GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-05-03 07:12:10 Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2 TOSHIBA_MK8037GSX rev.DL232C 74,53GB Running: 59tdu092.exe; Driver: C:\Users\Iwona\AppData\Local\Temp\kwtorpog.sys ---- System - GMER 2.1 ---- SSDT \??\C:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys ZwAllocateVirtualMemory [0x8D717060] SSDT \??\C:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys ZwAlpcConnectPort [0x8D71A494] SSDT \??\C:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys ZwAlpcSendWaitReceivePort [0x8D719FCA] SSDT \??\C:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys ZwAssignProcessToJobObject [0x8D717BCA] SSDT \??\C:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys ZwClose [0x8D71AABA] SSDT \??\C:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys ZwConnectPort [0x8D719346] SSDT \??\C:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys ZwCreateFile [0x8D718894] SSDT \??\C:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys ZwCreateKey [0x8D719A3E] SSDT \??\C:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys ZwCreateProcess [0x8D717E20] SSDT \??\C:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys ZwCreateProcessEx [0x8D717ED6] SSDT \??\C:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys ZwCreateSection [0x8D7181BE] SSDT \??\C:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys ZwCreateThread [0x8D7169D0] SSDT \??\C:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys ZwDeviceIoControlFile [0x8D719BAE] SSDT \??\C:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys ZwDuplicateObject [0x8D71DF48] SSDT \??\C:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys ZwFsControlFile [0x8D719E66] SSDT \??\C:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys ZwLoadDriver [0x8D7174D6] SSDT \??\C:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys ZwMakeTemporaryObject [0x8D71A862] SSDT \??\C:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys ZwOpenFile [0x8D71868C] SSDT \??\C:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys ZwOpenProcess [0x8D71D9A0] SSDT \??\C:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys ZwOpenSection [0x8D717F90] SSDT \??\C:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys ZwOpenThread [0x8D71DC50] SSDT \??\C:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys ZwProtectVirtualMemory [0x8D716EE4] SSDT \??\C:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys ZwQueueApcThread [0x8D717CF2] SSDT \??\C:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys ZwReplaceKey [0x8D71A6B0] SSDT \??\C:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys ZwRequestPort [0x8D7194B4] SSDT \??\C:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys ZwRequestWaitReplyPort [0x8D718E48] SSDT \??\C:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys ZwRestoreKey [0x8D71A73A] SSDT \??\C:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys ZwSecureConnectPort [0x8D7198CE] SSDT \??\C:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys ZwSetContextThread [0x8D716B40] SSDT \??\C:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys ZwSetSecurityObject [0x8D71A60A] SSDT \??\C:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys ZwSetSystemInformation [0x8D7176D0] SSDT \??\C:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys ZwShutdownSystem [0x8D71A7CC] SSDT \??\C:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys ZwSuspendProcess [0x8D716DBC] SSDT \??\C:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys ZwSuspendThread [0x8D716C96] SSDT \??\C:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys ZwSystemDebugControl [0x8D717AFC] SSDT \??\C:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys ZwTerminateProcess [0x8D71D898] SSDT \??\C:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys ZwTerminateThread [0x8D71E13A] SSDT \??\C:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys ZwUnloadDriver [0x8D71A8F8] SSDT \??\C:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys ZwWriteVirtualMemory [0x8D716854] SSDT \??\C:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys ZwCreateThreadEx [0x8D71ACD6] SYSENTER \SystemRoot\system32\DRIVERS\avc3.sys 87D6B000 ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!KeSetEvent + 131 81EE3874 4 Bytes [60, 70, 71, 8D] .text ntkrnlpa.exe!KeSetEvent + 13D 81EE3880 4 Bytes [94, A4, 71, 8D] {XCHG ESP, EAX; MOVSB ; JNO 0xffffff91} .text ntkrnlpa.exe!KeSetEvent + 181 81EE38C4 4 Bytes [CA, 9F, 71, 8D] .text ntkrnlpa.exe!KeSetEvent + 191 81EE38D4 4 Bytes [CA, 7B, 71, 8D] .text ntkrnlpa.exe!KeSetEvent + 1A9 81EE38EC 4 Bytes [BA, AA, 71, 8D] .text ... ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\svchost.exe[12] ntdll.dll!RtlCreateProcessParametersEx 7773DFE3 5 Bytes JMP 74B11EE9 .text C:\Windows\system32\svchost.exe[12] ntdll.dll!NtClose + 5 77774189 5 Bytes JMP 74B158D9 .text C:\Windows\system32\svchost.exe[12] ntdll.dll!NtCreateFile + 5 77774249 5 Bytes JMP 74B11DC9 .text C:\Windows\system32\svchost.exe[12] ntdll.dll!NtCreateProcess + 5 77774309 5 Bytes JMP 74B12A29 .text C:\Windows\system32\svchost.exe[12] ntdll.dll!NtCreateProcessEx + 5 77774319 5 Bytes JMP 74B12AB9 .text C:\Windows\system32\svchost.exe[12] ntdll.dll!NtCreateThread + 5 77774369 5 Bytes JMP 74B12999 .text C:\Windows\system32\svchost.exe[12] ntdll.dll!NtDuplicateObject + 5 77774699 5 Bytes JMP 74B12E19 .text C:\Windows\system32\svchost.exe[12] ntdll.dll!NtLoadDriver + 5 777748D9 5 Bytes JMP 74B15969 .text C:\Windows\system32\svchost.exe[12] ntdll.dll!NtMapViewOfSection + 5 77774999 5 Bytes JMP 74B115E9 .text C:\Windows\system32\svchost.exe[12] ntdll.dll!NtOpenProcess + 5 77774AA9 5 Bytes JMP 74B12CF9 .text C:\Windows\system32\svchost.exe[12] ntdll.dll!NtQueueApcThread + 5 77774E79 5 Bytes JMP 74B12D89 .text C:\Windows\system32\svchost.exe[12] ntdll.dll!NtRaiseHardError + 5 77774E99 5 Bytes JMP 74B140A9 .text C:\Windows\system32\svchost.exe[12] ntdll.dll!NtSetContextThread + 5 77775099 5 Bytes JMP 74B12C69 .text C:\Windows\system32\svchost.exe[12] ntdll.dll!NtSetInformationProcess + 5 77775199 5 Bytes JMP 74B153C9 .text C:\Windows\system32\svchost.exe[12] ntdll.dll!NtSetSystemInformation + 5 77775259 5 Bytes JMP 74B159F9 .text C:\Windows\system32\svchost.exe[12] ntdll.dll!NtSetValueKey + 5 777752C9 5 Bytes JMP 74B121B9 .text C:\Windows\system32\svchost.exe[12] ntdll.dll!NtTerminateProcess + 5 77775369 5 Bytes JMP 74B15339 .text C:\Windows\system32\svchost.exe[12] ntdll.dll!NtUnmapViewOfSection + 5 77775449 5 Bytes JMP 74B11679 .text C:\Windows\system32\svchost.exe[12] ntdll.dll!NtWriteVirtualMemory + 5 777754E9 5 Bytes JMP 74B12BD9 .text C:\Windows\system32\svchost.exe[12] ntdll.dll!NtCreateThreadEx + 5 77775669 5 Bytes JMP 74B12909 .text C:\Windows\system32\svchost.exe[12] ntdll.dll!RtlReportException 777A4293 5 Bytes JMP 74B14139 .text C:\Windows\system32\svchost.exe[12] ntdll.dll!RtlCreateProcessParameters 777A6AE8 5 Bytes JMP 74B11E59 .text C:\Windows\system32\svchost.exe[12] kernel32.dll!GetSystemTimeAsFileTime 778918C0 5 Bytes JMP 74B119D9 .text C:\Windows\system32\svchost.exe[12] kernel32.dll!GetStartupInfoW 77891929 5 Bytes JMP 74B11D39 .text C:\Windows\system32\svchost.exe[12] kernel32.dll!GetStartupInfoA 778919C9 5 Bytes JMP 74B11CA9 .text C:\Windows\system32\svchost.exe[12] kernel32.dll!CreateProcessA 77891C28 5 Bytes JMP 74B12639 .text C:\Windows\system32\svchost.exe[12] kernel32.dll!Sleep 77891C5D 5 Bytes JMP 74B122D9 .text C:\Windows\system32\svchost.exe[12] kernel32.dll!WriteProcessMemory 77891CB8 5 Bytes JMP 74B12F39 .text C:\Windows\system32\svchost.exe[12] kernel32.dll!CreateProcessInternalW 778B5467 5 Bytes JMP 74B12B49 .text C:\Windows\system32\svchost.exe[12] kernel32.dll!LoadLibraryExW 778B926C 5 Bytes JMP 74B154E9 .text C:\Windows\system32\svchost.exe[12] kernel32.dll!LoadLibraryExA 778B9544 5 Bytes JMP 74B15459 .text C:\Windows\system32\svchost.exe[12] kernel32.dll!LoadLibraryA 778B956C 5 Bytes JMP 74B123F9 .text C:\Windows\system32\svchost.exe[12] kernel32.dll!FreeLibrary 778D3F64 5 Bytes JMP 74B15579 .text C:\Windows\system32\svchost.exe[12] kernel32.dll!ExitProcess 778D43B4 5 Bytes JMP 74B12249 .text C:\Windows\system32\svchost.exe[12] kernel32.dll!GetProcAddress 778D921B 5 Bytes JMP 74B12369 .text C:\Windows\system32\svchost.exe[12] kernel32.dll!GetModuleHandleA 778D9485 5 Bytes JMP 74B118B9 .text C:\Windows\system32\svchost.exe[12] kernel32.dll!SleepEx 778D9B3E 5 Bytes JMP 74B12129 .text C:\Windows\system32\svchost.exe[12] kernel32.dll!QueryPerformanceCounter 778DA860 5 Bytes JMP 74B11A69 .text C:\Windows\system32\svchost.exe[12] kernel32.dll!GetModuleHandleW 778DAA04 5 Bytes JMP 74B11949 .text C:\Windows\system32\svchost.exe[12] kernel32.dll!OpenMutexW 778DAC85 5 Bytes JMP 74B13329 .text C:\Windows\system32\svchost.exe[12] kernel32.dll!CloseHandle 778DB08D 5 Bytes JMP 74B13449 .text C:\Windows\system32\svchost.exe[12] kernel32.dll!CreateThread 778DCB0E 5 Bytes JMP 74B12EA9 .text C:\Windows\system32\svchost.exe[12] kernel32.dll!CreateRemoteThread 778DCB35 5 Bytes JMP 74B12879 .text C:\Windows\system32\svchost.exe[12] kernel32.dll!CreateFileA 778DD05F 5 Bytes JMP 74B12519 .text C:\Windows\system32\svchost.exe[12] kernel32.dll!CreateMutexW 778DD755 5 Bytes JMP 74B133B9 .text C:\Windows\system32\svchost.exe[12] kernel32.dll!Process32NextW 778E616D 5 Bytes JMP 74B15849 .text C:\Windows\system32\svchost.exe[12] kernel32.dll!CreateToolhelp32Snapshot 778E68A7 5 Bytes JMP 74B12489 .text C:\Windows\system32\svchost.exe[12] kernel32.dll!WinExec 7792614F 5 Bytes JMP 74B125A9 .text C:\Windows\system32\svchost.exe[12] kernel32.dll!ReadConsoleA 77937B6D 5 Bytes JMP 74B13F89 .text C:\Windows\system32\svchost.exe[12] kernel32.dll!ReadConsoleW 77937BC3 5 Bytes JMP 74B14019 .text C:\Windows\system32\svchost.exe[12] kernel32.dll!ReadConsoleInputA 77938E13 5 Bytes JMP 74B13E69 .text C:\Windows\system32\svchost.exe[12] kernel32.dll!ReadConsoleInputW 77938E36 5 Bytes JMP 74B13EF9 .text C:\Windows\system32\svchost.exe[12] msvcrt.dll!_lock + 29 764F9FAE 5 Bytes JMP 74B15D59 .text C:\Windows\system32\svchost.exe[12] msvcrt.dll!__p__fmode 7650179B 5 Bytes JMP 74B11B89 .text C:\Windows\system32\svchost.exe[12] msvcrt.dll!__p__environ 7650C7D7 5 Bytes JMP 74B11AF9 .text C:\Windows\system32\svchost.exe[12] ADVAPI32.dll!OpenServiceA 765C2EBD 5 Bytes JMP 74B134D9 .text C:\Windows\system32\svchost.exe[12] ADVAPI32.dll!CloseServiceHandle 765C82A5 5 Bytes JMP 74B13959 .text C:\Windows\system32\svchost.exe[12] ADVAPI32.dll!OpenServiceW 765C8354 5 Bytes JMP 74B13569 .text C:\Windows\system32\svchost.exe[12] ADVAPI32.dll!RegOpenCurrentUser + 9B 765E0CC1 5 Bytes JMP 74B15DE9 .text C:\Windows\system32\svchost.exe[12] ADVAPI32.dll!CreateServiceW 765E9EB4 5 Bytes JMP 74B13B99 .text C:\Windows\system32\svchost.exe[12] ADVAPI32.dll!ControlService 765E9FB8 5 Bytes JMP 74B13719 .text C:\Windows\system32\svchost.exe[12] ADVAPI32.dll!DeleteService 765EA07E 5 Bytes JMP 74B137A9 .text C:\Windows\system32\svchost.exe[12] ADVAPI32.dll!ControlServiceExA 7662662E 5 Bytes JMP 74B135F9 .text C:\Windows\system32\svchost.exe[12] ADVAPI32.dll!ControlServiceExW 76626741 5 Bytes JMP 74B13689 .text C:\Windows\system32\svchost.exe[12] ADVAPI32.dll!ChangeServiceConfigA 76626DD9 5 Bytes JMP 74B13839 .text C:\Windows\system32\svchost.exe[12] ADVAPI32.dll!ChangeServiceConfigW 76626F81 5 Bytes JMP 74B138C9 .text C:\Windows\system32\svchost.exe[12] ADVAPI32.dll!CreateServiceA 766272A1 5 Bytes JMP 74B13B09 .text C:\Windows\system32\svchost.exe[12] USER32.dll!SetWindowsHookExA 763C6322 5 Bytes JMP 74B12759 .text C:\Windows\system32\svchost.exe[12] USER32.dll!CreateDialogIndirectParamAorW 763C7266 5 Bytes JMP 74B14EB9 .text C:\Windows\system32\svchost.exe[12] USER32.dll!SetWindowsHookExW 763C87AD 5 Bytes JMP 74B127E9 .text C:\Windows\system32\svchost.exe[12] USER32.dll!CallNextHookEx 763C8E3B 5 Bytes JMP 74B141C9 .text C:\Windows\system32\svchost.exe[12] USER32.dll!UnhookWindowsHookEx 763C98DB 5 Bytes JMP 74B14259 .text C:\Windows\system32\svchost.exe[12] USER32.dll!FindWindowA 763C9D76 5 Bytes JMP 74B15609 .text C:\Windows\system32\svchost.exe[12] USER32.dll!ShowWindow 763CCA10 5 Bytes JMP 74B14E29 .text C:\Windows\system32\svchost.exe[12] USER32.dll!CreateWindowExA 763CDC2A 5 Bytes JMP 74B14D99 .text C:\Windows\system32\svchost.exe[12] USER32.dll!FindWindowExA 763CF6C1 5 Bytes JMP 74B15699 .text C:\Windows\system32\svchost.exe[12] USER32.dll!CreateWindowExW 763D1305 1 Byte [E9] .text C:\Windows\system32\svchost.exe[12] USER32.dll!CreateWindowExW 763D1305 5 Bytes JMP 74B14D09 .text C:\Windows\system32\svchost.exe[12] USER32.dll!UserClientDllInitialize 763D7A1D 5 Bytes JMP 74B15E79 .text C:\Windows\system32\svchost.exe[12] USER32.dll!PeekMessageA 763D8343 5 Bytes JMP 74B13D49 .text C:\Windows\system32\svchost.exe[12] USER32.dll!GetMessageA 763D8AB3 5 Bytes JMP 74B13C29 .text C:\Windows\system32\svchost.exe[12] USER32.dll!SetWindowTextW 763D9815 5 Bytes JMP 74B15189 .text C:\Windows\system32\svchost.exe[12] USER32.dll!FindWindowW 763DA441 5 Bytes JMP 74B15729 .text C:\Windows\system32\svchost.exe[12] USER32.dll!GetMessageW 763DFEF7 5 Bytes JMP 74B13CB9 .text C:\Windows\system32\svchost.exe[12] USER32.dll!PeekMessageW 763E045A 5 Bytes JMP 74B13DD9 .text C:\Windows\system32\svchost.exe[12] USER32.dll!SetWindowTextA 763EA4E6 5 Bytes JMP 74B150F9 .text C:\Windows\system32\svchost.exe[12] USER32.dll!FindWindowExW 763F260C 5 Bytes JMP 74B157B9 .text C:\Windows\system32\svchost.exe[12] USER32.dll!DialogBoxIndirectParamAorW 763F2EB6 5 Bytes JMP 74B14F49 .text C:\Windows\system32\svchost.exe[12] USER32.dll!MessageBoxExA 7641D639 5 Bytes JMP 74B14FD9 .text C:\Windows\system32\svchost.exe[12] USER32.dll!MessageBoxExW 7641D65D 5 Bytes JMP 74B15069 .text C:\Windows\system32\svchost.exe[12] WS2_32.dll!WahWriteLSPEvent 77521434 5 Bytes JMP 74B15F09 .text C:\Windows\system32\svchost.exe[12] WS2_32.dll!closesocket 7752330C 5 Bytes JMP 74B152A9 .text C:\Windows\system32\svchost.exe[12] WS2_32.dll!recv 7752343A 5 Bytes JMP 74B15C39 .text C:\Windows\system32\svchost.exe[12] WS2_32.dll!WSASocketW 775234EB 5 Bytes JMP 74B15219 .text C:\Windows\system32\svchost.exe[12] WS2_32.dll!socket 775236D1 5 Bytes JMP 74B15A89 .text C:\Windows\system32\svchost.exe[12] WS2_32.dll!GetAddrInfoW 77523D12 5 Bytes JMP 74B14BE9 .text C:\Windows\system32\svchost.exe[12] WS2_32.dll!connect 775240D9 5 Bytes JMP 74B13A79 .text C:\Windows\system32\svchost.exe[12] WS2_32.dll!WSASend 77524496 5 Bytes JMP 74B12009 .text C:\Windows\system32\svchost.exe[12] WS2_32.dll!send 7752659B 5 Bytes JMP 74B11F79 .text C:\Windows\system32\svchost.exe[12] WS2_32.dll!WSARecv 77528400 5 Bytes JMP 74B15CC9 .text C:\Windows\system32\svchost.exe[12] WS2_32.dll!WSAConnect 7752D7B0 5 Bytes JMP 74B15BA9 .text C:\Windows\system32\svchost.exe[12] WS2_32.dll!gethostbyname 775362D4 5 Bytes JMP 74B14C79 .text C:\Windows\system32\SLsvc.exe[868] ntdll.dll!RtlCreateProcessParametersEx 7773DFE3 5 Bytes JMP 74B11EE9 .text C:\Windows\system32\SLsvc.exe[868] ntdll.dll!NtClose + 5 77774189 5 Bytes JMP 74B158D9 .text C:\Windows\system32\SLsvc.exe[868] ntdll.dll!NtCreateFile + 5 77774249 5 Bytes JMP 74B11DC9 .text C:\Windows\system32\SLsvc.exe[868] ntdll.dll!NtCreateProcess + 5 77774309 5 Bytes JMP 74B12A29 .text C:\Windows\system32\SLsvc.exe[868] ntdll.dll!NtCreateProcessEx + 5 77774319 5 Bytes JMP 74B12AB9 .text C:\Windows\system32\SLsvc.exe[868] ntdll.dll!NtCreateThread + 5 77774369 5 Bytes JMP 74B12999 .text C:\Windows\system32\SLsvc.exe[868] ntdll.dll!NtDuplicateObject + 5 77774699 5 Bytes JMP 74B12E19 .text C:\Windows\system32\SLsvc.exe[868] ntdll.dll!NtLoadDriver + 5 777748D9 5 Bytes JMP 74B15969 .text C:\Windows\system32\SLsvc.exe[868] ntdll.dll!NtMapViewOfSection + 5 77774999 5 Bytes JMP 74B115E9 .text C:\Windows\system32\SLsvc.exe[868] ntdll.dll!NtOpenProcess + 5 77774AA9 5 Bytes JMP 74B12CF9 .text C:\Windows\system32\SLsvc.exe[868] ntdll.dll!NtQueueApcThread + 5 77774E79 5 Bytes JMP 74B12D89 .text C:\Windows\system32\SLsvc.exe[868] ntdll.dll!NtRaiseHardError + 5 77774E99 5 Bytes JMP 74B140A9 .text C:\Windows\system32\SLsvc.exe[868] ntdll.dll!NtSetContextThread + 5 77775099 5 Bytes JMP 74B12C69 .text C:\Windows\system32\SLsvc.exe[868] ntdll.dll!NtSetInformationProcess + 5 77775199 5 Bytes JMP 74B153C9 .text C:\Windows\system32\SLsvc.exe[868] ntdll.dll!NtSetSystemInformation + 5 77775259 5 Bytes JMP 74B159F9 .text C:\Windows\system32\SLsvc.exe[868] ntdll.dll!NtSetValueKey + 5 777752C9 5 Bytes JMP 74B121B9 .text C:\Windows\system32\SLsvc.exe[868] ntdll.dll!NtTerminateProcess + 5 77775369 5 Bytes JMP 74B15339 .text C:\Windows\system32\SLsvc.exe[868] ntdll.dll!NtUnmapViewOfSection + 5 77775449 5 Bytes JMP 74B11679 .text C:\Windows\system32\SLsvc.exe[868] ntdll.dll!NtVdmControl + 5 77775459 5 Bytes JMP 74B15D59 .text C:\Windows\system32\SLsvc.exe[868] ntdll.dll!NtWriteVirtualMemory + 5 777754E9 5 Bytes JMP 74B12BD9 .text C:\Windows\system32\SLsvc.exe[868] ntdll.dll!NtCreateThreadEx + 5 77775669 5 Bytes JMP 74B12909 .text C:\Windows\system32\SLsvc.exe[868] ntdll.dll!RtlReportException 777A4293 5 Bytes JMP 74B14139 .text C:\Windows\system32\SLsvc.exe[868] ntdll.dll!RtlCreateProcessParameters 777A6AE8 5 Bytes JMP 74B11E59 .text C:\Windows\system32\SLsvc.exe[868] kernel32.dll!GetSystemTimeAsFileTime 778918C0 5 Bytes JMP 74B119D9 .text C:\Windows\system32\SLsvc.exe[868] kernel32.dll!GetStartupInfoW 77891929 5 Bytes JMP 74B11D39 .text C:\Windows\system32\SLsvc.exe[868] kernel32.dll!GetStartupInfoA 778919C9 5 Bytes JMP 74B11CA9 .text C:\Windows\system32\SLsvc.exe[868] kernel32.dll!CreateProcessA 77891C28 5 Bytes JMP 74B12639 .text C:\Windows\system32\SLsvc.exe[868] kernel32.dll!Sleep 77891C5D 5 Bytes JMP 74B122D9 .text C:\Windows\system32\SLsvc.exe[868] kernel32.dll!WriteProcessMemory 77891CB8 5 Bytes JMP 74B12F39 .text C:\Windows\system32\SLsvc.exe[868] kernel32.dll!CreateProcessInternalW 778B5467 5 Bytes JMP 74B12B49 .text C:\Windows\system32\SLsvc.exe[868] kernel32.dll!LoadLibraryExW 778B926C 5 Bytes JMP 74B154E9 .text C:\Windows\system32\SLsvc.exe[868] kernel32.dll!LoadLibraryExA 778B9544 5 Bytes JMP 74B15459 .text C:\Windows\system32\SLsvc.exe[868] kernel32.dll!LoadLibraryA 778B956C 5 Bytes JMP 74B123F9 .text C:\Windows\system32\SLsvc.exe[868] kernel32.dll!FreeLibrary 778D3F64 5 Bytes JMP 74B15579 .text C:\Windows\system32\SLsvc.exe[868] kernel32.dll!ExitProcess 778D43B4 5 Bytes JMP 74B12249 .text C:\Windows\system32\SLsvc.exe[868] kernel32.dll!GetProcAddress 778D921B 5 Bytes JMP 74B12369 .text C:\Windows\system32\SLsvc.exe[868] kernel32.dll!GetModuleHandleA 778D9485 5 Bytes JMP 74B118B9 .text C:\Windows\system32\SLsvc.exe[868] kernel32.dll!SleepEx 778D9B3E 5 Bytes JMP 74B12129 .text C:\Windows\system32\SLsvc.exe[868] kernel32.dll!QueryPerformanceCounter 778DA860 5 Bytes JMP 74B11A69 .text C:\Windows\system32\SLsvc.exe[868] kernel32.dll!GetModuleHandleW 778DAA04 5 Bytes JMP 74B11949 .text C:\Windows\system32\SLsvc.exe[868] kernel32.dll!OpenMutexW 778DAC85 5 Bytes JMP 74B13329 .text C:\Windows\system32\SLsvc.exe[868] kernel32.dll!CloseHandle 778DB08D 5 Bytes JMP 74B13449 .text C:\Windows\system32\SLsvc.exe[868] kernel32.dll!CreateThread 778DCB0E 5 Bytes JMP 74B12EA9 .text C:\Windows\system32\SLsvc.exe[868] kernel32.dll!CreateRemoteThread 778DCB35 5 Bytes JMP 74B12879 .text C:\Windows\system32\SLsvc.exe[868] kernel32.dll!CreateFileA 778DD05F 5 Bytes JMP 74B12519 .text C:\Windows\system32\SLsvc.exe[868] kernel32.dll!CreateMutexW 778DD755 5 Bytes JMP 74B133B9 .text C:\Windows\system32\SLsvc.exe[868] kernel32.dll!Process32NextW 778E616D 5 Bytes JMP 74B15849 .text C:\Windows\system32\SLsvc.exe[868] kernel32.dll!CreateToolhelp32Snapshot 778E68A7 5 Bytes JMP 74B12489 .text C:\Windows\system32\SLsvc.exe[868] kernel32.dll!WinExec 7792614F 5 Bytes JMP 74B125A9 .text C:\Windows\system32\SLsvc.exe[868] kernel32.dll!ReadConsoleA 77937B6D 5 Bytes JMP 74B13F89 .text C:\Windows\system32\SLsvc.exe[868] kernel32.dll!ReadConsoleW 77937BC3 5 Bytes JMP 74B14019 .text C:\Windows\system32\SLsvc.exe[868] kernel32.dll!ReadConsoleInputA 77938E13 5 Bytes JMP 74B13E69 .text C:\Windows\system32\SLsvc.exe[868] kernel32.dll!ReadConsoleInputW 77938E36 5 Bytes JMP 74B13EF9 .text C:\Windows\system32\SLsvc.exe[868] ADVAPI32.dll!OpenServiceA 765C2EBD 5 Bytes JMP 74B134D9 .text C:\Windows\system32\SLsvc.exe[868] ADVAPI32.dll!CloseServiceHandle 765C82A5 5 Bytes JMP 74B13959 .text C:\Windows\system32\SLsvc.exe[868] ADVAPI32.dll!OpenServiceW 765C8354 5 Bytes JMP 74B13569 .text C:\Windows\system32\SLsvc.exe[868] ADVAPI32.dll!RegOpenCurrentUser + 9B 765E0CC1 5 Bytes JMP 74B15F09 .text C:\Windows\system32\SLsvc.exe[868] ADVAPI32.dll!CreateServiceW 765E9EB4 5 Bytes JMP 74B13B99 .text C:\Windows\system32\SLsvc.exe[868] ADVAPI32.dll!ControlService 765E9FB8 5 Bytes JMP 74B13719 .text C:\Windows\system32\SLsvc.exe[868] ADVAPI32.dll!DeleteService 765EA07E 5 Bytes JMP 74B137A9 .text C:\Windows\system32\SLsvc.exe[868] ADVAPI32.dll!ControlServiceExA 7662662E 5 Bytes JMP 74B135F9 .text C:\Windows\system32\SLsvc.exe[868] ADVAPI32.dll!ControlServiceExW 76626741 5 Bytes JMP 74B13689 .text C:\Windows\system32\SLsvc.exe[868] ADVAPI32.dll!ChangeServiceConfigA 76626DD9 5 Bytes JMP 74B13839 .text C:\Windows\system32\SLsvc.exe[868] ADVAPI32.dll!ChangeServiceConfigW 76626F81 5 Bytes JMP 74B138C9 .text C:\Windows\system32\SLsvc.exe[868] ADVAPI32.dll!CreateServiceA 766272A1 5 Bytes JMP 74B13B09 .text C:\Windows\system32\SLsvc.exe[868] msvcrt.dll!_lock + 29 764F9FAE 5 Bytes JMP 74B15F99 .text C:\Windows\system32\SLsvc.exe[868] msvcrt.dll!__p__fmode 7650179B 5 Bytes JMP 74B11B89 .text C:\Windows\system32\SLsvc.exe[868] msvcrt.dll!__p__environ 7650C7D7 5 Bytes JMP 74B11AF9 .text C:\Windows\system32\SLsvc.exe[868] USER32.dll!SetWindowsHookExA 763C6322 5 Bytes JMP 74B12759 .text C:\Windows\system32\SLsvc.exe[868] USER32.dll!CreateDialogIndirectParamAorW 763C7266 5 Bytes JMP 74B14EB9 .text C:\Windows\system32\SLsvc.exe[868] USER32.dll!SetWindowsHookExW 763C87AD 5 Bytes JMP 74B127E9 .text C:\Windows\system32\SLsvc.exe[868] USER32.dll!CallNextHookEx 763C8E3B 5 Bytes JMP 74B141C9 .text C:\Windows\system32\SLsvc.exe[868] USER32.dll!UnhookWindowsHookEx 763C98DB 5 Bytes JMP 74B14259 .text C:\Windows\system32\SLsvc.exe[868] USER32.dll!FindWindowA 763C9D76 5 Bytes JMP 74B15609 .text C:\Windows\system32\SLsvc.exe[868] USER32.dll!ShowWindow 763CCA10 5 Bytes JMP 74B14E29 .text C:\Windows\system32\SLsvc.exe[868] USER32.dll!CreateWindowExA 763CDC2A 5 Bytes JMP 74B14D99 .text C:\Windows\system32\SLsvc.exe[868] USER32.dll!FindWindowExA 763CF6C1 5 Bytes JMP 74B15699 .text C:\Windows\system32\SLsvc.exe[868] USER32.dll!PostMessageA 763CF8F8 5 Bytes JMP 74B15DE9 .text C:\Windows\system32\SLsvc.exe[868] USER32.dll!CreateWindowExW 763D1305 1 Byte [E9] .text C:\Windows\system32\SLsvc.exe[868] USER32.dll!CreateWindowExW 763D1305 5 Bytes JMP 74B14D09 .text C:\Windows\system32\SLsvc.exe[868] USER32.dll!UserClientDllInitialize 763D7A1D 5 Bytes JMP 74B16029 .text C:\Windows\system32\SLsvc.exe[868] USER32.dll!PeekMessageA 763D8343 5 Bytes JMP 74B13D49 .text C:\Windows\system32\SLsvc.exe[868] USER32.dll!GetMessageA 763D8AB3 5 Bytes JMP 74B13C29 .text C:\Windows\system32\SLsvc.exe[868] USER32.dll!SetWindowTextW 763D9815 5 Bytes JMP 74B15189 .text C:\Windows\system32\SLsvc.exe[868] USER32.dll!PostMessageW 763DA175 1 Byte [E9] .text C:\Windows\system32\SLsvc.exe[868] USER32.dll!PostMessageW 763DA175 5 Bytes JMP 74B15E79 .text C:\Windows\system32\SLsvc.exe[868] USER32.dll!FindWindowW 763DA441 5 Bytes JMP 74B15729 .text C:\Windows\system32\SLsvc.exe[868] USER32.dll!GetMessageW 763DFEF7 5 Bytes JMP 74B13CB9 .text C:\Windows\system32\SLsvc.exe[868] USER32.dll!PeekMessageW 763E045A 5 Bytes JMP 74B13DD9 .text C:\Windows\system32\SLsvc.exe[868] USER32.dll!SetWindowTextA 763EA4E6 5 Bytes JMP 74B150F9 .text C:\Windows\system32\SLsvc.exe[868] USER32.dll!FindWindowExW 763F260C 5 Bytes JMP 74B157B9 .text C:\Windows\system32\SLsvc.exe[868] USER32.dll!DialogBoxIndirectParamAorW 763F2EB6 5 Bytes JMP 74B14F49 .text C:\Windows\system32\SLsvc.exe[868] USER32.dll!MessageBoxExA 7641D639 5 Bytes JMP 74B14FD9 .text C:\Windows\system32\SLsvc.exe[868] USER32.dll!MessageBoxExW 7641D65D 5 Bytes JMP 74B15069 .text C:\Windows\system32\SLsvc.exe[868] WS2_32.dll!WahWriteLSPEvent 77521434 5 Bytes JMP 74B160B9 .text C:\Windows\system32\SLsvc.exe[868] WS2_32.dll!closesocket 7752330C 5 Bytes JMP 74B152A9 .text C:\Windows\system32\SLsvc.exe[868] WS2_32.dll!recv 7752343A 5 Bytes JMP 74B15C39 .text C:\Windows\system32\SLsvc.exe[868] WS2_32.dll!WSASocketW 775234EB 5 Bytes JMP 74B15219 .text C:\Windows\system32\SLsvc.exe[868] WS2_32.dll!socket 775236D1 5 Bytes JMP 74B15A89 .text C:\Windows\system32\SLsvc.exe[868] WS2_32.dll!GetAddrInfoW 77523D12 5 Bytes JMP 74B14BE9 .text C:\Windows\system32\SLsvc.exe[868] WS2_32.dll!connect 775240D9 5 Bytes JMP 74B13A79 .text C:\Windows\system32\SLsvc.exe[868] WS2_32.dll!WSASend 77524496 5 Bytes JMP 74B12009 .text C:\Windows\system32\SLsvc.exe[868] WS2_32.dll!send 7752659B 5 Bytes JMP 74B11F79 .text C:\Windows\system32\SLsvc.exe[868] WS2_32.dll!WSARecv 77528400 5 Bytes JMP 74B15CC9 .text C:\Windows\system32\SLsvc.exe[868] WS2_32.dll!WSAConnect 7752D7B0 5 Bytes JMP 74B15BA9 .text C:\Windows\system32\SLsvc.exe[868] WS2_32.dll!gethostbyname 775362D4 5 Bytes JMP 74B14C79 .text C:\Windows\system32\SLsvc.exe[868] SHELL32.dll!Shell_NotifyIconW 76758642 5 Bytes JMP 74B142E9 .text C:\Windows\system32\SLsvc.exe[868] SHELL32.dll!Shell_GetCachedImageIndexW + 1D31 76779105 5 Bytes JMP 74B16149 .text C:\Windows\system32\svchost.exe[1444] ntdll.dll!RtlCreateProcessParametersEx 7773DFE3 5 Bytes JMP 74B11EE9 .text C:\Windows\system32\svchost.exe[1444] ntdll.dll!NtClose + 5 77774189 5 Bytes JMP 74B158D9 .text C:\Windows\system32\svchost.exe[1444] ntdll.dll!NtCreateFile + 5 77774249 5 Bytes JMP 74B11DC9 .text C:\Windows\system32\svchost.exe[1444] ntdll.dll!NtCreateProcess + 5 77774309 5 Bytes JMP 74B12A29 .text C:\Windows\system32\svchost.exe[1444] ntdll.dll!NtCreateProcessEx + 5 77774319 5 Bytes JMP 74B12AB9 .text C:\Windows\system32\svchost.exe[1444] ntdll.dll!NtCreateThread + 5 77774369 5 Bytes JMP 74B12999 .text C:\Windows\system32\svchost.exe[1444] ntdll.dll!NtDuplicateObject + 5 77774699 5 Bytes JMP 74B12E19 .text C:\Windows\system32\svchost.exe[1444] ntdll.dll!NtLoadDriver + 5 777748D9 5 Bytes JMP 74B15969 .text C:\Windows\system32\svchost.exe[1444] ntdll.dll!NtMapViewOfSection + 5 77774999 5 Bytes JMP 74B115E9 .text C:\Windows\system32\svchost.exe[1444] ntdll.dll!NtOpenProcess + 5 77774AA9 5 Bytes JMP 74B12CF9 .text C:\Windows\system32\svchost.exe[1444] ntdll.dll!NtQueueApcThread + 5 77774E79 5 Bytes JMP 74B12D89 .text C:\Windows\system32\svchost.exe[1444] ntdll.dll!NtRaiseHardError + 5 77774E99 5 Bytes JMP 74B140A9 .text C:\Windows\system32\svchost.exe[1444] ntdll.dll!NtSetContextThread + 5 77775099 5 Bytes JMP 74B12C69 .text C:\Windows\system32\svchost.exe[1444] ntdll.dll!NtSetInformationProcess + 5 77775199 5 Bytes JMP 74B153C9 .text C:\Windows\system32\svchost.exe[1444] ntdll.dll!NtSetSystemInformation + 5 77775259 5 Bytes JMP 74B159F9 .text C:\Windows\system32\svchost.exe[1444] ntdll.dll!NtSetValueKey + 5 777752C9 5 Bytes JMP 74B121B9 .text C:\Windows\system32\svchost.exe[1444] ntdll.dll!NtTerminateProcess + 5 77775369 5 Bytes JMP 74B15339 .text C:\Windows\system32\svchost.exe[1444] ntdll.dll!NtUnmapViewOfSection + 5 77775449 5 Bytes JMP 74B11679 .text C:\Windows\system32\svchost.exe[1444] ntdll.dll!NtWriteVirtualMemory + 5 777754E9 5 Bytes JMP 74B12BD9 .text C:\Windows\system32\svchost.exe[1444] ntdll.dll!NtCreateThreadEx + 5 77775669 5 Bytes JMP 74B12909 .text C:\Windows\system32\svchost.exe[1444] ntdll.dll!RtlReportException 777A4293 5 Bytes JMP 74B14139 .text C:\Windows\system32\svchost.exe[1444] ntdll.dll!RtlCreateProcessParameters 777A6AE8 5 Bytes JMP 74B11E59 .text C:\Windows\system32\svchost.exe[1444] kernel32.dll!GetSystemTimeAsFileTime 778918C0 5 Bytes JMP 74B119D9 .text C:\Windows\system32\svchost.exe[1444] kernel32.dll!GetStartupInfoW 77891929 5 Bytes JMP 74B11D39 .text C:\Windows\system32\svchost.exe[1444] kernel32.dll!GetStartupInfoA 778919C9 5 Bytes JMP 74B11CA9 .text C:\Windows\system32\svchost.exe[1444] kernel32.dll!CreateProcessA 77891C28 5 Bytes JMP 74B12639 .text C:\Windows\system32\svchost.exe[1444] kernel32.dll!Sleep 77891C5D 5 Bytes JMP 74B122D9 .text C:\Windows\system32\svchost.exe[1444] kernel32.dll!WriteProcessMemory 77891CB8 5 Bytes JMP 74B12F39 .text C:\Windows\system32\svchost.exe[1444] kernel32.dll!CreateProcessInternalW 778B5467 5 Bytes JMP 74B12B49 .text C:\Windows\system32\svchost.exe[1444] kernel32.dll!LoadLibraryExW 778B926C 5 Bytes JMP 74B154E9 .text C:\Windows\system32\svchost.exe[1444] kernel32.dll!LoadLibraryExA 778B9544 5 Bytes JMP 74B15459 .text C:\Windows\system32\svchost.exe[1444] kernel32.dll!LoadLibraryA 778B956C 5 Bytes JMP 74B123F9 .text C:\Windows\system32\svchost.exe[1444] kernel32.dll!FreeLibrary 778D3F64 5 Bytes JMP 74B15579 .text C:\Windows\system32\svchost.exe[1444] kernel32.dll!ExitProcess 778D43B4 5 Bytes JMP 74B12249 .text C:\Windows\system32\svchost.exe[1444] kernel32.dll!GetProcAddress 778D921B 5 Bytes JMP 74B12369 .text C:\Windows\system32\svchost.exe[1444] kernel32.dll!GetModuleHandleA 778D9485 5 Bytes JMP 74B118B9 .text C:\Windows\system32\svchost.exe[1444] kernel32.dll!SleepEx 778D9B3E 5 Bytes JMP 74B12129 .text C:\Windows\system32\svchost.exe[1444] kernel32.dll!QueryPerformanceCounter 778DA860 5 Bytes JMP 74B11A69 .text C:\Windows\system32\svchost.exe[1444] kernel32.dll!GetModuleHandleW 778DAA04 5 Bytes JMP 74B11949 .text C:\Windows\system32\svchost.exe[1444] kernel32.dll!OpenMutexW 778DAC85 5 Bytes JMP 74B13329 .text C:\Windows\system32\svchost.exe[1444] kernel32.dll!CloseHandle 778DB08D 5 Bytes JMP 74B13449 .text C:\Windows\system32\svchost.exe[1444] kernel32.dll!CreateThread 778DCB0E 5 Bytes JMP 74B12EA9 .text C:\Windows\system32\svchost.exe[1444] kernel32.dll!CreateRemoteThread 778DCB35 5 Bytes JMP 74B12879 .text C:\Windows\system32\svchost.exe[1444] kernel32.dll!CreateFileA 778DD05F 5 Bytes JMP 74B12519 .text C:\Windows\system32\svchost.exe[1444] kernel32.dll!CreateMutexW 778DD755 5 Bytes JMP 74B133B9 .text C:\Windows\system32\svchost.exe[1444] kernel32.dll!Process32NextW 778E616D 5 Bytes JMP 74B15849 .text C:\Windows\system32\svchost.exe[1444] kernel32.dll!CreateToolhelp32Snapshot 778E68A7 5 Bytes JMP 74B12489 .text C:\Windows\system32\svchost.exe[1444] kernel32.dll!WinExec 7792614F 5 Bytes JMP 74B125A9 .text C:\Windows\system32\svchost.exe[1444] kernel32.dll!ReadConsoleA 77937B6D 5 Bytes JMP 74B13F89 .text C:\Windows\system32\svchost.exe[1444] kernel32.dll!ReadConsoleW 77937BC3 5 Bytes JMP 74B14019 .text C:\Windows\system32\svchost.exe[1444] kernel32.dll!ReadConsoleInputA 77938E13 5 Bytes JMP 74B13E69 .text C:\Windows\system32\svchost.exe[1444] kernel32.dll!ReadConsoleInputW 77938E36 5 Bytes JMP 74B13EF9 .text C:\Windows\system32\svchost.exe[1444] msvcrt.dll!_lock + 29 764F9FAE 5 Bytes JMP 74B15D59 .text C:\Windows\system32\svchost.exe[1444] msvcrt.dll!__p__fmode 7650179B 5 Bytes JMP 74B11B89 .text C:\Windows\system32\svchost.exe[1444] msvcrt.dll!