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1444] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70A6000A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1444] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70D9000A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1444] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7124000A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1444] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70CD000A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1444] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 716B000A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1444] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 715F000A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1444] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7165000A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1444] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7162000A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1444] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 714E000A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1444] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7151000A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1444] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 70D0000A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1444] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 7079000A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1444] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70BB000A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1444] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 7058000A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1444] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 710F000A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1444] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 715C000A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1444] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 7082000A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1444] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 7085000A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1444] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 707C000A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1444] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 707F000A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1444] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 7109000A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1444] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1444] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [6D, 71] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1444] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 70D3000A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1444] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 70DC000A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1444] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 7097000A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1444] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 7136000A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1444] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 7052000A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1444] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 709D000A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1444] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 710C000A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1444] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70AF000A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1444] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70B8000A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1444] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70B5000A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1444] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 7049000A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1444] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 706A000A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1444] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 7067000A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1444] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 709A000A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1444] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 704C000A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1444] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 7055000A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1444] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 7133000A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1444] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 704F000A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1444] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70B2000A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1444] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 713F000A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1444] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 7094000A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1444] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 70D6000A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1444] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1444] ADVAPI32.dll!RegOpenKeyExW 77DC6AAF 6 Bytes JMP 70F1000A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1444] ADVAPI32.dll!RegQueryValueExW 77DC6FFF 6 Bytes JMP 70DF000A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1444] ADVAPI32.dll!RegCreateKeyExW 77DC776C 6 Bytes JMP 7103000A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1444] ADVAPI32.dll!RegOpenKeyExA 77DC7852 6 Bytes JMP 70F4000A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1444] ADVAPI32.dll!RegOpenKeyW 77DC7946 6 Bytes JMP 70F7000A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1444] ADVAPI32.dll!OpenProcessToken 77DC798B 6 Bytes JMP 7091000A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1444] ADVAPI32.dll!RegQueryValueExA 77DC7ABB 6 Bytes JMP 70E2000A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1444] ADVAPI32.dll!RegSetValueExW 77DCD767 6 Bytes JMP 70EB000A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1444] ADVAPI32.dll!RegQueryValueW 77DCD87A 6 Bytes JMP 70E5000A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1444] ADVAPI32.dll!RegCreateKeyExA 77DCE9F4 6 Bytes JMP 7106000A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1444] ADVAPI32.dll!RegSetValueExA 77DCEAE7 6 Bytes JMP 70EE000A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1444] ADVAPI32.dll!RegOpenKeyA 77DCEFC8 6 Bytes JMP 70FA000A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1444] ADVAPI32.dll!AdjustTokenPrivileges 77DCF00C 6 Bytes JMP 7088000A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1444] ADVAPI32.dll!RegDeleteKeyA 77DD42A0 6 Bytes JMP 7064000A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1444] ADVAPI32.dll!RegDeleteKeyW 77DD559B 6 Bytes JMP 7061000A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1444] ADVAPI32.dll!OpenSCManagerW 77DD6F55 6 Bytes JMP 70C7000A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1444] ADVAPI32.dll!OpenSCManagerA 77DE69AE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1444] ADVAPI32.dll!OpenSCManagerA + 4 77DE69B2 2 Bytes [C9, 70] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1444] ADVAPI32.dll!LookupPrivilegeValueW 77DEB8DF 6 Bytes JMP 708B000A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1444] ADVAPI32.dll!RegCreateKeyW 77DEBA55 6 Bytes JMP 70FD000A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1444] ADVAPI32.dll!RegQueryValueA 77DEBB8D 6 Bytes JMP 70E8000A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1444] ADVAPI32.dll!RegCreateKeyA 77DEBCF3 6 Bytes JMP 7100000A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1444] ADVAPI32.dll!LookupPrivilegeValueA 77DEC238 6 Bytes JMP 708E000A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1444] ADVAPI32.dll!LsaRemoveAccountRights 77E0AC91 6 Bytes JMP 7168000A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1444] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003F1014 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1444] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003F0804 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1444] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003F0A08 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1444] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003F0C0C .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1444] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003F0E10 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1444] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003F01F8 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1444] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003F03FC .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1444] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003F0600 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1444] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00450804 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1444] USER32.dll!SetWindowTextW 7E37960E 6 Bytes JMP 705B000A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1444] USER32.dll!GetKeyState 7E379ED9 6 Bytes JMP 7130000A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1444] USER32.dll!GetWindowTextW 7E37A5CD 6 Bytes JMP 70C1000A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1444] USER32.dll!GetAsyncKeyState 7E37A78F 6 Bytes JMP 712D000A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1444] USER32.dll!ShowWindow 7E37AF56 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1444] USER32.dll!ShowWindow + 4 7E37AF5A 2 Bytes [BD, 70] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1444] USER32.dll!CreateWindowExW 7E37D0A3 6 Bytes JMP 706D000A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1444] USER32.dll!GetKeyboardState 7E37D226 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1444] USER32.dll!GetKeyboardState + 4 7E37D22A 2 Bytes [29, 71] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1444] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00450A08 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1444] USER32.dll!DrawTextW 7E37D7E2 6 Bytes JMP 7073000A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1444] USER32.dll!CreateWindowExA 7E37E4A9 6 Bytes JMP 7070000A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1444] USER32.dll!SetWindowTextA 7E37F56B 6 Bytes JMP 705E000A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1444] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00450600 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1444] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 004501F8 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1444] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 004503FC .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1444] USER32.dll!GetWindowTextA 7E38216B 6 Bytes JMP 70C4000A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1444] USER32.dll!DrawTextA 7E38C702 6 Bytes JMP 7076000A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1444] USER32.dll!DdeConnect 7E3A81C3 6 Bytes JMP 7127000A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1444] USER32.dll!EndTask 7E3AA0A5 6 Bytes JMP 713C000A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1444] USER32.dll!RegisterRawInputDevices 7E3BCE0E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1444] USER32.dll!RegisterRawInputDevices + 4 7E3BCE12 2 Bytes [11, 71] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1444] WININET.dll!InternetOpenUrlA 3FD1F3BC 6 Bytes JMP 70A3000A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1444] WININET.dll!InternetOpenUrlW 3FD66DFF 6 Bytes JMP 70A0000A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1444] SHELL32.dll!ShellExecuteExW 7CA098CB 6 Bytes JMP 7142000A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1444] SHELL32.dll!Shell_NotifyIcon 7CA28BC6 6 Bytes JMP 70AC000A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1444] SHELL32.dll!Shell_NotifyIconW 7CA2A537 6 Bytes JMP 70A9000A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1444] SHELL32.dll!ShellExecuteEx 7CA40E45 6 Bytes JMP 7145000A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1444] SHELL32.dll!ShellExecuteA 7CA41170 6 Bytes JMP 714B000A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1444] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 7148000A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1444] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 288C4930 C:\Program Files\SpeedBit Video Accelerator\Accelerator.dll (Accelerator/SpeedBit Ltd.) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1444] WS2_32.dll!gethostbyname 71A55355 5 Bytes JMP 288C4CD0 C:\Program Files\SpeedBit Video Accelerator\Accelerator.dll (Accelerator/SpeedBit Ltd.) .text C:\WINDOWS\System32\svchost.exe[1456] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\svchost.exe[1456] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [1D, 71] .text C:\WINDOWS\System32\svchost.exe[1456] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\svchost.exe[1456] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [35, 71] .text C:\WINDOWS\System32\svchost.exe[1456] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\System32\svchost.exe[1456] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1456] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\System32\svchost.exe[1456] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70A2000A .text C:\WINDOWS\System32\svchost.exe[1456] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70D5000A .text C:\WINDOWS\System32\svchost.exe[1456] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7121000A .text C:\WINDOWS\System32\svchost.exe[1456] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70C9000A .text C:\WINDOWS\System32\svchost.exe[1456] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 7168000A .text C:\WINDOWS\System32\svchost.exe[1456] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 715C000A .text C:\WINDOWS\System32\svchost.exe[1456] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7162000A .text C:\WINDOWS\System32\svchost.exe[1456] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 715F000A .text C:\WINDOWS\System32\svchost.exe[1456] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 714B000A .text C:\WINDOWS\System32\svchost.exe[1456] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 714E000A .text C:\WINDOWS\System32\svchost.exe[1456] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 70CC000A .text C:\WINDOWS\System32\svchost.exe[1456] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 7075000A .text C:\WINDOWS\System32\svchost.exe[1456] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70B7000A .text C:\WINDOWS\System32\svchost.exe[1456] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 7054000A .text C:\WINDOWS\System32\svchost.exe[1456] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 710C000A .text C:\WINDOWS\System32\svchost.exe[1456] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 7159000A .text C:\WINDOWS\System32\svchost.exe[1456] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 707E000A .text C:\WINDOWS\System32\svchost.exe[1456] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 7081000A .text C:\WINDOWS\System32\svchost.exe[1456] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 7078000A .text C:\WINDOWS\System32\svchost.exe[1456] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 707B000A .text C:\WINDOWS\System32\svchost.exe[1456] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 7106000A .text C:\WINDOWS\System32\svchost.exe[1456] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\svchost.exe[1456] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [6D, 71] .text C:\WINDOWS\System32\svchost.exe[1456] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 70CF000A .text C:\WINDOWS\System32\svchost.exe[1456] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 70D8000A .text C:\WINDOWS\System32\svchost.exe[1456] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 7093000A .text C:\WINDOWS\System32\svchost.exe[1456] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 7133000A .text C:\WINDOWS\System32\svchost.exe[1456] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 704E000A .text C:\WINDOWS\System32\svchost.exe[1456] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 7099000A .text C:\WINDOWS\System32\svchost.exe[1456] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 7109000A .text C:\WINDOWS\System32\svchost.exe[1456] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70AB000A .text C:\WINDOWS\System32\svchost.exe[1456] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70B4000A .text C:\WINDOWS\System32\svchost.exe[1456] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70B1000A .text C:\WINDOWS\System32\svchost.exe[1456] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 7045000A .text C:\WINDOWS\System32\svchost.exe[1456] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 7066000A .text C:\WINDOWS\System32\svchost.exe[1456] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 7063000A .text C:\WINDOWS\System32\svchost.exe[1456] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 7096000A .text C:\WINDOWS\System32\svchost.exe[1456] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 7048000A .text C:\WINDOWS\System32\svchost.exe[1456] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 7051000A .text C:\WINDOWS\System32\svchost.exe[1456] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 7130000A .text C:\WINDOWS\System32\svchost.exe[1456] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 704B000A .text C:\WINDOWS\System32\svchost.exe[1456] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70AE000A .text C:\WINDOWS\System32\svchost.exe[1456] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 713C000A .text C:\WINDOWS\System32\svchost.exe[1456] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 7090000A .text C:\WINDOWS\System32\svchost.exe[1456] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 70D2000A .text C:\WINDOWS\System32\svchost.exe[1456] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1456] ADVAPI32.dll!RegOpenKeyExW 77DC6AAF 6 Bytes JMP 70EE000A .text C:\WINDOWS\System32\svchost.exe[1456] ADVAPI32.dll!RegQueryValueExW 77DC6FFF 6 Bytes JMP 70DB000A .text C:\WINDOWS\System32\svchost.exe[1456] ADVAPI32.dll!RegCreateKeyExW 77DC776C 6 Bytes JMP 7100000A .text C:\WINDOWS\System32\svchost.exe[1456] ADVAPI32.dll!RegOpenKeyExA 77DC7852 6 Bytes JMP 70F1000A .text C:\WINDOWS\System32\svchost.exe[1456] ADVAPI32.dll!RegOpenKeyW 77DC7946 6 Bytes JMP 70F4000A .text C:\WINDOWS\System32\svchost.exe[1456] ADVAPI32.dll!OpenProcessToken 77DC798B 6 Bytes JMP 708D000A .text C:\WINDOWS\System32\svchost.exe[1456] ADVAPI32.dll!RegQueryValueExA 77DC7ABB 6 Bytes JMP 70DE000A .text C:\WINDOWS\System32\svchost.exe[1456] ADVAPI32.dll!RegSetValueExW 77DCD767 6 Bytes JMP 70E8000A .text C:\WINDOWS\System32\svchost.exe[1456] ADVAPI32.dll!RegQueryValueW 77DCD87A 6 Bytes JMP 70E2000A .text C:\WINDOWS\System32\svchost.exe[1456] ADVAPI32.dll!RegCreateKeyExA 77DCE9F4 6 Bytes JMP 7103000A .text C:\WINDOWS\System32\svchost.exe[1456] ADVAPI32.dll!RegSetValueExA 77DCEAE7 6 Bytes JMP 70EB000A .text C:\WINDOWS\System32\svchost.exe[1456] ADVAPI32.dll!RegOpenKeyA 77DCEFC8 6 Bytes JMP 70F7000A .text C:\WINDOWS\System32\svchost.exe[1456] ADVAPI32.dll!AdjustTokenPrivileges 77DCF00C 6 Bytes JMP 7084000A .text C:\WINDOWS\System32\svchost.exe[1456] ADVAPI32.dll!RegDeleteKeyA 77DD42A0 6 Bytes JMP 7060000A .text C:\WINDOWS\System32\svchost.exe[1456] ADVAPI32.dll!RegDeleteKeyW 77DD559B 6 Bytes JMP 705D000A .text C:\WINDOWS\System32\svchost.exe[1456] ADVAPI32.dll!OpenSCManagerW 77DD6F55 6 Bytes JMP 70C3000A .text C:\WINDOWS\System32\svchost.exe[1456] ADVAPI32.dll!OpenSCManagerA 77DE69AE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\svchost.exe[1456] ADVAPI32.dll!OpenSCManagerA + 4 77DE69B2 2 Bytes [C5, 70] .text C:\WINDOWS\System32\svchost.exe[1456] ADVAPI32.dll!LookupPrivilegeValueW 77DEB8DF 6 Bytes JMP 7087000A .text C:\WINDOWS\System32\svchost.exe[1456] ADVAPI32.dll!RegCreateKeyW 77DEBA55 6 Bytes JMP 70FA000A .text C:\WINDOWS\System32\svchost.exe[1456] ADVAPI32.dll!RegQueryValueA 77DEBB8D 6 Bytes JMP 70E5000A .text C:\WINDOWS\System32\svchost.exe[1456] ADVAPI32.dll!RegCreateKeyA 77DEBCF3 6 Bytes JMP 70FD000A .text C:\WINDOWS\System32\svchost.exe[1456] ADVAPI32.dll!LookupPrivilegeValueA 77DEC238 6 Bytes JMP 708A000A .text C:\WINDOWS\System32\svchost.exe[1456] ADVAPI32.dll!LsaRemoveAccountRights 77E0AC91 6 Bytes JMP 7165000A .text C:\WINDOWS\System32\svchost.exe[1456] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\System32\svchost.exe[1456] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\System32\svchost.exe[1456] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\System32\svchost.exe[1456] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\System32\svchost.exe[1456] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\System32\svchost.exe[1456] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\System32\svchost.exe[1456] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\WINDOWS\System32\svchost.exe[1456] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\System32\svchost.exe[1456] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\System32\svchost.exe[1456] USER32.dll!SetWindowTextW 7E37960E 6 Bytes JMP 7057000A .text C:\WINDOWS\System32\svchost.exe[1456] USER32.dll!GetKeyState 7E379ED9 6 Bytes JMP 712D000A .text C:\WINDOWS\System32\svchost.exe[1456] USER32.dll!GetWindowTextW 7E37A5CD 6 Bytes JMP 70BD000A .text C:\WINDOWS\System32\svchost.exe[1456] USER32.dll!GetAsyncKeyState 7E37A78F 6 Bytes JMP 712A000A .text C:\WINDOWS\System32\svchost.exe[1456] USER32.dll!ShowWindow 7E37AF56 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\svchost.exe[1456] USER32.dll!ShowWindow + 4 7E37AF5A 2 Bytes [B9, 70] .text C:\WINDOWS\System32\svchost.exe[1456] USER32.dll!CreateWindowExW 7E37D0A3 6 Bytes JMP 7069000A .text C:\WINDOWS\System32\svchost.exe[1456] USER32.dll!GetKeyboardState 7E37D226 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\svchost.exe[1456] USER32.dll!GetKeyboardState + 4 7E37D22A 2 Bytes [26, 71] .text C:\WINDOWS\System32\svchost.exe[1456] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\System32\svchost.exe[1456] USER32.dll!DrawTextW 7E37D7E2 6 Bytes JMP 706F000A .text C:\WINDOWS\System32\svchost.exe[1456] USER32.dll!CreateWindowExA 7E37E4A9 6 Bytes JMP 706C000A .text C:\WINDOWS\System32\svchost.exe[1456] USER32.dll!SetWindowTextA 7E37F56B 6 Bytes JMP 705A000A .text C:\WINDOWS\System32\svchost.exe[1456] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\System32\svchost.exe[1456] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\System32\svchost.exe[1456] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\WINDOWS\System32\svchost.exe[1456] USER32.dll!GetWindowTextA 7E38216B 6 Bytes JMP 70C0000A .text C:\WINDOWS\System32\svchost.exe[1456] USER32.dll!DrawTextA 7E38C702 6 Bytes JMP 7072000A .text C:\WINDOWS\System32\svchost.exe[1456] USER32.dll!DdeConnect 7E3A81C3 6 Bytes JMP 7124000A .text C:\WINDOWS\System32\svchost.exe[1456] USER32.dll!EndTask 7E3AA0A5 6 Bytes JMP 7139000A .text C:\WINDOWS\System32\svchost.exe[1456] USER32.dll!RegisterRawInputDevices 7E3BCE0E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\svchost.exe[1456] USER32.dll!RegisterRawInputDevices + 4 7E3BCE12 2 Bytes [0E, 71] .text C:\WINDOWS\System32\svchost.exe[1456] SHELL32.dll!ShellExecuteExW 7CA098CB 6 Bytes JMP 713F000A .text C:\WINDOWS\System32\svchost.exe[1456] SHELL32.dll!Shell_NotifyIcon 7CA28BC6 6 Bytes JMP 70A8000A .text C:\WINDOWS\System32\svchost.exe[1456] SHELL32.dll!Shell_NotifyIconW 7CA2A537 6 Bytes JMP 70A5000A .text C:\WINDOWS\System32\svchost.exe[1456] SHELL32.dll!ShellExecuteEx 7CA40E45 6 Bytes JMP 7142000A .text C:\WINDOWS\System32\svchost.exe[1456] SHELL32.dll!ShellExecuteA 7CA41170 6 Bytes JMP 7148000A .text C:\WINDOWS\System32\svchost.exe[1456] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 7145000A .text C:\WINDOWS\System32\svchost.exe[1456] WININET.dll!InternetOpenUrlA 3FD1F3BC 6 Bytes JMP 709F000A .text C:\WINDOWS\System32\svchost.exe[1456] WININET.dll!InternetOpenUrlW 3FD66DFF 6 Bytes JMP 709C000A .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1468] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1468] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [20, 71] .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1468] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1468] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [38, 71] .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1468] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1468] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1468] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1468] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70A6000A .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1468] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70D9000A .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1468] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7124000A .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1468] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70CD000A .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1468] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 716B000A .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1468] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 715F000A .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1468] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7165000A .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1468] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7162000A .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1468] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 714E000A .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1468] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7151000A .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1468] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 70D0000A .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1468] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 7079000A .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1468] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70BB000A .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1468] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 7058000A .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1468] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 710F000A .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1468] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 715C000A .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1468] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 7082000A .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1468] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 7085000A .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1468] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 707C000A .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1468] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 707F000A .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1468] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 7109000A .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1468] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E] .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1468] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [6D, 71] .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1468] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 70D3000A .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1468] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 70DC000A .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1468] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 7097000A .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1468] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 7136000A .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1468] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 7052000A .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1468] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 709D000A .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1468] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 710C000A .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1468] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70AF000A .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1468] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70B8000A .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1468] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70B5000A .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1468] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 7049000A .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1468] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 706A000A .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1468] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 7067000A .