__p__environ 7650C7D7 5 Bytes JMP 74B11AF9 .text C:\Windows\system32\svchost.exe[1444] ADVAPI32.dll!OpenServiceA 765C2EBD 5 Bytes JMP 74B134D9 .text C:\Windows\system32\svchost.exe[1444] ADVAPI32.dll!CloseServiceHandle 765C82A5 5 Bytes JMP 74B13959 .text C:\Windows\system32\svchost.exe[1444] ADVAPI32.dll!OpenServiceW 765C8354 5 Bytes JMP 74B13569 .text C:\Windows\system32\svchost.exe[1444] ADVAPI32.dll!RegOpenCurrentUser + 9B 765E0CC1 5 Bytes JMP 74B15DE9 .text C:\Windows\system32\svchost.exe[1444] ADVAPI32.dll!CreateServiceW 765E9EB4 5 Bytes JMP 74B13B99 .text C:\Windows\system32\svchost.exe[1444] ADVAPI32.dll!ControlService 765E9FB8 5 Bytes JMP 74B13719 .text C:\Windows\system32\svchost.exe[1444] ADVAPI32.dll!DeleteService 765EA07E 5 Bytes JMP 74B137A9 .text C:\Windows\system32\svchost.exe[1444] ADVAPI32.dll!ControlServiceExA 7662662E 5 Bytes JMP 74B135F9 .text C:\Windows\system32\svchost.exe[1444] ADVAPI32.dll!ControlServiceExW 76626741 5 Bytes JMP 74B13689 .text C:\Windows\system32\svchost.exe[1444] ADVAPI32.dll!ChangeServiceConfigA 76626DD9 5 Bytes JMP 74B13839 .text C:\Windows\system32\svchost.exe[1444] ADVAPI32.dll!ChangeServiceConfigW 76626F81 5 Bytes JMP 74B138C9 .text C:\Windows\system32\svchost.exe[1444] ADVAPI32.dll!CreateServiceA 766272A1 5 Bytes JMP 74B13B09 .text C:\Windows\system32\svchost.exe[1444] USER32.dll!SetWindowsHookExA 763C6322 5 Bytes JMP 74B12759 .text C:\Windows\system32\svchost.exe[1444] USER32.dll!CreateDialogIndirectParamAorW 763C7266 5 Bytes JMP 74B14EB9 .text C:\Windows\system32\svchost.exe[1444] USER32.dll!SetWindowsHookExW 763C87AD 5 Bytes JMP 74B127E9 .text C:\Windows\system32\svchost.exe[1444] USER32.dll!CallNextHookEx 763C8E3B 5 Bytes JMP 74B141C9 .text C:\Windows\system32\svchost.exe[1444] USER32.dll!UnhookWindowsHookEx 763C98DB 5 Bytes JMP 74B14259 .text C:\Windows\system32\svchost.exe[1444] USER32.dll!FindWindowA 763C9D76 5 Bytes JMP 74B15609 .text C:\Windows\system32\svchost.exe[1444] USER32.dll!ShowWindow 763CCA10 5 Bytes JMP 74B14E29 .text C:\Windows\system32\svchost.exe[1444] USER32.dll!CreateWindowExA 763CDC2A 5 Bytes JMP 74B14D99 .text C:\Windows\system32\svchost.exe[1444] USER32.dll!FindWindowExA 763CF6C1 5 Bytes JMP 74B15699 .text C:\Windows\system32\svchost.exe[1444] USER32.dll!CreateWindowExW 763D1305 1 Byte [E9] .text C:\Windows\system32\svchost.exe[1444] USER32.dll!CreateWindowExW 763D1305 5 Bytes JMP 74B14D09 .text C:\Windows\system32\svchost.exe[1444] USER32.dll!UserClientDllInitialize 763D7A1D 5 Bytes JMP 74B15E79 .text C:\Windows\system32\svchost.exe[1444] USER32.dll!PeekMessageA 763D8343 5 Bytes JMP 74B13D49 .text C:\Windows\system32\svchost.exe[1444] USER32.dll!GetMessageA 763D8AB3 5 Bytes JMP 74B13C29 .text C:\Windows\system32\svchost.exe[1444] USER32.dll!SetWindowTextW 763D9815 5 Bytes JMP 74B15189 .text C:\Windows\system32\svchost.exe[1444] USER32.dll!FindWindowW 763DA441 5 Bytes JMP 74B15729 .text C:\Windows\system32\svchost.exe[1444] USER32.dll!GetMessageW 763DFEF7 5 Bytes JMP 74B13CB9 .text C:\Windows\system32\svchost.exe[1444] USER32.dll!PeekMessageW 763E045A 5 Bytes JMP 74B13DD9 .text C:\Windows\system32\svchost.exe[1444] USER32.dll!SetWindowTextA 763EA4E6 5 Bytes JMP 74B150F9 .text C:\Windows\system32\svchost.exe[1444] USER32.dll!FindWindowExW 763F260C 5 Bytes JMP 74B157B9 .text C:\Windows\system32\svchost.exe[1444] USER32.dll!DialogBoxIndirectParamAorW 763F2EB6 5 Bytes JMP 74B14F49 .text C:\Windows\system32\svchost.exe[1444] USER32.dll!MessageBoxExA 7641D639 5 Bytes JMP 74B14FD9 .text C:\Windows\system32\svchost.exe[1444] USER32.dll!MessageBoxExW 7641D65D 5 Bytes JMP 74B15069 .text C:\Windows\system32\svchost.exe[1444] WS2_32.dll!WahWriteLSPEvent 77521434 5 Bytes JMP 74B15F09 .text C:\Windows\system32\svchost.exe[1444] WS2_32.dll!closesocket 7752330C 5 Bytes JMP 74B152A9 .text C:\Windows\system32\svchost.exe[1444] WS2_32.dll!recv 7752343A 5 Bytes JMP 74B15C39 .text C:\Windows\system32\svchost.exe[1444] WS2_32.dll!WSASocketW 775234EB 5 Bytes JMP 74B15219 .text C:\Windows\system32\svchost.exe[1444] WS2_32.dll!socket 775236D1 5 Bytes JMP 74B15A89 .text C:\Windows\system32\svchost.exe[1444] WS2_32.dll!GetAddrInfoW 77523D12 5 Bytes JMP 74B14BE9 .text C:\Windows\system32\svchost.exe[1444] WS2_32.dll!connect 775240D9 5 Bytes JMP 74B13A79 .text C:\Windows\system32\svchost.exe[1444] WS2_32.dll!WSASend 77524496 5 Bytes JMP 74B12009 .text C:\Windows\system32\svchost.exe[1444] WS2_32.dll!send 7752659B 5 Bytes JMP 74B11F79 .text C:\Windows\system32\svchost.exe[1444] WS2_32.dll!WSARecv 77528400 5 Bytes JMP 74B15CC9 .text C:\Windows\system32\svchost.exe[1444] WS2_32.dll!WSAConnect 7752D7B0 5 Bytes JMP 74B15BA9 .text C:\Windows\system32\svchost.exe[1444] WS2_32.dll!gethostbyname 775362D4 5 Bytes JMP 74B14C79 .text C:\Windows\system32\svchost.exe[1588] ntdll.dll!RtlCreateProcessParametersEx 7773DFE3 5 Bytes JMP 74B11EE9 .text C:\Windows\system32\svchost.exe[1588] ntdll.dll!NtClose + 5 77774189 5 Bytes JMP 74B158D9 .text C:\Windows\system32\svchost.exe[1588] ntdll.dll!NtCreateFile + 5 77774249 5 Bytes JMP 74B11DC9 .text C:\Windows\system32\svchost.exe[1588] ntdll.dll!NtCreateProcess + 5 77774309 5 Bytes JMP 74B12A29 .text C:\Windows\system32\svchost.exe[1588] ntdll.dll!NtCreateProcessEx + 5 77774319 5 Bytes JMP 74B12AB9 .text C:\Windows\system32\svchost.exe[1588] ntdll.dll!NtCreateThread + 5 77774369 5 Bytes JMP 74B12999 .text C:\Windows\system32\svchost.exe[1588] ntdll.dll!NtDuplicateObject + 5 77774699 5 Bytes JMP 74B12E19 .text C:\Windows\system32\svchost.exe[1588] ntdll.dll!NtLoadDriver + 5 777748D9 5 Bytes JMP 74B15969 .text C:\Windows\system32\svchost.exe[1588] ntdll.dll!NtMapViewOfSection + 5 77774999 5 Bytes JMP 74B115E9 .text C:\Windows\system32\svchost.exe[1588] ntdll.dll!NtOpenProcess + 5 77774AA9 5 Bytes JMP 74B12CF9 .text C:\Windows\system32\svchost.exe[1588] ntdll.dll!NtQueueApcThread + 5 77774E79 5 Bytes JMP 74B12D89 .text C:\Windows\system32\svchost.exe[1588] ntdll.dll!NtRaiseHardError + 5 77774E99 5 Bytes JMP 74B140A9 .text C:\Windows\system32\svchost.exe[1588] ntdll.dll!NtSetContextThread + 5 77775099 5 Bytes JMP 74B12C69 .text C:\Windows\system32\svchost.exe[1588] ntdll.dll!NtSetInformationProcess + 5 77775199 5 Bytes JMP 74B153C9 .text C:\Windows\system32\svchost.exe[1588] ntdll.dll!NtSetSystemInformation + 5 77775259 5 Bytes JMP 74B159F9 .text C:\Windows\system32\svchost.exe[1588] ntdll.dll!NtSetValueKey + 5 777752C9 5 Bytes JMP 74B121B9 .text C:\Windows\system32\svchost.exe[1588] ntdll.dll!NtTerminateProcess + 5 77775369 5 Bytes JMP 74B15339 .text C:\Windows\system32\svchost.exe[1588] ntdll.dll!NtUnmapViewOfSection + 5 77775449 5 Bytes JMP 74B11679 .text C:\Windows\system32\svchost.exe[1588] ntdll.dll!NtWriteVirtualMemory + 5 777754E9 5 Bytes JMP 74B12BD9 .text C:\Windows\system32\svchost.exe[1588] ntdll.dll!NtCreateThreadEx + 5 77775669 5 Bytes JMP 74B12909 .text C:\Windows\system32\svchost.exe[1588] ntdll.dll!RtlReportException 777A4293 5 Bytes JMP 74B14139 .text C:\Windows\system32\svchost.exe[1588] ntdll.dll!RtlCreateProcessParameters 777A6AE8 5 Bytes JMP 74B11E59 .text C:\Windows\system32\svchost.exe[1588] kernel32.dll!GetSystemTimeAsFileTime 778918C0 5 Bytes JMP 74B119D9 .text C:\Windows\system32\svchost.exe[1588] kernel32.dll!GetStartupInfoW 77891929 5 Bytes JMP 74B11D39 .text C:\Windows\system32\svchost.exe[1588] kernel32.dll!GetStartupInfoA 778919C9 5 Bytes JMP 74B11CA9 .text C:\Windows\system32\svchost.exe[1588] kernel32.dll!CreateProcessA 77891C28 5 Bytes JMP 74B12639 .text C:\Windows\system32\svchost.exe[1588] kernel32.dll!Sleep 77891C5D 5 Bytes JMP 74B122D9 .text C:\Windows\system32\svchost.exe[1588] kernel32.dll!WriteProcessMemory 77891CB8 5 Bytes JMP 74B12F39 .text C:\Windows\system32\svchost.exe[1588] kernel32.dll!CreateProcessInternalW 778B5467 5 Bytes JMP 74B12B49 .text C:\Windows\system32\svchost.exe[1588] kernel32.dll!LoadLibraryExW 778B926C 5 Bytes JMP 74B154E9 .text C:\Windows\system32\svchost.exe[1588] kernel32.dll!LoadLibraryExA 778B9544 5 Bytes JMP 74B15459 .text C:\Windows\system32\svchost.exe[1588] kernel32.dll!LoadLibraryA 778B956C 5 Bytes JMP 74B123F9 .text C:\Windows\system32\svchost.exe[1588] kernel32.dll!FreeLibrary 778D3F64 5 Bytes JMP 74B15579 .text C:\Windows\system32\svchost.exe[1588] kernel32.dll!ExitProcess 778D43B4 5 Bytes JMP 74B12249 .text C:\Windows\system32\svchost.exe[1588] kernel32.dll!GetProcAddress 778D921B 5 Bytes JMP 74B12369 .text C:\Windows\system32\svchost.exe[1588] kernel32.dll!GetModuleHandleA 778D9485 5 Bytes JMP 74B118B9 .text C:\Windows\system32\svchost.exe[1588] kernel32.dll!SleepEx 778D9B3E 5 Bytes JMP 74B12129 .text C:\Windows\system32\svchost.exe[1588] kernel32.dll!QueryPerformanceCounter 778DA860 5 Bytes JMP 74B11A69 .text C:\Windows\system32\svchost.exe[1588] kernel32.dll!GetModuleHandleW 778DAA04 5 Bytes JMP 74B11949 .text C:\Windows\system32\svchost.exe[1588] kernel32.dll!OpenMutexW 778DAC85 5 Bytes JMP 74B13329 .text C:\Windows\system32\svchost.exe[1588] kernel32.dll!CloseHandle 778DB08D 5 Bytes JMP 74B13449 .text C:\Windows\system32\svchost.exe[1588] kernel32.dll!CreateThread 778DCB0E 5 Bytes JMP 74B12EA9 .text C:\Windows\system32\svchost.exe[1588] kernel32.dll!CreateRemoteThread 778DCB35 5 Bytes JMP 74B12879 .text C:\Windows\system32\svchost.exe[1588] kernel32.dll!CreateFileA 778DD05F 5 Bytes JMP 74B12519 .text C:\Windows\system32\svchost.exe[1588] kernel32.dll!CreateMutexW 778DD755 5 Bytes JMP 74B133B9 .text C:\Windows\system32\svchost.exe[1588] kernel32.dll!Process32NextW 778E616D 5 Bytes JMP 74B15849 .text C:\Windows\system32\svchost.exe[1588] kernel32.dll!CreateToolhelp32Snapshot 778E68A7 5 Bytes JMP 74B12489 .text C:\Windows\system32\svchost.exe[1588] kernel32.dll!WinExec 7792614F 5 Bytes JMP 74B125A9 .text C:\Windows\system32\svchost.exe[1588] kernel32.dll!ReadConsoleA 77937B6D 5 Bytes JMP 74B13F89 .text C:\Windows\system32\svchost.exe[1588] kernel32.dll!ReadConsoleW 77937BC3 5 Bytes JMP 74B14019 .text C:\Windows\system32\svchost.exe[1588] kernel32.dll!ReadConsoleInputA 77938E13 5 Bytes JMP 74B13E69 .text C:\Windows\system32\svchost.exe[1588] kernel32.dll!ReadConsoleInputW 77938E36 5 Bytes JMP 74B13EF9 .text C:\Windows\system32\svchost.exe[1588] msvcrt.dll!_lock + 29 764F9FAE 5 Bytes JMP 74B15D59 .text C:\Windows\system32\svchost.exe[1588] msvcrt.dll!__p__fmode 7650179B 5 Bytes JMP 74B11B89 .text C:\Windows\system32\svchost.exe[1588] msvcrt.dll!__p__environ 7650C7D7 5 Bytes JMP 74B11AF9 .text C:\Windows\system32\svchost.exe[1588] ADVAPI32.dll!OpenServiceA 765C2EBD 5 Bytes JMP 74B134D9 .text C:\Windows\system32\svchost.exe[1588] ADVAPI32.dll!CloseServiceHandle 765C82A5 5 Bytes JMP 74B13959 .text C:\Windows\system32\svchost.exe[1588] ADVAPI32.dll!OpenServiceW 765C8354 5 Bytes JMP 74B13569 .text C:\Windows\system32\svchost.exe[1588] ADVAPI32.dll!RegOpenCurrentUser + 9B 765E0CC1 5 Bytes JMP 74B15DE9 .text C:\Windows\system32\svchost.exe[1588] ADVAPI32.dll!CreateServiceW 765E9EB4 5 Bytes JMP 74B13B99 .text C:\Windows\system32\svchost.exe[1588] ADVAPI32.dll!ControlService 765E9FB8 5 Bytes JMP 74B13719 .text C:\Windows\system32\svchost.exe[1588] ADVAPI32.dll!DeleteService 765EA07E 5 Bytes JMP 74B137A9 .text C:\Windows\system32\svchost.exe[1588] ADVAPI32.dll!ControlServiceExA 7662662E 5 Bytes JMP 74B135F9 .text C:\Windows\system32\svchost.exe[1588] ADVAPI32.dll!ControlServiceExW 76626741 5 Bytes JMP 74B13689 .text C:\Windows\system32\svchost.exe[1588] ADVAPI32.dll!ChangeServiceConfigA 76626DD9 5 Bytes JMP 74B13839 .text C:\Windows\system32\svchost.exe[1588] ADVAPI32.dll!ChangeServiceConfigW 76626F81 5 Bytes JMP 74B138C9 .text C:\Windows\system32\svchost.exe[1588] ADVAPI32.dll!CreateServiceA 766272A1 5 Bytes JMP 74B13B09 .text C:\Windows\system32\svchost.exe[1588] USER32.dll!SetWindowsHookExA 763C6322 5 Bytes JMP 74B12759 .text C:\Windows\system32\svchost.exe[1588] USER32.dll!CreateDialogIndirectParamAorW 763C7266 5 Bytes JMP 74B14EB9 .text C:\Windows\system32\svchost.exe[1588] USER32.dll!SetWindowsHookExW 763C87AD 5 Bytes JMP 74B127E9 .text C:\Windows\system32\svchost.exe[1588] USER32.dll!CallNextHookEx 763C8E3B 5 Bytes JMP 74B141C9 .text C:\Windows\system32\svchost.exe[1588] USER32.dll!UnhookWindowsHookEx 763C98DB 5 Bytes JMP 74B14259 .text C:\Windows\system32\svchost.exe[1588] USER32.dll!FindWindowA 763C9D76 5 Bytes JMP 74B15609 .text C:\Windows\system32\svchost.exe[1588] USER32.dll!ShowWindow 763CCA10 5 Bytes JMP 74B14E29 .text C:\Windows\system32\svchost.exe[1588] USER32.dll!CreateWindowExA 763CDC2A 5 Bytes JMP 74B14D99 .text C:\Windows\system32\svchost.exe[1588] USER32.dll!FindWindowExA 763CF6C1 5 Bytes JMP 74B15699 .text C:\Windows\system32\svchost.exe[1588] USER32.dll!CreateWindowExW 763D1305 1 Byte [E9] .text C:\Windows\system32\svchost.exe[1588] USER32.dll!CreateWindowExW 763D1305 5 Bytes JMP 74B14D09 .text C:\Windows\system32\svchost.exe[1588] USER32.dll!UserClientDllInitialize 763D7A1D 5 Bytes JMP 74B15E79 .text C:\Windows\system32\svchost.exe[1588] USER32.dll!PeekMessageA 763D8343 5 Bytes JMP 74B13D49 .text C:\Windows\system32\svchost.exe[1588] USER32.dll!GetMessageA 763D8AB3 5 Bytes JMP 74B13C29 .text C:\Windows\system32\svchost.exe[1588] USER32.dll!SetWindowTextW 763D9815 5 Bytes JMP 74B15189 .text C:\Windows\system32\svchost.exe[1588] USER32.dll!FindWindowW 763DA441 5 Bytes JMP 74B15729 .text C:\Windows\system32\svchost.exe[1588] USER32.dll!GetMessageW 763DFEF7 5 Bytes JMP 74B13CB9 .text C:\Windows\system32\svchost.exe[1588] USER32.dll!PeekMessageW 763E045A 5 Bytes JMP 74B13DD9 .text C:\Windows\system32\svchost.exe[1588] USER32.dll!SetWindowTextA 763EA4E6 5 Bytes JMP 74B150F9 .text C:\Windows\system32\svchost.exe[1588] USER32.dll!FindWindowExW 763F260C 5 Bytes JMP 74B157B9 .text C:\Windows\system32\svchost.exe[1588] USER32.dll!DialogBoxIndirectParamAorW 763F2EB6 5 Bytes JMP 74B14F49 .text C:\Windows\system32\svchost.exe[1588] USER32.dll!MessageBoxExA 7641D639 5 Bytes JMP 74B14FD9 .text C:\Windows\system32\svchost.exe[1588] USER32.dll!MessageBoxExW 7641D65D 5 Bytes JMP 74B15069 .text C:\Windows\system32\svchost.exe[1588] WS2_32.dll!WahWriteLSPEvent 77521434 5 Bytes JMP 74B15F09 .text C:\Windows\system32\svchost.exe[1588] WS2_32.dll!closesocket 7752330C 5 Bytes JMP 74B152A9 .text C:\Windows\system32\svchost.exe[1588] WS2_32.dll!recv 7752343A 5 Bytes JMP 74B15C39 .text C:\Windows\system32\svchost.exe[1588] WS2_32.dll!WSASocketW 775234EB 5 Bytes JMP 74B15219 .text C:\Windows\system32\svchost.exe[1588] WS2_32.dll!socket 775236D1 5 Bytes JMP 74B15A89 .text C:\Windows\system32\svchost.exe[1588] WS2_32.dll!GetAddrInfoW 77523D12 5 Bytes JMP 74B14BE9 .text C:\Windows\system32\svchost.exe[1588] WS2_32.dll!connect 775240D9 5 Bytes JMP 74B13A79 .text C:\Windows\system32\svchost.exe[1588] WS2_32.dll!WSASend 77524496 5 Bytes JMP 74B12009 .text C:\Windows\system32\svchost.exe[1588] WS2_32.dll!send 7752659B 5 Bytes JMP 74B11F79 .text C:\Windows\system32\svchost.exe[1588] WS2_32.dll!WSARecv 77528400 5 Bytes JMP 74B15CC9 .text C:\Windows\system32\svchost.exe[1588] WS2_32.dll!WSAConnect 7752D7B0 5 Bytes JMP 74B15BA9 .text C:\Windows\system32\svchost.exe[1588] WS2_32.dll!gethostbyname 775362D4 5 Bytes JMP 74B14C79 .text C:\Windows\system32\svchost.exe[1588] shell32.dll!Shell_NotifyIconW 76758642 5 Bytes JMP 74B142E9 .text C:\Windows\system32\svchost.exe[1588] shell32.dll!Shell_GetCachedImageIndexW + 1D31 76779105 5 Bytes JMP 74B16029 .text C:\Windows\system32\svchost.exe[1696] ntdll.dll!RtlCreateProcessParametersEx 7773DFE3 5 Bytes JMP 74B11EE9 .text C:\Windows\system32\svchost.exe[1696] ntdll.dll!NtClose + 5 77774189 5 Bytes JMP 74B158D9 .text C:\Windows\system32\svchost.exe[1696] ntdll.dll!NtCreateFile + 5 77774249 5 Bytes JMP 74B11DC9 .text C:\Windows\system32\svchost.exe[1696] ntdll.dll!NtCreateProcess + 5 77774309 5 Bytes JMP 74B12A29 .text C:\Windows\system32\svchost.exe[1696] ntdll.dll!NtCreateProcessEx + 5 77774319 5 Bytes JMP 74B12AB9 .text C:\Windows\system32\svchost.exe[1696] ntdll.dll!NtCreateThread + 5 77774369 5 Bytes JMP 74B12999 .text C:\Windows\system32\svchost.exe[1696] ntdll.dll!NtDuplicateObject + 5 77774699 5 Bytes JMP 74B12E19 .text C:\Windows\system32\svchost.exe[1696] ntdll.dll!NtLoadDriver + 5 777748D9 5 Bytes JMP 74B15969 .text C:\Windows\system32\svchost.exe[1696] ntdll.dll!NtMapViewOfSection + 5 77774999 5 Bytes JMP 74B115E9 .text C:\Windows\system32\svchost.exe[1696] ntdll.dll!NtOpenProcess + 5 77774AA9 5 Bytes JMP 74B12CF9 .text C:\Windows\system32\svchost.exe[1696] ntdll.dll!NtQueueApcThread + 5 77774E79 5 Bytes JMP 74B12D89 .text C:\Windows\system32\svchost.exe[1696] ntdll.dll!NtRaiseHardError + 5 77774E99 5 Bytes JMP 74B140A9 .text C:\Windows\system32\svchost.exe[1696] ntdll.dll!NtSetContextThread + 5 77775099 5 Bytes JMP 74B12C69 .text C:\Windows\system32\svchost.exe[1696] ntdll.dll!NtSetInformationProcess + 5 77775199 5 Bytes JMP 74B153C9 .text C:\Windows\system32\svchost.exe[1696] ntdll.dll!NtSetSystemInformation + 5 77775259 5 Bytes JMP 74B159F9 .text C:\Windows\system32\svchost.exe[1696] ntdll.dll!NtSetValueKey + 5 777752C9 5 Bytes JMP 74B121B9 .text C:\Windows\system32\svchost.exe[1696] ntdll.dll!NtTerminateProcess + 5 77775369 5 Bytes JMP 74B15339 .text C:\Windows\system32\svchost.exe[1696] ntdll.dll!NtUnmapViewOfSection + 5 77775449 5 Bytes JMP 74B11679 .text C:\Windows\system32\svchost.exe[1696] ntdll.dll!NtWriteVirtualMemory + 5 777754E9 5 Bytes JMP 74B12BD9 .text C:\Windows\system32\svchost.exe[1696] ntdll.dll!NtCreateThreadEx + 5 77775669 5 Bytes JMP 74B12909 .text C:\Windows\system32\svchost.exe[1696] ntdll.dll!RtlReportException 777A4293 5 Bytes JMP 74B14139 .text C:\Windows\system32\svchost.exe[1696] ntdll.dll!RtlCreateProcessParameters 777A6AE8 5 Bytes JMP 74B11E59 .text C:\Windows\system32\svchost.exe[1696] kernel32.dll!GetSystemTimeAsFileTime 778918C0 5 Bytes JMP 74B119D9 .text C:\Windows\system32\svchost.exe[1696] kernel32.dll!GetStartupInfoW 77891929 5 Bytes JMP 74B11D39 .text C:\Windows\system32\svchost.exe[1696] kernel32.dll!GetStartupInfoA 778919C9 5 Bytes JMP 74B11CA9 .text C:\Windows\system32\svchost.exe[1696] kernel32.dll!CreateProcessA 77891C28 5 Bytes JMP 74B12639 .text C:\Windows\system32\svchost.exe[1696] kernel32.dll!Sleep 77891C5D 5 Bytes JMP 74B122D9 .text C:\Windows\system32\svchost.exe[1696] kernel32.dll!WriteProcessMemory 77891CB8 5 Bytes JMP 74B12F39 .text C:\Windows\system32\svchost.exe[1696] kernel32.dll!CreateProcessInternalW 778B5467 5 Bytes JMP 74B12B49 .text C:\Windows\system32\svchost.exe[1696] kernel32.dll!LoadLibraryExW 778B926C 5 Bytes JMP 74B154E9 .text C:\Windows\system32\svchost.exe[1696] kernel32.dll!LoadLibraryExA 778B9544 5 Bytes JMP 74B15459 .text C:\Windows\system32\svchost.exe[1696] kernel32.dll!LoadLibraryA 778B956C 5 Bytes JMP 74B123F9 .text C:\Windows\system32\svchost.exe[1696] kernel32.dll!FreeLibrary 778D3F64 5 Bytes JMP 74B15579 .text C:\Windows\system32\svchost.exe[1696] kernel32.dll!ExitProcess 778D43B4 5 Bytes JMP 74B12249 .text C:\Windows\system32\svchost.exe[1696] kernel32.dll!GetProcAddress 778D921B 5 Bytes JMP 74B12369 .text C:\Windows\system32\svchost.exe[1696] kernel32.dll!GetModuleHandleA 778D9485 5 Bytes JMP 74B118B9 .text C:\Windows\system32\svchost.exe[1696] kernel32.dll!SleepEx 778D9B3E 5 Bytes JMP 74B12129 .text C:\Windows\system32\svchost.exe[1696] kernel32.dll!QueryPerformanceCounter 778DA860 5 Bytes JMP 74B11A69 .text C:\Windows\system32\svchost.exe[1696] kernel32.dll!GetModuleHandleW 778DAA04 5 Bytes JMP 74B11949 .text C:\Windows\system32\svchost.exe[1696] kernel32.dll!OpenMutexW 778DAC85 5 Bytes JMP 74B13329 .text C:\Windows\system32\svchost.exe[1696] kernel32.dll!CloseHandle 778DB08D 5 Bytes JMP 74B13449 .text C:\Windows\system32\svchost.exe[1696] kernel32.dll!CreateThread 778DCB0E 5 Bytes JMP 74B12EA9 .text C:\Windows\system32\svchost.exe[1696] kernel32.dll!CreateRemoteThread 778DCB35 5 Bytes JMP 74B12879 .text C:\Windows\system32\svchost.exe[1696] kernel32.dll!CreateFileA 778DD05F 5 Bytes JMP 74B12519 .text C:\Windows\system32\svchost.exe[1696] kernel32.dll!CreateMutexW 778DD755 5 Bytes JMP 74B133B9 .text C:\Windows\system32\svchost.exe[1696] kernel32.dll!Process32NextW 778E616D 5 Bytes JMP 74B15849 .text C:\Windows\system32\svchost.exe[1696] kernel32.dll!CreateToolhelp32Snapshot 778E68A7 5 Bytes JMP 74B12489 .text C:\Windows\system32\svchost.exe[1696] kernel32.dll!WinExec 7792614F 5 Bytes JMP 74B125A9 .text C:\Windows\system32\svchost.exe[1696] kernel32.dll!ReadConsoleA 77937B6D 5 Bytes JMP 74B13F89 .text C:\Windows\system32\svchost.exe[1696] kernel32.dll!ReadConsoleW 77937BC3 5 Bytes JMP 74B14019 .text C:\Windows\system32\svchost.exe[1696] kernel32.dll!ReadConsoleInputA 77938E13 5 Bytes JMP 74B13E69 .text C:\Windows\system32\svchost.exe[1696] kernel32.dll!ReadConsoleInputW 77938E36 5 Bytes JMP 74B13EF9 .text C:\Windows\system32\svchost.exe[1696] msvcrt.dll!_lock + 29 764F9FAE 5 Bytes JMP 74B15D59 .text C:\Windows\system32\svchost.exe[1696] msvcrt.dll!__p__fmode 7650179B 5 Bytes JMP 74B11B89 .text C:\Windows\system32\svchost.exe[1696] msvcrt.dll!__p__environ 7650C7D7 5 Bytes JMP 74B11AF9 .text C:\Windows\system32\svchost.exe[1696] ADVAPI32.dll!OpenServiceA 765C2EBD 5 Bytes JMP 74B134D9 .text C:\Windows\system32\svchost.exe[1696] ADVAPI32.dll!CloseServiceHandle 765C82A5 5 Bytes JMP 74B13959 .text C:\Windows\system32\svchost.exe[1696] ADVAPI32.dll!OpenServiceW 765C8354 5 Bytes JMP 74B13569 .text C:\Windows\system32\svchost.exe[1696] ADVAPI32.dll!RegOpenCurrentUser + 9B 765E0CC1 5 Bytes JMP 74B15DE9 .text C:\Windows\system32\svchost.exe[1696] ADVAPI32.dll!CreateServiceW 765E9EB4 5 Bytes JMP 74B13B99 .text C:\Windows\system32\svchost.exe[1696] ADVAPI32.dll!ControlService 765E9FB8 5 Bytes JMP 74B13719 .text C:\Windows\system32\svchost.exe[1696] ADVAPI32.dll!DeleteService 765EA07E 5 Bytes JMP 74B137A9 .text C:\Windows\system32\svchost.exe[1696] ADVAPI32.dll!ControlServiceExA 7662662E 5 Bytes JMP 74B135F9 .text C:\Windows\system32\svchost.exe[1696] ADVAPI32.dll!ControlServiceExW 76626741 5 Bytes JMP 74B13689 .text C:\Windows\system32\svchost.exe[1696] ADVAPI32.dll!ChangeServiceConfigA 76626DD9 5 Bytes JMP 74B13839 .text C:\Windows\system32\svchost.exe[1696] ADVAPI32.dll!ChangeServiceConfigW 76626F81 5 Bytes JMP 74B138C9 .text C:\Windows\system32\svchost.exe[1696] ADVAPI32.dll!CreateServiceA 766272A1 5 Bytes JMP 74B13B09 .text C:\Windows\system32\svchost.exe[1696] USER32.dll!SetWindowsHookExA 763C6322 5 Bytes JMP 74B12759 .text C:\Windows\system32\svchost.exe[1696] USER32.dll!CreateDialogIndirectParamAorW 763C7266 5 Bytes JMP 74B14EB9 .text C:\Windows\system32\svchost.exe[1696] USER32.dll!SetWindowsHookExW 763C87AD 5 Bytes JMP 74B127E9 .text C:\Windows\system32\svchost.exe[1696] USER32.dll!CallNextHookEx 763C8E3B 5 Bytes JMP 74B141C9 .text C:\Windows\system32\svchost.exe[1696] USER32.dll!UnhookWindowsHookEx 763C98DB 5 Bytes JMP 74B14259 .text C:\Windows\system32\svchost.exe[1696] USER32.dll!FindWindowA 763C9D76 5 Bytes JMP 74B15609 .text C:\Windows\system32\svchost.exe[1696] USER32.dll!ShowWindow 763CCA10 5 Bytes JMP 74B14E29 .text C:\Windows\system32\svchost.exe[1696] USER32.dll!CreateWindowExA 763CDC2A 5 Bytes JMP 74B14D99 .text C:\Windows\system32\svchost.exe[1696] USER32.dll!FindWindowExA 763CF6C1 5 Bytes JMP 74B15699 .text C:\Windows\system32\svchost.exe[1696] USER32.dll!CreateWindowExW 763D1305 1 Byte [E9] .text C:\Windows\system32\svchost.exe[1696] USER32.dll!CreateWindowExW 763D1305 5 Bytes JMP 74B14D09 .text C:\Windows\system32\svchost.exe[1696] USER32.dll!UserClientDllInitialize 763D7A1D 5 Bytes JMP 74B15E79 .text C:\Windows\system32\svchost.exe[1696] USER32.dll!PeekMessageA 763D8343 5 Bytes JMP 74B13D49 .text C:\Windows\system32\svchost.exe[1696] USER32.dll!GetMessageA 763D8AB3 5 Bytes JMP 74B13C29 .text C:\Windows\system32\svchost.exe[1696] USER32.dll!SetWindowTextW 763D9815 5 Bytes JMP 74B15189 .text C:\Windows\system32\svchost.exe[1696] USER32.dll!FindWindowW 763DA441 5 Bytes JMP 74B15729 .text C:\Windows\system32\svchost.exe[1696] USER32.dll!GetMessageW 763DFEF7 5 Bytes JMP 74B13CB9 .text C:\Windows\system32\svchost.exe[1696] USER32.dll!PeekMessageW 763E045A 5 Bytes JMP 74B13DD9 .text C:\Windows\system32\svchost.exe[1696] USER32.dll!SetWindowTextA 763EA4E6 5 Bytes JMP 74B150F9 .text C:\Windows\system32\svchost.exe[1696] USER32.dll!FindWindowExW 763F260C 5 Bytes JMP 74B157B9 .text C:\Windows\system32\svchost.exe[1696] USER32.dll!DialogBoxIndirectParamAorW 763F2EB6 5 Bytes JMP 74B14F49 .text C:\Windows\system32\svchost.exe[1696] USER32.dll!MessageBoxExA 7641D639 5 Bytes JMP 74B14FD9 .text C:\Windows\system32\svchost.exe[1696] USER32.dll!MessageBoxExW 7641D65D 5 Bytes JMP 74B15069 .text C:\Windows\system32\svchost.exe[1696] WS2_32.dll!WahWriteLSPEvent 77521434 5 Bytes JMP 74B15F09 .text C:\Windows\system32\svchost.exe[1696] WS2_32.dll!closesocket 7752330C 5 Bytes JMP 74B152A9 .text C:\Windows\system32\svchost.exe[1696] WS2_32.dll!recv 7752343A 5 Bytes JMP 74B15C39 .text C:\Windows\system32\svchost.exe[1696] WS2_32.dll!WSASocketW 775234EB 5 Bytes JMP 74B15219 .text C:\Windows\system32\svchost.exe[1696] WS2_32.dll!socket 775236D1 5 Bytes JMP 74B15A89 .text C:\Windows\system32\svchost.exe[1696] WS2_32.dll!GetAddrInfoW 77523D12 5 Bytes JMP 74B14BE9 .text C:\Windows\system32\svchost.exe[1696] WS2_32.dll!connect 775240D9 5 Bytes JMP 74B13A79 .text C:\Windows\system32\svchost.exe[1696] WS2_32.dll!WSASend 77524496 5 Bytes JMP 74B12009 .text C:\Windows\system32\svchost.exe[1696] WS2_32.dll!send 7752659B 5 Bytes JMP 74B11F79 .text C:\Windows\system32\svchost.exe[1696] WS2_32.dll!WSARecv 77528400 5 Bytes JMP 74B15CC9 .text C:\Windows\system32\svchost.exe[1696] WS2_32.dll!WSAConnect 7752D7B0 5 Bytes JMP 74B15BA9 .text C:\Windows\system32\svchost.exe[1696] WS2_32.dll!gethostbyname 775362D4 5 Bytes JMP 74B14C79 .text C:\Windows\system32\svchost.exe[1696] SHELL32.dll!Shell_NotifyIconW 76758642 5 Bytes JMP 74B142E9 .text C:\Windows\system32\svchost.exe[1696] SHELL32.dll!Shell_GetCachedImageIndexW + 1D31 76779105 5 Bytes JMP 74B15F99 .text C:\Windows\system32\Dwm.exe[1956] ntdll.dll!RtlCreateProcessParametersEx 7773DFE3 5 Bytes JMP 74B11EE9 .text C:\Windows\system32\Dwm.exe[1956] ntdll.dll!NtClose + 5 77774189 5 Bytes JMP 74B158D9 .text C:\Windows\system32\Dwm.exe[1956] ntdll.dll!NtCreateFile + 5 77774249 5 Bytes JMP 74B11DC9 .text C:\Windows\system32\Dwm.exe[1956] ntdll.dll!NtCreateProcess + 5 77774309 5 Bytes JMP 74B12A29 .text C:\Windows\system32\Dwm.exe[1956] ntdll.dll!NtCreateProcessEx + 5 77774319 5 Bytes JMP 74B12AB9 .text C:\Windows\system32\Dwm.exe[1956] ntdll.dll!NtCreateThread + 5 77774369 5 Bytes JMP 74B12999 .text C:\Windows\system32\Dwm.exe[1956] ntdll.dll!NtDuplicateObject + 5 77774699 5 Bytes JMP 74B12E19 .text C:\Windows\system32\Dwm.exe[1956] ntdll.dll!NtLoadDriver + 5 777748D9 5 Bytes JMP 74B15969 .text C:\Windows\system32\Dwm.exe[1956] ntdll.dll!NtMapViewOfSection + 5 77774999 5 Bytes JMP 74B115E9 .text C:\Windows\system32\Dwm.exe[1956] ntdll.dll!NtOpenProcess + 5 77774AA9 5 Bytes JMP 74B12CF9 .text C:\Windows\system32\Dwm.exe[1956] ntdll.dll!NtQueueApcThread + 5 77774E79 5 Bytes JMP 74B12D89 .text C:\Windows\system32\Dwm.exe[1956] ntdll.dll!NtRaiseHardError + 5 77774E99 5 Bytes JMP 74B140A9 .text C:\Windows\system32\Dwm.exe[1956] ntdll.dll!NtSetContextThread + 5 77775099 5 Bytes JMP 74B12C69 .text C:\Windows\system32\Dwm.exe[1956] ntdll.dll!NtSetInformationProcess + 5 77775199 5 Bytes JMP 74B153C9 .text C:\Windows\system32\Dwm.exe[1956] ntdll.dll!NtSetSystemInformation + 5 77775259 5 Bytes JMP 74B159F9 .text C:\Windows\system32\Dwm.exe[1956] ntdll.dll!NtSetValueKey + 5 777752C9 5 Bytes JMP 74B121B9 .text C:\Windows\system32\Dwm.exe[1956] ntdll.dll!NtTerminateProcess + 5 77775369 5 Bytes JMP 74B15339 .text C:\Windows\system32\Dwm.exe[1956] ntdll.dll!NtUnmapViewOfSection + 5 77775449 5 Bytes JMP 74B11679 .text C:\Windows\system32\Dwm.exe[1956] ntdll.dll!NtVdmControl + 5 77775459 5 Bytes JMP 74B15D59 .text C:\Windows\system32\Dwm.exe[1956] ntdll.dll!NtWriteVirtualMemory + 5 777754E9 5 Bytes JMP 74B12BD9 .text C:\Windows\system32\Dwm.exe[1956] ntdll.dll!NtCreateThreadEx + 5 77775669 5 Bytes JMP 74B12909 .text C:\Windows\system32\Dwm.exe[1956] ntdll.dll!RtlReportException 777A4293 5 Bytes JMP 74B14139 .text C:\Windows\system32\Dwm.exe[1956] ntdll.dll!RtlCreateProcessParameters 777A6AE8 5 Bytes JMP 74B11E59 .text C:\Windows\system32\Dwm.exe[1956] kernel32.dll!GetSystemTimeAsFileTime 778918C0 5 Bytes JMP 74B119D9 .text C:\Windows\system32\Dwm.exe[1956] kernel32.dll!GetStartupInfoW 77891929 5 Bytes JMP 74B11D39 .text C:\Windows\system32\Dwm.exe[1956] kernel32.dll!GetStartupInfoA 778919C9 5 Bytes JMP 74B11CA9 .text C:\Windows\system32\Dwm.exe[1956] kernel32.dll!CreateProcessA 77891C28 5 Bytes JMP 74B12639 .text C:\Windows\system32\Dwm.exe[1956] kernel32.dll!Sleep 77891C5D 5 Bytes JMP 74B122D9 .text C:\Windows\system32\Dwm.exe[1956] kernel32.dll!WriteProcessMemory 77891CB8 5 Bytes JMP 74B12F39 .text C:\Windows\system32\Dwm.exe[1956] kernel32.dll!CreateProcessInternalW 778B5467 5 Bytes JMP 74B12B49 .text C:\Windows\system32\Dwm.exe[1956] kernel32.dll!LoadLibraryExW 778B926C 5 Bytes JMP 74B154E9 .text C:\Windows\system32\Dwm.exe[1956] kernel32.dll!LoadLibraryExA 778B9544 5 Bytes JMP 74B15459 .text C:\Windows\system32\Dwm.exe[1956] kernel32.dll!LoadLibraryA 778B956C 5 Bytes JMP 74B123F9 .text C:\Windows\system32\Dwm.exe[1956] kernel32.dll!FreeLibrary 778D3F64 5 Bytes JMP 74B15579 .text C:\Windows\system32\Dwm.exe[1956] kernel32.dll!ExitProcess 778D43B4 5 Bytes JMP 74B12249 .text C:\Windows\system32\Dwm.exe[1956] kernel32.dll!GetProcAddress 778D921B 5 Bytes JMP 74B12369 .text C:\Windows\system32\Dwm.exe[1956] kernel32.dll!GetModuleHandleA 778D9485 5 Bytes JMP 74B118B9 .text C:\Windows\system32\Dwm.exe[1956] kernel32.dll!SleepEx 778D9B3E 5 Bytes JMP 74B12129 .text C:\Windows\system32\Dwm.exe[1956] kernel32.dll!QueryPerformanceCounter 778DA860 5 Bytes JMP 74B11A69 .text C:\Windows\system32\Dwm.exe[1956] kernel32.dll!GetModuleHandleW 778DAA04 5 Bytes JMP 74B11949 .text C:\Windows\system32\Dwm.exe[1956] kernel32.dll!OpenMutexW 778DAC85 5 Bytes JMP 74B13329 .text C:\Windows\system32\Dwm.exe[1956] kernel32.dll!CloseHandle 778DB08D 5 Bytes JMP 74B13449 .text C:\Windows\system32\Dwm.exe[1956] kernel32.dll!CreateThread 778DCB0E 5 Bytes JMP 74B12EA9 .text C:\Windows\system32\Dwm.exe[1956] kernel32.dll!CreateRemoteThread 778DCB35 5 Bytes JMP 74B12879 .text C:\Windows\system32\Dwm.exe[1956] kernel32.dll!CreateFileA 778DD05F 5 Bytes JMP 74B12519 .text C:\Windows\system32\Dwm.exe[1956] kernel32.dll!CreateMutexW 778DD755 5 Bytes JMP 74B133B9 .text C:\Windows\system32\Dwm.exe[1956] kernel32.dll!Process32NextW 778E616D 5 Bytes JMP 74B15849 .text C:\Windows\system32\Dwm.exe[1956] kernel32.dll!CreateToolhelp32Snapshot 778E68A7 5 Bytes JMP 74B12489 .text C:\Windows\system32\Dwm.exe[1956] kernel32.dll!WinExec 7792614F 5 Bytes JMP 74B125A9 .text C:\Windows\system32\Dwm.exe[1956] kernel32.dll!ReadConsoleA 77937B6D 5 Bytes JMP 74B13F89 .text C:\Windows\system32\Dwm.exe[1956] kernel32.dll!ReadConsoleW 77937BC3 5 Bytes JMP 74B14019 .text C:\Windows\system32\Dwm.exe[1956] kernel32.dll!ReadConsoleInputA 77938E13 5 Bytes JMP 74B13E69 .text C:\Windows\system32\Dwm.exe[1956] kernel32.dll!ReadConsoleInputW 77938E36 5 Bytes JMP 74B13EF9 .text C:\Windows\system32\Dwm.exe[1956] ADVAPI32.dll!OpenServiceA 765C2EBD 5 Bytes JMP 74B134D9 .text C:\Windows\system32\Dwm.exe[1956] ADVAPI32.dll!CloseServiceHandle 765C82A5 5 Bytes JMP 74B13959 .text C:\Windows\system32\Dwm.exe[1956] ADVAPI32.dll!OpenServiceW 765C8354 5 Bytes JMP 74B13569 .text C:\Windows\system32\Dwm.exe[1956] ADVAPI32.dll!RegOpenCurrentUser + 9B 765E0CC1 5 Bytes JMP 74B15F09 .text C:\Windows\system32\Dwm.exe[1956] ADVAPI32.dll!CreateServiceW 765E9EB4 5 Bytes JMP 74B13B99 .text C:\Windows\system32\Dwm.exe[1956] ADVAPI32.dll!ControlService 765E9FB8 5 Bytes JMP 74B13719 .text C:\Windows\system32\Dwm.exe[1956] ADVAPI32.dll!DeleteService 765EA07E 5 Bytes JMP 74B137A9 .text C:\Windows\system32\Dwm.exe[1956] ADVAPI32.dll!ControlServiceExA 7662662E 5 Bytes JMP 74B135F9 .text C:\Windows\system32\Dwm.exe[1956] ADVAPI32.dll!ControlServiceExW 76626741 5 Bytes JMP 74B13689 .text C:\Windows\system32\Dwm.exe[1956] ADVAPI32.dll!ChangeServiceConfigA 76626DD9 5 Bytes JMP 74B13839 .text C:\Windows\system32\Dwm.exe[1956] ADVAPI32.dll!ChangeServiceConfigW 76626F81 5 Bytes JMP 74B138C9 .text C:\Windows\system32\Dwm.exe[1956] ADVAPI32.dll!CreateServiceA 766272A1 5 Bytes JMP 74B13B09 .text C:\Windows\system32\Dwm.exe[1956] USER32.dll!SetWindowsHookExA 763C6322 5 Bytes JMP 74B12759 .text C:\Windows\system32\Dwm.exe[1956] USER32.dll!CreateDialogIndirectParamAorW 763C7266 5 Bytes JMP 74B14EB9 .text C:\Windows\system32\Dwm.exe[1956] USER32.dll!SetWindowsHookExW 763C87AD 5 Bytes JMP 74B127E9 .text C:\Windows\system32\Dwm.exe[1956] USER32.dll!CallNextHookEx 763C8E3B 5 Bytes JMP 74B141C9 .text C:\Windows\system32\Dwm.exe[1956] USER32.dll!UnhookWindowsHookEx 763C98DB 5 Bytes JMP 74B14259 .text C:\Windows\system32\Dwm.exe[1956] USER32.dll!FindWindowA 763C9D76 5 Bytes JMP 74B15609 .text C:\Windows\system32\Dwm.exe[1956] USER32.dll!ShowWindow 763CCA10 5 Bytes JMP 74B14E29 .text C:\Windows\system32\Dwm.exe[1956] USER32.dll!CreateWindowExA 763CDC2A 5 Bytes JMP 74B14D99 .text C:\Windows\system32\Dwm.exe[1956] USER32.dll!FindWindowExA 763CF6C1 5 Bytes JMP 74B15699 .text C:\Windows\system32\Dwm.exe[1956] USER32.dll!PostMessageA 763CF8F8 5 Bytes JMP 74B15DE9 .text C:\Windows\system32\Dwm.exe[1956] USER32.dll!CreateWindowExW 763D1305 1 Byte [E9] .text C:\Windows\system32\Dwm.exe[1956] USER32.dll!CreateWindowExW 763D1305 5 Bytes JMP 74B14D09 .text C:\Windows\system32\Dwm.exe[1956] USER32.dll!UserClientDllInitialize 763D7A1D 5 Bytes JMP 74B15F99 .text C:\Windows\system32\Dwm.exe[1956] USER32.dll!PeekMessageA 763D8343 5 Bytes JMP 74B13D49 .text C:\Windows\system32\Dwm.exe[1956] USER32.dll!GetMessageA 763D8AB3 5 Bytes JMP 74B13C29 .text C:\Windows\system32\Dwm.exe[1956] USER32.dll!SetWindowTextW 763D9815 5 Bytes JMP 74B15189 .text C:\Windows\system32\Dwm.exe[1956] USER32.dll!PostMessageW 763DA175 1 Byte [E9] .text C:\Windows\system32\Dwm.exe[1956] USER32.dll!PostMessageW 763DA175 5 Bytes JMP 74B15E79 .text C:\Windows\system32\Dwm.exe[1956] USER32.dll!FindWindowW 763DA441 5 Bytes JMP 74B15729 .text C:\Windows\system32\Dwm.exe[1956] USER32.dll!GetMessageW 763DFEF7 5 Bytes JMP 74B13CB9 .text C:\Windows\system32\Dwm.exe[1956] USER32.dll!PeekMessageW 763E045A 5 Bytes JMP 74B13DD9 .text C:\Windows\system32\Dwm.exe[1956] USER32.dll!SetWindowTextA 763EA4E6 5 Bytes JMP 74B150F9 .text C:\Windows\system32\Dwm.exe[1956] USER32.dll!FindWindowExW 763F260C 5 Bytes JMP 74B157B9 .text C:\Windows\system32\Dwm.exe[1956] USER32.dll!DialogBoxIndirectParamAorW 763F2EB6 5 Bytes JMP 74B14F49 .text C:\Windows\system32\Dwm.exe[1956] USER32.dll!MessageBoxExA 7641D639 5 Bytes JMP 74B14FD9 .text C:\Windows\system32\Dwm.exe[1956] USER32.dll!MessageBoxExW 7641D65D 5 Bytes JMP 74B15069 .text C:\Windows\system32\Dwm.exe[1956] msvcrt.dll!_lock + 29 764F9FAE 5 Bytes JMP 74B16029 .text C:\Windows\system32\Dwm.exe[1956] msvcrt.dll!__p__fmode 7650179B 5 Bytes JMP 74B11B89 .text C:\Windows\system32\Dwm.exe[1956] msvcrt.dll!__p__environ 7650C7D7 5 Bytes JMP 74B11AF9 .text C:\Windows\system32\Dwm.exe[1956] WS2_32.dll!WahWriteLSPEvent 77521434 5 Bytes JMP 74B16149 .text C:\Windows\system32\Dwm.exe[1956] WS2_32.dll!closesocket 7752330C 5 Bytes JMP 74B152A9 .text C:\Windows\system32\Dwm.exe[1956] WS2_32.dll!recv 7752343A 5 Bytes JMP 74B15C39 .text C:\Windows\system32\Dwm.exe[1956] WS2_32.dll!WSASocketW 775234EB 5 Bytes JMP 74B15219 .text C:\Windows\system32\Dwm.exe[1956] WS2_32.dll!socket 775236D1 5 Bytes JMP 74B15A89 .text C:\Windows\system32\Dwm.exe[1956] WS2_32.dll!GetAddrInfoW 77523D12 5 Bytes JMP 74B14BE9 .text C:\Windows\system32\Dwm.exe[1956] WS2_32.dll!connect 775240D9 5 Bytes JMP 74B13A79 .text C:\Windows\system32\Dwm.exe[1956] WS2_32.dll!WSASend 77524496 5 Bytes JMP 74B12009 .text C:\Windows\system32\Dwm.exe[1956] WS2_32.dll!send 7752659B 5 Bytes JMP 74B11F79 .text C:\Windows\system32\Dwm.exe[1956] WS2_32.dll!WSARecv 77528400 5 Bytes JMP 74B15CC9 .text C:\Windows\system32\Dwm.exe[1956] WS2_32.dll!WSAConnect 7752D7B0 5 Bytes JMP 74B15BA9 .text C:\Windows\system32\Dwm.exe[1956] WS2_32.dll!gethostbyname 775362D4 5 Bytes JMP 74B14C79 .text C:\Windows\system32\svchost.exe[2476] ntdll.dll!RtlCreateProcessParametersEx 7773DFE3 5 Bytes JMP 74B11EE9 .text C:\Windows\system32\svchost.exe[2476] ntdll.dll!NtClose + 5 77774189 5 Bytes JMP 74B158D9 .text C:\Windows\system32\svchost.exe[2476] ntdll.dll!NtCreateFile + 5 77774249 5 Bytes JMP 74B11DC9 .text C:\Windows\system32\svchost.exe[2476] ntdll.dll!NtCreateProcess + 5 77774309 5 Bytes JMP 74B12A29 .text C:\Windows\system32\svchost.exe[2476] ntdll.dll!NtCreateProcessEx + 5 77774319 5 Bytes JMP 74B12AB9 .text C:\Windows\system32\svchost.exe[2476] ntdll.dll!NtCreateThread + 5 77774369 5 Bytes JMP 74B12999 .text C:\Windows\system32\svchost.exe[2476] ntdll.dll!NtDuplicateObject + 5 77774699 5 Bytes JMP 74B12E19 .text C:\Windows\system32\svchost.exe[2476] ntdll.dll!NtLoadDriver + 5 777748D9 5 Bytes JMP 74B15969 .text C:\Windows\system32\svchost.exe[2476] ntdll.dll!NtMapViewOfSection + 5 77774999 5 Bytes JMP 74B115E9 .text C:\Windows\system32\svchost.exe[2476] ntdll.dll!NtOpenProcess + 5 77774AA9 5 Bytes JMP 74B12CF9 .text C:\Windows\system32\svchost.exe[2476] ntdll.dll!NtQueueApcThread + 5 77774E79 5 Bytes JMP 74B12D89 .text C:\Windows\system32\svchost.exe[2476] ntdll.dll!NtRaiseHardError + 5 77774E99 5 Bytes JMP 74B140A9 .text C:\Windows\system32\svchost.exe[2476] ntdll.dll!NtSetContextThread + 5 77775099 5 Bytes JMP 74B12C69 .text C:\Windows\system32\svchost.exe[2476] ntdll.dll!NtSetInformationProcess + 5 77775199 5 Bytes JMP 74B153C9 .text C:\Windows\system32\svchost.exe[2476] ntdll.dll!NtSetSystemInformation + 5 77775259 5 Bytes JMP 74B159F9 .text C:\Windows\system32\svchost.exe[2476] ntdll.dll!NtSetValueKey + 5 777752C9 5 Bytes JMP 74B121B9 .text C:\Windows\system32\svchost.exe[2476] ntdll.dll!NtTerminateProcess + 5 77775369 5 Bytes JMP 74B15339 .text C:\Windows\system32\svchost.exe[2476] ntdll.dll!NtUnmapViewOfSection + 5 77775449 5 Bytes JMP 74B11679 .text C:\Windows\system32\svchost.exe[2476] ntdll.dll!NtWriteVirtualMemory + 5 777754E9 5 Bytes JMP 74B12BD9 .text C:\Windows\system32\svchost.exe[2476] ntdll.dll!NtCreateThreadEx + 5 77775669 5 Bytes JMP 74B12909 .text C:\Windows\system32\svchost.exe[2476] ntdll.dll!RtlReportException 777A4293 5 Bytes JMP 74B14139 .text C:\Windows\system32\svchost.exe[2476] ntdll.dll!RtlCreateProcessParameters 777A6AE8 5 Bytes JMP 74B11E59 .text C:\Windows\system32\svchost.exe[2476] kernel32.dll!GetSystemTimeAsFileTime 778918C0 5 Bytes JMP 74B119D9 .text C:\Windows\system32\svchost.exe[2476] kernel32.dll!GetStartupInfoW 77891929 5 Bytes JMP 74B11D39 .text C:\Windows\system32\svchost.exe[2476] kernel32.dll!GetStartupInfoA 778919C9 5 Bytes JMP 74B11CA9 .text C:\Windows\system32\svchost.exe[2476] kernel32.dll!CreateProcessA 77891C28 5 Bytes JMP 74B12639 .text C:\Windows\system32\svchost.exe[2476] kernel32.dll!Sleep 77891C5D 5 Bytes JMP 74B122D9 .text C:\Windows\system32\svchost.exe[2476] kernel32.dll!WriteProcessMemory 77891CB8 5 Bytes JMP 74B12F39 .text C:\Windows\system32\svchost.exe[2476] kernel32.dll!CreateProcessInternalW 778B5467 5 Bytes JMP 74B12B49 .text C:\Windows\system32\svchost.exe[2476] kernel32.dll!LoadLibraryExW 778B926C 5 Bytes JMP 74B154E9 .text C:\Windows\system32\svchost.exe[2476] kernel32.dll!LoadLibraryExA 778B9544 5 Bytes JMP 74B15459 .text C:\Windows\system32\svchost.exe[2476] kernel32.dll!LoadLibraryA 778B956C 5 Bytes JMP 74B123F9 .text C:\Windows\system32\svchost.exe[2476] kernel32.dll!FreeLibrary 778D3F64 5 Bytes JMP 74B15579 .text C:\Windows\system32\svchost.exe[2476] kernel32.dll!ExitProcess 778D43B4 5 Bytes JMP 74B12249 .text C:\Windows\system32\svchost.exe[2476] kernel32.dll!GetProcAddress 778D921B 5 Bytes JMP 74B12369 .text C:\Windows\system32\svchost.exe[2476] kernel32.dll!GetModuleHandleA 778D9485 5 Bytes JMP 74B118B9 .text C:\Windows\system32\svchost.exe[2476] kernel32.dll!SleepEx 778D9B3E 5 Bytes JMP 74B12129 .text C:\Windows\system32\svchost.exe[2476] kernel32.dll!QueryPerformanceCounter 778DA860 5 Bytes JMP 74B11A69 .text C:\Windows\system32\svchost.exe[2476] kernel32.dll!GetModuleHandleW 778DAA04 5 Bytes JMP 74B11949 .text C:\Windows\system32\svchost.exe[2476] kernel32.dll!OpenMutexW 778DAC85 5 Bytes JMP 74B13329 .text C:\Windows\system32\svchost.exe[2476] kernel32.dll!CloseHandle 778DB08D 5 Bytes JMP 74B13449 .text C:\Windows\system32\svchost.exe[2476] kernel32.dll!CreateThread 778DCB0E 5 Bytes JMP 74B12EA9 .text C:\Windows\system32\svchost.exe[2476] kernel32.dll!CreateRemoteThread 778DCB35 5 Bytes JMP 74B12879 .text C:\Windows\system32\svchost.exe[2476] kernel32.dll!CreateFileA 778DD05F 5 Bytes JMP 74B12519 .text C:\Windows\system32\svchost.exe[2476] kernel32.dll!CreateMutexW 778DD755 5 Bytes JMP 74B133B9 .text C:\Windows\system32\svchost.exe[2476] kernel32.dll!Process32NextW 778E616D 5 Bytes JMP 74B15849 .text C:\Windows\system32\svchost.exe[2476] kernel32.dll!CreateToolhelp32Snapshot 778E68A7 5 Bytes JMP 74B12489 .text C:\Windows\system32\svchost.exe[2476] kernel32.dll!WinExec 7792614F 5 Bytes JMP 74B125A9 .text C:\Windows\system32\svchost.exe[2476] kernel32.dll!ReadConsoleA 77937B6D 5 Bytes JMP 74B13F89 .text C:\Windows\system32\svchost.exe[2476] kernel32.dll!ReadConsoleW 77937BC3 5 Bytes JMP 74B14019 .text C:\Windows\system32\svchost.exe[2476] kernel32.dll!ReadConsoleInputA 77938E13 5 Bytes JMP 74B13E69 .text C:\Windows\system32\svchost.exe[2476] kernel32.dll!ReadConsoleInputW 77938E36 5 Bytes JMP 74B13EF9 .text C:\Windows\system32\svchost.exe[2476] msvcrt.dll!_lock + 29 764F9FAE 5 Bytes JMP 74B15D59 .text C:\Windows\system32\svchost.exe[2476] msvcrt.dll!__p__fmode 7650179B 5 Bytes JMP 74B11B89 .text C:\Windows\system32\svchost.exe[2476] msvcrt.dll!__p__environ 7650C7D7 5 Bytes JMP 74B11AF9 .text C:\Windows\system32\svchost.exe[2476] ADVAPI32.dll!OpenServiceA 765C2EBD 5 Bytes JMP 74B134D9 .text C:\Windows\system32\svchost.exe[2476] ADVAPI32.dll!CloseServiceHandle 765C82A5 5 Bytes JMP 74B13959 .text C:\Windows\system32\svchost.exe[2476] ADVAPI32.dll!OpenServiceW 765C8354 5 Bytes JMP 74B13569 .text C:\Windows\system32\svchost.exe[2476] ADVAPI32.dll!RegOpenCurrentUser + 9B 765E0CC1 5 Bytes JMP 74B15DE9 .text C:\Windows\system32\svchost.exe[2476] ADVAPI32.dll!CreateServiceW 765E9EB4 5 Bytes JMP 74B13B99 .text C:\Windows\system32\svchost.exe[2476] ADVAPI32.dll!ControlService 765E9FB8 5 Bytes JMP 74B13719 .text C:\Windows\system32\svchost.exe[2476] ADVAPI32.dll!DeleteService 765EA07E 5 Bytes JMP 74B137A9 .text C:\Windows\system32\svchost.exe[2476] ADVAPI32.dll!ControlServiceExA 7662662E 5 Bytes JMP 74B135F9 .text C:\Windows\system32\svchost.exe[2476] ADVAPI32.dll!ControlServiceExW 76626741 5 Bytes JMP 74B13689 .text C:\Windows\system32\svchost.exe[2476] ADVAPI32.dll!ChangeServiceConfigA 76626DD9 5 Bytes JMP 74B13839 .text C:\Windows\system32\svchost.exe[2476] ADVAPI32.dll!ChangeServiceConfigW 76626F81 5 Bytes JMP 74B138C9 .text C:\Windows\system32\svchost.exe[2476] ADVAPI32.dll!CreateServiceA 766272A1 5 Bytes JMP 74B13B09 .text C:\Windows\system32\svchost.exe[2476] USER32.dll!SetWindowsHookExA 763C6322 5 Bytes JMP 74B12759 .text C:\Windows\system32\svchost.exe[2476] USER32.dll!CreateDialogIndirectParamAorW 763C7266 5 Bytes JMP 74B14EB9 .text C:\Windows\system32\svchost.exe[2476] USER32.dll!SetWindowsHookExW 763C87AD 5 Bytes JMP 74B127E9 .text C:\Windows\system32\svchost.exe[2476] USER32.dll!CallNextHookEx 763C8E3B 5 Bytes JMP 74B141C9 .text C:\Windows\system32\svchost.exe[2476] USER32.dll!UnhookWindowsHookEx 763C98DB 5 Bytes JMP 74B14259 .text C:\Windows\system32\svchost.exe[2476] USER32.dll!FindWindowA 763C9D76 5 Bytes JMP 74B15609 .text C:\Windows\system32\svchost.exe[2476] USER32.dll!ShowWindow 763CCA10 5 Bytes JMP 74B14E29 .text C:\Windows\system32\svchost.exe[2476] USER32.dll!CreateWindowExA 763CDC2A 5 Bytes JMP 74B14D99 .text C:\Windows\system32\svchost.exe[2476] USER32.dll!FindWindowExA 763CF6C1 5 Bytes JMP 74B15699 .text C:\Windows\system32\svchost.exe[2476] USER32.dll!CreateWindowExW 763D1305 1 Byte [E9] .text C:\Windows\system32\svchost.exe[2476] USER32.dll!CreateWindowExW 763D1305 5 Bytes JMP 74B14D09 .text C:\Windows\system32\svchost.exe[2476] USER32.dll!UserClientDllInitialize 763D7A1D 5 Bytes JMP 74B15E79 .text C:\Windows\system32\svchost.exe[2476] USER32.dll!PeekMessageA 763D8343 5 Bytes JMP 74B13D49 .text C:\Windows\system32\svchost.exe[2476] USER32.dll!GetMessageA 763D8AB3 5 Bytes JMP 74B13C29 .text C:\Windows\system32\svchost.exe[2476] USER32.dll!SetWindowTextW 763D9815 5 Bytes JMP 74B15189 .text C:\Windows\system32\svchost.exe[2476] USER32.dll!FindWindowW 763DA441 5 Bytes JMP 74B15729 .text C:\Windows\system32\svchost.exe[2476] USER32.dll!GetMessageW 763DFEF7 5 Bytes JMP 74B13CB9 .text C:\Windows\system32\svchost.exe[2476] USER32.dll!PeekMessageW 763E045A 5 Bytes JMP 74B13DD9 .text C:\Windows\system32\svchost.exe[2476] USER32.dll!SetWindowTextA 763EA4E6 5 Bytes JMP 74B150F9 .text C:\Windows\system32\svchost.exe[2476] USER32.dll!FindWindowExW 763F260C 5 Bytes JMP 74B157B9 .text C:\Windows\system32\svchost.exe[2476] USER32.dll!DialogBoxIndirectParamAorW 763F2EB6 5 Bytes JMP 74B14F49 .text C:\Windows\system32\svchost.exe[2476] USER32.dll!MessageBoxExA 7641D639 5 Bytes JMP 74B14FD9 .text C:\Windows\system32\svchost.exe[2476] USER32.dll!MessageBoxExW 7641D65D 5 Bytes JMP 74B15069 .text C:\Windows\system32\svchost.exe[2476] WS2_32.dll!WahWriteLSPEvent 77521434 5 Bytes JMP 74B15F09 .text C:\Windows\system32\svchost.exe[2476] WS2_32.dll!closesocket 7752330C 5 Bytes JMP 74B152A9 .text C:\Windows\system32\svchost.exe[2476] WS2_32.dll!recv 7752343A 5 Bytes JMP 74B15C39 .text C:\Windows\system32\svchost.exe[2476] WS2_32.dll!WSASocketW 775234EB 5 Bytes JMP 74B15219 .text C:\Windows\system32\svchost.exe[2476] WS2_32.dll!socket 775236D1 5 Bytes JMP 74B15A89 .text C:\Windows\system32\svchost.exe[2476] WS2_32.dll!GetAddrInfoW 77523D12 5 Bytes JMP 74B14BE9 .text C:\Windows\system32\svchost.exe[2476] WS2_32.dll!connect 775240D9 5 Bytes JMP 74B13A79 .text C:\Windows\system32\svchost.exe[2476] WS2_32.dll!WSASend 77524496 5 Bytes JMP 74B12009 .text C:\Windows\system32\svchost.exe[2476] WS2_32.dll!send 7752659B 5 Bytes JMP 74B11F79 .text C:\Windows\system32\svchost.exe[2476] WS2_32.dll!WSARecv 77528400 5 Bytes JMP 74B15CC9 .text C:\Windows\system32\svchost.exe[2476] WS2_32.dll!WSAConnect 7752D7B0 5 Bytes JMP 74B15BA9 .text C:\Windows\system32\svchost.exe[2476] WS2_32.dll!gethostbyname 775362D4 5 Bytes JMP 74B14C79 .text C:\Windows\system32\svchost.exe[2500] ntdll.dll!RtlCreateProcessParametersEx 7773DFE3 5 Bytes JMP 74B11EE9 .text C:\Windows\system32\svchost.exe[2500] ntdll.dll!NtClose + 5 77774189 5 Bytes JMP 74B158D9 .text C:\Windows\system32\svchost.exe[2500] ntdll.dll!NtCreateFile + 5 77774249 5 Bytes JMP 74B11DC9 .text C:\Windows\system32\svchost.exe[2500] ntdll.dll!NtCreateProcess + 5 77774309 5 Bytes JMP 74B12A29 .text C:\Windows\system32\svchost.exe[2500] ntdll.dll!NtCreateProcessEx + 5 77774319 5 Bytes JMP 74B12AB9 .text C:\Windows\system32\svchost.exe[2500] ntdll.dll!NtCreateThread + 5 77774369 5 Bytes JMP 74B12999 .text C:\Windows\system32\svchost.exe[2500] ntdll.dll!NtDuplicateObject + 5 77774699 5 Bytes JMP 74B12E19 .text C:\Windows\system32\svchost.exe[2500] ntdll.dll!NtLoadDriver + 5 777748D9 5 Bytes JMP 74B15969 .text C:\Windows\system32\svchost.exe[2500] ntdll.dll!NtMapViewOfSection + 5 77774999 5 Bytes JMP 74B115E9 .text C:\Windows\system32\svchost.exe[2500] ntdll.dll!NtOpenProcess + 5 77774AA9 5 Bytes JMP 74B12CF9 .text C:\Windows\system32\svchost.exe[2500] ntdll.dll!NtQueueApcThread + 5 77774E79 5 Bytes JMP 74B12D89 .text C:\Windows\system32\svchost.exe[2500] ntdll.dll!NtRaiseHardError + 5 77774E99 5 Bytes JMP 74B140A9 .text C:\Windows\system32\svchost.exe[2500] ntdll.dll!NtSetContextThread + 5 77775099 5 Bytes JMP 74B12C69 .text C:\Windows\system32\svchost.exe[2500] ntdll.dll!NtSetInformationProcess + 5 77775199 5 Bytes JMP 74B153C9 .text C:\Windows\system32\svchost.exe[2500] ntdll.dll!NtSetSystemInformation + 5 77775259 5 Bytes JMP 74B159F9 .text C:\Windows\system32\svchost.exe[2500] ntdll.dll!NtSetValueKey + 5 777752C9 5 Bytes JMP 74B121B9 .text C:\Windows\system32\svchost.exe[2500] ntdll.dll!NtTerminateProcess + 5 77775369 5 Bytes JMP 74B15339 .text C:\Windows\system32\svchost.exe[2500] ntdll.dll!NtUnmapViewOfSection + 5 77775449 5 Bytes JMP 74B11679 .text C:\Windows\system32\svchost.exe[2500] ntdll.dll!NtWriteVirtualMemory + 5 777754E9 5 Bytes JMP 74B12BD9 .text C:\Windows\system32\svchost.exe[2500] ntdll.dll!NtCreateThreadEx + 5 77775669 5 Bytes JMP 74B12909 .text C:\Windows\system32\svchost.exe[2500] ntdll.dll!RtlReportException 777A4293 5 Bytes JMP 74B14139 .text C:\Windows\system32\svchost.exe[2500] ntdll.dll!RtlCreateProcessParameters 777A6AE8 5 Bytes JMP 74B11E59 .text C:\Windows\system32\svchost.exe[2500] kernel32.dll!GetSystemTimeAsFileTime 778918C0 5 Bytes JMP 74B119D9 .text C:\Windows\system32\svchost.exe[2500] kernel32.dll!GetStartupInfoW 77891929 5 Bytes JMP 74B11D39 .text C:\Windows\system32\svchost.exe[2500] kernel32.dll!GetStartupInfoA 778919C9 5 Bytes JMP 74B11CA9 .text C:\Windows\system32\svchost.exe[2500] kernel32.dll!CreateProcessA 77891C28 5 Bytes JMP 74B12639 .text C:\Windows\system32\svchost.exe[2500] kernel32.dll!Sleep 77891C5D 5 Bytes JMP 74B122D9 .text C:\Windows\system32\svchost.exe[2500] kernel32.dll!WriteProcessMemory 77891CB8 5 Bytes JMP 74B12F39 .text C:\Windows\system32\svchost.exe[2500] kernel32.dll!CreateProcessInternalW 778B5467 5 Bytes JMP 74B12B49 .text C:\Windows\system32\svchost.exe[2500] kernel32.dll!LoadLibraryExW 778B926C 5 Bytes JMP 74B154E9 .text C:\Windows\system32\svchost.exe[2500] kernel32.dll!LoadLibraryExA 778B9544 5 Bytes JMP 74B15459 .text C:\Windows\system32\svchost.exe[2500] kernel32.dll!LoadLibraryA 778B956C 5 Bytes JMP 74B123F9 .text C:\Windows\system32\svchost.exe[2500] kernel32.dll!FreeLibrary 778D3F64 5 Bytes JMP 74B15579 .text C:\Windows\system32\svchost.exe[2500] kernel32.dll!ExitProcess 778D43B4 5 Bytes JMP 74B12249 .text C:\Windows\system32\svchost.exe[2500] kernel32.dll!GetProcAddress 778D921B 5 Bytes JMP 74B12369 .text C:\Windows\system32\svchost.exe[2500] kernel32.dll!GetModuleHandleA 778D9485 5 Bytes JMP 74B118B9 .text C:\Windows\system32\svchost.exe[2500] kernel32.dll!SleepEx 778D9B3E 5 Bytes JMP 74B12129 .text C:\Windows\system32\svchost.exe[2500] kernel32.dll!QueryPerformanceCounter 778DA860 5 Bytes JMP 74B11A69 .text C:\Windows\system32\svchost.exe[2500] kernel32.dll!GetModuleHandleW 778DAA04 5 Bytes JMP 74B11949 .text C:\Windows\system32\svchost.exe[2500] kernel32.dll!OpenMutexW 778DAC85 5 Bytes JMP 74B13329 .text C:\Windows\system32\svchost.exe[2500] kernel32.dll!CloseHandle 778DB08D 5 Bytes JMP 74B13449 .text C:\Windows\system32\svchost.exe[2500] kernel32.dll!CreateThread 778DCB0E 5 Bytes JMP 74B12EA9 .text C:\Windows\system32\svchost.exe[2500] kernel32.dll!CreateRemoteThread 778DCB35 5 Bytes JMP 74B12879 .text C:\Windows\system32\svchost.exe[2500] kernel32.dll!CreateFileA 778DD05F 5 Bytes JMP 74B12519 .text C:\Windows\system32\svchost.exe[2500] kernel32.dll!CreateMutexW 778DD755 5 Bytes JMP 74B133B9 .text C:\Windows\system32\svchost.exe[2500] kernel32.dll!Process32NextW 778E616D 5 Bytes JMP 74B15849 .text C:\Windows\system32\svchost.exe[2500] kernel32.dll!CreateToolhelp32Snapshot 778E68A7 5 Bytes JMP 74B12489 .text C:\Windows\system32\svchost.exe[2500] kernel32.dll!WinExec 7792614F 5 Bytes JMP 74B125A9 .text C:\Windows\system32\svchost.exe[2500] kernel32.dll!ReadConsoleA 77937B6D 5 Bytes JMP 74B13F89 .text C:\Windows\system32\svchost.exe[2500] kernel32.dll!ReadConsoleW 77937BC3 5 Bytes JMP 74B14019 .text C:\Windows\system32\svchost.exe[2500] kernel32.dll!ReadConsoleInputA 77938E13 5 Bytes JMP 74B13E69 .text C:\Windows\system32\svchost.exe[2500] kernel32.dll!ReadConsoleInputW 77938E36 5 Bytes JMP 74B13EF9 .text C:\Windows\system32\svchost.exe[2500] msvcrt.dll!_lock + 29 764F9FAE 5 Bytes JMP 74B15D59 .text C:\Windows\system32\svchost.exe[2500] msvcrt.dll!__p__fmode 7650179B 5 Bytes JMP 74B11B89 .text C:\Windows\system32\svchost.exe[2500] msvcrt.dll!__p__environ 7650C7D7 5 Bytes JMP 74B11AF9 .text C:\Windows\system32\svchost.exe[2500] ADVAPI32.dll!OpenServiceA 765C2EBD 5 Bytes JMP 74B134D9 .text C:\Windows\system32\svchost.exe[2500] ADVAPI32.dll!CloseServiceHandle 765C82A5 5 Bytes JMP 74B13959 .text C:\Windows\system32\svchost.exe[2500] ADVAPI32.dll!OpenServiceW 765C8354 5 Bytes JMP 74B13569 .text C:\Windows\system32\svchost.exe[2500] ADVAPI32.dll!RegOpenCurrentUser + 9B 765E0CC1 5 Bytes JMP 74B15DE9 .text C:\Windows\system32\svchost.exe[2500] ADVAPI32.dll!CreateServiceW 765E9EB4 5 Bytes JMP 74B13B99 .text C:\Windows\system32\svchost.exe[2500] ADVAPI32.dll!ControlService 765E9FB8 5 Bytes JMP 74B13719 .text C:\Windows\system32\svchost.exe[2500] ADVAPI32.dll!DeleteService 765EA07E 5 Bytes JMP 74B137A9 .text C:\Windows\system32\svchost.exe[2500] ADVAPI32.dll!ControlServiceExA 7662662E 5 Bytes JMP 74B135F9 .text C:\Windows\system32\svchost.exe[2500] ADVAPI32.dll!ControlServiceExW 76626741 5 Bytes JMP 74B13689 .text C:\Windows\system32\svchost.exe[2500] ADVAPI32.dll!ChangeServiceConfigA 76626DD9 5 Bytes JMP 74B13839 .text C:\Windows\system32\svchost.exe[2500] ADVAPI32.dll!ChangeServiceConfigW 76626F81 5 Bytes JMP 74B138C9 .text C:\Windows\system32\svchost.exe[2500] ADVAPI32.dll!CreateServiceA 766272A1 5 Bytes JMP 74B13B09 .text C:\Windows\system32\svchost.exe[2500] USER32.dll!SetWindowsHookExA 763C6322 5 Bytes JMP 74B12759 .text C:\Windows\system32\svchost.exe[2500] USER32.dll!CreateDialogIndirectParamAorW 763C7266 5 Bytes JMP 74B14EB9 .text C:\Windows\system32\svchost.exe[2500] USER32.dll!SetWindowsHookExW 763C87AD 5 Bytes JMP 74B127E9 .text C:\Windows\system32\svchost.exe[2500] USER32.dll!CallNextHookEx 763C8E3B 5 Bytes JMP 74B141C9 .text C:\Windows\system32\svchost.exe[2500] USER32.dll!UnhookWindowsHookEx 763C98DB 5 Bytes JMP 74B14259 .text C:\Windows\system32\svchost.exe[2500] USER32.dll!FindWindowA 763C9D76 5 Bytes JMP 74B15609 .text C:\Windows\system32\svchost.exe[2500] USER32.dll!ShowWindow 763CCA10 5 Bytes JMP 74B14E29 .text C:\Windows\system32\svchost.exe[2500] USER32.dll!CreateWindowExA 763CDC2A 5 Bytes JMP 74B14D99 .text C:\Windows\system32\svchost.exe[2500] USER32.dll!FindWindowExA 763CF6C1 5 Bytes JMP 74B15699 .text C:\Windows\system32\svchost.exe[2500] USER32.dll!CreateWindowExW 763D1305 1 Byte [E9] .text C:\Windows\system32\svchost.exe[2500] USER32.dll!CreateWindowExW 763D1305 5 Bytes JMP 74B14D09 .text C:\Windows\system32\svchost.exe[2500] USER32.dll!UserClientDllInitialize 763D7A1D 5 Bytes JMP 74B15E79 .text C:\Windows\system32\svchost.exe[2500] USER32.dll!PeekMessageA 763D8343 5 Bytes JMP 74B13D49 .text C:\Windows\system32\svchost.exe[2500] USER32.dll!GetMessageA 763D8AB3 5 Bytes JMP 74B13C29 .text C:\Windows\system32\svchost.exe[2500] USER32.dll!SetWindowTextW 763D9815 5 Bytes JMP 74B15189 .text C:\Windows\system32\svchost.exe[2500] USER32.dll!FindWindowW 763DA441 5 Bytes JMP 74B15729 .text C:\Windows\system32\svchost.exe[2500] USER32.dll!GetMessageW 763DFEF7 5 Bytes JMP 74B13CB9 .text C:\Windows\system32\svchost.exe[2500] USER32.dll!PeekMessageW 763E045A 5 Bytes JMP 74B13DD9 .text C:\Windows\system32\svchost.exe[2500] USER32.dll!SetWindowTextA 763EA4E6 5 Bytes JMP 74B150F9 .text C:\Windows\system32\svchost.exe[2500] USER32.dll!FindWindowExW 763F260C 5 Bytes JMP 74B157B9 .text C:\Windows\system32\svchost.exe[2500] USER32.dll!DialogBoxIndirectParamAorW 763F2EB6 5 Bytes JMP 74B14F49 .text C:\Windows\system32\svchost.exe[2500] USER32.dll!MessageBoxExA 7641D639 5 Bytes JMP 74B14FD9 .text C:\Windows\system32\svchost.exe[2500] USER32.dll!MessageBoxExW 7641D65D 5 Bytes JMP 74B15069 .text C:\Windows\system32\svchost.exe[2500] SHELL32.dll!Shell_NotifyIconW 76758642 5 Bytes JMP 74B142E9 .text C:\Windows\system32\svchost.exe[2500] SHELL32.dll!Shell_GetCachedImageIndexW + 1D31 76779105 1 Byte [E9] .text C:\Windows\system32\svchost.exe[2500] SHELL32.dll!Shell_GetCachedImageIndexW + 1D31 76779105 5 Bytes JMP 74B15F09 .text C:\Windows\System32\svchost.exe[2524] ntdll.dll!RtlCreateProcessParametersEx 7773DFE3 5 Bytes JMP 74B11EE9 .text C:\Windows\System32\svchost.exe[2524] ntdll.dll!NtClose + 5 77774189 5 Bytes JMP 74B158D9 .text C:\Windows\System32\svchost.exe[2524] ntdll.dll!NtCreateFile + 5 77774249 5 Bytes JMP 74B11DC9 .text C:\Windows\System32\svchost.exe[2524] ntdll.dll!NtCreateProcess + 5 77774309 5 Bytes JMP 74B12A29 .text C:\Windows\System32\svchost.exe[2524] ntdll.dll!NtCreateProcessEx + 5 77774319 5 Bytes JMP 74B12AB9 .text C:\Windows\System32\svchost.exe[2524] ntdll.dll!NtCreateThread + 5 77774369 5 Bytes JMP 74B12999 .text C:\Windows\System32\svchost.exe[2524] ntdll.dll!NtDuplicateObject + 5 77774699 5 Bytes JMP 74B12E19 .text C:\Windows\System32\svchost.exe[2524] ntdll.dll!NtLoadDriver + 5 777748D9 5 Bytes JMP 74B15969 .text C:\Windows\System32\svchost.exe[2524] ntdll.dll!NtMapViewOfSection + 5 77774999 5 Bytes JMP 74B115E9 .text C:\Windows\System32\svchost.exe[2524] ntdll.dll!NtOpenProcess + 5 77774AA9 5 Bytes JMP 74B12CF9 .text C:\Windows\System32\svchost.exe[2524] ntdll.dll!NtQueueApcThread + 5 77774E79 5 Bytes JMP 74B12D89 .text C:\Windows\System32\svchost.exe[2524] ntdll.dll!NtRaiseHardError + 5 77774E99 5 Bytes JMP 74B140A9 .text C:\Windows\System32\svchost.exe[2524] ntdll.dll!NtSetContextThread + 5 77775099 5 Bytes JMP 74B12C69 .text C:\Windows\System32\svchost.exe[2524] ntdll.dll!NtSetInformationProcess + 5 77775199 5 Bytes JMP 74B153C9 .text C:\Windows\System32\svchost.exe[2524] ntdll.dll!NtSetSystemInformation + 5 77775259 5 Bytes JMP 74B159F9 .text C:\Windows\System32\svchost.exe[2524] ntdll.dll!NtSetValueKey + 5 777752C9 5 Bytes JMP 74B121B9 .text C:\Windows\System32\svchost.exe[2524] ntdll.dll!NtTerminateProcess + 5 77775369 5 Bytes JMP 74B15339 .text C:\Windows\System32\svchost.exe[2524] ntdll.dll!NtUnmapViewOfSection + 5 77775449 5 Bytes JMP 74B11679 .text C:\Windows\System32\svchost.exe[2524] ntdll.dll!NtWriteVirtualMemory + 5 777754E9 5 Bytes JMP 74B12BD9 .text C:\Windows\System32\svchost.exe[2524] ntdll.dll!NtCreateThreadEx + 5 77775669 5 Bytes JMP 74B12909 .text C:\Windows\System32\svchost.exe[2524] ntdll.dll!RtlReportException 777A4293 5 Bytes JMP 74B14139 .text C:\Windows\System32\svchost.exe[2524] ntdll.dll!RtlCreateProcessParameters 777A6AE8 5 Bytes JMP 74B11E59 .text C:\Windows\System32\svchost.exe[2524] kernel32.dll!GetSystemTimeAsFileTime 778918C0 5 Bytes JMP 74B119D9 .text C:\Windows\System32\svchost.exe[2524] kernel32.dll!GetStartupInfoW 77891929 5 Bytes JMP 74B11D39 .text C:\Windows\System32\svchost.exe[2524] kernel32.dll!GetStartupInfoA 778919C9 5 Bytes JMP 74B11CA9 .text C:\Windows\System32\svchost.exe[2524] kernel32.dll!CreateProcessA 77891C28 5 Bytes JMP 74B12639 .text C:\Windows\System32\svchost.exe[2524] kernel32.dll!Sleep 77891C5D 5 Bytes JMP 74B122D9 .text C:\Windows\System32\svchost.exe[2524] kernel32.dll!WriteProcessMemory 77891CB8 5 Bytes JMP 74B12F39 .text C:\Windows\System32\svchost.exe[2524] kernel32.dll!CreateProcessInternalW 778B5467 5 Bytes JMP 74B12B49 .text C:\Windows\System32\svchost.exe[2524] kernel32.dll!LoadLibraryExW 778B926C 5 Bytes JMP 74B154E9 .text C:\Windows\System32\svchost.exe[2524] kernel32.dll!LoadLibraryExA 778B9544 5 Bytes JMP 74B15459 .text C:\Windows\System32\svchost.exe[2524] kernel32.dll!LoadLibraryA 778B956C 5 Bytes JMP 74B123F9 .text C:\Windows\System32\svchost.exe[2524] kernel32.dll!FreeLibrary 778D3F64 5 Bytes JMP 74B15579 .text C:\Windows\System32\svchost.exe[2524] kernel32.dll!ExitProcess 778D43B4 5 Bytes JMP 74B12249 .text C:\Windows\System32\svchost.exe[2524] kernel32.dll!GetProcAddress 778D921B 5 Bytes JMP 74B12369 .text C:\Windows\System32\svchost.exe[2524] kernel32.dll!GetModuleHandleA 778D9485 5 Bytes JMP 74B118B9 .text C:\Windows\System32\svchost.exe[2524] kernel32.dll!SleepEx 778D9B3E 5 Bytes JMP 74B12129 .text C:\Windows\System32\svchost.exe[2524] kernel32.dll!QueryPerformanceCounter 778DA860 5 Bytes JMP 74B11A69 .text C:\Windows\System32\svchost.exe[2524] kernel32.dll!GetModuleHandleW 778DAA04 5 Bytes JMP 74B11949 .text C:\Windows\System32\svchost.exe[2524] kernel32.dll!OpenMutexW 778DAC85 5 Bytes JMP 74B13329 .text C:\Windows\System32\svchost.exe[2524] kernel32.dll!CloseHandle 778DB08D 5 Bytes JMP 74B13449 .text C:\Windows\System32\svchost.exe[2524] kernel32.dll!CreateThread 778DCB0E 5 Bytes JMP 74B12EA9 .text C:\Windows\System32\svchost.exe[2524] kernel32.dll!CreateRemoteThread 778DCB35 5 Bytes JMP 74B12879 .text C:\Windows\System32\svchost.exe[2524] kernel32.dll!CreateFileA 778DD05F 5 Bytes JMP 74B12519 .text C:\Windows\System32\svchost.exe[2524] kernel32.dll!CreateMutexW 778DD755 5 Bytes JMP 74B133B9 .text C:\Windows\System32\svchost.exe[2524] kernel32.dll!Process32NextW 778E616D 5 Bytes JMP 74B15849 .text C:\Windows\System32\svchost.exe[2524] kernel32.dll!CreateToolhelp32Snapshot 778E68A7 5 Bytes JMP 74B12489 .text C:\Windows\System32\svchost.exe[2524] kernel32.dll!WinExec 7792614F 5 Bytes JMP 74B125A9 .text C:\Windows\System32\svchost.exe[2524] kernel32.dll!ReadConsoleA 77937B6D 5 Bytes JMP 74B13F89 .text C:\Windows\System32\svchost.exe[2524] kernel32.dll!ReadConsoleW 77937BC3 5 Bytes JMP 74B14019 .text C:\Windows\System32\svchost.exe[2524] kernel32.dll!ReadConsoleInputA 77938E13 5 Bytes JMP 74B13E69 .text C:\Windows\System32\svchost.exe[2524] kernel32.dll!ReadConsoleInputW 77938E36 5 Bytes JMP 74B13EF9 .text C:\Windows\System32\svchost.exe[2524] msvcrt.dll!_lock + 29 764F9FAE 5 Bytes JMP 74B15D59 .text C:\Windows\System32\svchost.exe[2524] msvcrt.dll!__p__fmode 7650179B 5 Bytes JMP 74B11B89 .text C:\Windows\System32\svchost.exe[2524] msvcrt.dll!__p__environ 7650C7D7 5 Bytes JMP 74B11AF9 .text C:\Windows\System32\svchost.exe[2524] ADVAPI32.dll!OpenServiceA 765C2EBD 5 Bytes JMP 74B134D9 .text C:\Windows\System32\svchost.exe[2524] ADVAPI32.dll!CloseServiceHandle 765C82A5 5 Bytes JMP 74B13959 .text C:\Windows\System32\svchost.exe[2524] ADVAPI32.dll!OpenServiceW 765C8354 5 Bytes JMP 74B13569 .text C:\Windows\System32\svchost.exe[2524] ADVAPI32.dll!RegOpenCurrentUser + 9B 765E0CC1 5 Bytes JMP 74B15DE9 .text C:\Windows\System32\svchost.exe[2524] ADVAPI32.dll!CreateServiceW 765E9EB4 5 Bytes JMP 74B13B99 .text C:\Windows\System32\svchost.exe[2524] ADVAPI32.dll!ControlService 765E9FB8 5 Bytes JMP 74B13719 .text C:\Windows\System32\svchost.exe[2524] ADVAPI32.dll!DeleteService 765EA07E 5 Bytes JMP 74B137A9 .text C:\Windows\System32\svchost.exe[2524] ADVAPI32.dll!ControlServiceExA 7662662E 5 Bytes JMP 74B135F9 .text C:\Windows\System32\svchost.exe[2524] ADVAPI32.dll!ControlServiceExW 76626741 5 Bytes JMP 74B13689 .text C:\Windows\System32\svchost.exe[2524] ADVAPI32.dll!ChangeServiceConfigA 76626DD9 5 Bytes JMP 74B13839 .text C:\Windows\System32\svchost.exe[2524] ADVAPI32.dll!ChangeServiceConfigW 76626F81 5 Bytes JMP 74B138C9 .text C:\Windows\System32\svchost.exe[2524] ADVAPI32.dll!CreateServiceA 766272A1 5 Bytes JMP 74B13B09 .text C:\Windows\System32\svchost.exe[2524] USER32.dll!SetWindowsHookExA 763C6322 5 Bytes JMP 74B12759 .text C:\Windows\System32\svchost.exe[2524] USER32.dll!CreateDialogIndirectParamAorW 763C7266 5 Bytes JMP 74B14EB9 .text C:\Windows\System32\svchost.exe[2524] USER32.dll!SetWindowsHookExW 763C87AD 5 Bytes JMP 74B127E9 .text C:\Windows\System32\svchost.exe[2524] USER32.dll!CallNextHookEx 763C8E3B 5 Bytes JMP 74B141C9 .text C:\Windows\System32\svchost.exe[2524] USER32.dll!UnhookWindowsHookEx 763C98DB 5 Bytes JMP 74B14259 .text C:\Windows\System32\svchost.exe[2524] USER32.dll!FindWindowA 763C9D76 5 Bytes JMP 74B15609 .text C:\Windows\System32\svchost.exe[2524] USER32.dll!ShowWindow 763CCA10 5 Bytes JMP 74B14E29 .text C:\Windows\System32\svchost.exe[2524] USER32.dll!CreateWindowExA 763CDC2A 5 Bytes JMP 74B14D99 .text C:\Windows\System32\svchost.exe[2524] USER32.dll!FindWindowExA 763CF6C1 5 Bytes JMP 74B15699 .text C:\Windows\System32\svchost.exe[2524] USER32.dll!CreateWindowExW 763D1305 1 Byte [E9] .text C:\Windows\System32\svchost.exe[2524] USER32.dll!CreateWindowExW 763D1305 5 Bytes JMP 74B14D09 .text C:\Windows\System32\svchost.exe[2524] USER32.dll!UserClientDllInitialize 763D7A1D 5 Bytes JMP 74B15E79 .text C:\Windows\System32\svchost.exe[2524] USER32.dll!PeekMessageA 763D8343 5 Bytes JMP 74B13D49 .text C:\Windows\System32\svchost.exe[2524] USER32.dll!GetMessageA 763D8AB3 5 Bytes JMP 74B13C29 .text C:\Windows\System32\svchost.exe[2524] USER32.dll!SetWindowTextW 763D9815 5 Bytes JMP 74B15189 .text C:\Windows\System32\svchost.exe[2524] USER32.dll!FindWindowW 763DA441 5 Bytes JMP 74B15729 .text C:\Windows\System32\svchost.exe[2524] USER32.dll!GetMessageW 763DFEF7 5 Bytes JMP 74B13CB9 .text C:\Windows\System32\svchost.exe[2524] USER32.dll!PeekMessageW 763E045A 5 Bytes JMP 74B13DD9 .text C:\Windows\System32\svchost.exe[2524] USER32.dll!SetWindowTextA 763EA4E6 5 Bytes JMP 74B150F9 .text C:\Windows\System32\svchost.exe[2524] USER32.dll!FindWindowExW 763F260C 5 Bytes JMP 74B157B9 .text C:\Windows\System32\svchost.exe[2524] USER32.dll!DialogBoxIndirectParamAorW 763F2EB6 5 Bytes JMP 74B14F49 .text C:\Windows\System32\svchost.exe[2524] USER32.dll!MessageBoxExA 7641D639 5 Bytes JMP 74B14FD9 .text C:\Windows\System32\svchost.exe[2524] USER32.dll!MessageBoxExW 7641D65D 5 Bytes JMP 74B15069 .text C:\Windows\System32\svchost.exe[2524] WS2_32.dll!WahWriteLSPEvent 77521434 5 Bytes JMP 74B15F09 .text C:\Windows\System32\svchost.exe[2524] WS2_32.dll!closesocket 7752330C 5 Bytes JMP 74B152A9 .text C:\Windows\System32\svchost.exe[2524] WS2_32.dll!recv 7752343A 5 Bytes JMP 74B15C39 .text C:\Windows\System32\svchost.exe[2524] WS2_32.dll!WSASocketW 775234EB 5 Bytes JMP 74B15219 .text C:\Windows\System32\svchost.exe[2524] WS2_32.dll!socket 775236D1 5 Bytes JMP 74B15A89 .text C:\Windows\System32\svchost.exe[2524] WS2_32.dll!GetAddrInfoW 77523D12 5 Bytes JMP 74B14BE9 .text C:\Windows\System32\svchost.exe[2524] WS2_32.dll!connect 775240D9 5 Bytes JMP 74B13A79 .text C:\Windows\System32\svchost.exe[2524] WS2_32.dll!WSASend 77524496 5 Bytes JMP 74B12009 .text C:\Windows\System32\svchost.exe[2524] WS2_32.dll!send 7752659B 5 Bytes JMP 74B11F79 .text C:\Windows\System32\svchost.exe[2524] WS2_32.dll!WSARecv 77528400 5 Bytes JMP 74B15CC9 .text C:\Windows\System32\svchost.exe[2524] WS2_32.dll!WSAConnect 7752D7B0 5 Bytes JMP 74B15BA9 .text C:\Windows\System32\svchost.exe[2524] WS2_32.dll!gethostbyname 775362D4 5 Bytes JMP 74B14C79 .text C:\Windows\System32\svchost.exe[2632] ntdll.dll!RtlCreateProcessParametersEx 7773DFE3 5 Bytes JMP 74B11EE9 .text C:\Windows\System32\svchost.exe[2632] ntdll.dll!NtClose + 5 77774189 5 Bytes JMP 74B158D9 .text C:\Windows\System32\svchost.exe[2632] ntdll.dll!NtCreateFile + 5 77774249 5 Bytes JMP 74B11DC9 .text C:\Windows\System32\svchost.exe[2632] ntdll.dll!NtCreateProcess + 5 77774309 5 Bytes JMP 74B12A29 .text C:\Windows\System32\svchost.exe[2632] ntdll.dll!NtCreateProcessEx + 5 77774319 5 Bytes JMP 74B12AB9 .text C:\Windows\System32\svchost.exe[2632] ntdll.dll!NtCreateThread + 5 77774369 5 Bytes JMP 74B12999 .text C:\Windows\System32\svchost.exe[2632] ntdll.dll!NtDuplicateObject + 5 77774699 5 Bytes JMP 74B12E19 .text C:\Windows\System32\svchost.exe[2632] ntdll.dll!NtLoadDriver + 5 777748D9 5 Bytes JMP 74B15969 .text C:\Windows\System32\svchost.exe[2632] ntdll.dll!NtMapViewOfSection + 5 77774999 5 Bytes JMP 74B115E9 .text C:\Windows\System32\svchost.exe[2632] ntdll.dll!NtOpenProcess + 5 77774AA9 5 Bytes JMP 74B12CF9 .text C:\Windows\System32\svchost.exe[2632] ntdll.dll!NtQueueApcThread + 5 77774E79 5 Bytes JMP 74B12D89 .text C:\Windows\System32\svchost.exe[2632] ntdll.dll!NtRaiseHardError + 5 77774E99 5 Bytes JMP 74B140A9 .text C:\Windows\System32\svchost.exe[2632] ntdll.dll!NtSetContextThread + 5 77775099 5 Bytes JMP 74B12C69 .text C:\Windows\System32\svchost.exe[2632] ntdll.dll!NtSetInformationProcess + 5 77775199 5 Bytes JMP 74B153C9 .text C:\Windows\System32\svchost.exe[2632] ntdll.dll!NtSetSystemInformation + 5 77775259 5 Bytes JMP 74B159F9 .text C:\Windows\System32\svchost.exe[2632] ntdll.dll!NtSetValueKey + 5 777752C9 5 Bytes JMP 74B121B9 .text C:\Windows\System32\svchost.exe[2632] ntdll.dll!NtTerminateProcess + 5 77775369 5 Bytes JMP 74B15339 .text C:\Windows\System32\svchost.exe[2632] ntdll.dll!NtUnmapViewOfSection + 5 77775449 5 Bytes JMP 74B11679 .text C:\Windows\System32\svchost.exe[2632] ntdll.dll!NtWriteVirtualMemory + 5 777754E9 5 Bytes JMP 74B12BD9 .text C:\Windows\System32\svchost.exe[2632] ntdll.dll!NtCreateThreadEx + 5 77775669 5 Bytes JMP 74B12909 .text C:\Windows\System32\svchost.exe[2632] ntdll.dll!RtlReportException 777A4293 5 Bytes JMP 74B14139 .text C:\Windows\System32\svchost.exe[2632] ntdll.dll!RtlCreateProcessParameters 777A6AE8 5 Bytes JMP 74B11E59 .text C:\Windows\System32\svchost.exe[2632] kernel32.dll!GetSystemTimeAsFileTime 778918C0 5 Bytes JMP 74B119D9 .text C:\Windows\System32\svchost.exe[2632] kernel32.dll!GetStartupInfoW 77891929 5 Bytes JMP 74B11D39 .text C:\Windows\System32\svchost.exe[2632] kernel32.dll!GetStartupInfoA 778919C9 5 Bytes JMP 74B11CA9 .text C:\Windows\System32\svchost.exe[2632] kernel32.dll!CreateProcessA 77891C28 5 Bytes JMP 74B12639 .text C:\Windows\System32\svchost.exe[2632] kernel32.dll!Sleep 77891C5D 5 Bytes JMP 74B122D9 .text C:\Windows\System32\svchost.exe[2632] kernel32.dll!WriteProcessMemory 77891CB8 5 Bytes JMP 74B12F39 .text C:\Windows\System32\svchost.exe[2632] kernel32.dll!CreateProcessInternalW 778B5467 5 Bytes JMP 74B12B49 .text C:\Windows\System32\svchost.exe[2632] kernel32.dll!LoadLibraryExW 778B926C 5 Bytes JMP 74B154E9 .text C:\Windows\System32\svchost.exe[2632] kernel32.dll!LoadLibraryExA 778B9544 5 Bytes JMP 74B15459 .text C:\Windows\System32\svchost.exe[2632] kernel32.dll!LoadLibraryA 778B956C 5 Bytes JMP 74B123F9 .text C:\Windows\System32\svchost.exe[2632] kernel32.dll!FreeLibrary 778D3F64 5 Bytes JMP 74B15579 .text C:\Windows\System32\svchost.exe[2632] kernel32.dll!ExitProcess 778D43B4 5 Bytes JMP 74B12249 .text C:\Windows\System32\svchost.exe[2632] kernel32.dll!GetProcAddress 778D921B 5 Bytes JMP 74B12369 .text C:\Windows\System32\svchost.exe[2632] kernel32.dll!GetModuleHandleA 778D9485 5 Bytes JMP 74B118B9 .text C:\Windows\System32\svchost.exe[2632] kernel32.dll!SleepEx 778D9B3E 5 Bytes JMP 74B12129 .text C:\Windows\System32\svchost.exe[2632] kernel32.dll!QueryPerformanceCounter 778DA860 5 Bytes JMP 74B11A69 .text C:\Windows\System32\svchost.exe[2632] kernel32.dll!GetModuleHandleW 778DAA04 5 Bytes JMP 74B11949 .text C:\Windows\System32\svchost.exe[2632] kernel32.dll!OpenMutexW 778DAC85 5 Bytes JMP 74B13329 .text C:\Windows\System32\svchost.exe[2632] kernel32.dll!CloseHandle 778DB08D 5 Bytes JMP 74B13449 .text C:\Windows\System32\svchost.exe[2632] kernel32.dll!CreateThread 778DCB0E 5 Bytes JMP 74B12EA9 .text C:\Windows\System32\svchost.exe[2632] kernel32.dll!CreateRemoteThread 778DCB35 5 Bytes JMP 74B12879 .text C:\Windows\System32\svchost.exe[2632] kernel32.dll!CreateFileA 778DD05F 5 Bytes JMP 74B12519 .text C:\Windows\System32\svchost.exe[2632] kernel32.dll!CreateMutexW 778DD755 5 Bytes JMP 74B133B9 .text C:\Windows\System32\svchost.exe[2632] kernel32.dll!Process32NextW 778E616D 5 Bytes JMP 74B15849 .text C:\Windows\System32\svchost.exe[2632] kernel32.dll!CreateToolhelp32Snapshot 778E68A7 5 Bytes JMP 74B12489 .text C:\Windows\System32\svchost.exe[2632] kernel32.dll!WinExec 7792614F 5 Bytes JMP 74B125A9 .text C:\Windows\System32\svchost.exe[2632] kernel32.dll!ReadConsoleA 77937B6D 5 Bytes JMP 74B13F89 .text C:\Windows\System32\svchost.exe[2632] kernel32.dll!ReadConsoleW 77937BC3 5 Bytes JMP 74B14019 .text C:\Windows\System32\svchost.exe[2632] kernel32.dll!ReadConsoleInputA 77938E13 5 Bytes JMP 74B13E69 .text C:\Windows\System32\svchost.exe[2632] kernel32.dll!ReadConsoleInputW 77938E36 5 Bytes JMP 74B13EF9 .text C:\Windows\System32\svchost.exe[2632] msvcrt.dll!