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1468] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 709A000A .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1468] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 704C000A .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1468] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 7055000A .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1468] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 7133000A .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1468] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 704F000A .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1468] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70B2000A .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1468] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 713F000A .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1468] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 7094000A .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1468] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 70D6000A .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1468] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1468] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00420804 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1468] USER32.dll!SetWindowTextW 7E37960E 6 Bytes JMP 705B000A .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1468] USER32.dll!GetKeyState 7E379ED9 6 Bytes JMP 7130000A .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1468] USER32.dll!GetWindowTextW 7E37A5CD 6 Bytes JMP 70C1000A .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1468] USER32.dll!GetAsyncKeyState 7E37A78F 6 Bytes JMP 712D000A .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1468] USER32.dll!ShowWindow 7E37AF56 3 Bytes [FF, 25, 1E] .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1468] USER32.dll!ShowWindow + 4 7E37AF5A 2 Bytes [BD, 70] .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1468] USER32.dll!CreateWindowExW 7E37D0A3 6 Bytes JMP 706D000A .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1468] USER32.dll!GetKeyboardState 7E37D226 3 Bytes [FF, 25, 1E] .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1468] USER32.dll!GetKeyboardState + 4 7E37D22A 2 Bytes [29, 71] .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1468] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00420A08 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1468] USER32.dll!DrawTextW 7E37D7E2 6 Bytes JMP 7073000A .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1468] USER32.dll!CreateWindowExA 7E37E4A9 6 Bytes JMP 7070000A .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1468] USER32.dll!SetWindowTextA 7E37F56B 6 Bytes JMP 705E000A .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1468] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00420600 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1468] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 004201F8 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1468] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 004203FC .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1468] USER32.dll!GetWindowTextA 7E38216B 6 Bytes JMP 70C4000A .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1468] USER32.dll!DrawTextA 7E38C702 6 Bytes JMP 7076000A .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1468] USER32.dll!DdeConnect 7E3A81C3 6 Bytes JMP 7127000A .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1468] USER32.dll!EndTask 7E3AA0A5 6 Bytes JMP 713C000A .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1468] USER32.dll!RegisterRawInputDevices 7E3BCE0E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1468] USER32.dll!RegisterRawInputDevices + 4 7E3BCE12 2 Bytes [11, 71] .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1468] SHELL32.dll!ShellExecuteExW 7CA098CB 6 Bytes JMP 7142000A .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1468] SHELL32.dll!Shell_NotifyIcon 7CA28BC6 6 Bytes JMP 70AC000A .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1468] SHELL32.dll!Shell_NotifyIconW 7CA2A537 6 Bytes JMP 70A9000A .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1468] SHELL32.dll!ShellExecuteEx 7CA40E45 6 Bytes JMP 7145000A .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1468] SHELL32.dll!ShellExecuteA 7CA41170 6 Bytes JMP 714B000A .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1468] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 7148000A .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1468] ADVAPI32.dll!RegOpenKeyExW 77DC6AAF 6 Bytes JMP 70F1000A .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1468] ADVAPI32.dll!RegQueryValueExW 77DC6FFF 6 Bytes JMP 70DF000A .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1468] ADVAPI32.dll!RegCreateKeyExW 77DC776C 6 Bytes JMP 7103000A .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1468] ADVAPI32.dll!RegOpenKeyExA 77DC7852 6 Bytes JMP 70F4000A .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1468] ADVAPI32.dll!RegOpenKeyW 77DC7946 6 Bytes JMP 70F7000A .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1468] ADVAPI32.dll!OpenProcessToken 77DC798B 6 Bytes JMP 7091000A .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1468] ADVAPI32.dll!RegQueryValueExA 77DC7ABB 6 Bytes JMP 70E2000A .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1468] ADVAPI32.dll!RegSetValueExW 77DCD767 6 Bytes JMP 70EB000A .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1468] ADVAPI32.dll!RegQueryValueW 77DCD87A 6 Bytes JMP 70E5000A .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1468] ADVAPI32.dll!RegCreateKeyExA 77DCE9F4 6 Bytes JMP 7106000A .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1468] ADVAPI32.dll!RegSetValueExA 77DCEAE7 6 Bytes JMP 70EE000A .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1468] ADVAPI32.dll!RegOpenKeyA 77DCEFC8 6 Bytes JMP 70FA000A .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1468] ADVAPI32.dll!AdjustTokenPrivileges 77DCF00C 6 Bytes JMP 7088000A .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1468] ADVAPI32.dll!RegDeleteKeyA 77DD42A0 6 Bytes JMP 7064000A .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1468] ADVAPI32.dll!RegDeleteKeyW 77DD559B 6 Bytes JMP 7061000A .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1468] ADVAPI32.dll!OpenSCManagerW 77DD6F55 6 Bytes JMP 70C7000A .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1468] ADVAPI32.dll!OpenSCManagerA 77DE69AE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1468] ADVAPI32.dll!OpenSCManagerA + 4 77DE69B2 2 Bytes [C9, 70] .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1468] ADVAPI32.dll!LookupPrivilegeValueW 77DEB8DF 6 Bytes JMP 708B000A .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1468] ADVAPI32.dll!RegCreateKeyW 77DEBA55 6 Bytes JMP 70FD000A .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1468] ADVAPI32.dll!RegQueryValueA 77DEBB8D 6 Bytes JMP 70E8000A .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1468] ADVAPI32.dll!RegCreateKeyA 77DEBCF3 6 Bytes JMP 7100000A .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1468] ADVAPI32.dll!LookupPrivilegeValueA 77DEC238 6 Bytes JMP 708E000A .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1468] ADVAPI32.dll!LsaRemoveAccountRights 77E0AC91 6 Bytes JMP 7168000A .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1468] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00431014 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1468] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00430804 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1468] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00430A08 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1468] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00430C0C .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1468] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00430E10 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1468] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 004301F8 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1468] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 004303FC .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1468] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00430600 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1468] WININET.dll!InternetOpenUrlA 3FD1F3BC 6 Bytes JMP 70A3000A .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1468] WININET.dll!InternetOpenUrlW 3FD66DFF 6 Bytes JMP 70A0000A .text C:\Program Files\Alwil Software\Avast5\avastUI.exe[1508] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Alwil Software\Avast5\avastUI.exe[1508] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Alwil Software\Avast5\avastUI.exe[1508] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 288C4930 C:\Program Files\SpeedBit Video Accelerator\Accelerator.dll (Accelerator/SpeedBit Ltd.) .text C:\Program Files\Alwil Software\Avast5\avastUI.exe[1508] WS2_32.dll!gethostbyname 71A55355 5 Bytes JMP 288C4CD0 C:\Program Files\SpeedBit Video Accelerator\Accelerator.dll (Accelerator/SpeedBit Ltd.) .text C:\WINDOWS\system32\svchost.exe[1528] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1528] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [20, 71] .text C:\WINDOWS\system32\svchost.exe[1528] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1528] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [38, 71] .text C:\WINDOWS\system32\svchost.exe[1528] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\svchost.exe[1528] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1528] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70A6000A .text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70D9000A .text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7124000A .text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70CD000A .text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 716B000A .text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 715F000A .text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7165000A .text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7162000A .text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 714E000A .text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7151000A .text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 70D0000A .text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 707F000A .text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70BB000A .text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 705E000A .text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 710F000A .text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 715C000A .text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 7088000A .text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 708B000A .text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 7082000A .text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 7085000A .text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 7109000A .text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [6D, 71] .text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 70D3000A .text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 70DC000A .text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 709D000A .text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 7136000A .text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 7058000A .text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70A3000A .text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 710C000A .text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70AF000A .text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70B8000A .text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70B5000A .text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 704F000A .text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 7070000A .text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 706D000A .text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 70A0000A .text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 7052000A .text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 705B000A .text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 7133000A .text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 7055000A .text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70B2000A .text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 713F000A .text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 709A000A .text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 70D6000A .text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1528] ADVAPI32.dll!RegOpenKeyExW 77DC6AAF 6 Bytes JMP 70F1000A .text C:\WINDOWS\system32\svchost.exe[1528] ADVAPI32.dll!RegQueryValueExW 77DC6FFF 6 Bytes JMP 70DF000A .text C:\WINDOWS\system32\svchost.exe[1528] ADVAPI32.dll!RegCreateKeyExW 77DC776C 6 Bytes JMP 7103000A .text C:\WINDOWS\system32\svchost.exe[1528] ADVAPI32.dll!RegOpenKeyExA 77DC7852 6 Bytes JMP 70F4000A .text C:\WINDOWS\system32\svchost.exe[1528] ADVAPI32.dll!RegOpenKeyW 77DC7946 6 Bytes JMP 70F7000A .text C:\WINDOWS\system32\svchost.exe[1528] ADVAPI32.dll!OpenProcessToken 77DC798B 6 Bytes JMP 7097000A .text C:\WINDOWS\system32\svchost.exe[1528] ADVAPI32.dll!RegQueryValueExA 77DC7ABB 6 Bytes JMP 70E2000A .text C:\WINDOWS\system32\svchost.exe[1528] ADVAPI32.dll!RegSetValueExW 77DCD767 6 Bytes JMP 70EB000A .text C:\WINDOWS\system32\svchost.exe[1528] ADVAPI32.dll!RegQueryValueW 77DCD87A 6 Bytes JMP 70E5000A .text C:\WINDOWS\system32\svchost.exe[1528] ADVAPI32.dll!RegCreateKeyExA 77DCE9F4 6 Bytes JMP 7106000A .text C:\WINDOWS\system32\svchost.exe[1528] ADVAPI32.dll!RegSetValueExA 77DCEAE7 6 Bytes JMP 70EE000A .text C:\WINDOWS\system32\svchost.exe[1528] ADVAPI32.dll!RegOpenKeyA 77DCEFC8 6 Bytes JMP 70FA000A .text C:\WINDOWS\system32\svchost.exe[1528] ADVAPI32.dll!AdjustTokenPrivileges 77DCF00C 6 Bytes JMP 708E000A .text C:\WINDOWS\system32\svchost.exe[1528] ADVAPI32.dll!RegDeleteKeyA 77DD42A0 6 Bytes JMP 706A000A .text C:\WINDOWS\system32\svchost.exe[1528] ADVAPI32.dll!RegDeleteKeyW 77DD559B 6 Bytes JMP 7067000A .text C:\WINDOWS\system32\svchost.exe[1528] ADVAPI32.dll!OpenSCManagerW 77DD6F55 6 Bytes JMP 70C7000A .text C:\WINDOWS\system32\svchost.exe[1528] ADVAPI32.dll!OpenSCManagerA 77DE69AE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1528] ADVAPI32.dll!OpenSCManagerA + 4 77DE69B2 2 Bytes [C9, 70] .text C:\WINDOWS\system32\svchost.exe[1528] ADVAPI32.dll!LookupPrivilegeValueW 77DEB8DF 6 Bytes JMP 7091000A .text C:\WINDOWS\system32\svchost.exe[1528] ADVAPI32.dll!RegCreateKeyW 77DEBA55 6 Bytes JMP 70FD000A .text C:\WINDOWS\system32\svchost.exe[1528] ADVAPI32.dll!RegQueryValueA 77DEBB8D 6 Bytes JMP 70E8000A .text C:\WINDOWS\system32\svchost.exe[1528] ADVAPI32.dll!RegCreateKeyA 77DEBCF3 6 Bytes JMP 7100000A .text C:\WINDOWS\system32\svchost.exe[1528] ADVAPI32.dll!LookupPrivilegeValueA 77DEC238 6 Bytes JMP 7094000A .text C:\WINDOWS\system32\svchost.exe[1528] ADVAPI32.dll!LsaRemoveAccountRights 77E0AC91 6 Bytes JMP 7168000A .text C:\WINDOWS\system32\svchost.exe[1528] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\svchost.exe[1528] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\svchost.exe[1528] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\svchost.exe[1528] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\svchost.exe[1528] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\svchost.exe[1528] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\svchost.exe[1528] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\svchost.exe[1528] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\svchost.exe[1528] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\svchost.exe[1528] USER32.dll!SetWindowTextW 7E37960E 6 Bytes JMP 7061000A .text C:\WINDOWS\system32\svchost.exe[1528] USER32.dll!GetKeyState 7E379ED9 6 Bytes JMP 7130000A .text C:\WINDOWS\system32\svchost.exe[1528] USER32.dll!GetWindowTextW 7E37A5CD 6 Bytes JMP 70C1000A .text C:\WINDOWS\system32\svchost.exe[1528] USER32.dll!GetAsyncKeyState 7E37A78F 6 Bytes JMP 712D000A .text C:\WINDOWS\system32\svchost.exe[1528] USER32.dll!ShowWindow 7E37AF56 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1528] USER32.dll!ShowWindow + 4 7E37AF5A 2 Bytes [BD, 70] .text C:\WINDOWS\system32\svchost.exe[1528] USER32.dll!CreateWindowExW 7E37D0A3 6 Bytes JMP 7073000A .text C:\WINDOWS\system32\svchost.exe[1528] USER32.dll!GetKeyboardState 7E37D226 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1528] USER32.dll!GetKeyboardState + 4 7E37D22A 2 Bytes [29, 71] .text C:\WINDOWS\system32\svchost.exe[1528] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\svchost.exe[1528] USER32.dll!DrawTextW 7E37D7E2 6 Bytes JMP 7079000A .text C:\WINDOWS\system32\svchost.exe[1528] USER32.dll!CreateWindowExA 7E37E4A9 6 Bytes JMP 7076000A .text C:\WINDOWS\system32\svchost.exe[1528] USER32.dll!SetWindowTextA 7E37F56B 6 Bytes JMP 7064000A .text C:\WINDOWS\system32\svchost.exe[1528] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\svchost.exe[1528] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\svchost.exe[1528] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\svchost.exe[1528] USER32.dll!GetWindowTextA 7E38216B 6 Bytes JMP 70C4000A .text C:\WINDOWS\system32\svchost.exe[1528] USER32.dll!DrawTextA 7E38C702 6 Bytes JMP 707C000A .text C:\WINDOWS\system32\svchost.exe[1528] USER32.dll!DdeConnect 7E3A81C3 6 Bytes JMP 7127000A .text C:\WINDOWS\system32\svchost.exe[1528] USER32.dll!EndTask 7E3AA0A5 6 Bytes JMP 713C000A .text C:\WINDOWS\system32\svchost.exe[1528] USER32.dll!RegisterRawInputDevices 7E3BCE0E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1528] USER32.dll!RegisterRawInputDevices + 4 7E3BCE12 2 Bytes [11, 71] .text C:\WINDOWS\system32\svchost.exe[1528] SHELL32.dll!ShellExecuteExW 7CA098CB 6 Bytes JMP 7142000A .text C:\WINDOWS\system32\svchost.exe[1528] SHELL32.dll!Shell_NotifyIcon 7CA28BC6 6 Bytes JMP 70AC000A .text C:\WINDOWS\system32\svchost.exe[1528] SHELL32.dll!Shell_NotifyIconW 7CA2A537 6 Bytes JMP 70A9000A .text C:\WINDOWS\system32\svchost.exe[1528] SHELL32.dll!ShellExecuteEx 7CA40E45 6 Bytes JMP 7145000A .text C:\WINDOWS\system32\svchost.exe[1528] SHELL32.dll!ShellExecuteA 7CA41170 6 Bytes JMP 714B000A .text C:\WINDOWS\system32\svchost.exe[1528] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 7148000A .text C:\WINDOWS\system32\svchost.exe[1684] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1684] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [20, 71] .text C:\WINDOWS\system32\svchost.exe[1684] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1684] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [38, 71] .text C:\WINDOWS\system32\svchost.exe[1684] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\svchost.exe[1684] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1684] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\svchost.exe[1684] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70A6000A .text C:\WINDOWS\system32\svchost.exe[1684] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70D9000A .text C:\WINDOWS\system32\svchost.exe[1684] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7124000A .text C:\WINDOWS\system32\svchost.exe[1684] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70CD000A .text C:\WINDOWS\system32\svchost.exe[1684] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 716B000A .text C:\WINDOWS\system32\svchost.exe[1684] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 715F000A .text C:\WINDOWS\system32\svchost.exe[1684] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7165000A .text C:\WINDOWS\system32\svchost.exe[1684] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7162000A .text C:\WINDOWS\system32\svchost.exe[1684] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 714E000A .text C:\WINDOWS\system32\svchost.exe[1684] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7151000A .text C:\WINDOWS\system32\svchost.exe[1684] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 70D0000A .text C:\WINDOWS\system32\svchost.exe[1684] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 707F000A .text C:\WINDOWS\system32\svchost.exe[1684] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70BB000A .text C:\WINDOWS\system32\svchost.exe[1684] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 705E000A .text C:\WINDOWS\system32\svchost.exe[1684] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 710F000A .text C:\WINDOWS\system32\svchost.exe[1684] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 715C000A .text C:\WINDOWS\system32\svchost.exe[1684] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 7088000A .text C:\WINDOWS\system32\svchost.exe[1684] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 708B000A .text C:\WINDOWS\system32\svchost.exe[1684] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 7082000A .text C:\WINDOWS\system32\svchost.exe[1684] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 7085000A .text C:\WINDOWS\system32\svchost.exe[1684] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 7109000A .text C:\WINDOWS\system32\svchost.exe[1684] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1684] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [6D, 71] .text C:\WINDOWS\system32\svchost.exe[1684] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 70D3000A .text C:\WINDOWS\system32\svchost.exe[1684] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 70DC000A .text C:\WINDOWS\system32\svchost.exe[1684] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 709D000A .text C:\WINDOWS\system32\svchost.exe[1684] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 7136000A .text C:\WINDOWS\system32\svchost.exe[1684] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 7058000A .text C:\WINDOWS\system32\svchost.exe[1684] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70A3000A .text C:\WINDOWS\system32\svchost.exe[1684] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 710C000A .text C:\WINDOWS\system32\svchost.exe[1684] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70AF000A .text C:\WINDOWS\system32\svchost.exe[1684] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70B8000A .text C:\WINDOWS\system32\svchost.exe[1684] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70B5000A .text C:\WINDOWS\system32\svchost.exe[1684] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 704F000A .text C:\WINDOWS\system32\svchost.exe[1684] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 7070000A .text C:\WINDOWS\system32\svchost.exe[1684] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 706D000A .text C:\WINDOWS\system32\svchost.exe[1684] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 70A0000A .text C:\WINDOWS\system32\svchost.exe[1684] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 7052000A .text C:\WINDOWS\system32\svchost.exe[1684] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 705B000A .text C:\WINDOWS\system32\svchost.exe[1684] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 7133000A .text C:\WINDOWS\system32\svchost.exe[1684] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 7055000A .text C:\WINDOWS\system32\svchost.exe[1684] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70B2000A .text C:\WINDOWS\system32\svchost.exe[1684] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 713F000A .text C:\WINDOWS\system32\svchost.exe[1684] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 709A000A .text C:\WINDOWS\system32\svchost.exe[1684] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 70D6000A .text C:\WINDOWS\system32\svchost.exe[1684] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1684] ADVAPI32.dll!RegOpenKeyExW 77DC6AAF 6 Bytes JMP 70F1000A .text C:\WINDOWS\system32\svchost.exe[1684] ADVAPI32.dll!RegQueryValueExW 77DC6FFF 6 Bytes JMP 70DF000A .text C:\WINDOWS\system32\svchost.exe[1684] ADVAPI32.dll!RegCreateKeyExW 77DC776C 6 Bytes JMP 7103000A .text C:\WINDOWS\system32\svchost.exe[1684] ADVAPI32.dll!RegOpenKeyExA 77DC7852 6 Bytes JMP 70F4000A .text C:\WINDOWS\system32\svchost.exe[1684] ADVAPI32.dll!RegOpenKeyW 77DC7946 6 Bytes JMP 70F7000A .text C:\WINDOWS\system32\svchost.exe[1684] ADVAPI32.dll!OpenProcessToken 77DC798B 6 Bytes JMP 7097000A .text C:\WINDOWS\system32\svchost.exe[1684] ADVAPI32.dll!RegQueryValueExA 77DC7ABB 6 Bytes JMP 70E2000A .text C:\WINDOWS\system32\svchost.exe[1684] ADVAPI32.dll!RegSetValueExW 77DCD767 6 Bytes JMP 70EB000A .text C:\WINDOWS\system32\svchost.exe[1684] ADVAPI32.dll!RegQueryValueW 77DCD87A 6 Bytes JMP 70E5000A .text C:\WINDOWS\system32\svchost.exe[1684] ADVAPI32.dll!RegCreateKeyExA 77DCE9F4 6 Bytes JMP 7106000A .text C:\WINDOWS\system32\svchost.exe[1684] ADVAPI32.dll!RegSetValueExA 77DCEAE7 6 Bytes JMP 70EE000A .text C:\WINDOWS\system32\svchost.exe[1684] ADVAPI32.dll!RegOpenKeyA 77DCEFC8 6 Bytes JMP 70FA000A .text C:\WINDOWS\system32\svchost.exe[1684] ADVAPI32.dll!AdjustTokenPrivileges 77DCF00C 6 Bytes JMP 708E000A .text C:\WINDOWS\system32\svchost.exe[1684] ADVAPI32.dll!RegDeleteKeyA 77DD42A0 6 Bytes JMP 706A000A .text C:\WINDOWS\system32\svchost.exe[1684] ADVAPI32.dll!RegDeleteKeyW 77DD559B 6 Bytes JMP 7067000A .text C:\WINDOWS\system32\svchost.exe[1684] ADVAPI32.dll!OpenSCManagerW 77DD6F55 6 Bytes JMP 70C7000A .text C:\WINDOWS\system32\svchost.exe[1684] ADVAPI32.dll!OpenSCManagerA 77DE69AE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1684] ADVAPI32.dll!OpenSCManagerA + 4 77DE69B2 2 Bytes [C9, 70] .text C:\WINDOWS\system32\svchost.exe[1684] ADVAPI32.dll!LookupPrivilegeValueW 77DEB8DF 6 Bytes JMP 7091000A .text C:\WINDOWS\system32\svchost.exe[1684] ADVAPI32.dll!RegCreateKeyW 77DEBA55 6 Bytes JMP 70FD000A .text C:\WINDOWS\system32\svchost.exe[1684] ADVAPI32.dll!RegQueryValueA 77DEBB8D 6 Bytes JMP 70E8000A .text C:\WINDOWS\system32\svchost.exe[1684] ADVAPI32.dll!RegCreateKeyA 77DEBCF3 6 Bytes JMP 7100000A .text C:\WINDOWS\system32\svchost.exe[1684] ADVAPI32.dll!LookupPrivilegeValueA 77DEC238 6 Bytes JMP 7094000A .text C:\WINDOWS\system32\svchost.exe[1684] ADVAPI32.dll!LsaRemoveAccountRights 77E0AC91 6 Bytes JMP 7168000A .text C:\WINDOWS\system32\svchost.exe[1684] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00311014 .text C:\WINDOWS\system32\svchost.exe[1684] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\svchost.exe[1684] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\svchost.exe[1684] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00310C0C .text C:\WINDOWS\system32\svchost.exe[1684] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00310E10 .text C:\WINDOWS\system32\svchost.exe[1684] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\svchost.exe[1684] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\svchost.exe[1684] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\svchost.exe[1684] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00320804 .text C:\WINDOWS\system32\svchost.exe[1684] USER32.dll!SetWindowTextW 7E37960E 6 Bytes JMP 7061000A .text C:\WINDOWS\system32\svchost.exe[1684] USER32.dll!GetKeyState 7E379ED9 6 Bytes JMP 7130000A .text C:\WINDOWS\system32\svchost.exe[1684] USER32.dll!GetWindowTextW 7E37A5CD 6 Bytes JMP 70C1000A .text C:\WINDOWS\system32\svchost.exe[1684] USER32.dll!GetAsyncKeyState 7E37A78F 6 Bytes JMP 712D000A .text C:\WINDOWS\system32\svchost.exe[1684] USER32.dll!ShowWindow 7E37AF56 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1684] USER32.dll!ShowWindow + 4 7E37AF5A 2 Bytes [BD, 70] .text C:\WINDOWS\system32\svchost.exe[1684] USER32.dll!CreateWindowExW 7E37D0A3 6 Bytes JMP 7073000A .text C:\WINDOWS\system32\svchost.exe[1684] USER32.dll!GetKeyboardState 7E37D226 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1684] USER32.dll!GetKeyboardState + 4 7E37D22A 2 Bytes [29, 71] .text C:\WINDOWS\system32\svchost.exe[1684] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00320A08 .text C:\WINDOWS\system32\svchost.exe[1684] USER32.dll!DrawTextW 7E37D7E2 6 Bytes JMP 7079000A .text C:\WINDOWS\system32\svchost.exe[1684] USER32.dll!CreateWindowExA 7E37E4A9 6 Bytes JMP 7076000A .text C:\WINDOWS\system32\svchost.exe[1684] USER32.dll!SetWindowTextA 7E37F56B 6 Bytes JMP 7064000A .text C:\WINDOWS\system32\svchost.exe[1684] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00320600 .text C:\WINDOWS\system32\svchost.exe[1684] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003201F8 .text C:\WINDOWS\system32\svchost.exe[1684] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003203FC .text C:\WINDOWS\system32\svchost.exe[1684] USER32.dll!GetWindowTextA 7E38216B 6 Bytes JMP 70C4000A .text C:\WINDOWS\system32\svchost.exe[1684] USER32.dll!DrawTextA 7E38C702 6 Bytes JMP 707C000A .text C:\WINDOWS\system32\svchost.exe[1684] USER32.dll!DdeConnect 7E3A81C3 6 Bytes JMP 7127000A .text C:\WINDOWS\system32\svchost.exe[1684] USER32.dll!EndTask 7E3AA0A5 6 Bytes JMP 713C000A .text C:\WINDOWS\system32\svchost.exe[1684] USER32.dll!RegisterRawInputDevices 7E3BCE0E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1684] USER32.dll!RegisterRawInputDevices + 4 7E3BCE12 2 Bytes [11, 71] .text C:\WINDOWS\system32\svchost.exe[1684] SHELL32.dll!ShellExecuteExW 7CA098CB 6 Bytes JMP 7142000A .text C:\WINDOWS\system32\svchost.exe[1684] SHELL32.dll!Shell_NotifyIcon 7CA28BC6 6 Bytes JMP 70AC000A .text C:\WINDOWS\system32\svchost.exe[1684] SHELL32.dll!Shell_NotifyIconW 7CA2A537 6 Bytes JMP 70A9000A .text C:\WINDOWS\system32\svchost.exe[1684] SHELL32.dll!ShellExecuteEx 7CA40E45 6 Bytes JMP 7145000A .text