_lock + 29 764F9FAE 5 Bytes JMP 74B15D59 .text C:\Windows\System32\svchost.exe[2632] msvcrt.dll!__p__fmode 7650179B 5 Bytes JMP 74B11B89 .text C:\Windows\System32\svchost.exe[2632] msvcrt.dll!__p__environ 7650C7D7 5 Bytes JMP 74B11AF9 .text C:\Windows\System32\svchost.exe[2632] ADVAPI32.dll!OpenServiceA 765C2EBD 5 Bytes JMP 74B134D9 .text C:\Windows\System32\svchost.exe[2632] ADVAPI32.dll!CloseServiceHandle 765C82A5 5 Bytes JMP 74B13959 .text C:\Windows\System32\svchost.exe[2632] ADVAPI32.dll!OpenServiceW 765C8354 5 Bytes JMP 74B13569 .text C:\Windows\System32\svchost.exe[2632] ADVAPI32.dll!RegOpenCurrentUser + 9B 765E0CC1 5 Bytes JMP 74B15DE9 .text C:\Windows\System32\svchost.exe[2632] ADVAPI32.dll!CreateServiceW 765E9EB4 5 Bytes JMP 74B13B99 .text C:\Windows\System32\svchost.exe[2632] ADVAPI32.dll!ControlService 765E9FB8 5 Bytes JMP 74B13719 .text C:\Windows\System32\svchost.exe[2632] ADVAPI32.dll!DeleteService 765EA07E 5 Bytes JMP 74B137A9 .text C:\Windows\System32\svchost.exe[2632] ADVAPI32.dll!ControlServiceExA 7662662E 5 Bytes JMP 74B135F9 .text C:\Windows\System32\svchost.exe[2632] ADVAPI32.dll!ControlServiceExW 76626741 5 Bytes JMP 74B13689 .text C:\Windows\System32\svchost.exe[2632] ADVAPI32.dll!ChangeServiceConfigA 76626DD9 5 Bytes JMP 74B13839 .text C:\Windows\System32\svchost.exe[2632] ADVAPI32.dll!ChangeServiceConfigW 76626F81 5 Bytes JMP 74B138C9 .text C:\Windows\System32\svchost.exe[2632] ADVAPI32.dll!CreateServiceA 766272A1 5 Bytes JMP 74B13B09 .text C:\Windows\System32\svchost.exe[2632] USER32.dll!SetWindowsHookExA 763C6322 5 Bytes JMP 74B12759 .text C:\Windows\System32\svchost.exe[2632] USER32.dll!CreateDialogIndirectParamAorW 763C7266 5 Bytes JMP 74B14EB9 .text C:\Windows\System32\svchost.exe[2632] USER32.dll!SetWindowsHookExW 763C87AD 5 Bytes JMP 74B127E9 .text C:\Windows\System32\svchost.exe[2632] USER32.dll!CallNextHookEx 763C8E3B 5 Bytes JMP 74B141C9 .text C:\Windows\System32\svchost.exe[2632] USER32.dll!UnhookWindowsHookEx 763C98DB 5 Bytes JMP 74B14259 .text C:\Windows\System32\svchost.exe[2632] USER32.dll!FindWindowA 763C9D76 5 Bytes JMP 74B15609 .text C:\Windows\System32\svchost.exe[2632] USER32.dll!ShowWindow 763CCA10 5 Bytes JMP 74B14E29 .text C:\Windows\System32\svchost.exe[2632] USER32.dll!CreateWindowExA 763CDC2A 5 Bytes JMP 74B14D99 .text C:\Windows\System32\svchost.exe[2632] USER32.dll!FindWindowExA 763CF6C1 5 Bytes JMP 74B15699 .text C:\Windows\System32\svchost.exe[2632] USER32.dll!CreateWindowExW 763D1305 1 Byte [E9] .text C:\Windows\System32\svchost.exe[2632] USER32.dll!CreateWindowExW 763D1305 5 Bytes JMP 74B14D09 .text C:\Windows\System32\svchost.exe[2632] USER32.dll!UserClientDllInitialize 763D7A1D 5 Bytes JMP 74B15E79 .text C:\Windows\System32\svchost.exe[2632] USER32.dll!PeekMessageA 763D8343 5 Bytes JMP 74B13D49 .text C:\Windows\System32\svchost.exe[2632] USER32.dll!GetMessageA 763D8AB3 5 Bytes JMP 74B13C29 .text C:\Windows\System32\svchost.exe[2632] USER32.dll!SetWindowTextW 763D9815 5 Bytes JMP 74B15189 .text C:\Windows\System32\svchost.exe[2632] USER32.dll!FindWindowW 763DA441 5 Bytes JMP 74B15729 .text C:\Windows\System32\svchost.exe[2632] USER32.dll!GetMessageW 763DFEF7 5 Bytes JMP 74B13CB9 .text C:\Windows\System32\svchost.exe[2632] USER32.dll!PeekMessageW 763E045A 5 Bytes JMP 74B13DD9 .text C:\Windows\System32\svchost.exe[2632] USER32.dll!SetWindowTextA 763EA4E6 5 Bytes JMP 74B150F9 .text C:\Windows\System32\svchost.exe[2632] USER32.dll!FindWindowExW 763F260C 5 Bytes JMP 74B157B9 .text C:\Windows\System32\svchost.exe[2632] USER32.dll!DialogBoxIndirectParamAorW 763F2EB6 5 Bytes JMP 74B14F49 .text C:\Windows\System32\svchost.exe[2632] USER32.dll!MessageBoxExA 7641D639 5 Bytes JMP 74B14FD9 .text C:\Windows\System32\svchost.exe[2632] USER32.dll!MessageBoxExW 7641D65D 5 Bytes JMP 74B15069 .text C:\Windows\System32\svchost.exe[2632] WS2_32.dll!WahWriteLSPEvent 77521434 5 Bytes JMP 74B15F09 .text C:\Windows\System32\svchost.exe[2632] WS2_32.dll!closesocket 7752330C 5 Bytes JMP 74B152A9 .text C:\Windows\System32\svchost.exe[2632] WS2_32.dll!recv 7752343A 5 Bytes JMP 74B15C39 .text C:\Windows\System32\svchost.exe[2632] WS2_32.dll!WSASocketW 775234EB 5 Bytes JMP 74B15219 .text C:\Windows\System32\svchost.exe[2632] WS2_32.dll!socket 775236D1 5 Bytes JMP 74B15A89 .text C:\Windows\System32\svchost.exe[2632] WS2_32.dll!GetAddrInfoW 77523D12 5 Bytes JMP 74B14BE9 .text C:\Windows\System32\svchost.exe[2632] WS2_32.dll!connect 775240D9 5 Bytes JMP 74B13A79 .text C:\Windows\System32\svchost.exe[2632] WS2_32.dll!WSASend 77524496 5 Bytes JMP 74B12009 .text C:\Windows\System32\svchost.exe[2632] WS2_32.dll!send 7752659B 5 Bytes JMP 74B11F79 .text C:\Windows\System32\svchost.exe[2632] WS2_32.dll!WSARecv 77528400 5 Bytes JMP 74B15CC9 .text C:\Windows\System32\svchost.exe[2632] WS2_32.dll!WSAConnect 7752D7B0 5 Bytes JMP 74B15BA9 .text C:\Windows\System32\svchost.exe[2632] WS2_32.dll!gethostbyname 775362D4 5 Bytes JMP 74B14C79 .text C:\Windows\system32\svchost.exe[2644] ntdll.dll!RtlCreateProcessParametersEx 7773DFE3 5 Bytes JMP 74B11EE9 .text C:\Windows\system32\svchost.exe[2644] ntdll.dll!NtClose + 5 77774189 5 Bytes JMP 74B158D9 .text C:\Windows\system32\svchost.exe[2644] ntdll.dll!NtCreateFile + 5 77774249 5 Bytes JMP 74B11DC9 .text C:\Windows\system32\svchost.exe[2644] ntdll.dll!NtCreateProcess + 5 77774309 5 Bytes JMP 74B12A29 .text C:\Windows\system32\svchost.exe[2644] ntdll.dll!NtCreateProcessEx + 5 77774319 5 Bytes JMP 74B12AB9 .text C:\Windows\system32\svchost.exe[2644] ntdll.dll!NtCreateThread + 5 77774369 5 Bytes JMP 74B12999 .text C:\Windows\system32\svchost.exe[2644] ntdll.dll!NtDuplicateObject + 5 77774699 5 Bytes JMP 74B12E19 .text C:\Windows\system32\svchost.exe[2644] ntdll.dll!NtLoadDriver + 5 777748D9 5 Bytes JMP 74B15969 .text C:\Windows\system32\svchost.exe[2644] ntdll.dll!NtMapViewOfSection + 5 77774999 5 Bytes JMP 74B115E9 .text C:\Windows\system32\svchost.exe[2644] ntdll.dll!NtOpenProcess + 5 77774AA9 5 Bytes JMP 74B12CF9 .text C:\Windows\system32\svchost.exe[2644] ntdll.dll!NtQueueApcThread + 5 77774E79 5 Bytes JMP 74B12D89 .text C:\Windows\system32\svchost.exe[2644] ntdll.dll!NtRaiseHardError + 5 77774E99 5 Bytes JMP 74B140A9 .text C:\Windows\system32\svchost.exe[2644] ntdll.dll!NtSetContextThread + 5 77775099 5 Bytes JMP 74B12C69 .text C:\Windows\system32\svchost.exe[2644] ntdll.dll!NtSetInformationProcess + 5 77775199 5 Bytes JMP 74B153C9 .text C:\Windows\system32\svchost.exe[2644] ntdll.dll!NtSetSystemInformation + 5 77775259 5 Bytes JMP 74B159F9 .text C:\Windows\system32\svchost.exe[2644] ntdll.dll!NtSetValueKey + 5 777752C9 5 Bytes JMP 74B121B9 .text C:\Windows\system32\svchost.exe[2644] ntdll.dll!NtTerminateProcess + 5 77775369 5 Bytes JMP 74B15339 .text C:\Windows\system32\svchost.exe[2644] ntdll.dll!NtUnmapViewOfSection + 5 77775449 5 Bytes JMP 74B11679 .text C:\Windows\system32\svchost.exe[2644] ntdll.dll!NtWriteVirtualMemory + 5 777754E9 5 Bytes JMP 74B12BD9 .text C:\Windows\system32\svchost.exe[2644] ntdll.dll!NtCreateThreadEx + 5 77775669 5 Bytes JMP 74B12909 .text C:\Windows\system32\svchost.exe[2644] ntdll.dll!RtlReportException 777A4293 5 Bytes JMP 74B14139 .text C:\Windows\system32\svchost.exe[2644] ntdll.dll!RtlCreateProcessParameters 777A6AE8 5 Bytes JMP 74B11E59 .text C:\Windows\system32\svchost.exe[2644] kernel32.dll!GetSystemTimeAsFileTime 778918C0 5 Bytes JMP 74B119D9 .text C:\Windows\system32\svchost.exe[2644] kernel32.dll!GetStartupInfoW 77891929 5 Bytes JMP 74B11D39 .text C:\Windows\system32\svchost.exe[2644] kernel32.dll!GetStartupInfoA 778919C9 5 Bytes JMP 74B11CA9 .text C:\Windows\system32\svchost.exe[2644] kernel32.dll!CreateProcessA 77891C28 5 Bytes JMP 74B12639 .text C:\Windows\system32\svchost.exe[2644] kernel32.dll!Sleep 77891C5D 5 Bytes JMP 74B122D9 .text C:\Windows\system32\svchost.exe[2644] kernel32.dll!WriteProcessMemory 77891CB8 5 Bytes JMP 74B12F39 .text C:\Windows\system32\svchost.exe[2644] kernel32.dll!CreateProcessInternalW 778B5467 5 Bytes JMP 74B12B49 .text C:\Windows\system32\svchost.exe[2644] kernel32.dll!LoadLibraryExW 778B926C 5 Bytes JMP 74B154E9 .text C:\Windows\system32\svchost.exe[2644] kernel32.dll!LoadLibraryExA 778B9544 5 Bytes JMP 74B15459 .text C:\Windows\system32\svchost.exe[2644] kernel32.dll!LoadLibraryA 778B956C 5 Bytes JMP 74B123F9 .text C:\Windows\system32\svchost.exe[2644] kernel32.dll!FreeLibrary 778D3F64 5 Bytes JMP 74B15579 .text C:\Windows\system32\svchost.exe[2644] kernel32.dll!ExitProcess 778D43B4 5 Bytes JMP 74B12249 .text C:\Windows\system32\svchost.exe[2644] kernel32.dll!GetProcAddress 778D921B 5 Bytes JMP 74B12369 .text C:\Windows\system32\svchost.exe[2644] kernel32.dll!GetModuleHandleA 778D9485 5 Bytes JMP 74B118B9 .text C:\Windows\system32\svchost.exe[2644] kernel32.dll!SleepEx 778D9B3E 5 Bytes JMP 74B12129 .text C:\Windows\system32\svchost.exe[2644] kernel32.dll!QueryPerformanceCounter 778DA860 5 Bytes JMP 74B11A69 .text C:\Windows\system32\svchost.exe[2644] kernel32.dll!GetModuleHandleW 778DAA04 5 Bytes JMP 74B11949 .text C:\Windows\system32\svchost.exe[2644] kernel32.dll!OpenMutexW 778DAC85 5 Bytes JMP 74B13329 .text C:\Windows\system32\svchost.exe[2644] kernel32.dll!CloseHandle 778DB08D 5 Bytes JMP 74B13449 .text C:\Windows\system32\svchost.exe[2644] kernel32.dll!CreateThread 778DCB0E 5 Bytes JMP 74B12EA9 .text C:\Windows\system32\svchost.exe[2644] kernel32.dll!CreateRemoteThread 778DCB35 5 Bytes JMP 74B12879 .text C:\Windows\system32\svchost.exe[2644] kernel32.dll!CreateFileA 778DD05F 5 Bytes JMP 74B12519 .text C:\Windows\system32\svchost.exe[2644] kernel32.dll!CreateMutexW 778DD755 5 Bytes JMP 74B133B9 .text C:\Windows\system32\svchost.exe[2644] kernel32.dll!Process32NextW 778E616D 5 Bytes JMP 74B15849 .text C:\Windows\system32\svchost.exe[2644] kernel32.dll!CreateToolhelp32Snapshot 778E68A7 5 Bytes JMP 74B12489 .text C:\Windows\system32\svchost.exe[2644] kernel32.dll!WinExec 7792614F 5 Bytes JMP 74B125A9 .text C:\Windows\system32\svchost.exe[2644] kernel32.dll!ReadConsoleA 77937B6D 5 Bytes JMP 74B13F89 .text C:\Windows\system32\svchost.exe[2644] kernel32.dll!ReadConsoleW 77937BC3 5 Bytes JMP 74B14019 .text C:\Windows\system32\svchost.exe[2644] kernel32.dll!ReadConsoleInputA 77938E13 5 Bytes JMP 74B13E69 .text C:\Windows\system32\svchost.exe[2644] kernel32.dll!ReadConsoleInputW 77938E36 5 Bytes JMP 74B13EF9 .text C:\Windows\system32\svchost.exe[2644] msvcrt.dll!_lock + 29 764F9FAE 5 Bytes JMP 74B15D59 .text C:\Windows\system32\svchost.exe[2644] msvcrt.dll!__p__fmode 7650179B 5 Bytes JMP 74B11B89 .text C:\Windows\system32\svchost.exe[2644] msvcrt.dll!__p__environ 7650C7D7 5 Bytes JMP 74B11AF9 .text C:\Windows\system32\svchost.exe[2644] ADVAPI32.dll!OpenServiceA 765C2EBD 5 Bytes JMP 74B134D9 .text C:\Windows\system32\svchost.exe[2644] ADVAPI32.dll!CloseServiceHandle 765C82A5 5 Bytes JMP 74B13959 .text C:\Windows\system32\svchost.exe[2644] ADVAPI32.dll!OpenServiceW 765C8354 5 Bytes JMP 74B13569 .text C:\Windows\system32\svchost.exe[2644] ADVAPI32.dll!RegOpenCurrentUser + 9B 765E0CC1 5 Bytes JMP 74B15DE9 .text C:\Windows\system32\svchost.exe[2644] ADVAPI32.dll!CreateServiceW 765E9EB4 5 Bytes JMP 74B13B99 .text C:\Windows\system32\svchost.exe[2644] ADVAPI32.dll!ControlService 765E9FB8 5 Bytes JMP 74B13719 .text C:\Windows\system32\svchost.exe[2644] ADVAPI32.dll!DeleteService 765EA07E 5 Bytes JMP 74B137A9 .text C:\Windows\system32\svchost.exe[2644] ADVAPI32.dll!ControlServiceExA 7662662E 5 Bytes JMP 74B135F9 .text C:\Windows\system32\svchost.exe[2644] ADVAPI32.dll!ControlServiceExW 76626741 5 Bytes JMP 74B13689 .text C:\Windows\system32\svchost.exe[2644] ADVAPI32.dll!ChangeServiceConfigA 76626DD9 5 Bytes JMP 74B13839 .text C:\Windows\system32\svchost.exe[2644] ADVAPI32.dll!ChangeServiceConfigW 76626F81 5 Bytes JMP 74B138C9 .text C:\Windows\system32\svchost.exe[2644] ADVAPI32.dll!CreateServiceA 766272A1 5 Bytes JMP 74B13B09 .text C:\Windows\system32\svchost.exe[2644] USER32.dll!SetWindowsHookExA 763C6322 5 Bytes JMP 74B12759 .text C:\Windows\system32\svchost.exe[2644] USER32.dll!CreateDialogIndirectParamAorW 763C7266 5 Bytes JMP 74B14EB9 .text C:\Windows\system32\svchost.exe[2644] USER32.dll!SetWindowsHookExW 763C87AD 5 Bytes JMP 74B127E9 .text C:\Windows\system32\svchost.exe[2644] USER32.dll!CallNextHookEx 763C8E3B 5 Bytes JMP 74B141C9 .text C:\Windows\system32\svchost.exe[2644] USER32.dll!UnhookWindowsHookEx 763C98DB 5 Bytes JMP 74B14259 .text C:\Windows\system32\svchost.exe[2644] USER32.dll!FindWindowA 763C9D76 5 Bytes JMP 74B15609 .text C:\Windows\system32\svchost.exe[2644] USER32.dll!ShowWindow 763CCA10 5 Bytes JMP 74B14E29 .text C:\Windows\system32\svchost.exe[2644] USER32.dll!CreateWindowExA 763CDC2A 5 Bytes JMP 74B14D99 .text C:\Windows\system32\svchost.exe[2644] USER32.dll!FindWindowExA 763CF6C1 5 Bytes JMP 74B15699 .text C:\Windows\system32\svchost.exe[2644] USER32.dll!CreateWindowExW 763D1305 1 Byte [E9] .text C:\Windows\system32\svchost.exe[2644] USER32.dll!CreateWindowExW 763D1305 5 Bytes JMP 74B14D09 .text C:\Windows\system32\svchost.exe[2644] USER32.dll!UserClientDllInitialize 763D7A1D 5 Bytes JMP 74B15E79 .text C:\Windows\system32\svchost.exe[2644] USER32.dll!PeekMessageA 763D8343 5 Bytes JMP 74B13D49 .text C:\Windows\system32\svchost.exe[2644] USER32.dll!GetMessageA 763D8AB3 5 Bytes JMP 74B13C29 .text C:\Windows\system32\svchost.exe[2644] USER32.dll!SetWindowTextW 763D9815 5 Bytes JMP 74B15189 .text C:\Windows\system32\svchost.exe[2644] USER32.dll!FindWindowW 763DA441 5 Bytes JMP 74B15729 .text C:\Windows\system32\svchost.exe[2644] USER32.dll!GetMessageW 763DFEF7 5 Bytes JMP 74B13CB9 .text C:\Windows\system32\svchost.exe[2644] USER32.dll!PeekMessageW 763E045A 5 Bytes JMP 74B13DD9 .text C:\Windows\system32\svchost.exe[2644] USER32.dll!SetWindowTextA 763EA4E6 5 Bytes JMP 74B150F9 .text C:\Windows\system32\svchost.exe[2644] USER32.dll!FindWindowExW 763F260C 5 Bytes JMP 74B157B9 .text C:\Windows\system32\svchost.exe[2644] USER32.dll!DialogBoxIndirectParamAorW 763F2EB6 5 Bytes JMP 74B14F49 .text C:\Windows\system32\svchost.exe[2644] USER32.dll!MessageBoxExA 7641D639 5 Bytes JMP 74B14FD9 .text C:\Windows\system32\svchost.exe[2644] USER32.dll!MessageBoxExW 7641D65D 5 Bytes JMP 74B15069 .text C:\Windows\system32\svchost.exe[2644] WS2_32.dll!WahWriteLSPEvent 77521434 5 Bytes JMP 74B15F09 .text C:\Windows\system32\svchost.exe[2644] WS2_32.dll!closesocket 7752330C 5 Bytes JMP 74B152A9 .text C:\Windows\system32\svchost.exe[2644] WS2_32.dll!recv 7752343A 5 Bytes JMP 74B15C39 .text C:\Windows\system32\svchost.exe[2644] WS2_32.dll!WSASocketW 775234EB 5 Bytes JMP 74B15219 .text C:\Windows\system32\svchost.exe[2644] WS2_32.dll!socket 775236D1 5 Bytes JMP 74B15A89 .text C:\Windows\system32\svchost.exe[2644] WS2_32.dll!GetAddrInfoW 77523D12 5 Bytes JMP 74B14BE9 .text C:\Windows\system32\svchost.exe[2644] WS2_32.dll!connect 775240D9 5 Bytes JMP 74B13A79 .text C:\Windows\system32\svchost.exe[2644] WS2_32.dll!WSASend 77524496 5 Bytes JMP 74B12009 .text C:\Windows\system32\svchost.exe[2644] WS2_32.dll!send 7752659B 5 Bytes JMP 74B11F79 .text C:\Windows\system32\svchost.exe[2644] WS2_32.dll!WSARecv 77528400 5 Bytes JMP 74B15CC9 .text C:\Windows\system32\svchost.exe[2644] WS2_32.dll!WSAConnect 7752D7B0 5 Bytes JMP 74B15BA9 .text C:\Windows\system32\svchost.exe[2644] WS2_32.dll!gethostbyname 775362D4 5 Bytes JMP 74B14C79 .text C:\Windows\system32\svchost.exe[2724] ntdll.dll!RtlCreateProcessParametersEx 7773DFE3 5 Bytes JMP 74B11EE9 .text C:\Windows\system32\svchost.exe[2724] ntdll.dll!NtClose + 5 77774189 5 Bytes JMP 74B158D9 .text C:\Windows\system32\svchost.exe[2724] ntdll.dll!NtCreateFile + 5 77774249 5 Bytes JMP 74B11DC9 .text C:\Windows\system32\svchost.exe[2724] ntdll.dll!NtCreateProcess + 5 77774309 5 Bytes JMP 74B12A29 .text C:\Windows\system32\svchost.exe[2724] ntdll.dll!NtCreateProcessEx + 5 77774319 5 Bytes JMP 74B12AB9 .text C:\Windows\system32\svchost.exe[2724] ntdll.dll!NtCreateThread + 5 77774369 5 Bytes JMP 74B12999 .text C:\Windows\system32\svchost.exe[2724] ntdll.dll!NtDuplicateObject + 5 77774699 5 Bytes JMP 74B12E19 .text C:\Windows\system32\svchost.exe[2724] ntdll.dll!NtLoadDriver + 5 777748D9 5 Bytes JMP 74B15969 .text C:\Windows\system32\svchost.exe[2724] ntdll.dll!NtMapViewOfSection + 5 77774999 5 Bytes JMP 74B115E9 .text C:\Windows\system32\svchost.exe[2724] ntdll.dll!NtOpenProcess + 5 77774AA9 5 Bytes JMP 74B12CF9 .text C:\Windows\system32\svchost.exe[2724] ntdll.dll!NtQueueApcThread + 5 77774E79 5 Bytes JMP 74B12D89 .text C:\Windows\system32\svchost.exe[2724] ntdll.dll!NtRaiseHardError + 5 77774E99 5 Bytes JMP 74B140A9 .text C:\Windows\system32\svchost.exe[2724] ntdll.dll!NtSetContextThread + 5 77775099 5 Bytes JMP 74B12C69 .text C:\Windows\system32\svchost.exe[2724] ntdll.dll!NtSetInformationProcess + 5 77775199 5 Bytes JMP 74B153C9 .text C:\Windows\system32\svchost.exe[2724] ntdll.dll!NtSetSystemInformation + 5 77775259 5 Bytes JMP 74B159F9 .text C:\Windows\system32\svchost.exe[2724] ntdll.dll!NtSetValueKey + 5 777752C9 5 Bytes JMP 74B121B9 .text C:\Windows\system32\svchost.exe[2724] ntdll.dll!NtTerminateProcess + 5 77775369 5 Bytes JMP 74B15339 .text C:\Windows\system32\svchost.exe[2724] ntdll.dll!NtUnmapViewOfSection + 5 77775449 5 Bytes JMP 74B11679 .text C:\Windows\system32\svchost.exe[2724] ntdll.dll!NtWriteVirtualMemory + 5 777754E9 5 Bytes JMP 74B12BD9 .text C:\Windows\system32\svchost.exe[2724] ntdll.dll!NtCreateThreadEx + 5 77775669 5 Bytes JMP 74B12909 .text C:\Windows\system32\svchost.exe[2724] ntdll.dll!RtlReportException 777A4293 5 Bytes JMP 74B14139 .text C:\Windows\system32\svchost.exe[2724] ntdll.dll!RtlCreateProcessParameters 777A6AE8 5 Bytes JMP 74B11E59 .text C:\Windows\system32\svchost.exe[2724] kernel32.dll!GetSystemTimeAsFileTime 778918C0 5 Bytes JMP 74B119D9 .text C:\Windows\system32\svchost.exe[2724] kernel32.dll!GetStartupInfoW 77891929 5 Bytes JMP 74B11D39 .text C:\Windows\system32\svchost.exe[2724] kernel32.dll!GetStartupInfoA 778919C9 5 Bytes JMP 74B11CA9 .text C:\Windows\system32\svchost.exe[2724] kernel32.dll!CreateProcessA 77891C28 5 Bytes JMP 74B12639 .text C:\Windows\system32\svchost.exe[2724] kernel32.dll!Sleep 77891C5D 5 Bytes JMP 74B122D9 .text C:\Windows\system32\svchost.exe[2724] kernel32.dll!WriteProcessMemory 77891CB8 5 Bytes JMP 74B12F39 .text C:\Windows\system32\svchost.exe[2724] kernel32.dll!CreateProcessInternalW 778B5467 5 Bytes JMP 74B12B49 .text C:\Windows\system32\svchost.exe[2724] kernel32.dll!LoadLibraryExW 778B926C 5 Bytes JMP 74B154E9 .text C:\Windows\system32\svchost.exe[2724] kernel32.dll!LoadLibraryExA 778B9544 5 Bytes JMP 74B15459 .text C:\Windows\system32\svchost.exe[2724] kernel32.dll!LoadLibraryA 778B956C 5 Bytes JMP 74B123F9 .text C:\Windows\system32\svchost.exe[2724] kernel32.dll!FreeLibrary 778D3F64 5 Bytes JMP 74B15579 .text C:\Windows\system32\svchost.exe[2724] kernel32.dll!ExitProcess 778D43B4 5 Bytes JMP 74B12249 .text C:\Windows\system32\svchost.exe[2724] kernel32.dll!GetProcAddress 778D921B 5 Bytes JMP 74B12369 .text C:\Windows\system32\svchost.exe[2724] kernel32.dll!GetModuleHandleA 778D9485 5 Bytes JMP 74B118B9 .text C:\Windows\system32\svchost.exe[2724] kernel32.dll!SleepEx 778D9B3E 5 Bytes JMP 74B12129 .text C:\Windows\system32\svchost.exe[2724] kernel32.dll!QueryPerformanceCounter 778DA860 5 Bytes JMP 74B11A69 .text C:\Windows\system32\svchost.exe[2724] kernel32.dll!GetModuleHandleW 778DAA04 5 Bytes JMP 74B11949 .text C:\Windows\system32\svchost.exe[2724] kernel32.dll!OpenMutexW 778DAC85 5 Bytes JMP 74B13329 .text C:\Windows\system32\svchost.exe[2724] kernel32.dll!CloseHandle 778DB08D 5 Bytes JMP 74B13449 .text C:\Windows\system32\svchost.exe[2724] kernel32.dll!CreateThread 778DCB0E 5 Bytes JMP 74B12EA9 .text C:\Windows\system32\svchost.exe[2724] kernel32.dll!CreateRemoteThread 778DCB35 5 Bytes JMP 74B12879 .text C:\Windows\system32\svchost.exe[2724] kernel32.dll!CreateFileA 778DD05F 5 Bytes JMP 74B12519 .text C:\Windows\system32\svchost.exe[2724] kernel32.dll!CreateMutexW 778DD755 5 Bytes JMP 74B133B9 .text C:\Windows\system32\svchost.exe[2724] kernel32.dll!Process32NextW 778E616D 5 Bytes JMP 74B15849 .text C:\Windows\system32\svchost.exe[2724] kernel32.dll!CreateToolhelp32Snapshot 778E68A7 5 Bytes JMP 74B12489 .text C:\Windows\system32\svchost.exe[2724] kernel32.dll!WinExec 7792614F 5 Bytes JMP 74B125A9 .text C:\Windows\system32\svchost.exe[2724] kernel32.dll!ReadConsoleA 77937B6D 5 Bytes JMP 74B13F89 .text C:\Windows\system32\svchost.exe[2724] kernel32.dll!ReadConsoleW 77937BC3 5 Bytes JMP 74B14019 .text C:\Windows\system32\svchost.exe[2724] kernel32.dll!ReadConsoleInputA 77938E13 5 Bytes JMP 74B13E69 .text C:\Windows\system32\svchost.exe[2724] kernel32.dll!ReadConsoleInputW 77938E36 5 Bytes JMP 74B13EF9 .text C:\Windows\system32\svchost.exe[2724] msvcrt.dll!_lock + 29 764F9FAE 5 Bytes JMP 74B15D59 .text C:\Windows\system32\svchost.exe[2724] msvcrt.dll!__p__fmode 7650179B 5 Bytes JMP 74B11B89 .text C:\Windows\system32\svchost.exe[2724] msvcrt.dll!__p__environ 7650C7D7 5 Bytes JMP 74B11AF9 .text C:\Windows\system32\svchost.exe[2724] ADVAPI32.dll!OpenServiceA 765C2EBD 5 Bytes JMP 74B134D9 .text C:\Windows\system32\svchost.exe[2724] ADVAPI32.dll!CloseServiceHandle 765C82A5 5 Bytes JMP 74B13959 .text C:\Windows\system32\svchost.exe[2724] ADVAPI32.dll!OpenServiceW 765C8354 5 Bytes JMP 74B13569 .text C:\Windows\system32\svchost.exe[2724] ADVAPI32.dll!RegOpenCurrentUser + 9B 765E0CC1 5 Bytes JMP 74B15DE9 .text C:\Windows\system32\svchost.exe[2724] ADVAPI32.dll!CreateServiceW 765E9EB4 5 Bytes JMP 74B13B99 .text C:\Windows\system32\svchost.exe[2724] ADVAPI32.dll!ControlService 765E9FB8 5 Bytes JMP 74B13719 .text C:\Windows\system32\svchost.exe[2724] ADVAPI32.dll!DeleteService 765EA07E 5 Bytes JMP 74B137A9 .text C:\Windows\system32\svchost.exe[2724] ADVAPI32.dll!ControlServiceExA 7662662E 5 Bytes JMP 74B135F9 .text C:\Windows\system32\svchost.exe[2724] ADVAPI32.dll!ControlServiceExW 76626741 5 Bytes JMP 74B13689 .text C:\Windows\system32\svchost.exe[2724] ADVAPI32.dll!ChangeServiceConfigA 76626DD9 5 Bytes JMP 74B13839 .text C:\Windows\system32\svchost.exe[2724] ADVAPI32.dll!ChangeServiceConfigW 76626F81 5 Bytes JMP 74B138C9 .text C:\Windows\system32\svchost.exe[2724] ADVAPI32.dll!CreateServiceA 766272A1 5 Bytes JMP 74B13B09 .text C:\Windows\system32\svchost.exe[2724] USER32.dll!SetWindowsHookExA 763C6322 5 Bytes JMP 74B12759 .text C:\Windows\system32\svchost.exe[2724] USER32.dll!CreateDialogIndirectParamAorW 763C7266 5 Bytes JMP 74B14EB9 .text C:\Windows\system32\svchost.exe[2724] USER32.dll!SetWindowsHookExW 763C87AD 5 Bytes JMP 74B127E9 .text C:\Windows\system32\svchost.exe[2724] USER32.dll!CallNextHookEx 763C8E3B 5 Bytes JMP 74B141C9 .text C:\Windows\system32\svchost.exe[2724] USER32.dll!UnhookWindowsHookEx 763C98DB 5 Bytes JMP 74B14259 .text C:\Windows\system32\svchost.exe[2724] USER32.dll!FindWindowA 763C9D76 5 Bytes JMP 74B15609 .text C:\Windows\system32\svchost.exe[2724] USER32.dll!ShowWindow 763CCA10 5 Bytes JMP 74B14E29 .text C:\Windows\system32\svchost.exe[2724] USER32.dll!CreateWindowExA 763CDC2A 5 Bytes JMP 74B14D99 .text C:\Windows\system32\svchost.exe[2724] USER32.dll!FindWindowExA 763CF6C1 5 Bytes JMP 74B15699 .text C:\Windows\system32\svchost.exe[2724] USER32.dll!CreateWindowExW 763D1305 1 Byte [E9] .text C:\Windows\system32\svchost.exe[2724] USER32.dll!CreateWindowExW 763D1305 5 Bytes JMP 74B14D09 .text C:\Windows\system32\svchost.exe[2724] USER32.dll!UserClientDllInitialize 763D7A1D 5 Bytes JMP 74B15E79 .text C:\Windows\system32\svchost.exe[2724] USER32.dll!PeekMessageA 763D8343 5 Bytes JMP 74B13D49 .text C:\Windows\system32\svchost.exe[2724] USER32.dll!GetMessageA 763D8AB3 5 Bytes JMP 74B13C29 .text C:\Windows\system32\svchost.exe[2724] USER32.dll!SetWindowTextW 763D9815 5 Bytes JMP 74B15189 .text C:\Windows\system32\svchost.exe[2724] USER32.dll!FindWindowW 763DA441 5 Bytes JMP 74B15729 .text C:\Windows\system32\svchost.exe[2724] USER32.dll!GetMessageW 763DFEF7 5 Bytes JMP 74B13CB9 .text C:\Windows\system32\svchost.exe[2724] USER32.dll!PeekMessageW 763E045A 5 Bytes JMP 74B13DD9 .text C:\Windows\system32\svchost.exe[2724] USER32.dll!SetWindowTextA 763EA4E6 5 Bytes JMP 74B150F9 .text C:\Windows\system32\svchost.exe[2724] USER32.dll!FindWindowExW 763F260C 5 Bytes JMP 74B157B9 .text C:\Windows\system32\svchost.exe[2724] USER32.dll!DialogBoxIndirectParamAorW 763F2EB6 5 Bytes JMP 74B14F49 .text C:\Windows\system32\svchost.exe[2724] USER32.dll!MessageBoxExA 7641D639 5 Bytes JMP 74B14FD9 .text C:\Windows\system32\svchost.exe[2724] USER32.dll!MessageBoxExW 7641D65D 5 Bytes JMP 74B15069 .text C:\Windows\system32\svchost.exe[2724] SHELL32.dll!Shell_NotifyIconW 76758642 5 Bytes JMP 74B142E9 .text C:\Windows\system32\svchost.exe[2724] SHELL32.dll!Shell_GetCachedImageIndexW + 1D31 76779105 1 Byte [E9] .text C:\Windows\system32\svchost.exe[2724] SHELL32.dll!Shell_GetCachedImageIndexW + 1D31 76779105 5 Bytes JMP 74B15F09 .text C:\Windows\system32\svchost.exe[2724] WS2_32.dll!WahWriteLSPEvent 77521434 5 Bytes JMP 74B15F99 .text C:\Windows\system32\svchost.exe[2724] WS2_32.dll!closesocket 7752330C 5 Bytes JMP 74B152A9 .text C:\Windows\system32\svchost.exe[2724] WS2_32.dll!recv 7752343A 5 Bytes JMP 74B15C39 .text C:\Windows\system32\svchost.exe[2724] WS2_32.dll!WSASocketW 775234EB 5 Bytes JMP 74B15219 .text C:\Windows\system32\svchost.exe[2724] WS2_32.dll!socket 775236D1 5 Bytes JMP 74B15A89 .text C:\Windows\system32\svchost.exe[2724] WS2_32.dll!GetAddrInfoW 77523D12 5 Bytes JMP 74B14BE9 .text C:\Windows\system32\svchost.exe[2724] WS2_32.dll!connect 775240D9 5 Bytes JMP 74B13A79 .text C:\Windows\system32\svchost.exe[2724] WS2_32.dll!WSASend 77524496 5 Bytes JMP 74B12009 .text C:\Windows\system32\svchost.exe[2724] WS2_32.dll!send 7752659B 5 Bytes JMP 74B11F79 .text C:\Windows\system32\svchost.exe[2724] WS2_32.dll!WSARecv 77528400 5 Bytes JMP 74B15CC9 .text C:\Windows\system32\svchost.exe[2724] WS2_32.dll!WSAConnect 7752D7B0 5 Bytes JMP 74B15BA9 .text C:\Windows\system32\svchost.exe[2724] WS2_32.dll!gethostbyname 775362D4 5 Bytes JMP 74B14C79 .text C:\Windows\System32\svchost.exe[2752] ntdll.dll!RtlCreateProcessParametersEx 7773DFE3 5 Bytes JMP 74B11EE9 .text C:\Windows\System32\svchost.exe[2752] ntdll.dll!NtClose + 5 77774189 5 Bytes JMP 74B158D9 .text C:\Windows\System32\svchost.exe[2752] ntdll.dll!NtCreateFile + 5 77774249 5 Bytes JMP 74B11DC9 .text C:\Windows\System32\svchost.exe[2752] ntdll.dll!NtCreateProcess + 5 77774309 5 Bytes JMP 74B12A29 .text C:\Windows\System32\svchost.exe[2752] ntdll.dll!NtCreateProcessEx + 5 77774319 5 Bytes JMP 74B12AB9 .text C:\Windows\System32\svchost.exe[2752] ntdll.dll!NtCreateThread + 5 77774369 5 Bytes JMP 74B12999 .text C:\Windows\System32\svchost.exe[2752] ntdll.dll!NtDuplicateObject + 5 77774699 5 Bytes JMP 74B12E19 .text C:\Windows\System32\svchost.exe[2752] ntdll.dll!NtLoadDriver + 5 777748D9 5 Bytes JMP 74B15969 .text C:\Windows\System32\svchost.exe[2752] ntdll.dll!NtMapViewOfSection + 5 77774999 5 Bytes JMP 74B115E9 .text C:\Windows\System32\svchost.exe[2752] ntdll.dll!NtOpenProcess + 5 77774AA9 5 Bytes JMP 74B12CF9 .text C:\Windows\System32\svchost.exe[2752] ntdll.dll!NtQueueApcThread + 5 77774E79 5 Bytes JMP 74B12D89 .text C:\Windows\System32\svchost.exe[2752] ntdll.dll!NtRaiseHardError + 5 77774E99 5 Bytes JMP 74B140A9 .text C:\Windows\System32\svchost.exe[2752] ntdll.dll!NtSetContextThread + 5 77775099 5 Bytes JMP 74B12C69 .text C:\Windows\System32\svchost.exe[2752] ntdll.dll!NtSetInformationProcess + 5 77775199 5 Bytes JMP 74B153C9 .text C:\Windows\System32\svchost.exe[2752] ntdll.dll!NtSetSystemInformation + 5 77775259 5 Bytes JMP 74B159F9 .text C:\Windows\System32\svchost.exe[2752] ntdll.dll!NtSetValueKey + 5 777752C9 5 Bytes JMP 74B121B9 .text C:\Windows\System32\svchost.exe[2752] ntdll.dll!NtTerminateProcess + 5 77775369 5 Bytes JMP 74B15339 .text C:\Windows\System32\svchost.exe[2752] ntdll.dll!NtUnmapViewOfSection + 5 77775449 5 Bytes JMP 74B11679 .text C:\Windows\System32\svchost.exe[2752] ntdll.dll!NtWriteVirtualMemory + 5 777754E9 5 Bytes JMP 74B12BD9 .text C:\Windows\System32\svchost.exe[2752] ntdll.dll!NtCreateThreadEx + 5 77775669 5 Bytes JMP 74B12909 .text C:\Windows\System32\svchost.exe[2752] ntdll.dll!RtlReportException 777A4293 5 Bytes JMP 74B14139 .text C:\Windows\System32\svchost.exe[2752] ntdll.dll!RtlCreateProcessParameters 777A6AE8 5 Bytes JMP 74B11E59 .text C:\Windows\System32\svchost.exe[2752] kernel32.dll!GetSystemTimeAsFileTime 778918C0 5 Bytes JMP 74B119D9 .text C:\Windows\System32\svchost.exe[2752] kernel32.dll!GetStartupInfoW 77891929 5 Bytes JMP 74B11D39 .text C:\Windows\System32\svchost.exe[2752] kernel32.dll!GetStartupInfoA 778919C9 5 Bytes JMP 74B11CA9 .text C:\Windows\System32\svchost.exe[2752] kernel32.dll!CreateProcessA 77891C28 5 Bytes JMP 74B12639 .text C:\Windows\System32\svchost.exe[2752] kernel32.dll!Sleep 77891C5D 5 Bytes JMP 74B122D9 .text C:\Windows\System32\svchost.exe[2752] kernel32.dll!WriteProcessMemory 77891CB8 5 Bytes JMP 74B12F39 .text C:\Windows\System32\svchost.exe[2752] kernel32.dll!CreateProcessInternalW 778B5467 5 Bytes JMP 74B12B49 .text C:\Windows\System32\svchost.exe[2752] kernel32.dll!LoadLibraryExW 778B926C 5 Bytes JMP 74B154E9 .text C:\Windows\System32\svchost.exe[2752] kernel32.dll!LoadLibraryExA 778B9544 5 Bytes JMP 74B15459 .text C:\Windows\System32\svchost.exe[2752] kernel32.dll!LoadLibraryA 778B956C 5 Bytes JMP 74B123F9 .text C:\Windows\System32\svchost.exe[2752] kernel32.dll!FreeLibrary 778D3F64 5 Bytes JMP 74B15579 .text C:\Windows\System32\svchost.exe[2752] kernel32.dll!ExitProcess 778D43B4 5 Bytes JMP 74B12249 .text C:\Windows\System32\svchost.exe[2752] kernel32.dll!GetProcAddress 778D921B 5 Bytes JMP 74B12369 .text C:\Windows\System32\svchost.exe[2752] kernel32.dll!GetModuleHandleA 778D9485 5 Bytes JMP 74B118B9 .text C:\Windows\System32\svchost.exe[2752] kernel32.dll!SleepEx 778D9B3E 5 Bytes JMP 74B12129 .text C:\Windows\System32\svchost.exe[2752] kernel32.dll!QueryPerformanceCounter 778DA860 5 Bytes JMP 74B11A69 .text C:\Windows\System32\svchost.exe[2752] kernel32.dll!GetModuleHandleW 778DAA04 5 Bytes JMP 74B11949 .text C:\Windows\System32\svchost.exe[2752] kernel32.dll!OpenMutexW 778DAC85 5 Bytes JMP 74B13329 .text C:\Windows\System32\svchost.exe[2752] kernel32.dll!CloseHandle 778DB08D 5 Bytes JMP 74B13449 .text C:\Windows\System32\svchost.exe[2752] kernel32.dll!CreateThread 778DCB0E 5 Bytes JMP 74B12EA9 .text C:\Windows\System32\svchost.exe[2752] kernel32.dll!CreateRemoteThread 778DCB35 5 Bytes JMP 74B12879 .text C:\Windows\System32\svchost.exe[2752] kernel32.dll!CreateFileA 778DD05F 5 Bytes JMP 74B12519 .text C:\Windows\System32\svchost.exe[2752] kernel32.dll!CreateMutexW 778DD755 5 Bytes JMP 74B133B9 .text C:\Windows\System32\svchost.exe[2752] kernel32.dll!Process32NextW 778E616D 5 Bytes JMP 74B15849 .text C:\Windows\System32\svchost.exe[2752] kernel32.dll!CreateToolhelp32Snapshot 778E68A7 5 Bytes JMP 74B12489 .text C:\Windows\System32\svchost.exe[2752] kernel32.dll!WinExec 7792614F 5 Bytes JMP 74B125A9 .text C:\Windows\System32\svchost.exe[2752] kernel32.dll!ReadConsoleA 77937B6D 5 Bytes JMP 74B13F89 .text C:\Windows\System32\svchost.exe[2752] kernel32.dll!ReadConsoleW 77937BC3 5 Bytes JMP 74B14019 .text C:\Windows\System32\svchost.exe[2752] kernel32.dll!ReadConsoleInputA 77938E13 5 Bytes JMP 74B13E69 .text C:\Windows\System32\svchost.exe[2752] kernel32.dll!ReadConsoleInputW 77938E36 5 Bytes JMP 74B13EF9 .text C:\Windows\System32\svchost.exe[2752] msvcrt.dll!_lock + 29 764F9FAE 5 Bytes JMP 74B15D59 .text C:\Windows\System32\svchost.exe[2752] msvcrt.dll!__p__fmode 7650179B 5 Bytes JMP 74B11B89 .text C:\Windows\System32\svchost.exe[2752] msvcrt.dll!__p__environ 7650C7D7 5 Bytes JMP 74B11AF9 .text C:\Windows\System32\svchost.exe[2752] ADVAPI32.dll!OpenServiceA 765C2EBD 5 Bytes JMP 74B134D9 .text C:\Windows\System32\svchost.exe[2752] ADVAPI32.dll!CloseServiceHandle 765C82A5 5 Bytes JMP 74B13959 .text C:\Windows\System32\svchost.exe[2752] ADVAPI32.dll!OpenServiceW 765C8354 5 Bytes JMP 74B13569 .text C:\Windows\System32\svchost.exe[2752] ADVAPI32.dll!RegOpenCurrentUser + 9B 765E0CC1 5 Bytes JMP 74B15DE9 .text C:\Windows\System32\svchost.exe[2752] ADVAPI32.dll!CreateServiceW 765E9EB4 5 Bytes JMP 74B13B99 .text C:\Windows\System32\svchost.exe[2752] ADVAPI32.dll!ControlService 765E9FB8 5 Bytes JMP 74B13719 .text C:\Windows\System32\svchost.exe[2752] ADVAPI32.dll!DeleteService 765EA07E 5 Bytes JMP 74B137A9 .text C:\Windows\System32\svchost.exe[2752] ADVAPI32.dll!ControlServiceExA 7662662E 5 Bytes JMP 74B135F9 .text C:\Windows\System32\svchost.exe[2752] ADVAPI32.dll!ControlServiceExW 76626741 5 Bytes JMP 74B13689 .text C:\Windows\System32\svchost.exe[2752] ADVAPI32.dll!ChangeServiceConfigA 76626DD9 5 Bytes JMP 74B13839 .text C:\Windows\System32\svchost.exe[2752] ADVAPI32.dll!ChangeServiceConfigW 76626F81 5 Bytes JMP 74B138C9 .text C:\Windows\System32\svchost.exe[2752] ADVAPI32.dll!CreateServiceA 766272A1 5 Bytes JMP 74B13B09 .text C:\Windows\System32\rundll32.exe[3128] ntdll.dll!RtlCreateProcessParametersEx 7773DFE3 5 Bytes JMP 74B11F79 .text C:\Windows\System32\rundll32.exe[3128] ntdll.dll!NtClose + 5 77774189 5 Bytes JMP 74B158D9 .text C:\Windows\System32\rundll32.exe[3128] ntdll.dll!NtCreateFile + 5 77774249 5 Bytes JMP 74B11E59 .text C:\Windows\System32\rundll32.exe[3128] ntdll.dll!NtCreateProcess + 5 77774309 5 Bytes JMP 74B12AB9 .text C:\Windows\System32\rundll32.exe[3128] ntdll.dll!NtCreateProcessEx + 5 77774319 5 Bytes JMP 74B12B49 .text C:\Windows\System32\rundll32.exe[3128] ntdll.dll!NtCreateThread + 5 77774369 5 Bytes JMP 74B12A29 .text C:\Windows\System32\rundll32.exe[3128] ntdll.dll!NtDuplicateObject + 5 77774699 5 Bytes JMP 74B12EA9 .text C:\Windows\System32\rundll32.exe[3128] ntdll.dll!NtLoadDriver + 5 777748D9 5 Bytes JMP 74B15969 .text C:\Windows\System32\rundll32.exe[3128] ntdll.dll!NtMapViewOfSection + 5 77774999 5 Bytes JMP 74B115E9 .text C:\Windows\System32\rundll32.exe[3128] ntdll.dll!NtOpenProcess + 5 77774AA9 5 Bytes JMP 74B12D89 .text C:\Windows\System32\rundll32.exe[3128] ntdll.dll!NtQueueApcThread + 5 77774E79 5 Bytes JMP 74B12E19 .text C:\Windows\System32\rundll32.exe[3128] ntdll.dll!NtRaiseHardError + 5 77774E99 5 Bytes JMP 74B14139 .text C:\Windows\System32\rundll32.exe[3128] ntdll.dll!NtSetContextThread + 5 77775099 5 Bytes JMP 74B12CF9 .text C:\Windows\System32\rundll32.exe[3128] ntdll.dll!NtSetInformationProcess + 5 77775199 5 Bytes JMP 74B15459 .text C:\Windows\System32\rundll32.exe[3128] ntdll.dll!NtSetSystemInformation + 5 77775259 5 Bytes JMP 74B159F9 .text C:\Windows\System32\rundll32.exe[3128] ntdll.dll!NtSetValueKey + 5 777752C9 5 Bytes JMP 74B12249 .text C:\Windows\System32\rundll32.exe[3128] ntdll.dll!NtTerminateProcess + 5 77775369 5 Bytes JMP 74B153C9 .text C:\Windows\System32\rundll32.exe[3128] ntdll.dll!NtUnmapViewOfSection + 5 77775449 5 Bytes JMP 74B11679 .text C:\Windows\System32\rundll32.exe[3128] ntdll.dll!NtVdmControl + 5 77775459 5 Bytes JMP 74B15D59 .text C:\Windows\System32\rundll32.exe[3128] ntdll.dll!NtWriteVirtualMemory + 5 777754E9 5 Bytes JMP 74B12C69 .text C:\Windows\System32\rundll32.exe[3128] ntdll.dll!NtCreateThreadEx + 5 77775669 5 Bytes JMP 74B12999 .text C:\Windows\System32\rundll32.exe[3128] ntdll.dll!RtlReportException 777A4293 5 Bytes JMP 74B141C9 .text C:\Windows\System32\rundll32.exe[3128] ntdll.dll!RtlCreateProcessParameters 777A6AE8 5 Bytes JMP 74B11EE9 .text C:\Windows\System32\rundll32.exe[3128] kernel32.dll!GetSystemTimeAsFileTime 778918C0 5 Bytes JMP 74B11A69 .text C:\Windows\System32\rundll32.exe[3128] kernel32.dll!GetStartupInfoW 77891929 5 Bytes JMP 74B11DC9 .text C:\Windows\System32\rundll32.exe[3128] kernel32.dll!GetStartupInfoA 778919C9 5 Bytes JMP 74B11D39 .text C:\Windows\System32\rundll32.exe[3128] kernel32.dll!CreateProcessA 77891C28 5 Bytes JMP 74B126C9 .text C:\Windows\System32\rundll32.exe[3128] kernel32.dll!Sleep 77891C5D 5 Bytes JMP 74B12369 .text C:\Windows\System32\rundll32.exe[3128] kernel32.dll!WriteProcessMemory 77891CB8 5 Bytes JMP 74B12FC9 .text C:\Windows\System32\rundll32.exe[3128] kernel32.dll!CreateProcessInternalW 778B5467 5 Bytes JMP 74B12BD9 .text C:\Windows\System32\rundll32.exe[3128] kernel32.dll!LoadLibraryExW 778B926C 5 Bytes JMP 74B11709 .text C:\Windows\System32\rundll32.exe[3128] kernel32.dll!LoadLibraryExA 778B9544 5 Bytes JMP 74B154E9 .text C:\Windows\System32\rundll32.exe[3128] kernel32.dll!LoadLibraryA 778B956C 5 Bytes JMP 74B12489 .text C:\Windows\System32\rundll32.exe[3128] kernel32.dll!FreeLibrary 778D3F64 5 Bytes JMP 74B15579 .text C:\Windows\System32\rundll32.exe[3128] kernel32.dll!ExitProcess 778D43B4 5 Bytes JMP 74B122D9 .text C:\Windows\System32\rundll32.exe[3128] kernel32.dll!GetProcAddress 778D921B 5 Bytes JMP 74B123F9 .text C:\Windows\System32\rundll32.exe[3128] kernel32.dll!GetModuleHandleA 778D9485 5 Bytes JMP 74B11949 .text C:\Windows\System32\rundll32.exe[3128] kernel32.dll!SleepEx 778D9B3E 5 Bytes JMP 74B121B9 .text C:\Windows\System32\rundll32.exe[3128] kernel32.dll!QueryPerformanceCounter 778DA860 5 Bytes JMP 74B11AF9 .text C:\Windows\System32\rundll32.exe[3128] kernel32.dll!GetModuleHandleW 778DAA04 5 Bytes JMP 74B119D9 .text C:\Windows\System32\rundll32.exe[3128] kernel32.dll!OpenMutexW 778DAC85 5 Bytes JMP 74B133B9 .text C:\Windows\System32\rundll32.exe[3128] kernel32.dll!CloseHandle 778DB08D 5 Bytes JMP 74B134D9 .text C:\Windows\System32\rundll32.exe[3128] kernel32.dll!CreateThread 778DCB0E 5 Bytes JMP 74B12F39 .text C:\Windows\System32\rundll32.exe[3128] kernel32.dll!CreateRemoteThread 778DCB35 5 Bytes JMP 74B12909 .text C:\Windows\System32\rundll32.exe[3128] kernel32.dll!CreateFileA 778DD05F 2 Bytes JMP 74B125A9 .text C:\Windows\System32\rundll32.exe[3128] kernel32.dll!CreateFileA + 3 778DD062 2 Bytes [23, FD] {AND EDI, EBP} .text C:\Windows\System32\rundll32.exe[3128] kernel32.dll!CreateMutexW 778DD755 5 Bytes JMP 74B13449 .text C:\Windows\System32\rundll32.exe[3128] kernel32.dll!Process32NextW 778E616D 5 Bytes JMP 74B15849 .text C:\Windows\System32\rundll32.exe[3128] kernel32.dll!CreateToolhelp32Snapshot 778E68A7 5 Bytes JMP 74B12519 .text C:\Windows\System32\rundll32.exe[3128] kernel32.dll!WinExec 7792614F 5 Bytes JMP 74B12639 .text C:\Windows\System32\rundll32.exe[3128] kernel32.dll!ReadConsoleA 77937B6D 5 Bytes JMP 74B14019 .text C:\Windows\System32\rundll32.exe[3128] kernel32.dll!ReadConsoleW 77937BC3 5 Bytes JMP 74B140A9 .text C:\Windows\System32\rundll32.exe[3128] kernel32.dll!ReadConsoleInputA 77938E13 5 Bytes JMP 74B13EF9 .text C:\Windows\System32\rundll32.exe[3128] kernel32.dll!ReadConsoleInputW 77938E36 5 Bytes JMP 74B13F89 .text C:\Windows\System32\rundll32.exe[3128] USER32.dll!SetWindowsHookExA 763C6322 5 Bytes JMP 74B127E9 .text C:\Windows\System32\rundll32.exe[3128] USER32.dll!CreateDialogIndirectParamAorW 763C7266 5 Bytes JMP 74B14F49 .text C:\Windows\System32\rundll32.exe[3128] USER32.dll!SetWindowsHookExW 763C87AD 5 Bytes JMP 74B12879 .text C:\Windows\System32\rundll32.exe[3128] USER32.dll!CallNextHookEx 763C8E3B 5 Bytes JMP 74B14259 .text C:\Windows\System32\rundll32.exe[3128] USER32.dll!UnhookWindowsHookEx 763C98DB 5 Bytes JMP 74B142E9 .text C:\Windows\System32\rundll32.exe[3128] USER32.dll!FindWindowA 763C9D76 5 Bytes JMP 74B15609 .text C:\Windows\System32\rundll32.exe[3128] USER32.dll!ShowWindow 763CCA10 5 Bytes JMP 74B14EB9 .text C:\Windows\System32\rundll32.exe[3128] USER32.dll!CreateWindowExA 763CDC2A 5 Bytes JMP 74B14E29 .text C:\Windows\System32\rundll32.exe[3128] USER32.dll!FindWindowExA 763CF6C1 5 Bytes JMP 74B15699 .text C:\Windows\System32\rundll32.exe[3128] USER32.dll!PostMessageA 763CF8F8 5 Bytes JMP 74B15DE9 .text C:\Windows\System32\rundll32.exe[3128] USER32.dll!CreateWindowExW 763D1305 5 Bytes JMP 74B14D99 .text C:\Windows\System32\rundll32.exe[3128] USER32.dll!UserClientDllInitialize 763D7A1D 5 Bytes JMP 74B15F09 .text C:\Windows\System32\rundll32.exe[3128] USER32.dll!PeekMessageA 763D8343 5 Bytes JMP 74B13DD9 .text C:\Windows\System32\rundll32.exe[3128] USER32.dll!GetMessageA 763D8AB3 5 Bytes JMP 74B13CB9 .text C:\Windows\System32\rundll32.exe[3128] USER32.dll!SetWindowTextW 763D9815 1 Byte [E9] .text C:\Windows\System32\rundll32.exe[3128] USER32.dll!SetWindowTextW 763D9815 5 Bytes JMP 74B15219 .text C:\Windows\System32\rundll32.exe[3128] USER32.dll!PostMessageW 763DA175 1 Byte [E9] .text C:\Windows\System32\rundll32.exe[3128] USER32.dll!PostMessageW 763DA175 5 Bytes JMP 74B15E79 .text C:\Windows\System32\rundll32.exe[3128] USER32.dll!FindWindowW 763DA441 5 Bytes JMP 74B15729 .text C:\Windows\System32\rundll32.exe[3128] USER32.dll!GetMessageW 763DFEF7 5 Bytes JMP 74B13D49 .text C:\Windows\System32\rundll32.exe[3128] USER32.dll!PeekMessageW 763E045A 5 Bytes JMP 74B13E69 .text C:\Windows\System32\rundll32.exe[3128] USER32.dll!SetWindowTextA 763EA4E6 5 Bytes JMP 74B15189 .text C:\Windows\System32\rundll32.exe[3128] USER32.dll!FindWindowExW 763F260C 5 Bytes JMP 74B157B9 .text C:\Windows\System32\rundll32.exe[3128] USER32.dll!DialogBoxIndirectParamAorW 763F2EB6 5 Bytes JMP 74B14FD9 .text C:\Windows\System32\rundll32.exe[3128] USER32.dll!MessageBoxExA 7641D639 5 Bytes JMP 74B15069 .text C:\Windows\System32\rundll32.exe[3128] USER32.dll!MessageBoxExW 7641D65D 5 Bytes JMP 74B150F9 .text C:\Windows\System32\rundll32.exe[3128] ADVAPI32.dll!OpenServiceA 765C2EBD 5 Bytes JMP 74B13569 .text C:\Windows\System32\rundll32.exe[3128] ADVAPI32.dll!CloseServiceHandle 765C82A5 5 Bytes JMP 74B139E9 .text C:\Windows\System32\rundll32.exe[3128] ADVAPI32.dll!OpenServiceW 765C8354 5 Bytes JMP 74B135F9 .text C:\Windows\System32\rundll32.exe[3128] ADVAPI32.dll!RegOpenCurrentUser + 9B 765E0CC1 5 Bytes JMP 74B15F99 .text C:\Windows\System32\rundll32.exe[3128] ADVAPI32.dll!CreateServiceW 765E9EB4 5 Bytes JMP 74B13C29 .text C:\Windows\System32\rundll32.exe[3128] ADVAPI32.dll!ControlService 765E9FB8 5 Bytes JMP 74B137A9 .text C:\Windows\System32\rundll32.exe[3128] ADVAPI32.dll!DeleteService 765EA07E 5 Bytes JMP 74B13839 .text C:\Windows\System32\rundll32.exe[3128] ADVAPI32.dll!ControlServiceExA 7662662E 5 Bytes JMP 74B13689 .text C:\Windows\System32\rundll32.exe[3128] ADVAPI32.dll!ControlServiceExW 76626741 5 Bytes JMP 74B13719 .text C:\Windows\System32\rundll32.exe[3128] ADVAPI32.dll!ChangeServiceConfigA 76626DD9 5 Bytes JMP 74B138C9 .text C:\Windows\System32\rundll32.exe[3128] ADVAPI32.dll!ChangeServiceConfigW 76626F81 5 Bytes JMP 74B13959 .text C:\Windows\System32\rundll32.exe[3128] ADVAPI32.dll!CreateServiceA 766272A1 5 Bytes JMP 74B13B99 .text C:\Windows\System32\rundll32.exe[3128] msvcrt.dll!_lock + 29 764F9FAE 5 Bytes JMP 74B16029 .text C:\Windows\System32\rundll32.exe[3128] msvcrt.dll!__p__fmode 7650179B 5 Bytes JMP 74B11C19 .text C:\Windows\System32\rundll32.exe[3128] msvcrt.dll!__p__environ 7650C7D7 5 Bytes JMP 74B11B89 .text C:\Windows\System32\rundll32.exe[3128] SHELL32.dll!Shell_NotifyIconW 76758642 5 Bytes JMP 74B14379 .text C:\Windows\System32\rundll32.exe[3128] SHELL32.dll!Shell_GetCachedImageIndexW + 1D31 76779105 5 Bytes JMP 74B160B9 .text C:\Windows\system32\svchost.exe[3220] ntdll.dll!RtlCreateProcessParametersEx 7773DFE3 5 Bytes JMP 74B11EE9 .text C:\Windows\system32\svchost.exe[3220] ntdll.dll!NtClose + 5 77774189 5 Bytes JMP 74B158D9 .text C:\Windows\system32\svchost.exe[3220] ntdll.dll!NtCreateFile + 5 77774249 5 Bytes JMP 74B11DC9 .text C:\Windows\system32\svchost.exe[3220] ntdll.dll!NtCreateProcess + 5 77774309 5 Bytes JMP 74B12A29 .text C:\Windows\system32\svchost.exe[3220] ntdll.dll!NtCreateProcessEx + 5 77774319 5 Bytes JMP 74B12AB9 .text C:\Windows\system32\svchost.exe[3220] ntdll.dll!NtCreateThread + 5 77774369 5 Bytes JMP 74B12999 .text C:\Windows\system32\svchost.exe[3220] ntdll.dll!NtDuplicateObject + 5 77774699 5 Bytes JMP 74B12E19 .text C:\Windows\system32\svchost.exe[3220] ntdll.dll!NtLoadDriver + 5 777748D9 5 Bytes JMP 74B15969 .text C:\Windows\system32\svchost.exe[3220] ntdll.dll!NtMapViewOfSection + 5 77774999 5 Bytes JMP 74B115E9 .text C:\Windows\system32\svchost.exe[3220] ntdll.dll!NtOpenProcess + 5 77774AA9 5 Bytes JMP 74B12CF9 .text C:\Windows\system32\svchost.exe[3220] ntdll.dll!NtQueueApcThread + 5 77774E79 5 Bytes JMP 74B12D89 .text C:\Windows\system32\svchost.exe[3220] ntdll.dll!NtRaiseHardError + 5 77774E99 5 Bytes JMP 74B140A9 .text C:\Windows\system32\svchost.exe[3220] ntdll.dll!NtSetContextThread + 5 77775099 5 Bytes JMP 74B12C69 .text C:\Windows\system32\svchost.exe[3220] ntdll.dll!NtSetInformationProcess + 5 77775199 5 Bytes JMP 74B153C9 .text C:\Windows\system32\svchost.exe[3220] ntdll.dll!NtSetSystemInformation + 5 77775259 5 Bytes JMP 74B159F9 .text C:\Windows\system32\svchost.exe[3220] ntdll.dll!NtSetValueKey + 5 777752C9 5 Bytes JMP 74B121B9 .text C:\Windows\system32\svchost.exe[3220] ntdll.dll!NtTerminateProcess + 5 77775369 5 Bytes JMP 74B15339 .text C:\Windows\system32\svchost.exe[3220] ntdll.dll!NtUnmapViewOfSection + 5 77775449 5 Bytes JMP 74B11679 .text C:\Windows\system32\svchost.exe[3220] ntdll.dll!NtWriteVirtualMemory + 5 777754E9 5 Bytes JMP 74B12BD9 .text C:\Windows\system32\svchost.exe[3220] ntdll.dll!NtCreateThreadEx + 5 77775669 5 Bytes JMP 74B12909 .text C:\Windows\system32\svchost.exe[3220] ntdll.dll!RtlReportException 777A4293 5 Bytes JMP 74B14139 .text C:\Windows\system32\svchost.exe[3220] ntdll.dll!RtlCreateProcessParameters 777A6AE8 5 Bytes JMP 74B11E59 .text C:\Windows\system32\svchost.exe[3220] kernel32.dll!GetSystemTimeAsFileTime 778918C0 5 Bytes JMP 74B119D9 .text C:\Windows\system32\svchost.exe[3220] kernel32.dll!GetStartupInfoW 77891929 5 Bytes JMP 74B11D39 .text C:\Windows\system32\svchost.exe[3220] kernel32.dll!GetStartupInfoA 778919C9 5 Bytes JMP 74B11CA9 .text C:\Windows\system32\svchost.exe[3220] kernel32.dll!CreateProcessA 77891C28 5 Bytes JMP 74B12639 .text C:\Windows\system32\svchost.exe[3220] kernel32.dll!Sleep 77891C5D 5 Bytes JMP 74B122D9 .text C:\Windows\system32\svchost.exe[3220] kernel32.dll!WriteProcessMemory 77891CB8 5 Bytes JMP 74B12F39 .text C:\Windows\system32\svchost.exe[3220] kernel32.dll!CreateProcessInternalW 778B5467 5 Bytes JMP 74B12B49 .text C:\Windows\system32\svchost.exe[3220] kernel32.dll!LoadLibraryExW 778B926C 5 Bytes JMP 74B154E9 .text C:\Windows\system32\svchost.exe[3220] kernel32.dll!LoadLibraryExA 778B9544 5 Bytes JMP 74B15459 .text C:\Windows\system32\svchost.exe[3220] kernel32.dll!LoadLibraryA 778B956C 5 Bytes JMP 74B123F9 .text C:\Windows\system32\svchost.exe[3220] kernel32.dll!FreeLibrary 778D3F64 5 Bytes JMP 74B15579 .text C:\Windows\system32\svchost.exe[3220] kernel32.dll!ExitProcess 778D43B4 5 Bytes JMP 74B12249 .text C:\Windows\system32\svchost.exe[3220] kernel32.dll!GetProcAddress 778D921B 5 Bytes JMP 74B12369 .text C:\Windows\system32\svchost.exe[3220] kernel32.dll!GetModuleHandleA 778D9485 5 Bytes JMP 74B118B9 .text C:\Windows\system32\svchost.exe[3220] kernel32.dll!SleepEx 778D9B3E 5 Bytes JMP 74B12129 .text C:\Windows\system32\svchost.exe[3220] kernel32.dll!QueryPerformanceCounter 778DA860 5 Bytes JMP 74B11A69 .text C:\Windows\system32\svchost.exe[3220] kernel32.dll!GetModuleHandleW 778DAA04 5 Bytes JMP 74B11949 .text C:\Windows\system32\svchost.exe[3220] kernel32.dll!OpenMutexW 778DAC85 5 Bytes JMP 74B13329 .text C:\Windows\system32\svchost.exe[3220] kernel32.dll!CloseHandle 778DB08D 5 Bytes JMP 74B13449 .text C:\Windows\system32\svchost.exe[3220] kernel32.dll!CreateThread 778DCB0E 5 Bytes JMP 74B12EA9 .text C:\Windows\system32\svchost.exe[3220] kernel32.dll!CreateRemoteThread 778DCB35 5 Bytes JMP 74B12879 .text C:\Windows\system32\svchost.exe[3220] kernel32.dll!CreateFileA 778DD05F 5 Bytes JMP 74B12519 .text C:\Windows\system32\svchost.exe[3220] kernel32.dll!CreateMutexW 778DD755 5 Bytes JMP 74B133B9 .text C:\Windows\system32\svchost.exe[3220] kernel32.dll!Process32NextW 778E616D 5 Bytes JMP 74B15849 .text C:\Windows\system32\svchost.exe[3220] kernel32.dll!CreateToolhelp32Snapshot 778E68A7 5 Bytes JMP 74B12489 .text C:\Windows\system32\svchost.exe[3220] kernel32.dll!WinExec 7792614F 5 Bytes JMP 74B125A9 .text C:\Windows\system32\svchost.exe[3220] kernel32.dll!ReadConsoleA 77937B6D 5 Bytes JMP 74B13F89 .text C:\Windows\system32\svchost.exe[3220] kernel32.dll!ReadConsoleW 77937BC3 5 Bytes JMP 74B14019 .text C:\Windows\system32\svchost.exe[3220] kernel32.dll!ReadConsoleInputA 77938E13 5 Bytes JMP 74B13E69 .text C:\Windows\system32\svchost.exe[3220] kernel32.dll!ReadConsoleInputW 77938E36 5 Bytes JMP 74B13EF9 .text C:\Windows\system32\svchost.exe[3220] msvcrt.dll!_lock + 29 764F9FAE 5 Bytes JMP 74B15D59 .text C:\Windows\system32\svchost.exe[3220] msvcrt.dll!__p__fmode 7650179B 5 Bytes JMP 74B11B89 .text C:\Windows\system32\svchost.exe[3220] msvcrt.dll!__p__environ 7650C7D7 5 Bytes JMP 74B11AF9 .text C:\Windows\system32\svchost.exe[3220] ADVAPI32.dll!OpenServiceA 765C2EBD 5 Bytes JMP 74B134D9 .text C:\Windows\system32\svchost.exe[3220] ADVAPI32.dll!CloseServiceHandle 765C82A5 5 Bytes JMP 74B13959 .text C:\Windows\system32\svchost.exe[3220] ADVAPI32.dll!OpenServiceW 765C8354 5 Bytes JMP 74B13569 .text C:\Windows\system32\svchost.exe[3220] ADVAPI32.dll!RegOpenCurrentUser + 9B 765E0CC1 5 Bytes JMP 74B15DE9 .text C:\Windows\system32\svchost.exe[3220] ADVAPI32.dll!CreateServiceW 765E9EB4 5 Bytes JMP 74B13B99 .text C:\Windows\system32\svchost.exe[3220] ADVAPI32.dll!ControlService 765E9FB8 5 Bytes JMP 74B13719 .text C:\Windows\system32\svchost.exe[3220] ADVAPI32.dll!DeleteService 765EA07E 5 Bytes JMP 74B137A9 .text C:\Windows\system32\svchost.exe[3220] ADVAPI32.dll!ControlServiceExA 7662662E 5 Bytes JMP 74B135F9 .text C:\Windows\system32\svchost.exe[3220] ADVAPI32.dll!ControlServiceExW 76626741 5 Bytes JMP 74B13689 .text C:\Windows\system32\svchost.exe[3220] ADVAPI32.dll!ChangeServiceConfigA 76626DD9 5 Bytes JMP 74B13839 .text C:\Windows\system32\svchost.exe[3220] ADVAPI32.dll!ChangeServiceConfigW 76626F81 5 Bytes JMP 74B138C9 .text C:\Windows\system32\svchost.exe[3220] ADVAPI32.dll!CreateServiceA 766272A1 5 Bytes JMP 74B13B09 .text C:\Windows\system32\svchost.exe[3220] USER32.dll!SetWindowsHookExA 763C6322 5 Bytes JMP 74B12759 .text C:\Windows\system32\svchost.exe[3220] USER32.dll!CreateDialogIndirectParamAorW 763C7266 5 Bytes JMP 74B14EB9 .text C:\Windows\system32\svchost.exe[3220] USER32.dll!SetWindowsHookExW 763C87AD 5 Bytes JMP 74B127E9 .text C:\Windows\system32\svchost.exe[3220] USER32.dll!CallNextHookEx 763C8E3B 5 Bytes JMP 74B141C9 .text C:\Windows\system32\svchost.exe[3220] USER32.dll!UnhookWindowsHookEx 763C98DB 5 Bytes JMP 74B14259 .text C:\Windows\system32\svchost.exe[3220] USER32.dll!FindWindowA 763C9D76 5 Bytes JMP 74B15609 .text C:\Windows\system32\svchost.exe[3220] USER32.dll!ShowWindow 763CCA10 5 Bytes JMP 74B14E29 .text C:\Windows\system32\svchost.exe[3220] USER32.dll!CreateWindowExA 763CDC2A 5 Bytes JMP 74B14D99 .text C:\Windows\system32\svchost.exe[3220] USER32.dll!FindWindowExA 763CF6C1 5 Bytes JMP 74B15699 .text C:\Windows\system32\svchost.exe[3220] USER32.dll!CreateWindowExW 763D1305 1 Byte [E9] .text C:\Windows\system32\svchost.exe[3220] USER32.dll!CreateWindowExW 763D1305 5 Bytes JMP 74B14D09 .text C:\Windows\system32\svchost.exe[3220] USER32.dll!UserClientDllInitialize 763D7A1D 5 Bytes JMP 74B15E79 .text C:\Windows\system32\svchost.exe[3220] USER32.dll!PeekMessageA 763D8343 5 Bytes JMP 74B13D49 .text C:\Windows\system32\svchost.exe[3220] USER32.dll!GetMessageA 763D8AB3 5 Bytes JMP 74B13C29 .text C:\Windows\system32\svchost.exe[3220] USER32.dll!SetWindowTextW 763D9815 5 Bytes JMP 74B15189 .text C:\Windows\system32\svchost.exe[3220] USER32.dll!FindWindowW 763DA441 5 Bytes JMP 74B15729 .text C:\Windows\system32\svchost.exe[3220] USER32.dll!GetMessageW 763DFEF7 5 Bytes JMP 74B13CB9 .text C:\Windows\system32\svchost.exe[3220] USER32.dll!PeekMessageW 763E045A 5 Bytes JMP 74B13DD9 .text C:\Windows\system32\svchost.exe[3220] USER32.dll!SetWindowTextA 763EA4E6 5 Bytes JMP 74B150F9 .text C:\Windows\system32\svchost.exe[3220] USER32.dll!FindWindowExW 763F260C 5 Bytes JMP 74B157B9 .text C:\Windows\system32\svchost.exe[3220] USER32.dll!DialogBoxIndirectParamAorW 763F2EB6 5 Bytes JMP 74B14F49 .text C:\Windows\system32\svchost.exe[3220] USER32.dll!MessageBoxExA 7641D639 5 Bytes JMP 74B14FD9 .text C:\Windows\system32\svchost.exe[3220] USER32.dll!MessageBoxExW 7641D65D 5 Bytes JMP 74B15069 .text C:\Windows\system32\svchost.exe[3220] WS2_32.dll!WahWriteLSPEvent 77521434 5 Bytes JMP 74B15F09 .text C:\Windows\system32\svchost.exe[3220] WS2_32.dll!closesocket 7752330C 5 Bytes JMP 74B152A9 .text C:\Windows\system32\svchost.exe[3220] WS2_32.dll!recv 7752343A 5 Bytes JMP 74B15C39 .text C:\Windows\system32\svchost.exe[3220] WS2_32.dll!WSASocketW 775234EB 5 Bytes JMP 74B15219 .text C:\Windows\system32\svchost.exe[3220] WS2_32.dll!socket 775236D1 5 Bytes JMP 74B15A89 .text C:\Windows\system32\svchost.exe[3220] WS2_32.dll!GetAddrInfoW 77523D12 5 Bytes JMP 74B14BE9 .text C:\Windows\system32\svchost.exe[3220] WS2_32.dll!connect 775240D9 5 Bytes JMP 74B13A79 .text C:\Windows\system32\svchost.exe[3220] WS2_32.dll!WSASend 77524496 5 Bytes JMP 74B12009 .text C:\Windows\system32\svchost.exe[3220] WS2_32.dll!send 7752659B 5 Bytes JMP 74B11F79 .text C:\Windows\system32\svchost.exe[3220] WS2_32.dll!WSARecv 77528400 5 Bytes JMP 74B15CC9 .text C:\Windows\system32\svchost.exe[3220] WS2_32.dll!WSAConnect 7752D7B0 5 Bytes JMP 74B15BA9 .text C:\Windows\system32\svchost.exe[3220] WS2_32.dll!gethostbyname 775362D4 5 Bytes JMP 74B14C79 .text C:\Windows\system32\svchost.exe[3832] ntdll.dll!RtlCreateProcessParametersEx 7773DFE3 5 Bytes JMP 74B11EE9 .text C:\Windows\system32\svchost.exe[3832] ntdll.dll!NtClose + 5 77774189 5 Bytes JMP 74B158D9 .text C:\Windows\system32\svchost.exe[3832] ntdll.dll!NtCreateFile + 5 77774249 5 Bytes JMP 74B11DC9 .text C:\Windows\system32\svchost.exe[3832] ntdll.dll!NtCreateProcess + 5 77774309 5 Bytes JMP 74B12A29 .text C:\Windows\system32\svchost.exe[3832] ntdll.dll!NtCreateProcessEx + 5 77774319 5 Bytes JMP 74B12AB9 .text C:\Windows\system32\svchost.exe[3832] ntdll.dll!NtCreateThread + 5 77774369 5 Bytes JMP 74B12999 .text C:\Windows\system32\svchost.exe[3832] ntdll.dll!NtDuplicateObject + 5 77774699 5 Bytes JMP 74B12E19 .text C:\Windows\system32\svchost.exe[3832] ntdll.dll!NtLoadDriver + 5 777748D9 5 Bytes JMP 74B15969 .text C:\Windows\system32\svchost.exe[3832] ntdll.dll!NtMapViewOfSection + 5 77774999 5 Bytes JMP 74B115E9 .text C:\Windows\system32\svchost.exe[3832] ntdll.dll!NtOpenProcess + 5 77774AA9 5 Bytes JMP 74B12CF9 .text C:\Windows\system32\svchost.exe[3832] ntdll.dll!NtQueueApcThread + 5 77774E79 5 Bytes JMP 74B12D89 .text C:\Windows\system32\svchost.exe[3832] ntdll.dll!NtRaiseHardError + 5 77774E99 5 Bytes JMP 74B140A9 .text C:\Windows\system32\svchost.exe[3832] ntdll.dll!NtSetContextThread + 5 77775099 5 Bytes JMP 74B12C69 .text C:\Windows\system32\svchost.exe[3832] ntdll.dll!NtSetInformationProcess + 5 77775199 5 Bytes JMP 74B153C9 .text C:\Windows\system32\svchost.exe[3832] ntdll.dll!NtSetSystemInformation + 5 77775259 5 Bytes JMP 74B159F9 .text C:\Windows\system32\svchost.exe[3832] ntdll.dll!NtSetValueKey + 5 777752C9 5 Bytes JMP 74B121B9 .text C:\Windows\system32\svchost.exe[3832] ntdll.dll!NtTerminateProcess + 5 77775369 5 Bytes JMP 74B15339 .text C:\Windows\system32\svchost.exe[3832] ntdll.dll!NtUnmapViewOfSection + 5 77775449 5 Bytes JMP 74B11679 .text C:\Windows\system32\svchost.exe[3832] ntdll.dll!NtWriteVirtualMemory + 5 777754E9 5 Bytes JMP 74B12BD9 .text C:\Windows\system32\svchost.exe[3832] ntdll.dll!NtCreateThreadEx + 5 77775669 5 Bytes JMP 74B12909 .text C:\Windows\system32\svchost.exe[3832] ntdll.dll!RtlReportException 777A4293 5 Bytes JMP 74B14139 .text C:\Windows\system32\svchost.exe[3832] ntdll.dll!RtlCreateProcessParameters 777A6AE8 5 Bytes JMP 74B11E59 .text C:\Windows\system32\svchost.exe[3832] kernel32.dll!GetSystemTimeAsFileTime 778918C0 5 Bytes JMP 74B119D9 .text C:\Windows\system32\svchost.exe[3832] kernel32.dll!GetStartupInfoW 77891929 5 Bytes JMP 74B11D39 .text C:\Windows\system32\svchost.exe[3832] kernel32.dll!GetStartupInfoA 778919C9 5 Bytes JMP 74B11CA9 .text C:\Windows\system32\svchost.exe[3832] kernel32.dll!CreateProcessA 77891C28 5 Bytes JMP 74B12639 .text C:\Windows\system32\svchost.exe[3832] kernel32.dll!Sleep 77891C5D 5 Bytes JMP 74B122D9 .text C:\Windows\system32\svchost.exe[3832] kernel32.dll!WriteProcessMemory 77891CB8 5 Bytes JMP 74B12F39 .text C:\Windows\system32\svchost.exe[3832] kernel32.dll!CreateProcessInternalW 778B5467 5 Bytes JMP 74B12B49 .text C:\Windows\system32\svchost.exe[3832] kernel32.dll!LoadLibraryExW 778B926C 5 Bytes JMP 74B154E9 .text C:\Windows\system32\svchost.exe[3832] kernel32.dll!LoadLibraryExA 778B9544 5 Bytes JMP 74B15459 .text C:\Windows\system32\svchost.exe[3832] kernel32.dll!LoadLibraryA 778B956C 5 Bytes JMP 74B123F9 .text C:\Windows\system32\svchost.exe[3832] kernel32.dll!FreeLibrary 778D3F64 5 Bytes JMP 74B15579 .text C:\Windows\system32\svchost.exe[3832] kernel32.dll!ExitProcess 778D43B4 5 Bytes JMP 74B12249 .text C:\Windows\system32\svchost.exe[3832] kernel32.dll!GetProcAddress 778D921B 5 Bytes JMP 74B12369 .text C:\Windows\system32\svchost.exe[3832] kernel32.dll!GetModuleHandleA 778D9485 5 Bytes JMP 74B118B9 .text C:\Windows\system32\svchost.exe[3832] kernel32.dll!SleepEx 778D9B3E 5 Bytes JMP 74B12129 .text C:\Windows\system32\svchost.exe[3832] kernel32.dll!QueryPerformanceCounter 778DA860 5 Bytes JMP 74B11A69 .text C:\Windows\system32\svchost.exe[3832] kernel32.dll!GetModuleHandleW 778DAA04 5 Bytes JMP 74B11949 .text C:\Windows\system32\svchost.exe[3832] kernel32.dll!OpenMutexW 778DAC85 5 Bytes JMP 74B13329 .text C:\Windows\system32\svchost.exe[3832] kernel32.dll!CloseHandle 778DB08D 5 Bytes JMP 74B13449 .text C:\Windows\system32\svchost.exe[3832] kernel32.dll!CreateThread 778DCB0E 5 Bytes JMP 74B12EA9 .text C:\Windows\system32\svchost.exe[3832] kernel32.dll!CreateRemoteThread 778DCB35 5 Bytes JMP 74B12879 .text C:\Windows\system32\svchost.exe[3832] kernel32.dll!CreateFileA 778DD05F 5 Bytes JMP 74B12519 .text C:\Windows\system32\svchost.exe[3832] kernel32.dll!CreateMutexW 778DD755 5 Bytes JMP 74B133B9 .text C:\Windows\system32\svchost.exe[3832] kernel32.dll!Process32NextW 778E616D 5 Bytes JMP 74B15849 .text C:\Windows\system32\svchost.exe[3832] kernel32.dll!CreateToolhelp32Snapshot 778E68A7 5 Bytes JMP 74B12489 .text C:\Windows\system32\svchost.exe[3832] kernel32.dll!WinExec 7792614F 5 Bytes JMP 74B125A9 .text C:\Windows\system32\svchost.exe[3832] kernel32.dll!ReadConsoleA 77937B6D 5 Bytes JMP 74B13F89 .text C:\Windows\system32\svchost.exe[3832] kernel32.dll!ReadConsoleW 77937BC3 5 Bytes JMP 74B14019 .text C:\Windows\system32\svchost.exe[3832] kernel32.dll!ReadConsoleInputA 77938E13 5 Bytes JMP 74B13E69 .text C:\Windows\system32\svchost.exe[3832] kernel32.dll!ReadConsoleInputW 77938E36 5 Bytes JMP 74B13EF9 .text C:\Windows\system32\svchost.exe[3832] msvcrt.dll!_lock + 29 764F9FAE 5 Bytes JMP 74B15D59 .text C:\Windows\system32\svchost.exe[3832] msvcrt.dll!__p__fmode 7650179B 5 Bytes JMP 74B11B89 .text C:\Windows\system32\svchost.exe[3832] msvcrt.dll!