C:\WINDOWS\system32\svchost.exe[1684] SHELL32.dll!ShellExecuteA 7CA41170 6 Bytes JMP 714B000A .text C:\WINDOWS\system32\svchost.exe[1684] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 7148000A .text C:\Program Files\Java\jre6\bin\jqs.exe[1692] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Java\jre6\bin\jqs.exe[1692] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [20, 71] .text C:\Program Files\Java\jre6\bin\jqs.exe[1692] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Java\jre6\bin\jqs.exe[1692] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [38, 71] .text C:\Program Files\Java\jre6\bin\jqs.exe[1692] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text C:\Program Files\Java\jre6\bin\jqs.exe[1692] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Java\jre6\bin\jqs.exe[1692] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text C:\Program Files\Java\jre6\bin\jqs.exe[1692] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70A6000A .text C:\Program Files\Java\jre6\bin\jqs.exe[1692] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70D9000A .text C:\Program Files\Java\jre6\bin\jqs.exe[1692] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7124000A .text C:\Program Files\Java\jre6\bin\jqs.exe[1692] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70CD000A .text C:\Program Files\Java\jre6\bin\jqs.exe[1692] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 716B000A .text C:\Program Files\Java\jre6\bin\jqs.exe[1692] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 715F000A .text C:\Program Files\Java\jre6\bin\jqs.exe[1692] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7165000A .text C:\Program Files\Java\jre6\bin\jqs.exe[1692] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7162000A .text C:\Program Files\Java\jre6\bin\jqs.exe[1692] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 714E000A .text C:\Program Files\Java\jre6\bin\jqs.exe[1692] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7151000A .text C:\Program Files\Java\jre6\bin\jqs.exe[1692] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 70D0000A .text C:\Program Files\Java\jre6\bin\jqs.exe[1692] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 707F000A .text C:\Program Files\Java\jre6\bin\jqs.exe[1692] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70BB000A .text C:\Program Files\Java\jre6\bin\jqs.exe[1692] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 705E000A .text C:\Program Files\Java\jre6\bin\jqs.exe[1692] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 710F000A .text C:\Program Files\Java\jre6\bin\jqs.exe[1692] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 715C000A .text C:\Program Files\Java\jre6\bin\jqs.exe[1692] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 7088000A .text C:\Program Files\Java\jre6\bin\jqs.exe[1692] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 708B000A .text C:\Program Files\Java\jre6\bin\jqs.exe[1692] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 7082000A .text C:\Program Files\Java\jre6\bin\jqs.exe[1692] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 7085000A .text C:\Program Files\Java\jre6\bin\jqs.exe[1692] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 7109000A .text C:\Program Files\Java\jre6\bin\jqs.exe[1692] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E] .text C:\Program Files\Java\jre6\bin\jqs.exe[1692] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [6D, 71] .text C:\Program Files\Java\jre6\bin\jqs.exe[1692] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 70D3000A .text C:\Program Files\Java\jre6\bin\jqs.exe[1692] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 70DC000A .text C:\Program Files\Java\jre6\bin\jqs.exe[1692] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 709D000A .text C:\Program Files\Java\jre6\bin\jqs.exe[1692] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 7136000A .text C:\Program Files\Java\jre6\bin\jqs.exe[1692] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 7058000A .text C:\Program Files\Java\jre6\bin\jqs.exe[1692] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70A3000A .text C:\Program Files\Java\jre6\bin\jqs.exe[1692] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 710C000A .text C:\Program Files\Java\jre6\bin\jqs.exe[1692] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70AF000A .text C:\Program Files\Java\jre6\bin\jqs.exe[1692] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70B8000A .text C:\Program Files\Java\jre6\bin\jqs.exe[1692] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70B5000A .text C:\Program Files\Java\jre6\bin\jqs.exe[1692] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 704F000A .text C:\Program Files\Java\jre6\bin\jqs.exe[1692] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 7070000A .text C:\Program Files\Java\jre6\bin\jqs.exe[1692] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 706D000A .text C:\Program Files\Java\jre6\bin\jqs.exe[1692] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 70A0000A .text C:\Program Files\Java\jre6\bin\jqs.exe[1692] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 7052000A .text C:\Program Files\Java\jre6\bin\jqs.exe[1692] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 705B000A .text C:\Program Files\Java\jre6\bin\jqs.exe[1692] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 7133000A .text C:\Program Files\Java\jre6\bin\jqs.exe[1692] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 7055000A .text C:\Program Files\Java\jre6\bin\jqs.exe[1692] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70B2000A .text C:\Program Files\Java\jre6\bin\jqs.exe[1692] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 713F000A .text C:\Program Files\Java\jre6\bin\jqs.exe[1692] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 709A000A .text C:\Program Files\Java\jre6\bin\jqs.exe[1692] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 70D6000A .text C:\Program Files\Java\jre6\bin\jqs.exe[1692] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Java\jre6\bin\jqs.exe[1692] ADVAPI32.dll!RegOpenKeyExW 77DC6AAF 6 Bytes JMP 70F1000A .text C:\Program Files\Java\jre6\bin\jqs.exe[1692] ADVAPI32.dll!RegQueryValueExW 77DC6FFF 6 Bytes JMP 70DF000A .text C:\Program Files\Java\jre6\bin\jqs.exe[1692] ADVAPI32.dll!RegCreateKeyExW 77DC776C 6 Bytes JMP 7103000A .text C:\Program Files\Java\jre6\bin\jqs.exe[1692] ADVAPI32.dll!RegOpenKeyExA 77DC7852 6 Bytes JMP 70F4000A .text C:\Program Files\Java\jre6\bin\jqs.exe[1692] ADVAPI32.dll!RegOpenKeyW 77DC7946 6 Bytes JMP 70F7000A .text C:\Program Files\Java\jre6\bin\jqs.exe[1692] ADVAPI32.dll!OpenProcessToken 77DC798B 6 Bytes JMP 7097000A .text C:\Program Files\Java\jre6\bin\jqs.exe[1692] ADVAPI32.dll!RegQueryValueExA 77DC7ABB 6 Bytes JMP 70E2000A .text C:\Program Files\Java\jre6\bin\jqs.exe[1692] ADVAPI32.dll!RegSetValueExW 77DCD767 6 Bytes JMP 70EB000A .text C:\Program Files\Java\jre6\bin\jqs.exe[1692] ADVAPI32.dll!RegQueryValueW 77DCD87A 6 Bytes JMP 70E5000A .text C:\Program Files\Java\jre6\bin\jqs.exe[1692] ADVAPI32.dll!RegCreateKeyExA 77DCE9F4 6 Bytes JMP 7106000A .text C:\Program Files\Java\jre6\bin\jqs.exe[1692] ADVAPI32.dll!RegSetValueExA 77DCEAE7 6 Bytes JMP 70EE000A .text C:\Program Files\Java\jre6\bin\jqs.exe[1692] ADVAPI32.dll!RegOpenKeyA 77DCEFC8 6 Bytes JMP 70FA000A .text C:\Program Files\Java\jre6\bin\jqs.exe[1692] ADVAPI32.dll!AdjustTokenPrivileges 77DCF00C 6 Bytes JMP 708E000A .text C:\Program Files\Java\jre6\bin\jqs.exe[1692] ADVAPI32.dll!RegDeleteKeyA 77DD42A0 6 Bytes JMP 706A000A .text C:\Program Files\Java\jre6\bin\jqs.exe[1692] ADVAPI32.dll!RegDeleteKeyW 77DD559B 6 Bytes JMP 7067000A .text C:\Program Files\Java\jre6\bin\jqs.exe[1692] ADVAPI32.dll!OpenSCManagerW 77DD6F55 6 Bytes JMP 70C7000A .text C:\Program Files\Java\jre6\bin\jqs.exe[1692] ADVAPI32.dll!OpenSCManagerA 77DE69AE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Java\jre6\bin\jqs.exe[1692] ADVAPI32.dll!OpenSCManagerA + 4 77DE69B2 2 Bytes [C9, 70] .text C:\Program Files\Java\jre6\bin\jqs.exe[1692] ADVAPI32.dll!LookupPrivilegeValueW 77DEB8DF 6 Bytes JMP 7091000A .text C:\Program Files\Java\jre6\bin\jqs.exe[1692] ADVAPI32.dll!RegCreateKeyW 77DEBA55 6 Bytes JMP 70FD000A .text C:\Program Files\Java\jre6\bin\jqs.exe[1692] ADVAPI32.dll!RegQueryValueA 77DEBB8D 6 Bytes JMP 70E8000A .text C:\Program Files\Java\jre6\bin\jqs.exe[1692] ADVAPI32.dll!RegCreateKeyA 77DEBCF3 6 Bytes JMP 7100000A .text C:\Program Files\Java\jre6\bin\jqs.exe[1692] ADVAPI32.dll!LookupPrivilegeValueA 77DEC238 6 Bytes JMP 7094000A .text C:\Program Files\Java\jre6\bin\jqs.exe[1692] ADVAPI32.dll!LsaRemoveAccountRights 77E0AC91 6 Bytes JMP 7168000A .text C:\Program Files\Java\jre6\bin\jqs.exe[1692] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014 .text C:\Program Files\Java\jre6\bin\jqs.exe[1692] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804 .text C:\Program Files\Java\jre6\bin\jqs.exe[1692] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08 .text C:\Program Files\Java\jre6\bin\jqs.exe[1692] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C .text C:\Program Files\Java\jre6\bin\jqs.exe[1692] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10 .text C:\Program Files\Java\jre6\bin\jqs.exe[1692] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8 .text C:\Program Files\Java\jre6\bin\jqs.exe[1692] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC .text C:\Program Files\Java\jre6\bin\jqs.exe[1692] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600 .text C:\Program Files\Java\jre6\bin\jqs.exe[1692] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804 .text C:\Program Files\Java\jre6\bin\jqs.exe[1692] USER32.dll!SetWindowTextW 7E37960E 6 Bytes JMP 7061000A .text C:\Program Files\Java\jre6\bin\jqs.exe[1692] USER32.dll!GetKeyState 7E379ED9 6 Bytes JMP 7130000A .text C:\Program Files\Java\jre6\bin\jqs.exe[1692] USER32.dll!GetWindowTextW 7E37A5CD 6 Bytes JMP 70C1000A .text C:\Program Files\Java\jre6\bin\jqs.exe[1692] USER32.dll!GetAsyncKeyState 7E37A78F 6 Bytes JMP 712D000A .text C:\Program Files\Java\jre6\bin\jqs.exe[1692] USER32.dll!ShowWindow 7E37AF56 3 Bytes [FF, 25, 1E] .text C:\Program Files\Java\jre6\bin\jqs.exe[1692] USER32.dll!ShowWindow + 4 7E37AF5A 2 Bytes [BD, 70] .text C:\Program Files\Java\jre6\bin\jqs.exe[1692] USER32.dll!CreateWindowExW 7E37D0A3 6 Bytes JMP 7073000A .text C:\Program Files\Java\jre6\bin\jqs.exe[1692] USER32.dll!GetKeyboardState 7E37D226 3 Bytes [FF, 25, 1E] .text C:\Program Files\Java\jre6\bin\jqs.exe[1692] USER32.dll!GetKeyboardState + 4 7E37D22A 2 Bytes [29, 71] .text C:\Program Files\Java\jre6\bin\jqs.exe[1692] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08 .text C:\Program Files\Java\jre6\bin\jqs.exe[1692] USER32.dll!DrawTextW 7E37D7E2 6 Bytes JMP 7079000A .text C:\Program Files\Java\jre6\bin\jqs.exe[1692] USER32.dll!CreateWindowExA 7E37E4A9 6 Bytes JMP 7076000A .text C:\Program Files\Java\jre6\bin\jqs.exe[1692] USER32.dll!SetWindowTextA 7E37F56B 6 Bytes JMP 7064000A .text C:\Program Files\Java\jre6\bin\jqs.exe[1692] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600 .text C:\Program Files\Java\jre6\bin\jqs.exe[1692] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8 .text C:\Program Files\Java\jre6\bin\jqs.exe[1692] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC .text C:\Program Files\Java\jre6\bin\jqs.exe[1692] USER32.dll!GetWindowTextA 7E38216B 6 Bytes JMP 70C4000A .text C:\Program Files\Java\jre6\bin\jqs.exe[1692] USER32.dll!DrawTextA 7E38C702 6 Bytes JMP 707C000A .text C:\Program Files\Java\jre6\bin\jqs.exe[1692] USER32.dll!DdeConnect 7E3A81C3 6 Bytes JMP 7127000A .text C:\Program Files\Java\jre6\bin\jqs.exe[1692] USER32.dll!EndTask 7E3AA0A5 6 Bytes JMP 713C000A .text C:\Program Files\Java\jre6\bin\jqs.exe[1692] USER32.dll!RegisterRawInputDevices 7E3BCE0E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Java\jre6\bin\jqs.exe[1692] USER32.dll!RegisterRawInputDevices + 4 7E3BCE12 2 Bytes [11, 71] .text C:\Program Files\Java\jre6\bin\jqs.exe[1692] SHELL32.dll!ShellExecuteExW 7CA098CB 6 Bytes JMP 7142000A .text C:\Program Files\Java\jre6\bin\jqs.exe[1692] SHELL32.dll!Shell_NotifyIcon 7CA28BC6 6 Bytes JMP 70AC000A .text C:\Program Files\Java\jre6\bin\jqs.exe[1692] SHELL32.dll!Shell_NotifyIconW 7CA2A537 6 Bytes JMP 70A9000A .text C:\Program Files\Java\jre6\bin\jqs.exe[1692] SHELL32.dll!ShellExecuteEx 7CA40E45 6 Bytes JMP 7145000A .text C:\Program Files\Java\jre6\bin\jqs.exe[1692] SHELL32.dll!ShellExecuteA 7CA41170 6 Bytes JMP 714B000A .text C:\Program Files\Java\jre6\bin\jqs.exe[1692] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 7148000A .text C:\WINDOWS\system32\ctfmon.exe[1720] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\ctfmon.exe[1720] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [20, 71] .text C:\WINDOWS\system32\ctfmon.exe[1720] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\ctfmon.exe[1720] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [38, 71] .text C:\WINDOWS\system32\ctfmon.exe[1720] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000A01F8 .text C:\WINDOWS\system32\ctfmon.exe[1720] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\ctfmon.exe[1720] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000A03FC .text C:\WINDOWS\system32\ctfmon.exe[1720] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70A6000A .text C:\WINDOWS\system32\ctfmon.exe[1720] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70D9000A .text C:\WINDOWS\system32\ctfmon.exe[1720] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7124000A .text C:\WINDOWS\system32\ctfmon.exe[1720] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70CD000A .text C:\WINDOWS\system32\ctfmon.exe[1720] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 716B000A .text C:\WINDOWS\system32\ctfmon.exe[1720] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 715F000A .text C:\WINDOWS\system32\ctfmon.exe[1720] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7165000A .text C:\WINDOWS\system32\ctfmon.exe[1720] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7162000A .text C:\WINDOWS\system32\ctfmon.exe[1720] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 714E000A .text C:\WINDOWS\system32\ctfmon.exe[1720] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7151000A .text C:\WINDOWS\system32\ctfmon.exe[1720] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 70D0000A .text C:\WINDOWS\system32\ctfmon.exe[1720] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 707F000A .text C:\WINDOWS\system32\ctfmon.exe[1720] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70BB000A .text C:\WINDOWS\system32\ctfmon.exe[1720] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 705E000A .text C:\WINDOWS\system32\ctfmon.exe[1720] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 710F000A .text C:\WINDOWS\system32\ctfmon.exe[1720] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 715C000A .text C:\WINDOWS\system32\ctfmon.exe[1720] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 7088000A .text C:\WINDOWS\system32\ctfmon.exe[1720] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 708B000A .text C:\WINDOWS\system32\ctfmon.exe[1720] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 7082000A .text C:\WINDOWS\system32\ctfmon.exe[1720] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 7085000A .text C:\WINDOWS\system32\ctfmon.exe[1720] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 7109000A .text C:\WINDOWS\system32\ctfmon.exe[1720] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\ctfmon.exe[1720] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [6D, 71] .text C:\WINDOWS\system32\ctfmon.exe[1720] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 70D3000A .text C:\WINDOWS\system32\ctfmon.exe[1720] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 70DC000A .text C:\WINDOWS\system32\ctfmon.exe[1720] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 709D000A .text C:\WINDOWS\system32\ctfmon.exe[1720] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 7136000A .text C:\WINDOWS\system32\ctfmon.exe[1720] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 7058000A .text C:\WINDOWS\system32\ctfmon.exe[1720] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70A3000A .text C:\WINDOWS\system32\ctfmon.exe[1720] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 710C000A .text C:\WINDOWS\system32\ctfmon.exe[1720] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70AF000A .text C:\WINDOWS\system32\ctfmon.exe[1720] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70B8000A .text C:\WINDOWS\system32\ctfmon.exe[1720] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70B5000A .text C:\WINDOWS\system32\ctfmon.exe[1720] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 704F000A .text C:\WINDOWS\system32\ctfmon.exe[1720] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 7070000A .text C:\WINDOWS\system32\ctfmon.exe[1720] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 706D000A .text C:\WINDOWS\system32\ctfmon.exe[1720] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 70A0000A .text C:\WINDOWS\system32\ctfmon.exe[1720] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 7052000A .text C:\WINDOWS\system32\ctfmon.exe[1720] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 705B000A .text C:\WINDOWS\system32\ctfmon.exe[1720] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 7133000A .text C:\WINDOWS\system32\ctfmon.exe[1720] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 7055000A .text C:\WINDOWS\system32\ctfmon.exe[1720] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70B2000A .text C:\WINDOWS\system32\ctfmon.exe[1720] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 713F000A .text C:\WINDOWS\system32\ctfmon.exe[1720] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 709A000A .text C:\WINDOWS\system32\ctfmon.exe[1720] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 70D6000A .text C:\WINDOWS\system32\ctfmon.exe[1720] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\ctfmon.exe[1720] ADVAPI32.dll!RegOpenKeyExW 77DC6AAF 6 Bytes JMP 70F1000A .text C:\WINDOWS\system32\ctfmon.exe[1720] ADVAPI32.dll!RegQueryValueExW 77DC6FFF 6 Bytes JMP 70DF000A .text C:\WINDOWS\system32\ctfmon.exe[1720] ADVAPI32.dll!RegCreateKeyExW 77DC776C 6 Bytes JMP 7103000A .text C:\WINDOWS\system32\ctfmon.exe[1720] ADVAPI32.dll!RegOpenKeyExA 77DC7852 6 Bytes JMP 70F4000A .text C:\WINDOWS\system32\ctfmon.exe[1720] ADVAPI32.dll!RegOpenKeyW 77DC7946 6 Bytes JMP 70F7000A .text C:\WINDOWS\system32\ctfmon.exe[1720] ADVAPI32.dll!OpenProcessToken 77DC798B 6 Bytes JMP 7097000A .text C:\WINDOWS\system32\ctfmon.exe[1720] ADVAPI32.dll!RegQueryValueExA 77DC7ABB 6 Bytes JMP 70E2000A .text C:\WINDOWS\system32\ctfmon.exe[1720] ADVAPI32.dll!RegSetValueExW 77DCD767 6 Bytes JMP 70EB000A .text C:\WINDOWS\system32\ctfmon.exe[1720] ADVAPI32.dll!RegQueryValueW 77DCD87A 6 Bytes JMP 70E5000A .text C:\WINDOWS\system32\ctfmon.exe[1720] ADVAPI32.dll!RegCreateKeyExA 77DCE9F4 6 Bytes JMP 7106000A .text C:\WINDOWS\system32\ctfmon.exe[1720] ADVAPI32.dll!RegSetValueExA 77DCEAE7 6 Bytes JMP 70EE000A .text C:\WINDOWS\system32\ctfmon.exe[1720] ADVAPI32.dll!RegOpenKeyA 77DCEFC8 6 Bytes JMP 70FA000A .text C:\WINDOWS\system32\ctfmon.exe[1720] ADVAPI32.dll!AdjustTokenPrivileges 77DCF00C 6 Bytes JMP 708E000A .text C:\WINDOWS\system32\ctfmon.exe[1720] ADVAPI32.dll!RegDeleteKeyA 77DD42A0 6 Bytes JMP 706A000A .text C:\WINDOWS\system32\ctfmon.exe[1720] ADVAPI32.dll!RegDeleteKeyW 77DD559B 6 Bytes JMP 7067000A .text C:\WINDOWS\system32\ctfmon.exe[1720] ADVAPI32.dll!OpenSCManagerW 77DD6F55 6 Bytes JMP 70C7000A .text C:\WINDOWS\system32\ctfmon.exe[1720] ADVAPI32.dll!OpenSCManagerA 77DE69AE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\ctfmon.exe[1720] ADVAPI32.dll!OpenSCManagerA + 4 77DE69B2 2 Bytes [C9, 70] .text C:\WINDOWS\system32\ctfmon.exe[1720] ADVAPI32.dll!LookupPrivilegeValueW 77DEB8DF 6 Bytes JMP 7091000A .text C:\WINDOWS\system32\ctfmon.exe[1720] ADVAPI32.dll!RegCreateKeyW 77DEBA55 6 Bytes JMP 70FD000A .text C:\WINDOWS\system32\ctfmon.exe[1720] ADVAPI32.dll!RegQueryValueA 77DEBB8D 6 Bytes JMP 70E8000A .text C:\WINDOWS\system32\ctfmon.exe[1720] ADVAPI32.dll!RegCreateKeyA 77DEBCF3 6 Bytes JMP 7100000A .text C:\WINDOWS\system32\ctfmon.exe[1720] ADVAPI32.dll!LookupPrivilegeValueA 77DEC238 6 Bytes JMP 7094000A .text C:\WINDOWS\system32\ctfmon.exe[1720] ADVAPI32.dll!LsaRemoveAccountRights 77E0AC91 6 Bytes JMP 7168000A .text C:\WINDOWS\system32\ctfmon.exe[1720] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00381014 .text C:\WINDOWS\system32\ctfmon.exe[1720] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00380804 .text C:\WINDOWS\system32\ctfmon.exe[1720] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00380A08 .text C:\WINDOWS\system32\ctfmon.exe[1720] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00380C0C .text C:\WINDOWS\system32\ctfmon.exe[1720] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00380E10 .text C:\WINDOWS\system32\ctfmon.exe[1720] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003801F8 .text C:\WINDOWS\system32\ctfmon.exe[1720] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003803FC .text C:\WINDOWS\system32\ctfmon.exe[1720] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00380600 .text C:\WINDOWS\system32\ctfmon.exe[1720] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00390804 .text C:\WINDOWS\system32\ctfmon.exe[1720] USER32.dll!SetWindowTextW 7E37960E 6 Bytes JMP 7061000A .text C:\WINDOWS\system32\ctfmon.exe[1720] USER32.dll!GetKeyState 7E379ED9 6 Bytes JMP 7130000A .text C:\WINDOWS\system32\ctfmon.exe[1720] USER32.dll!GetWindowTextW 7E37A5CD 6 Bytes JMP 70C1000A .text C:\WINDOWS\system32\ctfmon.exe[1720] USER32.dll!GetAsyncKeyState 7E37A78F 6 Bytes JMP 712D000A .text C:\WINDOWS\system32\ctfmon.exe[1720] USER32.dll!ShowWindow 7E37AF56 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\ctfmon.exe[1720] USER32.dll!ShowWindow + 4 7E37AF5A 2 Bytes [BD, 70] .text C:\WINDOWS\system32\ctfmon.exe[1720] USER32.dll!CreateWindowExW 7E37D0A3 6 Bytes JMP 7073000A .text C:\WINDOWS\system32\ctfmon.exe[1720] USER32.dll!GetKeyboardState 7E37D226 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\ctfmon.exe[1720] USER32.dll!GetKeyboardState + 4 7E37D22A 2 Bytes [29, 71] .text C:\WINDOWS\system32\ctfmon.exe[1720] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00390A08 .text C:\WINDOWS\system32\ctfmon.exe[1720] USER32.dll!DrawTextW 7E37D7E2 6 Bytes JMP 7079000A .text C:\WINDOWS\system32\ctfmon.exe[1720] USER32.dll!CreateWindowExA 7E37E4A9 6 Bytes JMP 7076000A .text C:\WINDOWS\system32\ctfmon.exe[1720] USER32.dll!SetWindowTextA 7E37F56B 6 Bytes JMP 7064000A .text C:\WINDOWS\system32\ctfmon.exe[1720] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00390600 .text C:\WINDOWS\system32\ctfmon.exe[1720] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003901F8 .text C:\WINDOWS\system32\ctfmon.exe[1720] USER32.dll!UnhookWinEvent 7E3818AC 3 Bytes JMP 003903FC .text C:\WINDOWS\system32\ctfmon.exe[1720] USER32.dll!UnhookWinEvent + 4 7E3818B0 1 Byte [82] .text C:\WINDOWS\system32\ctfmon.exe[1720] USER32.dll!GetWindowTextA 7E38216B 6 Bytes JMP 70C4000A .text C:\WINDOWS\system32\ctfmon.exe[1720] USER32.dll!DrawTextA 7E38C702 6 Bytes JMP 707C000A .text C:\WINDOWS\system32\ctfmon.exe[1720] USER32.dll!DdeConnect 7E3A81C3 6 Bytes JMP 7127000A .text C:\WINDOWS\system32\ctfmon.exe[1720] USER32.dll!EndTask 7E3AA0A5 6 Bytes JMP 713C000A .text C:\WINDOWS\system32\ctfmon.exe[1720] USER32.dll!RegisterRawInputDevices 7E3BCE0E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\ctfmon.exe[1720] USER32.dll!RegisterRawInputDevices + 4 7E3BCE12 2 Bytes [11, 71] .text C:\WINDOWS\system32\ctfmon.exe[1720] SHELL32.dll!ShellExecuteExW 7CA098CB 6 Bytes JMP 7142000A .text C:\WINDOWS\system32\ctfmon.exe[1720] SHELL32.dll!Shell_NotifyIcon 7CA28BC6 6 Bytes JMP 70AC000A .text C:\WINDOWS\system32\ctfmon.exe[1720] SHELL32.dll!Shell_NotifyIconW 7CA2A537 6 Bytes JMP 70A9000A .text C:\WINDOWS\system32\ctfmon.exe[1720] SHELL32.dll!ShellExecuteEx 7CA40E45 6 Bytes JMP 7145000A .text C:\WINDOWS\system32\ctfmon.exe[1720] SHELL32.dll!ShellExecuteA 7CA41170 6 Bytes JMP 714B000A .text C:\WINDOWS\system32\ctfmon.exe[1720] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 7148000A .text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[1732] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[1732] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [20, 71] .text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[1732] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[1732] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [38, 71] .text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[1732] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[1732] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[1732] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[1732] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70A6000A .text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[1732] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70D9000A .text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[1732] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7124000A .text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[1732] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70CD000A .text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[1732] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 716B000A .text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[1732] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 715F000A .text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[1732] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7165000A .text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[1732] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7162000A .text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[1732] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 714E000A .text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[1732] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7151000A .text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[1732] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 70D0000A .text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[1732] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 7079000A .text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[1732] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70BB000A .text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[1732] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 7058000A .text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[1732] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 710F000A .text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[1732] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 715C000A .text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[1732] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 7082000A .text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[1732] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 7085000A .text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[1732] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 707C000A .text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[1732] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 707F000A .text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[1732] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 7109000A .text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[1732] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E] .text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[1732] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [6D, 71] .text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[1732] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 70D3000A .text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[1732] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 70DC000A .text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[1732] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 7097000A .text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[1732] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 7136000A .text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[1732] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 7052000A .text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[1732] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 709D000A .text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[1732] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 710C000A .text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[1732] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70AF000A .text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[1732] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70B8000A .text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[1732] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70B5000A .text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[1732] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 7049000A .text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[1732] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 706A000A .text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[1732] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 7067000A .text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[1732] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 709A000A .text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[1732] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 704C000A .text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[1732] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 7055000A .text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[1732] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 7133000A .text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[1732] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 704F000A .text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[1732] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70B2000A .text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[1732] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 713F000A .text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[1732] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 7094000A .text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[1732] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 70D6000A .text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[1732] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[1732] ADVAPI32.dll!RegOpenKeyExW 77DC6AAF 6 Bytes JMP 70F1000A .text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[1732] ADVAPI32.dll!RegQueryValueExW 77DC6FFF 6 Bytes JMP 70DF000A .text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[1732] ADVAPI32.dll!RegCreateKeyExW 77DC776C 6 Bytes JMP 7103000A .text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[1732] ADVAPI32.dll!RegOpenKeyExA 77DC7852 6 Bytes JMP 70F4000A .text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[1732] ADVAPI32.dll!RegOpenKeyW 77DC7946 6 Bytes JMP 70F7000A .text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[1732] ADVAPI32.dll!OpenProcessToken 77DC798B 6 Bytes JMP 7091000A .text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[1732] ADVAPI32.dll!RegQueryValueExA 77DC7ABB 6 Bytes JMP 70E2000A .text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[1732] ADVAPI32.dll!RegSetValueExW 77DCD767 6 Bytes JMP 70EB000A .text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[1732] ADVAPI32.dll!RegQueryValueW 77DCD87A 6 Bytes JMP 70E5000A .text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[1732] ADVAPI32.dll!RegCreateKeyExA 77DCE9F4 6 Bytes JMP 7106000A .text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[1732] ADVAPI32.dll!RegSetValueExA 77DCEAE7 6 Bytes JMP 70EE000A .text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[1732] ADVAPI32.dll!RegOpenKeyA 77DCEFC8 6 Bytes JMP 70FA000A .text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[1732] ADVAPI32.dll!AdjustTokenPrivileges 77DCF00C 6 Bytes JMP 7088000A .text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[1732] ADVAPI32.dll!RegDeleteKeyA 77DD42A0 6 Bytes JMP 7064000A .text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[1732] ADVAPI32.dll!RegDeleteKeyW 77DD559B 6 Bytes JMP 7061000A .text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[1732] ADVAPI32.dll!OpenSCManagerW 77DD6F55 6 Bytes JMP 70C7000A .text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[1732] ADVAPI32.dll!OpenSCManagerA 77DE69AE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[1732] ADVAPI32.dll!OpenSCManagerA + 4 77DE69B2 2 Bytes [C9, 70] .text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[1732] ADVAPI32.dll!LookupPrivilegeValueW 77DEB8DF 6 Bytes JMP 708B000A .text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[1732] ADVAPI32.dll!RegCreateKeyW 77DEBA55 6 Bytes JMP 70FD000A .text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[1732] ADVAPI32.dll!RegQueryValueA 77DEBB8D 6 Bytes JMP 70E8000A .text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[1732] ADVAPI32.dll!RegCreateKeyA 77DEBCF3 6 Bytes JMP 7100000A .text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[1732] ADVAPI32.dll!LookupPrivilegeValueA 77DEC238 6 Bytes JMP 708E000A .text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[1732] ADVAPI32.dll!LsaRemoveAccountRights 77E0AC91 6 Bytes JMP 7168000A .text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[1732] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003F1014 .text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[1732] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003F0804 .text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[1732] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003F0A08 .text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[1732] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003F0C0C .text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[1732] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003F0E10 .text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[1732] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003F01F8 .text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[1732] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003F03FC .text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[1732] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003F0600 .text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[1732] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00480804 .text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[1732] USER32.dll!SetWindowTextW 7E37960E 6 Bytes JMP 705B000A .text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[1732] USER32.dll!GetKeyState 7E379ED9 6 Bytes JMP 7130000A .text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[1732] USER32.dll!GetWindowTextW 7E37A5CD 6 Bytes JMP 70C1000A .text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[1732] USER32.dll!GetAsyncKeyState 7E37A78F 6 Bytes JMP 712D000A .text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[1732] USER32.dll!ShowWindow 7E37AF56 3 Bytes [FF, 25, 1E] .text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[1732] USER32.dll!ShowWindow + 4 7E37AF5A 2 Bytes [BD, 70] .text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[1732] USER32.dll!CreateWindowExW 7E37D0A3 6 Bytes JMP 706D000A .text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[1732] USER32.dll!GetKeyboardState 7E37D226 3 Bytes [FF, 25, 1E] .text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[1732] USER32.dll!GetKeyboardState + 4 7E37D22A 2 Bytes [29, 71] .text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[1732] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00480A08 .text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[1732] USER32.dll!DrawTextW 7E37D7E2 6 Bytes JMP 7073000A .text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[1732] USER32.dll!CreateWindowExA 7E37E4A9 6 Bytes JMP 7070000A .text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[1732] USER32.dll!SetWindowTextA 7E37F56B 6 Bytes JMP 705E000A .text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[1732] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00480600 .text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[1732] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 004801F8 .text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[1732] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 004803FC .text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[1732] USER32.dll!GetWindowTextA 7E38216B 6 Bytes JMP 70C4000A .text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[1732] USER32.dll!DrawTextA 7E38C702 6 Bytes JMP 7076000A .text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[1732] USER32.dll!DdeConnect 7E3A81C3 6 Bytes JMP 7127000A .text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[1732] USER32.dll!EndTask 7E3AA0A5 6 Bytes JMP 713C000A .text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[1732] USER32.dll!RegisterRawInputDevices 7E3BCE0E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[1732] USER32.dll!RegisterRawInputDevices + 4 7E3BCE12 2 Bytes [11, 71] .text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[1732] SHELL32.dll!ShellExecuteExW 7CA098CB 6 Bytes JMP 7142000A .text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[1732] SHELL32.dll!Shell_NotifyIcon 7CA28BC6 6 Bytes JMP 70AC000A .text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[1732] SHELL32.dll!Shell_NotifyIconW 7CA2A537 6 Bytes JMP 70A9000A .text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[1732] SHELL32.dll!ShellExecuteEx 7CA40E45 6 Bytes JMP 7145000A .text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[1732] SHELL32.dll!ShellExecuteA 7CA41170 6 Bytes JMP 714B000A .text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[1732] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 7148000A .text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[1732] WININET.dll!InternetOpenUrlA 3FD1F3BC 6 Bytes JMP 70A3000A .text C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[1732] WININET.dll!InternetOpenUrlW 3FD66DFF 6 Bytes JMP 70A0000A .text C:\WINDOWS\system32\svchost.exe[1752] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1752] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [20, 71] .text C:\WINDOWS\system32\svchost.exe[1752] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1752] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [38, 71] .text C:\WINDOWS\system32\svchost.exe[1752] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\svchost.exe[1752] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1752] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70A6000A .text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70D9000A .text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7124000A .text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70CD000A .text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 716B000A .text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 715F000A .text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7165000A .text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7162000A .text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 714E000A .text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7151000A .text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 70D0000A .text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 707F000A .text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70BB000A .text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 705E000A .text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 710F000A .text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 715C000A .text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 7088000A .text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 708B000A .text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 7082000A .text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 7085000A .text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 7109000A .text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [6D, 71] .text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 70D3000A .text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 70DC000A .text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 709D000A .text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 7136000A .text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 7058000A .text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70A3000A .text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 710C000A .text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70AF000A .text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70B8000A .text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70B5000A .text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 704F000A .text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 7070000A .text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 706D000A .text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 70A0000A .text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 7052000A .text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 705B000A .text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 7133000A .text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 7055000A .text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70B2000A .text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 713F000A .text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 709A000A .text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 70D6000A .text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1752] ADVAPI32.dll!RegOpenKeyExW 77DC6AAF 6 Bytes JMP 70F1000A .text C:\WINDOWS\system32\svchost.exe[1752] ADVAPI32.dll!RegQueryValueExW 77DC6FFF 6 Bytes JMP 70DF000A .text C:\WINDOWS\system32\svchost.exe[1752] ADVAPI32.dll!RegCreateKeyExW 77DC776C 6 Bytes JMP 7103000A .text C:\WINDOWS\system32\svchost.exe[1752] ADVAPI32.dll!RegOpenKeyExA 77DC7852 6 Bytes JMP 70F4000A .text C:\WINDOWS\system32\svchost.exe[1752] ADVAPI32.dll!RegOpenKeyW 77DC7946 6 Bytes JMP 70F7000A .text C:\WINDOWS\system32\svchost.exe[1752] ADVAPI32.dll!OpenProcessToken 77DC798B 6 Bytes JMP 7097000A .text C:\WINDOWS\system32\svchost.exe[1752] ADVAPI32.dll!RegQueryValueExA 77DC7ABB 6 Bytes JMP 70E2000A .text C:\WINDOWS\system32\svchost.exe[1752] ADVAPI32.dll!RegSetValueExW 77DCD767 6 Bytes JMP 70EB000A .text C:\WINDOWS\system32\svchost.exe[1752] ADVAPI32.dll!RegQueryValueW 77DCD87A 6 Bytes JMP 70E5000A .text C:\WINDOWS\system32\svchost.exe[1752] ADVAPI32.dll!RegCreateKeyExA 77DCE9F4 6 Bytes JMP 7106000A .text C:\WINDOWS\system32\svchost.exe[1752] ADVAPI32.dll!RegSetValueExA 77DCEAE7 6 Bytes JMP 70EE000A .text C:\WINDOWS\system32\svchost.exe[1752] ADVAPI32.dll!RegOpenKeyA 77DCEFC8 6 Bytes JMP 70FA000A .text C:\WINDOWS\system32\svchost.exe[1752] ADVAPI32.dll!AdjustTokenPrivileges 77DCF00C 6 Bytes JMP 708E000A .text C:\WINDOWS\system32\svchost.exe[1752] ADVAPI32.dll!RegDeleteKeyA 77DD42A0 6 Bytes JMP 706A000A .text C:\WINDOWS\system32\svchost.exe[1752] ADVAPI32.dll!RegDeleteKeyW 77DD559B 6 Bytes JMP 7067000A .text C:\WINDOWS\system32\svchost.exe[1752] ADVAPI32.dll!OpenSCManagerW 77DD6F55 6 Bytes JMP 70C7000A .text C:\WINDOWS\system32\svchost.exe[1752] ADVAPI32.dll!OpenSCManagerA 77DE69AE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1752] ADVAPI32.dll!OpenSCManagerA + 4 77DE69B2 2 Bytes [C9, 70] .text C:\WINDOWS\system32\svchost.exe[1752] ADVAPI32.dll!LookupPrivilegeValueW 77DEB8DF 6 Bytes JMP 7091000A .text C:\WINDOWS\system32\svchost.exe[1752] ADVAPI32.dll!RegCreateKeyW 77DEBA55 6 Bytes JMP 70FD000A .text C:\WINDOWS\system32\svchost.exe[1752] ADVAPI32.dll!RegQueryValueA 77DEBB8D 6 Bytes JMP 70E8000A .text C:\WINDOWS\system32\svchost.exe[1752] ADVAPI32.dll!RegCreateKeyA 77DEBCF3 6 Bytes JMP 7100000A .text C:\WINDOWS\system32\svchost.exe[1752] ADVAPI32.dll!LookupPrivilegeValueA 77DEC238 6 Bytes JMP 7094000A .text C:\WINDOWS\system32\svchost.exe[1752] ADVAPI32.dll!LsaRemoveAccountRights 77E0AC91 6 Bytes JMP 7168000A .text C:\WINDOWS\system32\svchost.exe[1752] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\svchost.exe[1752] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\svchost.exe[1752] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\svchost.exe[1752] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\svchost.exe[1752] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\svchost.exe[1752] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\svchost.exe[1752] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\svchost.exe[1752] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\svchost.exe[1752] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\svchost.exe[1752] USER32.dll!SetWindowTextW 7E37960E 6 Bytes JMP 7061000A .text C:\WINDOWS\system32\svchost.exe[1752] USER32.dll!GetKeyState 7E379ED9 6 Bytes JMP 7130000A .text C:\WINDOWS\system32\svchost.exe[1752] USER32.dll!GetWindowTextW 7E37A5CD 6 Bytes JMP 70C1000A .text C:\WINDOWS\system32\svchost.exe[1752] USER32.dll!GetAsyncKeyState 7E37A78F 6 Bytes JMP 712D000A .text C:\WINDOWS\system32\svchost.exe[1752] USER32.dll!ShowWindow 7E37AF56 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1752] USER32.dll!ShowWindow + 4 7E37AF5A 2 Bytes [BD, 70] .text C:\WINDOWS\system32\svchost.exe[1752] USER32.dll!CreateWindowExW 7E37D0A3 6 Bytes JMP 7073000A .text C:\WINDOWS\system32\svchost.exe[1752] USER32.dll!GetKeyboardState 7E37D226 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1752] USER32.dll!GetKeyboardState + 4 7E37D22A 2 Bytes [29, 71] .text C:\WINDOWS\system32\svchost.exe[1752] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\svchost.exe[1752] USER32.dll!DrawTextW 7E37D7E2 6 Bytes JMP 7079000A .text C:\WINDOWS\system32\svchost.exe[1752] USER32.dll!CreateWindowExA 7E37E4A9 6 Bytes JMP 7076000A .text C:\WINDOWS\system32\svchost.exe[1752] USER32.dll!SetWindowTextA 7E37F56B 6 Bytes JMP 7064000A .text C:\WINDOWS\system32\svchost.exe[1752] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\svchost.exe[1752] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\svchost.exe[1752] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\svchost.exe[1752] USER32.dll!GetWindowTextA 7E38216B 6 Bytes JMP 70C4000A .text C:\WINDOWS\system32\svchost.exe[1752] USER32.dll!DrawTextA 7E38C702 6 Bytes JMP 707C000A .text C:\WINDOWS\system32\svchost.exe[1752] USER32.dll!DdeConnect 7E3A81C3 6 Bytes JMP 7127000A .text C:\WINDOWS\system32\svchost.exe[1752] USER32.dll!EndTask 7E3AA0A5 6 Bytes JMP 713C000A .text C:\WINDOWS\system32\svchost.exe[1752] USER32.dll!RegisterRawInputDevices 7E3BCE0E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1752] USER32.dll!RegisterRawInputDevices + 4 7E3BCE12 2 Bytes [11, 71] .text C:\WINDOWS\system32\svchost.exe[1752] SHELL32.dll!ShellExecuteExW 7CA098CB 6 Bytes JMP 7142000A .text C:\WINDOWS\system32\svchost.exe[1752] SHELL32.dll!Shell_NotifyIcon 7CA28BC6 6 Bytes JMP 70AC000A .text C:\WINDOWS\system32\svchost.exe[1752] SHELL32.dll!Shell_NotifyIconW 7CA2A537 6 Bytes JMP 70A9000A .text C:\WINDOWS\system32\svchost.exe[1752] SHELL32.dll!ShellExecuteEx 7CA40E45 6 Bytes JMP 7145000A .text C:\WINDOWS\system32\svchost.exe[1752] SHELL32.dll!ShellExecuteA 7CA41170 6 Bytes JMP 714B000A .text C:\WINDOWS\system32\svchost.exe[1752] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 7148000A .text C:\Documents and Settings\PawelS\Pulpit\g3tlxpoi.exe[1796] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\PawelS\Pulpit\g3tlxpoi.exe[1796] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [23, 71] .text C:\Documents and Settings\PawelS\Pulpit\g3tlxpoi.exe[1796] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\PawelS\Pulpit\g3tlxpoi.exe[1796] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [3B, 71] .text C:\Documents and Settings\PawelS\Pulpit\g3tlxpoi.exe[1796] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Documents and Settings\PawelS\Pulpit\g3tlxpoi.exe[1796] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70AC000A .text C:\Documents and Settings\PawelS\Pulpit\g3tlxpoi.exe[1796] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70DF000A .text C:\Documents and Settings\PawelS\Pulpit\g3tlxpoi.exe[1796] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7127000A .text C:\Documents and Settings\PawelS\Pulpit\g3tlxpoi.exe[1796] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70D3000A .text C:\Documents and Settings\PawelS\Pulpit\g3tlxpoi.exe[1796] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 716C000A .text C:\Documents and Settings\PawelS\Pulpit\g3tlxpoi.exe[1796] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 7160000A .text C:\Documents and Settings\PawelS\Pulpit\g3tlxpoi.exe[1796] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7166000A .text C:\Documents and Settings\PawelS\Pulpit\g3tlxpoi.exe[1796] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7163000A .text C:\Documents and Settings\PawelS\Pulpit\g3tlxpoi.exe[1796] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 7151000A .text C:\Documents and Settings\PawelS\Pulpit\g3tlxpoi.exe[1796] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7154000A .text C:\Documents and Settings\PawelS\Pulpit\g3tlxpoi.exe[1796] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 70D6000A .text C:\Documents and Settings\PawelS\Pulpit\g3tlxpoi.exe[1796] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 7085000A .text C:\Documents and Settings\PawelS\Pulpit\g3tlxpoi.exe[1796] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70C1000A .text C:\Documents and Settings\PawelS\Pulpit\g3tlxpoi.exe[1796] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 7064000A .text C:\Documents and Settings\PawelS\Pulpit\g3tlxpoi.exe[1796] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 7115000A .text C:\Documents and Settings\PawelS\Pulpit\g3tlxpoi.exe[1796] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 715D000A .text C:\Documents and Settings\PawelS\Pulpit\g3tlxpoi.exe[1796] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 708E000A .text C:\Documents and Settings\PawelS\Pulpit\g3tlxpoi.exe[1796] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 7091000A .text C:\Documents and Settings\PawelS\Pulpit\g3tlxpoi.exe[1796] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 7088000A .text C:\Documents and Settings\PawelS\Pulpit\g3tlxpoi.exe[1796] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 708B000A .text C:\Documents and Settings\PawelS\Pulpit\g3tlxpoi.exe[1796] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 710F000A .text C:\Documents and Settings\PawelS\Pulpit\g3tlxpoi.exe[1796] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\PawelS\Pulpit\g3tlxpoi.exe[1796] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [6E, 71] .text C:\Documents and Settings\PawelS\Pulpit\g3tlxpoi.exe[1796] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 70D9000A .text C:\Documents and Settings\PawelS\Pulpit\g3tlxpoi.exe[1796] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 70E2000A .text C:\Documents and Settings\PawelS\Pulpit\g3tlxpoi.exe[1796] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 70A3000A .text C:\Documents and Settings\PawelS\Pulpit\g3tlxpoi.exe[1796] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 7139000A .text C:\Documents and Settings\PawelS\Pulpit\g3tlxpoi.exe[1796] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 705E000A .text C:\Documents and Settings\PawelS\Pulpit\g3tlxpoi.exe[1796] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70A9000A .text C:\Documents and Settings\PawelS\Pulpit\g3tlxpoi.exe[1796] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 7112000A .text C:\Documents and Settings\PawelS\Pulpit\g3tlxpoi.exe[1796] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70B5000A .text C:\Documents and Settings\PawelS\Pulpit\g3tlxpoi.exe[1796] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70BE000A .text C:\Documents and Settings\PawelS\Pulpit\g3tlxpoi.exe[1796] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70BB000A .text C:\Documents and Settings\PawelS\Pulpit\g3tlxpoi.exe[1796] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 7055000A .text C:\Documents and Settings\PawelS\Pulpit\g3tlxpoi.exe[1796] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 7076000A .text C:\Documents and Settings\PawelS\Pulpit\g3tlxpoi.exe[1796] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 7073000A .text C:\Documents and Settings\PawelS\Pulpit\g3tlxpoi.exe[1796] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 70A6000A .text C:\Documents and Settings\PawelS\Pulpit\g3tlxpoi.exe[1796] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 7058000A .text C:\Documents and Settings\PawelS\Pulpit\g3tlxpoi.exe[1796] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 7061000A .text C:\Documents and Settings\PawelS\Pulpit\g3tlxpoi.exe[1796] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 7136000A .text C:\Documents and Settings\PawelS\Pulpit\g3tlxpoi.exe[1796] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 705B000A .text C:\Documents and Settings\PawelS\Pulpit\g3tlxpoi.exe[1796] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70B8000A .text C:\Documents and Settings\PawelS\Pulpit\g3tlxpoi.exe[1796] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 7142000A .text C:\Documents and Settings\PawelS\Pulpit\g3tlxpoi.exe[1796] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 70A0000A .text C:\Documents and Settings\PawelS\Pulpit\g3tlxpoi.exe[1796] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 70DC000A .text C:\Documents and Settings\PawelS\Pulpit\g3tlxpoi.exe[1796] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Documents and Settings\PawelS\Pulpit\g3tlxpoi.exe[1796] ADVAPI32.dll!RegOpenKeyExW 77DC6AAF 6 Bytes JMP 70F7000A .text C:\Documents and Settings\PawelS\Pulpit\g3tlxpoi.exe[1796] ADVAPI32.dll!RegQueryValueExW 77DC6FFF 6 Bytes JMP 70E5000A .text C:\Documents and Settings\PawelS\Pulpit\g3tlxpoi.exe[1796] ADVAPI32.dll!RegCreateKeyExW 77DC776C 6 Bytes JMP 7109000A .text C:\Documents and Settings\PawelS\Pulpit\g3tlxpoi.exe[1796] ADVAPI32.dll!RegOpenKeyExA 77DC7852 6 Bytes JMP 70FA000A .text C:\Documents and Settings\PawelS\Pulpit\g3tlxpoi.exe[1796] ADVAPI32.dll!RegOpenKeyW 77DC7946 6 Bytes JMP 70FD000A .text C:\Documents and Settings\PawelS\Pulpit\g3tlxpoi.exe[1796] ADVAPI32.dll!OpenProcessToken 77DC798B 6 Bytes JMP 709D000A .text C:\Documents and Settings\PawelS\Pulpit\g3tlxpoi.exe[1796] ADVAPI32.dll!RegQueryValueExA 77DC7ABB 6 Bytes JMP 70E8000A .text C:\Documents and Settings\PawelS\Pulpit\g3tlxpoi.exe[1796] ADVAPI32.dll!RegSetValueExW 77DCD767 6 Bytes JMP 70F1000A .text C:\Documents and Settings\PawelS\Pulpit\g3tlxpoi.exe[1796] ADVAPI32.dll!RegQueryValueW 77DCD87A 6 Bytes JMP 70EB000A .text C:\Documents and Settings\PawelS\Pulpit\g3tlxpoi.exe[1796] ADVAPI32.dll!RegCreateKeyExA 77DCE9F4 6 Bytes JMP 710C000A .text C:\Documents and Settings\PawelS\Pulpit\g3tlxpoi.exe[1796] ADVAPI32.dll!RegSetValueExA 77DCEAE7 6 Bytes JMP 70F4000A .text C:\Documents and Settings\PawelS\Pulpit\g3tlxpoi.exe[1796] ADVAPI32.dll!RegOpenKeyA 77DCEFC8 6 Bytes JMP 7100000A .text C:\Documents and Settings\PawelS\Pulpit\g3tlxpoi.exe[1796] ADVAPI32.dll!AdjustTokenPrivileges 77DCF00C 6 Bytes JMP 7094000A .text C:\Documents and Settings\PawelS\Pulpit\g3tlxpoi.exe[1796] ADVAPI32.dll!RegDeleteKeyA 77DD42A0 6 Bytes JMP 7070000A .text C:\Documents and Settings\PawelS\Pulpit\g3tlxpoi.exe[1796] ADVAPI32.dll!RegDeleteKeyW 77DD559B 6 Bytes JMP 706D000A .text C:\Documents and Settings\PawelS\Pulpit\g3tlxpoi.exe[1796] ADVAPI32.dll!OpenSCManagerW 77DD6F55 6 Bytes JMP 70CD000A .text C:\Documents and Settings\PawelS\Pulpit\g3tlxpoi.exe[1796] ADVAPI32.dll!OpenSCManagerA 77DE69AE 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\PawelS\Pulpit\g3tlxpoi.exe[1796] ADVAPI32.dll!OpenSCManagerA + 4 77DE69B2 2 Bytes [CF, 70] .text C:\Documents and Settings\PawelS\Pulpit\g3tlxpoi.exe[1796] ADVAPI32.dll!LookupPrivilegeValueW 77DEB8DF 6 Bytes JMP 7097000A .text C:\Documents and Settings\PawelS\Pulpit\g3tlxpoi.exe[1796] ADVAPI32.dll!RegCreateKeyW 77DEBA55 6 Bytes JMP 7103000A .text C:\Documents and Settings\PawelS\Pulpit\g3tlxpoi.exe[1796] ADVAPI32.dll!RegQueryValueA 77DEBB8D 6 Bytes JMP 70EE000A .text C:\Documents and Settings\PawelS\Pulpit\g3tlxpoi.exe[1796] ADVAPI32.dll!RegCreateKeyA 77DEBCF3 6 Bytes JMP 7106000A .text C:\Documents and Settings\PawelS\Pulpit\g3tlxpoi.exe[1796] ADVAPI32.dll!LookupPrivilegeValueA 77DEC238 6 Bytes JMP 709A000A .text C:\Documents and Settings\PawelS\Pulpit\g3tlxpoi.exe[1796] ADVAPI32.dll!LsaRemoveAccountRights 77E0AC91 6 Bytes JMP 7169000A .text C:\Documents and Settings\PawelS\Pulpit\g3tlxpoi.exe[1796] ADVAPI32.dll!CreateServiceA 77E27211 6 Bytes JMP 7121000A .text C:\Documents and Settings\PawelS\Pulpit\g3tlxpoi.exe[1796] ADVAPI32.dll!CreateServiceW 77E273A9 6 Bytes JMP 711E000A .text C:\Documents and Settings\PawelS\Pulpit\g3tlxpoi.exe[1796] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 7157000A .text C:\Documents and Settings\PawelS\Pulpit\g3tlxpoi.exe[1796] USER32.dll!SetWindowTextW 7E37960E 6 Bytes JMP 7067000A .text C:\Documents and Settings\PawelS\Pulpit\g3tlxpoi.exe[1796] USER32.dll!GetKeyState 7E379ED9 6 Bytes JMP 7133000A .text C:\Documents and Settings\PawelS\Pulpit\g3tlxpoi.exe[1796] USER32.dll!GetWindowTextW 7E37A5CD 6 Bytes JMP 70C7000A .text C:\Documents and Settings\PawelS\Pulpit\g3tlxpoi.exe[1796] USER32.dll!GetAsyncKeyState 7E37A78F 6 Bytes JMP 7130000A .text C:\Documents and Settings\PawelS\Pulpit\g3tlxpoi.exe[1796] USER32.dll!ShowWindow 7E37AF56 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\PawelS\Pulpit\g3tlxpoi.exe[1796] USER32.dll!ShowWindow + 4 7E37AF5A 2 Bytes [C3, 70] .text C:\Documents and Settings\PawelS\Pulpit\g3tlxpoi.exe[1796] USER32.dll!CreateWindowExW 7E37D0A3 6 Bytes JMP 7079000A .text C:\Documents and Settings\PawelS\Pulpit\g3tlxpoi.exe[1796] USER32.dll!GetKeyboardState 7E37D226 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\PawelS\Pulpit\g3tlxpoi.exe[1796] USER32.dll!GetKeyboardState + 4 7E37D22A 2 Bytes [2C, 71] {SUB AL, 0x71} .text C:\Documents and Settings\PawelS\Pulpit\g3tlxpoi.exe[1796] USER32.dll!DrawTextW 7E37D7E2 6 Bytes JMP 707F000A .text C:\Documents and Settings\PawelS\Pulpit\g3tlxpoi.exe[1796] USER32.dll!CreateWindowExA 7E37E4A9 6 Bytes JMP 707C000A .text C:\Documents and Settings\PawelS\Pulpit\g3tlxpoi.exe[1796] USER32.dll!SetWindowTextA 7E37F56B 6 Bytes JMP 706A000A .text C:\Documents and Settings\PawelS\Pulpit\g3tlxpoi.exe[1796] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 715A000A .text C:\Documents and Settings\PawelS\Pulpit\g3tlxpoi.exe[1796] USER32.dll!SetWinEventHook 7E3817F7 6 Bytes JMP 711B000A .text C:\Documents and Settings\PawelS\Pulpit\g3tlxpoi.exe[1796] USER32.dll!GetWindowTextA 7E38216B 6 Bytes JMP 70CA000A .text C:\Documents and