__p__environ 7650C7D7 5 Bytes JMP 74B11AF9 .text C:\Windows\system32\svchost.exe[3832] ADVAPI32.dll!OpenServiceA 765C2EBD 5 Bytes JMP 74B134D9 .text C:\Windows\system32\svchost.exe[3832] ADVAPI32.dll!CloseServiceHandle 765C82A5 5 Bytes JMP 74B13959 .text C:\Windows\system32\svchost.exe[3832] ADVAPI32.dll!OpenServiceW 765C8354 5 Bytes JMP 74B13569 .text C:\Windows\system32\svchost.exe[3832] ADVAPI32.dll!RegOpenCurrentUser + 9B 765E0CC1 5 Bytes JMP 74B15DE9 .text C:\Windows\system32\svchost.exe[3832] ADVAPI32.dll!CreateServiceW 765E9EB4 5 Bytes JMP 74B13B99 .text C:\Windows\system32\svchost.exe[3832] ADVAPI32.dll!ControlService 765E9FB8 5 Bytes JMP 74B13719 .text C:\Windows\system32\svchost.exe[3832] ADVAPI32.dll!DeleteService 765EA07E 5 Bytes JMP 74B137A9 .text C:\Windows\system32\svchost.exe[3832] ADVAPI32.dll!ControlServiceExA 7662662E 5 Bytes JMP 74B135F9 .text C:\Windows\system32\svchost.exe[3832] ADVAPI32.dll!ControlServiceExW 76626741 5 Bytes JMP 74B13689 .text C:\Windows\system32\svchost.exe[3832] ADVAPI32.dll!ChangeServiceConfigA 76626DD9 5 Bytes JMP 74B13839 .text C:\Windows\system32\svchost.exe[3832] ADVAPI32.dll!ChangeServiceConfigW 76626F81 5 Bytes JMP 74B138C9 .text C:\Windows\system32\svchost.exe[3832] ADVAPI32.dll!CreateServiceA 766272A1 5 Bytes JMP 74B13B09 .text C:\Windows\system32\svchost.exe[3832] USER32.dll!SetWindowsHookExA 763C6322 5 Bytes JMP 74B12759 .text C:\Windows\system32\svchost.exe[3832] USER32.dll!CreateDialogIndirectParamAorW 763C7266 5 Bytes JMP 74B14EB9 .text C:\Windows\system32\svchost.exe[3832] USER32.dll!SetWindowsHookExW 763C87AD 5 Bytes JMP 74B127E9 .text C:\Windows\system32\svchost.exe[3832] USER32.dll!CallNextHookEx 763C8E3B 5 Bytes JMP 74B141C9 .text C:\Windows\system32\svchost.exe[3832] USER32.dll!UnhookWindowsHookEx 763C98DB 5 Bytes JMP 74B14259 .text C:\Windows\system32\svchost.exe[3832] USER32.dll!FindWindowA 763C9D76 5 Bytes JMP 74B15609 .text C:\Windows\system32\svchost.exe[3832] USER32.dll!ShowWindow 763CCA10 5 Bytes JMP 74B14E29 .text C:\Windows\system32\svchost.exe[3832] USER32.dll!CreateWindowExA 763CDC2A 5 Bytes JMP 74B14D99 .text C:\Windows\system32\svchost.exe[3832] USER32.dll!FindWindowExA 763CF6C1 5 Bytes JMP 74B15699 .text C:\Windows\system32\svchost.exe[3832] USER32.dll!CreateWindowExW 763D1305 1 Byte [E9] .text C:\Windows\system32\svchost.exe[3832] USER32.dll!CreateWindowExW 763D1305 5 Bytes JMP 74B14D09 .text C:\Windows\system32\svchost.exe[3832] USER32.dll!UserClientDllInitialize 763D7A1D 5 Bytes JMP 74B15E79 .text C:\Windows\system32\svchost.exe[3832] USER32.dll!PeekMessageA 763D8343 5 Bytes JMP 74B13D49 .text C:\Windows\system32\svchost.exe[3832] USER32.dll!GetMessageA 763D8AB3 5 Bytes JMP 74B13C29 .text C:\Windows\system32\svchost.exe[3832] USER32.dll!SetWindowTextW 763D9815 5 Bytes JMP 74B15189 .text C:\Windows\system32\svchost.exe[3832] USER32.dll!FindWindowW 763DA441 5 Bytes JMP 74B15729 .text C:\Windows\system32\svchost.exe[3832] USER32.dll!GetMessageW 763DFEF7 5 Bytes JMP 74B13CB9 .text C:\Windows\system32\svchost.exe[3832] USER32.dll!PeekMessageW 763E045A 5 Bytes JMP 74B13DD9 .text C:\Windows\system32\svchost.exe[3832] USER32.dll!SetWindowTextA 763EA4E6 5 Bytes JMP 74B150F9 .text C:\Windows\system32\svchost.exe[3832] USER32.dll!FindWindowExW 763F260C 5 Bytes JMP 74B157B9 .text C:\Windows\system32\svchost.exe[3832] USER32.dll!DialogBoxIndirectParamAorW 763F2EB6 5 Bytes JMP 74B14F49 .text C:\Windows\system32\svchost.exe[3832] USER32.dll!MessageBoxExA 7641D639 5 Bytes JMP 74B14FD9 .text C:\Windows\system32\svchost.exe[3832] USER32.dll!MessageBoxExW 7641D65D 5 Bytes JMP 74B15069 .text C:\Windows\system32\svchost.exe[3832] WS2_32.dll!WahWriteLSPEvent 77521434 5 Bytes JMP 74B15F09 .text C:\Windows\system32\svchost.exe[3832] WS2_32.dll!closesocket 7752330C 5 Bytes JMP 74B152A9 .text C:\Windows\system32\svchost.exe[3832] WS2_32.dll!recv 7752343A 5 Bytes JMP 74B15C39 .text C:\Windows\system32\svchost.exe[3832] WS2_32.dll!WSASocketW 775234EB 5 Bytes JMP 74B15219 .text C:\Windows\system32\svchost.exe[3832] WS2_32.dll!socket 775236D1 5 Bytes JMP 74B15A89 .text C:\Windows\system32\svchost.exe[3832] WS2_32.dll!GetAddrInfoW 77523D12 5 Bytes JMP 74B14BE9 .text C:\Windows\system32\svchost.exe[3832] WS2_32.dll!connect 775240D9 5 Bytes JMP 74B13A79 .text C:\Windows\system32\svchost.exe[3832] WS2_32.dll!WSASend 77524496 5 Bytes JMP 74B12009 .text C:\Windows\system32\svchost.exe[3832] WS2_32.dll!send 7752659B 5 Bytes JMP 74B11F79 .text C:\Windows\system32\svchost.exe[3832] WS2_32.dll!WSARecv 77528400 5 Bytes JMP 74B15CC9 .text C:\Windows\system32\svchost.exe[3832] WS2_32.dll!WSAConnect 7752D7B0 5 Bytes JMP 74B15BA9 .text C:\Windows\system32\svchost.exe[3832] WS2_32.dll!gethostbyname 775362D4 5 Bytes JMP 74B14C79 .text C:\Windows\System32\svchost.exe[4104] ntdll.dll!RtlCreateProcessParametersEx 7773DFE3 5 Bytes JMP 74B11EE9 .text C:\Windows\System32\svchost.exe[4104] ntdll.dll!NtClose + 5 77774189 5 Bytes JMP 74B158D9 .text C:\Windows\System32\svchost.exe[4104] ntdll.dll!NtCreateFile + 5 77774249 5 Bytes JMP 74B11DC9 .text C:\Windows\System32\svchost.exe[4104] ntdll.dll!NtCreateProcess + 5 77774309 5 Bytes JMP 74B12A29 .text C:\Windows\System32\svchost.exe[4104] ntdll.dll!NtCreateProcessEx + 5 77774319 5 Bytes JMP 74B12AB9 .text C:\Windows\System32\svchost.exe[4104] ntdll.dll!NtCreateThread + 5 77774369 5 Bytes JMP 74B12999 .text C:\Windows\System32\svchost.exe[4104] ntdll.dll!NtDuplicateObject + 5 77774699 5 Bytes JMP 74B12E19 .text C:\Windows\System32\svchost.exe[4104] ntdll.dll!NtLoadDriver + 5 777748D9 5 Bytes JMP 74B15969 .text C:\Windows\System32\svchost.exe[4104] ntdll.dll!NtMapViewOfSection + 5 77774999 5 Bytes JMP 74B115E9 .text C:\Windows\System32\svchost.exe[4104] ntdll.dll!NtOpenProcess + 5 77774AA9 5 Bytes JMP 74B12CF9 .text C:\Windows\System32\svchost.exe[4104] ntdll.dll!NtQueueApcThread + 5 77774E79 5 Bytes JMP 74B12D89 .text C:\Windows\System32\svchost.exe[4104] ntdll.dll!NtRaiseHardError + 5 77774E99 5 Bytes JMP 74B140A9 .text C:\Windows\System32\svchost.exe[4104] ntdll.dll!NtSetContextThread + 5 77775099 5 Bytes JMP 74B12C69 .text C:\Windows\System32\svchost.exe[4104] ntdll.dll!NtSetInformationProcess + 5 77775199 5 Bytes JMP 74B153C9 .text C:\Windows\System32\svchost.exe[4104] ntdll.dll!NtSetSystemInformation + 5 77775259 5 Bytes JMP 74B159F9 .text C:\Windows\System32\svchost.exe[4104] ntdll.dll!NtSetValueKey + 5 777752C9 5 Bytes JMP 74B121B9 .text C:\Windows\System32\svchost.exe[4104] ntdll.dll!NtTerminateProcess + 5 77775369 5 Bytes JMP 74B15339 .text C:\Windows\System32\svchost.exe[4104] ntdll.dll!NtUnmapViewOfSection + 5 77775449 5 Bytes JMP 74B11679 .text C:\Windows\System32\svchost.exe[4104] ntdll.dll!NtWriteVirtualMemory + 5 777754E9 5 Bytes JMP 74B12BD9 .text C:\Windows\System32\svchost.exe[4104] ntdll.dll!NtCreateThreadEx + 5 77775669 5 Bytes JMP 74B12909 .text C:\Windows\System32\svchost.exe[4104] ntdll.dll!RtlReportException 777A4293 5 Bytes JMP 74B14139 .text C:\Windows\System32\svchost.exe[4104] ntdll.dll!RtlCreateProcessParameters 777A6AE8 5 Bytes JMP 74B11E59 .text C:\Windows\System32\svchost.exe[4104] kernel32.dll!GetSystemTimeAsFileTime 778918C0 5 Bytes JMP 74B119D9 .text C:\Windows\System32\svchost.exe[4104] kernel32.dll!GetStartupInfoW 77891929 5 Bytes JMP 74B11D39 .text C:\Windows\System32\svchost.exe[4104] kernel32.dll!GetStartupInfoA 778919C9 5 Bytes JMP 74B11CA9 .text C:\Windows\System32\svchost.exe[4104] kernel32.dll!CreateProcessA 77891C28 5 Bytes JMP 74B12639 .text C:\Windows\System32\svchost.exe[4104] kernel32.dll!Sleep 77891C5D 5 Bytes JMP 74B122D9 .text C:\Windows\System32\svchost.exe[4104] kernel32.dll!WriteProcessMemory 77891CB8 5 Bytes JMP 74B12F39 .text C:\Windows\System32\svchost.exe[4104] kernel32.dll!CreateProcessInternalW 778B5467 5 Bytes JMP 74B12B49 .text C:\Windows\System32\svchost.exe[4104] kernel32.dll!LoadLibraryExW 778B926C 5 Bytes JMP 74B154E9 .text C:\Windows\System32\svchost.exe[4104] kernel32.dll!LoadLibraryExA 778B9544 5 Bytes JMP 74B15459 .text C:\Windows\System32\svchost.exe[4104] kernel32.dll!LoadLibraryA 778B956C 5 Bytes JMP 74B123F9 .text C:\Windows\System32\svchost.exe[4104] kernel32.dll!FreeLibrary 778D3F64 5 Bytes JMP 74B15579 .text C:\Windows\System32\svchost.exe[4104] kernel32.dll!ExitProcess 778D43B4 5 Bytes JMP 74B12249 .text C:\Windows\System32\svchost.exe[4104] kernel32.dll!GetProcAddress 778D921B 5 Bytes JMP 74B12369 .text C:\Windows\System32\svchost.exe[4104] kernel32.dll!GetModuleHandleA 778D9485 5 Bytes JMP 74B118B9 .text C:\Windows\System32\svchost.exe[4104] kernel32.dll!SleepEx 778D9B3E 5 Bytes JMP 74B12129 .text C:\Windows\System32\svchost.exe[4104] kernel32.dll!QueryPerformanceCounter 778DA860 5 Bytes JMP 74B11A69 .text C:\Windows\System32\svchost.exe[4104] kernel32.dll!GetModuleHandleW 778DAA04 5 Bytes JMP 74B11949 .text C:\Windows\System32\svchost.exe[4104] kernel32.dll!OpenMutexW 778DAC85 5 Bytes JMP 74B13329 .text C:\Windows\System32\svchost.exe[4104] kernel32.dll!CloseHandle 778DB08D 5 Bytes JMP 74B13449 .text C:\Windows\System32\svchost.exe[4104] kernel32.dll!CreateThread 778DCB0E 5 Bytes JMP 74B12EA9 .text C:\Windows\System32\svchost.exe[4104] kernel32.dll!CreateRemoteThread 778DCB35 5 Bytes JMP 74B12879 .text C:\Windows\System32\svchost.exe[4104] kernel32.dll!CreateFileA 778DD05F 5 Bytes JMP 74B12519 .text C:\Windows\System32\svchost.exe[4104] kernel32.dll!CreateMutexW 778DD755 5 Bytes JMP 74B133B9 .text C:\Windows\System32\svchost.exe[4104] kernel32.dll!Process32NextW 778E616D 5 Bytes JMP 74B15849 .text C:\Windows\System32\svchost.exe[4104] kernel32.dll!CreateToolhelp32Snapshot 778E68A7 5 Bytes JMP 74B12489 .text C:\Windows\System32\svchost.exe[4104] kernel32.dll!WinExec 7792614F 5 Bytes JMP 74B125A9 .text C:\Windows\System32\svchost.exe[4104] kernel32.dll!ReadConsoleA 77937B6D 5 Bytes JMP 74B13F89 .text C:\Windows\System32\svchost.exe[4104] kernel32.dll!ReadConsoleW 77937BC3 5 Bytes JMP 74B14019 .text C:\Windows\System32\svchost.exe[4104] kernel32.dll!ReadConsoleInputA 77938E13 5 Bytes JMP 74B13E69 .text C:\Windows\System32\svchost.exe[4104] kernel32.dll!ReadConsoleInputW 77938E36 5 Bytes JMP 74B13EF9 .text C:\Windows\System32\svchost.exe[4104] msvcrt.dll!_lock + 29 764F9FAE 5 Bytes JMP 74B15D59 .text C:\Windows\System32\svchost.exe[4104] msvcrt.dll!__p__fmode 7650179B 5 Bytes JMP 74B11B89 .text C:\Windows\System32\svchost.exe[4104] msvcrt.dll!__p__environ 7650C7D7 5 Bytes JMP 74B11AF9 .text C:\Windows\System32\svchost.exe[4104] ADVAPI32.dll!OpenServiceA 765C2EBD 5 Bytes JMP 74B134D9 .text C:\Windows\System32\svchost.exe[4104] ADVAPI32.dll!CloseServiceHandle 765C82A5 5 Bytes JMP 74B13959 .text C:\Windows\System32\svchost.exe[4104] ADVAPI32.dll!OpenServiceW 765C8354 5 Bytes JMP 74B13569 .text C:\Windows\System32\svchost.exe[4104] ADVAPI32.dll!RegOpenCurrentUser + 9B 765E0CC1 5 Bytes JMP 74B15DE9 .text C:\Windows\System32\svchost.exe[4104] ADVAPI32.dll!CreateServiceW 765E9EB4 5 Bytes JMP 74B13B99 .text C:\Windows\System32\svchost.exe[4104] ADVAPI32.dll!ControlService 765E9FB8 5 Bytes JMP 74B13719 .text C:\Windows\System32\svchost.exe[4104] ADVAPI32.dll!DeleteService 765EA07E 5 Bytes JMP 74B137A9 .text C:\Windows\System32\svchost.exe[4104] ADVAPI32.dll!ControlServiceExA 7662662E 5 Bytes JMP 74B135F9 .text C:\Windows\System32\svchost.exe[4104] ADVAPI32.dll!ControlServiceExW 76626741 5 Bytes JMP 74B13689 .text C:\Windows\System32\svchost.exe[4104] ADVAPI32.dll!ChangeServiceConfigA 76626DD9 5 Bytes JMP 74B13839 .text C:\Windows\System32\svchost.exe[4104] ADVAPI32.dll!ChangeServiceConfigW 76626F81 5 Bytes JMP 74B138C9 .text C:\Windows\System32\svchost.exe[4104] ADVAPI32.dll!CreateServiceA 766272A1 5 Bytes JMP 74B13B09 .text C:\Windows\System32\svchost.exe[4104] USER32.dll!SetWindowsHookExA 763C6322 5 Bytes JMP 74B12759 .text C:\Windows\System32\svchost.exe[4104] USER32.dll!CreateDialogIndirectParamAorW 763C7266 5 Bytes JMP 74B14EB9 .text C:\Windows\System32\svchost.exe[4104] USER32.dll!SetWindowsHookExW 763C87AD 5 Bytes JMP 74B127E9 .text C:\Windows\System32\svchost.exe[4104] USER32.dll!CallNextHookEx 763C8E3B 5 Bytes JMP 74B141C9 .text C:\Windows\System32\svchost.exe[4104] USER32.dll!UnhookWindowsHookEx 763C98DB 5 Bytes JMP 74B14259 .text C:\Windows\System32\svchost.exe[4104] USER32.dll!FindWindowA 763C9D76 5 Bytes JMP 74B15609 .text C:\Windows\System32\svchost.exe[4104] USER32.dll!ShowWindow 763CCA10 5 Bytes JMP 74B14E29 .text C:\Windows\System32\svchost.exe[4104] USER32.dll!CreateWindowExA 763CDC2A 5 Bytes JMP 74B14D99 .text C:\Windows\System32\svchost.exe[4104] USER32.dll!FindWindowExA 763CF6C1 5 Bytes JMP 74B15699 .text C:\Windows\System32\svchost.exe[4104] USER32.dll!CreateWindowExW 763D1305 1 Byte [E9] .text C:\Windows\System32\svchost.exe[4104] USER32.dll!CreateWindowExW 763D1305 5 Bytes JMP 74B14D09 .text C:\Windows\System32\svchost.exe[4104] USER32.dll!UserClientDllInitialize 763D7A1D 5 Bytes JMP 74B15E79 .text C:\Windows\System32\svchost.exe[4104] USER32.dll!PeekMessageA 763D8343 5 Bytes JMP 74B13D49 .text C:\Windows\System32\svchost.exe[4104] USER32.dll!GetMessageA 763D8AB3 5 Bytes JMP 74B13C29 .text C:\Windows\System32\svchost.exe[4104] USER32.dll!SetWindowTextW 763D9815 5 Bytes JMP 74B15189 .text C:\Windows\System32\svchost.exe[4104] USER32.dll!FindWindowW 763DA441 5 Bytes JMP 74B15729 .text C:\Windows\System32\svchost.exe[4104] USER32.dll!GetMessageW 763DFEF7 5 Bytes JMP 74B13CB9 .text C:\Windows\System32\svchost.exe[4104] USER32.dll!PeekMessageW 763E045A 5 Bytes JMP 74B13DD9 .text C:\Windows\System32\svchost.exe[4104] USER32.dll!SetWindowTextA 763EA4E6 5 Bytes JMP 74B150F9 .text C:\Windows\System32\svchost.exe[4104] USER32.dll!FindWindowExW 763F260C 5 Bytes JMP 74B157B9 .text C:\Windows\System32\svchost.exe[4104] USER32.dll!DialogBoxIndirectParamAorW 763F2EB6 5 Bytes JMP 74B14F49 .text C:\Windows\System32\svchost.exe[4104] USER32.dll!MessageBoxExA 7641D639 5 Bytes JMP 74B14FD9 .text C:\Windows\System32\svchost.exe[4104] USER32.dll!MessageBoxExW 7641D65D 5 Bytes JMP 74B15069 .text C:\Windows\System32\svchost.exe[4104] SHELL32.dll!Shell_NotifyIconW 76758642 5 Bytes JMP 74B142E9 .text C:\Windows\System32\svchost.exe[4104] SHELL32.dll!Shell_GetCachedImageIndexW + 1D31 76779105 1 Byte [E9] .text C:\Windows\System32\svchost.exe[4104] SHELL32.dll!Shell_GetCachedImageIndexW + 1D31 76779105 5 Bytes JMP 74B15F09 .text C:\Windows\System32\svchost.exe[4104] WS2_32.dll!WahWriteLSPEvent 77521434 5 Bytes JMP 74B16029 .text C:\Windows\System32\svchost.exe[4104] WS2_32.dll!closesocket 7752330C 5 Bytes JMP 74B152A9 .text C:\Windows\System32\svchost.exe[4104] WS2_32.dll!recv 7752343A 5 Bytes JMP 74B15C39 .text C:\Windows\System32\svchost.exe[4104] WS2_32.dll!WSASocketW 775234EB 5 Bytes JMP 74B15219 .text C:\Windows\System32\svchost.exe[4104] WS2_32.dll!socket 775236D1 5 Bytes JMP 74B15A89 .text C:\Windows\System32\svchost.exe[4104] WS2_32.dll!GetAddrInfoW 77523D12 5 Bytes JMP 74B14BE9 .text C:\Windows\System32\svchost.exe[4104] WS2_32.dll!connect 775240D9 5 Bytes JMP 74B13A79 .text C:\Windows\System32\svchost.exe[4104] WS2_32.dll!WSASend 77524496 5 Bytes JMP 74B12009 .text C:\Windows\System32\svchost.exe[4104] WS2_32.dll!send 7752659B 5 Bytes JMP 74B11F79 .text C:\Windows\System32\svchost.exe[4104] WS2_32.dll!WSARecv 77528400 5 Bytes JMP 74B15CC9 .text C:\Windows\System32\svchost.exe[4104] WS2_32.dll!WSAConnect 7752D7B0 5 Bytes JMP 74B15BA9 .text C:\Windows\System32\svchost.exe[4104] WS2_32.dll!gethostbyname 775362D4 5 Bytes JMP 74B14C79 .text C:\Windows\system32\taskeng.exe[4184] ntdll.dll!RtlCreateProcessParametersEx 7773DFE3 5 Bytes JMP 74B11EE9 .text C:\Windows\system32\taskeng.exe[4184] ntdll.dll!NtClose + 5 77774189 5 Bytes JMP 74B158D9 .text C:\Windows\system32\taskeng.exe[4184] ntdll.dll!NtCreateFile + 5 77774249 5 Bytes JMP 74B11DC9 .text C:\Windows\system32\taskeng.exe[4184] ntdll.dll!NtCreateProcess + 5 77774309 5 Bytes JMP 74B12A29 .text C:\Windows\system32\taskeng.exe[4184] ntdll.dll!NtCreateProcessEx + 5 77774319 5 Bytes JMP 74B12AB9 .text C:\Windows\system32\taskeng.exe[4184] ntdll.dll!NtCreateThread + 5 77774369 5 Bytes JMP 74B12999 .text C:\Windows\system32\taskeng.exe[4184] ntdll.dll!NtDuplicateObject + 5 77774699 5 Bytes JMP 74B12E19 .text C:\Windows\system32\taskeng.exe[4184] ntdll.dll!NtLoadDriver + 5 777748D9 5 Bytes JMP 74B15969 .text C:\Windows\system32\taskeng.exe[4184] ntdll.dll!NtMapViewOfSection + 5 77774999 5 Bytes JMP 74B115E9 .text C:\Windows\system32\taskeng.exe[4184] ntdll.dll!NtOpenProcess + 5 77774AA9 5 Bytes JMP 74B12CF9 .text C:\Windows\system32\taskeng.exe[4184] ntdll.dll!NtQueueApcThread + 5 77774E79 5 Bytes JMP 74B12D89 .text C:\Windows\system32\taskeng.exe[4184] ntdll.dll!NtRaiseHardError + 5 77774E99 5 Bytes JMP 74B140A9 .text C:\Windows\system32\taskeng.exe[4184] ntdll.dll!NtSetContextThread + 5 77775099 5 Bytes JMP 74B12C69 .text C:\Windows\system32\taskeng.exe[4184] ntdll.dll!NtSetInformationProcess + 5 77775199 5 Bytes JMP 74B153C9 .text C:\Windows\system32\taskeng.exe[4184] ntdll.dll!NtSetSystemInformation + 5 77775259 5 Bytes JMP 74B159F9 .text C:\Windows\system32\taskeng.exe[4184] ntdll.dll!NtSetValueKey + 5 777752C9 5 Bytes JMP 74B121B9 .text C:\Windows\system32\taskeng.exe[4184] ntdll.dll!NtTerminateProcess + 5 77775369 5 Bytes JMP 74B15339 .text C:\Windows\system32\taskeng.exe[4184] ntdll.dll!NtUnmapViewOfSection + 5 77775449 5 Bytes JMP 74B11679 .text C:\Windows\system32\taskeng.exe[4184] ntdll.dll!NtVdmControl + 5 77775459 5 Bytes JMP 74B15D59 .text C:\Windows\system32\taskeng.exe[4184] ntdll.dll!NtWriteVirtualMemory + 5 777754E9 5 Bytes JMP 74B12BD9 .text C:\Windows\system32\taskeng.exe[4184] ntdll.dll!NtCreateThreadEx + 5 77775669 5 Bytes JMP 74B12909 .text C:\Windows\system32\taskeng.exe[4184] ntdll.dll!RtlReportException 777A4293 5 Bytes JMP 74B14139 .text C:\Windows\system32\taskeng.exe[4184] ntdll.dll!RtlCreateProcessParameters 777A6AE8 5 Bytes JMP 74B11E59 .text C:\Windows\system32\taskeng.exe[4184] kernel32.dll!GetSystemTimeAsFileTime 778918C0 5 Bytes JMP 74B119D9 .text C:\Windows\system32\taskeng.exe[4184] kernel32.dll!GetStartupInfoW 77891929 5 Bytes JMP 74B11D39 .text C:\Windows\system32\taskeng.exe[4184] kernel32.dll!GetStartupInfoA 778919C9 5 Bytes JMP 74B11CA9 .text C:\Windows\system32\taskeng.exe[4184] kernel32.dll!CreateProcessA 77891C28 5 Bytes JMP 74B12639 .text C:\Windows\system32\taskeng.exe[4184] kernel32.dll!Sleep 77891C5D 5 Bytes JMP 74B122D9 .text C:\Windows\system32\taskeng.exe[4184] kernel32.dll!WriteProcessMemory 77891CB8 5 Bytes JMP 74B12F39 .text C:\Windows\system32\taskeng.exe[4184] kernel32.dll!CreateProcessInternalW 778B5467 5 Bytes JMP 74B12B49 .text C:\Windows\system32\taskeng.exe[4184] kernel32.dll!LoadLibraryExW 778B926C 5 Bytes JMP 74B154E9 .text C:\Windows\system32\taskeng.exe[4184] kernel32.dll!LoadLibraryExA 778B9544 5 Bytes JMP 74B15459 .text C:\Windows\system32\taskeng.exe[4184] kernel32.dll!LoadLibraryA 778B956C 5 Bytes JMP 74B123F9 .text C:\Windows\system32\taskeng.exe[4184] kernel32.dll!FreeLibrary 778D3F64 5 Bytes JMP 74B15579 .text C:\Windows\system32\taskeng.exe[4184] kernel32.dll!ExitProcess 778D43B4 5 Bytes JMP 74B12249 .text C:\Windows\system32\taskeng.exe[4184] kernel32.dll!GetProcAddress 778D921B 5 Bytes JMP 74B12369 .text C:\Windows\system32\taskeng.exe[4184] kernel32.dll!GetModuleHandleA 778D9485 5 Bytes JMP 74B118B9 .text C:\Windows\system32\taskeng.exe[4184] kernel32.dll!SleepEx 778D9B3E 5 Bytes JMP 74B12129 .text C:\Windows\system32\taskeng.exe[4184] kernel32.dll!QueryPerformanceCounter 778DA860 5 Bytes JMP 74B11A69 .text C:\Windows\system32\taskeng.exe[4184] kernel32.dll!GetModuleHandleW 778DAA04 5 Bytes JMP 74B11949 .text C:\Windows\system32\taskeng.exe[4184] kernel32.dll!OpenMutexW 778DAC85 5 Bytes JMP 74B13329 .text C:\Windows\system32\taskeng.exe[4184] kernel32.dll!CloseHandle 778DB08D 5 Bytes JMP 74B13449 .text C:\Windows\system32\taskeng.exe[4184] kernel32.dll!CreateThread 778DCB0E 5 Bytes JMP 74B12EA9 .text C:\Windows\system32\taskeng.exe[4184] kernel32.dll!CreateRemoteThread 778DCB35 5 Bytes JMP 74B12879 .text C:\Windows\system32\taskeng.exe[4184] kernel32.dll!CreateFileA 778DD05F 5 Bytes JMP 74B12519 .text C:\Windows\system32\taskeng.exe[4184] kernel32.dll!CreateMutexW 778DD755 5 Bytes JMP 74B133B9 .text C:\Windows\system32\taskeng.exe[4184] kernel32.dll!Process32NextW 778E616D 5 Bytes JMP 74B15849 .text C:\Windows\system32\taskeng.exe[4184] kernel32.dll!CreateToolhelp32Snapshot 778E68A7 5 Bytes JMP 74B12489 .text C:\Windows\system32\taskeng.exe[4184] kernel32.dll!WinExec 7792614F 5 Bytes JMP 74B125A9 .text C:\Windows\system32\taskeng.exe[4184] kernel32.dll!ReadConsoleA 77937B6D 5 Bytes JMP 74B13F89 .text C:\Windows\system32\taskeng.exe[4184] kernel32.dll!ReadConsoleW 77937BC3 5 Bytes JMP 74B14019 .text C:\Windows\system32\taskeng.exe[4184] kernel32.dll!ReadConsoleInputA 77938E13 5 Bytes JMP 74B13E69 .text C:\Windows\system32\taskeng.exe[4184] kernel32.dll!ReadConsoleInputW 77938E36 5 Bytes JMP 74B13EF9 .text C:\Windows\system32\taskeng.exe[4184] ADVAPI32.dll!OpenServiceA 765C2EBD 5 Bytes JMP 74B134D9 .text C:\Windows\system32\taskeng.exe[4184] ADVAPI32.dll!CloseServiceHandle 765C82A5 5 Bytes JMP 74B13959 .text C:\Windows\system32\taskeng.exe[4184] ADVAPI32.dll!OpenServiceW 765C8354 5 Bytes JMP 74B13569 .text C:\Windows\system32\taskeng.exe[4184] ADVAPI32.dll!RegOpenCurrentUser + 9B 765E0CC1 5 Bytes JMP 74B15F09 .text C:\Windows\system32\taskeng.exe[4184] ADVAPI32.dll!CreateServiceW 765E9EB4 5 Bytes JMP 74B13B99 .text C:\Windows\system32\taskeng.exe[4184] ADVAPI32.dll!ControlService 765E9FB8 5 Bytes JMP 74B13719 .text C:\Windows\system32\taskeng.exe[4184] ADVAPI32.dll!DeleteService 765EA07E 5 Bytes JMP 74B137A9 .text C:\Windows\system32\taskeng.exe[4184] ADVAPI32.dll!ControlServiceExA 7662662E 5 Bytes JMP 74B135F9 .text C:\Windows\system32\taskeng.exe[4184] ADVAPI32.dll!ControlServiceExW 76626741 5 Bytes JMP 74B13689 .text C:\Windows\system32\taskeng.exe[4184] ADVAPI32.dll!ChangeServiceConfigA 76626DD9 5 Bytes JMP 74B13839 .text C:\Windows\system32\taskeng.exe[4184] ADVAPI32.dll!ChangeServiceConfigW 76626F81 5 Bytes JMP 74B138C9 .text C:\Windows\system32\taskeng.exe[4184] ADVAPI32.dll!CreateServiceA 766272A1 5 Bytes JMP 74B13B09 .text C:\Windows\system32\taskeng.exe[4184] USER32.dll!SetWindowsHookExA 763C6322 5 Bytes JMP 74B12759 .text C:\Windows\system32\taskeng.exe[4184] USER32.dll!CreateDialogIndirectParamAorW 763C7266 5 Bytes JMP 74B14EB9 .text C:\Windows\system32\taskeng.exe[4184] USER32.dll!SetWindowsHookExW 763C87AD 5 Bytes JMP 74B127E9 .text C:\Windows\system32\taskeng.exe[4184] USER32.dll!CallNextHookEx 763C8E3B 5 Bytes JMP 74B141C9 .text C:\Windows\system32\taskeng.exe[4184] USER32.dll!UnhookWindowsHookEx 763C98DB 5 Bytes JMP 74B14259 .text C:\Windows\system32\taskeng.exe[4184] USER32.dll!FindWindowA 763C9D76 5 Bytes JMP 74B15609 .text C:\Windows\system32\taskeng.exe[4184] USER32.dll!ShowWindow 763CCA10 5 Bytes JMP 74B14E29 .text C:\Windows\system32\taskeng.exe[4184] USER32.dll!CreateWindowExA 763CDC2A 5 Bytes JMP 74B14D99 .text C:\Windows\system32\taskeng.exe[4184] USER32.dll!FindWindowExA 763CF6C1 5 Bytes JMP 74B15699 .text C:\Windows\system32\taskeng.exe[4184] USER32.dll!PostMessageA 763CF8F8 5 Bytes JMP 74B15DE9 .text C:\Windows\system32\taskeng.exe[4184] USER32.dll!CreateWindowExW 763D1305 1 Byte [E9] .text C:\Windows\system32\taskeng.exe[4184] USER32.dll!CreateWindowExW 763D1305 5 Bytes JMP 74B14D09 .text C:\Windows\system32\taskeng.exe[4184] USER32.dll!UserClientDllInitialize 763D7A1D 5 Bytes JMP 74B15F99 .text C:\Windows\system32\taskeng.exe[4184] USER32.dll!PeekMessageA 763D8343 5 Bytes JMP 74B13D49 .text C:\Windows\system32\taskeng.exe[4184] USER32.dll!GetMessageA 763D8AB3 5 Bytes JMP 74B13C29 .text C:\Windows\system32\taskeng.exe[4184] USER32.dll!SetWindowTextW 763D9815 5 Bytes JMP 74B15189 .text C:\Windows\system32\taskeng.exe[4184] USER32.dll!PostMessageW 763DA175 1 Byte [E9] .text C:\Windows\system32\taskeng.exe[4184] USER32.dll!PostMessageW 763DA175 5 Bytes JMP 74B15E79 .text C:\Windows\system32\taskeng.exe[4184] USER32.dll!FindWindowW 763DA441 5 Bytes JMP 74B15729 .text C:\Windows\system32\taskeng.exe[4184] USER32.dll!GetMessageW 763DFEF7 5 Bytes JMP 74B13CB9 .text C:\Windows\system32\taskeng.exe[4184] USER32.dll!PeekMessageW 763E045A 5 Bytes JMP 74B13DD9 .text C:\Windows\system32\taskeng.exe[4184] USER32.dll!SetWindowTextA 763EA4E6 5 Bytes JMP 74B150F9 .text C:\Windows\system32\taskeng.exe[4184] USER32.dll!FindWindowExW 763F260C 5 Bytes JMP 74B157B9 .text C:\Windows\system32\taskeng.exe[4184] USER32.dll!DialogBoxIndirectParamAorW 763F2EB6 5 Bytes JMP 74B14F49 .text C:\Windows\system32\taskeng.exe[4184] USER32.dll!MessageBoxExA 7641D639 5 Bytes JMP 74B14FD9 .text C:\Windows\system32\taskeng.exe[4184] USER32.dll!MessageBoxExW 7641D65D 5 Bytes JMP 74B15069 .text C:\Windows\system32\taskeng.exe[4184] msvcrt.dll!_lock + 29 764F9FAE 5 Bytes JMP 74B16029 .text C:\Windows\system32\taskeng.exe[4184] msvcrt.dll!__p__fmode 7650179B 5 Bytes JMP 74B11B89 .text C:\Windows\system32\taskeng.exe[4184] msvcrt.dll!__p__environ 7650C7D7 5 Bytes JMP 74B11AF9 .text C:\Windows\system32\taskeng.exe[4184] SHELL32.dll!Shell_NotifyIconW 76758642 5 Bytes JMP 74B142E9 .text C:\Windows\system32\taskeng.exe[4184] SHELL32.dll!Shell_GetCachedImageIndexW + 1D31 76779105 5 Bytes JMP 74B160B9 .text C:\Windows\system32\taskeng.exe[4184] WS2_32.dll!WahWriteLSPEvent 77521434 5 Bytes JMP 74B16149 .text C:\Windows\system32\taskeng.exe[4184] WS2_32.dll!closesocket 7752330C 5 Bytes JMP 74B152A9 .text C:\Windows\system32\taskeng.exe[4184] WS2_32.dll!recv 7752343A 5 Bytes JMP 74B15C39 .text C:\Windows\system32\taskeng.exe[4184] WS2_32.dll!WSASocketW 775234EB 5 Bytes JMP 74B15219 .text C:\Windows\system32\taskeng.exe[4184] WS2_32.dll!socket 775236D1 5 Bytes JMP 74B15A89 .text C:\Windows\system32\taskeng.exe[4184] WS2_32.dll!GetAddrInfoW 77523D12 5 Bytes JMP 74B14BE9 .text C:\Windows\system32\taskeng.exe[4184] WS2_32.dll!connect 775240D9 5 Bytes JMP 74B13A79 .text C:\Windows\system32\taskeng.exe[4184] WS2_32.dll!WSASend 77524496 5 Bytes JMP 74B12009 .text C:\Windows\system32\taskeng.exe[4184] WS2_32.dll!send 7752659B 5 Bytes JMP 74B11F79 .text C:\Windows\system32\taskeng.exe[4184] WS2_32.dll!WSARecv 77528400 5 Bytes JMP 74B15CC9 .text C:\Windows\system32\taskeng.exe[4184] WS2_32.dll!WSAConnect 7752D7B0 5 Bytes JMP 74B15BA9 .text C:\Windows\system32\taskeng.exe[4184] WS2_32.dll!gethostbyname 775362D4 5 Bytes JMP 74B14C79 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4228] ntdll.dll!RtlCreateProcessParametersEx 7773DFE3 5 Bytes JMP 74B11EE9 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4228] ntdll.dll!NtClose + 5 77774189 5 Bytes JMP 74B158D9 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4228] ntdll.dll!NtCreateFile + 5 77774249 5 Bytes JMP 74B11DC9 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4228] ntdll.dll!NtCreateProcess + 5 77774309 5 Bytes JMP 74B12A29 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4228] ntdll.dll!NtCreateProcessEx + 5 77774319 5 Bytes JMP 74B12AB9 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4228] ntdll.dll!NtCreateThread + 5 77774369 5 Bytes JMP 74B12999 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4228] ntdll.dll!NtDuplicateObject + 5 77774699 5 Bytes JMP 74B12E19 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4228] ntdll.dll!NtLoadDriver + 5 777748D9 5 Bytes JMP 74B15969 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4228] ntdll.dll!NtMapViewOfSection + 5 77774999 5 Bytes JMP 74B115E9 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4228] ntdll.dll!NtOpenProcess + 5 77774AA9 5 Bytes JMP 74B12CF9 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4228] ntdll.dll!NtQueueApcThread + 5 77774E79 5 Bytes JMP 74B12D89 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4228] ntdll.dll!NtRaiseHardError + 5 77774E99 5 Bytes JMP 74B140A9 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4228] ntdll.dll!NtSetContextThread + 5 77775099 5 Bytes JMP 74B12C69 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4228] ntdll.dll!NtSetInformationProcess + 5 77775199 5 Bytes JMP 74B153C9 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4228] ntdll.dll!NtSetSystemInformation + 5 77775259 5 Bytes JMP 74B159F9 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4228] ntdll.dll!NtSetValueKey + 5 777752C9 5 Bytes JMP 74B121B9 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4228] ntdll.dll!NtTerminateProcess + 5 77775369 5 Bytes JMP 74B15339 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4228] ntdll.dll!NtUnmapViewOfSection + 5 77775449 5 Bytes JMP 74B11679 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4228] ntdll.dll!NtVdmControl + 5 77775459 5 Bytes JMP 74B15D59 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4228] ntdll.dll!NtWriteVirtualMemory + 5 777754E9 5 Bytes JMP 74B12BD9 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4228] ntdll.dll!NtCreateThreadEx + 5 77775669 5 Bytes JMP 74B12909 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4228] ntdll.dll!RtlReportException 777A4293 5 Bytes JMP 74B14139 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4228] ntdll.dll!RtlCreateProcessParameters 777A6AE8 5 Bytes JMP 74B11E59 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4228] kernel32.dll!GetSystemTimeAsFileTime 778918C0 5 Bytes JMP 74B119D9 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4228] kernel32.dll!GetStartupInfoW 77891929 5 Bytes JMP 74B11D39 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4228] kernel32.dll!GetStartupInfoA 778919C9 5 Bytes JMP 74B11CA9 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4228] kernel32.dll!CreateProcessA 77891C28 5 Bytes JMP 74B12639 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4228] kernel32.dll!Sleep 77891C5D 5 Bytes JMP 74B122D9 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4228] kernel32.dll!WriteProcessMemory 77891CB8 5 Bytes JMP 74B12F39 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4228] kernel32.dll!CreateProcessInternalW 778B5467 5 Bytes JMP 74B12B49 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4228] kernel32.dll!LoadLibraryExW 778B926C 5 Bytes JMP 74B154E9 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4228] kernel32.dll!LoadLibraryExA 778B9544 5 Bytes JMP 74B15459 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4228] kernel32.dll!LoadLibraryA 778B956C 5 Bytes JMP 74B123F9 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4228] kernel32.dll!FreeLibrary 778D3F64 5 Bytes JMP 74B15579 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4228] kernel32.dll!ExitProcess 778D43B4 5 Bytes JMP 74B12249 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4228] kernel32.dll!GetProcAddress 778D921B 5 Bytes JMP 74B12369 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4228] kernel32.dll!GetModuleHandleA 778D9485 5 Bytes JMP 74B118B9 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4228] kernel32.dll!SleepEx 778D9B3E 5 Bytes JMP 74B12129 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4228] kernel32.dll!QueryPerformanceCounter 778DA860 5 Bytes JMP 74B11A69 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4228] kernel32.dll!GetModuleHandleW 778DAA04 5 Bytes JMP 74B11949 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4228] kernel32.dll!OpenMutexW 778DAC85 5 Bytes JMP 74B13329 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4228] kernel32.dll!CloseHandle 778DB08D 5 Bytes JMP 74B13449 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4228] kernel32.dll!CreateThread 778DCB0E 5 Bytes JMP 74B12EA9 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4228] kernel32.dll!CreateRemoteThread 778DCB35 5 Bytes JMP 74B12879 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4228] kernel32.dll!CreateFileA 778DD05F 5 Bytes JMP 74B12519 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4228] kernel32.dll!CreateMutexW 778DD755 5 Bytes JMP 74B133B9 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4228] kernel32.dll!Process32NextW 778E616D 5 Bytes JMP 74B15849 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4228] kernel32.dll!CreateToolhelp32Snapshot 778E68A7 5 Bytes JMP 74B12489 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4228] kernel32.dll!WinExec 7792614F 5 Bytes JMP 74B125A9 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4228] kernel32.dll!ReadConsoleA 77937B6D 5 Bytes JMP 74B13F89 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4228] kernel32.dll!ReadConsoleW 77937BC3 5 Bytes JMP 74B14019 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4228] kernel32.dll!ReadConsoleInputA 77938E13 5 Bytes JMP 74B13E69 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4228] kernel32.dll!ReadConsoleInputW 77938E36 5 Bytes JMP 74B13EF9 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4228] msvcrt.dll!_lock + 29 764F9FAE 5 Bytes JMP 74B15F09 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4228] msvcrt.dll!__p__fmode 7650179B 5 Bytes JMP 74B11B89 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4228] msvcrt.dll!__p__environ 7650C7D7 5 Bytes JMP 74B11AF9 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4228] ADVAPI32.dll!OpenServiceA 765C2EBD 5 Bytes JMP 74B134D9 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4228] ADVAPI32.dll!CloseServiceHandle 765C82A5 5 Bytes JMP 74B13959 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4228] ADVAPI32.dll!OpenServiceW 765C8354 5 Bytes JMP 74B13569 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4228] ADVAPI32.dll!RegOpenCurrentUser + 9B 765E0CC1 5 Bytes JMP 74B15F99 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4228] ADVAPI32.dll!CreateServiceW 765E9EB4 5 Bytes JMP 74B13B99 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4228] ADVAPI32.dll!ControlService 765E9FB8 5 Bytes JMP 74B13719 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4228] ADVAPI32.dll!DeleteService 765EA07E 5 Bytes JMP 74B137A9 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4228] ADVAPI32.dll!ControlServiceExA 7662662E 5 Bytes JMP 74B135F9 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4228] ADVAPI32.dll!ControlServiceExW 76626741 5 Bytes JMP 74B13689 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4228] ADVAPI32.dll!ChangeServiceConfigA 76626DD9 5 Bytes JMP 74B13839 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4228] ADVAPI32.dll!ChangeServiceConfigW 76626F81 5 Bytes JMP 74B138C9 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4228] ADVAPI32.dll!CreateServiceA 766272A1 5 Bytes JMP 74B13B09 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4228] WS2_32.dll!WahWriteLSPEvent 77521434 5 Bytes JMP 74B16029 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4228] WS2_32.dll!closesocket 7752330C 5 Bytes JMP 74B152A9 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4228] WS2_32.dll!recv 7752343A 5 Bytes JMP 74B15C39 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4228] WS2_32.dll!WSASocketW 775234EB 5 Bytes JMP 74B15219 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4228] WS2_32.dll!socket 775236D1 5 Bytes JMP 74B15A89 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4228] WS2_32.dll!GetAddrInfoW 77523D12 5 Bytes JMP 74B14BE9 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4228] WS2_32.dll!connect 775240D9 5 Bytes JMP 74B13A79 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4228] WS2_32.dll!WSASend 77524496 5 Bytes JMP 74B12009 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4228] WS2_32.dll!send 7752659B 5 Bytes JMP 74B11F79 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4228] WS2_32.dll!WSARecv 77528400 5 Bytes JMP 74B15CC9 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4228] WS2_32.dll!WSAConnect 7752D7B0 5 Bytes JMP 74B15BA9 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4228] WS2_32.dll!gethostbyname 775362D4 5 Bytes JMP 74B14C79 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4228] USER32.dll!SetWindowsHookExA 763C6322 5 Bytes JMP 74B12759 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4228] USER32.dll!CreateDialogIndirectParamAorW 763C7266 5 Bytes JMP 74B14EB9 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4228] USER32.dll!SetWindowsHookExW 763C87AD 5 Bytes JMP 74B127E9 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4228] USER32.dll!CallNextHookEx 763C8E3B 5 Bytes JMP 74B141C9 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4228] USER32.dll!UnhookWindowsHookEx 763C98DB 5 Bytes JMP 74B14259 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4228] USER32.dll!FindWindowA 763C9D76 5 Bytes JMP 74B15609 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4228] USER32.dll!ShowWindow 763CCA10 5 Bytes JMP 74B14E29 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4228] USER32.dll!CreateWindowExA 763CDC2A 5 Bytes JMP 74B14D99 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4228] USER32.dll!FindWindowExA 763CF6C1 5 Bytes JMP 74B15699 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4228] USER32.dll!PostMessageA 763CF8F8 5 Bytes JMP 74B15DE9 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4228] USER32.dll!CreateWindowExW 763D1305 1 Byte [E9] .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4228] USER32.dll!CreateWindowExW 763D1305 5 Bytes JMP 74B14D09 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4228] USER32.dll!UserClientDllInitialize 763D7A1D 5 Bytes JMP 74B160B9 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4228] USER32.dll!PeekMessageA 763D8343 5 Bytes JMP 74B13D49 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4228] USER32.dll!GetMessageA 763D8AB3 5 Bytes JMP 74B13C29 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4228] USER32.dll!SetWindowTextW 763D9815 5 Bytes JMP 74B15189 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4228] USER32.dll!PostMessageW 763DA175 1 Byte [E9] .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4228] USER32.dll!PostMessageW 763DA175 5 Bytes JMP 74B15E79 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4228] USER32.dll!FindWindowW 763DA441 5 Bytes JMP 74B15729 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4228] USER32.dll!GetMessageW 763DFEF7 5 Bytes JMP 74B13CB9 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4228] USER32.dll!PeekMessageW 763E045A 5 Bytes JMP 74B13DD9 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4228] USER32.dll!SetWindowTextA 763EA4E6 5 Bytes JMP 74B150F9 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4228] USER32.dll!FindWindowExW 763F260C 5 Bytes JMP 74B157B9 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4228] USER32.dll!DialogBoxIndirectParamAorW 763F2EB6 5 Bytes JMP 74B14F49 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4228] USER32.dll!MessageBoxExA 7641D639 5 Bytes JMP 74B14FD9 .text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[4228] USER32.dll!MessageBoxExW 7641D65D 5 Bytes JMP 74B15069 .text C:\Windows\system32\taskeng.exe[4448] ntdll.dll!RtlCreateProcessParametersEx 7773DFE3 5 Bytes JMP 74B11EE9 .text C:\Windows\system32\taskeng.exe[4448] ntdll.dll!NtClose + 5 77774189 5 Bytes JMP 74B158D9 .text C:\Windows\system32\taskeng.exe[4448] ntdll.dll!NtCreateFile + 5 77774249 5 Bytes JMP 74B11DC9 .text C:\Windows\system32\taskeng.exe[4448] ntdll.dll!NtCreateProcess + 5 77774309 5 Bytes JMP 74B12A29 .text C:\Windows\system32\taskeng.exe[4448] ntdll.dll!NtCreateProcessEx + 5 77774319 5 Bytes JMP 74B12AB9 .text C:\Windows\system32\taskeng.exe[4448] ntdll.dll!NtCreateThread + 5 77774369 5 Bytes JMP 74B12999 .text C:\Windows\system32\taskeng.exe[4448] ntdll.dll!NtDuplicateObject + 5 77774699 5 Bytes JMP 74B12E19 .text C:\Windows\system32\taskeng.exe[4448] ntdll.dll!NtLoadDriver + 5 777748D9 5 Bytes JMP 74B15969 .text C:\Windows\system32\taskeng.exe[4448] ntdll.dll!NtMapViewOfSection + 5 77774999 5 Bytes JMP 74B115E9 .text C:\Windows\system32\taskeng.exe[4448] ntdll.dll!NtOpenProcess + 5 77774AA9 5 Bytes JMP 74B12CF9 .text C:\Windows\system32\taskeng.exe[4448] ntdll.dll!NtQueueApcThread + 5 77774E79 5 Bytes JMP 74B12D89 .text C:\Windows\system32\taskeng.exe[4448] ntdll.dll!NtRaiseHardError + 5 77774E99 5 Bytes JMP 74B140A9 .text C:\Windows\system32\taskeng.exe[4448] ntdll.dll!NtSetContextThread + 5 77775099 5 Bytes JMP 74B12C69 .text C:\Windows\system32\taskeng.exe[4448] ntdll.dll!NtSetInformationProcess + 5 77775199 5 Bytes JMP 74B153C9 .text C:\Windows\system32\taskeng.exe[4448] ntdll.dll!NtSetSystemInformation + 5 77775259 5 Bytes JMP 74B159F9 .text C:\Windows\system32\taskeng.exe[4448] ntdll.dll!NtSetValueKey + 5 777752C9 5 Bytes JMP 74B121B9 .text C:\Windows\system32\taskeng.exe[4448] ntdll.dll!NtTerminateProcess + 5 77775369 5 Bytes JMP 74B15339 .text C:\Windows\system32\taskeng.exe[4448] ntdll.dll!NtUnmapViewOfSection + 5 77775449 5 Bytes JMP 74B11679 .text C:\Windows\system32\taskeng.exe[4448] ntdll.dll!NtVdmControl + 5 77775459 5 Bytes JMP 74B15D59 .text C:\Windows\system32\taskeng.exe[4448] ntdll.dll!NtWriteVirtualMemory + 5 777754E9 5 Bytes JMP 74B12BD9 .text C:\Windows\system32\taskeng.exe[4448] ntdll.dll!NtCreateThreadEx + 5 77775669 5 Bytes JMP 74B12909 .text C:\Windows\system32\taskeng.exe[4448] ntdll.dll!RtlReportException 777A4293 5 Bytes JMP 74B14139 .text C:\Windows\system32\taskeng.exe[4448] ntdll.dll!RtlCreateProcessParameters 777A6AE8 5 Bytes JMP 74B11E59 .text C:\Windows\system32\taskeng.exe[4448] kernel32.dll!GetSystemTimeAsFileTime 778918C0 5 Bytes JMP 74B119D9 .text C:\Windows\system32\taskeng.exe[4448] kernel32.dll!GetStartupInfoW 77891929 5 Bytes JMP 74B11D39 .text C:\Windows\system32\taskeng.exe[4448] kernel32.dll!GetStartupInfoA 778919C9 5 Bytes JMP 74B11CA9 .text C:\Windows\system32\taskeng.exe[4448] kernel32.dll!CreateProcessA 77891C28 5 Bytes JMP 74B12639 .text C:\Windows\system32\taskeng.exe[4448] kernel32.dll!Sleep 77891C5D 5 Bytes JMP 74B122D9 .text C:\Windows\system32\taskeng.exe[4448] kernel32.dll!WriteProcessMemory 77891CB8 5 Bytes JMP 74B12F39 .text C:\Windows\system32\taskeng.exe[4448] kernel32.dll!CreateProcessInternalW 778B5467 5 Bytes JMP 74B12B49 .text C:\Windows\system32\taskeng.exe[4448] kernel32.dll!LoadLibraryExW 778B926C 5 Bytes JMP 74B154E9 .text C:\Windows\system32\taskeng.exe[4448] kernel32.dll!LoadLibraryExA 778B9544 5 Bytes JMP 74B15459 .text C:\Windows\system32\taskeng.exe[4448] kernel32.dll!LoadLibraryA 778B956C 5 Bytes JMP 74B123F9 .text C:\Windows\system32\taskeng.exe[4448] kernel32.dll!FreeLibrary 778D3F64 5 Bytes JMP 74B15579 .text C:\Windows\system32\taskeng.exe[4448] kernel32.dll!ExitProcess 778D43B4 5 Bytes JMP 74B12249 .text C:\Windows\system32\taskeng.exe[4448] kernel32.dll!GetProcAddress 778D921B 5 Bytes JMP 74B12369 .text C:\Windows\system32\taskeng.exe[4448] kernel32.dll!GetModuleHandleA 778D9485 5 Bytes JMP 74B118B9 .text C:\Windows\system32\taskeng.exe[4448] kernel32.dll!SleepEx 778D9B3E 5 Bytes JMP 74B12129 .text C:\Windows\system32\taskeng.exe[4448] kernel32.dll!QueryPerformanceCounter 778DA860 5 Bytes JMP 74B11A69 .text C:\Windows\system32\taskeng.exe[4448] kernel32.dll!GetModuleHandleW 778DAA04 5 Bytes JMP 74B11949 .text C:\Windows\system32\taskeng.exe[4448] kernel32.dll!OpenMutexW 778DAC85 5 Bytes JMP 74B13329 .text C:\Windows\system32\taskeng.exe[4448] kernel32.dll!CloseHandle 778DB08D 5 Bytes JMP 74B13449 .text C:\Windows\system32\taskeng.exe[4448] kernel32.dll!CreateThread 778DCB0E 5 Bytes JMP 74B12EA9 .text C:\Windows\system32\taskeng.exe[4448] kernel32.dll!CreateRemoteThread 778DCB35 5 Bytes JMP 74B12879 .text C:\Windows\system32\taskeng.exe[4448] kernel32.dll!CreateFileA 778DD05F 5 Bytes JMP 74B12519 .text C:\Windows\system32\taskeng.exe[4448] kernel32.dll!CreateMutexW 778DD755 5 Bytes JMP 74B133B9 .text C:\Windows\system32\taskeng.exe[4448] kernel32.dll!Process32NextW 778E616D 5 Bytes JMP 74B15849 .text C:\Windows\system32\taskeng.exe[4448] kernel32.dll!CreateToolhelp32Snapshot 778E68A7 5 Bytes JMP 74B12489 .text C:\Windows\system32\taskeng.exe[4448] kernel32.dll!WinExec 7792614F 5 Bytes JMP 74B125A9 .text C:\Windows\system32\taskeng.exe[4448] kernel32.dll!ReadConsoleA 77937B6D 5 Bytes JMP 74B13F89 .text C:\Windows\system32\taskeng.exe[4448] kernel32.dll!ReadConsoleW 77937BC3 5 Bytes JMP 74B14019 .text C:\Windows\system32\taskeng.exe[4448] kernel32.dll!ReadConsoleInputA 77938E13 5 Bytes JMP 74B13E69 .text C:\Windows\system32\taskeng.exe[4448] kernel32.dll!ReadConsoleInputW 77938E36 5 Bytes JMP 74B13EF9 .text C:\Windows\system32\taskeng.exe[4448] ADVAPI32.dll!OpenServiceA 765C2EBD 5 Bytes JMP 74B134D9 .text C:\Windows\system32\taskeng.exe[4448] ADVAPI32.dll!CloseServiceHandle 765C82A5 5 Bytes JMP 74B13959 .text C:\Windows\system32\taskeng.exe[4448] ADVAPI32.dll!OpenServiceW 765C8354 5 Bytes JMP 74B13569 .text C:\Windows\system32\taskeng.exe[4448] ADVAPI32.dll!RegOpenCurrentUser + 9B 765E0CC1 5 Bytes JMP 74B15F09 .text C:\Windows\system32\taskeng.exe[4448] ADVAPI32.dll!CreateServiceW 765E9EB4 5 Bytes JMP 74B13B99 .text C:\Windows\system32\taskeng.exe[4448] ADVAPI32.dll!ControlService 765E9FB8 5 Bytes JMP 74B13719 .text C:\Windows\system32\taskeng.exe[4448] ADVAPI32.dll!DeleteService 765EA07E 5 Bytes JMP 74B137A9 .text C:\Windows\system32\taskeng.exe[4448] ADVAPI32.dll!ControlServiceExA 7662662E 5 Bytes JMP 74B135F9 .text C:\Windows\system32\taskeng.exe[4448] ADVAPI32.dll!ControlServiceExW 76626741 5 Bytes JMP 74B13689 .text C:\Windows\system32\taskeng.exe[4448] ADVAPI32.dll!ChangeServiceConfigA 76626DD9 5 Bytes JMP 74B13839 .text C:\Windows\system32\taskeng.exe[4448] ADVAPI32.dll!ChangeServiceConfigW 76626F81 5 Bytes JMP 74B138C9 .text C:\Windows\system32\taskeng.exe[4448] ADVAPI32.dll!CreateServiceA 766272A1 5 Bytes JMP 74B13B09 .text C:\Windows\system32\taskeng.exe[4448] USER32.dll!SetWindowsHookExA 763C6322 5 Bytes JMP 74B12759 .text C:\Windows\system32\taskeng.exe[4448] USER32.dll!CreateDialogIndirectParamAorW 763C7266 5 Bytes JMP 74B14EB9 .text C:\Windows\system32\taskeng.exe[4448] USER32.dll!SetWindowsHookExW 763C87AD 5 Bytes JMP 74B127E9 .text C:\Windows\system32\taskeng.exe[4448] USER32.dll!CallNextHookEx 763C8E3B 5 Bytes JMP 74B141C9 .text C:\Windows\system32\taskeng.exe[4448] USER32.dll!UnhookWindowsHookEx 763C98DB 5 Bytes JMP 74B14259 .text C:\Windows\system32\taskeng.exe[4448] USER32.dll!FindWindowA 763C9D76 5 Bytes JMP 74B15609 .text C:\Windows\system32\taskeng.exe[4448] USER32.dll!ShowWindow 763CCA10 5 Bytes JMP 74B14E29 .text C:\Windows\system32\taskeng.exe[4448] USER32.dll!CreateWindowExA 763CDC2A 5 Bytes JMP 74B14D99 .text C:\Windows\system32\taskeng.exe[4448] USER32.dll!FindWindowExA 763CF6C1 5 Bytes JMP 74B15699 .text C:\Windows\system32\taskeng.exe[4448] USER32.dll!PostMessageA 763CF8F8 5 Bytes JMP 74B15DE9 .text C:\Windows\system32\taskeng.exe[4448] USER32.dll!CreateWindowExW 763D1305 1 Byte [E9] .text C:\Windows\system32\taskeng.exe[4448] USER32.dll!CreateWindowExW 763D1305 5 Bytes JMP 74B14D09 .text C:\Windows\system32\taskeng.exe[4448] USER32.dll!UserClientDllInitialize 763D7A1D 5 Bytes JMP 74B15F99 .text C:\Windows\system32\taskeng.exe[4448] USER32.dll!PeekMessageA 763D8343 5 Bytes JMP 74B13D49 .text C:\Windows\system32\taskeng.exe[4448] USER32.dll!GetMessageA 763D8AB3 5 Bytes JMP 74B13C29 .text C:\Windows\system32\taskeng.exe[4448] USER32.dll!SetWindowTextW 763D9815 5 Bytes JMP 74B15189 .text C:\Windows\system32\taskeng.exe[4448] USER32.dll!PostMessageW 763DA175 1 Byte [E9] .text C:\Windows\system32\taskeng.exe[4448] USER32.dll!PostMessageW 763DA175 5 Bytes JMP 74B15E79 .text C:\Windows\system32\taskeng.exe[4448] USER32.dll!FindWindowW 763DA441 5 Bytes JMP 74B15729 .text C:\Windows\system32\taskeng.exe[4448] USER32.dll!GetMessageW 763DFEF7 5 Bytes JMP 74B13CB9 .text C:\Windows\system32\taskeng.exe[4448] USER32.dll!PeekMessageW 763E045A 5 Bytes JMP 74B13DD9 .text C:\Windows\system32\taskeng.exe[4448] USER32.dll!SetWindowTextA 763EA4E6 5 Bytes JMP 74B150F9 .text C:\Windows\system32\taskeng.exe[4448] USER32.dll!FindWindowExW 763F260C 5 Bytes JMP 74B157B9 .text C:\Windows\system32\taskeng.exe[4448] USER32.dll!DialogBoxIndirectParamAorW 763F2EB6 5 Bytes JMP 74B14F49 .text C:\Windows\system32\taskeng.exe[4448] USER32.dll!MessageBoxExA 7641D639 5 Bytes JMP 74B14FD9 .text C:\Windows\system32\taskeng.exe[4448] USER32.dll!MessageBoxExW 7641D65D 5 Bytes JMP 74B15069 .text C:\Windows\system32\taskeng.exe[4448] msvcrt.dll!_lock + 29 764F9FAE 5 Bytes JMP 74B16029 .text C:\Windows\system32\taskeng.exe[4448] msvcrt.dll!__p__fmode 7650179B 5 Bytes JMP 74B11B89 .text C:\Windows\system32\taskeng.exe[4448] msvcrt.dll!__p__environ 7650C7D7 5 Bytes JMP 74B11AF9 .text C:\Windows\system32\taskeng.exe[4448] SHELL32.dll!Shell_NotifyIconW 76758642 5 Bytes JMP 74B142E9 .text C:\Windows\system32\taskeng.exe[4448] SHELL32.dll!Shell_GetCachedImageIndexW + 1D31 76779105 5 Bytes JMP 74B160B9 .text C:\Windows\system32\taskeng.exe[4448] WS2_32.dll!WahWriteLSPEvent 77521434 5 Bytes JMP 74B16149 .text C:\Windows\system32\taskeng.exe[4448] WS2_32.dll!closesocket 7752330C 5 Bytes JMP 74B152A9 .text C:\Windows\system32\taskeng.exe[4448] WS2_32.dll!recv 7752343A 5 Bytes JMP 74B15C39 .text C:\Windows\system32\taskeng.exe[4448] WS2_32.dll!WSASocketW 775234EB 5 Bytes JMP 74B15219 .text C:\Windows\system32\taskeng.exe[4448] WS2_32.dll!socket 775236D1 5 Bytes JMP 74B15A89 .text C:\Windows\system32\taskeng.exe[4448] WS2_32.dll!GetAddrInfoW 77523D12 5 Bytes JMP 74B14BE9 .text C:\Windows\system32\taskeng.exe[4448] WS2_32.dll!connect 775240D9 5 Bytes JMP 74B13A79 .text C:\Windows\system32\taskeng.exe[4448] WS2_32.dll!WSASend 77524496 5 Bytes JMP 74B12009 .text C:\Windows\system32\taskeng.exe[4448] WS2_32.dll!send 7752659B 5 Bytes JMP 74B11F79 .text C:\Windows\system32\taskeng.exe[4448] WS2_32.dll!WSARecv 77528400 5 Bytes JMP 74B15CC9 .text C:\Windows\system32\taskeng.exe[4448] WS2_32.dll!WSAConnect 7752D7B0 5 Bytes JMP 74B15BA9 .text C:\Windows\system32\taskeng.exe[4448] WS2_32.dll!gethostbyname 775362D4 5 Bytes JMP 74B14C79 .text C:\Users\Iwona\Desktop\59tdu092.exe[4952] ntdll.dll!RtlCreateProcessParametersEx 7773DFE3 5 Bytes JMP 74B11EE9 .text C:\Users\Iwona\Desktop\59tdu092.exe[4952] ntdll.dll!NtClose + 5 77774189 5 Bytes JMP 74B158D9 .text C:\Users\Iwona\Desktop\59tdu092.exe[4952] ntdll.dll!NtCreateFile + 5 77774249 5 Bytes JMP 74B11DC9 .text C:\Users\Iwona\Desktop\59tdu092.exe[4952] ntdll.dll!NtCreateProcess + 5 77774309 5 Bytes JMP 74B12A29 .text C:\Users\Iwona\Desktop\59tdu092.exe[4952] ntdll.dll!NtCreateProcessEx + 5 77774319 5 Bytes JMP 74B12AB9 .text C:\Users\Iwona\Desktop\59tdu092.exe[4952] ntdll.dll!NtCreateThread + 5 77774369 5 Bytes JMP 74B12999 .text C:\Users\Iwona\Desktop\59tdu092.exe[4952] ntdll.dll!NtDuplicateObject + 5 77774699 5 Bytes JMP 74B12E19 .text C:\Users\Iwona\Desktop\59tdu092.exe[4952] ntdll.dll!NtLoadDriver + 5 777748D9 5 Bytes JMP 74B15969 .text C:\Users\Iwona\Desktop\59tdu092.exe[4952] ntdll.dll!NtMapViewOfSection + 5 77774999 5 Bytes JMP 74B115E9 .text C:\Users\Iwona\Desktop\59tdu092.exe[4952] ntdll.dll!NtOpenProcess + 5 77774AA9 5 Bytes JMP 74B12CF9 .text C:\Users\Iwona\Desktop\59tdu092.exe[4952] ntdll.dll!NtQueueApcThread + 5 77774E79 5 Bytes JMP 74B12D89 .text C:\Users\Iwona\Desktop\59tdu092.exe[4952] ntdll.dll!NtRaiseHardError + 5 77774E99 5 Bytes JMP 74B140A9 .text C:\Users\Iwona\Desktop\59tdu092.exe[4952] ntdll.dll!NtReadFile + 5 77774EA9 5 Bytes JMP 74B15A89 .text C:\Users\Iwona\Desktop\59tdu092.exe[4952] ntdll.dll!NtSetContextThread + 5 77775099 5 Bytes JMP 74B12C69 .text C:\Users\Iwona\Desktop\59tdu092.exe[4952] ntdll.dll!NtSetInformationProcess + 5 77775199 5 Bytes JMP 74B153C9 .text C:\Users\Iwona\Desktop\59tdu092.exe[4952] ntdll.dll!NtSetSystemInformation + 5 77775259 5 Bytes JMP 74B159F9 .text C:\Users\Iwona\Desktop\59tdu092.exe[4952] ntdll.dll!NtSetValueKey + 5 777752C9 5 Bytes JMP 74B121B9 .text C:\Users\Iwona\Desktop\59tdu092.exe[4952] ntdll.dll!NtTerminateProcess + 5 77775369 5 Bytes JMP 74B15339 .text C:\Users\Iwona\Desktop\59tdu092.exe[4952] ntdll.dll!NtUnmapViewOfSection + 5 77775449 5 Bytes JMP 74B11679 .text C:\Users\Iwona\Desktop\59tdu092.exe[4952] ntdll.dll!NtVdmControl + 5 77775459 5 Bytes JMP 74B15DE9 .text C:\Users\Iwona\Desktop\59tdu092.exe[4952] ntdll.dll!NtWriteVirtualMemory + 5 777754E9 5 Bytes JMP 74B12BD9 .text C:\Users\Iwona\Desktop\59tdu092.exe[4952] ntdll.dll!NtCreateThreadEx + 5 77775669 5 Bytes JMP 74B12909 .text C:\Users\Iwona\Desktop\59tdu092.exe[4952] ntdll.dll!RtlReportException 777A4293 5 Bytes JMP 74B14139 .text C:\Users\Iwona\Desktop\59tdu092.exe[4952] ntdll.dll!RtlCreateProcessParameters 777A6AE8 5 Bytes JMP 74B11E59 .text C:\Users\Iwona\Desktop\59tdu092.exe[4952] kernel32.dll!GetSystemTimeAsFileTime 778918C0 5 Bytes JMP 74B119D9 .text C:\Users\Iwona\Desktop\59tdu092.exe[4952] kernel32.dll!GetStartupInfoW 77891929 5 Bytes JMP 74B11D39 .text C:\Users\Iwona\Desktop\59tdu092.exe[4952] kernel32.dll!GetStartupInfoA 778919C9 5 Bytes JMP 74B11CA9 .text C:\Users\Iwona\Desktop\59tdu092.exe[4952] kernel32.dll!CreateProcessA 77891C28 5 Bytes JMP 74B12639 .text C:\Users\Iwona\Desktop\59tdu092.exe[4952] kernel32.dll!Sleep 77891C5D 5 Bytes JMP 74B122D9 .text C:\Users\Iwona\Desktop\59tdu092.exe[4952] kernel32.dll!WriteProcessMemory 77891CB8 5 Bytes JMP 74B12F39 .text C:\Users\Iwona\Desktop\59tdu092.exe[4952] kernel32.dll!CreateProcessInternalW 778B5467 5 Bytes JMP 74B12B49 .text C:\Users\Iwona\Desktop\59tdu092.exe[4952] kernel32.dll!LoadLibraryExW 778B926C 5 Bytes JMP 74B154E9 .text C:\Users\Iwona\Desktop\59tdu092.exe[4952] kernel32.dll!LoadLibraryExA 778B9544 5 Bytes JMP 74B15459 .text C:\Users\Iwona\Desktop\59tdu092.exe[4952] kernel32.dll!LoadLibraryA 778B956C 5 Bytes JMP 74B123F9 .text C:\Users\Iwona\Desktop\59tdu092.exe[4952] kernel32.dll!FreeLibrary 778D3F64 5 Bytes JMP 74B15579 .text C:\Users\Iwona\Desktop\59tdu092.exe[4952] kernel32.dll!ExitProcess 778D43B4 5 Bytes JMP 74B12249 .text C:\Users\Iwona\Desktop\59tdu092.exe[4952] kernel32.dll!GetProcAddress 778D921B 5 Bytes JMP 74B12369 .text C:\Users\Iwona\Desktop\59tdu092.exe[4952] kernel32.dll!GetModuleHandleA 778D9485 5 Bytes JMP 74B118B9 .text C:\Users\Iwona\Desktop\59tdu092.exe[4952] kernel32.dll!SleepEx 778D9B3E 5 Bytes JMP 74B12129 .text C:\Users\Iwona\Desktop\59tdu092.exe[4952] kernel32.dll!QueryPerformanceCounter 778DA860 5 Bytes JMP 74B11A69 .text C:\Users\Iwona\Desktop\59tdu092.exe[4952] kernel32.dll!GetModuleHandleW 778DAA04 5 Bytes JMP 74B11949 .text C:\Users\Iwona\Desktop\59tdu092.exe[4952] kernel32.dll!OpenMutexW 778DAC85 5 Bytes JMP 74B13329 .text C:\Users\Iwona\Desktop\59tdu092.exe[4952] kernel32.dll!CloseHandle 778DB08D 5 Bytes JMP 74B13449 .text C:\Users\Iwona\Desktop\59tdu092.exe[4952] kernel32.dll!CreateThread 778DCB0E 5 Bytes JMP 74B12EA9 .text C:\Users\Iwona\Desktop\59tdu092.exe[4952] kernel32.dll!CreateRemoteThread 778DCB35 5 Bytes JMP 74B12879 .text C:\Users\Iwona\Desktop\59tdu092.exe[4952] kernel32.dll!CreateFileA 778DD05F 5 Bytes JMP 74B12519 .text C:\Users\Iwona\Desktop\59tdu092.exe[4952] kernel32.dll!CreateMutexW 778DD755 5 Bytes JMP 74B133B9 .text C:\Users\Iwona\Desktop\59tdu092.exe[4952] kernel32.dll!Process32NextW 778E616D 5 Bytes JMP 74B15849 .text C:\Users\Iwona\Desktop\59tdu092.exe[4952] kernel32.dll!CreateToolhelp32Snapshot 778E68A7 5 Bytes JMP 74B12489 .text C:\Users\Iwona\Desktop\59tdu092.exe[4952] kernel32.dll!WinExec 7792614F 5 Bytes JMP 74B125A9 .text C:\Users\Iwona\Desktop\59tdu092.exe[4952] kernel32.dll!ReadConsoleA 77937B6D 5 Bytes JMP 74B13F89 .text C:\Users\Iwona\Desktop\59tdu092.exe[4952] kernel32.dll!ReadConsoleW 77937BC3 5 Bytes JMP 74B14019 .text C:\Users\Iwona\Desktop\59tdu092.exe[4952] kernel32.dll!ReadConsoleInputA 77938E13 5 Bytes JMP 74B13E69 .text C:\Users\Iwona\Desktop\59tdu092.exe[4952] kernel32.dll!ReadConsoleInputW 77938E36 5 Bytes JMP 74B13EF9 .text C:\Users\Iwona\Desktop\59tdu092.exe[4952] ADVAPI32.dll!OpenServiceA 765C2EBD 5 Bytes JMP 74B134D9 .text C:\Users\Iwona\Desktop\59tdu092.exe[4952] ADVAPI32.dll!CloseServiceHandle 765C82A5 5 Bytes JMP 74B13959 .text C:\Users\Iwona\Desktop\59tdu092.exe[4952] ADVAPI32.dll!OpenServiceW 765C8354 5 Bytes JMP 74B13569 .text C:\Users\Iwona\Desktop\59tdu092.exe[4952] ADVAPI32.dll!RegOpenCurrentUser + 9B 765E0CC1 5 Bytes JMP 74B15F99 .text C:\Users\Iwona\Desktop\59tdu092.exe[4952] ADVAPI32.dll!CreateServiceW 765E9EB4 5 Bytes JMP 74B13B99 .text C:\Users\Iwona\Desktop\59tdu092.exe[4952] ADVAPI32.dll!ControlService 765E9FB8 5 Bytes JMP 74B13719 .text C:\Users\Iwona\Desktop\59tdu092.exe[4952] ADVAPI32.dll!DeleteService 765EA07E 5 Bytes JMP 74B137A9 .text C:\Users\Iwona\Desktop\59tdu092.exe[4952] ADVAPI32.dll!ControlServiceExA 7662662E 5 Bytes JMP 74B135F9 .text C:\Users\Iwona\Desktop\59tdu092.exe[4952] ADVAPI32.dll!ControlServiceExW 76626741 5 Bytes JMP 74B13689 .text C:\Users\Iwona\Desktop\59tdu092.exe[4952] ADVAPI32.dll!ChangeServiceConfigA 76626DD9 5 Bytes JMP 74B13839 .text C:\Users\Iwona\Desktop\59tdu092.exe[4952] ADVAPI32.dll!ChangeServiceConfigW 76626F81 5 Bytes JMP 74B138C9 .text C:\Users\Iwona\Desktop\59tdu092.exe[4952] ADVAPI32.dll!CreateServiceA 766272A1 5 Bytes JMP 74B13B09 .text C:\Users\Iwona\Desktop\59tdu092.exe[4952] USER32.dll!SetWindowsHookExA 763C6322 5 Bytes JMP 74B12759 .text C:\Users\Iwona\Desktop\59tdu092.exe[4952] USER32.dll!CreateDialogIndirectParamAorW 763C7266 5 Bytes JMP 74B14EB9 .text C:\Users\Iwona\Desktop\59tdu092.exe[4952] USER32.dll!SetWindowsHookExW 763C87AD 5 Bytes JMP 74B127E9 .text C:\Users\Iwona\Desktop\59tdu092.exe[4952] USER32.dll!CallNextHookEx 763C8E3B 5 Bytes JMP 74B141C9 .text C:\Users\Iwona\Desktop\59tdu092.exe[4952] USER32.dll!UnhookWindowsHookEx 763C98DB 5 Bytes JMP 74B14259 .text C:\Users\Iwona\Desktop\59tdu092.exe[4952] USER32.dll!FindWindowA 763C9D76 5 Bytes JMP 74B15609 .text C:\Users\Iwona\Desktop\59tdu092.exe[4952] USER32.dll!ShowWindow 763CCA10 5 Bytes JMP 74B14E29 .text C:\Users\Iwona\Desktop\59tdu092.exe[4952] USER32.dll!CreateWindowExA 763CDC2A 5 Bytes JMP 74B14D99 .text C:\Users\Iwona\Desktop\59tdu092.exe[4952] USER32.dll!FindWindowExA 763CF6C1 5 Bytes JMP 74B15699 .text C:\Users\Iwona\Desktop\59tdu092.exe[4952] USER32.dll!PostMessageA 763CF8F8 5 Bytes JMP 74B15E79 .text C:\Users\Iwona\Desktop\59tdu092.exe[4952] USER32.dll!CreateWindowExW 763D1305 1 Byte [E9] .text C:\Users\Iwona\Desktop\59tdu092.exe[4952] USER32.dll!CreateWindowExW 763D1305 5 Bytes JMP 74B14D09 .text C:\Users\Iwona\Desktop\59tdu092.exe[4952] USER32.dll!UserClientDllInitialize 763D7A1D 5 Bytes JMP 74B16029 .text C:\Users\Iwona\Desktop\59tdu092.exe[4952] USER32.dll!PeekMessageA 763D8343 5 Bytes JMP 74B13D49 .text C:\Users\Iwona\Desktop\59tdu092.exe[4952] USER32.dll!GetMessageA 763D8AB3 5 Bytes JMP 74B13C29 .text C:\Users\Iwona\Desktop\59tdu092.exe[4952] USER32.dll!SetWindowTextW 763D9815 5 Bytes JMP 74B15189 .text C:\Users\Iwona\Desktop\59tdu092.exe[4952] USER32.dll!PostMessageW 763DA175 5 Bytes JMP 74B15F09 .text C:\Users\Iwona\Desktop\59tdu092.exe[4952] USER32.dll!FindWindowW 763DA441 5 Bytes JMP 74B15729 .text C:\Users\Iwona\Desktop\59tdu092.exe[4952] USER32.dll!GetMessageW 763DFEF7 5 Bytes JMP 74B13CB9 .text C:\Users\Iwona\Desktop\59tdu092.exe[4952] USER32.dll!PeekMessageW 763E045A 5 Bytes JMP 74B13DD9 .text C:\Users\Iwona\Desktop\59tdu092.exe[4952] USER32.dll!SetWindowTextA 763EA4E6 5 Bytes JMP 74B150F9 .text C:\Users\Iwona\Desktop\59tdu092.exe[4952] USER32.dll!FindWindowExW 763F260C 5 Bytes JMP 74B157B9 .text C:\Users\Iwona\Desktop\59tdu092.exe[4952] USER32.dll!DialogBoxIndirectParamAorW 763F2EB6 5 Bytes JMP 74B14F49 .text C:\Users\Iwona\Desktop\59tdu092.exe[4952] USER32.dll!MessageBoxExA 7641D639 5 Bytes JMP 74B14FD9 .text C:\Users\Iwona\Desktop\59tdu092.exe[4952] USER32.dll!MessageBoxExW 7641D65D 5 Bytes JMP 74B15069 .text C:\Users\Iwona\Desktop\59tdu092.exe[4952] msvcrt.dll!_lock + 29 764F9FAE 5 Bytes JMP 74B160B9 .text C:\Users\Iwona\Desktop\59tdu092.exe[4952] msvcrt.dll!__p__fmode 7650179B 5 Bytes JMP 74B11B89 .text C:\Users\Iwona\Desktop\59tdu092.exe[4952] msvcrt.dll!__p__environ 7650C7D7 5 Bytes JMP 74B11AF9 .text C:\Users\Iwona\Desktop\59tdu092.exe[4952] WS2_32.dll!WahWriteLSPEvent 77521434 5 Bytes JMP 74B161D9 .text C:\Users\Iwona\Desktop\59tdu092.exe[4952] WS2_32.dll!closesocket 7752330C 5 Bytes JMP 74B152A9 .text C:\Users\Iwona\Desktop\59tdu092.exe[4952] WS2_32.dll!recv 7752343A 5 Bytes JMP 74B15CC9 .text C:\Users\Iwona\Desktop\59tdu092.exe[4952] WS2_32.dll!WSASocketW 775234EB 5 Bytes JMP 74B15219 .text C:\Users\Iwona\Desktop\59tdu092.exe[4952] WS2_32.dll!socket 775236D1 5 Bytes JMP 74B15B19 .text C:\Users\Iwona\Desktop\59tdu092.exe[4952] WS2_32.dll!GetAddrInfoW 77523D12 5 Bytes JMP 74B14BE9 .text C:\Users\Iwona\Desktop\59tdu092.exe[4952] WS2_32.dll!connect 775240D9 5 Bytes JMP 74B13A79 .text C:\Users\Iwona\Desktop\59tdu092.exe[4952] WS2_32.dll!WSASend 77524496 5 Bytes JMP 74B12009 .text C:\Users\Iwona\Desktop\59tdu092.exe[4952] WS2_32.dll!send 7752659B 5 Bytes JMP 74B11F79 .text C:\Users\Iwona\Desktop\59tdu092.exe[4952] WS2_32.dll!WSARecv 77528400 5 Bytes JMP 74B15D59 .text C:\Users\Iwona\Desktop\59tdu092.exe[4952] WS2_32.dll!WSAConnect 7752D7B0 5 Bytes JMP 74B15C39 .text C:\Users\Iwona\Desktop\59tdu092.exe[4952] WS2_32.dll!gethostbyname 775362D4 5 Bytes JMP 74B14C79 .text C:\Users\Iwona\Desktop\59tdu092.exe[4952] SHELL32.dll!Shell_NotifyIconW 76758642 5 Bytes JMP 74B142E9 .text C:\Users\Iwona\Desktop\59tdu092.exe[4952] SHELL32.dll!Shell_GetCachedImageIndexW + 1D31 76779105 5 Bytes JMP 74B16149 .text C:\Windows\Explorer.exe[5360] ntdll.dll!RtlCreateProcessParametersEx 7773DFE3 5 Bytes JMP 74B125A9 .text C:\Windows\Explorer.exe[5360] ntdll.dll!NtCreateProcess + 5 77774309 5 Bytes JMP 74B119D9 .text C:\Windows\Explorer.exe[5360] ntdll.dll!NtCreateProcessEx + 5 77774319 5 Bytes JMP 74B11A69 .text C:\Windows\Explorer.exe[5360] ntdll.dll!NtCreateThread + 5 77774369 5 Bytes JMP 74B11949 .text C:\Windows\Explorer.exe[5360] ntdll.dll!NtDuplicateObject + 5 77774699 5 Bytes JMP 74B11DC9 .text C:\Windows\Explorer.exe[5360] ntdll.dll!NtLoadDriver + 5 777748D9 5 Bytes JMP 74B12AB9 .text C:\Windows\Explorer.exe[5360] ntdll.dll!NtMapViewOfSection + 5 77774999 5 Bytes JMP 74B115E9 .text C:\Windows\Explorer.exe[5360] ntdll.dll!NtOpenProcess + 5 77774AA9 5 Bytes JMP 74B11CA9 .text C:\Windows\Explorer.exe[5360] ntdll.dll!NtQueueApcThread + 5 77774E79 5 Bytes JMP 74B11D39 .text C:\Windows\Explorer.exe[5360] ntdll.dll!NtSetContextThread + 5 77775099 5 Bytes JMP 74B11C19 .text C:\Windows\Explorer.exe[5360] ntdll.dll!NtSetInformationProcess + 5 77775199 5 Bytes JMP 74B127E9 .text C:\Windows\Explorer.exe[5360] ntdll.dll!NtSetSystemInformation + 5 77775259 5 Bytes JMP 74B12B49 .text C:\Windows\Explorer.exe[5360] ntdll.dll!NtTerminateProcess + 5 77775369 5 Bytes JMP 74B12759 .text C:\Windows\Explorer.exe[5360] ntdll.dll!NtUnmapViewOfSection + 5 77775449 5 Bytes JMP 74B11679 .text C:\Windows\Explorer.exe[5360] ntdll.dll!NtVdmControl + 5 77775459 5 Bytes JMP 74B12C69 .text C:\Windows\Explorer.exe[5360] ntdll.dll!NtWriteVirtualMemory + 5 777754E9 5 Bytes JMP 74B11B89 .text C:\Windows\Explorer.exe[5360] ntdll.dll!NtCreateThreadEx + 5 77775669 5 Bytes JMP 74B118B9 .text C:\Windows\Explorer.exe[5360] kernel32.dll!GetStartupInfoA 778919C9 5 Bytes JMP 74B12BD9 .text C:\Windows\Explorer.exe[5360] kernel32.dll!WriteProcessMemory 77891CB8 5 Bytes JMP 74B11F79 .text C:\Windows\Explorer.exe[5360] kernel32.dll!CreateProcessInternalW 778B5467 5 Bytes JMP 74B11AF9 .text C:\Windows\Explorer.exe[5360] kernel32.dll!CreateThread 778DCB0E 5 Bytes JMP 74B11EE9 .text C:\Windows\Explorer.exe[5360] kernel32.dll!CreateRemoteThread 778DCB35 5 Bytes JMP 74B11829 .text C:\Windows\Explorer.exe[5360] kernel32.dll!CreateToolhelp32Snapshot 778E68A7 5 Bytes JMP 74B11E59 .text C:\Windows\Explorer.exe[5360] ADVAPI32.dll!OpenServiceA 765C2EBD 5 Bytes JMP 74B12009 .text C:\Windows\Explorer.exe[5360] ADVAPI32.dll!CloseServiceHandle 765C82A5 5 Bytes JMP 74B12489 .text C:\Windows\Explorer.exe[5360] ADVAPI32.dll!OpenServiceW 765C8354 5 Bytes JMP 74B12099 .text C:\Windows\Explorer.exe[5360] ADVAPI32.dll!RegOpenCurrentUser + 9B 765E0CC1 5 Bytes JMP 74B12F39 .text C:\Windows\Explorer.exe[5360] ADVAPI32.dll!CreateServiceW 765E9EB4 5 Bytes JMP 74B126C9 .text C:\Windows\Explorer.exe[5360] ADVAPI32.dll!ControlService 765E9FB8 5 Bytes JMP 74B12249 .text C:\Windows\Explorer.exe[5360] ADVAPI32.dll!DeleteService 765EA07E 5 Bytes JMP 74B122D9 .text C:\Windows\Explorer.exe[5360] ADVAPI32.dll!ControlServiceExA 7662662E 5 Bytes JMP 74B12129 .text C:\Windows\Explorer.exe[5360] ADVAPI32.dll!ControlServiceExW 76626741 5 Bytes JMP 74B121B9 .text C:\Windows\Explorer.exe[5360] ADVAPI32.dll!ChangeServiceConfigA 76626DD9 5 Bytes JMP 74B12369 .text C:\Windows\Explorer.exe[5360] ADVAPI32.dll!ChangeServiceConfigW 76626F81 5 Bytes JMP 74B123F9 .text C:\Windows\Explorer.exe[5360] ADVAPI32.dll!CreateServiceA 766272A1 5 Bytes JMP 74B12639 .text C:\Windows\Explorer.exe[5360] USER32.dll!SetWindowsHookExA 763C6322 5 Bytes JMP 74B11709 .text C:\Windows\Explorer.exe[5360] USER32.dll!SetWindowsHookExW 763C87AD 5 Bytes JMP 74B11799 .text C:\Windows\Explorer.exe[5360] USER32.dll!FindWindowA 763C9D76 5 Bytes JMP 74B12879 .text C:\Windows\Explorer.exe[5360] USER32.dll!FindWindowExA 763CF6C1 5 Bytes JMP 74B12909 .text C:\Windows\Explorer.exe[5360] USER32.dll!PostMessageA 763CF8F8 5 Bytes JMP 74B12E19 .text C:\Windows\Explorer.exe[5360] USER32.dll!UserClientDllInitialize 763D7A1D 5 Bytes JMP 74B12FC9 .text C:\Windows\Explorer.exe[5360] USER32.dll!GetMessageA 763D8AB3 5 Bytes JMP 74B12CF9 .text C:\Windows\Explorer.exe[5360] USER32.dll!PostMessageW 763DA175 5 Bytes JMP 74B12EA9 .text C:\Windows\Explorer.exe[5360] USER32.dll!FindWindowW 763DA441 5 Bytes JMP 74B12999 .text C:\Windows\Explorer.exe[5360] USER32.dll!GetMessageW 763DFEF7 5 Bytes JMP 74B12D89 .text C:\Windows\Explorer.exe[5360] USER32.dll!FindWindowExW 763F260C 5 Bytes JMP 74B12A29 .text C:\Windows\Explorer.exe[5360] WS2_32.dll!WahWriteLSPEvent 77521434 5 Bytes JMP 74B13059 .text C:\Windows\Explorer.exe[5360] WS2_32.dll!connect 775240D9 5 Bytes JMP 74B12519 .text C:\Windows\system32\SearchIndexer.exe[5448] ntdll.dll!RtlCreateProcessParametersEx 7773DFE3 5 Bytes JMP 74B11EE9 .text C:\Windows\system32\SearchIndexer.exe[5448] ntdll.dll!NtClose + 5 77774189 5 Bytes JMP 74B158D9 .text C:\Windows\system32\SearchIndexer.exe[5448] ntdll.dll!NtCreateFile + 5 77774249 5 Bytes JMP 74B11DC9 .text C:\Windows\system32\SearchIndexer.exe[5448] ntdll.dll!NtCreateProcess + 5 77774309 5 Bytes JMP 74B12A29 .text C:\Windows\system32\SearchIndexer.exe[5448] ntdll.dll!NtCreateProcessEx + 5 77774319 5 Bytes JMP 74B12AB9 .text C:\Windows\system32\SearchIndexer.exe[5448] ntdll.dll!NtCreateThread + 5 77774369 5 Bytes JMP 74B12999 .text C:\Windows\system32\SearchIndexer.exe[5448] ntdll.dll!NtDuplicateObject + 5 77774699 5 Bytes JMP 74B12E19 .text C:\Windows\system32\SearchIndexer.exe[5448] ntdll.dll!NtLoadDriver + 5 777748D9 5 Bytes JMP 74B15969 .text C:\Windows\system32\SearchIndexer.exe[5448] ntdll.dll!NtMapViewOfSection + 5 77774999 5 Bytes JMP 74B115E9 .text C:\Windows\system32\SearchIndexer.exe[5448] ntdll.dll!NtOpenProcess + 5 77774AA9 5 Bytes JMP 74B12CF9 .text C:\Windows\system32\SearchIndexer.exe[5448] ntdll.dll!NtQueueApcThread + 5 77774E79 5 Bytes JMP 74B12D89 .text C:\Windows\system32\SearchIndexer.exe[5448] ntdll.dll!NtRaiseHardError + 5 77774E99 5 Bytes JMP 74B140A9 .text C:\Windows\system32\SearchIndexer.exe[5448] ntdll.dll!NtSetContextThread + 5 77775099 5 Bytes JMP 74B12C69 .text C:\Windows\system32\SearchIndexer.exe[5448] ntdll.dll!NtSetInformationProcess + 5 77775199 5 Bytes JMP 74B153C9 .text C:\Windows\system32\SearchIndexer.exe[5448] ntdll.dll!NtSetSystemInformation + 5 77775259 5 Bytes JMP 74B159F9 .text C:\Windows\system32\SearchIndexer.exe[5448] ntdll.dll!NtSetValueKey + 5 777752C9 5 Bytes JMP 74B121B9 .text C:\Windows\system32\SearchIndexer.exe[5448] ntdll.dll!NtTerminateProcess + 5 77775369 5 Bytes JMP 74B15339 .text C:\Windows\system32\SearchIndexer.exe[5448] ntdll.dll!NtUnmapViewOfSection + 5 77775449 5 Bytes JMP 74B11679 .text C:\Windows\system32\SearchIndexer.exe[5448] ntdll.dll!NtVdmControl + 5 77775459 5 Bytes JMP 74B15D59 .text C:\Windows\system32\SearchIndexer.exe[5448] ntdll.dll!NtWriteVirtualMemory + 5 777754E9 5 Bytes JMP 74B12BD9 .text C:\Windows\system32\SearchIndexer.exe[5448] ntdll.dll!NtCreateThreadEx + 5 77775669 5 Bytes JMP 74B12909 .text C:\Windows\system32\SearchIndexer.exe[5448] ntdll.dll!RtlReportException 777A4293 5 Bytes JMP 74B14139 .text C:\Windows\system32\SearchIndexer.exe[5448] ntdll.dll!RtlCreateProcessParameters 777A6AE8 5 Bytes JMP 74B11E59 .text C:\Windows\system32\SearchIndexer.exe[5448] kernel32.dll!GetSystemTimeAsFileTime 778918C0 5 Bytes JMP 74B119D9 .text C:\Windows\system32\SearchIndexer.exe[5448] kernel32.dll!GetStartupInfoW 77891929 5 Bytes JMP 74B11D39 .text C:\Windows\system32\SearchIndexer.exe[5448] kernel32.dll!GetStartupInfoA 778919C9 5 Bytes JMP 74B11CA9 .text C:\Windows\system32\SearchIndexer.exe[5448] kernel32.dll!CreateProcessA 77891C28 5 Bytes JMP 74B12639 .text C:\Windows\system32\SearchIndexer.exe[5448] kernel32.dll!Sleep 77891C5D 5 Bytes JMP 74B122D9 .text C:\Windows\system32\SearchIndexer.exe[5448] kernel32.dll!WriteProcessMemory 77891CB8 5 Bytes JMP 74B12F39 .text C:\Windows\system32\SearchIndexer.exe[5448] kernel32.dll!CreateProcessInternalW 778B5467 5 Bytes JMP 74B12B49 .text C:\Windows\system32\SearchIndexer.exe[5448] kernel32.dll!LoadLibraryExW 778B926C 5 Bytes JMP 74B154E9 .text C:\Windows\system32\SearchIndexer.exe[5448] kernel32.dll!LoadLibraryExA 778B9544 5 Bytes JMP 74B15459 .text C:\Windows\system32\SearchIndexer.exe[5448] kernel32.dll!LoadLibraryA 778B956C 5 Bytes JMP 74B123F9 .text C:\Windows\system32\SearchIndexer.exe[5448] kernel32.dll!FreeLibrary 778D3F64 5 Bytes JMP 74B15579 .text C:\Windows\system32\SearchIndexer.exe[5448] kernel32.dll!ExitProcess 778D43B4 5 Bytes JMP 74B12249 .text C:\Windows\system32\SearchIndexer.exe[5448] kernel32.dll!GetProcAddress 778D921B 5 Bytes JMP 74B12369 .text C:\Windows\system32\SearchIndexer.exe[5448] kernel32.dll!GetModuleHandleA 778D9485 5 Bytes JMP 74B118B9 .text