Settings\PawelS\Pulpit\g3tlxpoi.exe[1796] USER32.dll!DrawTextA 7E38C702 6 Bytes JMP 7082000A .text C:\Documents and Settings\PawelS\Pulpit\g3tlxpoi.exe[1796] USER32.dll!DdeConnect 7E3A81C3 6 Bytes JMP 712A000A .text C:\Documents and Settings\PawelS\Pulpit\g3tlxpoi.exe[1796] USER32.dll!EndTask 7E3AA0A5 6 Bytes JMP 713F000A .text C:\Documents and Settings\PawelS\Pulpit\g3tlxpoi.exe[1796] USER32.dll!RegisterRawInputDevices 7E3BCE0E 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\PawelS\Pulpit\g3tlxpoi.exe[1796] USER32.dll!RegisterRawInputDevices + 4 7E3BCE12 2 Bytes [17, 71] .text C:\Documents and Settings\PawelS\Pulpit\g3tlxpoi.exe[1796] SHELL32.dll!ShellExecuteExW 7CA098CB 6 Bytes JMP 7145000A .text C:\Documents and Settings\PawelS\Pulpit\g3tlxpoi.exe[1796] SHELL32.dll!Shell_NotifyIcon 7CA28BC6 6 Bytes JMP 70B2000A .text C:\Documents and Settings\PawelS\Pulpit\g3tlxpoi.exe[1796] SHELL32.dll!Shell_NotifyIconW 7CA2A537 6 Bytes JMP 70AF000A .text C:\Documents and Settings\PawelS\Pulpit\g3tlxpoi.exe[1796] SHELL32.dll!ShellExecuteEx 7CA40E45 6 Bytes JMP 7148000A .text C:\Documents and Settings\PawelS\Pulpit\g3tlxpoi.exe[1796] SHELL32.dll!ShellExecuteA 7CA41170 6 Bytes JMP 714E000A .text C:\Documents and Settings\PawelS\Pulpit\g3tlxpoi.exe[1796] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 714B000A .text C:\WINDOWS\system32\o2flash.exe[1916] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\o2flash.exe[1916] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [20, 71] .text C:\WINDOWS\system32\o2flash.exe[1916] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\o2flash.exe[1916] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [38, 71] .text C:\WINDOWS\system32\o2flash.exe[1916] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8 .text C:\WINDOWS\system32\o2flash.exe[1916] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\o2flash.exe[1916] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC .text C:\WINDOWS\system32\o2flash.exe[1916] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70A6000A .text C:\WINDOWS\system32\o2flash.exe[1916] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70D9000A .text C:\WINDOWS\system32\o2flash.exe[1916] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7124000A .text C:\WINDOWS\system32\o2flash.exe[1916] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70CD000A .text C:\WINDOWS\system32\o2flash.exe[1916] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 716B000A .text C:\WINDOWS\system32\o2flash.exe[1916] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 715F000A .text C:\WINDOWS\system32\o2flash.exe[1916] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7165000A .text C:\WINDOWS\system32\o2flash.exe[1916] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7162000A .text C:\WINDOWS\system32\o2flash.exe[1916] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 714E000A .text C:\WINDOWS\system32\o2flash.exe[1916] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7151000A .text C:\WINDOWS\system32\o2flash.exe[1916] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 70D0000A .text C:\WINDOWS\system32\o2flash.exe[1916] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 707F000A .text C:\WINDOWS\system32\o2flash.exe[1916] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70BB000A .text C:\WINDOWS\system32\o2flash.exe[1916] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 705E000A .text C:\WINDOWS\system32\o2flash.exe[1916] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 710F000A .text C:\WINDOWS\system32\o2flash.exe[1916] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 715C000A .text C:\WINDOWS\system32\o2flash.exe[1916] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 7088000A .text C:\WINDOWS\system32\o2flash.exe[1916] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 708B000A .text C:\WINDOWS\system32\o2flash.exe[1916] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 7082000A .text C:\WINDOWS\system32\o2flash.exe[1916] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 7085000A .text C:\WINDOWS\system32\o2flash.exe[1916] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 7109000A .text C:\WINDOWS\system32\o2flash.exe[1916] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\o2flash.exe[1916] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [6D, 71] .text C:\WINDOWS\system32\o2flash.exe[1916] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 70D3000A .text C:\WINDOWS\system32\o2flash.exe[1916] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 70DC000A .text C:\WINDOWS\system32\o2flash.exe[1916] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 709D000A .text C:\WINDOWS\system32\o2flash.exe[1916] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 7136000A .text C:\WINDOWS\system32\o2flash.exe[1916] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 7058000A .text C:\WINDOWS\system32\o2flash.exe[1916] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70A3000A .text C:\WINDOWS\system32\o2flash.exe[1916] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 710C000A .text C:\WINDOWS\system32\o2flash.exe[1916] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70AF000A .text C:\WINDOWS\system32\o2flash.exe[1916] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70B8000A .text C:\WINDOWS\system32\o2flash.exe[1916] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70B5000A .text C:\WINDOWS\system32\o2flash.exe[1916] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 704F000A .text C:\WINDOWS\system32\o2flash.exe[1916] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 7070000A .text C:\WINDOWS\system32\o2flash.exe[1916] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 706D000A .text C:\WINDOWS\system32\o2flash.exe[1916] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 70A0000A .text C:\WINDOWS\system32\o2flash.exe[1916] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 7052000A .text C:\WINDOWS\system32\o2flash.exe[1916] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 705B000A .text C:\WINDOWS\system32\o2flash.exe[1916] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 7133000A .text C:\WINDOWS\system32\o2flash.exe[1916] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 7055000A .text C:\WINDOWS\system32\o2flash.exe[1916] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70B2000A .text C:\WINDOWS\system32\o2flash.exe[1916] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 713F000A .text C:\WINDOWS\system32\o2flash.exe[1916] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 709A000A .text C:\WINDOWS\system32\o2flash.exe[1916] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 70D6000A .text C:\WINDOWS\system32\o2flash.exe[1916] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\o2flash.exe[1916] ADVAPI32.dll!RegOpenKeyExW 77DC6AAF 6 Bytes JMP 70F1000A .text C:\WINDOWS\system32\o2flash.exe[1916] ADVAPI32.dll!RegQueryValueExW 77DC6FFF 6 Bytes JMP 70DF000A .text C:\WINDOWS\system32\o2flash.exe[1916] ADVAPI32.dll!RegCreateKeyExW 77DC776C 6 Bytes JMP 7103000A .text C:\WINDOWS\system32\o2flash.exe[1916] ADVAPI32.dll!RegOpenKeyExA 77DC7852 6 Bytes JMP 70F4000A .text C:\WINDOWS\system32\o2flash.exe[1916] ADVAPI32.dll!RegOpenKeyW 77DC7946 6 Bytes JMP 70F7000A .text C:\WINDOWS\system32\o2flash.exe[1916] ADVAPI32.dll!OpenProcessToken 77DC798B 6 Bytes JMP 7097000A .text C:\WINDOWS\system32\o2flash.exe[1916] ADVAPI32.dll!RegQueryValueExA 77DC7ABB 6 Bytes JMP 70E2000A .text C:\WINDOWS\system32\o2flash.exe[1916] ADVAPI32.dll!RegSetValueExW 77DCD767 6 Bytes JMP 70EB000A .text C:\WINDOWS\system32\o2flash.exe[1916] ADVAPI32.dll!RegQueryValueW 77DCD87A 6 Bytes JMP 70E5000A .text C:\WINDOWS\system32\o2flash.exe[1916] ADVAPI32.dll!RegCreateKeyExA 77DCE9F4 6 Bytes JMP 7106000A .text C:\WINDOWS\system32\o2flash.exe[1916] ADVAPI32.dll!RegSetValueExA 77DCEAE7 6 Bytes JMP 70EE000A .text C:\WINDOWS\system32\o2flash.exe[1916] ADVAPI32.dll!RegOpenKeyA 77DCEFC8 6 Bytes JMP 70FA000A .text C:\WINDOWS\system32\o2flash.exe[1916] ADVAPI32.dll!AdjustTokenPrivileges 77DCF00C 6 Bytes JMP 708E000A .text C:\WINDOWS\system32\o2flash.exe[1916] ADVAPI32.dll!RegDeleteKeyA 77DD42A0 6 Bytes JMP 706A000A .text C:\WINDOWS\system32\o2flash.exe[1916] ADVAPI32.dll!RegDeleteKeyW 77DD559B 6 Bytes JMP 7067000A .text C:\WINDOWS\system32\o2flash.exe[1916] ADVAPI32.dll!OpenSCManagerW 77DD6F55 6 Bytes JMP 70C7000A .text C:\WINDOWS\system32\o2flash.exe[1916] ADVAPI32.dll!OpenSCManagerA 77DE69AE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\o2flash.exe[1916] ADVAPI32.dll!OpenSCManagerA + 4 77DE69B2 2 Bytes [C9, 70] .text C:\WINDOWS\system32\o2flash.exe[1916] ADVAPI32.dll!LookupPrivilegeValueW 77DEB8DF 6 Bytes JMP 7091000A .text C:\WINDOWS\system32\o2flash.exe[1916] ADVAPI32.dll!RegCreateKeyW 77DEBA55 6 Bytes JMP 70FD000A .text C:\WINDOWS\system32\o2flash.exe[1916] ADVAPI32.dll!RegQueryValueA 77DEBB8D 6 Bytes JMP 70E8000A .text C:\WINDOWS\system32\o2flash.exe[1916] ADVAPI32.dll!RegCreateKeyA 77DEBCF3 6 Bytes JMP 7100000A .text C:\WINDOWS\system32\o2flash.exe[1916] ADVAPI32.dll!LookupPrivilegeValueA 77DEC238 6 Bytes JMP 7094000A .text C:\WINDOWS\system32\o2flash.exe[1916] ADVAPI32.dll!LsaRemoveAccountRights 77E0AC91 6 Bytes JMP 7168000A .text C:\WINDOWS\system32\o2flash.exe[1916] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003D1014 .text C:\WINDOWS\system32\o2flash.exe[1916] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003D0804 .text C:\WINDOWS\system32\o2flash.exe[1916] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003D0A08 .text C:\WINDOWS\system32\o2flash.exe[1916] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003D0C0C .text C:\WINDOWS\system32\o2flash.exe[1916] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003D0E10 .text C:\WINDOWS\system32\o2flash.exe[1916] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003D01F8 .text C:\WINDOWS\system32\o2flash.exe[1916] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003D03FC .text C:\WINDOWS\system32\o2flash.exe[1916] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003D0600 .text C:\WINDOWS\system32\o2flash.exe[1916] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003E0804 .text C:\WINDOWS\system32\o2flash.exe[1916] USER32.dll!SetWindowTextW 7E37960E 6 Bytes JMP 7061000A .text C:\WINDOWS\system32\o2flash.exe[1916] USER32.dll!GetKeyState 7E379ED9 6 Bytes JMP 7130000A .text C:\WINDOWS\system32\o2flash.exe[1916] USER32.dll!GetWindowTextW 7E37A5CD 6 Bytes JMP 70C1000A .text C:\WINDOWS\system32\o2flash.exe[1916] USER32.dll!GetAsyncKeyState 7E37A78F 6 Bytes JMP 712D000A .text C:\WINDOWS\system32\o2flash.exe[1916] USER32.dll!ShowWindow 7E37AF56 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\o2flash.exe[1916] USER32.dll!ShowWindow + 4 7E37AF5A 2 Bytes [BD, 70] .text C:\WINDOWS\system32\o2flash.exe[1916] USER32.dll!CreateWindowExW 7E37D0A3 6 Bytes JMP 7073000A .text C:\WINDOWS\system32\o2flash.exe[1916] USER32.dll!GetKeyboardState 7E37D226 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\o2flash.exe[1916] USER32.dll!GetKeyboardState + 4 7E37D22A 2 Bytes [29, 71] .text C:\WINDOWS\system32\o2flash.exe[1916] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003E0A08 .text C:\WINDOWS\system32\o2flash.exe[1916] USER32.dll!DrawTextW 7E37D7E2 6 Bytes JMP 7079000A .text C:\WINDOWS\system32\o2flash.exe[1916] USER32.dll!CreateWindowExA 7E37E4A9 6 Bytes JMP 7076000A .text C:\WINDOWS\system32\o2flash.exe[1916] USER32.dll!SetWindowTextA 7E37F56B 6 Bytes JMP 7064000A .text C:\WINDOWS\system32\o2flash.exe[1916] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003E0600 .text C:\WINDOWS\system32\o2flash.exe[1916] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003E01F8 .text C:\WINDOWS\system32\o2flash.exe[1916] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003E03FC .text C:\WINDOWS\system32\o2flash.exe[1916] USER32.dll!GetWindowTextA 7E38216B 6 Bytes JMP 70C4000A .text C:\WINDOWS\system32\o2flash.exe[1916] USER32.dll!DrawTextA 7E38C702 6 Bytes JMP 707C000A .text C:\WINDOWS\system32\o2flash.exe[1916] USER32.dll!DdeConnect 7E3A81C3 6 Bytes JMP 7127000A .text C:\WINDOWS\system32\o2flash.exe[1916] USER32.dll!EndTask 7E3AA0A5 6 Bytes JMP 713C000A .text C:\WINDOWS\system32\o2flash.exe[1916] USER32.dll!RegisterRawInputDevices 7E3BCE0E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\o2flash.exe[1916] USER32.dll!RegisterRawInputDevices + 4 7E3BCE12 2 Bytes [11, 71] .text C:\WINDOWS\system32\o2flash.exe[1916] SHELL32.dll!ShellExecuteExW 7CA098CB 6 Bytes JMP 7142000A .text C:\WINDOWS\system32\o2flash.exe[1916] SHELL32.dll!Shell_NotifyIcon 7CA28BC6 6 Bytes JMP 70AC000A .text C:\WINDOWS\system32\o2flash.exe[1916] SHELL32.dll!Shell_NotifyIconW 7CA2A537 6 Bytes JMP 70A9000A .text C:\WINDOWS\system32\o2flash.exe[1916] SHELL32.dll!ShellExecuteEx 7CA40E45 6 Bytes JMP 7145000A .text C:\WINDOWS\system32\o2flash.exe[1916] SHELL32.dll!ShellExecuteA 7CA41170 6 Bytes JMP 714B000A .text C:\WINDOWS\system32\o2flash.exe[1916] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 7148000A .text C:\WINDOWS\system32\svchost.exe[2100] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[2100] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [20, 71] .text C:\WINDOWS\system32\svchost.exe[2100] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[2100] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [38, 71] .text C:\WINDOWS\system32\svchost.exe[2100] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\svchost.exe[2100] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[2100] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\svchost.exe[2100] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70A6000A .text C:\WINDOWS\system32\svchost.exe[2100] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70D9000A .text C:\WINDOWS\system32\svchost.exe[2100] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7124000A .text C:\WINDOWS\system32\svchost.exe[2100] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70CD000A .text C:\WINDOWS\system32\svchost.exe[2100] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 716B000A .text C:\WINDOWS\system32\svchost.exe[2100] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 715F000A .text C:\WINDOWS\system32\svchost.exe[2100] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7165000A .text C:\WINDOWS\system32\svchost.exe[2100] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7162000A .text C:\WINDOWS\system32\svchost.exe[2100] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 714E000A .text C:\WINDOWS\system32\svchost.exe[2100] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7151000A .text C:\WINDOWS\system32\svchost.exe[2100] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 70D0000A .text C:\WINDOWS\system32\svchost.exe[2100] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 707F000A .text C:\WINDOWS\system32\svchost.exe[2100] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70BB000A .text C:\WINDOWS\system32\svchost.exe[2100] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 705E000A .text C:\WINDOWS\system32\svchost.exe[2100] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 710F000A .text C:\WINDOWS\system32\svchost.exe[2100] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 715C000A .text C:\WINDOWS\system32\svchost.exe[2100] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 7088000A .text C:\WINDOWS\system32\svchost.exe[2100] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 708B000A .text C:\WINDOWS\system32\svchost.exe[2100] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 7082000A .text C:\WINDOWS\system32\svchost.exe[2100] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 7085000A .text C:\WINDOWS\system32\svchost.exe[2100] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 7109000A .text C:\WINDOWS\system32\svchost.exe[2100] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[2100] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [6D, 71] .text C:\WINDOWS\system32\svchost.exe[2100] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 70D3000A .text C:\WINDOWS\system32\svchost.exe[2100] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 70DC000A .text C:\WINDOWS\system32\svchost.exe[2100] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 709D000A .text C:\WINDOWS\system32\svchost.exe[2100] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 7136000A .text C:\WINDOWS\system32\svchost.exe[2100] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 7058000A .text C:\WINDOWS\system32\svchost.exe[2100] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70A3000A .text C:\WINDOWS\system32\svchost.exe[2100] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 710C000A .text C:\WINDOWS\system32\svchost.exe[2100] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70AF000A .text C:\WINDOWS\system32\svchost.exe[2100] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70B8000A .text C:\WINDOWS\system32\svchost.exe[2100] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70B5000A .text C:\WINDOWS\system32\svchost.exe[2100] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 704F000A .text C:\WINDOWS\system32\svchost.exe[2100] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 7070000A .text C:\WINDOWS\system32\svchost.exe[2100] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 706D000A .text C:\WINDOWS\system32\svchost.exe[2100] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 70A0000A .text C:\WINDOWS\system32\svchost.exe[2100] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 7052000A .text C:\WINDOWS\system32\svchost.exe[2100] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 705B000A .text C:\WINDOWS\system32\svchost.exe[2100] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 7133000A .text C:\WINDOWS\system32\svchost.exe[2100] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 7055000A .text C:\WINDOWS\system32\svchost.exe[2100] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70B2000A .text C:\WINDOWS\system32\svchost.exe[2100] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 713F000A .text C:\WINDOWS\system32\svchost.exe[2100] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 709A000A .text C:\WINDOWS\system32\svchost.exe[2100] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 70D6000A .text C:\WINDOWS\system32\svchost.exe[2100] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[2100] ADVAPI32.dll!RegOpenKeyExW 77DC6AAF 6 Bytes JMP 70F1000A .text C:\WINDOWS\system32\svchost.exe[2100] ADVAPI32.dll!RegQueryValueExW 77DC6FFF 6 Bytes JMP 70DF000A .text C:\WINDOWS\system32\svchost.exe[2100] ADVAPI32.dll!RegCreateKeyExW 77DC776C 6 Bytes JMP 7103000A .text C:\WINDOWS\system32\svchost.exe[2100] ADVAPI32.dll!RegOpenKeyExA 77DC7852 6 Bytes JMP 70F4000A .text C:\WINDOWS\system32\svchost.exe[2100] ADVAPI32.dll!RegOpenKeyW 77DC7946 6 Bytes JMP 70F7000A .text C:\WINDOWS\system32\svchost.exe[2100] ADVAPI32.dll!OpenProcessToken 77DC798B 6 Bytes JMP 7097000A .text C:\WINDOWS\system32\svchost.exe[2100] ADVAPI32.dll!RegQueryValueExA 77DC7ABB 6 Bytes JMP 70E2000A .text C:\WINDOWS\system32\svchost.exe[2100] ADVAPI32.dll!RegSetValueExW 77DCD767 6 Bytes JMP 70EB000A .text C:\WINDOWS\system32\svchost.exe[2100] ADVAPI32.dll!RegQueryValueW 77DCD87A 6 Bytes JMP 70E5000A .text C:\WINDOWS\system32\svchost.exe[2100] ADVAPI32.dll!RegCreateKeyExA 77DCE9F4 6 Bytes JMP 7106000A .text C:\WINDOWS\system32\svchost.exe[2100] ADVAPI32.dll!RegSetValueExA 77DCEAE7 6 Bytes JMP 70EE000A .text C:\WINDOWS\system32\svchost.exe[2100] ADVAPI32.dll!RegOpenKeyA 77DCEFC8 6 Bytes JMP 70FA000A .text C:\WINDOWS\system32\svchost.exe[2100] ADVAPI32.dll!AdjustTokenPrivileges 77DCF00C 6 Bytes JMP 708E000A .text C:\WINDOWS\system32\svchost.exe[2100] ADVAPI32.dll!RegDeleteKeyA 77DD42A0 6 Bytes JMP 706A000A .text C:\WINDOWS\system32\svchost.exe[2100] ADVAPI32.dll!RegDeleteKeyW 77DD559B 6 Bytes JMP 7067000A .text C:\WINDOWS\system32\svchost.exe[2100] ADVAPI32.dll!OpenSCManagerW 77DD6F55 6 Bytes JMP 70C7000A .text C:\WINDOWS\system32\svchost.exe[2100] ADVAPI32.dll!OpenSCManagerA 77DE69AE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[2100] ADVAPI32.dll!OpenSCManagerA + 4 77DE69B2 2 Bytes [C9, 70] .text C:\WINDOWS\system32\svchost.exe[2100] ADVAPI32.dll!LookupPrivilegeValueW 77DEB8DF 6 Bytes JMP 7091000A .text C:\WINDOWS\system32\svchost.exe[2100] ADVAPI32.dll!RegCreateKeyW 77DEBA55 6 Bytes JMP 70FD000A .text C:\WINDOWS\system32\svchost.exe[2100] ADVAPI32.dll!RegQueryValueA 77DEBB8D 6 Bytes JMP 70E8000A .text C:\WINDOWS\system32\svchost.exe[2100] ADVAPI32.dll!RegCreateKeyA 77DEBCF3 6 Bytes JMP 7100000A .text C:\WINDOWS\system32\svchost.exe[2100] ADVAPI32.dll!LookupPrivilegeValueA 77DEC238 6 Bytes JMP 7094000A .text C:\WINDOWS\system32\svchost.exe[2100] ADVAPI32.dll!LsaRemoveAccountRights 77E0AC91 6 Bytes JMP 7168000A .text C:\WINDOWS\system32\svchost.exe[2100] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\svchost.exe[2100] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\svchost.exe[2100] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\svchost.exe[2100] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\svchost.exe[2100] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\svchost.exe[2100] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\svchost.exe[2100] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\svchost.exe[2100] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\svchost.exe[2100] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\svchost.exe[2100] USER32.dll!SetWindowTextW 7E37960E 6 Bytes JMP 7061000A .text C:\WINDOWS\system32\svchost.exe[2100] USER32.dll!GetKeyState 7E379ED9 6 Bytes JMP 7130000A .text C:\WINDOWS\system32\svchost.exe[2100] USER32.dll!GetWindowTextW 7E37A5CD 6 Bytes JMP 70C1000A .text C:\WINDOWS\system32\svchost.exe[2100] USER32.dll!GetAsyncKeyState 7E37A78F 6 Bytes JMP 712D000A .text C:\WINDOWS\system32\svchost.exe[2100] USER32.dll!ShowWindow 7E37AF56 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[2100] USER32.dll!ShowWindow + 4 7E37AF5A 2 Bytes [BD, 70] .text C:\WINDOWS\system32\svchost.exe[2100] USER32.dll!CreateWindowExW 7E37D0A3 6 Bytes JMP 7073000A .text C:\WINDOWS\system32\svchost.exe[2100] USER32.dll!GetKeyboardState 7E37D226 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[2100] USER32.dll!GetKeyboardState + 4 7E37D22A 2 Bytes [29, 71] .text C:\WINDOWS\system32\svchost.exe[2100] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\svchost.exe[2100] USER32.dll!DrawTextW 7E37D7E2 6 Bytes JMP 7079000A .text C:\WINDOWS\system32\svchost.exe[2100] USER32.dll!CreateWindowExA 7E37E4A9 6 Bytes JMP 7076000A .text C:\WINDOWS\system32\svchost.exe[2100] USER32.dll!SetWindowTextA 7E37F56B 6 Bytes JMP 7064000A .text C:\WINDOWS\system32\svchost.exe[2100] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\svchost.exe[2100] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\svchost.exe[2100] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\svchost.exe[2100] USER32.dll!GetWindowTextA 7E38216B 6 Bytes JMP 70C4000A .text C:\WINDOWS\system32\svchost.exe[2100] USER32.dll!DrawTextA 7E38C702 6 Bytes JMP 707C000A .text C:\WINDOWS\system32\svchost.exe[2100] USER32.dll!DdeConnect 7E3A81C3 6 Bytes JMP 7127000A .text C:\WINDOWS\system32\svchost.exe[2100] USER32.dll!EndTask 7E3AA0A5 6 Bytes JMP 713C000A .text C:\WINDOWS\system32\svchost.exe[2100] USER32.dll!RegisterRawInputDevices 7E3BCE0E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[2100] USER32.dll!RegisterRawInputDevices + 4 7E3BCE12 2 Bytes [11, 71] .text C:\WINDOWS\system32\svchost.exe[2100] SHELL32.dll!ShellExecuteExW 7CA098CB 6 Bytes JMP 7142000A .text C:\WINDOWS\system32\svchost.exe[2100] SHELL32.dll!Shell_NotifyIcon 7CA28BC6 6 Bytes JMP 70AC000A .text C:\WINDOWS\system32\svchost.exe[2100] SHELL32.dll!Shell_NotifyIconW 7CA2A537 6 Bytes JMP 70A9000A .text C:\WINDOWS\system32\svchost.exe[2100] SHELL32.dll!ShellExecuteEx 7CA40E45 6 Bytes JMP 7145000A .text C:\WINDOWS\system32\svchost.exe[2100] SHELL32.dll!ShellExecuteA 7CA41170 6 Bytes JMP 714B000A .text C:\WINDOWS\system32\svchost.exe[2100] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 7148000A .text C:\Program Files\ThreatFire\TFService.exe[2232] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text C:\Program Files\ThreatFire\TFService.exe[2232] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\ThreatFire\TFService.exe[2232] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text C:\Program Files\ThreatFire\TFService.exe[2232] kernel32.dll!CreateRemoteThread + 174 7C810640 4 Bytes JMP 716F0000 .text C:\Program Files\ThreatFire\TFService.exe[2232] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\ThreatFire\TFService.exe[2232] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804 .text C:\Program Files\ThreatFire\TFService.exe[2232] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08 .text C:\Program Files\ThreatFire\TFService.exe[2232] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600 .text C:\Program Files\ThreatFire\TFService.exe[2232] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8 .text C:\Program Files\ThreatFire\TFService.exe[2232] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC .text C:\Program Files\ThreatFire\TFService.exe[2232] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00411014 .text C:\Program Files\ThreatFire\TFService.exe[2232] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00410804 .text C:\Program Files\ThreatFire\TFService.exe[2232] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00410A08 .text C:\Program Files\ThreatFire\TFService.exe[2232] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00410C0C .text C:\Program Files\ThreatFire\TFService.exe[2232] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00410E10 .text C:\Program Files\ThreatFire\TFService.exe[2232] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 004101F8 .text C:\Program Files\ThreatFire\TFService.exe[2232] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 004103FC .text C:\Program Files\ThreatFire\TFService.exe[2232] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00410600 .text C:\WINDOWS\system32\UTSCSI.EXE[2552] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\UTSCSI.EXE[2552] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [22, 71] .text C:\WINDOWS\system32\UTSCSI.EXE[2552] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\UTSCSI.EXE[2552] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [3A, 71] .text C:\WINDOWS\system32\UTSCSI.EXE[2552] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8 .text C:\WINDOWS\system32\UTSCSI.EXE[2552] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\UTSCSI.EXE[2552] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC .text C:\WINDOWS\system32\UTSCSI.EXE[2552] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70A9000A .text C:\WINDOWS\system32\UTSCSI.EXE[2552] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70DC000A .text C:\WINDOWS\system32\UTSCSI.EXE[2552] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7126000A .text C:\WINDOWS\system32\UTSCSI.EXE[2552] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70D0000A .text C:\WINDOWS\system32\UTSCSI.EXE[2552] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 716B000A .text C:\WINDOWS\system32\UTSCSI.EXE[2552] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 715F000A .text C:\WINDOWS\system32\UTSCSI.EXE[2552] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7165000A .text C:\WINDOWS\system32\UTSCSI.EXE[2552] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7162000A .text C:\WINDOWS\system32\UTSCSI.EXE[2552] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 7150000A .text C:\WINDOWS\system32\UTSCSI.EXE[2552] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7153000A .text C:\WINDOWS\system32\UTSCSI.EXE[2552] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 70D3000A .text C:\WINDOWS\system32\UTSCSI.EXE[2552] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 7082000A .text C:\WINDOWS\system32\UTSCSI.EXE[2552] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70BE000A .text C:\WINDOWS\system32\UTSCSI.EXE[2552] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 7061000A .text C:\WINDOWS\system32\UTSCSI.EXE[2552] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 7112000A .text C:\WINDOWS\system32\UTSCSI.EXE[2552] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 715C000A .text C:\WINDOWS\system32\UTSCSI.EXE[2552] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 708B000A .text C:\WINDOWS\system32\UTSCSI.EXE[2552] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 708E000A .text C:\WINDOWS\system32\UTSCSI.EXE[2552] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 7085000A .text C:\WINDOWS\system32\UTSCSI.EXE[2552] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 7088000A .text C:\WINDOWS\system32\UTSCSI.EXE[2552] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 710C000A .text C:\WINDOWS\system32\UTSCSI.EXE[2552] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\UTSCSI.EXE[2552] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [6D, 71] .text C:\WINDOWS\system32\UTSCSI.EXE[2552] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 70D6000A .text C:\WINDOWS\system32\UTSCSI.EXE[2552] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 70DF000A .text C:\WINDOWS\system32\UTSCSI.EXE[2552] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 70A0000A .text C:\WINDOWS\system32\UTSCSI.EXE[2552] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 7138000A .text C:\WINDOWS\system32\UTSCSI.EXE[2552] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 705B000A .text C:\WINDOWS\system32\UTSCSI.EXE[2552] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70A6000A .text C:\WINDOWS\system32\UTSCSI.EXE[2552] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 710F000A .text C:\WINDOWS\system32\UTSCSI.EXE[2552] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70B2000A .text C:\WINDOWS\system32\UTSCSI.EXE[2552] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70BB000A .text C:\WINDOWS\system32\UTSCSI.EXE[2552] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70B8000A .text C:\WINDOWS\system32\UTSCSI.EXE[2552] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 7052000A .text C:\WINDOWS\system32\UTSCSI.EXE[2552] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 7073000A .text C:\WINDOWS\system32\UTSCSI.EXE[2552] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 7070000A .text C:\WINDOWS\system32\UTSCSI.EXE[2552] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 70A3000A .text C:\WINDOWS\system32\UTSCSI.EXE[2552] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 7055000A .text C:\WINDOWS\system32\UTSCSI.EXE[2552] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 705E000A .text C:\WINDOWS\system32\UTSCSI.EXE[2552] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 7135000A .text C:\WINDOWS\system32\UTSCSI.EXE[2552] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 7058000A .text C:\WINDOWS\system32\UTSCSI.EXE[2552] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70B5000A .text C:\WINDOWS\system32\UTSCSI.EXE[2552] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 7141000A .text C:\WINDOWS\system32\UTSCSI.EXE[2552] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 709D000A .text C:\WINDOWS\system32\UTSCSI.EXE[2552] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 70D9000A .text C:\WINDOWS\system32\UTSCSI.EXE[2552] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\UTSCSI.EXE[2552] ADVAPI32.dll!RegOpenKeyExW 77DC6AAF 6 Bytes JMP 70F4000A .text C:\WINDOWS\system32\UTSCSI.EXE[2552] ADVAPI32.dll!RegQueryValueExW 77DC6FFF 6 Bytes JMP 70E2000A .text C:\WINDOWS\system32\UTSCSI.EXE[2552] ADVAPI32.dll!RegCreateKeyExW 77DC776C 6 Bytes JMP 7106000A .text C:\WINDOWS\system32\UTSCSI.EXE[2552] ADVAPI32.dll!RegOpenKeyExA 77DC7852 6 Bytes JMP 70F7000A .text C:\WINDOWS\system32\UTSCSI.EXE[2552] ADVAPI32.dll!RegOpenKeyW 77DC7946 6 Bytes JMP 70FA000A .text C:\WINDOWS\system32\UTSCSI.EXE[2552] ADVAPI32.dll!OpenProcessToken 77DC798B 6 Bytes JMP 709A000A .text C:\WINDOWS\system32\UTSCSI.EXE[2552] ADVAPI32.dll!RegQueryValueExA 77DC7ABB 6 Bytes JMP 70E5000A .text C:\WINDOWS\system32\UTSCSI.EXE[2552] ADVAPI32.dll!RegSetValueExW 77DCD767 6 Bytes JMP 70EE000A .text C:\WINDOWS\system32\UTSCSI.EXE[2552] ADVAPI32.dll!RegQueryValueW 77DCD87A 6 Bytes JMP 70E8000A .text C:\WINDOWS\system32\UTSCSI.EXE[2552] ADVAPI32.dll!RegCreateKeyExA 77DCE9F4 6 Bytes JMP 7109000A .text C:\WINDOWS\system32\UTSCSI.EXE[2552] ADVAPI32.dll!RegSetValueExA 77DCEAE7 6 Bytes JMP 70F1000A .text C:\WINDOWS\system32\UTSCSI.EXE[2552] ADVAPI32.dll!RegOpenKeyA 77DCEFC8 6 Bytes JMP 70FD000A .text C:\WINDOWS\system32\UTSCSI.EXE[2552] ADVAPI32.dll!AdjustTokenPrivileges 77DCF00C 6 Bytes JMP 7091000A .text C:\WINDOWS\system32\UTSCSI.EXE[2552] ADVAPI32.dll!RegDeleteKeyA 77DD42A0 6 Bytes JMP 706D000A .text C:\WINDOWS\system32\UTSCSI.EXE[2552] ADVAPI32.dll!RegDeleteKeyW 77DD559B 6 Bytes JMP 706A000A .text C:\WINDOWS\system32\UTSCSI.EXE[2552] ADVAPI32.dll!OpenSCManagerW 77DD6F55 6 Bytes JMP 70CA000A .text C:\WINDOWS\system32\UTSCSI.EXE[2552] ADVAPI32.dll!OpenSCManagerA 77DE69AE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\UTSCSI.EXE[2552] ADVAPI32.dll!OpenSCManagerA + 4 77DE69B2 2 Bytes [CC, 70] .text C:\WINDOWS\system32\UTSCSI.EXE[2552] ADVAPI32.dll!LookupPrivilegeValueW 77DEB8DF 6 Bytes JMP 7094000A .text C:\WINDOWS\system32\UTSCSI.EXE[2552] ADVAPI32.dll!RegCreateKeyW 77DEBA55 6 Bytes JMP 7100000A .text C:\WINDOWS\system32\UTSCSI.EXE[2552] ADVAPI32.dll!RegQueryValueA 77DEBB8D 6 Bytes JMP 70EB000A .text C:\WINDOWS\system32\UTSCSI.EXE[2552] ADVAPI32.dll!RegCreateKeyA 77DEBCF3 6 Bytes JMP 7103000A .text C:\WINDOWS\system32\UTSCSI.EXE[2552] ADVAPI32.dll!LookupPrivilegeValueA 77DEC238 6 Bytes JMP 7097000A .text C:\WINDOWS\system32\UTSCSI.EXE[2552] ADVAPI32.dll!LsaRemoveAccountRights 77E0AC91 6 Bytes JMP 7168000A .text C:\WINDOWS\system32\UTSCSI.EXE[2552] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003D1014 .text C:\WINDOWS\system32\UTSCSI.EXE[2552] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003D0804 .text C:\WINDOWS\system32\UTSCSI.EXE[2552] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003D0A08 .text C:\WINDOWS\system32\UTSCSI.EXE[2552] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003D0C0C .text C:\WINDOWS\system32\UTSCSI.EXE[2552] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003D0E10 .text C:\WINDOWS\system32\UTSCSI.EXE[2552] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003D01F8 .text C:\WINDOWS\system32\UTSCSI.EXE[2552] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003D03FC .text C:\WINDOWS\system32\UTSCSI.EXE[2552] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003D0600 .text C:\WINDOWS\system32\UTSCSI.EXE[2552] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 7156000A .text C:\WINDOWS\system32\UTSCSI.EXE[2552] USER32.dll!SetWindowTextW 7E37960E 6 Bytes JMP 7064000A .text C:\WINDOWS\system32\UTSCSI.EXE[2552] USER32.dll!GetKeyState 7E379ED9 6 Bytes JMP 7132000A .text C:\WINDOWS\system32\UTSCSI.EXE[2552] USER32.dll!GetWindowTextW 7E37A5CD 6 Bytes JMP 70C4000A .text C:\WINDOWS\system32\UTSCSI.EXE[2552] USER32.dll!GetAsyncKeyState 7E37A78F 6 Bytes JMP 712F000A .text C:\WINDOWS\system32\UTSCSI.EXE[2552] USER32.dll!ShowWindow 7E37AF56 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\UTSCSI.EXE[2552] USER32.dll!ShowWindow + 4 7E37AF5A 2 Bytes [C0, 70] .text C:\WINDOWS\system32\UTSCSI.EXE[2552] USER32.dll!CreateWindowExW 7E37D0A3 6 Bytes JMP 7076000A .text C:\WINDOWS\system32\UTSCSI.EXE[2552] USER32.dll!GetKeyboardState 7E37D226 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\UTSCSI.EXE[2552] USER32.dll!GetKeyboardState + 4 7E37D22A 2 Bytes [2B, 71] .text C:\WINDOWS\system32\UTSCSI.EXE[2552] USER32.dll!DrawTextW 7E37D7E2 6 Bytes JMP 707C000A .text C:\WINDOWS\system32\UTSCSI.EXE[2552] USER32.dll!CreateWindowExA 7E37E4A9 6 Bytes JMP 7079000A .text C:\WINDOWS\system32\UTSCSI.EXE[2552] USER32.dll!SetWindowTextA 7E37F56B 6 Bytes JMP 7067000A .text C:\WINDOWS\system32\UTSCSI.EXE[2552] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 7159000A .text C:\WINDOWS\system32\UTSCSI.EXE[2552] USER32.dll!SetWinEventHook 7E3817F7 6 Bytes JMP 7118000A .text C:\WINDOWS\system32\UTSCSI.EXE[2552] USER32.dll!GetWindowTextA 7E38216B 6 Bytes JMP 70C7000A .text C:\WINDOWS\system32\UTSCSI.EXE[2552] USER32.dll!DrawTextA 7E38C702 6 Bytes JMP 707F000A .text C:\WINDOWS\system32\UTSCSI.EXE[2552] USER32.dll!DdeConnect 7E3A81C3 6 Bytes JMP 7129000A .text C:\WINDOWS\system32\UTSCSI.EXE[2552] USER32.dll!EndTask 7E3AA0A5 6 Bytes JMP 713E000A .text C:\WINDOWS\system32\UTSCSI.EXE[2552] USER32.dll!RegisterRawInputDevices 7E3BCE0E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\UTSCSI.EXE[2552] USER32.dll!RegisterRawInputDevices + 4 7E3BCE12 2 Bytes [14, 71] {ADC AL, 0x71} .text C:\WINDOWS\system32\UTSCSI.EXE[2552] SHELL32.dll!ShellExecuteExW 7CA098CB 6 Bytes JMP 7144000A .text C:\WINDOWS\system32\UTSCSI.EXE[2552] SHELL32.dll!Shell_NotifyIcon 7CA28BC6 6 Bytes JMP 70AF000A .text C:\WINDOWS\system32\UTSCSI.EXE[2552] SHELL32.dll!Shell_NotifyIconW 7CA2A537 6 Bytes JMP 70AC000A .text C:\WINDOWS\system32\UTSCSI.EXE[2552] SHELL32.dll!ShellExecuteEx 7CA40E45 6 Bytes JMP 7147000A .text C:\WINDOWS\system32\UTSCSI.EXE[2552] SHELL32.dll!ShellExecuteA 7CA41170 6 Bytes JMP 714D000A .text C:\WINDOWS\system32\UTSCSI.EXE[2552] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 714A000A .text C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe[2616] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E] .text C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe[2616] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [20, 71] .text C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe[2616] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E] .text C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe[2616] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [38, 71] .text C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe[2616] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe[2616] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe[2616] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe[2616] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70A6000A .text C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe[2616] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70D9000A .text C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe[2616] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7124000A .text C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe[2616] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70CD000A .text C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe[2616] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 716B000A .text C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe[2616] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 715F000A .text C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe[2616] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7165000A .text C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe[2616] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7162000A .text C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe[2616] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 714E000A .text C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe[2616] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7151000A .text C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe[2616] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 70D0000A .text C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe[2616] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 7079000A .text C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe[2616] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70BB000A .text C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe[2616] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 7058000A .text C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe[2616] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 710F000A .text C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe[2616] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 715C000A .text C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe[2616] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 7082000A .text C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe[2616] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 7085000A .text C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe[2616] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 707C000A .text C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe[2616] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 707F000A .text C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe[2616] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 7109000A .text C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe[2616] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E] .text C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe[2616] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [6D, 71] .text C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe[2616] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 70D3000A .text C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe[2616] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 70DC000A .text C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe[2616] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 7097000A .text C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe[2616] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 7136000A .text C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe[2616] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 7052000A .text C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe[2616] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 709D000A .text C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe[2616] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 710C000A .text C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe[2616] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70AF000A .text C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe[2616] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70B8000A .text C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe[2616] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70B5000A .text C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe[2616] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 7049000A .text C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe[2616] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 706A000A .text C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe[2616] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 7067000A .text C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe[2616] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 709A000A .text C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe[2616] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 704C000A .text C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe[2616] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 7055000A .text C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe[2616] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 7133000A .text C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe[2616] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 704F000A .text C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe[2616] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70B2000A .text C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe[2616] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 713F000A .text C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe[2616] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 7094000A .text C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe[2616] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 70D6000A .text C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe[2616] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe[2616] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003E0804 .text C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe[2616] USER32.dll!SetWindowTextW 7E37960E 6 Bytes JMP 705B000A .text C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe[2616] USER32.dll!GetKeyState 7E379ED9 6 Bytes JMP 7130000A .text C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe[2616] USER32.dll!GetWindowTextW 7E37A5CD 6 Bytes JMP 70C1000A .text C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe[2616] USER32.dll!GetAsyncKeyState 7E37A78F 6 Bytes JMP 712D000A .text C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe[2616] USER32.dll!ShowWindow 7E37AF56 3 Bytes [FF, 25, 1E] .text C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe[2616] USER32.dll!ShowWindow + 4 7E37AF5A 2 Bytes [BD, 70] .text C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe[2616] USER32.dll!CreateWindowExW 7E37D0A3 6 Bytes JMP 706D000A .text C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe[2616] USER32.dll!GetKeyboardState 7E37D226 3 Bytes [FF, 25, 1E] .text C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe[2616] USER32.dll!GetKeyboardState + 4 7E37D22A 2 Bytes [29, 71] .text C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe[2616] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003E0A08 .text C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe[2616] USER32.dll!DrawTextW 7E37D7E2 6 Bytes JMP 7073000A .text C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe[2616] USER32.dll!CreateWindowExA 7E37E4A9 6 Bytes JMP 7070000A .text C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe[2616] USER32.dll!SetWindowTextA 7E37F56B 6 Bytes JMP 705E000A .text C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe[2616] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003E0600 .text C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe[2616] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003E01F8 .text C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe[2616] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003E03FC .text C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe[2616] USER32.dll!GetWindowTextA 7E38216B 6 Bytes JMP 70C4000A .text C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe[2616] USER32.dll!DrawTextA 7E38C702 6 Bytes JMP 7076000A .text C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe[2616] USER32.dll!DdeConnect 7E3A81C3 6 Bytes JMP 7127000A .text C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe[2616] USER32.dll!EndTask 7E3AA0A5 6 Bytes JMP 713C000A .text C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe[2616] USER32.dll!RegisterRawInputDevices 7E3BCE0E 3 Bytes [FF, 25, 1E] .text C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe[2616] USER32.dll!RegisterRawInputDevices + 4 7E3BCE12 2 Bytes [11, 71] .text C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe[2616] ADVAPI32.dll!RegOpenKeyExW 77DC6AAF 6 Bytes JMP 70F1000A .text C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe[2616] ADVAPI32.dll!RegQueryValueExW 77DC6FFF 6 Bytes JMP 70DF000A .text C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe[2616] ADVAPI32.dll!RegCreateKeyExW 77DC776C 6 Bytes JMP 7103000A .text C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe[2616] ADVAPI32.dll!RegOpenKeyExA 77DC7852 6 Bytes JMP 70F4000A .text C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe[2616] ADVAPI32.dll!RegOpenKeyW 77DC7946 6 Bytes JMP 70F7000A .text C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe[2616] ADVAPI32.dll!OpenProcessToken 77DC798B 6 Bytes JMP 7091000A .text C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe[2616] ADVAPI32.dll!RegQueryValueExA 77DC7ABB 6 Bytes JMP 70E2000A .text C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe[2616] ADVAPI32.dll!RegSetValueExW 77DCD767 6 Bytes JMP 70EB000A .text C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe[2616] ADVAPI32.dll!RegQueryValueW 77DCD87A 6 Bytes JMP 70E5000A .text C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe[2616] ADVAPI32.dll!RegCreateKeyExA 77DCE9F4 6 Bytes JMP 7106000A .text C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe[2616] ADVAPI32.dll!RegSetValueExA 77DCEAE7 6 Bytes JMP 70EE000A .text C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe[2616] ADVAPI32.dll!RegOpenKeyA 77DCEFC8 6 Bytes JMP 70FA000A .text C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe[2616] ADVAPI32.dll!AdjustTokenPrivileges 77DCF00C 6 Bytes JMP 7088000A .text C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe[2616] ADVAPI32.dll!RegDeleteKeyA 77DD42A0 6 Bytes JMP 7064000A .text C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe[2616] ADVAPI32.dll!RegDeleteKeyW 77DD559B 6 Bytes JMP 7061000A .text C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe[2616] ADVAPI32.dll!OpenSCManagerW 77DD6F55 6 Bytes JMP 70C7000A .text C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe[2616] ADVAPI32.dll!OpenSCManagerA 77DE69AE 3 Bytes [FF, 25, 1E] .text C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe[2616] ADVAPI32.dll!OpenSCManagerA + 4 77DE69B2 2 Bytes [C9, 70] .text C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe[2616] ADVAPI32.dll!LookupPrivilegeValueW 77DEB8DF 6 Bytes JMP 708B000A .text C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe[2616] ADVAPI32.dll!RegCreateKeyW 77DEBA55 6 Bytes JMP 70FD000A .text C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe[2616] ADVAPI32.dll!RegQueryValueA 77DEBB8D 6 Bytes JMP 70E8000A .text C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe[2616] ADVAPI32.dll!RegCreateKeyA 77DEBCF3 6 Bytes JMP 7100000A .text C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe[2616] ADVAPI32.dll!LookupPrivilegeValueA 77DEC238 6 Bytes JMP 708E000A .text C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe[2616] ADVAPI32.dll!LsaRemoveAccountRights 77E0AC91 6 Bytes JMP 7168000A .text C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe[2616] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003F1014 .text C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe[2616] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003F0804 .text C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe[2616] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003F0A08 .text C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe[2616] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003F0C0C .text C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe[2616] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003F0E10 .text C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe[2616] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003F01F8 .text C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe[2616] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003F03FC .text C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe[2616] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003F0600 .text C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe[2616] SHELL32.dll!ShellExecuteExW 7CA098CB 6 Bytes JMP 7142000A .text C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe[2616] SHELL32.dll!Shell_NotifyIcon 7CA28BC6 6 Bytes JMP 70AC000A .text C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe[2616] SHELL32.dll!Shell_NotifyIconW 7CA2A537 6 Bytes JMP 70A9000A .text C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe[2616] SHELL32.dll!ShellExecuteEx 7CA40E45 6 Bytes JMP 7145000A .text C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe[2616] SHELL32.dll!ShellExecuteA 7CA41170 6 Bytes JMP 714B000A .text C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe[2616] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 7148000A .text C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe[2616] WININET.dll!InternetOpenUrlA 3FD1F3BC 6 Bytes JMP 70A3000A .text C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe[2616] WININET.dll!InternetOpenUrlW 3FD66DFF 6 Bytes JMP 70A0000A .text C:\WINDOWS\System32\alg.exe[2764] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\alg.exe[2764] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [21, 71] .text C:\WINDOWS\System32\alg.exe[2764] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\alg.exe[2764] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [39, 71] .text C:\WINDOWS\System32\alg.exe[2764] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\System32\alg.exe[2764] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\System32\alg.exe[2764] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\System32\alg.exe[2764] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70A7000A .text C:\WINDOWS\System32\alg.exe[2764] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70DA000A .text C:\WINDOWS\System32\alg.exe[2764] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7125000A .text C:\WINDOWS\System32\alg.exe[2764] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70CE000A .text C:\WINDOWS\System32\alg.exe[2764] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 716C000A .text C:\WINDOWS\System32\alg.exe[2764] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 7160000A .text C:\WINDOWS\System32\alg.exe[2764] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7166000A .text C:\WINDOWS\System32\alg.exe[2764] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7163000A .text C:\WINDOWS\System32\alg.exe[2764] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 714F000A .text C:\WINDOWS\System32\alg.exe[2764] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7152000A .text C:\WINDOWS\System32\alg.exe[2764] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 70D1000A .text C:\WINDOWS\System32\alg.exe[2764] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 7080000A .text C:\WINDOWS\System32\alg.exe[2764] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70BC000A .text C:\WINDOWS\System32\alg.exe[2764] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 705F000A .text C:\WINDOWS\System32\alg.exe[2764] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 7110000A .text C:\WINDOWS\System32\alg.exe[2764] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 715D000A .text C:\WINDOWS\System32\alg.exe[2764] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 7089000A .text C:\WINDOWS\System32\alg.exe[2764] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 708C000A .text C:\WINDOWS\System32\alg.exe[2764] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 7083000A .text C:\WINDOWS\System32\alg.exe[2764] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 7086000A .text C:\WINDOWS\System32\alg.exe[2764] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 710A000A .text C:\WINDOWS\System32\alg.exe[2764] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\alg.exe[2764] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [6E, 71] .text C:\WINDOWS\System32\alg.exe[2764] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 70D4000A .text C:\WINDOWS\System32\alg.exe[2764] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 70DD000A .text C:\WINDOWS\System32\alg.exe[2764] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 709E000A .text C:\WINDOWS\System32\alg.exe[2764] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 7137000A .text C:\WINDOWS\System32\alg.exe[2764] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 7059000A .text C:\WINDOWS\System32\alg.exe[2764] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70A4000A .text C:\WINDOWS\System32\alg.exe[2764] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 710D000A .text C:\WINDOWS\System32\alg.exe[2764] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70B0000A .text C:\WINDOWS\System32\alg.exe[2764] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70B9000A .text C:\WINDOWS\System32\alg.exe[2764] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70B6000A .text C:\WINDOWS\System32\alg.exe[2764] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 7050000A .text C:\WINDOWS\System32\alg.exe[2764] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 7071000A .text C:\WINDOWS\System32\alg.exe[2764] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 706E000A .text C:\WINDOWS\System32\alg.exe[2764] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 70A1000A .text C:\WINDOWS\System32\alg.exe[2764] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 7053000A .text C:\WINDOWS\System32\alg.exe[2764] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 705C000A .text C:\WINDOWS\System32\alg.exe[2764] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 7134000A .text C:\WINDOWS\System32\alg.exe[2764] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 7056000A .text C:\WINDOWS\System32\alg.exe[2764] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70B3000A .text C:\WINDOWS\System32\alg.exe[2764] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 7140000A .text C:\WINDOWS\System32\alg.exe[2764] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 709B000A .text C:\WINDOWS\System32\alg.exe[2764] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 70D7000A .text C:\WINDOWS\System32\alg.exe[2764] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\System32\alg.exe[2764] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00300804 .text C:\WINDOWS\System32\alg.exe[2764] USER32.dll!SetWindowTextW 7E37960E 6 Bytes JMP 7062000A .text C:\WINDOWS\System32\alg.exe[2764] USER32.dll!GetKeyState 7E379ED9 6 Bytes JMP 7131000A .text C:\WINDOWS\System32\alg.exe[2764] USER32.dll!GetWindowTextW 7E37A5CD 6 Bytes JMP 70C2000A .text C:\WINDOWS\System32\alg.exe[2764] USER32.dll!GetAsyncKeyState 7E37A78F 6 Bytes JMP 712E000A .text C:\WINDOWS\System32\alg.exe[2764] USER32.dll!ShowWindow 7E37AF56 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\alg.exe[2764] USER32.dll!ShowWindow + 4 7E37AF5A 2 Bytes [BE, 70] .text C:\WINDOWS\System32\alg.exe[2764] USER32.dll!CreateWindowExW 7E37D0A3 6 Bytes JMP 7074000A .text C:\WINDOWS\System32\alg.exe[2764] USER32.dll!GetKeyboardState 7E37D226 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\alg.exe[2764] USER32.dll!GetKeyboardState + 4 7E37D22A 2 Bytes [2A, 71] .text C:\WINDOWS\System32\alg.exe[2764] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00300A08 .text C:\WINDOWS\System32\alg.exe[2764] USER32.dll!DrawTextW 7E37D7E2 6 Bytes JMP 707A000A .text C:\WINDOWS\System32\alg.exe[2764] USER32.dll!CreateWindowExA 7E37E4A9 6 Bytes JMP 7077000A .text C:\WINDOWS\System32\alg.exe[2764] USER32.dll!SetWindowTextA 7E37F56B 6 Bytes JMP 7065000A .text C:\WINDOWS\System32\alg.exe[2764] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00300600 .text C:\WINDOWS\System32\alg.exe[2764] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003001F8 .text C:\WINDOWS\System32\alg.exe[2764] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003003FC .text C:\WINDOWS\System32\alg.exe[2764] USER32.dll!GetWindowTextA 7E38216B 6 Bytes JMP 70C5000A .text C:\WINDOWS\System32\alg.exe[2764] USER32.dll!DrawTextA 7E38C702 6 Bytes JMP 707D000A .text C:\WINDOWS\System32\alg.exe[2764] USER32.dll!DdeConnect 7E3A81C3 6 Bytes JMP 7128000A .text C:\WINDOWS\System32\alg.exe[2764] USER32.dll!EndTask 7E3AA0A5 6 Bytes JMP 713D000A .text C:\WINDOWS\System32\alg.exe[2764] USER32.dll!RegisterRawInputDevices 7E3BCE0E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\alg.exe[2764] USER32.dll!RegisterRawInputDevices + 4 7E3BCE12 2 Bytes [12, 71] .text C:\WINDOWS\System32\alg.exe[2764] ADVAPI32.dll!RegOpenKeyExW 77DC6AAF 6 Bytes JMP 70F2000A .text C:\WINDOWS\System32\alg.exe[2764] ADVAPI32.dll!RegQueryValueExW 77DC6FFF 6 Bytes JMP 70E0000A .text C:\WINDOWS\System32\alg.exe[2764] ADVAPI32.dll!RegCreateKeyExW 77DC776C 6 Bytes JMP 7104000A .text C:\WINDOWS\System32\alg.exe[2764] ADVAPI32.dll!RegOpenKeyExA 77DC7852 6 Bytes JMP 70F5000A .text C:\WINDOWS\System32\alg.exe[2764] ADVAPI32.dll!RegOpenKeyW 77DC7946 6 Bytes JMP 70F8000A .text C:\WINDOWS\System32\alg.exe[2764] ADVAPI32.dll!OpenProcessToken 77DC798B 6 Bytes JMP 7098000A .text C:\WINDOWS\System32\alg.exe[2764] ADVAPI32.dll!RegQueryValueExA 77DC7ABB 6 Bytes JMP 70E3000A .text C:\WINDOWS\System32\alg.exe[2764] ADVAPI32.dll!RegSetValueExW 77DCD767 6 Bytes JMP 70EC000A .text C:\WINDOWS\System32\alg.exe[2764] ADVAPI32.dll!RegQueryValueW 77DCD87A 6 Bytes JMP 70E6000A .text C:\WINDOWS\System32\alg.exe[2764] ADVAPI32.dll!RegCreateKeyExA 77DCE9F4 6 Bytes JMP 7107000A .text C:\WINDOWS\System32\alg.exe[2764] ADVAPI32.dll!RegSetValueExA 77DCEAE7 6 Bytes JMP 70EF000A .text C:\WINDOWS\System32\alg.exe[2764] ADVAPI32.dll!RegOpenKeyA 77DCEFC8 6 Bytes JMP 70FB000A .text C:\WINDOWS\System32\alg.exe[2764] ADVAPI32.dll!AdjustTokenPrivileges 77DCF00C 6 Bytes JMP 708F000A .text C:\WINDOWS\System32\alg.exe[2764] ADVAPI32.dll!RegDeleteKeyA 77DD42A0 6 Bytes JMP 706B000A .text C:\WINDOWS\System32\alg.exe[2764] ADVAPI32.dll!RegDeleteKeyW 77DD559B 6 Bytes JMP 7068000A .text C:\WINDOWS\System32\alg.exe[2764] ADVAPI32.dll!OpenSCManagerW 77DD6F55 6 Bytes JMP 70C8000A .text C:\WINDOWS\System32\alg.exe[2764] ADVAPI32.dll!OpenSCManagerA 77DE69AE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\alg.exe[2764] ADVAPI32.dll!OpenSCManagerA + 4 77DE69B2 2 Bytes [CA, 70] .text C:\WINDOWS\System32\alg.exe[2764] ADVAPI32.dll!LookupPrivilegeValueW 77DEB8DF 6 Bytes JMP 7092000A .text C:\WINDOWS\System32\alg.exe[2764] ADVAPI32.dll!RegCreateKeyW 77DEBA55 6 Bytes JMP 70FE000A .text C:\WINDOWS\System32\alg.exe[2764] ADVAPI32.dll!RegQueryValueA 77DEBB8D 6 Bytes JMP 70E9000A .text C:\WINDOWS\System32\alg.exe[2764] ADVAPI32.dll!RegCreateKeyA 77DEBCF3 6 Bytes JMP 7101000A .text C:\WINDOWS\System32\alg.exe[2764] ADVAPI32.dll!LookupPrivilegeValueA 77DEC238 6 Bytes JMP 7095000A .text C:\WINDOWS\System32\alg.exe[2764] ADVAPI32.dll!LsaRemoveAccountRights 77E0AC91 6 Bytes JMP 7169000A .text C:\WINDOWS\System32\alg.exe[2764] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00311014 .text C:\WINDOWS\System32\alg.exe[2764] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00310804 .text C:\WINDOWS\System32\alg.exe[2764] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00310A08 .text C:\WINDOWS\System32\alg.exe[2764] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00310C0C .text C:\WINDOWS\System32\alg.exe[2764] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00310E10 .text C:\WINDOWS\System32\alg.exe[2764] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003101F8 .text C:\WINDOWS\System32\alg.exe[2764] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003103FC .text C:\WINDOWS\System32\alg.exe[2764] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00310600 .text C:\WINDOWS\System32\alg.exe[2764] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 288C4930 C:\Program Files\SpeedBit Video Accelerator\Accelerator.dll (Accelerator/SpeedBit Ltd.) .text C:\WINDOWS\System32\alg.exe[2764] WS2_32.dll!gethostbyname 71A55355 5 Bytes JMP 288C4CD0 C:\Program Files\SpeedBit Video Accelerator\Accelerator.dll (Accelerator/SpeedBit Ltd.) .text C:\WINDOWS\System32\alg.exe[2764] SHELL32.dll!ShellExecuteExW 7CA098CB 6 Bytes JMP 7143000A .text C:\WINDOWS\System32\alg.exe[2764] SHELL32.dll!Shell_NotifyIcon 7CA28BC6 6 Bytes JMP 70AD000A .text C:\WINDOWS\System32\alg.exe[2764] SHELL32.dll!Shell_NotifyIconW 7CA2A537 6 Bytes JMP 70AA000A .text C:\WINDOWS\System32\alg.exe[2764] SHELL32.dll!ShellExecuteEx 7CA40E45 6 Bytes JMP 7146000A .text C:\WINDOWS\System32\alg.exe[2764] SHELL32.dll!ShellExecuteA 7CA41170 6 Bytes JMP 714C000A .text C:\WINDOWS\System32\alg.exe[2764] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 7149000A .text C:\WINDOWS\System32\alg.exe[2764] WININET.dll!InternetOpenUrlA 3FD1F3BC 6 Bytes JMP 704D000A .text C:\WINDOWS\System32\alg.exe[2764] WININET.dll!InternetOpenUrlW 3FD66DFF 6 Bytes JMP 704A000A .text C:\WINDOWS\system32\wscntfy.exe[2808] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\wscntfy.exe[2808] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [21, 71] .text C:\WINDOWS\system32\wscntfy.exe[2808] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\wscntfy.exe[2808] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [39, 71] .text C:\WINDOWS\system32\wscntfy.exe[2808] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\wscntfy.exe[2808] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\wscntfy.exe[2808] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\wscntfy.exe[2808] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70A7000A .text C:\WINDOWS\system32\wscntfy.exe[2808] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70DA000A .text C:\WINDOWS\system32\wscntfy.exe[2808] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7125000A .text C:\WINDOWS\system32\wscntfy.exe[2808] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70CE000A .text C:\WINDOWS\system32\wscntfy.exe[2808] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 716C000A .text C:\WINDOWS\system32\wscntfy.exe[2808] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 7160000A .text C:\WINDOWS\system32\wscntfy.exe[2808] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7166000A .text C:\WINDOWS\system32\wscntfy.exe[2808] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7163000A .text C:\WINDOWS\system32\wscntfy.exe[2808] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 714F000A .text C:\WINDOWS\system32\wscntfy.exe[2808] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7152000A .text C:\WINDOWS\system32\wscntfy.exe[2808] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 70D1000A .text C:\WINDOWS\system32\wscntfy.exe[2808] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 7080000A .text C:\WINDOWS\system32\wscntfy.exe[2808] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70BC000A .text C:\WINDOWS\system32\wscntfy.exe[2808] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 705F000A .text C:\WINDOWS\system32\wscntfy.exe[2808] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 7110000A .text C:\WINDOWS\system32\wscntfy.exe[2808] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 715D000A .text C:\WINDOWS\system32\wscntfy.exe[2808] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 7089000A .text C:\WINDOWS\system32\wscntfy.exe[2808] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 708C000A .text C:\WINDOWS\system32\wscntfy.exe[2808] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 7083000A .text C:\WINDOWS\system32\wscntfy.exe[2808] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 7086000A .text C:\WINDOWS\system32\wscntfy.exe[2808] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 710A000A .text C:\WINDOWS\system32\wscntfy.exe[2808] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\wscntfy.exe[2808] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [6E, 71] .text C:\WINDOWS\system32\wscntfy.exe[2808] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 70D4000A .text C:\WINDOWS\system32\wscntfy.exe[2808] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 70DD000A .text C:\WINDOWS\system32\wscntfy.exe[2808] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 709E000A .text C:\WINDOWS\system32\wscntfy.exe[2808] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 7137000A .text C:\WINDOWS\system32\wscntfy.exe[2808] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 7059000A .text C:\WINDOWS\system32\wscntfy.exe[2808] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70A4000A .text C:\WINDOWS\system32\wscntfy.exe[2808] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 710D000A .text C:\WINDOWS\system32\wscntfy.exe[2808] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70B0000A .text C:\WINDOWS\system32\wscntfy.exe[2808] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70B9000A .text C:\WINDOWS\system32\wscntfy.exe[2808] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70B6000A .text C:\WINDOWS\system32\wscntfy.exe[2808] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 7050000A .text C:\WINDOWS\system32\wscntfy.exe[2808] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 7071000A .text C:\WINDOWS\system32\wscntfy.exe[2808] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 706E000A .text C:\WINDOWS\system32\wscntfy.exe[2808] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 70A1000A .text C:\WINDOWS\system32\wscntfy.exe[2808] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 7053000A .text C:\WINDOWS\system32\wscntfy.exe[2808] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 705C000A .text C:\WINDOWS\system32\wscntfy.exe[2808] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 7134000A .text C:\WINDOWS\system32\wscntfy.exe[2808] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 7056000A .text C:\WINDOWS\system32\wscntfy.exe[2808] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70B3000A .text C:\WINDOWS\system32\wscntfy.exe[2808] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 7140000A .text C:\WINDOWS\system32\wscntfy.exe[2808] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 709B000A .text C:\WINDOWS\system32\wscntfy.exe[2808] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 70D7000A .text C:\WINDOWS\system32\wscntfy.exe[2808] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\wscntfy.exe[2808] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00320804 .text C:\WINDOWS\system32\wscntfy.exe[2808] USER32.dll!SetWindowTextW 7E37960E 6 Bytes JMP 7062000A .text C:\WINDOWS\system32\wscntfy.exe[2808] USER32.dll!GetKeyState 7E379ED9 6 Bytes JMP 7131000A .text C:\WINDOWS\system32\wscntfy.exe[2808] USER32.dll!GetWindowTextW 7E37A5CD 6 Bytes JMP 70C2000A .text C:\WINDOWS\system32\wscntfy.exe[2808] USER32.dll!GetAsyncKeyState 7E37A78F 6 Bytes JMP 712E000A .text C:\WINDOWS\system32\wscntfy.exe[2808] USER32.dll!ShowWindow 7E37AF56 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\wscntfy.exe[2808] USER32.dll!ShowWindow + 4 7E37AF5A 2 Bytes [BE, 70] .text C:\WINDOWS\system32\wscntfy.exe[2808] USER32.dll!CreateWindowExW 7E37D0A3 6 Bytes JMP 7074000A .text C:\WINDOWS\system32\wscntfy.exe[2808] USER32.dll!GetKeyboardState 7E37D226 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\wscntfy.exe[2808] USER32.dll!GetKeyboardState + 4 7E37D22A 2 Bytes [2A, 71] .text C:\WINDOWS\system32\wscntfy.exe[2808] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00320A08 .text C:\WINDOWS\system32\wscntfy.exe[2808] USER32.dll!DrawTextW 7E37D7E2 6 Bytes JMP 707A000A .text C:\WINDOWS\system32\wscntfy.exe[2808] USER32.dll!CreateWindowExA 7E37E4A9 6 Bytes JMP 7077000A .text C:\WINDOWS\system32\wscntfy.exe[2808] USER32.dll!SetWindowTextA 7E37F56B 6 Bytes JMP 7065000A .text C:\WINDOWS\system32\wscntfy.exe[2808] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00320600 .text C:\WINDOWS\system32\wscntfy.exe[2808] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003201F8 .text C:\WINDOWS\system32\wscntfy.exe[2808] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003203FC .text C:\WINDOWS\system32\wscntfy.exe[2808] USER32.dll!GetWindowTextA 7E38216B 6 Bytes JMP 70C5000A .text C:\WINDOWS\system32\wscntfy.exe[2808] USER32.dll!DrawTextA 7E38C702 6 Bytes JMP 707D000A .text C:\WINDOWS\system32\wscntfy.exe[2808] USER32.dll!DdeConnect 7E3A81C3 6 Bytes JMP 7128000A .text C:\WINDOWS\system32\wscntfy.exe[2808] USER32.dll!EndTask 7E3AA0A5 6 Bytes JMP 713D000A .text C:\WINDOWS\system32\wscntfy.exe[2808] USER32.dll!RegisterRawInputDevices 7E3BCE0E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\wscntfy.exe[2808] USER32.dll!RegisterRawInputDevices + 4 7E3BCE12 2 Bytes [12, 71] .text C:\WINDOWS\system32\wscntfy.exe[2808] SHELL32.dll!ShellExecuteExW 7CA098CB 6 Bytes JMP 7143000A .text C:\WINDOWS\system32\wscntfy.exe[2808] SHELL32.dll!Shell_NotifyIcon 7CA28BC6 6 Bytes JMP 70AD000A .text C:\WINDOWS\system32\wscntfy.exe[2808] SHELL32.dll!Shell_NotifyIconW 7CA2A537 6 Bytes JMP 70AA000A .text C:\WINDOWS\system32\wscntfy.exe[2808] SHELL32.dll!ShellExecuteEx 7CA40E45 6 Bytes JMP 7146000A .text C:\WINDOWS\system32\wscntfy.exe[2808] SHELL32.dll!ShellExecuteA 7CA41170 6 Bytes JMP 714C000A .text C:\WINDOWS\system32\wscntfy.exe[2808] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 7149000A .text C:\WINDOWS\system32\wscntfy.exe[2808] ADVAPI32.dll!RegOpenKeyExW 77DC6AAF 6 Bytes JMP 70F2000A .text C:\WINDOWS\system32\wscntfy.exe[2808] ADVAPI32.dll!RegQueryValueExW 77DC6FFF 6 Bytes JMP 70E0000A .text C:\WINDOWS\system32\wscntfy.exe[2808] ADVAPI32.dll!RegCreateKeyExW 77DC776C 6 Bytes JMP 7104000A .text C:\WINDOWS\system32\wscntfy.exe[2808] ADVAPI32.dll!RegOpenKeyExA 77DC7852 6 Bytes JMP 70F5000A .text C:\WINDOWS\system32\wscntfy.exe[2808] ADVAPI32.dll!RegOpenKeyW 77DC7946 6 Bytes JMP 70F8000A .text C:\WINDOWS\system32\wscntfy.exe[2808] ADVAPI32.dll!OpenProcessToken 77DC798B 6 Bytes JMP 7098000A .text C:\WINDOWS\system32\wscntfy.exe[2808] ADVAPI32.dll!RegQueryValueExA 77DC7ABB 6 Bytes JMP 70E3000A .text C:\WINDOWS\system32\wscntfy.exe[2808] ADVAPI32.dll!RegSetValueExW 77DCD767 6 Bytes JMP 70EC000A .text C:\WINDOWS\system32\wscntfy.exe[2808] ADVAPI32.dll!RegQueryValueW 77DCD87A 6 Bytes JMP 70E6000A .text C:\WINDOWS\system32\wscntfy.exe[2808] ADVAPI32.dll!RegCreateKeyExA 77DCE9F4 6 Bytes JMP 7107000A .text C:\WINDOWS\system32\wscntfy.exe[2808] ADVAPI32.dll!RegSetValueExA 77DCEAE7 6 Bytes JMP 70EF000A .text C:\WINDOWS\system32\wscntfy.exe[2808] ADVAPI32.dll!RegOpenKeyA 77DCEFC8 6 Bytes JMP 70FB000A .text C:\WINDOWS\system32\wscntfy.exe[2808] ADVAPI32.dll!AdjustTokenPrivileges 77DCF00C 6 Bytes JMP 708F000A .text C:\WINDOWS\system32\wscntfy.exe[2808] ADVAPI32.dll!RegDeleteKeyA 77DD42A0 6 Bytes JMP 706B000A .text C:\WINDOWS\system32\wscntfy.exe[2808] ADVAPI32.dll!RegDeleteKeyW 77DD559B 6 Bytes JMP 7068000A .text C:\WINDOWS\system32\wscntfy.exe[2808] ADVAPI32.dll!OpenSCManagerW 77DD6F55 6 Bytes JMP 70C8000A .text C:\WINDOWS\system32\wscntfy.exe[2808] ADVAPI32.dll!OpenSCManagerA 77DE69AE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\wscntfy.exe[2808] ADVAPI32.dll!OpenSCManagerA + 4 77DE69B2 2 Bytes [CA, 70] .text C:\WINDOWS\system32\wscntfy.exe[2808] ADVAPI32.dll!LookupPrivilegeValueW 77DEB8DF 6 Bytes JMP 7092000A .text C:\WINDOWS\system32\wscntfy.exe[2808] ADVAPI32.dll!RegCreateKeyW 77DEBA55 6 Bytes JMP 70FE000A .text C:\WINDOWS\system32\wscntfy.exe[2808] ADVAPI32.dll!RegQueryValueA 77DEBB8D 6 Bytes JMP 70E9000A .text C:\WINDOWS\system32\wscntfy.exe[2808] ADVAPI32.dll!RegCreateKeyA 77DEBCF3 6 Bytes JMP 7101000A .text C:\WINDOWS\system32\wscntfy.exe[2808] ADVAPI32.dll!LookupPrivilegeValueA 77DEC238 6 Bytes JMP 7095000A .text C:\WINDOWS\system32\wscntfy.exe[2808] ADVAPI32.dll!LsaRemoveAccountRights 77E0AC91 6 Bytes JMP 7169000A .text C:\WINDOWS\system32\wscntfy.exe[2808] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00331014 .text C:\WINDOWS\system32\wscntfy.exe[2808] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00330804 .text C:\WINDOWS\system32\wscntfy.exe[2808] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00330A08 .text C:\WINDOWS\system32\wscntfy.exe[2808] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00330C0C .text C:\WINDOWS\system32\wscntfy.exe[2808] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00330E10 .text C:\WINDOWS\system32\wscntfy.exe[2808] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003301F8 .text C:\WINDOWS\system32\wscntfy.exe[2808] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003303FC .text C:\WINDOWS\system32\wscntfy.exe[2808] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00330600 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2944] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2944] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [20, 71] .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2944] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2944] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [38, 71] .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2944] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2944] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2944] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2944] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70A6000A .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2944] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70D9000A .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2944] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7124000A .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2944] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70CD000A .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2944] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 716B000A .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2944] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 715F000A .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2944] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7165000A .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2944] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7162000A .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2944] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 714E000A .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2944] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7151000A .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2944] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 70D0000A .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2944] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 707F000A .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2944] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70BB000A .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2944] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 705E000A .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2944] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 710F000A .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2944] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 715C000A .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2944] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 7088000A .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2944] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 708B000A .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2944] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 7082000A .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2944] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 7085000A .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2944] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 7109000A .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2944] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2944] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [6D, 71] .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2944] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 70D3000A .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2944] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 70DC000A .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2944] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 709D000A .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2944] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 7136000A .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2944] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 7058000A .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2944] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70A3000A .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2944] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 710C000A .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2944] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70AF000A .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2944] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70B8000A .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2944] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70B5000A .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2944] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 704F000A .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2944] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 7070000A .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2944] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 706D000A .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2944] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 70A0000A .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2944] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 7052000A .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2944] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 705B000A .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2944] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 7133000A .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2944] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 7055000A .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2944] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70B2000A .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2944] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 713F000A .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2944] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 709A000A .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2944] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 70D6000A .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2944] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2944] ADVAPI32.dll!RegOpenKeyExW 77DC6AAF 6 Bytes JMP 70F1000A .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2944] ADVAPI32.dll!RegQueryValueExW 77DC6FFF 6 Bytes JMP 70DF000A .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2944] ADVAPI32.dll!RegCreateKeyExW 77DC776C 6 Bytes JMP 7103000A .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2944] ADVAPI32.dll!RegOpenKeyExA 77DC7852 6 Bytes JMP 70F4000A .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2944] ADVAPI32.dll!RegOpenKeyW 77DC7946 6 Bytes JMP 70F7000A .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2944] ADVAPI32.dll!OpenProcessToken 77DC798B 6 Bytes JMP 7097000A .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2944] ADVAPI32.dll!RegQueryValueExA 77DC7ABB 6 Bytes JMP 70E2000A .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2944] ADVAPI32.dll!RegSetValueExW 77DCD767 6 Bytes JMP 70EB000A .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2944] ADVAPI32.dll!RegQueryValueW 77DCD87A 6 Bytes JMP 70E5000A .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2944] ADVAPI32.dll!RegCreateKeyExA 77DCE9F4 6 Bytes JMP 7106000A .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2944] ADVAPI32.dll!RegSetValueExA 77DCEAE7 6 Bytes JMP 70EE000A .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2944] ADVAPI32.dll!RegOpenKeyA 77DCEFC8 6 Bytes JMP 70FA000A .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2944] ADVAPI32.dll!AdjustTokenPrivileges 77DCF00C 6 Bytes JMP 708E000A .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2944] ADVAPI32.dll!RegDeleteKeyA 77DD42A0 6 Bytes JMP 706A000A .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2944] ADVAPI32.dll!RegDeleteKeyW 77DD559B 6 Bytes JMP 7067000A .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2944] ADVAPI32.dll!OpenSCManagerW 77DD6F55 6 Bytes JMP 70C7000A .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2944] ADVAPI32.dll!OpenSCManagerA 77DE69AE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2944] ADVAPI32.dll!OpenSCManagerA + 4 77DE69B2 2 Bytes [C9, 70] .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2944] ADVAPI32.dll!LookupPrivilegeValueW 77DEB8DF 6 Bytes JMP 7091000A .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2944] ADVAPI32.dll!RegCreateKeyW 77DEBA55 6 Bytes JMP 70FD000A .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2944] ADVAPI32.dll!RegQueryValueA 77DEBB8D 6 Bytes JMP 70E8000A .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2944] ADVAPI32.dll!RegCreateKeyA 77DEBCF3 6 Bytes JMP 7100000A .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2944] ADVAPI32.dll!LookupPrivilegeValueA 77DEC238 6 Bytes JMP 7094000A .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2944] ADVAPI32.dll!LsaRemoveAccountRights 77E0AC91 6 Bytes JMP 7168000A .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2944] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2944] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2944] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2944] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2944] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2944] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2944] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2944] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2944] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2944] USER32.dll!SetWindowTextW 7E37960E 6 Bytes JMP 7061000A .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2944] USER32.dll!GetKeyState 7E379ED9 6 Bytes JMP 7130000A .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2944] USER32.dll!GetWindowTextW 7E37A5CD 6 Bytes JMP 70C1000A .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2944] USER32.dll!GetAsyncKeyState 7E37A78F 6 Bytes JMP 712D000A .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2944] USER32.dll!ShowWindow 7E37AF56 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2944] USER32.dll!ShowWindow + 4 7E37AF5A 2 Bytes [BD, 70] .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2944] USER32.dll!CreateWindowExW 7E37D0A3 6 Bytes JMP 7073000A .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2944] USER32.dll!GetKeyboardState 7E37D226 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2944] USER32.dll!GetKeyboardState + 4 7E37D22A 2 Bytes [29, 71] .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2944] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2944] USER32.dll!DrawTextW 7E37D7E2 6 Bytes JMP 7079000A .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2944] USER32.dll!CreateWindowExA 7E37E4A9 6 Bytes JMP 7076000A .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2944] USER32.dll!SetWindowTextA 7E37F56B 6 Bytes JMP 7064000A .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2944] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2944] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2944] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2944] USER32.dll!GetWindowTextA 7E38216B 6 Bytes JMP 70C4000A .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2944] USER32.dll!DrawTextA 7E38C702 6 Bytes JMP 707C000A .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2944] USER32.dll!DdeConnect 7E3A81C3 6 Bytes JMP 7127000A .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2944] USER32.dll!EndTask 7E3AA0A5 6 Bytes JMP 713C000A .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2944] USER32.dll!RegisterRawInputDevices 7E3BCE0E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2944] USER32.dll!RegisterRawInputDevices + 4 7E3BCE12 2 Bytes [11, 71] .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2944] SHELL32.dll!ShellExecuteExW 7CA098CB 6 Bytes JMP 7142000A .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2944] SHELL32.dll!Shell_NotifyIcon 7CA28BC6 6 Bytes JMP 70AC000A .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2944] SHELL32.dll!Shell_NotifyIconW 7CA2A537 6 Bytes JMP 70A9000A .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2944] SHELL32.dll!ShellExecuteEx 7CA40E45 6 Bytes JMP 7145000A .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2944] SHELL32.dll!ShellExecuteA 7CA41170 6 Bytes JMP 714B000A .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2944] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 7148000A .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3124] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3124] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [20, 71] .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3124] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3124] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [38, 71] .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3124] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8 .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3124] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3124] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3124] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70A6000A .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3124] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70D9000A .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3124] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7124000A .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3124] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70CD000A .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3124] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 716B000A .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3124] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 715F000A .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3124] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7165000A .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3124] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7162000A .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3124] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 714E000A .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3124] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7151000A .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3124] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 70D0000A .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3124] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 707F000A .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3124] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70BB000A .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3124] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 705E000A .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3124] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 710F000A .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3124] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 715C000A .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3124] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 7088000A .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3124] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 708B000A .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3124] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 7082000A .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3124] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 7085000A .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3124] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 7109000A .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3124] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E] .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3124] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [6D, 71] .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3124] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 70D3000A .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3124] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 70DC000A .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3124] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 709D000A .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3124] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 7136000A .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3124] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 7058000A .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3124] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70A3000A .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3124] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 710C000A .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3124] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70AF000A .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3124] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70B8000A .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3124] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70B5000A .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3124] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 704F000A .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3124] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 7070000A .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3124] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 706D000A .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3124] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 70A0000A .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3124] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 7052000A .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3124] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 705B000A .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3124] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 7133000A .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3124] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 7055000A .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3124] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70B2000A .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3124] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 713F000A .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3124] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 709A000A .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3124] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 70D6000A .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3124] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3124] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003E0804 .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3124] USER32.dll!SetWindowTextW 7E37960E 6 Bytes JMP 7061000A .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3124] USER32.dll!GetKeyState 7E379ED9 6 Bytes JMP 7130000A .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3124] USER32.dll!GetWindowTextW 7E37A5CD 6 Bytes JMP 70C1000A .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3124] USER32.dll!GetAsyncKeyState 7E37A78F 6 Bytes JMP 712D000A .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3124] USER32.dll!ShowWindow 7E37AF56 3 Bytes [FF, 25, 1E] .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3124] USER32.dll!ShowWindow + 4 7E37AF5A 2 Bytes [BD, 70] .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3124] USER32.dll!CreateWindowExW 7E37D0A3 6 Bytes JMP 7073000A .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3124] USER32.dll!GetKeyboardState 7E37D226 3 Bytes [FF, 25, 1E] .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3124] USER32.dll!GetKeyboardState + 4 7E37D22A 2 Bytes [29, 71] .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3124] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003E0A08 .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3124] USER32.dll!DrawTextW 7E37D7E2 6 Bytes JMP 7079000A .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3124] USER32.dll!CreateWindowExA 7E37E4A9 6 Bytes JMP 7076000A .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3124] USER32.dll!SetWindowTextA 7E37F56B 6 Bytes JMP 7064000A .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3124] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003E0600 .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3124] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003E01F8 .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3124] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003E03FC .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3124] USER32.dll!GetWindowTextA 7E38216B 6 Bytes JMP 70C4000A .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3124] USER32.dll!DrawTextA 7E38C702 6 Bytes JMP 707C000A .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3124] USER32.dll!DdeConnect 7E3A81C3 6 Bytes JMP 7127000A .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3124] USER32.dll!EndTask 7E3AA0A5 6 Bytes JMP 713C000A .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3124] USER32.dll!RegisterRawInputDevices 7E3BCE0E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3124] USER32.dll!RegisterRawInputDevices + 4 7E3BCE12 2 Bytes [11, 71] .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3124] ADVAPI32.dll!RegOpenKeyExW 77DC6AAF 6 Bytes JMP 70F1000A .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3124] ADVAPI32.dll!RegQueryValueExW 77DC6FFF 6 Bytes JMP 70DF000A .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3124] ADVAPI32.dll!RegCreateKeyExW 77DC776C 6 Bytes JMP 7103000A .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3124] ADVAPI32.dll!RegOpenKeyExA 77DC7852 6 Bytes JMP 70F4000A .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3124] ADVAPI32.dll!RegOpenKeyW 77DC7946 6 Bytes JMP 70F7000A .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3124] ADVAPI32.dll!OpenProcessToken 77DC798B 6 Bytes JMP 7097000A .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3124] ADVAPI32.dll!RegQueryValueExA 77DC7ABB 6 Bytes JMP 70E2000A .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3124] ADVAPI32.dll!RegSetValueExW 77DCD767 6 Bytes JMP 70EB000A .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3124] ADVAPI32.dll!RegQueryValueW 77DCD87A 6 Bytes JMP 70E5000A .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3124] ADVAPI32.dll!RegCreateKeyExA 77DCE9F4 6 Bytes JMP 7106000A .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3124] ADVAPI32.dll!RegSetValueExA 77DCEAE7 6 Bytes JMP 70EE000A .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3124] ADVAPI32.dll!RegOpenKeyA 77DCEFC8 6 Bytes JMP 70FA000A .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3124] ADVAPI32.dll!AdjustTokenPrivileges 77DCF00C 6 Bytes JMP 708E000A .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3124] ADVAPI32.dll!RegDeleteKeyA 77DD42A0 6 Bytes JMP 706A000A .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3124] ADVAPI32.dll!RegDeleteKeyW 77DD559B 6 Bytes JMP 7067000A .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3124] ADVAPI32.dll!OpenSCManagerW 77DD6F55 6 Bytes JMP 70C7000A .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3124] ADVAPI32.dll!OpenSCManagerA 77DE69AE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3124] ADVAPI32.dll!OpenSCManagerA + 4 77DE69B2 2 Bytes [C9, 70] .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3124] ADVAPI32.dll!LookupPrivilegeValueW 77DEB8DF 6 Bytes JMP 7091000A .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3124] ADVAPI32.dll!RegCreateKeyW 77DEBA55 6 Bytes JMP 70FD000A .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3124] ADVAPI32.dll!RegQueryValueA 77DEBB8D 6 Bytes JMP 70E8000A .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3124] ADVAPI32.dll!RegCreateKeyA 77DEBCF3 6 Bytes JMP 7100000A .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3124] ADVAPI32.dll!LookupPrivilegeValueA 77DEC238 6 Bytes JMP 7094000A .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3124] ADVAPI32.dll!LsaRemoveAccountRights 77E0AC91 6 Bytes JMP 7168000A .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3124] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00911014 .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3124] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00910804 .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3124] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00910A08 .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3124] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00910C0C .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3124] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00910E10 .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3124] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 009101F8 .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3124] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 009103FC .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3124] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00910600 .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3124] SHELL32.dll!ShellExecuteExW 7CA098CB 6 Bytes JMP 7142000A .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3124] SHELL32.dll!Shell_NotifyIcon 7CA28BC6 6 Bytes JMP 70AC000A .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3124] SHELL32.dll!Shell_NotifyIconW 7CA2A537 6 Bytes JMP 70A9000A .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3124] SHELL32.dll!ShellExecuteEx 7CA40E45 6 Bytes JMP 7145000A .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3124] SHELL32.dll!ShellExecuteA 7CA41170 6 Bytes JMP 714B000A .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3124] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 7148000A ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[148] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64C8F6A0] C:\Program Files\Alwil Software\Avast5\aswCmnBS.dll (Common functions/AVAST Software) IAT C:\WINDOWS\system32\spoolsv.exe[264] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!SetWindowsHookExW] 71540000 IAT C:\WINDOWS\system32\spoolsv.exe[264] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetWindowsHookExW] 71540000 IAT C:\WINDOWS\system32\spoolsv.exe[264] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExA] 71580000 IAT C:\WINDOWS\system32\spoolsv.exe[264] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExW] 71540000 IAT C:\WINDOWS\system32\spoolsv.exe[264] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!CreateServiceA] 711D0000 IAT C:\WINDOWS\Explorer.EXE[628] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!SetWindowsHookExW] 71510000 IAT C:\WINDOWS\Explorer.EXE[628] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExA] 71550000 IAT C:\WINDOWS\Explorer.EXE[628] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExW] 71510000 IAT C:\WINDOWS\Explorer.EXE[628] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetWindowsHookExW] 71510000 IAT C:\WINDOWS\Explorer.EXE[628] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!CreateServiceA] 711A0000 IAT C:\WINDOWS\system32\services.exe[1044] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00630002 IAT C:\WINDOWS\system32\services.exe[1044] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00630000 IAT C:\WINDOWS\system32\services.exe[1044] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!CreateServiceA] 711D0000 IAT C:\WINDOWS\system32\services.exe[1044] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetWindowsHookExW] 71540000 IAT C:\WINDOWS\system32\services.exe[1044] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExA] 71580000 IAT C:\WINDOWS\system32\services.exe[1044] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExW] 71540000 IAT C:\WINDOWS\system32\services.exe[1044] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!SetWindowsHookExW] 71540000 IAT C:\WINDOWS\system32\lsass.exe[1060] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!CreateServiceA] 711D0000 IAT C:\WINDOWS\system32\lsass.exe[1060] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!SetWindowsHookExW] 71540000 IAT C:\WINDOWS\system32\lsass.exe[1060] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetWindowsHookExW] 71540000 IAT C:\WINDOWS\system32\lsass.exe[1060] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExA] 71580000 IAT C:\WINDOWS\system32\lsass.exe[1060] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExW] 71540000 IAT C:\WINDOWS\system32\hkcmd.exe[1224] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!SetWindowsHookExW] 71540000 IAT C:\WINDOWS\system32\hkcmd.exe[1224] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExA] 71580000 IAT C:\WINDOWS\system32\hkcmd.exe[1224] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExW] 71540000 IAT C:\WINDOWS\system32\hkcmd.exe[1224] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetWindowsHookExW] 71540000 IAT C:\WINDOWS\system32\hkcmd.exe[1224] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!CreateServiceA] 711D0000 IAT C:\WINDOWS\system32\igfxpers.exe[1232] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!SetWindowsHookExW] 71540000 IAT C:\WINDOWS\system32\igfxpers.exe[1232] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExA] 71580000 IAT C:\WINDOWS\system32\igfxpers.exe[1232] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExW] 71540000 IAT C:\WINDOWS\system32\igfxpers.exe[1232] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!CreateServiceA] 711D0000 IAT C:\WINDOWS\system32\igfxpers.exe[1232] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetWindowsHookExW] 71540000 IAT C:\WINDOWS\system32\svchost.exe[1260] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!SetWindowsHookExW] 71540000 IAT C:\WINDOWS\system32\svchost.exe[1260] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetWindowsHookExW] 71540000 IAT C:\WINDOWS\system32\svchost.exe[1260] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExA] 71580000 IAT C:\WINDOWS\system32\svchost.exe[1260] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExW] 71540000 IAT C:\WINDOWS\system32\svchost.exe[1260] @ c:\windows\system32\WS2HELP.dll [ADVAPI32.dll!CreateServiceA] 711D0000 IAT C:\WINDOWS\RTHDCPL.EXE[1300] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!SetWindowsHookExW] 71540000 IAT C:\WINDOWS\RTHDCPL.EXE[1300] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetWindowsHookExW] 71540000 IAT C:\WINDOWS\RTHDCPL.EXE[1300] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExA] 71580000 IAT C:\WINDOWS\RTHDCPL.EXE[1300] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExW] 71540000 IAT C:\WINDOWS\RTHDCPL.EXE[1300] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!CreateServiceA] 711D0000 IAT C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1304] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!CreateServiceA] 711D0000 IAT C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1304] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExA] 71580000 IAT C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1304] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExW] 71540000 IAT C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1304] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetWindowsHookExW] 71540000 IAT C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1304] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!SetWindowsHookExW] 71540000 IAT C:\WINDOWS\system32\svchost.exe[1352] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!SetWindowsHookExW] 71540000 IAT C:\WINDOWS\system32\svchost.exe[1352] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetWindowsHookExW] 71540000 IAT C:\WINDOWS\system32\svchost.exe[1352] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExA] 71580000 IAT C:\WINDOWS\system32\svchost.exe[1352] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExW] 71540000 IAT C:\WINDOWS\system32\svchost.exe[1352] @ c:\windows\system32\WS2HELP.dll [ADVAPI32.dll!CreateServiceA] 711D0000 IAT C:\WINDOWS\sm56hlpr.exe[1420] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetWindowsHookExW] 71540000 IAT C:\WINDOWS\sm56hlpr.exe[1420] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExA] 71580000 IAT C:\WINDOWS\sm56hlpr.exe[1420] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExW] 71540000 IAT C:\WINDOWS\sm56hlpr.exe[1420] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!SetWindowsHookExW] 71540000 IAT C:\WINDOWS\sm56hlpr.exe[1420] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!CreateServiceA] 711D0000 IAT C:\Program Files\Common Files\Java\Java Update\jusched.exe[1444] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExA] 71580000 IAT C:\Program Files\Common Files\Java\Java Update\jusched.exe[1444] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExW] 71540000 IAT C:\Program Files\Common Files\Java\Java Update\jusched.exe[1444] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!SetWindowsHookExW] 71540000 IAT C:\Program Files\Common Files\Java\Java Update\jusched.exe[1444] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetWindowsHookExW] 71540000 IAT C:\Program Files\Common Files\Java\Java Update\jusched.exe[1444] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!CreateServiceA] 711D0000 IAT C:\WINDOWS\System32\svchost.exe[1456] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!SetWindowsHookExW] 71510000 IAT C:\WINDOWS\System32\svchost.exe[1456] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetWindowsHookExW] 71510000 IAT C:\WINDOWS\System32\svchost.exe[1456] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExA] 71550000 IAT C:\WINDOWS\System32\svchost.exe[1456] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExW] 71510000 IAT C:\WINDOWS\System32\svchost.exe[1456] @ c:\windows\system32\WS2HELP.dll [ADVAPI32.dll!CreateServiceA] 711A0000 IAT C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1468] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetWindowsHookExW] 71540000 IAT C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1468] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExA] 71580000 IAT C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1468] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExW] 71540000 IAT C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1468] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!SetWindowsHookExW] 71540000 IAT C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1468] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!CreateServiceA] 711D0000 IAT C:\Program Files\Alwil Software\Avast5\avastUI.exe[1508] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64C8F6A0] C:\Program Files\Alwil Software\Avast5\aswCmnBS.dll (Common functions/AVAST Software) IAT C:\WINDOWS\system32\svchost.exe[1528] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!SetWindowsHookExW] 71540000 IAT C:\WINDOWS\system32\svchost.exe[1528] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetWindowsHookExW] 71540000 IAT C:\WINDOWS\system32\svchost.exe[1528] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExA] 71580000 IAT C:\WINDOWS\system32\svchost.exe[1528] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExW] 71540000 IAT C:\WINDOWS\system32\svchost.exe[1528] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!CreateServiceA] 711D0000 IAT C:\WINDOWS\system32\svchost.exe[1684] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!SetWindowsHookExW] 71540000 IAT C:\WINDOWS\system32\svchost.exe[1684] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetWindowsHookExW] 71540000 IAT C:\WINDOWS\system32\svchost.exe[1684] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExA] 71580000 IAT C:\WINDOWS\system32\svchost.exe[1684] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExW] 71540000 IAT C:\WINDOWS\system32\svchost.exe[1684] @ c:\windows\system32\WS2HELP.dll [ADVAPI32.dll!CreateServiceA] 711D0000 IAT C:\Program Files\Java\jre6\bin\jqs.exe[1692] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!CreateServiceA] 711D0000 IAT C:\Program Files\Java\jre6\bin\jqs.exe[1692] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!SetWindowsHookExW] 71540000 IAT C:\Program Files\Java\jre6\bin\jqs.exe[1692] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetWindowsHookExW] 71540000 IAT C:\Program Files\Java\jre6\bin\jqs.exe[1692] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExA] 71580000 IAT C:\Program Files\Java\jre6\bin\jqs.exe[1692] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExW] 71540000 IAT C:\WINDOWS\system32\ctfmon.exe[1720] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!SetWindowsHookExW] 71540000 IAT C:\WINDOWS\system32\ctfmon.exe[1720] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetWindowsHookExW] 71540000 IAT C:\WINDOWS\system32\ctfmon.exe[1720] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExA] 71580000 IAT C:\WINDOWS\system32\ctfmon.exe[1720] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExW] 71540000 IAT C:\WINDOWS\system32\ctfmon.exe[1720] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!CreateServiceA] 711D0000 IAT C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[1732] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!CreateServiceA] 711D0000 IAT C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[1732] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetWindowsHookExW] 71540000 IAT C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[1732] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExA] 71580000 IAT C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[1732] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExW] 71540000 IAT C:\Program Files\Juniper Networks\Common Files\dsNcService.exe[1732] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!SetWindowsHookExW] 71540000 IAT C:\WINDOWS\system32\svchost.exe[1752] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!SetWindowsHookExW] 71540000 IAT C:\WINDOWS\system32\svchost.exe[1752] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetWindowsHookExW] 71540000 IAT C:\WINDOWS\system32\svchost.exe[1752] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExA] 71580000 IAT C:\WINDOWS\system32\svchost.exe[1752] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExW] 71540000 IAT C:\WINDOWS\system32\svchost.exe[1752] @ c:\windows\system32\WS2HELP.dll [ADVAPI32.dll!CreateServiceA] 711D0000 IAT C:\WINDOWS\system32\o2flash.exe[1916] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!CreateServiceA] 711D0000 IAT C:\WINDOWS\system32\o2flash.exe[1916] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetWindowsHookExW] 71540000 IAT C:\WINDOWS\system32\o2flash.exe[1916] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExA] 71580000 IAT C:\WINDOWS\system32\o2flash.exe[1916] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExW] 71540000 IAT C:\WINDOWS\system32\o2flash.exe[1916] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!SetWindowsHookExW] 71540000 IAT C:\WINDOWS\system32\svchost.exe[2100] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!SetWindowsHookExW] 71540000 IAT C:\WINDOWS\system32\svchost.exe[2100] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetWindowsHookExW] 71540000 IAT C:\WINDOWS\system32\svchost.exe[2100] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExA] 71580000 IAT C:\WINDOWS\system32\svchost.exe[2100] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExW] 71540000 IAT C:\WINDOWS\system32\svchost.exe[2100] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!CreateServiceA] 711D0000 IAT C:\WINDOWS\system32\UTSCSI.EXE[2552] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!CreateServiceA] 711F0000 IAT C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe[2616] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetWindowsHookExW] 71540000 IAT C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe[2616] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExA] 71580000 IAT C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe[2616] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExW] 71540000 IAT C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe[2616] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!SetWindowsHookExW] 71540000 IAT C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe[2616] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!CreateServiceA] 711D0000 IAT C:\WINDOWS\System32\alg.exe[2764] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!SetWindowsHookExW] 71550000 IAT C:\WINDOWS\System32\alg.exe[2764] @ C:\WINDOWS\System32\WS2HELP.dll [ADVAPI32.dll!CreateServiceA] 711E0000 IAT C:\WINDOWS\System32\alg.exe[2764] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetWindowsHookExW] 71550000 IAT C:\WINDOWS\System32\alg.exe[2764] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExA] 71590000 IAT C:\WINDOWS\System32\alg.exe[2764] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExW] 71550000 IAT C:\WINDOWS\system32\wscntfy.exe[2808] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetWindowsHookExW] 71550000 IAT C:\WINDOWS\system32\wscntfy.exe[2808] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExA] 71590000 IAT C:\WINDOWS\system32\wscntfy.exe[2808] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExW] 71550000 IAT C:\WINDOWS\system32\wscntfy.exe[2808] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!CreateServiceA] 711E0000 IAT C:\WINDOWS\system32\wscntfy.exe[2808] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!SetWindowsHookExW] 71550000 IAT C:\WINDOWS\system32\wbem\wmiapsrv.exe[2944] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!SetWindowsHookExW] 71540000 IAT C:\WINDOWS\system32\wbem\wmiapsrv.exe[2944] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetWindowsHookExW] 71540000 IAT C:\WINDOWS\system32\wbem\wmiapsrv.exe[2944] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExA] 71580000 IAT C:\WINDOWS\system32\wbem\wmiapsrv.exe[2944] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExW] 71540000 IAT C:\WINDOWS\system32\wbem\wmiapsrv.exe[2944] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!CreateServiceA] 711D0000 IAT C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3124] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!SetWindowsHookExW] 71540000 IAT C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3124] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetWindowsHookExW] 71540000 IAT C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3124] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExA] 71580000 IAT C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3124] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExW] 71540000 IAT C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3124] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!CreateServiceA] 711D0000 ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software) AttachedDevice \FileSystem\Ntfs \Ntfs TfFsMon.sys (ThreatFire Filesystem Monitor/PC Tools) AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) ---- EOF - GMER 1.0.15 ----