C:\Windows\system32\SearchIndexer.exe[5448] kernel32.dll!SleepEx 778D9B3E 5 Bytes JMP 74B12129 .text C:\Windows\system32\SearchIndexer.exe[5448] kernel32.dll!QueryPerformanceCounter 778DA860 5 Bytes JMP 74B11A69 .text C:\Windows\system32\SearchIndexer.exe[5448] kernel32.dll!GetModuleHandleW 778DAA04 5 Bytes JMP 74B11949 .text C:\Windows\system32\SearchIndexer.exe[5448] kernel32.dll!OpenMutexW 778DAC85 5 Bytes JMP 74B13329 .text C:\Windows\system32\SearchIndexer.exe[5448] kernel32.dll!CloseHandle 778DB08D 5 Bytes JMP 74B13449 .text C:\Windows\system32\SearchIndexer.exe[5448] kernel32.dll!CreateThread 778DCB0E 5 Bytes JMP 74B12EA9 .text C:\Windows\system32\SearchIndexer.exe[5448] kernel32.dll!CreateRemoteThread 778DCB35 5 Bytes JMP 74B12879 .text C:\Windows\system32\SearchIndexer.exe[5448] kernel32.dll!CreateFileA 778DD05F 5 Bytes JMP 74B12519 .text C:\Windows\system32\SearchIndexer.exe[5448] kernel32.dll!CreateMutexW 778DD755 5 Bytes JMP 74B133B9 .text C:\Windows\system32\SearchIndexer.exe[5448] kernel32.dll!Process32NextW 778E616D 5 Bytes JMP 74B15849 .text C:\Windows\system32\SearchIndexer.exe[5448] kernel32.dll!CreateToolhelp32Snapshot 778E68A7 5 Bytes JMP 74B12489 .text C:\Windows\system32\SearchIndexer.exe[5448] kernel32.dll!WinExec 7792614F 5 Bytes JMP 74B125A9 .text C:\Windows\system32\SearchIndexer.exe[5448] kernel32.dll!ReadConsoleA 77937B6D 5 Bytes JMP 74B13F89 .text C:\Windows\system32\SearchIndexer.exe[5448] kernel32.dll!ReadConsoleW 77937BC3 5 Bytes JMP 74B14019 .text C:\Windows\system32\SearchIndexer.exe[5448] kernel32.dll!ReadConsoleInputA 77938E13 5 Bytes JMP 74B13E69 .text C:\Windows\system32\SearchIndexer.exe[5448] kernel32.dll!ReadConsoleInputW 77938E36 5 Bytes JMP 74B13EF9 .text C:\Windows\system32\SearchIndexer.exe[5448] ADVAPI32.dll!OpenServiceA 765C2EBD 5 Bytes JMP 74B134D9 .text C:\Windows\system32\SearchIndexer.exe[5448] ADVAPI32.dll!CloseServiceHandle 765C82A5 5 Bytes JMP 74B13959 .text C:\Windows\system32\SearchIndexer.exe[5448] ADVAPI32.dll!OpenServiceW 765C8354 5 Bytes JMP 74B13569 .text C:\Windows\system32\SearchIndexer.exe[5448] ADVAPI32.dll!RegOpenCurrentUser + 9B 765E0CC1 5 Bytes JMP 74B15F09 .text C:\Windows\system32\SearchIndexer.exe[5448] ADVAPI32.dll!CreateServiceW 765E9EB4 5 Bytes JMP 74B13B99 .text C:\Windows\system32\SearchIndexer.exe[5448] ADVAPI32.dll!ControlService 765E9FB8 5 Bytes JMP 74B13719 .text C:\Windows\system32\SearchIndexer.exe[5448] ADVAPI32.dll!DeleteService 765EA07E 5 Bytes JMP 74B137A9 .text C:\Windows\system32\SearchIndexer.exe[5448] ADVAPI32.dll!ControlServiceExA 7662662E 5 Bytes JMP 74B135F9 .text C:\Windows\system32\SearchIndexer.exe[5448] ADVAPI32.dll!ControlServiceExW 76626741 5 Bytes JMP 74B13689 .text C:\Windows\system32\SearchIndexer.exe[5448] ADVAPI32.dll!ChangeServiceConfigA 76626DD9 5 Bytes JMP 74B13839 .text C:\Windows\system32\SearchIndexer.exe[5448] ADVAPI32.dll!ChangeServiceConfigW 76626F81 5 Bytes JMP 74B138C9 .text C:\Windows\system32\SearchIndexer.exe[5448] ADVAPI32.dll!CreateServiceA 766272A1 5 Bytes JMP 74B13B09 .text C:\Windows\system32\SearchIndexer.exe[5448] USER32.dll!SetWindowsHookExA 763C6322 5 Bytes JMP 74B12759 .text C:\Windows\system32\SearchIndexer.exe[5448] USER32.dll!CreateDialogIndirectParamAorW 763C7266 5 Bytes JMP 74B14EB9 .text C:\Windows\system32\SearchIndexer.exe[5448] USER32.dll!SetWindowsHookExW 763C87AD 5 Bytes JMP 74B127E9 .text C:\Windows\system32\SearchIndexer.exe[5448] USER32.dll!CallNextHookEx 763C8E3B 5 Bytes JMP 74B141C9 .text C:\Windows\system32\SearchIndexer.exe[5448] USER32.dll!UnhookWindowsHookEx 763C98DB 5 Bytes JMP 74B14259 .text C:\Windows\system32\SearchIndexer.exe[5448] USER32.dll!FindWindowA 763C9D76 5 Bytes JMP 74B15609 .text C:\Windows\system32\SearchIndexer.exe[5448] USER32.dll!ShowWindow 763CCA10 5 Bytes JMP 74B14E29 .text C:\Windows\system32\SearchIndexer.exe[5448] USER32.dll!CreateWindowExA 763CDC2A 5 Bytes JMP 74B14D99 .text C:\Windows\system32\SearchIndexer.exe[5448] USER32.dll!FindWindowExA 763CF6C1 5 Bytes JMP 74B15699 .text C:\Windows\system32\SearchIndexer.exe[5448] USER32.dll!PostMessageA 763CF8F8 5 Bytes JMP 74B15DE9 .text C:\Windows\system32\SearchIndexer.exe[5448] USER32.dll!CreateWindowExW 763D1305 1 Byte [E9] .text C:\Windows\system32\SearchIndexer.exe[5448] USER32.dll!CreateWindowExW 763D1305 5 Bytes JMP 74B14D09 .text C:\Windows\system32\SearchIndexer.exe[5448] USER32.dll!UserClientDllInitialize 763D7A1D 5 Bytes JMP 74B15F99 .text C:\Windows\system32\SearchIndexer.exe[5448] USER32.dll!PeekMessageA 763D8343 5 Bytes JMP 74B13D49 .text C:\Windows\system32\SearchIndexer.exe[5448] USER32.dll!GetMessageA 763D8AB3 5 Bytes JMP 74B13C29 .text C:\Windows\system32\SearchIndexer.exe[5448] USER32.dll!SetWindowTextW 763D9815 5 Bytes JMP 74B15189 .text C:\Windows\system32\SearchIndexer.exe[5448] USER32.dll!PostMessageW 763DA175 1 Byte [E9] .text C:\Windows\system32\SearchIndexer.exe[5448] USER32.dll!PostMessageW 763DA175 5 Bytes JMP 74B15E79 .text C:\Windows\system32\SearchIndexer.exe[5448] USER32.dll!FindWindowW 763DA441 5 Bytes JMP 74B15729 .text C:\Windows\system32\SearchIndexer.exe[5448] USER32.dll!GetMessageW 763DFEF7 5 Bytes JMP 74B13CB9 .text C:\Windows\system32\SearchIndexer.exe[5448] USER32.dll!PeekMessageW 763E045A 5 Bytes JMP 74B13DD9 .text C:\Windows\system32\SearchIndexer.exe[5448] USER32.dll!SetWindowTextA 763EA4E6 5 Bytes JMP 74B150F9 .text C:\Windows\system32\SearchIndexer.exe[5448] USER32.dll!FindWindowExW 763F260C 5 Bytes JMP 74B157B9 .text C:\Windows\system32\SearchIndexer.exe[5448] USER32.dll!DialogBoxIndirectParamAorW 763F2EB6 5 Bytes JMP 74B14F49 .text C:\Windows\system32\SearchIndexer.exe[5448] USER32.dll!MessageBoxExA 7641D639 5 Bytes JMP 74B14FD9 .text C:\Windows\system32\SearchIndexer.exe[5448] USER32.dll!MessageBoxExW 7641D65D 5 Bytes JMP 74B15069 .text C:\Windows\system32\SearchIndexer.exe[5448] msvcrt.dll!_lock + 29 764F9FAE 5 Bytes JMP 74B16029 .text C:\Windows\system32\SearchIndexer.exe[5448] msvcrt.dll!__p__fmode 7650179B 5 Bytes JMP 74B11B89 .text C:\Windows\system32\SearchIndexer.exe[5448] msvcrt.dll!__p__environ 7650C7D7 5 Bytes JMP 74B11AF9 .text C:\Windows\system32\SearchIndexer.exe[5448] SHELL32.dll!Shell_NotifyIconW 76758642 5 Bytes JMP 74B142E9 .text C:\Windows\system32\SearchIndexer.exe[5448] SHELL32.dll!Shell_GetCachedImageIndexW + 1D31 76779105 5 Bytes JMP 74B160B9 .text C:\Windows\system32\SearchIndexer.exe[5448] WS2_32.dll!WahWriteLSPEvent 77521434 5 Bytes JMP 74B16149 .text C:\Windows\system32\SearchIndexer.exe[5448] WS2_32.dll!closesocket 7752330C 5 Bytes JMP 74B152A9 .text C:\Windows\system32\SearchIndexer.exe[5448] WS2_32.dll!recv 7752343A 5 Bytes JMP 74B15C39 .text C:\Windows\system32\SearchIndexer.exe[5448] WS2_32.dll!WSASocketW 775234EB 5 Bytes JMP 74B15219 .text C:\Windows\system32\SearchIndexer.exe[5448] WS2_32.dll!socket 775236D1 5 Bytes JMP 74B15A89 .text C:\Windows\system32\SearchIndexer.exe[5448] WS2_32.dll!GetAddrInfoW 77523D12 5 Bytes JMP 74B14BE9 .text C:\Windows\system32\SearchIndexer.exe[5448] WS2_32.dll!connect 775240D9 5 Bytes JMP 74B13A79 .text C:\Windows\system32\SearchIndexer.exe[5448] WS2_32.dll!WSASend 77524496 5 Bytes JMP 74B12009 .text C:\Windows\system32\SearchIndexer.exe[5448] WS2_32.dll!send 7752659B 5 Bytes JMP 74B11F79 .text C:\Windows\system32\SearchIndexer.exe[5448] WS2_32.dll!WSARecv 77528400 5 Bytes JMP 74B15CC9 .text C:\Windows\system32\SearchIndexer.exe[5448] WS2_32.dll!WSAConnect 7752D7B0 5 Bytes JMP 74B15BA9 .text C:\Windows\system32\SearchIndexer.exe[5448] WS2_32.dll!gethostbyname 775362D4 5 Bytes JMP 74B14C79 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[5484] ntdll.dll!RtlCreateProcessParametersEx 7773DFE3 5 Bytes JMP 74B11EE9 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[5484] ntdll.dll!NtClose + 5 77774189 5 Bytes JMP 74B158D9 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[5484] ntdll.dll!NtCreateFile + 5 77774249 5 Bytes JMP 74B11DC9 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[5484] ntdll.dll!NtCreateProcess + 5 77774309 5 Bytes JMP 74B12A29 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[5484] ntdll.dll!NtCreateProcessEx + 5 77774319 5 Bytes JMP 74B12AB9 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[5484] ntdll.dll!NtCreateThread + 5 77774369 5 Bytes JMP 74B12999 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[5484] ntdll.dll!NtDuplicateObject + 5 77774699 5 Bytes JMP 74B12E19 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[5484] ntdll.dll!NtLoadDriver + 5 777748D9 5 Bytes JMP 74B15969 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[5484] ntdll.dll!NtMapViewOfSection + 5 77774999 5 Bytes JMP 74B115E9 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[5484] ntdll.dll!NtOpenProcess + 5 77774AA9 5 Bytes JMP 74B12CF9 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[5484] ntdll.dll!NtQueueApcThread + 5 77774E79 5 Bytes JMP 74B12D89 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[5484] ntdll.dll!NtRaiseHardError + 5 77774E99 5 Bytes JMP 74B140A9 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[5484] ntdll.dll!NtSetContextThread + 5 77775099 5 Bytes JMP 74B12C69 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[5484] ntdll.dll!NtSetInformationProcess + 5 77775199 5 Bytes JMP 74B153C9 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[5484] ntdll.dll!NtSetSystemInformation + 5 77775259 5 Bytes JMP 74B159F9 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[5484] ntdll.dll!NtSetValueKey + 5 777752C9 5 Bytes JMP 74B121B9 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[5484] ntdll.dll!NtTerminateProcess + 5 77775369 5 Bytes JMP 74B15339 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[5484] ntdll.dll!NtUnmapViewOfSection + 5 77775449 5 Bytes JMP 74B11679 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[5484] ntdll.dll!NtVdmControl + 5 77775459 5 Bytes JMP 74B15D59 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[5484] ntdll.dll!NtWriteVirtualMemory + 5 777754E9 5 Bytes JMP 74B12BD9 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[5484] ntdll.dll!NtCreateThreadEx + 5 77775669 5 Bytes JMP 74B12909 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[5484] ntdll.dll!RtlReportException 777A4293 5 Bytes JMP 74B14139 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[5484] ntdll.dll!RtlCreateProcessParameters 777A6AE8 5 Bytes JMP 74B11E59 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[5484] kernel32.dll!GetSystemTimeAsFileTime 778918C0 5 Bytes JMP 74B119D9 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[5484] kernel32.dll!GetStartupInfoW 77891929 5 Bytes JMP 74B11D39 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[5484] kernel32.dll!GetStartupInfoA 778919C9 5 Bytes JMP 74B11CA9 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[5484] kernel32.dll!CreateProcessA 77891C28 5 Bytes JMP 74B12639 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[5484] kernel32.dll!Sleep 77891C5D 5 Bytes JMP 74B122D9 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[5484] kernel32.dll!WriteProcessMemory 77891CB8 5 Bytes JMP 74B12F39 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[5484] kernel32.dll!CreateProcessInternalW 778B5467 5 Bytes JMP 74B12B49 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[5484] kernel32.dll!LoadLibraryExW 778B926C 5 Bytes JMP 74B154E9 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[5484] kernel32.dll!LoadLibraryExA 778B9544 5 Bytes JMP 74B15459 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[5484] kernel32.dll!LoadLibraryA 778B956C 5 Bytes JMP 74B123F9 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[5484] kernel32.dll!FreeLibrary 778D3F64 5 Bytes JMP 74B15579 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[5484] kernel32.dll!ExitProcess 778D43B4 5 Bytes JMP 74B12249 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[5484] kernel32.dll!GetProcAddress 778D921B 5 Bytes JMP 74B12369 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[5484] kernel32.dll!GetModuleHandleA 778D9485 5 Bytes JMP 74B118B9 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[5484] kernel32.dll!SleepEx 778D9B3E 5 Bytes JMP 74B12129 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[5484] kernel32.dll!QueryPerformanceCounter 778DA860 5 Bytes JMP 74B11A69 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[5484] kernel32.dll!GetModuleHandleW 778DAA04 5 Bytes JMP 74B11949 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[5484] kernel32.dll!OpenMutexW 778DAC85 5 Bytes JMP 74B13329 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[5484] kernel32.dll!CloseHandle 778DB08D 5 Bytes JMP 74B13449 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[5484] kernel32.dll!CreateThread 778DCB0E 5 Bytes JMP 74B12EA9 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[5484] kernel32.dll!CreateRemoteThread 778DCB35 5 Bytes JMP 74B12879 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[5484] kernel32.dll!CreateFileA 778DD05F 5 Bytes JMP 74B12519 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[5484] kernel32.dll!CreateMutexW 778DD755 5 Bytes JMP 74B133B9 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[5484] kernel32.dll!Process32NextW 778E616D 5 Bytes JMP 74B15849 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[5484] kernel32.dll!CreateToolhelp32Snapshot 778E68A7 5 Bytes JMP 74B12489 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[5484] kernel32.dll!WinExec 7792614F 5 Bytes JMP 74B125A9 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[5484] kernel32.dll!ReadConsoleA 77937B6D 5 Bytes JMP 74B13F89 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[5484] kernel32.dll!ReadConsoleW 77937BC3 5 Bytes JMP 74B14019 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[5484] kernel32.dll!ReadConsoleInputA 77938E13 5 Bytes JMP 74B13E69 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[5484] kernel32.dll!ReadConsoleInputW 77938E36 5 Bytes JMP 74B13EF9 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[5484] ADVAPI32.dll!OpenServiceA 765C2EBD 5 Bytes JMP 74B134D9 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[5484] ADVAPI32.dll!CloseServiceHandle 765C82A5 5 Bytes JMP 74B13959 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[5484] ADVAPI32.dll!OpenServiceW 765C8354 5 Bytes JMP 74B13569 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[5484] ADVAPI32.dll!RegOpenCurrentUser + 9B 765E0CC1 5 Bytes JMP 74B15F09 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[5484] ADVAPI32.dll!CreateServiceW 765E9EB4 5 Bytes JMP 74B13B99 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[5484] ADVAPI32.dll!ControlService 765E9FB8 5 Bytes JMP 74B13719 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[5484] ADVAPI32.dll!DeleteService 765EA07E 5 Bytes JMP 74B137A9 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[5484] ADVAPI32.dll!ControlServiceExA 7662662E 5 Bytes JMP 74B135F9 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[5484] ADVAPI32.dll!ControlServiceExW 76626741 5 Bytes JMP 74B13689 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[5484] ADVAPI32.dll!ChangeServiceConfigA 76626DD9 5 Bytes JMP 74B13839 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[5484] ADVAPI32.dll!ChangeServiceConfigW 76626F81 5 Bytes JMP 74B138C9 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[5484] ADVAPI32.dll!CreateServiceA 766272A1 5 Bytes JMP 74B13B09 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[5484] SHELL32.dll!Shell_NotifyIconW 76758642 5 Bytes JMP 74B142E9 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[5484] SHELL32.dll!Shell_GetCachedImageIndexW + 1D31 76779105 5 Bytes JMP 74B15F99 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[5484] msvcrt.dll!_lock + 29 764F9FAE 5 Bytes JMP 74B16029 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[5484] msvcrt.dll!__p__fmode 7650179B 5 Bytes JMP 74B11B89 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[5484] msvcrt.dll!__p__environ 7650C7D7 5 Bytes JMP 74B11AF9 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[5484] USER32.dll!SetWindowsHookExA 763C6322 5 Bytes JMP 74B12759 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[5484] USER32.dll!CreateDialogIndirectParamAorW 763C7266 5 Bytes JMP 74B14EB9 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[5484] USER32.dll!SetWindowsHookExW 763C87AD 5 Bytes JMP 74B127E9 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[5484] USER32.dll!CallNextHookEx 763C8E3B 5 Bytes JMP 74B141C9 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[5484] USER32.dll!UnhookWindowsHookEx 763C98DB 5 Bytes JMP 74B14259 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[5484] USER32.dll!FindWindowA 763C9D76 5 Bytes JMP 74B15609 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[5484] USER32.dll!ShowWindow 763CCA10 5 Bytes JMP 74B14E29 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[5484] USER32.dll!CreateWindowExA 763CDC2A 5 Bytes JMP 74B14D99 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[5484] USER32.dll!FindWindowExA 763CF6C1 5 Bytes JMP 74B15699 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[5484] USER32.dll!PostMessageA 763CF8F8 5 Bytes JMP 74B15DE9 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[5484] USER32.dll!CreateWindowExW 763D1305 1 Byte [E9] .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[5484] USER32.dll!CreateWindowExW 763D1305 5 Bytes JMP 74B14D09 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[5484] USER32.dll!UserClientDllInitialize 763D7A1D 5 Bytes JMP 74B160B9 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[5484] USER32.dll!PeekMessageA 763D8343 5 Bytes JMP 74B13D49 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[5484] USER32.dll!GetMessageA 763D8AB3 5 Bytes JMP 74B13C29 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[5484] USER32.dll!SetWindowTextW 763D9815 5 Bytes JMP 74B15189 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[5484] USER32.dll!PostMessageW 763DA175 1 Byte [E9] .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[5484] USER32.dll!PostMessageW 763DA175 5 Bytes JMP 74B15E79 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[5484] USER32.dll!FindWindowW 763DA441 5 Bytes JMP 74B15729 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[5484] USER32.dll!GetMessageW 763DFEF7 5 Bytes JMP 74B13CB9 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[5484] USER32.dll!PeekMessageW 763E045A 5 Bytes JMP 74B13DD9 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[5484] USER32.dll!SetWindowTextA 763EA4E6 5 Bytes JMP 74B150F9 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[5484] USER32.dll!FindWindowExW 763F260C 5 Bytes JMP 74B157B9 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[5484] USER32.dll!DialogBoxIndirectParamAorW 763F2EB6 5 Bytes JMP 74B14F49 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[5484] USER32.dll!MessageBoxExA 7641D639 5 Bytes JMP 74B14FD9 .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[5484] USER32.dll!MessageBoxExW 7641D65D 5 Bytes JMP 74B15069 .text C:\Windows\System32\spoolsv.exe[6004] ntdll.dll!RtlCreateProcessParametersEx 7773DFE3 5 Bytes JMP 74B11EE9 .text C:\Windows\System32\spoolsv.exe[6004] ntdll.dll!NtClose + 5 77774189 5 Bytes JMP 74B158D9 .text C:\Windows\System32\spoolsv.exe[6004] ntdll.dll!NtCreateFile + 5 77774249 5 Bytes JMP 74B11DC9 .text C:\Windows\System32\spoolsv.exe[6004] ntdll.dll!NtCreateProcess + 5 77774309 5 Bytes JMP 74B12A29 .text C:\Windows\System32\spoolsv.exe[6004] ntdll.dll!NtCreateProcessEx + 5 77774319 5 Bytes JMP 74B12AB9 .text C:\Windows\System32\spoolsv.exe[6004] ntdll.dll!NtCreateThread + 5 77774369 5 Bytes JMP 74B12999 .text C:\Windows\System32\spoolsv.exe[6004] ntdll.dll!NtDuplicateObject + 5 77774699 5 Bytes JMP 74B12E19 .text C:\Windows\System32\spoolsv.exe[6004] ntdll.dll!NtLoadDriver + 5 777748D9 5 Bytes JMP 74B15969 .text C:\Windows\System32\spoolsv.exe[6004] ntdll.dll!NtMapViewOfSection + 5 77774999 5 Bytes JMP 74B115E9 .text C:\Windows\System32\spoolsv.exe[6004] ntdll.dll!NtOpenProcess + 5 77774AA9 5 Bytes JMP 74B12CF9 .text C:\Windows\System32\spoolsv.exe[6004] ntdll.dll!NtQueueApcThread + 5 77774E79 5 Bytes JMP 74B12D89 .text C:\Windows\System32\spoolsv.exe[6004] ntdll.dll!NtRaiseHardError + 5 77774E99 5 Bytes JMP 74B140A9 .text C:\Windows\System32\spoolsv.exe[6004] ntdll.dll!NtSetContextThread + 5 77775099 5 Bytes JMP 74B12C69 .text C:\Windows\System32\spoolsv.exe[6004] ntdll.dll!NtSetInformationProcess + 5 77775199 5 Bytes JMP 74B153C9 .text C:\Windows\System32\spoolsv.exe[6004] ntdll.dll!NtSetSystemInformation + 5 77775259 5 Bytes JMP 74B159F9 .text C:\Windows\System32\spoolsv.exe[6004] ntdll.dll!NtSetValueKey + 5 777752C9 5 Bytes JMP 74B121B9 .text C:\Windows\System32\spoolsv.exe[6004] ntdll.dll!NtTerminateProcess + 5 77775369 5 Bytes JMP 74B15339 .text C:\Windows\System32\spoolsv.exe[6004] ntdll.dll!NtUnmapViewOfSection + 5 77775449 5 Bytes JMP 74B11679 .text C:\Windows\System32\spoolsv.exe[6004] ntdll.dll!NtVdmControl + 5 77775459 5 Bytes JMP 74B15D59 .text C:\Windows\System32\spoolsv.exe[6004] ntdll.dll!NtWriteVirtualMemory + 5 777754E9 5 Bytes JMP 74B12BD9 .text C:\Windows\System32\spoolsv.exe[6004] ntdll.dll!NtCreateThreadEx + 5 77775669 5 Bytes JMP 74B12909 .text C:\Windows\System32\spoolsv.exe[6004] ntdll.dll!RtlReportException 777A4293 5 Bytes JMP 74B14139 .text C:\Windows\System32\spoolsv.exe[6004] ntdll.dll!RtlCreateProcessParameters 777A6AE8 5 Bytes JMP 74B11E59 .text C:\Windows\System32\spoolsv.exe[6004] kernel32.dll!GetSystemTimeAsFileTime 778918C0 5 Bytes JMP 74B119D9 .text C:\Windows\System32\spoolsv.exe[6004] kernel32.dll!GetStartupInfoW 77891929 5 Bytes JMP 74B11D39 .text C:\Windows\System32\spoolsv.exe[6004] kernel32.dll!GetStartupInfoA 778919C9 5 Bytes JMP 74B11CA9 .text C:\Windows\System32\spoolsv.exe[6004] kernel32.dll!CreateProcessA 77891C28 5 Bytes JMP 74B12639 .text C:\Windows\System32\spoolsv.exe[6004] kernel32.dll!Sleep 77891C5D 5 Bytes JMP 74B122D9 .text C:\Windows\System32\spoolsv.exe[6004] kernel32.dll!WriteProcessMemory 77891CB8 5 Bytes JMP 74B12F39 .text C:\Windows\System32\spoolsv.exe[6004] kernel32.dll!CreateProcessInternalW 778B5467 5 Bytes JMP 74B12B49 .text C:\Windows\System32\spoolsv.exe[6004] kernel32.dll!LoadLibraryExW 778B926C 5 Bytes JMP 74B154E9 .text C:\Windows\System32\spoolsv.exe[6004] kernel32.dll!LoadLibraryExA 778B9544 5 Bytes JMP 74B15459 .text C:\Windows\System32\spoolsv.exe[6004] kernel32.dll!LoadLibraryA 778B956C 5 Bytes JMP 74B123F9 .text C:\Windows\System32\spoolsv.exe[6004] kernel32.dll!FreeLibrary 778D3F64 5 Bytes JMP 74B15579 .text C:\Windows\System32\spoolsv.exe[6004] kernel32.dll!ExitProcess 778D43B4 5 Bytes JMP 74B12249 .text C:\Windows\System32\spoolsv.exe[6004] kernel32.dll!GetProcAddress 778D921B 5 Bytes JMP 74B12369 .text C:\Windows\System32\spoolsv.exe[6004] kernel32.dll!GetModuleHandleA 778D9485 5 Bytes JMP 74B118B9 .text C:\Windows\System32\spoolsv.exe[6004] kernel32.dll!SleepEx 778D9B3E 5 Bytes JMP 74B12129 .text C:\Windows\System32\spoolsv.exe[6004] kernel32.dll!QueryPerformanceCounter 778DA860 5 Bytes JMP 74B11A69 .text C:\Windows\System32\spoolsv.exe[6004] kernel32.dll!GetModuleHandleW 778DAA04 5 Bytes JMP 74B11949 .text C:\Windows\System32\spoolsv.exe[6004] kernel32.dll!OpenMutexW 778DAC85 5 Bytes JMP 74B13329 .text C:\Windows\System32\spoolsv.exe[6004] kernel32.dll!CloseHandle 778DB08D 5 Bytes JMP 74B13449 .text C:\Windows\System32\spoolsv.exe[6004] kernel32.dll!CreateThread 778DCB0E 5 Bytes JMP 74B12EA9 .text C:\Windows\System32\spoolsv.exe[6004] kernel32.dll!CreateRemoteThread 778DCB35 5 Bytes JMP 74B12879 .text C:\Windows\System32\spoolsv.exe[6004] kernel32.dll!CreateFileA 778DD05F 5 Bytes JMP 74B12519 .text C:\Windows\System32\spoolsv.exe[6004] kernel32.dll!CreateMutexW 778DD755 5 Bytes JMP 74B133B9 .text C:\Windows\System32\spoolsv.exe[6004] kernel32.dll!Process32NextW 778E616D 5 Bytes JMP 74B15849 .text C:\Windows\System32\spoolsv.exe[6004] kernel32.dll!CreateToolhelp32Snapshot 778E68A7 5 Bytes JMP 74B12489 .text C:\Windows\System32\spoolsv.exe[6004] kernel32.dll!WinExec 7792614F 5 Bytes JMP 74B125A9 .text C:\Windows\System32\spoolsv.exe[6004] kernel32.dll!ReadConsoleA 77937B6D 5 Bytes JMP 74B13F89 .text C:\Windows\System32\spoolsv.exe[6004] kernel32.dll!ReadConsoleW 77937BC3 5 Bytes JMP 74B14019 .text C:\Windows\System32\spoolsv.exe[6004] kernel32.dll!ReadConsoleInputA 77938E13 5 Bytes JMP 74B13E69 .text C:\Windows\System32\spoolsv.exe[6004] kernel32.dll!ReadConsoleInputW 77938E36 5 Bytes JMP 74B13EF9 .text C:\Windows\System32\spoolsv.exe[6004] ADVAPI32.dll!OpenServiceA 765C2EBD 5 Bytes JMP 74B134D9 .text C:\Windows\System32\spoolsv.exe[6004] ADVAPI32.dll!CloseServiceHandle 765C82A5 5 Bytes JMP 74B13959 .text C:\Windows\System32\spoolsv.exe[6004] ADVAPI32.dll!OpenServiceW 765C8354 5 Bytes JMP 74B13569 .text C:\Windows\System32\spoolsv.exe[6004] ADVAPI32.dll!RegOpenCurrentUser + 9B 765E0CC1 5 Bytes JMP 74B15F09 .text C:\Windows\System32\spoolsv.exe[6004] ADVAPI32.dll!CreateServiceW 765E9EB4 5 Bytes JMP 74B13B99 .text C:\Windows\System32\spoolsv.exe[6004] ADVAPI32.dll!ControlService 765E9FB8 5 Bytes JMP 74B13719 .text C:\Windows\System32\spoolsv.exe[6004] ADVAPI32.dll!DeleteService 765EA07E 5 Bytes JMP 74B137A9 .text C:\Windows\System32\spoolsv.exe[6004] ADVAPI32.dll!ControlServiceExA 7662662E 5 Bytes JMP 74B135F9 .text C:\Windows\System32\spoolsv.exe[6004] ADVAPI32.dll!ControlServiceExW 76626741 5 Bytes JMP 74B13689 .text C:\Windows\System32\spoolsv.exe[6004] ADVAPI32.dll!ChangeServiceConfigA 76626DD9 5 Bytes JMP 74B13839 .text C:\Windows\System32\spoolsv.exe[6004] ADVAPI32.dll!ChangeServiceConfigW 76626F81 5 Bytes JMP 74B138C9 .text C:\Windows\System32\spoolsv.exe[6004] ADVAPI32.dll!CreateServiceA 766272A1 5 Bytes JMP 74B13B09 .text C:\Windows\System32\spoolsv.exe[6004] msvcrt.dll!_lock + 29 764F9FAE 5 Bytes JMP 74B15F99 .text C:\Windows\System32\spoolsv.exe[6004] msvcrt.dll!__p__fmode 7650179B 5 Bytes JMP 74B11B89 .text C:\Windows\System32\spoolsv.exe[6004] msvcrt.dll!__p__environ 7650C7D7 5 Bytes JMP 74B11AF9 .text C:\Windows\System32\spoolsv.exe[6004] USER32.dll!SetWindowsHookExA 763C6322 5 Bytes JMP 74B12759 .text C:\Windows\System32\spoolsv.exe[6004] USER32.dll!CreateDialogIndirectParamAorW 763C7266 5 Bytes JMP 74B14EB9 .text C:\Windows\System32\spoolsv.exe[6004] USER32.dll!SetWindowsHookExW 763C87AD 5 Bytes JMP 74B127E9 .text C:\Windows\System32\spoolsv.exe[6004] USER32.dll!CallNextHookEx 763C8E3B 5 Bytes JMP 74B141C9 .text C:\Windows\System32\spoolsv.exe[6004] USER32.dll!UnhookWindowsHookEx 763C98DB 5 Bytes JMP 74B14259 .text C:\Windows\System32\spoolsv.exe[6004] USER32.dll!FindWindowA 763C9D76 5 Bytes JMP 74B15609 .text C:\Windows\System32\spoolsv.exe[6004] USER32.dll!ShowWindow 763CCA10 5 Bytes JMP 74B14E29 .text C:\Windows\System32\spoolsv.exe[6004] USER32.dll!CreateWindowExA 763CDC2A 5 Bytes JMP 74B14D99 .text C:\Windows\System32\spoolsv.exe[6004] USER32.dll!FindWindowExA 763CF6C1 5 Bytes JMP 74B15699 .text C:\Windows\System32\spoolsv.exe[6004] USER32.dll!PostMessageA 763CF8F8 5 Bytes JMP 74B15DE9 .text C:\Windows\System32\spoolsv.exe[6004] USER32.dll!CreateWindowExW 763D1305 1 Byte [E9] .text C:\Windows\System32\spoolsv.exe[6004] USER32.dll!CreateWindowExW 763D1305 5 Bytes JMP 74B14D09 .text C:\Windows\System32\spoolsv.exe[6004] USER32.dll!UserClientDllInitialize 763D7A1D 5 Bytes JMP 74B16029 .text C:\Windows\System32\spoolsv.exe[6004] USER32.dll!PeekMessageA 763D8343 5 Bytes JMP 74B13D49 .text C:\Windows\System32\spoolsv.exe[6004] USER32.dll!GetMessageA 763D8AB3 5 Bytes JMP 74B13C29 .text C:\Windows\System32\spoolsv.exe[6004] USER32.dll!SetWindowTextW 763D9815 5 Bytes JMP 74B15189 .text C:\Windows\System32\spoolsv.exe[6004] USER32.dll!PostMessageW 763DA175 1 Byte [E9] .text C:\Windows\System32\spoolsv.exe[6004] USER32.dll!PostMessageW 763DA175 5 Bytes JMP 74B15E79 .text C:\Windows\System32\spoolsv.exe[6004] USER32.dll!FindWindowW 763DA441 5 Bytes JMP 74B15729 .text C:\Windows\System32\spoolsv.exe[6004] USER32.dll!GetMessageW 763DFEF7 5 Bytes JMP 74B13CB9 .text C:\Windows\System32\spoolsv.exe[6004] USER32.dll!PeekMessageW 763E045A 5 Bytes JMP 74B13DD9 .text C:\Windows\System32\spoolsv.exe[6004] USER32.dll!SetWindowTextA 763EA4E6 5 Bytes JMP 74B150F9 .text C:\Windows\System32\spoolsv.exe[6004] USER32.dll!FindWindowExW 763F260C 5 Bytes JMP 74B157B9 .text C:\Windows\System32\spoolsv.exe[6004] USER32.dll!DialogBoxIndirectParamAorW 763F2EB6 5 Bytes JMP 74B14F49 .text C:\Windows\System32\spoolsv.exe[6004] USER32.dll!MessageBoxExA 7641D639 5 Bytes JMP 74B14FD9 .text C:\Windows\System32\spoolsv.exe[6004] USER32.dll!MessageBoxExW 7641D65D 5 Bytes JMP 74B15069 .text C:\Windows\System32\spoolsv.exe[6004] WS2_32.dll!WahWriteLSPEvent 77521434 5 Bytes JMP 74B160B9 .text C:\Windows\System32\spoolsv.exe[6004] WS2_32.dll!closesocket 7752330C 5 Bytes JMP 74B152A9 .text C:\Windows\System32\spoolsv.exe[6004] WS2_32.dll!recv 7752343A 5 Bytes JMP 74B15C39 .text C:\Windows\System32\spoolsv.exe[6004] WS2_32.dll!WSASocketW 775234EB 5 Bytes JMP 74B15219 .text C:\Windows\System32\spoolsv.exe[6004] WS2_32.dll!socket 775236D1 5 Bytes JMP 74B15A89 .text C:\Windows\System32\spoolsv.exe[6004] WS2_32.dll!GetAddrInfoW 77523D12 5 Bytes JMP 74B14BE9 .text C:\Windows\System32\spoolsv.exe[6004] WS2_32.dll!connect 775240D9 5 Bytes JMP 74B13A79 .text C:\Windows\System32\spoolsv.exe[6004] WS2_32.dll!WSASend 77524496 5 Bytes JMP 74B12009 .text C:\Windows\System32\spoolsv.exe[6004] WS2_32.dll!send 7752659B 5 Bytes JMP 74B11F79 .text C:\Windows\System32\spoolsv.exe[6004] WS2_32.dll!WSARecv 77528400 5 Bytes JMP 74B15CC9 .text C:\Windows\System32\spoolsv.exe[6004] WS2_32.dll!WSAConnect 7752D7B0 5 Bytes JMP 74B15BA9 .text C:\Windows\System32\spoolsv.exe[6004] WS2_32.dll!gethostbyname 775362D4 5 Bytes JMP 74B14C79 .text C:\Windows\System32\spoolsv.exe[6004] SHELL32.dll!Shell_NotifyIconW 76758642 5 Bytes JMP 74B142E9 .text C:\Windows\System32\spoolsv.exe[6004] SHELL32.dll!Shell_GetCachedImageIndexW + 1D31 76779105 5 Bytes JMP 74B16149 ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Windows\Explorer.exe[5360] @ C:\Windows\Explorer.exe [gdiplus.dll!GdiplusShutdown] [00BF7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll IAT C:\Windows\Explorer.exe[5360] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCloneImage] [00C3B4E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll IAT C:\Windows\Explorer.exe[5360] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipDrawImageRectI] [00BFBB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll IAT C:\Windows\Explorer.exe[5360] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipSetInterpolationMode] [00BEF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll IAT C:\Windows\Explorer.exe[5360] @ C:\Windows\Explorer.exe [gdiplus.dll!GdiplusStartup] [00BF75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll IAT C:\Windows\Explorer.exe[5360] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCreateFromHDC] [00BEE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll IAT C:\Windows\Explorer.exe[5360] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCreateBitmapFromStreamICM] [00C273F5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll IAT C:\Windows\Explorer.exe[5360] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCreateBitmapFromStream] [00BFDA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll IAT C:\Windows\Explorer.exe[5360] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipGetImageHeight] [00BEFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll IAT C:\Windows\Explorer.exe[5360] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipGetImageWidth] [00BEFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll IAT C:\Windows\Explorer.exe[5360] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipDisposeImage] [00BE71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll IAT C:\Windows\Explorer.exe[5360] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipLoadImageFromFileICM] [00C7CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll IAT C:\Windows\Explorer.exe[5360] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipLoadImageFromFile] [00C1C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll IAT C:\Windows\Explorer.exe[5360] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipDeleteGraphics] [00BED968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll IAT C:\Windows\Explorer.exe[5360] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipFree] [00BE6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll IAT C:\Windows\Explorer.exe[5360] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipAlloc] [00BE687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll IAT C:\Windows\Explorer.exe[5360] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipSetCompositingMode] [00BF2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll ---- Devices - GMER 2.1 ---- AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys AttachedDevice \Driver\tdx \Device\Tcp bdftdif.sys AttachedDevice \Driver\tdx \Device\Udp bdftdif.sys ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0016411f4ab6 Reg HKLM\SYSTEM\ControlSet005\Services\BTHPORT\Parameters\Keys\0016411f4ab6 (not active ControlSet) ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ----