GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-04-29 08:29:30 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Hitachi_HTS541612J9SA00 rev.SBDOC70P 111,79GB Running: j7h88d0k.exe; Driver: C:\DOCUME~1\b\USTAWI~1\Temp\uxkdyfod.sys ---- System - GMER 2.1 ---- SSDT \??\C:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys ZwAllocateVirtualMemory [0xAF02309C] SSDT \??\C:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys ZwAssignProcessToJobObject [0xAF023C66] SSDT \??\C:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys ZwClose [0xAF026B6A] SSDT \??\C:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys ZwConnectPort [0xAF0253F6] SSDT \??\C:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys ZwCreateFile [0xAF02493A] SSDT \??\C:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys ZwCreateKey [0xAF025AEE] SSDT \??\C:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys ZwCreateProcess [0xAF023EBC] SSDT \??\C:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys ZwCreateProcessEx [0xAF023F72] SSDT \??\C:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys ZwCreateSection [0xAF02425C] SSDT \??\C:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys ZwCreateThread [0xAF022A0C] SSDT \??\C:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys ZwDeviceIoControlFile [0xAF025C5E] SSDT \??\C:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys ZwDuplicateObject [0xAF02A0F8] SSDT \??\C:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys ZwFsControlFile [0xAF025F16] SSDT \??\C:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys ZwLoadDriver [0xAF023572] SSDT \??\C:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys ZwMakeTemporaryObject [0xAF026912] SSDT \??\C:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys ZwOpenFile [0xAF02472C] SSDT \??\C:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys ZwOpenProcess [0xAF029B50] SSDT \??\C:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys ZwOpenSection [0xAF02402C] SSDT \??\C:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys ZwOpenThread [0xAF029E00] SSDT \??\C:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys ZwProtectVirtualMemory [0xAF022F20] SSDT \??\C:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys ZwQueueApcThread [0xAF023D8E] SSDT \??\C:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys ZwReplaceKey [0xAF026760] SSDT \??\C:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys ZwRequestPort [0xAF025564] SSDT \??\C:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys ZwRequestWaitReplyPort [0xAF024EF8] SSDT \??\C:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys ZwRestoreKey [0xAF0267EA] SSDT \??\C:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys ZwSecureConnectPort [0xAF02597E] SSDT \??\C:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys ZwSetContextThread [0xAF022B7C] SSDT \??\C:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys ZwSetSecurityObject [0xAF0266BA] SSDT \??\C:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys ZwSetSystemInformation [0xAF02376C] SSDT \??\C:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys ZwShutdownSystem [0xAF02687C] SSDT \??\C:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys ZwSuspendProcess [0xAF022DF8] SSDT \??\C:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys ZwSuspendThread [0xAF022CD2] SSDT \??\C:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys ZwSystemDebugControl [0xAF023B98] SSDT \??\C:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys ZwTerminateProcess [0xAF029A48] SSDT \??\C:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys ZwTerminateThread [0xAF02A2EA] SSDT \??\C:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys ZwUnloadDriver [0xAF0269A8] SSDT \??\C:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys ZwWriteVirtualMemory [0xAF022890] SYSENTER avc3.sys B9E8E000 ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 2FB8 805048A0 4 Bytes [EA, 67, 02, AF] .text ntkrnlpa.exe!ZwCallbackReturn + 307C 80504964 12 Bytes [F8, 2D, 02, AF, D2, 2C, 02, ...] {CLC ; SUB EAX, 0x2cd2af02; ADD CH, [EDI-0x50fdc468]} ---- User code sections - GMER 2.1 ---- .text C:\WINDOWS\system32\spoolsv.exe[292] ntdll.dll!NtClose + 5 7C90CFF3 5 Bytes JMP 630055D9 .text C:\WINDOWS\system32\spoolsv.exe[292] ntdll.dll!NtCreateFile 7C90D0AE 10 Bytes JMP 63005FF1 .text C:\WINDOWS\system32\spoolsv.exe[292] ntdll.dll!NtCreateProcess + 5 7C90D153 5 Bytes JMP 63002C49 .text C:\WINDOWS\system32\spoolsv.exe[292] ntdll.dll!NtCreateProcessEx + 5 7C90D163 5 Bytes JMP 63002CE1 .text C:\WINDOWS\system32\spoolsv.exe[292] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 63002BB1 .text C:\WINDOWS\system32\spoolsv.exe[292] ntdll.dll!NtDeviceIoControlFile + 5 7C90D283 5 Bytes JMP 63006089 .text C:\WINDOWS\system32\spoolsv.exe[292] ntdll.dll!NtDuplicateObject + 5 7C90D2A3 5 Bytes JMP 63003071 .text C:\WINDOWS\system32\spoolsv.exe[292] ntdll.dll!NtLoadDriver + 5 7C90D473 5 Bytes JMP 63005671 .text C:\WINDOWS\system32\spoolsv.exe[292] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 630016E9 .text C:\WINDOWS\system32\spoolsv.exe[292] ntdll.dll!NtOpenProcess + 5 7C90D603 5 Bytes JMP 63002F41 .text C:\WINDOWS\system32\spoolsv.exe[292] ntdll.dll!NtQueueApcThread + 5 7C90D9A3 5 Bytes JMP 63002FD9 .text C:\WINDOWS\system32\spoolsv.exe[292] ntdll.dll!NtRaiseHardError + 5 7C90D9C3 5 Bytes JMP 630044A1 .text C:\WINDOWS\system32\spoolsv.exe[292] ntdll.dll!NtSetContextThread + 5 7C90DBB3 5 Bytes JMP 63002EA9 .text C:\WINDOWS\system32\spoolsv.exe[292] ntdll.dll!NtSetInformationProcess + 5 7C90DCA3 5 Bytes JMP 63005081 .text C:\WINDOWS\system32\spoolsv.exe[292] ntdll.dll!NtSetSystemInformation + 5 7C90DD63 5 Bytes JMP 63005709 .text C:\WINDOWS\system32\spoolsv.exe[292] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 63002361 .text C:\WINDOWS\system32\spoolsv.exe[292] ntdll.dll!NtSuspendProcess + 5 7C90DE33 5 Bytes JMP 630031A1 .text C:\WINDOWS\system32\spoolsv.exe[292] ntdll.dll!NtSuspendThread + 5 7C90DE43 5 Bytes JMP 63003109 .text C:\WINDOWS\system32\spoolsv.exe[292] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 63004FE9 .text C:\WINDOWS\system32\spoolsv.exe[292] ntdll.dll!NtUnmapViewOfSection + 5 7C90DF13 5 Bytes JMP 63001781 .text C:\WINDOWS\system32\spoolsv.exe[292] ntdll.dll!NtVdmControl + 5 7C90DF23 5 Bytes JMP 63006121 .text C:\WINDOWS\system32\spoolsv.exe[292] ntdll.dll!NtWriteVirtualMemory + 5 7C90DFB3 5 Bytes JMP 63002E11 .text C:\WINDOWS\system32\spoolsv.exe[292] ntdll.dll!RtlCreateProcessParameters 7C92188B 5 Bytes JMP 63001FD1 .text C:\WINDOWS\system32\spoolsv.exe[292] KERNEL32.dll!GetSystemTimeAsFileTime 7C8017E9 5 Bytes JMP 63001B11 .text C:\WINDOWS\system32\spoolsv.exe[292] KERNEL32.dll!CreateFileA 7C801A28 5 Bytes JMP 630026F1 .text C:\WINDOWS\system32\spoolsv.exe[292] KERNEL32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 630051B1 .text C:\WINDOWS\system32\spoolsv.exe[292] KERNEL32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 63005119 .text C:\WINDOWS\system32\spoolsv.exe[292] KERNEL32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 630025C1 .text C:\WINDOWS\system32\spoolsv.exe[292] KERNEL32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 63001EA1 .text C:\WINDOWS\system32\spoolsv.exe[292] KERNEL32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 63001E09 .text C:\WINDOWS\system32\spoolsv.exe[292] KERNEL32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 63003369 .text C:\WINDOWS\system32\spoolsv.exe[292] KERNEL32.dll!CreateProcessA 7C80236B 5 Bytes JMP 63002821 .text C:\WINDOWS\system32\spoolsv.exe[292] KERNEL32.dll!SleepEx 7C8023A0 5 Bytes JMP 630022C9 .text C:\WINDOWS\system32\spoolsv.exe[292] KERNEL32.dll!Sleep 7C802446 5 Bytes JMP 63002491 .text C:\WINDOWS\system32\spoolsv.exe[292] KERNEL32.dll!CloseHandle 7C809BE7 5 Bytes JMP 630038C1 .text C:\WINDOWS\system32\spoolsv.exe[292] KERNEL32.dll!QueryPerformanceCounter 7C80A4C7 5 Bytes JMP 63001BA9 .text C:\WINDOWS\system32\spoolsv.exe[292] KERNEL32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 63005249 .text C:\WINDOWS\system32\spoolsv.exe[292] KERNEL32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 63002529 .text C:\WINDOWS\system32\spoolsv.exe[292] KERNEL32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 630019E1 .text C:\WINDOWS\system32\spoolsv.exe[292] KERNEL32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 63001A79 .text C:\WINDOWS\system32\spoolsv.exe[292] KERNEL32.dll!CreateMutexW 7C80E957 5 Bytes JMP 63003829 .text C:\WINDOWS\system32\spoolsv.exe[292] KERNEL32.dll!OpenMutexW 7C80EA35 5 Bytes JMP 63003791 .text C:\WINDOWS\system32\spoolsv.exe[292] KERNEL32.dll!CreateRemoteThread 7C8104FC 5 Bytes JMP 63002A81 .text C:\WINDOWS\system32\spoolsv.exe[292] KERNEL32.dll!CreateThread 7C810707 5 Bytes JMP 630032D1 .text C:\WINDOWS\system32\spoolsv.exe[292] KERNEL32.dll!CreateProcessInternalW 7C8185EC 5 Bytes JMP 63002D79 .text C:\WINDOWS\system32\spoolsv.exe[292] KERNEL32.dll!ExitProcess 7C81BFA2 5 Bytes JMP 630023F9 .text C:\WINDOWS\system32\spoolsv.exe[292] KERNEL32.dll!MoveFileWithProgressW 7C81E786 5 Bytes JMP 63005C61 .text C:\WINDOWS\system32\spoolsv.exe[292] KERNEL32.dll!DefineDosDeviceW 7C820F76 5 Bytes JMP 63005A01 .text C:\WINDOWS\system32\spoolsv.exe[292] KERNEL32.dll!MoveFileExW 7C8356FB 5 Bytes JMP 63005B31 .text C:\WINDOWS\system32\spoolsv.exe[292] KERNEL32.dll!MoveFileWithProgressA 7C835F4E 5 Bytes JMP 63005BC9 .text C:\WINDOWS\system32\spoolsv.exe[292] KERNEL32.dll!MoveFileExA 7C85F033 5 Bytes JMP 63005A99 .text C:\WINDOWS\system32\spoolsv.exe[292] KERNEL32.dll!WinExec 7C863231 5 Bytes JMP 63002789 .text C:\WINDOWS\system32\spoolsv.exe[292] KERNEL32.dll!Process32NextW 7C865D4F 5 Bytes JMP 63005541 .text C:\WINDOWS\system32\spoolsv.exe[292] KERNEL32.dll!CreateToolhelp32Snapshot 7C8669A7 5 Bytes JMP 63002659 .text C:\WINDOWS\system32\spoolsv.exe[292] KERNEL32.dll!ReadConsoleA 7C8738C5 5 Bytes JMP 63004371 .text C:\WINDOWS\system32\spoolsv.exe[292] KERNEL32.dll!ReadConsoleW 7C873914 5 Bytes JMP 63004409 .text C:\WINDOWS\system32\spoolsv.exe[292] KERNEL32.dll!ReadConsoleInputA 7C87537B 5 Bytes JMP 63004241 .text C:\WINDOWS\system32\spoolsv.exe[292] KERNEL32.dll!ReadConsoleInputW 7C87539E 5 Bytes JMP 630042D9 .text C:\WINDOWS\system32\spoolsv.exe[292] ADVAPI32.dll!RegQueryValueExW + 10C 77DC710B 5 Bytes JMP 630062E9 .text C:\WINDOWS\system32\spoolsv.exe[292] ADVAPI32.dll!CloseServiceHandle 77DD6CE5 5 Bytes JMP 63003CE9 .text C:\WINDOWS\system32\spoolsv.exe[292] ADVAPI32.dll!OpenServiceW 77DD6FFD 5 Bytes JMP 630039F1 .text C:\WINDOWS\system32\spoolsv.exe[292] ADVAPI32.dll!ControlService 77DE4A09 5 Bytes JMP 63003A89 .text C:\WINDOWS\system32\spoolsv.exe[292] ADVAPI32.dll!OpenServiceA 77DE4C66 5 Bytes JMP 63003959 .text C:\WINDOWS\system32\spoolsv.exe[292] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 63003BB9 .text C:\WINDOWS\system32\spoolsv.exe[292] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 63003C51 .text C:\WINDOWS\system32\spoolsv.exe[292] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 63003EB1 .text C:\WINDOWS\system32\spoolsv.exe[292] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 63003F49 .text C:\WINDOWS\system32\spoolsv.exe[292] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 63003B21 .text C:\WINDOWS\system32\spoolsv.exe[292] USER32.dll!PostMessageW 7E368CCB 5 Bytes JMP 63006251 .text C:\WINDOWS\system32\spoolsv.exe[292] USER32.dll!GetMessageW 7E3691C6 5 Bytes JMP 63004079 .text C:\WINDOWS\system32\spoolsv.exe[292] USER32.dll!PeekMessageW 7E36929B 5 Bytes JMP 630041A9 .text C:\WINDOWS\system32\spoolsv.exe[292] USER32.dll!UserClientDllInitialize 7E36B217 5 Bytes JMP 63006381 .text C:\WINDOWS\system32\spoolsv.exe[292] USER32.dll!FindWindowExW 7E36E0E3 5 Bytes JMP 630054A9 .text C:\WINDOWS\system32\spoolsv.exe[292] USER32.dll!DialogBoxIndirectParamAorW 7E3749D0 5 Bytes JMP 63004BC1 .text C:\WINDOWS\system32\spoolsv.exe[292] USER32.dll!CreateDialogIndirectParamAorW 7E37680B 5 Bytes JMP 63004B29 .text C:\WINDOWS\system32\spoolsv.exe[292] USER32.dll!GetMessageA 7E37772B 5 Bytes JMP 63003FE1 .text C:\WINDOWS\system32\spoolsv.exe[292] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 630029E9 .text C:\WINDOWS\system32\spoolsv.exe[292] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 630052E1 .text C:\WINDOWS\system32\spoolsv.exe[292] USER32.dll!SetWindowTextW 7E37960E 5 Bytes JMP 63004E21 .text C:\WINDOWS\system32\spoolsv.exe[292] USER32.dll!PeekMessageA 7E37A340 5 Bytes JMP 63004111 .text C:\WINDOWS\system32\spoolsv.exe[292] USER32.dll!PostMessageA 7E37AAFD 5 Bytes JMP 630061B9 .text C:\WINDOWS\system32\spoolsv.exe[292] USER32.dll!ShowWindow 7E37AF56 5 Bytes JMP 63004A91 .text C:\WINDOWS\system32\spoolsv.exe[292] USER32.dll!CallNextHookEx 7E37B3C6 5 Bytes JMP 630045D1 .text C:\WINDOWS\system32\spoolsv.exe[292] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 63005411 .text C:\WINDOWS\system32\spoolsv.exe[292] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 63004961 .text C:\WINDOWS\system32\spoolsv.exe[292] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 63004669 .text C:\WINDOWS\system32\spoolsv.exe[292] USER32.dll!CreateWindowExA 7E37E4A9 5 Bytes JMP 630049F9 .text C:\WINDOWS\system32\spoolsv.exe[292] USER32.dll!SetWindowTextA 7E37F56B 5 Bytes JMP 63004D89 .text C:\WINDOWS\system32\spoolsv.exe[292] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 63002951 .text C:\WINDOWS\system32\spoolsv.exe[292] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 63003239 .text C:\WINDOWS\system32\spoolsv.exe[292] USER32.dll!FindWindowExA 7E38214A 5 Bytes JMP 63005379 .text C:\WINDOWS\system32\spoolsv.exe[292] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 63004CF1 .text C:\WINDOWS\system32\spoolsv.exe[292] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 63004C59 .text C:\WINDOWS\system32\spoolsv.exe[292] msvcrt.dll!__p__environ 77C0F1C5 5 Bytes JMP 63001C41 .text C:\WINDOWS\system32\spoolsv.exe[292] msvcrt.dll!__p__fmode 77C0F1DB 5 Bytes JMP 63001CD9 .text C:\WINDOWS\system32\spoolsv.exe[292] msvcrt.dll!__p__winver + B 77C0F2A1 5 Bytes JMP 63006419 .text C:\WINDOWS\system32\spoolsv.exe[292] SHELL32.dll!StrStrW 7C9E7516 5 Bytes JMP 630064B1 .text C:\WINDOWS\system32\spoolsv.exe[292] SHELL32.dll!Shell_NotifyIconW 7CA2A5DF 5 Bytes JMP 63004701 .text C:\WINDOWS\system32\spoolsv.exe[292] WS2_32.dll!WEP 71A51273 5 Bytes JMP 63006549 .text C:\WINDOWS\system32\spoolsv.exe[292] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 63004799 .text C:\WINDOWS\system32\spoolsv.exe[292] WS2_32.dll!closesocket 71A53E2B 5 Bytes JMP 63004F51 .text C:\WINDOWS\system32\spoolsv.exe[292] WS2_32.dll!WSASocketW 71A5404E 5 Bytes JMP 63004EB9 .text C:\WINDOWS\system32\spoolsv.exe[292] WS2_32.dll!socket 71A54211 5 Bytes JMP 63005CF9 .text C:\WINDOWS\system32\spoolsv.exe[292] WS2_32.dll!connect 71A54A07 5 Bytes JMP 63003E19 .text C:\WINDOWS\system32\spoolsv.exe[292] WS2_32.dll!send 71A54C27 5 Bytes JMP 63002101 .text C:\WINDOWS\system32\spoolsv.exe[292] WS2_32.dll!WSARecv 71A54CB5 5 Bytes JMP 63005F59 .text C:\WINDOWS\system32\spoolsv.exe[292] WS2_32.dll!gethostbyname 71A55355 5 Bytes JMP 630048C9 .text C:\WINDOWS\system32\spoolsv.exe[292] WS2_32.dll!recv 71A5676F 5 Bytes JMP 63005EC1 .text C:\WINDOWS\system32\spoolsv.exe[292] WS2_32.dll!WSASend 71A568FA 5 Bytes JMP 63002199 .text C:\WINDOWS\system32\spoolsv.exe[292] WS2_32.dll!WSAConnect 71A60C81 5 Bytes JMP 63005E29 .text C:\WINDOWS\system32\acs.exe[360] ntdll.dll!NtClose + 5 7C90CFF3 5 Bytes JMP 630055D9 .text C:\WINDOWS\system32\acs.exe[360] ntdll.dll!NtCreateFile 7C90D0AE 10 Bytes JMP 63005FF1 .text C:\WINDOWS\system32\acs.exe[360] ntdll.dll!NtCreateProcess + 5 7C90D153 5 Bytes JMP 63002C49 .text C:\WINDOWS\system32\acs.exe[360] ntdll.dll!NtCreateProcessEx + 5 7C90D163 5 Bytes JMP 63002CE1 .text C:\WINDOWS\system32\acs.exe[360] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 63002BB1 .text C:\WINDOWS\system32\acs.exe[360] ntdll.dll!NtDeviceIoControlFile + 5 7C90D283 5 Bytes JMP 63006089 .text C:\WINDOWS\system32\acs.exe[360] ntdll.dll!NtDuplicateObject + 5 7C90D2A3 5 Bytes JMP 63003071 .text C:\WINDOWS\system32\acs.exe[360] ntdll.dll!NtLoadDriver + 5 7C90D473 5 Bytes JMP 63005671 .text C:\WINDOWS\system32\acs.exe[360] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 630016E9 .text C:\WINDOWS\system32\acs.exe[360] ntdll.dll!NtOpenProcess + 5 7C90D603 5 Bytes JMP 63002F41 .text C:\WINDOWS\system32\acs.exe[360] ntdll.dll!NtQueueApcThread + 5 7C90D9A3 5 Bytes JMP 63002FD9 .text C:\WINDOWS\system32\acs.exe[360] ntdll.dll!NtRaiseHardError + 5 7C90D9C3 5 Bytes JMP 630044A1 .text C:\WINDOWS\system32\acs.exe[360] ntdll.dll!NtSetContextThread + 5 7C90DBB3 5 Bytes JMP 63002EA9 .text C:\WINDOWS\system32\acs.exe[360] ntdll.dll!NtSetInformationProcess + 5 7C90DCA3 5 Bytes JMP 63005081 .text C:\WINDOWS\system32\acs.exe[360] ntdll.dll!NtSetSystemInformation + 5 7C90DD63 5 Bytes JMP 63005709 .text C:\WINDOWS\system32\acs.exe[360] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 63002361 .text C:\WINDOWS\system32\acs.exe[360] ntdll.dll!NtSuspendProcess + 5 7C90DE33 5 Bytes JMP 630031A1 .text C:\WINDOWS\system32\acs.exe[360] ntdll.dll!NtSuspendThread + 5 7C90DE43 5 Bytes JMP 63003109 .text C:\WINDOWS\system32\acs.exe[360] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 63004FE9 .text C:\WINDOWS\system32\acs.exe[360] ntdll.dll!NtUnmapViewOfSection + 5 7C90DF13 5 Bytes JMP 63001781 .text C:\WINDOWS\system32\acs.exe[360] ntdll.dll!NtVdmControl + 5 7C90DF23 5 Bytes JMP 63006121 .text C:\WINDOWS\system32\acs.exe[360] ntdll.dll!NtWriteVirtualMemory + 5 7C90DFB3 5 Bytes JMP 63002E11 .text C:\WINDOWS\system32\acs.exe[360] ntdll.dll!RtlCreateProcessParameters 7C92188B 5 Bytes JMP 63001FD1 .text C:\WINDOWS\system32\acs.exe[360] KERNEL32.dll!GetSystemTimeAsFileTime 7C8017E9 5 Bytes JMP 63001B11 .text C:\WINDOWS\system32\acs.exe[360] KERNEL32.dll!CreateFileA 7C801A28 5 Bytes JMP 630026F1 .text C:\WINDOWS\system32\acs.exe[360] KERNEL32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 630051B1 .text C:\WINDOWS\system32\acs.exe[360] KERNEL32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 63005119 .text C:\WINDOWS\system32\acs.exe[360] KERNEL32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 630025C1 .text C:\WINDOWS\system32\acs.exe[360] KERNEL32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 63001EA1 .text C:\WINDOWS\system32\acs.exe[360] KERNEL32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 63001E09 .text C:\WINDOWS\system32\acs.exe[360] KERNEL32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 63003369 .text C:\WINDOWS\system32\acs.exe[360] KERNEL32.dll!CreateProcessA 7C80236B 5 Bytes JMP 63002821 .text C:\WINDOWS\system32\acs.exe[360] KERNEL32.dll!SleepEx 7C8023A0 5 Bytes JMP 630022C9 .text C:\WINDOWS\system32\acs.exe[360] KERNEL32.dll!Sleep 7C802446 5 Bytes JMP 63002491 .text C:\WINDOWS\system32\acs.exe[360] KERNEL32.dll!CloseHandle 7C809BE7 5 Bytes JMP 630038C1 .text C:\WINDOWS\system32\acs.exe[360] KERNEL32.dll!QueryPerformanceCounter 7C80A4C7 5 Bytes JMP 63001BA9 .text C:\WINDOWS\system32\acs.exe[360] KERNEL32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 63005249 .text C:\WINDOWS\system32\acs.exe[360] KERNEL32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 63002529 .text C:\WINDOWS\system32\acs.exe[360] KERNEL32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 630019E1 .text C:\WINDOWS\system32\acs.exe[360] KERNEL32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 63001A79 .text C:\WINDOWS\system32\acs.exe[360] KERNEL32.dll!CreateMutexW 7C80E957 5 Bytes JMP 63003829 .text C:\WINDOWS\system32\acs.exe[360] KERNEL32.dll!OpenMutexW 7C80EA35 5 Bytes JMP 63003791 .text C:\WINDOWS\system32\acs.exe[360] KERNEL32.dll!CreateRemoteThread 7C8104FC 5 Bytes JMP 63002A81 .text C:\WINDOWS\system32\acs.exe[360] KERNEL32.dll!CreateThread 7C810707 5 Bytes JMP 630032D1 .text C:\WINDOWS\system32\acs.exe[360] KERNEL32.dll!CreateProcessInternalW 7C8185EC 5 Bytes JMP 63002D79 .text C:\WINDOWS\system32\acs.exe[360] KERNEL32.dll!ExitProcess 7C81BFA2 5 Bytes JMP 630023F9 .text C:\WINDOWS\system32\acs.exe[360] KERNEL32.dll!MoveFileWithProgressW 7C81E786 5 Bytes JMP 63005C61 .text C:\WINDOWS\system32\acs.exe[360] KERNEL32.dll!DefineDosDeviceW 7C820F76 5 Bytes JMP 63005A01 .text C:\WINDOWS\system32\acs.exe[360] KERNEL32.dll!MoveFileExW 7C8356FB 5 Bytes JMP 63005B31 .text C:\WINDOWS\system32\acs.exe[360] KERNEL32.dll!MoveFileWithProgressA 7C835F4E 5 Bytes JMP 63005BC9 .text C:\WINDOWS\system32\acs.exe[360] KERNEL32.dll!MoveFileExA 7C85F033 5 Bytes JMP 63005A99 .text C:\WINDOWS\system32\acs.exe[360] KERNEL32.dll!WinExec 7C863231 5 Bytes JMP 63002789 .text C:\WINDOWS\system32\acs.exe[360] KERNEL32.dll!Process32NextW 7C865D4F 5 Bytes JMP 63005541 .text C:\WINDOWS\system32\acs.exe[360] KERNEL32.dll!CreateToolhelp32Snapshot 7C8669A7 5 Bytes JMP 63002659 .text C:\WINDOWS\system32\acs.exe[360] KERNEL32.dll!ReadConsoleA 7C8738C5 5 Bytes JMP 63004371 .text C:\WINDOWS\system32\acs.exe[360] KERNEL32.dll!ReadConsoleW 7C873914 5 Bytes JMP 63004409 .text C:\WINDOWS\system32\acs.exe[360] KERNEL32.dll!ReadConsoleInputA 7C87537B 5 Bytes JMP 63004241 .text C:\WINDOWS\system32\acs.exe[360] KERNEL32.dll!ReadConsoleInputW 7C87539E 5 Bytes JMP 630042D9 .text C:\WINDOWS\system32\acs.exe[360] ADVAPI32.dll!RegQueryValueExW + 10C 77DC710B 5 Bytes JMP 630062E9 .text C:\WINDOWS\system32\acs.exe[360] ADVAPI32.dll!CloseServiceHandle 77DD6CE5 5 Bytes JMP 63003CE9 .text C:\WINDOWS\system32\acs.exe[360] ADVAPI32.dll!OpenServiceW 77DD6FFD 5 Bytes JMP 630039F1 .text C:\WINDOWS\system32\acs.exe[360] ADVAPI32.dll!ControlService 77DE4A09 5 Bytes JMP 63003A89 .text C:\WINDOWS\system32\acs.exe[360] ADVAPI32.dll!OpenServiceA 77DE4C66 5 Bytes JMP 63003959 .text C:\WINDOWS\system32\acs.exe[360] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 63003BB9 .text C:\WINDOWS\system32\acs.exe[360] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 63003C51 .text C:\WINDOWS\system32\acs.exe[360] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 63003EB1 .text C:\WINDOWS\system32\acs.exe[360] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 63003F49 .text C:\WINDOWS\system32\acs.exe[360] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 63003B21 .text C:\WINDOWS\system32\acs.exe[360] msvcrt.dll!__p__environ 77C0F1C5 5 Bytes JMP 63001C41 .text C:\WINDOWS\system32\acs.exe[360] msvcrt.dll!__p__fmode 77C0F1DB 5 Bytes JMP 63001CD9 .text C:\WINDOWS\system32\acs.exe[360] msvcrt.dll!__p__winver + B 77C0F2A1 5 Bytes JMP 63006381 .text C:\WINDOWS\system32\acs.exe[360] USER32.dll!PostMessageW 7E368CCB 5 Bytes JMP 63006251 .text C:\WINDOWS\system32\acs.exe[360] USER32.dll!GetMessageW 7E3691C6 5 Bytes JMP 63004079 .text C:\WINDOWS\system32\acs.exe[360] USER32.dll!PeekMessageW 7E36929B 5 Bytes JMP 630041A9 .text C:\WINDOWS\system32\acs.exe[360] USER32.dll!UserClientDllInitialize 7E36B217 5 Bytes JMP 63006419 .text C:\WINDOWS\system32\acs.exe[360] USER32.dll!FindWindowExW 7E36E0E3 5 Bytes JMP 630054A9 .text C:\WINDOWS\system32\acs.exe[360] USER32.dll!DialogBoxIndirectParamAorW 7E3749D0 5 Bytes JMP 63004BC1 .text C:\WINDOWS\system32\acs.exe[360] USER32.dll!CreateDialogIndirectParamAorW 7E37680B 5 Bytes JMP 63004B29 .text C:\WINDOWS\system32\acs.exe[360] USER32.dll!GetMessageA 7E37772B 5 Bytes JMP 63003FE1 .text C:\WINDOWS\system32\acs.exe[360] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 630029E9 .text C:\WINDOWS\system32\acs.exe[360] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 630052E1 .text C:\WINDOWS\system32\acs.exe[360] USER32.dll!SetWindowTextW 7E37960E 5 Bytes JMP 63004E21 .text C:\WINDOWS\system32\acs.exe[360] USER32.dll!PeekMessageA 7E37A340 5 Bytes JMP 63004111 .text C:\WINDOWS\system32\acs.exe[360] USER32.dll!PostMessageA 7E37AAFD 5 Bytes JMP 630061B9 .text C:\WINDOWS\system32\acs.exe[360] USER32.dll!ShowWindow 7E37AF56 5 Bytes JMP 63004A91 .text C:\WINDOWS\system32\acs.exe[360] USER32.dll!CallNextHookEx 7E37B3C6 5 Bytes JMP 630045D1 .text C:\WINDOWS\system32\acs.exe[360] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 63005411 .text C:\WINDOWS\system32\acs.exe[360] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 63004961 .text C:\WINDOWS\system32\acs.exe[360] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 63004669 .text C:\WINDOWS\system32\acs.exe[360] USER32.dll!CreateWindowExA 7E37E4A9 5 Bytes JMP 630049F9 .text C:\WINDOWS\system32\acs.exe[360] USER32.dll!SetWindowTextA 7E37F56B 5 Bytes JMP 63004D89 .text C:\WINDOWS\system32\acs.exe[360] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 63002951 .text C:\WINDOWS\system32\acs.exe[360] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 63003239 .text C:\WINDOWS\system32\acs.exe[360] USER32.dll!FindWindowExA 7E38214A 5 Bytes JMP 63005379 .text C:\WINDOWS\system32\acs.exe[360] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 63004CF1 .text C:\WINDOWS\system32\acs.exe[360] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 63004C59 .text C:\WINDOWS\system32\acs.exe[360] WS2_32.dll!WEP 71A51273 5 Bytes JMP 630064B1 .text C:\WINDOWS\system32\acs.exe[360] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 63004799 .text C:\WINDOWS\system32\acs.exe[360] WS2_32.dll!closesocket 71A53E2B 5 Bytes JMP 63004F51 .text C:\WINDOWS\system32\acs.exe[360] WS2_32.dll!WSASocketW 71A5404E 5 Bytes JMP 63004EB9 .text C:\WINDOWS\system32\acs.exe[360] WS2_32.dll!socket 71A54211 5 Bytes JMP 63005CF9 .text C:\WINDOWS\system32\acs.exe[360] WS2_32.dll!connect 71A54A07 5 Bytes JMP 63003E19 .text C:\WINDOWS\system32\acs.exe[360] WS2_32.dll!send 71A54C27 5 Bytes JMP 63002101 .text C:\WINDOWS\system32\acs.exe[360] WS2_32.dll!WSARecv 71A54CB5 5 Bytes JMP 63005F59 .text C:\WINDOWS\system32\acs.exe[360] WS2_32.dll!gethostbyname 71A55355 5 Bytes JMP 630048C9 .text C:\WINDOWS\system32\acs.exe[360] WS2_32.dll!recv 71A5676F 5 Bytes JMP 63005EC1 .text C:\WINDOWS\system32\acs.exe[360] WS2_32.dll!WSASend 71A568FA 5 Bytes JMP 63002199 .text C:\WINDOWS\system32\acs.exe[360] WS2_32.dll!WSAConnect 71A60C81 5 Bytes JMP 63005E29 .text C:\WINDOWS\system32\acs.exe[360] SHELL32.dll!StrStrW 7C9E7516 5 Bytes JMP 63006549 .text C:\WINDOWS\system32\acs.exe[360] SHELL32.dll!Shell_NotifyIconW 7CA2A5DF 5 Bytes JMP 63004701 .text C:\WINDOWS\System32\StkCSrv.exe[460] ntdll.dll!NtClose + 5 7C90CFF3 5 Bytes JMP 630055D9 .text C:\WINDOWS\System32\StkCSrv.exe[460] ntdll.dll!NtCreateFile 7C90D0AE 10 Bytes JMP 63005FF1 .text C:\WINDOWS\System32\StkCSrv.exe[460] ntdll.dll!NtCreateProcess + 5 7C90D153 5 Bytes JMP 63002C49 .text C:\WINDOWS\System32\StkCSrv.exe[460] ntdll.dll!NtCreateProcessEx + 5 7C90D163 5 Bytes JMP 63002CE1 .text C:\WINDOWS\System32\StkCSrv.exe[460] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 63002BB1 .text C:\WINDOWS\System32\StkCSrv.exe[460] ntdll.dll!NtDeviceIoControlFile + 5 7C90D283 5 Bytes JMP 63006089 .text C:\WINDOWS\System32\StkCSrv.exe[460] ntdll.dll!NtDuplicateObject + 5 7C90D2A3 5 Bytes JMP 63003071 .text C:\WINDOWS\System32\StkCSrv.exe[460] ntdll.dll!NtLoadDriver + 5 7C90D473 5 Bytes JMP 63005671 .text C:\WINDOWS\System32\StkCSrv.exe[460] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 630016E9 .text C:\WINDOWS\System32\StkCSrv.exe[460] ntdll.dll!NtOpenProcess + 5 7C90D603 5 Bytes JMP 63002F41 .text C:\WINDOWS\System32\StkCSrv.exe[460] ntdll.dll!NtQueueApcThread + 5 7C90D9A3 5 Bytes JMP 63002FD9 .text C:\WINDOWS\System32\StkCSrv.exe[460] ntdll.dll!NtRaiseHardError + 5 7C90D9C3 5 Bytes JMP 630044A1 .text C:\WINDOWS\System32\StkCSrv.exe[460] ntdll.dll!NtSetContextThread + 5 7C90DBB3 5 Bytes JMP 63002EA9 .text C:\WINDOWS\System32\StkCSrv.exe[460] ntdll.dll!NtSetInformationProcess + 5 7C90DCA3 5 Bytes JMP 63005081 .text C:\WINDOWS\System32\StkCSrv.exe[460] ntdll.dll!NtSetSystemInformation + 5 7C90DD63 5 Bytes JMP 63005709 .text C:\WINDOWS\System32\StkCSrv.exe[460] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 63002361 .text C:\WINDOWS\System32\StkCSrv.exe[460] ntdll.dll!NtSuspendProcess + 5 7C90DE33 5 Bytes JMP 630031A1 .text C:\WINDOWS\System32\StkCSrv.exe[460] ntdll.dll!NtSuspendThread + 5 7C90DE43 5 Bytes JMP 63003109 .text C:\WINDOWS\System32\StkCSrv.exe[460] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 63004FE9 .text C:\WINDOWS\System32\StkCSrv.exe[460] ntdll.dll!NtUnmapViewOfSection + 5 7C90DF13 5 Bytes JMP 63001781 .text C:\WINDOWS\System32\StkCSrv.exe[460] ntdll.dll!NtVdmControl + 5 7C90DF23 5 Bytes JMP 63006121 .text C:\WINDOWS\System32\StkCSrv.exe[460] ntdll.dll!NtWriteVirtualMemory + 5 7C90DFB3 5 Bytes JMP 63002E11 .text C:\WINDOWS\System32\StkCSrv.exe[460] ntdll.dll!RtlCreateProcessParameters 7C92188B 5 Bytes JMP 63001FD1 .text C:\WINDOWS\System32\StkCSrv.exe[460] KERNEL32.dll!GetSystemTimeAsFileTime 7C8017E9 5 Bytes JMP 63001B11 .text C:\WINDOWS\System32\StkCSrv.exe[460] KERNEL32.dll!CreateFileA 7C801A28 5 Bytes JMP 630026F1 .text C:\WINDOWS\System32\StkCSrv.exe[460] KERNEL32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 630051B1 .text C:\WINDOWS\System32\StkCSrv.exe[460] KERNEL32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 63005119 .text C:\WINDOWS\System32\StkCSrv.exe[460] KERNEL32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 630025C1 .text C:\WINDOWS\System32\StkCSrv.exe[460] KERNEL32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 63001EA1 .text C:\WINDOWS\System32\StkCSrv.exe[460] KERNEL32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 63001E09 .text C:\WINDOWS\System32\StkCSrv.exe[460] KERNEL32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 63003369 .text C:\WINDOWS\System32\StkCSrv.exe[460] KERNEL32.dll!CreateProcessA 7C80236B 5 Bytes JMP 63002821 .text C:\WINDOWS\System32\StkCSrv.exe[460] KERNEL32.dll!SleepEx 7C8023A0 5 Bytes JMP 630022C9 .text C:\WINDOWS\System32\StkCSrv.exe[460] KERNEL32.dll!Sleep 7C802446 5 Bytes JMP 63002491 .text C:\WINDOWS\System32\StkCSrv.exe[460] KERNEL32.dll!CloseHandle 7C809BE7 5 Bytes JMP 630038C1 .text C:\WINDOWS\System32\StkCSrv.exe[460] KERNEL32.dll!QueryPerformanceCounter 7C80A4C7 5 Bytes JMP 63001BA9 .text C:\WINDOWS\System32\StkCSrv.exe[460] KERNEL32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 63005249 .text C:\WINDOWS\System32\StkCSrv.exe[460] KERNEL32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 63002529 .text C:\WINDOWS\System32\StkCSrv.exe[460] KERNEL32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 630019E1 .text C:\WINDOWS\System32\StkCSrv.exe[460] KERNEL32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 63001A79 .text C:\WINDOWS\System32\StkCSrv.exe[460] KERNEL32.dll!CreateMutexW 7C80E957 5 Bytes JMP 63003829 .text C:\WINDOWS\System32\StkCSrv.exe[460] KERNEL32.dll!OpenMutexW 7C80EA35 5 Bytes JMP 63003791 .text C:\WINDOWS\System32\StkCSrv.exe[460] KERNEL32.dll!CreateRemoteThread 7C8104FC 5 Bytes JMP 63002A81 .text C:\WINDOWS\System32\StkCSrv.exe[460] KERNEL32.dll!CreateThread 7C810707 5 Bytes JMP 630032D1 .text C:\WINDOWS\System32\StkCSrv.exe[460] KERNEL32.dll!CreateProcessInternalW 7C8185EC 5 Bytes JMP 63002D79 .text C:\WINDOWS\System32\StkCSrv.exe[460] KERNEL32.dll!ExitProcess 7C81BFA2 5 Bytes JMP 630023F9 .text C:\WINDOWS\System32\StkCSrv.exe[460] KERNEL32.dll!MoveFileWithProgressW 7C81E786 5 Bytes JMP 63005C61 .text C:\WINDOWS\System32\StkCSrv.exe[460] KERNEL32.dll!DefineDosDeviceW 7C820F76 5 Bytes JMP 63005A01 .text C:\WINDOWS\System32\StkCSrv.exe[460] KERNEL32.dll!MoveFileExW 7C8356FB 5 Bytes JMP 63005B31 .text C:\WINDOWS\System32\StkCSrv.exe[460] KERNEL32.dll!MoveFileWithProgressA 7C835F4E 5 Bytes JMP 63005BC9 .text C:\WINDOWS\System32\StkCSrv.exe[460] KERNEL32.dll!MoveFileExA 7C85F033 5 Bytes JMP 63005A99 .text C:\WINDOWS\System32\StkCSrv.exe[460] KERNEL32.dll!WinExec 7C863231 5 Bytes JMP 63002789 .text C:\WINDOWS\System32\StkCSrv.exe[460] KERNEL32.dll!Process32NextW 7C865D4F 5 Bytes JMP 63005541 .text C:\WINDOWS\System32\StkCSrv.exe[460] KERNEL32.dll!CreateToolhelp32Snapshot 7C8669A7 5 Bytes JMP 63002659 .text C:\WINDOWS\System32\StkCSrv.exe[460] KERNEL32.dll!ReadConsoleA 7C8738C5 5 Bytes JMP 63004371 .text C:\WINDOWS\System32\StkCSrv.exe[460] KERNEL32.dll!ReadConsoleW 7C873914 5 Bytes JMP 63004409 .text C:\WINDOWS\System32\StkCSrv.exe[460] KERNEL32.dll!ReadConsoleInputA 7C87537B 5 Bytes JMP 63004241 .text C:\WINDOWS\System32\StkCSrv.exe[460] KERNEL32.dll!ReadConsoleInputW 7C87539E 5 Bytes JMP 630042D9 .text C:\WINDOWS\System32\StkCSrv.exe[460] msvcrt.dll!__p__environ 77C0F1C5 5 Bytes JMP 63001C41 .text C:\WINDOWS\System32\StkCSrv.exe[460] msvcrt.dll!__p__fmode 77C0F1DB 5 Bytes JMP 63001CD9 .text C:\WINDOWS\System32\StkCSrv.exe[460] msvcrt.dll!__p__winver + B 77C0F2A1 5 Bytes JMP 630062E9 .text C:\WINDOWS\System32\StkCSrv.exe[460] USER32.dll!PostMessageW 7E368CCB 5 Bytes JMP 63006251 .text C:\WINDOWS\System32\StkCSrv.exe[460] USER32.dll!GetMessageW 7E3691C6 5 Bytes JMP 63004079 .text C:\WINDOWS\System32\StkCSrv.exe[460] USER32.dll!PeekMessageW 7E36929B 5 Bytes JMP 630041A9 .text C:\WINDOWS\System32\StkCSrv.exe[460] USER32.dll!UserClientDllInitialize 7E36B217 5 Bytes JMP 63006381 .text C:\WINDOWS\System32\StkCSrv.exe[460] USER32.dll!FindWindowExW 7E36E0E3 5 Bytes JMP 630054A9 .text C:\WINDOWS\System32\StkCSrv.exe[460] USER32.dll!DialogBoxIndirectParamAorW 7E3749D0 5 Bytes JMP 63004BC1 .text C:\WINDOWS\System32\StkCSrv.exe[460] USER32.dll!CreateDialogIndirectParamAorW 7E37680B 5 Bytes JMP 63004B29 .text C:\WINDOWS\System32\StkCSrv.exe[460] USER32.dll!GetMessageA 7E37772B 5 Bytes JMP 63003FE1 .text C:\WINDOWS\System32\StkCSrv.exe[460] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 630029E9 .text C:\WINDOWS\System32\StkCSrv.exe[460] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 630052E1 .text C:\WINDOWS\System32\StkCSrv.exe[460] USER32.dll!SetWindowTextW 7E37960E 5 Bytes JMP 63004E21 .text C:\WINDOWS\System32\StkCSrv.exe[460] USER32.dll!PeekMessageA 7E37A340 5 Bytes JMP 63004111 .text C:\WINDOWS\System32\StkCSrv.exe[460] USER32.dll!PostMessageA 7E37AAFD 5 Bytes JMP 630061B9 .text C:\WINDOWS\System32\StkCSrv.exe[460] USER32.dll!ShowWindow 7E37AF56 5 Bytes JMP 63004A91 .text C:\WINDOWS\System32\StkCSrv.exe[460] USER32.dll!CallNextHookEx 7E37B3C6 5 Bytes JMP 630045D1 .text C:\WINDOWS\System32\StkCSrv.exe[460] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 63005411 .text C:\WINDOWS\System32\StkCSrv.exe[460] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 63004961 .text C:\WINDOWS\System32\StkCSrv.exe[460] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 63004669 .text C:\WINDOWS\System32\StkCSrv.exe[460] USER32.dll!CreateWindowExA 7E37E4A9 5 Bytes JMP 630049F9 .text C:\WINDOWS\System32\StkCSrv.exe[460] USER32.dll!SetWindowTextA 7E37F56B 5 Bytes JMP 63004D89 .text C:\WINDOWS\System32\StkCSrv.exe[460] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 63002951 .text C:\WINDOWS\System32\StkCSrv.exe[460] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 63003239 .text C:\WINDOWS\System32\StkCSrv.exe[460] USER32.dll!FindWindowExA 7E38214A 5 Bytes JMP 63005379 .text C:\WINDOWS\System32\StkCSrv.exe[460] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 63004CF1 .text C:\WINDOWS\System32\StkCSrv.exe[460] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 63004C59 .text C:\WINDOWS\System32\StkCSrv.exe[460] ADVAPI32.dll!RegQueryValueExW + 10C 77DC710B 5 Bytes JMP 63006419 .text C:\WINDOWS\System32\StkCSrv.exe[460] ADVAPI32.dll!CloseServiceHandle 77DD6CE5 5 Bytes JMP 63003CE9 .text C:\WINDOWS\System32\StkCSrv.exe[460] ADVAPI32.dll!OpenServiceW 77DD6FFD 5 Bytes JMP 630039F1 .text C:\WINDOWS\System32\StkCSrv.exe[460] ADVAPI32.dll!ControlService 77DE4A09 5 Bytes JMP 63003A89 .text C:\WINDOWS\System32\StkCSrv.exe[460] ADVAPI32.dll!OpenServiceA 77DE4C66 5 Bytes JMP 63003959 .text C:\WINDOWS\System32\StkCSrv.exe[460] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 63003BB9 .text C:\WINDOWS\System32\StkCSrv.exe[460] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 63003C51 .text C:\WINDOWS\System32\StkCSrv.exe[460] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 63003EB1 .text C:\WINDOWS\System32\StkCSrv.exe[460] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 63003F49 .text C:\WINDOWS\System32\StkCSrv.exe[460] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 63003B21 .text C:\Documents and Settings\b\Pulpit\j7h88d0k.exe[516] ntdll.dll!NtClose + 5 7C90CFF3 5 Bytes JMP 63005F59 .text C:\Documents and Settings\b\Pulpit\j7h88d0k.exe[516] ntdll.dll!NtCreateFile 7C90D0AE 10 Bytes JMP 63006A09 .text C:\Documents and Settings\b\Pulpit\j7h88d0k.exe[516] ntdll.dll!NtCreateProcess + 5 7C90D153 5 Bytes JMP 63002C49 .text C:\Documents and Settings\b\Pulpit\j7h88d0k.exe[516] ntdll.dll!NtCreateProcessEx + 5 7C90D163 5 Bytes JMP 63002CE1 .text C:\Documents and Settings\b\Pulpit\j7h88d0k.exe[516] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 63002BB1 .text C:\Documents and Settings\b\Pulpit\j7h88d0k.exe[516] ntdll.dll!NtDeviceIoControlFile + 5 7C90D283 5 Bytes JMP 63006AA1 .text C:\Documents and Settings\b\Pulpit\j7h88d0k.exe[516] ntdll.dll!NtDuplicateObject + 5 7C90D2A3 5 Bytes JMP 63003071 .text C:\Documents and Settings\b\Pulpit\j7h88d0k.exe[516] ntdll.dll!NtLoadDriver + 5 7C90D473 5 Bytes JMP 63005FF1 .text C:\Documents and Settings\b\Pulpit\j7h88d0k.exe[516] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 630016E9 .text C:\Documents and Settings\b\Pulpit\j7h88d0k.exe[516] ntdll.dll!NtOpenProcess + 5 7C90D603 5 Bytes JMP 63002F41 .text C:\Documents and Settings\b\Pulpit\j7h88d0k.exe[516] ntdll.dll!NtQueueApcThread + 5 7C90D9A3 5 Bytes JMP 63002FD9 .text C:\Documents and Settings\b\Pulpit\j7h88d0k.exe[516] ntdll.dll!NtRaiseHardError + 5 7C90D9C3 5 Bytes JMP 630044A1 .text C:\Documents and Settings\b\Pulpit\j7h88d0k.exe[516] ntdll.dll!NtReadFile + 5 7C90D9D3 5 Bytes JMP 63006679 .text C:\Documents and Settings\b\Pulpit\j7h88d0k.exe[516] ntdll.dll!NtSetContextThread + 5 7C90DBB3 5 Bytes JMP 63002EA9 .text C:\Documents and Settings\b\Pulpit\j7h88d0k.exe[516] ntdll.dll!NtSetInformationProcess + 5 7C90DCA3 5 Bytes JMP 63005A01 .text C:\Documents and Settings\b\Pulpit\j7h88d0k.exe[516] ntdll.dll!NtSetSystemInformation + 5 7C90DD63 5 Bytes JMP 63006089 .text C:\Documents and Settings\b\Pulpit\j7h88d0k.exe[516] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 63002361 .text C:\Documents and Settings\b\Pulpit\j7h88d0k.exe[516] ntdll.dll!NtSuspendProcess + 5 7C90DE33 5 Bytes JMP 630031A1 .text C:\Documents and Settings\b\Pulpit\j7h88d0k.exe[516] ntdll.dll!NtSuspendThread + 5 7C90DE43 5 Bytes JMP 63003109 .text C:\Documents and Settings\b\Pulpit\j7h88d0k.exe[516] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 63005969 .text C:\Documents and Settings\b\Pulpit\j7h88d0k.exe[516] ntdll.dll!NtUnmapViewOfSection + 5 7C90DF13 5 Bytes JMP 63001781 .text C:\Documents and Settings\b\Pulpit\j7h88d0k.exe[516] ntdll.dll!NtVdmControl + 5 7C90DF23 5 Bytes JMP 63006B39 .text C:\Documents and Settings\b\Pulpit\j7h88d0k.exe[516] ntdll.dll!NtWriteVirtualMemory + 5 7C90DFB3 5 Bytes JMP 63002E11 .text C:\Documents and Settings\b\Pulpit\j7h88d0k.exe[516] ntdll.dll!RtlCreateProcessParameters 7C92188B 5 Bytes JMP 63001FD1 .text C:\Documents and Settings\b\Pulpit\j7h88d0k.exe[516] KERNEL32.dll!GetSystemTimeAsFileTime 7C8017E9 5 Bytes JMP 63001B11 .text C:\Documents and Settings\b\Pulpit\j7h88d0k.exe[516] KERNEL32.dll!CreateFileA 7C801A28 5 Bytes JMP 630026F1 .text C:\Documents and Settings\b\Pulpit\j7h88d0k.exe[516] KERNEL32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 63005B31 .text C:\Documents and Settings\b\Pulpit\j7h88d0k.exe[516] KERNEL32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 63005A99 .text C:\Documents and Settings\b\Pulpit\j7h88d0k.exe[516] KERNEL32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 630025C1 .text C:\Documents and Settings\b\Pulpit\j7h88d0k.exe[516] KERNEL32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 63001EA1 .text C:\Documents and Settings\b\Pulpit\j7h88d0k.exe[516] KERNEL32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 63001E09 .text C:\Documents and Settings\b\Pulpit\j7h88d0k.exe[516] KERNEL32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 63003369 .text C:\Documents and Settings\b\Pulpit\j7h88d0k.exe[516] KERNEL32.dll!CreateProcessA 7C80236B 5 Bytes JMP 63002821 .text C:\Documents and Settings\b\Pulpit\j7h88d0k.exe[516] KERNEL32.dll!SleepEx 7C8023A0 5 Bytes JMP 630022C9 .text C:\Documents and Settings\b\Pulpit\j7h88d0k.exe[516] KERNEL32.dll!Sleep 7C802446 5 Bytes JMP 63002491 .text C:\Documents and Settings\b\Pulpit\j7h88d0k.exe[516] KERNEL32.dll!CloseHandle 7C809BE7 5 Bytes JMP 630038C1 .text C:\Documents and Settings\b\Pulpit\j7h88d0k.exe[516] KERNEL32.dll!QueryPerformanceCounter 7C80A4C7 5 Bytes JMP 63001BA9 .text C:\Documents and Settings\b\Pulpit\j7h88d0k.exe[516] KERNEL32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 63005BC9 .text C:\Documents and Settings\b\Pulpit\j7h88d0k.exe[516] KERNEL32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 63002529 .text C:\Documents and Settings\b\Pulpit\j7h88d0k.exe[516] KERNEL32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 630019E1 .text C:\Documents and Settings\b\Pulpit\j7h88d0k.exe[516] KERNEL32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 63001A79 .text C:\Documents and Settings\b\Pulpit\j7h88d0k.exe[516] KERNEL32.dll!CreateMutexW 7C80E957 5 Bytes JMP 63003829 .text C:\Documents and Settings\b\Pulpit\j7h88d0k.exe[516] KERNEL32.dll!OpenMutexW 7C80EA35 5 Bytes JMP 63003791 .text C:\Documents and Settings\b\Pulpit\j7h88d0k.exe[516] KERNEL32.dll!CreateRemoteThread 7C8104FC 5 Bytes JMP 63002A81 .text C:\Documents and Settings\b\Pulpit\j7h88d0k.exe[516] KERNEL32.dll!CreateThread 7C810707 5 Bytes JMP 630032D1 .text C:\Documents and Settings\b\Pulpit\j7h88d0k.exe[516] KERNEL32.dll!CreateProcessInternalW 7C8185EC 5 Bytes JMP 63002D79 .text C:\Documents and Settings\b\Pulpit\j7h88d0k.exe[516] KERNEL32.dll!ExitProcess 7C81BFA2 5 Bytes JMP 630023F9 .text C:\Documents and Settings\b\Pulpit\j7h88d0k.exe[516] KERNEL32.dll!MoveFileWithProgressW 7C81E786 5 Bytes JMP 630065E1 .text C:\Documents and Settings\b\Pulpit\j7h88d0k.exe[516] KERNEL32.dll!DefineDosDeviceW 7C820F76 5 Bytes JMP 63006381 .text C:\Documents and Settings\b\Pulpit\j7h88d0k.exe[516] KERNEL32.dll!MoveFileExW 7C8356FB 5 Bytes JMP 630064B1 .text C:\Documents and Settings\b\Pulpit\j7h88d0k.exe[516] KERNEL32.dll!MoveFileWithProgressA 7C835F4E 5 Bytes JMP 63006549 .text C:\Documents and Settings\b\Pulpit\j7h88d0k.exe[516] KERNEL32.dll!MoveFileExA 7C85F033 5 Bytes JMP 63006419 .text C:\Documents and Settings\b\Pulpit\j7h88d0k.exe[516] KERNEL32.dll!WinExec 7C863231 5 Bytes JMP 63002789 .text C:\Documents and Settings\b\Pulpit\j7h88d0k.exe[516] KERNEL32.dll!Process32NextW 7C865D4F 5 Bytes JMP 63005EC1 .text C:\Documents and Settings\b\Pulpit\j7h88d0k.exe[516] KERNEL32.dll!CreateToolhelp32Snapshot 7C8669A7 5 Bytes JMP 63002659 .text C:\Documents and Settings\b\Pulpit\j7h88d0k.exe[516] KERNEL32.dll!ReadConsoleA 7C8738C5 5 Bytes JMP 63004371 .text C:\Documents and Settings\b\Pulpit\j7h88d0k.exe[516] KERNEL32.dll!ReadConsoleW 7C873914 5 Bytes JMP 63004409 .text C:\Documents and Settings\b\Pulpit\j7h88d0k.exe[516] KERNEL32.dll!ReadConsoleInputA 7C87537B 5 Bytes JMP 63004241 .text C:\Documents and Settings\b\Pulpit\j7h88d0k.exe[516] KERNEL32.dll!ReadConsoleInputW 7C87539E 5 Bytes JMP 630042D9 .text C:\Documents and Settings\b\Pulpit\j7h88d0k.exe[516] ADVAPI32.dll!RegQueryValueExW + 10C 77DC710B 5 Bytes JMP 63006D01 .text C:\Documents and Settings\b\Pulpit\j7h88d0k.exe[516] ADVAPI32.dll!CloseServiceHandle 77DD6CE5 5 Bytes JMP 63003CE9 .text C:\Documents and Settings\b\Pulpit\j7h88d0k.exe[516] ADVAPI32.dll!OpenServiceW 77DD6FFD 5 Bytes JMP 630039F1 .text C:\Documents and Settings\b\Pulpit\j7h88d0k.exe[516] ADVAPI32.dll!ControlService 77DE4A09 5 Bytes JMP 63003A89 .text C:\Documents and Settings\b\Pulpit\j7h88d0k.exe[516] ADVAPI32.dll!OpenServiceA 77DE4C66 5 Bytes JMP 63003959 .text C:\Documents and Settings\b\Pulpit\j7h88d0k.exe[516] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 63003BB9 .text C:\Documents and Settings\b\Pulpit\j7h88d0k.exe[516] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 63003C51 .text C:\Documents and Settings\b\Pulpit\j7h88d0k.exe[516] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 63003EB1 .text C:\Documents and Settings\b\Pulpit\j7h88d0k.exe[516] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 63003F49 .text C:\Documents and Settings\b\Pulpit\j7h88d0k.exe[516] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 63003B21 .text C:\Documents and Settings\b\Pulpit\j7h88d0k.exe[516] USER32.dll!PostMessageW 7E368CCB 5 Bytes JMP 63006C69 .text C:\Documents and Settings\b\Pulpit\j7h88d0k.exe[516] USER32.dll!GetMessageW 7E3691C6 5 Bytes JMP 63004079 .text C:\Documents and Settings\b\Pulpit\j7h88d0k.exe[516] USER32.dll!PeekMessageW 7E36929B 5 Bytes JMP 630041A9 .text C:\Documents and Settings\b\Pulpit\j7h88d0k.exe[516] USER32.dll!UserClientDllInitialize 7E36B217 5 Bytes JMP 63006D99 .text C:\Documents and Settings\b\Pulpit\j7h88d0k.exe[516] USER32.dll!FindWindowExW 7E36E0E3 5 Bytes JMP 63005E29 .text C:\Documents and Settings\b\Pulpit\j7h88d0k.exe[516] USER32.dll!DialogBoxIndirectParamAorW 7E3749D0 5 Bytes JMP 63005541 .text C:\Documents and Settings\b\Pulpit\j7h88d0k.exe[516] USER32.dll!CreateDialogIndirectParamAorW 7E37680B 5 Bytes JMP 630054A9 .text C:\Documents and Settings\b\Pulpit\j7h88d0k.exe[516] USER32.dll!GetMessageA 7E37772B 5 Bytes JMP 63003FE1 .text C:\Documents and Settings\b\Pulpit\j7h88d0k.exe[516] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 630029E9 .text C:\Documents and Settings\b\Pulpit\j7h88d0k.exe[516] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 63005C61 .text C:\Documents and Settings\b\Pulpit\j7h88d0k.exe[516] USER32.dll!SetWindowTextW 7E37960E 5 Bytes JMP 630057A1 .text C:\Documents and Settings\b\Pulpit\j7h88d0k.exe[516] USER32.dll!PeekMessageA 7E37A340 5 Bytes JMP 63004111 .text C:\Documents and Settings\b\Pulpit\j7h88d0k.exe[516] USER32.dll!PostMessageA 7E37AAFD 5 Bytes JMP 63006BD1 .text C:\Documents and Settings\b\Pulpit\j7h88d0k.exe[516] USER32.dll!ShowWindow 7E37AF56 5 Bytes JMP 63005411 .text C:\Documents and Settings\b\Pulpit\j7h88d0k.exe[516] USER32.dll!CallNextHookEx 7E37B3C6 5 Bytes JMP 630045D1 .text C:\Documents and Settings\b\Pulpit\j7h88d0k.exe[516] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 63005D91 .text C:\Documents and Settings\b\Pulpit\j7h88d0k.exe[516] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 630052E1 .text C:\Documents and Settings\b\Pulpit\j7h88d0k.exe[516] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 63004669 .text C:\Documents and Settings\b\Pulpit\j7h88d0k.exe[516] USER32.dll!CreateWindowExA 7E37E4A9 5 Bytes JMP 63005379 .text C:\Documents and Settings\b\Pulpit\j7h88d0k.exe[516] USER32.dll!SetWindowTextA 7E37F56B 5 Bytes JMP 63005709 .text C:\Documents and Settings\b\Pulpit\j7h88d0k.exe[516] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 63002951 .text C:\Documents and Settings\b\Pulpit\j7h88d0k.exe[516] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 63003239 .text C:\Documents and Settings\b\Pulpit\j7h88d0k.exe[516] USER32.dll!FindWindowExA 7E38214A 5 Bytes JMP 63005CF9 .text C:\Documents and Settings\b\Pulpit\j7h88d0k.exe[516] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 63005671 .text C:\Documents and Settings\b\Pulpit\j7h88d0k.exe[516] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 630055D9 .text C:\Documents and Settings\b\Pulpit\j7h88d0k.exe[516] msvcrt.dll!__p__environ 77C0F1C5 5 Bytes JMP 63001C41 .text C:\Documents and Settings\b\Pulpit\j7h88d0k.exe[516] msvcrt.dll!__p__fmode 77C0F1DB 5 Bytes JMP 63001CD9 .text C:\Documents and Settings\b\Pulpit\j7h88d0k.exe[516] msvcrt.dll!__p__winver + B 77C0F2A1 5 Bytes JMP 63006E31 .text C:\WINDOWS\system32\svchost.exe[712] ntdll.dll!NtClose + 5 7C90CFF3 5 Bytes JMP 630055D9 .text C:\WINDOWS\system32\svchost.exe[712] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 63001F39 .text C:\WINDOWS\system32\svchost.exe[712] ntdll.dll!NtCreateProcess + 5 7C90D153 5 Bytes JMP 63002C49 .text C:\WINDOWS\system32\svchost.exe[712] ntdll.dll!NtCreateProcessEx + 5 7C90D163 5 Bytes JMP 63002CE1 .text C:\WINDOWS\system32\svchost.exe[712] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 63002BB1 .text C:\WINDOWS\system32\svchost.exe[712] ntdll.dll!NtDuplicateObject + 5 7C90D2A3 5 Bytes JMP 63003071 .text C:\WINDOWS\system32\svchost.exe[712] ntdll.dll!NtLoadDriver + 5 7C90D473 5 Bytes JMP 63005671 .text C:\WINDOWS\system32\svchost.exe[712] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 630016E9 .text C:\WINDOWS\system32\svchost.exe[712] ntdll.dll!NtOpenProcess + 5 7C90D603 5 Bytes JMP 63002F41 .text C:\WINDOWS\system32\svchost.exe[712] ntdll.dll!NtQueueApcThread + 5 7C90D9A3 5 Bytes JMP 63002FD9 .text C:\WINDOWS\system32\svchost.exe[712] ntdll.dll!NtRaiseHardError + 5 7C90D9C3 5 Bytes JMP 630044A1 .text C:\WINDOWS\system32\svchost.exe[712] ntdll.dll!NtSetContextThread + 5 7C90DBB3 5 Bytes JMP 63002EA9 .text C:\WINDOWS\system32\svchost.exe[712] ntdll.dll!NtSetInformationProcess + 5 7C90DCA3 5 Bytes JMP 63005081 .text C:\WINDOWS\system32\svchost.exe[712] ntdll.dll!NtSetSystemInformation + 5 7C90DD63 5 Bytes JMP 63005709 .text C:\WINDOWS\system32\svchost.exe[712] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 63002361 .text C:\WINDOWS\system32\svchost.exe[712] ntdll.dll!NtSuspendProcess + 5 7C90DE33 5 Bytes JMP 630031A1 .text C:\WINDOWS\system32\svchost.exe[712] ntdll.dll!NtSuspendThread + 5 7C90DE43 5 Bytes JMP 63003109 .text C:\WINDOWS\system32\svchost.exe[712] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 63004FE9 .text C:\WINDOWS\system32\svchost.exe[712] ntdll.dll!NtUnmapViewOfSection + 5 7C90DF13 5 Bytes JMP 63001781 .text C:\WINDOWS\system32\svchost.exe[712] ntdll.dll!NtWriteVirtualMemory + 5 7C90DFB3 5 Bytes JMP 63002E11 .text C:\WINDOWS\system32\svchost.exe[712] ntdll.dll!RtlCreateProcessParameters 7C92188B 5 Bytes JMP 63001FD1 .text C:\WINDOWS\system32\svchost.exe[712] KERNEL32.dll!GetSystemTimeAsFileTime 7C8017E9 5 Bytes JMP 63001B11 .text C:\WINDOWS\system32\svchost.exe[712] KERNEL32.dll!CreateFileA 7C801A28 5 Bytes JMP 630026F1 .text C:\WINDOWS\system32\svchost.exe[712] KERNEL32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 630051B1 .text C:\WINDOWS\system32\svchost.exe[712] KERNEL32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 63005119 .text C:\WINDOWS\system32\svchost.exe[712] KERNEL32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 630025C1 .text C:\WINDOWS\system32\svchost.exe[712] KERNEL32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 63001EA1 .text C:\WINDOWS\system32\svchost.exe[712] KERNEL32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 63001E09 .text C:\WINDOWS\system32\svchost.exe[712] KERNEL32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 63003369 .text C:\WINDOWS\system32\svchost.exe[712] KERNEL32.dll!CreateProcessA 7C80236B 5 Bytes JMP 63002821 .text C:\WINDOWS\system32\svchost.exe[712] KERNEL32.dll!SleepEx 7C8023A0 5 Bytes JMP 630022C9 .text C:\WINDOWS\system32\svchost.exe[712] KERNEL32.dll!Sleep 7C802446 5 Bytes JMP 63002491 .text C:\WINDOWS\system32\svchost.exe[712] KERNEL32.dll!CloseHandle 7C809BE7 5 Bytes JMP 630038C1 .text C:\WINDOWS\system32\svchost.exe[712] KERNEL32.dll!QueryPerformanceCounter 7C80A4C7 5 Bytes JMP 63001BA9 .text C:\WINDOWS\system32\svchost.exe[712] KERNEL32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 63005249 .text C:\WINDOWS\system32\svchost.exe[712] KERNEL32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 63002529 .text C:\WINDOWS\system32\svchost.exe[712] KERNEL32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 630019E1 .text C:\WINDOWS\system32\svchost.exe[712] KERNEL32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 63001A79 .text C:\WINDOWS\system32\svchost.exe[712] KERNEL32.dll!CreateMutexW 7C80E957 5 Bytes JMP 63003829 .text C:\WINDOWS\system32\svchost.exe[712] KERNEL32.dll!OpenMutexW 7C80EA35 5 Bytes JMP 63003791 .text C:\WINDOWS\system32\svchost.exe[712] KERNEL32.dll!CreateRemoteThread 7C8104FC 5 Bytes JMP 63002A81 .text C:\WINDOWS\system32\svchost.exe[712] KERNEL32.dll!CreateThread 7C810707 5 Bytes JMP 630032D1 .text C:\WINDOWS\system32\svchost.exe[712] KERNEL32.dll!CreateProcessInternalW 7C8185EC 5 Bytes JMP 63002D79 .text C:\WINDOWS\system32\svchost.exe[712] KERNEL32.dll!ExitProcess 7C81BFA2 5 Bytes JMP 630023F9 .text C:\WINDOWS\system32\svchost.exe[712] KERNEL32.dll!MoveFileWithProgressW 7C81E786 5 Bytes JMP 63005C61 .text C:\WINDOWS\system32\svchost.exe[712] KERNEL32.dll!DefineDosDeviceW 7C820F76 5 Bytes JMP 63005A01 .text C:\WINDOWS\system32\svchost.exe[712] KERNEL32.dll!MoveFileExW 7C8356FB 5 Bytes JMP 63005B31 .text C:\WINDOWS\system32\svchost.exe[712] KERNEL32.dll!MoveFileWithProgressA 7C835F4E 5 Bytes JMP 63005BC9 .text C:\WINDOWS\system32\svchost.exe[712] KERNEL32.dll!MoveFileExA 7C85F033 5 Bytes JMP 63005A99 .text C:\WINDOWS\system32\svchost.exe[712] KERNEL32.dll!WinExec 7C863231 5 Bytes JMP 63002789 .text C:\WINDOWS\system32\svchost.exe[712] KERNEL32.dll!Process32NextW 7C865D4F 5 Bytes JMP 63005541 .text C:\WINDOWS\system32\svchost.exe[712] KERNEL32.dll!CreateToolhelp32Snapshot 7C8669A7 5 Bytes JMP 63002659 .text C:\WINDOWS\system32\svchost.exe[712] KERNEL32.dll!ReadConsoleA 7C8738C5 5 Bytes JMP 63004371 .text C:\WINDOWS\system32\svchost.exe[712] KERNEL32.dll!ReadConsoleW 7C873914 5 Bytes JMP 63004409 .text C:\WINDOWS\system32\svchost.exe[712] KERNEL32.dll!ReadConsoleInputA 7C87537B 5 Bytes JMP 63004241 .text C:\WINDOWS\system32\svchost.exe[712] KERNEL32.dll!ReadConsoleInputW 7C87539E 5 Bytes JMP 630042D9 .text C:\WINDOWS\system32\svchost.exe[712] ADVAPI32.dll!RegQueryValueExW + 10C 77DC710B 5 Bytes JMP 63005FF1 .text C:\WINDOWS\system32\svchost.exe[712] ADVAPI32.dll!CloseServiceHandle 77DD6CE5 5 Bytes JMP 63003CE9 .text C:\WINDOWS\system32\svchost.exe[712] ADVAPI32.dll!OpenServiceW 77DD6FFD 5 Bytes JMP 630039F1 .text C:\WINDOWS\system32\svchost.exe[712] ADVAPI32.dll!ControlService 77DE4A09 5 Bytes JMP 63003A89 .text C:\WINDOWS\system32\svchost.exe[712] ADVAPI32.dll!OpenServiceA 77DE4C66 5 Bytes JMP 63003959 .text C:\WINDOWS\system32\svchost.exe[712] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 63003BB9 .text C:\WINDOWS\system32\svchost.exe[712] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 63003C51 .text C:\WINDOWS\system32\svchost.exe[712] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 63003EB1 .text C:\WINDOWS\system32\svchost.exe[712] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 63003F49 .text C:\WINDOWS\system32\svchost.exe[712] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 63003B21 .text C:\WINDOWS\system32\svchost.exe[712] USER32.dll!GetMessageW 7E3691C6 5 Bytes JMP 63004079 .text C:\WINDOWS\system32\svchost.exe[712] USER32.dll!PeekMessageW 7E36929B 5 Bytes JMP 630041A9 .text C:\WINDOWS\system32\svchost.exe[712] USER32.dll!UserClientDllInitialize 7E36B217 5 Bytes JMP 63006089 .text C:\WINDOWS\system32\svchost.exe[712] USER32.dll!FindWindowExW 7E36E0E3 5 Bytes JMP 630054A9 .text C:\WINDOWS\system32\svchost.exe[712] USER32.dll!DialogBoxIndirectParamAorW 7E3749D0 5 Bytes JMP 63004BC1 .text C:\WINDOWS\system32\svchost.exe[712] USER32.dll!CreateDialogIndirectParamAorW 7E37680B 5 Bytes JMP 63004B29 .text C:\WINDOWS\system32\svchost.exe[712] USER32.dll!GetMessageA 7E37772B 5 Bytes JMP 63003FE1 .text C:\WINDOWS\system32\svchost.exe[712] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 630029E9 .text C:\WINDOWS\system32\svchost.exe[712] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 630052E1 .text C:\WINDOWS\system32\svchost.exe[712] USER32.dll!SetWindowTextW 7E37960E 5 Bytes JMP 63004E21 .text C:\WINDOWS\system32\svchost.exe[712] USER32.dll!PeekMessageA 7E37A340 5 Bytes JMP 63004111 .text C:\WINDOWS\system32\svchost.exe[712] USER32.dll!ShowWindow 7E37AF56 5 Bytes JMP 63004A91 .text C:\WINDOWS\system32\svchost.exe[712] USER32.dll!CallNextHookEx 7E37B3C6 5 Bytes JMP 630045D1 .text C:\WINDOWS\system32\svchost.exe[712] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 63005411 .text C:\WINDOWS\system32\svchost.exe[712] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 63004961 .text C:\WINDOWS\system32\svchost.exe[712] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 63004669 .text C:\WINDOWS\system32\svchost.exe[712] USER32.dll!CreateWindowExA 7E37E4A9 5 Bytes JMP 630049F9 .text C:\WINDOWS\system32\svchost.exe[712] USER32.dll!SetWindowTextA 7E37F56B 5 Bytes JMP 63004D89 .text C:\WINDOWS\system32\svchost.exe[712] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 63002951 .text C:\WINDOWS\system32\svchost.exe[712] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 63003239 .text C:\WINDOWS\system32\svchost.exe[712] USER32.dll!FindWindowExA 7E38214A 5 Bytes JMP 63005379 .text C:\WINDOWS\system32\svchost.exe[712] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 63004CF1 .text C:\WINDOWS\system32\svchost.exe[712] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 63004C59 .text C:\WINDOWS\system32\svchost.exe[712] msvcrt.dll!__p__environ 77C0F1C5 5 Bytes JMP 63001C41 .text C:\WINDOWS\system32\svchost.exe[712] msvcrt.dll!__p__fmode 77C0F1DB 5 Bytes JMP 63001CD9 .text C:\WINDOWS\system32\svchost.exe[712] msvcrt.dll!__p__winver + B 77C0F2A1 5 Bytes JMP 63006121 .text C:\WINDOWS\system32\svchost.exe[712] SHELL32.dll!StrStrW 7C9E7516 5 Bytes JMP 630061B9 .text C:\WINDOWS\system32\svchost.exe[712] SHELL32.dll!Shell_NotifyIconW 7CA2A5DF 5 Bytes JMP 63004701 .text C:\WINDOWS\system32\svchost.exe[712] WS2_32.dll!WEP 71A51273 5 Bytes JMP 630062E9 .text C:\WINDOWS\system32\svchost.exe[712] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 63004799 .text C:\WINDOWS\system32\svchost.exe[712] WS2_32.dll!closesocket 71A53E2B 5 Bytes JMP 63004F51 .text C:\WINDOWS\system32\svchost.exe[712] WS2_32.dll!WSASocketW 71A5404E 5 Bytes JMP 63004EB9 .text C:\WINDOWS\system32\svchost.exe[712] WS2_32.dll!socket 71A54211 5 Bytes JMP 63005CF9 .text C:\WINDOWS\system32\svchost.exe[712] WS2_32.dll!connect 71A54A07 5 Bytes JMP 63003E19 .text C:\WINDOWS\system32\svchost.exe[712] WS2_32.dll!send 71A54C27 5 Bytes JMP 63002101 .text C:\WINDOWS\system32\svchost.exe[712] WS2_32.dll!WSARecv 71A54CB5 5 Bytes JMP 63005F59 .text C:\WINDOWS\system32\svchost.exe[712] WS2_32.dll!gethostbyname 71A55355 5 Bytes JMP 630048C9 .text C:\WINDOWS\system32\svchost.exe[712] WS2_32.dll!recv 71A5676F 5 Bytes JMP 63005EC1 .text C:\WINDOWS\system32\svchost.exe[712] WS2_32.dll!WSASend 71A568FA 5 Bytes JMP 63002199 .text C:\WINDOWS\system32\svchost.exe[712] WS2_32.dll!WSAConnect 71A60C81 5 Bytes JMP 63005E29 .text C:\WINDOWS\system32\svchost.exe[1008] ntdll.dll!NtClose + 5 7C90CFF3 5 Bytes JMP 630055D9 .text C:\WINDOWS\system32\svchost.exe[1008] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 63001F39 .text C:\WINDOWS\system32\svchost.exe[1008] ntdll.dll!NtCreateProcess + 5 7C90D153 5 Bytes JMP 63002C49 .text C:\WINDOWS\system32\svchost.exe[1008] ntdll.dll!NtCreateProcessEx + 5 7C90D163 5 Bytes JMP 63002CE1 .text C:\WINDOWS\system32\svchost.exe[1008] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 63002BB1 .text C:\WINDOWS\system32\svchost.exe[1008] ntdll.dll!NtDuplicateObject + 5 7C90D2A3 5 Bytes JMP 63003071 .text C:\WINDOWS\system32\svchost.exe[1008] ntdll.dll!NtLoadDriver + 5 7C90D473 5 Bytes JMP 63005671 .text C:\WINDOWS\system32\svchost.exe[1008] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 630016E9 .text C:\WINDOWS\system32\svchost.exe[1008] ntdll.dll!NtOpenProcess + 5 7C90D603 5 Bytes JMP 63002F41 .text C:\WINDOWS\system32\svchost.exe[1008] ntdll.dll!NtQueueApcThread + 5 7C90D9A3 5 Bytes JMP 63002FD9 .text C:\WINDOWS\system32\svchost.exe[1008] ntdll.dll!NtRaiseHardError + 5 7C90D9C3 5 Bytes JMP 630044A1 .text C:\WINDOWS\system32\svchost.exe[1008] ntdll.dll!NtSetContextThread + 5 7C90DBB3 5 Bytes JMP 63002EA9 .text C:\WINDOWS\system32\svchost.exe[1008] ntdll.dll!NtSetInformationProcess + 5 7C90DCA3 5 Bytes JMP 63005081 .text C:\WINDOWS\system32\svchost.exe[1008] ntdll.dll!NtSetSystemInformation + 5 7C90DD63 5 Bytes JMP 63005709 .text C:\WINDOWS\system32\svchost.exe[1008] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 63002361 .text C:\WINDOWS\system32\svchost.exe[1008] ntdll.dll!NtSuspendProcess + 5 7C90DE33 5 Bytes JMP 630031A1 .text C:\WINDOWS\system32\svchost.exe[1008] ntdll.dll!NtSuspendThread + 5 7C90DE43 5 Bytes JMP 63003109 .text C:\WINDOWS\system32\svchost.exe[1008] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 63004FE9 .text C:\WINDOWS\system32\svchost.exe[1008] ntdll.dll!NtUnmapViewOfSection + 5 7C90DF13 5 Bytes JMP 63001781 .text C:\WINDOWS\system32\svchost.exe[1008] ntdll.dll!NtWriteVirtualMemory + 5 7C90DFB3 5 Bytes JMP 63002E11 .text C:\WINDOWS\system32\svchost.exe[1008] ntdll.dll!RtlCreateProcessParameters 7C92188B 5 Bytes JMP 63001FD1 .text C:\WINDOWS\system32\svchost.exe[1008] KERNEL32.dll!GetSystemTimeAsFileTime 7C8017E9 5 Bytes JMP 63001B11 .text C:\WINDOWS\system32\svchost.exe[1008] KERNEL32.dll!CreateFileA 7C801A28 5 Bytes JMP 630026F1 .text C:\WINDOWS\system32\svchost.exe[1008] KERNEL32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 630051B1 .text C:\WINDOWS\system32\svchost.exe[1008] KERNEL32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 63005119 .text C:\WINDOWS\system32\svchost.exe[1008] KERNEL32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 630025C1 .text C:\WINDOWS\system32\svchost.exe[1008] KERNEL32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 63001EA1 .text C:\WINDOWS\system32\svchost.exe[1008] KERNEL32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 63001E09 .text C:\WINDOWS\system32\svchost.exe[1008] KERNEL32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 63003369 .text C:\WINDOWS\system32\svchost.exe[1008] KERNEL32.dll!CreateProcessA 7C80236B 5 Bytes JMP 63002821 .text C:\WINDOWS\system32\svchost.exe[1008] KERNEL32.dll!SleepEx 7C8023A0 5 Bytes JMP 630022C9 .text C:\WINDOWS\system32\svchost.exe[1008] KERNEL32.dll!Sleep 7C802446 5 Bytes JMP 63002491 .text C:\WINDOWS\system32\svchost.exe[1008] KERNEL32.dll!CloseHandle 7C809BE7 5 Bytes JMP 630038C1 .text C:\WINDOWS\system32\svchost.exe[1008] KERNEL32.dll!QueryPerformanceCounter 7C80A4C7 5 Bytes JMP 63001BA9 .text C:\WINDOWS\system32\svchost.exe[1008] KERNEL32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 63005249 .text C:\WINDOWS\system32\svchost.exe[1008] KERNEL32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 63002529 .text C:\WINDOWS\system32\svchost.exe[1008] KERNEL32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 630019E1 .text C:\WINDOWS\system32\svchost.exe[1008] KERNEL32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 63001A79 .text C:\WINDOWS\system32\svchost.exe[1008] KERNEL32.dll!CreateMutexW 7C80E957 5 Bytes JMP 63003829 .text C:\WINDOWS\system32\svchost.exe[1008] KERNEL32.dll!OpenMutexW 7C80EA35 5 Bytes JMP 63003791 .text C:\WINDOWS\system32\svchost.exe[1008] KERNEL32.dll!CreateRemoteThread 7C8104FC 5 Bytes JMP 63002A81 .text C:\WINDOWS\system32\svchost.exe[1008] KERNEL32.dll!CreateThread 7C810707 5 Bytes JMP 630032D1 .text C:\WINDOWS\system32\svchost.exe[1008] KERNEL32.dll!CreateProcessInternalW 7C8185EC 5 Bytes JMP 63002D79 .text C:\WINDOWS\system32\svchost.exe[1008] KERNEL32.dll!ExitProcess 7C81BFA2 5 Bytes JMP 630023F9 .text C:\WINDOWS\system32\svchost.exe[1008] KERNEL32.dll!MoveFileWithProgressW 7C81E786 5 Bytes JMP 63005C61 .text C:\WINDOWS\system32\svchost.exe[1008] KERNEL32.dll!DefineDosDeviceW 7C820F76 5 Bytes JMP 63005A01 .text C:\WINDOWS\system32\svchost.exe[1008] KERNEL32.dll!MoveFileExW 7C8356FB 5 Bytes JMP 63005B31 .text C:\WINDOWS\system32\svchost.exe[1008] KERNEL32.dll!MoveFileWithProgressA 7C835F4E 5 Bytes JMP 63005BC9 .text C:\WINDOWS\system32\svchost.exe[1008] KERNEL32.dll!MoveFileExA 7C85F033 5 Bytes JMP 63005A99 .text C:\WINDOWS\system32\svchost.exe[1008] KERNEL32.dll!WinExec 7C863231 5 Bytes JMP 63002789 .text C:\WINDOWS\system32\svchost.exe[1008] KERNEL32.dll!Process32NextW 7C865D4F 5 Bytes JMP 63005541 .text C:\WINDOWS\system32\svchost.exe[1008] KERNEL32.dll!CreateToolhelp32Snapshot 7C8669A7 5 Bytes JMP 63002659 .text C:\WINDOWS\system32\svchost.exe[1008] KERNEL32.dll!ReadConsoleA 7C8738C5 5 Bytes JMP 63004371 .text C:\WINDOWS\system32\svchost.exe[1008] KERNEL32.dll!ReadConsoleW 7C873914 5 Bytes JMP 63004409 .text C:\WINDOWS\system32\svchost.exe[1008] KERNEL32.dll!ReadConsoleInputA 7C87537B 5 Bytes JMP 63004241 .text C:\WINDOWS\system32\svchost.exe[1008] KERNEL32.dll!ReadConsoleInputW 7C87539E 5 Bytes JMP 630042D9 .text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!RegQueryValueExW + 10C 77DC710B 5 Bytes JMP 63005FF1 .text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!CloseServiceHandle 77DD6CE5 5 Bytes JMP 63003CE9 .text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!OpenServiceW 77DD6FFD 5 Bytes JMP 630039F1 .text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!ControlService 77DE4A09 5 Bytes JMP 63003A89 .text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!OpenServiceA 77DE4C66 5 Bytes JMP 63003959 .text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 63003BB9 .text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 63003C51 .text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 63003EB1 .text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 63003F49 .text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 63003B21 .text C:\WINDOWS\system32\svchost.exe[1008] USER32.dll!GetMessageW 7E3691C6 5 Bytes JMP 63004079 .text C:\WINDOWS\system32\svchost.exe[1008] USER32.dll!PeekMessageW 7E36929B 5 Bytes JMP 630041A9 .text C:\WINDOWS\system32\svchost.exe[1008] USER32.dll!UserClientDllInitialize 7E36B217 5 Bytes JMP 63006089 .text C:\WINDOWS\system32\svchost.exe[1008] USER32.dll!FindWindowExW 7E36E0E3 5 Bytes JMP 630054A9 .text C:\WINDOWS\system32\svchost.exe[1008] USER32.dll!DialogBoxIndirectParamAorW 7E3749D0 5 Bytes JMP 63004BC1 .text C:\WINDOWS\system32\svchost.exe[1008] USER32.dll!CreateDialogIndirectParamAorW 7E37680B 5 Bytes JMP 63004B29 .text C:\WINDOWS\system32\svchost.exe[1008] USER32.dll!GetMessageA 7E37772B 5 Bytes JMP 63003FE1 .text C:\WINDOWS\system32\svchost.exe[1008] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 630029E9 .text C:\WINDOWS\system32\svchost.exe[1008] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 630052E1 .text C:\WINDOWS\system32\svchost.exe[1008] USER32.dll!SetWindowTextW 7E37960E 5 Bytes JMP 63004E21 .text C:\WINDOWS\system32\svchost.exe[1008] USER32.dll!PeekMessageA 7E37A340 5 Bytes JMP 63004111 .text C:\WINDOWS\system32\svchost.exe[1008] USER32.dll!ShowWindow 7E37AF56 5 Bytes JMP 63004A91 .text C:\WINDOWS\system32\svchost.exe[1008] USER32.dll!CallNextHookEx 7E37B3C6 5 Bytes JMP 630045D1 .text C:\WINDOWS\system32\svchost.exe[1008] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 63005411 .text C:\WINDOWS\system32\svchost.exe[1008] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 63004961 .text C:\WINDOWS\system32\svchost.exe[1008] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 63004669 .text C:\WINDOWS\system32\svchost.exe[1008] USER32.dll!CreateWindowExA 7E37E4A9 5 Bytes JMP 630049F9 .text C:\WINDOWS\system32\svchost.exe[1008] USER32.dll!SetWindowTextA 7E37F56B 5 Bytes JMP 63004D89 .text C:\WINDOWS\system32\svchost.exe[1008] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 63002951 .text C:\WINDOWS\system32\svchost.exe[1008] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 63003239 .text C:\WINDOWS\system32\svchost.exe[1008] USER32.dll!FindWindowExA 7E38214A 5 Bytes JMP 63005379 .text C:\WINDOWS\system32\svchost.exe[1008] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 63004CF1 .text C:\WINDOWS\system32\svchost.exe[1008] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 63004C59 .text C:\WINDOWS\system32\svchost.exe[1008] msvcrt.dll!__p__environ 77C0F1C5 5 Bytes JMP 63001C41 .text C:\WINDOWS\system32\svchost.exe[1008] msvcrt.dll!__p__fmode 77C0F1DB 5 Bytes JMP 63001CD9 .text C:\WINDOWS\system32\svchost.exe[1008] msvcrt.dll!__p__winver + B 77C0F2A1 5 Bytes JMP 63006121 .text C:\WINDOWS\system32\svchost.exe[1008] SHELL32.dll!StrStrW 7C9E7516 5 Bytes JMP 630061B9 .text C:\WINDOWS\system32\svchost.exe[1008] SHELL32.dll!Shell_NotifyIconW 7CA2A5DF 5 Bytes JMP 63004701 .text C:\WINDOWS\system32\ctfmon.exe[1268] ntdll.dll!NtClose + 5 7C90CFF3 5 Bytes JMP 630055D9 .text C:\WINDOWS\system32\ctfmon.exe[1268] ntdll.dll!NtCreateFile 7C90D0AE 10 Bytes JMP 63005FF1 .text C:\WINDOWS\system32\ctfmon.exe[1268] ntdll.dll!NtCreateProcess + 5 7C90D153 5 Bytes JMP 63002C49 .text C:\WINDOWS\system32\ctfmon.exe[1268] ntdll.dll!NtCreateProcessEx + 5 7C90D163 5 Bytes JMP 63002CE1 .text C:\WINDOWS\system32\ctfmon.exe[1268] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 63002BB1 .text C:\WINDOWS\system32\ctfmon.exe[1268] ntdll.dll!NtDeviceIoControlFile + 5 7C90D283 5 Bytes JMP 63006089 .text C:\WINDOWS\system32\ctfmon.exe[1268] ntdll.dll!NtDuplicateObject + 5 7C90D2A3 5 Bytes JMP 63003071 .text C:\WINDOWS\system32\ctfmon.exe[1268] ntdll.dll!NtLoadDriver + 5 7C90D473 5 Bytes JMP 63005671 .text C:\WINDOWS\system32\ctfmon.exe[1268] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 630016E9 .text C:\WINDOWS\system32\ctfmon.exe[1268] ntdll.dll!NtOpenProcess + 5 7C90D603 5 Bytes JMP 63002F41 .text C:\WINDOWS\system32\ctfmon.exe[1268] ntdll.dll!NtQueueApcThread + 5 7C90D9A3 5 Bytes JMP 63002FD9 .text C:\WINDOWS\system32\ctfmon.exe[1268] ntdll.dll!NtRaiseHardError + 5 7C90D9C3 5 Bytes JMP 630044A1 .text C:\WINDOWS\system32\ctfmon.exe[1268] ntdll.dll!NtSetContextThread + 5 7C90DBB3 5 Bytes JMP 63002EA9 .text C:\WINDOWS\system32\ctfmon.exe[1268] ntdll.dll!NtSetInformationProcess + 5 7C90DCA3 5 Bytes JMP 63005081 .text C:\WINDOWS\system32\ctfmon.exe[1268] ntdll.dll!NtSetSystemInformation + 5 7C90DD63 5 Bytes JMP 63005709 .text C:\WINDOWS\system32\ctfmon.exe[1268] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 63002361 .text C:\WINDOWS\system32\ctfmon.exe[1268] ntdll.dll!NtSuspendProcess + 5 7C90DE33 5 Bytes JMP 630031A1 .text C:\WINDOWS\system32\ctfmon.exe[1268] ntdll.dll!NtSuspendThread + 5 7C90DE43 5 Bytes JMP 63003109 .text C:\WINDOWS\system32\ctfmon.exe[1268] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 63004FE9 .text C:\WINDOWS\system32\ctfmon.exe[1268] ntdll.dll!NtUnmapViewOfSection + 5 7C90DF13 5 Bytes JMP 63001781 .text C:\WINDOWS\system32\ctfmon.exe[1268] ntdll.dll!NtVdmControl + 5 7C90DF23 5 Bytes JMP 63006121 .text C:\WINDOWS\system32\ctfmon.exe[1268] ntdll.dll!NtWriteVirtualMemory + 5 7C90DFB3 5 Bytes JMP 63002E11 .text C:\WINDOWS\system32\ctfmon.exe[1268] ntdll.dll!RtlCreateProcessParameters 7C92188B 5 Bytes JMP 63001FD1 .text C:\WINDOWS\system32\ctfmon.exe[1268] KERNEL32.dll!GetSystemTimeAsFileTime 7C8017E9 5 Bytes JMP 63001B11 .text C:\WINDOWS\system32\ctfmon.exe[1268] KERNEL32.dll!CreateFileA 7C801A28 5 Bytes JMP 630026F1 .text C:\WINDOWS\system32\ctfmon.exe[1268] KERNEL32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 630051B1 .text C:\WINDOWS\system32\ctfmon.exe[1268] KERNEL32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 63005119 .text C:\WINDOWS\system32\ctfmon.exe[1268] KERNEL32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 630025C1 .text C:\WINDOWS\system32\ctfmon.exe[1268] KERNEL32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 63001EA1 .text C:\WINDOWS\system32\ctfmon.exe[1268] KERNEL32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 63001E09 .text C:\WINDOWS\system32\ctfmon.exe[1268] KERNEL32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 63003369 .text C:\WINDOWS\system32\ctfmon.exe[1268] KERNEL32.dll!CreateProcessA 7C80236B 5 Bytes JMP 63002821 .text C:\WINDOWS\system32\ctfmon.exe[1268] KERNEL32.dll!SleepEx 7C8023A0 5 Bytes JMP 630022C9 .text C:\WINDOWS\system32\ctfmon.exe[1268] KERNEL32.dll!Sleep 7C802446 5 Bytes JMP 63002491 .text C:\WINDOWS\system32\ctfmon.exe[1268] KERNEL32.dll!CloseHandle 7C809BE7 5 Bytes JMP 630038C1 .text C:\WINDOWS\system32\ctfmon.exe[1268] KERNEL32.dll!QueryPerformanceCounter 7C80A4C7 5 Bytes JMP 63001BA9 .text C:\WINDOWS\system32\ctfmon.exe[1268] KERNEL32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 63005249 .text C:\WINDOWS\system32\ctfmon.exe[1268] KERNEL32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 63002529 .text C:\WINDOWS\system32\ctfmon.exe[1268] KERNEL32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 630019E1 .text C:\WINDOWS\system32\ctfmon.exe[1268] KERNEL32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 63001A79 .text C:\WINDOWS\system32\ctfmon.exe[1268] KERNEL32.dll!CreateMutexW 7C80E957 5 Bytes JMP 63003829 .text C:\WINDOWS\system32\ctfmon.exe[1268] KERNEL32.dll!OpenMutexW 7C80EA35 5 Bytes JMP 63003791 .text C:\WINDOWS\system32\ctfmon.exe[1268] KERNEL32.dll!CreateRemoteThread 7C8104FC 5 Bytes JMP 63002A81 .text C:\WINDOWS\system32\ctfmon.exe[1268] KERNEL32.dll!CreateThread 7C810707 5 Bytes JMP 630032D1 .text C:\WINDOWS\system32\ctfmon.exe[1268] KERNEL32.dll!CreateProcessInternalW 7C8185EC 5 Bytes JMP 63002D79 .text C:\WINDOWS\system32\ctfmon.exe[1268] KERNEL32.dll!ExitProcess 7C81BFA2 5 Bytes JMP 630023F9 .text C:\WINDOWS\system32\ctfmon.exe[1268] KERNEL32.dll!MoveFileWithProgressW 7C81E786 5 Bytes JMP 63005C61 .text C:\WINDOWS\system32\ctfmon.exe[1268] KERNEL32.dll!DefineDosDeviceW 7C820F76 5 Bytes JMP 63005A01 .text C:\WINDOWS\system32\ctfmon.exe[1268] KERNEL32.dll!MoveFileExW 7C8356FB 5 Bytes JMP 63005B31 .text C:\WINDOWS\system32\ctfmon.exe[1268] KERNEL32.dll!MoveFileWithProgressA 7C835F4E 5 Bytes JMP 63005BC9 .text C:\WINDOWS\system32\ctfmon.exe[1268] KERNEL32.dll!MoveFileExA 7C85F033 5 Bytes JMP 63005A99 .text C:\WINDOWS\system32\ctfmon.exe[1268] KERNEL32.dll!WinExec 7C863231 5 Bytes JMP 63002789 .text C:\WINDOWS\system32\ctfmon.exe[1268] KERNEL32.dll!Process32NextW 7C865D4F 5 Bytes JMP 63005541 .text C:\WINDOWS\system32\ctfmon.exe[1268] KERNEL32.dll!CreateToolhelp32Snapshot 7C8669A7 5 Bytes JMP 63002659 .text C:\WINDOWS\system32\ctfmon.exe[1268] KERNEL32.dll!ReadConsoleA 7C8738C5 5 Bytes JMP 63004371 .text C:\WINDOWS\system32\ctfmon.exe[1268] KERNEL32.dll!ReadConsoleW 7C873914 5 Bytes JMP 63004409 .text C:\WINDOWS\system32\ctfmon.exe[1268] KERNEL32.dll!ReadConsoleInputA 7C87537B 5 Bytes JMP 63004241 .text C:\WINDOWS\system32\ctfmon.exe[1268] KERNEL32.dll!ReadConsoleInputW 7C87539E 5 Bytes JMP 630042D9 .text C:\WINDOWS\system32\ctfmon.exe[1268] msvcrt.dll!__p__environ 77C0F1C5 5 Bytes JMP 63001C41 .text C:\WINDOWS\system32\ctfmon.exe[1268] msvcrt.dll!__p__fmode 77C0F1DB 5 Bytes JMP 63001CD9 .text C:\WINDOWS\system32\ctfmon.exe[1268] msvcrt.dll!__p__winver + B 77C0F2A1 5 Bytes JMP 630062E9 .text C:\WINDOWS\system32\ctfmon.exe[1268] ADVAPI32.dll!RegQueryValueExW + 10C 77DC710B 5 Bytes JMP 63006381 .text C:\WINDOWS\system32\ctfmon.exe[1268] ADVAPI32.dll!CloseServiceHandle 77DD6CE5 5 Bytes JMP 63003CE9 .text C:\WINDOWS\system32\ctfmon.exe[1268] ADVAPI32.dll!OpenServiceW 77DD6FFD 5 Bytes JMP 630039F1 .text C:\WINDOWS\system32\ctfmon.exe[1268] ADVAPI32.dll!ControlService 77DE4A09 5 Bytes JMP 63003A89 .text C:\WINDOWS\system32\ctfmon.exe[1268] ADVAPI32.dll!OpenServiceA 77DE4C66 5 Bytes JMP 63003959 .text C:\WINDOWS\system32\ctfmon.exe[1268] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 63003BB9 .text C:\WINDOWS\system32\ctfmon.exe[1268] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 63003C51 .text C:\WINDOWS\system32\ctfmon.exe[1268] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 63003EB1 .text C:\WINDOWS\system32\ctfmon.exe[1268] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 63003F49 .text C:\WINDOWS\system32\ctfmon.exe[1268] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 63003B21 .text C:\WINDOWS\system32\ctfmon.exe[1268] USER32.dll!PostMessageW 7E368CCB 5 Bytes JMP 63006251 .text C:\WINDOWS\system32\ctfmon.exe[1268] USER32.dll!GetMessageW 7E3691C6 5 Bytes JMP 63004079 .text C:\WINDOWS\system32\ctfmon.exe[1268] USER32.dll!PeekMessageW 7E36929B 5 Bytes JMP 630041A9 .text C:\WINDOWS\system32\ctfmon.exe[1268] USER32.dll!UserClientDllInitialize 7E36B217 5 Bytes JMP 63006419 .text C:\WINDOWS\system32\ctfmon.exe[1268] USER32.dll!FindWindowExW 7E36E0E3 5 Bytes JMP 630054A9 .text C:\WINDOWS\system32\ctfmon.exe[1268] USER32.dll!DialogBoxIndirectParamAorW 7E3749D0 5 Bytes JMP 63004BC1 .text C:\WINDOWS\system32\ctfmon.exe[1268] USER32.dll!CreateDialogIndirectParamAorW 7E37680B 5 Bytes JMP 63004B29 .text C:\WINDOWS\system32\ctfmon.exe[1268] USER32.dll!GetMessageA 7E37772B 5 Bytes JMP 63003FE1 .text C:\WINDOWS\system32\ctfmon.exe[1268] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 630029E9 .text C:\WINDOWS\system32\ctfmon.exe[1268] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 630052E1 .text C:\WINDOWS\system32\ctfmon.exe[1268] USER32.dll!SetWindowTextW 7E37960E 5 Bytes JMP 63004E21 .text C:\WINDOWS\system32\ctfmon.exe[1268] USER32.dll!PeekMessageA 7E37A340 5 Bytes JMP 63004111 .text C:\WINDOWS\system32\ctfmon.exe[1268] USER32.dll!PostMessageA 7E37AAFD 5 Bytes JMP 630061B9 .text C:\WINDOWS\system32\ctfmon.exe[1268] USER32.dll!ShowWindow 7E37AF56 5 Bytes JMP 63004A91 .text C:\WINDOWS\system32\ctfmon.exe[1268] USER32.dll!CallNextHookEx 7E37B3C6 5 Bytes JMP 630045D1 .text C:\WINDOWS\system32\ctfmon.exe[1268] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 63005411 .text C:\WINDOWS\system32\ctfmon.exe[1268] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 63004961 .text C:\WINDOWS\system32\ctfmon.exe[1268] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 63004669 .text C:\WINDOWS\system32\ctfmon.exe[1268] USER32.dll!CreateWindowExA 7E37E4A9 5 Bytes JMP 630049F9 .text C:\WINDOWS\system32\ctfmon.exe[1268] USER32.dll!SetWindowTextA 7E37F56B 5 Bytes JMP 63004D89 .text C:\WINDOWS\system32\ctfmon.exe[1268] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 63002951 .text C:\WINDOWS\system32\ctfmon.exe[1268] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 63003239 .text C:\WINDOWS\system32\ctfmon.exe[1268] USER32.dll!FindWindowExA 7E38214A 5 Bytes JMP 63005379 .text C:\WINDOWS\system32\ctfmon.exe[1268] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 63004CF1 .text C:\WINDOWS\system32\ctfmon.exe[1268] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 63004C59 .text C:\WINDOWS\system32\ctfmon.exe[1268] SHELL32.dll!StrStrW 7C9E7516 5 Bytes JMP 630064B1 .text C:\WINDOWS\system32\ctfmon.exe[1268] SHELL32.dll!Shell_NotifyIconW 7CA2A5DF 5 Bytes JMP 63004701 .text C:\WINDOWS\System32\svchost.exe[1432] ntdll.dll!NtClose + 5 7C90CFF3 5 Bytes JMP 630055D9 .text C:\WINDOWS\System32\svchost.exe[1432] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 63001F39 .text C:\WINDOWS\System32\svchost.exe[1432] ntdll.dll!NtCreateProcess + 5 7C90D153 5 Bytes JMP 63002C49 .text C:\WINDOWS\System32\svchost.exe[1432] ntdll.dll!NtCreateProcessEx + 5 7C90D163 5 Bytes JMP 63002CE1 .text C:\WINDOWS\System32\svchost.exe[1432] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 63002BB1 .text C:\WINDOWS\System32\svchost.exe[1432] ntdll.dll!NtDuplicateObject + 5 7C90D2A3 5 Bytes JMP 63003071 .text C:\WINDOWS\System32\svchost.exe[1432] ntdll.dll!NtLoadDriver + 5 7C90D473 5 Bytes JMP 63005671 .text C:\WINDOWS\System32\svchost.exe[1432] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 630016E9 .text C:\WINDOWS\System32\svchost.exe[1432] ntdll.dll!NtOpenProcess + 5 7C90D603 5 Bytes JMP 63002F41 .text C:\WINDOWS\System32\svchost.exe[1432] ntdll.dll!NtQueueApcThread + 5 7C90D9A3 5 Bytes JMP 63002FD9 .text C:\WINDOWS\System32\svchost.exe[1432] ntdll.dll!NtRaiseHardError + 5 7C90D9C3 5 Bytes JMP 630044A1 .text C:\WINDOWS\System32\svchost.exe[1432] ntdll.dll!NtSetContextThread + 5 7C90DBB3 5 Bytes JMP 63002EA9 .text C:\WINDOWS\System32\svchost.exe[1432] ntdll.dll!NtSetInformationProcess + 5 7C90DCA3 5 Bytes JMP 63005081 .text C:\WINDOWS\System32\svchost.exe[1432] ntdll.dll!NtSetSystemInformation + 5 7C90DD63 5 Bytes JMP 63005709 .text C:\WINDOWS\System32\svchost.exe[1432] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 63002361 .text C:\WINDOWS\System32\svchost.exe[1432] ntdll.dll!NtSuspendProcess + 5 7C90DE33 5 Bytes JMP 630031A1 .text C:\WINDOWS\System32\svchost.exe[1432] ntdll.dll!NtSuspendThread + 5 7C90DE43 5 Bytes JMP 63003109 .text C:\WINDOWS\System32\svchost.exe[1432] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 63004FE9 .text C:\WINDOWS\System32\svchost.exe[1432] ntdll.dll!NtUnmapViewOfSection + 5 7C90DF13 5 Bytes JMP 63001781 .text C:\WINDOWS\System32\svchost.exe[1432] ntdll.dll!NtWriteVirtualMemory + 5 7C90DFB3 5 Bytes JMP 63002E11 .text C:\WINDOWS\System32\svchost.exe[1432] ntdll.dll!RtlCreateProcessParameters 7C92188B 5 Bytes JMP 63001FD1 .text C:\WINDOWS\System32\svchost.exe[1432] KERNEL32.dll!GetSystemTimeAsFileTime 7C8017E9 5 Bytes JMP 63001B11 .text C:\WINDOWS\System32\svchost.exe[1432] KERNEL32.dll!CreateFileA 7C801A28 5 Bytes JMP 630026F1 .text C:\WINDOWS\System32\svchost.exe[1432] KERNEL32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 630051B1 .text C:\WINDOWS\System32\svchost.exe[1432] KERNEL32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 63005119 .text C:\WINDOWS\System32\svchost.exe[1432] KERNEL32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 630025C1 .text C:\WINDOWS\System32\svchost.exe[1432] KERNEL32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 63001EA1 .text C:\WINDOWS\System32\svchost.exe[1432] KERNEL32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 63001E09 .text C:\WINDOWS\System32\svchost.exe[1432] KERNEL32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 63003369 .text C:\WINDOWS\System32\svchost.exe[1432] KERNEL32.dll!CreateProcessA 7C80236B 5 Bytes JMP 63002821 .text C:\WINDOWS\System32\svchost.exe[1432] KERNEL32.dll!SleepEx 7C8023A0 5 Bytes JMP 630022C9 .text C:\WINDOWS\System32\svchost.exe[1432] KERNEL32.dll!Sleep 7C802446 5 Bytes JMP 63002491 .text C:\WINDOWS\System32\svchost.exe[1432] KERNEL32.dll!CloseHandle 7C809BE7 5 Bytes JMP 630038C1 .text C:\WINDOWS\System32\svchost.exe[1432] KERNEL32.dll!QueryPerformanceCounter 7C80A4C7 5 Bytes JMP 63001BA9 .text C:\WINDOWS\System32\svchost.exe[1432] KERNEL32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 63005249 .text C:\WINDOWS\System32\svchost.exe[1432] KERNEL32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 63002529 .text C:\WINDOWS\System32\svchost.exe[1432] KERNEL32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 630019E1 .text C:\WINDOWS\System32\svchost.exe[1432] KERNEL32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 63001A79 .text C:\WINDOWS\System32\svchost.exe[1432] KERNEL32.dll!CreateMutexW 7C80E957 5 Bytes JMP 63003829 .text C:\WINDOWS\System32\svchost.exe[1432] KERNEL32.dll!OpenMutexW 7C80EA35 5 Bytes JMP 63003791 .text C:\WINDOWS\System32\svchost.exe[1432] KERNEL32.dll!CreateRemoteThread 7C8104FC 5 Bytes JMP 63002A81 .text C:\WINDOWS\System32\svchost.exe[1432] KERNEL32.dll!CreateThread 7C810707 5 Bytes JMP 630032D1 .text C:\WINDOWS\System32\svchost.exe[1432] KERNEL32.dll!CreateProcessInternalW 7C8185EC 5 Bytes JMP 63002D79 .text C:\WINDOWS\System32\svchost.exe[1432] KERNEL32.dll!ExitProcess 7C81BFA2 5 Bytes JMP 630023F9 .text C:\WINDOWS\System32\svchost.exe[1432] KERNEL32.dll!MoveFileWithProgressW 7C81E786 5 Bytes JMP 63005C61 .text C:\WINDOWS\System32\svchost.exe[1432] KERNEL32.dll!DefineDosDeviceW 7C820F76 5 Bytes JMP 63005A01 .text C:\WINDOWS\System32\svchost.exe[1432] KERNEL32.dll!MoveFileExW 7C8356FB 5 Bytes JMP 63005B31 .text C:\WINDOWS\System32\svchost.exe[1432] KERNEL32.dll!MoveFileWithProgressA 7C835F4E 5 Bytes JMP 63005BC9 .text C:\WINDOWS\System32\svchost.exe[1432] KERNEL32.dll!MoveFileExA 7C85F033 5 Bytes JMP 63005A99 .text C:\WINDOWS\System32\svchost.exe[1432] KERNEL32.dll!WinExec 7C863231 5 Bytes JMP 63002789 .text C:\WINDOWS\System32\svchost.exe[1432] KERNEL32.dll!Process32NextW 7C865D4F 5 Bytes JMP 63005541 .text C:\WINDOWS\System32\svchost.exe[1432] KERNEL32.dll!CreateToolhelp32Snapshot 7C8669A7 5 Bytes JMP 63002659 .text C:\WINDOWS\System32\svchost.exe[1432] KERNEL32.dll!ReadConsoleA 7C8738C5 5 Bytes JMP 63004371 .text C:\WINDOWS\System32\svchost.exe[1432] KERNEL32.dll!ReadConsoleW 7C873914 5 Bytes JMP 63004409 .text C:\WINDOWS\System32\svchost.exe[1432] KERNEL32.dll!ReadConsoleInputA 7C87537B 5 Bytes JMP 63004241 .text C:\WINDOWS\System32\svchost.exe[1432] KERNEL32.dll!ReadConsoleInputW 7C87539E 5 Bytes JMP 630042D9 .text C:\WINDOWS\System32\svchost.exe[1432] ADVAPI32.dll!RegQueryValueExW + 10C 77DC710B 5 Bytes JMP 63005FF1 .text C:\WINDOWS\System32\svchost.exe[1432] ADVAPI32.dll!CloseServiceHandle 77DD6CE5 5 Bytes JMP 63003CE9 .text C:\WINDOWS\System32\svchost.exe[1432] ADVAPI32.dll!OpenServiceW 77DD6FFD 5 Bytes JMP 630039F1 .text C:\WINDOWS\System32\svchost.exe[1432] ADVAPI32.dll!ControlService 77DE4A09 5 Bytes JMP 63003A89 .text C:\WINDOWS\System32\svchost.exe[1432] ADVAPI32.dll!OpenServiceA 77DE4C66 5 Bytes JMP 63003959 .text C:\WINDOWS\System32\svchost.exe[1432] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 63003BB9 .text C:\WINDOWS\System32\svchost.exe[1432] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 63003C51 .text C:\WINDOWS\System32\svchost.exe[1432] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 63003EB1 .text C:\WINDOWS\System32\svchost.exe[1432] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 63003F49 .text C:\WINDOWS\System32\svchost.exe[1432] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 63003B21 .text C:\WINDOWS\System32\svchost.exe[1432] USER32.dll!GetMessageW 7E3691C6 5 Bytes JMP 63004079 .text C:\WINDOWS\System32\svchost.exe[1432] USER32.dll!PeekMessageW 7E36929B 5 Bytes JMP 630041A9 .text C:\WINDOWS\System32\svchost.exe[1432] USER32.dll!UserClientDllInitialize 7E36B217 5 Bytes JMP 63006089 .text C:\WINDOWS\System32\svchost.exe[1432] USER32.dll!FindWindowExW 7E36E0E3 5 Bytes JMP 630054A9 .text C:\WINDOWS\System32\svchost.exe[1432] USER32.dll!DialogBoxIndirectParamAorW 7E3749D0 5 Bytes JMP 63004BC1 .text C:\WINDOWS\System32\svchost.exe[1432] USER32.dll!CreateDialogIndirectParamAorW 7E37680B 5 Bytes JMP 63004B29 .text C:\WINDOWS\System32\svchost.exe[1432] USER32.dll!GetMessageA 7E37772B 5 Bytes JMP 63003FE1 .text C:\WINDOWS\System32\svchost.exe[1432] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 630029E9 .text C:\WINDOWS\System32\svchost.exe[1432] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 630052E1 .text C:\WINDOWS\System32\svchost.exe[1432] USER32.dll!SetWindowTextW 7E37960E 5 Bytes JMP 63004E21 .text C:\WINDOWS\System32\svchost.exe[1432] USER32.dll!PeekMessageA 7E37A340 5 Bytes JMP 63004111 .text C:\WINDOWS\System32\svchost.exe[1432] USER32.dll!ShowWindow 7E37AF56 5 Bytes JMP 63004A91 .text C:\WINDOWS\System32\svchost.exe[1432] USER32.dll!CallNextHookEx 7E37B3C6 5 Bytes JMP 630045D1 .text C:\WINDOWS\System32\svchost.exe[1432] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 63005411 .text C:\WINDOWS\System32\svchost.exe[1432] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 63004961 .text C:\WINDOWS\System32\svchost.exe[1432] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 63004669 .text C:\WINDOWS\System32\svchost.exe[1432] USER32.dll!CreateWindowExA 7E37E4A9 5 Bytes JMP 630049F9 .text C:\WINDOWS\System32\svchost.exe[1432] USER32.dll!SetWindowTextA 7E37F56B 5 Bytes JMP 63004D89 .text C:\WINDOWS\System32\svchost.exe[1432] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 63002951 .text C:\WINDOWS\System32\svchost.exe[1432] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 63003239 .text C:\WINDOWS\System32\svchost.exe[1432] USER32.dll!FindWindowExA 7E38214A 5 Bytes JMP 63005379 .text C:\WINDOWS\System32\svchost.exe[1432] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 63004CF1 .text C:\WINDOWS\System32\svchost.exe[1432] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 63004C59 .text C:\WINDOWS\System32\svchost.exe[1432] msvcrt.dll!__p__environ 77C0F1C5 5 Bytes JMP 63001C41 .text C:\WINDOWS\System32\svchost.exe[1432] msvcrt.dll!__p__fmode 77C0F1DB 5 Bytes JMP 63001CD9 .text C:\WINDOWS\System32\svchost.exe[1432] msvcrt.dll!__p__winver + B 77C0F2A1 5 Bytes JMP 63006121 .text C:\WINDOWS\System32\svchost.exe[1432] SHELL32.dll!StrStrW 7C9E7516 5 Bytes JMP 630061B9 .text C:\WINDOWS\System32\svchost.exe[1432] SHELL32.dll!Shell_NotifyIconW 7CA2A5DF 5 Bytes JMP 63004701 .text C:\WINDOWS\System32\svchost.exe[1432] WS2_32.dll!WEP 71A51273 5 Bytes JMP 630062E9 .text C:\WINDOWS\System32\svchost.exe[1432] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 63004799 .text C:\WINDOWS\System32\svchost.exe[1432] WS2_32.dll!closesocket 71A53E2B 5 Bytes JMP 63004F51 .text C:\WINDOWS\System32\svchost.exe[1432] WS2_32.dll!WSASocketW 71A5404E 5 Bytes JMP 63004EB9 .text C:\WINDOWS\System32\svchost.exe[1432] WS2_32.dll!socket 71A54211 5 Bytes JMP 63005CF9 .text C:\WINDOWS\System32\svchost.exe[1432] WS2_32.dll!connect 71A54A07 5 Bytes JMP 63003E19 .text C:\WINDOWS\System32\svchost.exe[1432] WS2_32.dll!send 71A54C27 5 Bytes JMP 63002101 .text C:\WINDOWS\System32\svchost.exe[1432] WS2_32.dll!WSARecv 71A54CB5 5 Bytes JMP 63005F59 .text C:\WINDOWS\System32\svchost.exe[1432] WS2_32.dll!gethostbyname 71A55355 5 Bytes JMP 630048C9 .text C:\WINDOWS\System32\svchost.exe[1432] WS2_32.dll!recv 71A5676F 5 Bytes JMP 63005EC1 .text C:\WINDOWS\System32\svchost.exe[1432] WS2_32.dll!WSASend 71A568FA 5 Bytes JMP 63002199 .text C:\WINDOWS\System32\svchost.exe[1432] WS2_32.dll!WSAConnect 71A60C81 5 Bytes JMP 63005E29 .text C:\WINDOWS\System32\FTRTSVC.exe[1448] ntdll.dll!NtClose + 5 7C90CFF3 5 Bytes JMP 630055D9 .text C:\WINDOWS\System32\FTRTSVC.exe[1448] ntdll.dll!NtCreateFile 7C90D0AE 10 Bytes JMP 63005FF1 .text C:\WINDOWS\System32\FTRTSVC.exe[1448] ntdll.dll!NtCreateProcess + 5 7C90D153 5 Bytes JMP 63002C49 .text C:\WINDOWS\System32\FTRTSVC.exe[1448] ntdll.dll!NtCreateProcessEx + 5 7C90D163 5 Bytes JMP 63002CE1 .text C:\WINDOWS\System32\FTRTSVC.exe[1448] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 63002BB1 .text C:\WINDOWS\System32\FTRTSVC.exe[1448] ntdll.dll!NtDeviceIoControlFile + 5 7C90D283 5 Bytes JMP 63006089 .text C:\WINDOWS\System32\FTRTSVC.exe[1448] ntdll.dll!NtDuplicateObject + 5 7C90D2A3 5 Bytes JMP 63003071 .text C:\WINDOWS\System32\FTRTSVC.exe[1448] ntdll.dll!NtLoadDriver + 5 7C90D473 5 Bytes JMP 63005671 .text C:\WINDOWS\System32\FTRTSVC.exe[1448] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 630016E9 .text C:\WINDOWS\System32\FTRTSVC.exe[1448] ntdll.dll!NtOpenProcess + 5 7C90D603 5 Bytes JMP 63002F41 .text C:\WINDOWS\System32\FTRTSVC.exe[1448] ntdll.dll!NtQueueApcThread + 5 7C90D9A3 5 Bytes JMP 63002FD9 .text C:\WINDOWS\System32\FTRTSVC.exe[1448] ntdll.dll!NtRaiseHardError + 5 7C90D9C3 5 Bytes JMP 630044A1 .text C:\WINDOWS\System32\FTRTSVC.exe[1448] ntdll.dll!NtSetContextThread + 5 7C90DBB3 5 Bytes JMP 63002EA9 .text C:\WINDOWS\System32\FTRTSVC.exe[1448] ntdll.dll!NtSetInformationProcess + 5 7C90DCA3 5 Bytes JMP 63005081 .text C:\WINDOWS\System32\FTRTSVC.exe[1448] ntdll.dll!NtSetSystemInformation + 5 7C90DD63 5 Bytes JMP 63005709 .text C:\WINDOWS\System32\FTRTSVC.exe[1448] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 63002361 .text C:\WINDOWS\System32\FTRTSVC.exe[1448] ntdll.dll!NtSuspendProcess + 5 7C90DE33 5 Bytes JMP 630031A1 .text C:\WINDOWS\System32\FTRTSVC.exe[1448] ntdll.dll!NtSuspendThread + 5 7C90DE43 5 Bytes JMP 63003109 .text C:\WINDOWS\System32\FTRTSVC.exe[1448] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 63004FE9 .text C:\WINDOWS\System32\FTRTSVC.exe[1448] ntdll.dll!NtUnmapViewOfSection + 5 7C90DF13 5 Bytes JMP 63001781 .text C:\WINDOWS\System32\FTRTSVC.exe[1448] ntdll.dll!NtVdmControl + 5 7C90DF23 5 Bytes JMP 63006121 .text C:\WINDOWS\System32\FTRTSVC.exe[1448] ntdll.dll!NtWriteVirtualMemory + 5 7C90DFB3 5 Bytes JMP 63002E11 .text C:\WINDOWS\System32\FTRTSVC.exe[1448] ntdll.dll!RtlCreateProcessParameters 7C92188B 5 Bytes JMP 63001FD1 .text C:\WINDOWS\System32\FTRTSVC.exe[1448] KERNEL32.dll!GetSystemTimeAsFileTime 7C8017E9 5 Bytes JMP 63001B11 .text C:\WINDOWS\System32\FTRTSVC.exe[1448] KERNEL32.dll!CreateFileA 7C801A28 5 Bytes JMP 630026F1 .text C:\WINDOWS\System32\FTRTSVC.exe[1448] KERNEL32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 630051B1 .text C:\WINDOWS\System32\FTRTSVC.exe[1448] KERNEL32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 63005119 .text C:\WINDOWS\System32\FTRTSVC.exe[1448] KERNEL32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 630025C1 .text C:\WINDOWS\System32\FTRTSVC.exe[1448] KERNEL32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 63001EA1 .text C:\WINDOWS\System32\FTRTSVC.exe[1448] KERNEL32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 63001E09 .text C:\WINDOWS\System32\FTRTSVC.exe[1448] KERNEL32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 63003369 .text C:\WINDOWS\System32\FTRTSVC.exe[1448] KERNEL32.dll!CreateProcessA 7C80236B 5 Bytes JMP 63002821 .text C:\WINDOWS\System32\FTRTSVC.exe[1448] KERNEL32.dll!SleepEx 7C8023A0 5 Bytes JMP 630022C9 .text C:\WINDOWS\System32\FTRTSVC.exe[1448] KERNEL32.dll!Sleep 7C802446 5 Bytes JMP 63002491 .text C:\WINDOWS\System32\FTRTSVC.exe[1448] KERNEL32.dll!CloseHandle 7C809BE7 5 Bytes JMP 630038C1 .text C:\WINDOWS\System32\FTRTSVC.exe[1448] KERNEL32.dll!QueryPerformanceCounter 7C80A4C7 5 Bytes JMP 63001BA9 .text C:\WINDOWS\System32\FTRTSVC.exe[1448] KERNEL32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 63005249 .text C:\WINDOWS\System32\FTRTSVC.exe[1448] KERNEL32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 63002529 .text C:\WINDOWS\System32\FTRTSVC.exe[1448] KERNEL32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 630019E1 .text C:\WINDOWS\System32\FTRTSVC.exe[1448] KERNEL32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 63001A79 .text C:\WINDOWS\System32\FTRTSVC.exe[1448] KERNEL32.dll!CreateMutexW 7C80E957 5 Bytes JMP 63003829 .text C:\WINDOWS\System32\FTRTSVC.exe[1448] KERNEL32.dll!OpenMutexW 7C80EA35 5 Bytes JMP 63003791 .text C:\WINDOWS\System32\FTRTSVC.exe[1448] KERNEL32.dll!CreateRemoteThread 7C8104FC 5 Bytes JMP 63002A81 .text C:\WINDOWS\System32\FTRTSVC.exe[1448] KERNEL32.dll!CreateThread 7C810707 5 Bytes JMP 630032D1 .text C:\WINDOWS\System32\FTRTSVC.exe[1448] KERNEL32.dll!CreateProcessInternalW 7C8185EC 5 Bytes JMP 63002D79 .text C:\WINDOWS\System32\FTRTSVC.exe[1448] KERNEL32.dll!ExitProcess 7C81BFA2 5 Bytes JMP 630023F9 .text C:\WINDOWS\System32\FTRTSVC.exe[1448] KERNEL32.dll!MoveFileWithProgressW 7C81E786 5 Bytes JMP 63005C61 .text C:\WINDOWS\System32\FTRTSVC.exe[1448] KERNEL32.dll!DefineDosDeviceW 7C820F76 5 Bytes JMP 63005A01 .text C:\WINDOWS\System32\FTRTSVC.exe[1448] KERNEL32.dll!MoveFileExW 7C8356FB 5 Bytes JMP 63005B31 .text C:\WINDOWS\System32\FTRTSVC.exe[1448] KERNEL32.dll!MoveFileWithProgressA 7C835F4E 5 Bytes JMP 63005BC9 .text C:\WINDOWS\System32\FTRTSVC.exe[1448] KERNEL32.dll!MoveFileExA 7C85F033 5 Bytes JMP 63005A99 .text C:\WINDOWS\System32\FTRTSVC.exe[1448] KERNEL32.dll!WinExec 7C863231 5 Bytes JMP 63002789 .text C:\WINDOWS\System32\FTRTSVC.exe[1448] KERNEL32.dll!Process32NextW 7C865D4F 5 Bytes JMP 63005541 .text C:\WINDOWS\System32\FTRTSVC.exe[1448] KERNEL32.dll!CreateToolhelp32Snapshot 7C8669A7 5 Bytes JMP 63002659 .text C:\WINDOWS\System32\FTRTSVC.exe[1448] KERNEL32.dll!ReadConsoleA 7C8738C5 5 Bytes JMP 63004371 .text C:\WINDOWS\System32\FTRTSVC.exe[1448] KERNEL32.dll!ReadConsoleW 7C873914 5 Bytes JMP 63004409 .text C:\WINDOWS\System32\FTRTSVC.exe[1448] KERNEL32.dll!ReadConsoleInputA 7C87537B 5 Bytes JMP 63004241 .text C:\WINDOWS\System32\FTRTSVC.exe[1448] KERNEL32.dll!ReadConsoleInputW 7C87539E 5 Bytes JMP 630042D9 .text C:\WINDOWS\System32\FTRTSVC.exe[1448] ADVAPI32.dll!RegQueryValueExW + 10C 77DC710B 5 Bytes JMP 630062E9 .text C:\WINDOWS\System32\FTRTSVC.exe[1448] ADVAPI32.dll!CloseServiceHandle 77DD6CE5 5 Bytes JMP 63003CE9 .text C:\WINDOWS\System32\FTRTSVC.exe[1448] ADVAPI32.dll!OpenServiceW 77DD6FFD 5 Bytes JMP 630039F1 .text C:\WINDOWS\System32\FTRTSVC.exe[1448] ADVAPI32.dll!ControlService 77DE4A09 5 Bytes JMP 63003A89 .text C:\WINDOWS\System32\FTRTSVC.exe[1448] ADVAPI32.dll!OpenServiceA 77DE4C66 5 Bytes JMP 63003959 .text C:\WINDOWS\System32\FTRTSVC.exe[1448] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 63003BB9 .text C:\WINDOWS\System32\FTRTSVC.exe[1448] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 63003C51 .text C:\WINDOWS\System32\FTRTSVC.exe[1448] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 63003EB1 .text C:\WINDOWS\System32\FTRTSVC.exe[1448] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 63003F49 .text C:\WINDOWS\System32\FTRTSVC.exe[1448] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 63003B21 .text C:\WINDOWS\System32\FTRTSVC.exe[1448] MSVCRT.dll!__p__environ 77C0F1C5 5 Bytes JMP 63001C41 .text C:\WINDOWS\System32\FTRTSVC.exe[1448] MSVCRT.dll!__p__fmode 77C0F1DB 5 Bytes JMP 63001CD9 .text C:\WINDOWS\System32\FTRTSVC.exe[1448] MSVCRT.dll!__p__winver + B 77C0F2A1 5 Bytes JMP 63006381 .text C:\WINDOWS\System32\FTRTSVC.exe[1448] USER32.dll!PostMessageW 7E368CCB 5 Bytes JMP 63006251 .text C:\WINDOWS\System32\FTRTSVC.exe[1448] USER32.dll!GetMessageW 7E3691C6 5 Bytes JMP 63004079 .text C:\WINDOWS\System32\FTRTSVC.exe[1448] USER32.dll!PeekMessageW 7E36929B 5 Bytes JMP 630041A9 .text C:\WINDOWS\System32\FTRTSVC.exe[1448] USER32.dll!UserClientDllInitialize 7E36B217 5 Bytes JMP 63006419 .text C:\WINDOWS\System32\FTRTSVC.exe[1448] USER32.dll!FindWindowExW 7E36E0E3 5 Bytes JMP 630054A9 .text C:\WINDOWS\System32\FTRTSVC.exe[1448] USER32.dll!DialogBoxIndirectParamAorW 7E3749D0 5 Bytes JMP 63004BC1 .text C:\WINDOWS\System32\FTRTSVC.exe[1448] USER32.dll!CreateDialogIndirectParamAorW 7E37680B 5 Bytes JMP 63004B29 .text C:\WINDOWS\System32\FTRTSVC.exe[1448] USER32.dll!GetMessageA 7E37772B 5 Bytes JMP 63003FE1 .text C:\WINDOWS\System32\FTRTSVC.exe[1448] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 630029E9 .text C:\WINDOWS\System32\FTRTSVC.exe[1448] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 630052E1 .text C:\WINDOWS\System32\FTRTSVC.exe[1448] USER32.dll!SetWindowTextW 7E37960E 5 Bytes JMP 63004E21 .text C:\WINDOWS\System32\FTRTSVC.exe[1448] USER32.dll!PeekMessageA 7E37A340 5 Bytes JMP 63004111 .text C:\WINDOWS\System32\FTRTSVC.exe[1448] USER32.dll!PostMessageA 7E37AAFD 5 Bytes JMP 630061B9 .text C:\WINDOWS\System32\FTRTSVC.exe[1448] USER32.dll!ShowWindow 7E37AF56 5 Bytes JMP 63004A91 .text C:\WINDOWS\System32\FTRTSVC.exe[1448] USER32.dll!CallNextHookEx 7E37B3C6 5 Bytes JMP 630045D1 .text C:\WINDOWS\System32\FTRTSVC.exe[1448] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 63005411 .text C:\WINDOWS\System32\FTRTSVC.exe[1448] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 63004961 .text C:\WINDOWS\System32\FTRTSVC.exe[1448] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 63004669 .text C:\WINDOWS\System32\FTRTSVC.exe[1448] USER32.dll!CreateWindowExA 7E37E4A9 5 Bytes JMP 630049F9 .text C:\WINDOWS\System32\FTRTSVC.exe[1448] USER32.dll!SetWindowTextA 7E37F56B 5 Bytes JMP 63004D89 .text C:\WINDOWS\System32\FTRTSVC.exe[1448] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 63002951 .text C:\WINDOWS\System32\FTRTSVC.exe[1448] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 63003239 .text C:\WINDOWS\System32\FTRTSVC.exe[1448] USER32.dll!FindWindowExA 7E38214A 5 Bytes JMP 63005379 .text C:\WINDOWS\System32\FTRTSVC.exe[1448] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 63004CF1 .text C:\WINDOWS\System32\FTRTSVC.exe[1448] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 63004C59 .text C:\WINDOWS\system32\Ati2evxx.exe[1452] ntdll.dll!NtClose + 5 7C90CFF3 5 Bytes JMP 630055D9 .text C:\WINDOWS\system32\Ati2evxx.exe[1452] ntdll.dll!NtCreateFile 7C90D0AE 10 Bytes JMP 63005FF1 .text C:\WINDOWS\system32\Ati2evxx.exe[1452] ntdll.dll!NtCreateProcess + 5 7C90D153 5 Bytes JMP 63002C49 .text C:\WINDOWS\system32\Ati2evxx.exe[1452] ntdll.dll!NtCreateProcessEx + 5 7C90D163 5 Bytes JMP 63002CE1 .text C:\WINDOWS\system32\Ati2evxx.exe[1452] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 63002BB1 .text C:\WINDOWS\system32\Ati2evxx.exe[1452] ntdll.dll!NtDeviceIoControlFile + 5 7C90D283 5 Bytes JMP 63006089 .text C:\WINDOWS\system32\Ati2evxx.exe[1452] ntdll.dll!NtDuplicateObject + 5 7C90D2A3 5 Bytes JMP 63003071 .text C:\WINDOWS\system32\Ati2evxx.exe[1452] ntdll.dll!NtLoadDriver + 5 7C90D473 5 Bytes JMP 63005671 .text C:\WINDOWS\system32\Ati2evxx.exe[1452] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 630016E9 .text C:\WINDOWS\system32\Ati2evxx.exe[1452] ntdll.dll!NtOpenProcess + 5 7C90D603 5 Bytes JMP 63002F41 .text C:\WINDOWS\system32\Ati2evxx.exe[1452] ntdll.dll!NtQueueApcThread + 5 7C90D9A3 5 Bytes JMP 63002FD9 .text C:\WINDOWS\system32\Ati2evxx.exe[1452] ntdll.dll!NtRaiseHardError + 5 7C90D9C3 5 Bytes JMP 630044A1 .text C:\WINDOWS\system32\Ati2evxx.exe[1452] ntdll.dll!NtSetContextThread + 5 7C90DBB3 5 Bytes JMP 63002EA9 .text C:\WINDOWS\system32\Ati2evxx.exe[1452] ntdll.dll!NtSetInformationProcess + 5 7C90DCA3 5 Bytes JMP 63005081 .text C:\WINDOWS\system32\Ati2evxx.exe[1452] ntdll.dll!NtSetSystemInformation + 5 7C90DD63 5 Bytes JMP 63005709 .text C:\WINDOWS\system32\Ati2evxx.exe[1452] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 63002361 .text C:\WINDOWS\system32\Ati2evxx.exe[1452] ntdll.dll!NtSuspendProcess + 5 7C90DE33 5 Bytes JMP 630031A1 .text C:\WINDOWS\system32\Ati2evxx.exe[1452] ntdll.dll!NtSuspendThread + 5 7C90DE43 5 Bytes JMP 63003109 .text C:\WINDOWS\system32\Ati2evxx.exe[1452] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 63004FE9 .text C:\WINDOWS\system32\Ati2evxx.exe[1452] ntdll.dll!NtUnmapViewOfSection + 5 7C90DF13 5 Bytes JMP 63001781 .text C:\WINDOWS\system32\Ati2evxx.exe[1452] ntdll.dll!NtVdmControl + 5 7C90DF23 5 Bytes JMP 63006121 .text C:\WINDOWS\system32\Ati2evxx.exe[1452] ntdll.dll!NtWriteVirtualMemory + 5 7C90DFB3 5 Bytes JMP 63002E11 .text C:\WINDOWS\system32\Ati2evxx.exe[1452] ntdll.dll!RtlCreateProcessParameters 7C92188B 5 Bytes JMP 63001FD1 .text C:\WINDOWS\system32\Ati2evxx.exe[1452] KERNEL32.dll!GetSystemTimeAsFileTime 7C8017E9 5 Bytes JMP 63001B11 .text C:\WINDOWS\system32\Ati2evxx.exe[1452] KERNEL32.dll!CreateFileA 7C801A28 5 Bytes JMP 630026F1 .text C:\WINDOWS\system32\Ati2evxx.exe[1452] KERNEL32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 630051B1 .text C:\WINDOWS\system32\Ati2evxx.exe[1452] KERNEL32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 63005119 .text C:\WINDOWS\system32\Ati2evxx.exe[1452] KERNEL32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 630025C1 .text C:\WINDOWS\system32\Ati2evxx.exe[1452] KERNEL32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 63001EA1 .text C:\WINDOWS\system32\Ati2evxx.exe[1452] KERNEL32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 63001E09 .text C:\WINDOWS\system32\Ati2evxx.exe[1452] KERNEL32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 63003369 .text C:\WINDOWS\system32\Ati2evxx.exe[1452] KERNEL32.dll!CreateProcessA 7C80236B 5 Bytes JMP 63002821 .text C:\WINDOWS\system32\Ati2evxx.exe[1452] KERNEL32.dll!SleepEx 7C8023A0 5 Bytes JMP 630022C9 .text C:\WINDOWS\system32\Ati2evxx.exe[1452] KERNEL32.dll!Sleep 7C802446 5 Bytes JMP 63002491 .text C:\WINDOWS\system32\Ati2evxx.exe[1452] KERNEL32.dll!CloseHandle 7C809BE7 5 Bytes JMP 630038C1 .text C:\WINDOWS\system32\Ati2evxx.exe[1452] KERNEL32.dll!QueryPerformanceCounter 7C80A4C7 5 Bytes JMP 63001BA9 .text C:\WINDOWS\system32\Ati2evxx.exe[1452] KERNEL32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 63005249 .text C:\WINDOWS\system32\Ati2evxx.exe[1452] KERNEL32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 63002529 .text C:\WINDOWS\system32\Ati2evxx.exe[1452] KERNEL32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 630019E1 .text C:\WINDOWS\system32\Ati2evxx.exe[1452] KERNEL32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 63001A79 .text C:\WINDOWS\system32\Ati2evxx.exe[1452] KERNEL32.dll!CreateMutexW 7C80E957 5 Bytes JMP 63003829 .text C:\WINDOWS\system32\Ati2evxx.exe[1452] KERNEL32.dll!OpenMutexW 7C80EA35 5 Bytes JMP 63003791 .text C:\WINDOWS\system32\Ati2evxx.exe[1452] KERNEL32.dll!CreateRemoteThread 7C8104FC 5 Bytes JMP 63002A81 .text C:\WINDOWS\system32\Ati2evxx.exe[1452] KERNEL32.dll!CreateThread 7C810707 5 Bytes JMP 630032D1 .text C:\WINDOWS\system32\Ati2evxx.exe[1452] KERNEL32.dll!CreateProcessInternalW 7C8185EC 5 Bytes JMP 63002D79 .text C:\WINDOWS\system32\Ati2evxx.exe[1452] KERNEL32.dll!ExitProcess 7C81BFA2 5 Bytes JMP 630023F9 .text C:\WINDOWS\system32\Ati2evxx.exe[1452] KERNEL32.dll!MoveFileWithProgressW 7C81E786 5 Bytes JMP 63005C61 .text C:\WINDOWS\system32\Ati2evxx.exe[1452] KERNEL32.dll!DefineDosDeviceW 7C820F76 5 Bytes JMP 63005A01 .text C:\WINDOWS\system32\Ati2evxx.exe[1452] KERNEL32.dll!MoveFileExW 7C8356FB 5 Bytes JMP 63005B31 .text C:\WINDOWS\system32\Ati2evxx.exe[1452] KERNEL32.dll!MoveFileWithProgressA 7C835F4E 5 Bytes JMP 63005BC9 .text C:\WINDOWS\system32\Ati2evxx.exe[1452] KERNEL32.dll!MoveFileExA 7C85F033 5 Bytes JMP 63005A99 .text C:\WINDOWS\system32\Ati2evxx.exe[1452] KERNEL32.dll!WinExec 7C863231 5 Bytes JMP 63002789 .text C:\WINDOWS\system32\Ati2evxx.exe[1452] KERNEL32.dll!Process32NextW 7C865D4F 5 Bytes JMP 63005541 .text C:\WINDOWS\system32\Ati2evxx.exe[1452] KERNEL32.dll!CreateToolhelp32Snapshot 7C8669A7 5 Bytes JMP 63002659 .text C:\WINDOWS\system32\Ati2evxx.exe[1452] KERNEL32.dll!ReadConsoleA 7C8738C5 5 Bytes JMP 63004371 .text C:\WINDOWS\system32\Ati2evxx.exe[1452] KERNEL32.dll!ReadConsoleW 7C873914 5 Bytes JMP 63004409 .text C:\WINDOWS\system32\Ati2evxx.exe[1452] KERNEL32.dll!ReadConsoleInputA 7C87537B 5 Bytes JMP 63004241 .text C:\WINDOWS\system32\Ati2evxx.exe[1452] KERNEL32.dll!ReadConsoleInputW 7C87539E 5 Bytes JMP 630042D9 .text C:\WINDOWS\system32\Ati2evxx.exe[1452] USER32.dll!PostMessageW 7E368CCB 5 Bytes JMP 63006251 .text C:\WINDOWS\system32\Ati2evxx.exe[1452] USER32.dll!GetMessageW 7E3691C6 5 Bytes JMP 63004079 .text C:\WINDOWS\system32\Ati2evxx.exe[1452] USER32.dll!PeekMessageW 7E36929B 5 Bytes JMP 630041A9 .text C:\WINDOWS\system32\Ati2evxx.exe[1452] USER32.dll!UserClientDllInitialize 7E36B217 5 Bytes JMP 630062E9 .text C:\WINDOWS\system32\Ati2evxx.exe[1452] USER32.dll!FindWindowExW 7E36E0E3 5 Bytes JMP 630054A9 .text C:\WINDOWS\system32\Ati2evxx.exe[1452] USER32.dll!DialogBoxIndirectParamAorW 7E3749D0 5 Bytes JMP 63004BC1 .text C:\WINDOWS\system32\Ati2evxx.exe[1452] USER32.dll!CreateDialogIndirectParamAorW 7E37680B 5 Bytes JMP 63004B29 .text C:\WINDOWS\system32\Ati2evxx.exe[1452] USER32.dll!GetMessageA 7E37772B 5 Bytes JMP 63003FE1 .text C:\WINDOWS\system32\Ati2evxx.exe[1452] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 630029E9 .text C:\WINDOWS\system32\Ati2evxx.exe[1452] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 630052E1 .text C:\WINDOWS\system32\Ati2evxx.exe[1452] USER32.dll!SetWindowTextW 7E37960E 5 Bytes JMP 63004E21 .text C:\WINDOWS\system32\Ati2evxx.exe[1452] USER32.dll!PeekMessageA 7E37A340 5 Bytes JMP 63004111 .text C:\WINDOWS\system32\Ati2evxx.exe[1452] USER32.dll!PostMessageA 7E37AAFD 5 Bytes JMP 630061B9 .text C:\WINDOWS\system32\Ati2evxx.exe[1452] USER32.dll!ShowWindow 7E37AF56 5 Bytes JMP 63004A91 .text C:\WINDOWS\system32\Ati2evxx.exe[1452] USER32.dll!CallNextHookEx 7E37B3C6 5 Bytes JMP 630045D1 .text C:\WINDOWS\system32\Ati2evxx.exe[1452] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 63005411 .text C:\WINDOWS\system32\Ati2evxx.exe[1452] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 63004961 .text C:\WINDOWS\system32\Ati2evxx.exe[1452] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 63004669 .text C:\WINDOWS\system32\Ati2evxx.exe[1452] USER32.dll!CreateWindowExA 7E37E4A9 5 Bytes JMP 630049F9 .text C:\WINDOWS\system32\Ati2evxx.exe[1452] USER32.dll!SetWindowTextA 7E37F56B 5 Bytes JMP 63004D89 .text C:\WINDOWS\system32\Ati2evxx.exe[1452] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 63002951 .text C:\WINDOWS\system32\Ati2evxx.exe[1452] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 63003239 .text C:\WINDOWS\system32\Ati2evxx.exe[1452] USER32.dll!FindWindowExA 7E38214A 5 Bytes JMP 63005379 .text C:\WINDOWS\system32\Ati2evxx.exe[1452] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 63004CF1 .text C:\WINDOWS\system32\Ati2evxx.exe[1452] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 63004C59 .text C:\WINDOWS\system32\Ati2evxx.exe[1452] ADVAPI32.dll!RegQueryValueExW + 10C 77DC710B 5 Bytes JMP 63006381 .text C:\WINDOWS\system32\Ati2evxx.exe[1452] ADVAPI32.dll!CloseServiceHandle 77DD6CE5 5 Bytes JMP 63003CE9 .text C:\WINDOWS\system32\Ati2evxx.exe[1452] ADVAPI32.dll!OpenServiceW 77DD6FFD 5 Bytes JMP 630039F1 .text C:\WINDOWS\system32\Ati2evxx.exe[1452] ADVAPI32.dll!ControlService 77DE4A09 5 Bytes JMP 63003A89 .text C:\WINDOWS\system32\Ati2evxx.exe[1452] ADVAPI32.dll!OpenServiceA 77DE4C66 5 Bytes JMP 63003959 .text C:\WINDOWS\system32\Ati2evxx.exe[1452] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 63003BB9 .text C:\WINDOWS\system32\Ati2evxx.exe[1452] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 63003C51 .text C:\WINDOWS\system32\Ati2evxx.exe[1452] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 63003EB1 .text C:\WINDOWS\system32\Ati2evxx.exe[1452] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 63003F49 .text C:\WINDOWS\system32\Ati2evxx.exe[1452] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 63003B21 .text C:\WINDOWS\system32\Ati2evxx.exe[1452] msvcrt.dll!__p__environ 77C0F1C5 5 Bytes JMP 63001C41 .text C:\WINDOWS\system32\Ati2evxx.exe[1452] msvcrt.dll!__p__fmode 77C0F1DB 5 Bytes JMP 63001CD9 .text C:\WINDOWS\system32\Ati2evxx.exe[1452] msvcrt.dll!__p__winver + B 77C0F2A1 5 Bytes JMP 63006419 .text C:\WINDOWS\system32\Ati2evxx.exe[1452] WS2_32.dll!WEP 71A51273 5 Bytes JMP 630064B1 .text C:\WINDOWS\system32\Ati2evxx.exe[1452] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 63004799 .text C:\WINDOWS\system32\Ati2evxx.exe[1452] WS2_32.dll!closesocket 71A53E2B 5 Bytes JMP 63004F51 .text C:\WINDOWS\system32\Ati2evxx.exe[1452] WS2_32.dll!WSASocketW 71A5404E 5 Bytes JMP 63004EB9 .text C:\WINDOWS\system32\Ati2evxx.exe[1452] WS2_32.dll!socket 71A54211 5 Bytes JMP 63005CF9 .text C:\WINDOWS\system32\Ati2evxx.exe[1452] WS2_32.dll!connect 71A54A07 5 Bytes JMP 63003E19 .text C:\WINDOWS\system32\Ati2evxx.exe[1452] WS2_32.dll!send 71A54C27 5 Bytes JMP 63002101 .text C:\WINDOWS\system32\Ati2evxx.exe[1452] WS2_32.dll!WSARecv 71A54CB5 5 Bytes JMP 63005F59 .text C:\WINDOWS\system32\Ati2evxx.exe[1452] WS2_32.dll!gethostbyname 71A55355 5 Bytes JMP 630048C9 .text C:\WINDOWS\system32\Ati2evxx.exe[1452] WS2_32.dll!recv 71A5676F 5 Bytes JMP 63005EC1 .text C:\WINDOWS\system32\Ati2evxx.exe[1452] WS2_32.dll!WSASend 71A568FA 5 Bytes JMP 63002199 .text C:\WINDOWS\system32\Ati2evxx.exe[1452] WS2_32.dll!WSAConnect 71A60C81 5 Bytes JMP 63005E29 .text C:\WINDOWS\system32\svchost.exe[1496] ntdll.dll!NtClose + 5 7C90CFF3 5 Bytes JMP 630055D9 .text C:\WINDOWS\system32\svchost.exe[1496] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 63001F39 .text C:\WINDOWS\system32\svchost.exe[1496] ntdll.dll!NtCreateProcess + 5 7C90D153 5 Bytes JMP 63002C49 .text C:\WINDOWS\system32\svchost.exe[1496] ntdll.dll!NtCreateProcessEx + 5 7C90D163 5 Bytes JMP 63002CE1 .text C:\WINDOWS\system32\svchost.exe[1496] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 63002BB1 .text C:\WINDOWS\system32\svchost.exe[1496] ntdll.dll!NtDuplicateObject + 5 7C90D2A3 5 Bytes JMP 63003071 .text C:\WINDOWS\system32\svchost.exe[1496] ntdll.dll!NtLoadDriver + 5 7C90D473 5 Bytes JMP 63005671 .text C:\WINDOWS\system32\svchost.exe[1496] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 630016E9 .text C:\WINDOWS\system32\svchost.exe[1496] ntdll.dll!NtOpenProcess + 5 7C90D603 5 Bytes JMP 63002F41 .text C:\WINDOWS\system32\svchost.exe[1496] ntdll.dll!NtQueueApcThread + 5 7C90D9A3 5 Bytes JMP 63002FD9 .text C:\WINDOWS\system32\svchost.exe[1496] ntdll.dll!NtRaiseHardError + 5 7C90D9C3 5 Bytes JMP 630044A1 .text C:\WINDOWS\system32\svchost.exe[1496] ntdll.dll!NtSetContextThread + 5 7C90DBB3 5 Bytes JMP 63002EA9 .text C:\WINDOWS\system32\svchost.exe[1496] ntdll.dll!NtSetInformationProcess + 5 7C90DCA3 5 Bytes JMP 63005081 .text C:\WINDOWS\system32\svchost.exe[1496] ntdll.dll!NtSetSystemInformation + 5 7C90DD63 5 Bytes JMP 63005709 .text C:\WINDOWS\system32\svchost.exe[1496] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 63002361 .text C:\WINDOWS\system32\svchost.exe[1496] ntdll.dll!NtSuspendProcess + 5 7C90DE33 5 Bytes JMP 630031A1 .text C:\WINDOWS\system32\svchost.exe[1496] ntdll.dll!NtSuspendThread + 5 7C90DE43 5 Bytes JMP 63003109 .text C:\WINDOWS\system32\svchost.exe[1496] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 63004FE9 .text C:\WINDOWS\system32\svchost.exe[1496] ntdll.dll!NtUnmapViewOfSection + 5 7C90DF13 5 Bytes JMP 63001781 .text C:\WINDOWS\system32\svchost.exe[1496] ntdll.dll!NtWriteVirtualMemory + 5 7C90DFB3 5 Bytes JMP 63002E11 .text C:\WINDOWS\system32\svchost.exe[1496] ntdll.dll!RtlCreateProcessParameters 7C92188B 5 Bytes JMP 63001FD1 .text C:\WINDOWS\system32\svchost.exe[1496] KERNEL32.dll!GetSystemTimeAsFileTime 7C8017E9 5 Bytes JMP 63001B11 .text C:\WINDOWS\system32\svchost.exe[1496] KERNEL32.dll!CreateFileA 7C801A28 5 Bytes JMP 630026F1 .text C:\WINDOWS\system32\svchost.exe[1496] KERNEL32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 630051B1 .text C:\WINDOWS\system32\svchost.exe[1496] KERNEL32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 63005119 .text C:\WINDOWS\system32\svchost.exe[1496] KERNEL32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 630025C1 .text C:\WINDOWS\system32\svchost.exe[1496] KERNEL32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 63001EA1 .text C:\WINDOWS\system32\svchost.exe[1496] KERNEL32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 63001E09 .text C:\WINDOWS\system32\svchost.exe[1496] KERNEL32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 63003369 .text C:\WINDOWS\system32\svchost.exe[1496] KERNEL32.dll!CreateProcessA 7C80236B 5 Bytes JMP 63002821 .text C:\WINDOWS\system32\svchost.exe[1496] KERNEL32.dll!SleepEx 7C8023A0 5 Bytes JMP 630022C9 .text C:\WINDOWS\system32\svchost.exe[1496] KERNEL32.dll!Sleep 7C802446 5 Bytes JMP 63002491 .text C:\WINDOWS\system32\svchost.exe[1496] KERNEL32.dll!CloseHandle 7C809BE7 5 Bytes JMP 630038C1 .text C:\WINDOWS\system32\svchost.exe[1496] KERNEL32.dll!QueryPerformanceCounter 7C80A4C7 5 Bytes JMP 63001BA9 .text C:\WINDOWS\system32\svchost.exe[1496] KERNEL32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 63005249 .text C:\WINDOWS\system32\svchost.exe[1496] KERNEL32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 63002529 .text C:\WINDOWS\system32\svchost.exe[1496] KERNEL32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 630019E1 .text C:\WINDOWS\system32\svchost.exe[1496] KERNEL32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 63001A79 .text C:\WINDOWS\system32\svchost.exe[1496] KERNEL32.dll!CreateMutexW 7C80E957 5 Bytes JMP 63003829 .text C:\WINDOWS\system32\svchost.exe[1496] KERNEL32.dll!OpenMutexW 7C80EA35 5 Bytes JMP 63003791 .text C:\WINDOWS\system32\svchost.exe[1496] KERNEL32.dll!CreateRemoteThread 7C8104FC 5 Bytes JMP 63002A81 .text C:\WINDOWS\system32\svchost.exe[1496] KERNEL32.dll!CreateThread 7C810707 5 Bytes JMP 630032D1 .text C:\WINDOWS\system32\svchost.exe[1496] KERNEL32.dll!CreateProcessInternalW 7C8185EC 5 Bytes JMP 63002D79 .text C:\WINDOWS\system32\svchost.exe[1496] KERNEL32.dll!ExitProcess 7C81BFA2 5 Bytes JMP 630023F9 .text C:\WINDOWS\system32\svchost.exe[1496] KERNEL32.dll!MoveFileWithProgressW 7C81E786 5 Bytes JMP 63005C61 .text C:\WINDOWS\system32\svchost.exe[1496] KERNEL32.dll!DefineDosDeviceW 7C820F76 5 Bytes JMP 63005A01 .text C:\WINDOWS\system32\svchost.exe[1496] KERNEL32.dll!MoveFileExW 7C8356FB 5 Bytes JMP 63005B31 .text C:\WINDOWS\system32\svchost.exe[1496] KERNEL32.dll!MoveFileWithProgressA 7C835F4E 5 Bytes JMP 63005BC9 .text C:\WINDOWS\system32\svchost.exe[1496] KERNEL32.dll!MoveFileExA 7C85F033 5 Bytes JMP 63005A99 .text C:\WINDOWS\system32\svchost.exe[1496] KERNEL32.dll!WinExec 7C863231 5 Bytes JMP 63002789 .text C:\WINDOWS\system32\svchost.exe[1496] KERNEL32.dll!Process32NextW 7C865D4F 5 Bytes JMP 63005541 .text C:\WINDOWS\system32\svchost.exe[1496] KERNEL32.dll!CreateToolhelp32Snapshot 7C8669A7 5 Bytes JMP 63002659 .text C:\WINDOWS\system32\svchost.exe[1496] KERNEL32.dll!ReadConsoleA 7C8738C5 5 Bytes JMP 63004371 .text C:\WINDOWS\system32\svchost.exe[1496] KERNEL32.dll!ReadConsoleW 7C873914 5 Bytes JMP 63004409 .text C:\WINDOWS\system32\svchost.exe[1496] KERNEL32.dll!ReadConsoleInputA 7C87537B 5 Bytes JMP 63004241 .text C:\WINDOWS\system32\svchost.exe[1496] KERNEL32.dll!ReadConsoleInputW 7C87539E 5 Bytes JMP 630042D9 .text C:\WINDOWS\system32\svchost.exe[1496] ADVAPI32.dll!RegQueryValueExW + 10C 77DC710B 5 Bytes JMP 63005FF1 .text C:\WINDOWS\system32\svchost.exe[1496] ADVAPI32.dll!CloseServiceHandle 77DD6CE5 5 Bytes JMP 63003CE9 .text C:\WINDOWS\system32\svchost.exe[1496] ADVAPI32.dll!OpenServiceW 77DD6FFD 5 Bytes JMP 630039F1 .text C:\WINDOWS\system32\svchost.exe[1496] ADVAPI32.dll!ControlService 77DE4A09 5 Bytes JMP 63003A89 .text C:\WINDOWS\system32\svchost.exe[1496] ADVAPI32.dll!OpenServiceA 77DE4C66 5 Bytes JMP 63003959 .text C:\WINDOWS\system32\svchost.exe[1496] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 63003BB9 .text C:\WINDOWS\system32\svchost.exe[1496] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 63003C51 .text C:\WINDOWS\system32\svchost.exe[1496] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 63003EB1 .text C:\WINDOWS\system32\svchost.exe[1496] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 63003F49 .text C:\WINDOWS\system32\svchost.exe[1496] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 63003B21 .text C:\WINDOWS\system32\svchost.exe[1496] USER32.dll!GetMessageW 7E3691C6 5 Bytes JMP 63004079 .text C:\WINDOWS\system32\svchost.exe[1496] USER32.dll!PeekMessageW 7E36929B 5 Bytes JMP 630041A9 .text C:\WINDOWS\system32\svchost.exe[1496] USER32.dll!UserClientDllInitialize 7E36B217 5 Bytes JMP 63006089 .text C:\WINDOWS\system32\svchost.exe[1496] USER32.dll!FindWindowExW 7E36E0E3 5 Bytes JMP 630054A9 .text C:\WINDOWS\system32\svchost.exe[1496] USER32.dll!DialogBoxIndirectParamAorW 7E3749D0 5 Bytes JMP 63004BC1 .text C:\WINDOWS\system32\svchost.exe[1496] USER32.dll!CreateDialogIndirectParamAorW 7E37680B 5 Bytes JMP 63004B29 .text C:\WINDOWS\system32\svchost.exe[1496] USER32.dll!GetMessageA 7E37772B 5 Bytes JMP 63003FE1 .text C:\WINDOWS\system32\svchost.exe[1496] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 630029E9 .text C:\WINDOWS\system32\svchost.exe[1496] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 630052E1 .text C:\WINDOWS\system32\svchost.exe[1496] USER32.dll!SetWindowTextW 7E37960E 5 Bytes JMP 63004E21 .text C:\WINDOWS\system32\svchost.exe[1496] USER32.dll!PeekMessageA 7E37A340 5 Bytes JMP 63004111 .text C:\WINDOWS\system32\svchost.exe[1496] USER32.dll!ShowWindow 7E37AF56 5 Bytes JMP 63004A91 .text C:\WINDOWS\system32\svchost.exe[1496] USER32.dll!CallNextHookEx 7E37B3C6 5 Bytes JMP 630045D1 .text C:\WINDOWS\system32\svchost.exe[1496] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 63005411 .text C:\WINDOWS\system32\svchost.exe[1496] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 63004961 .text C:\WINDOWS\system32\svchost.exe[1496] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 63004669 .text C:\WINDOWS\system32\svchost.exe[1496] USER32.dll!CreateWindowExA 7E37E4A9 5 Bytes JMP 630049F9 .text C:\WINDOWS\system32\svchost.exe[1496] USER32.dll!SetWindowTextA 7E37F56B 5 Bytes JMP 63004D89 .text C:\WINDOWS\system32\svchost.exe[1496] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 63002951 .text C:\WINDOWS\system32\svchost.exe[1496] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 63003239 .text C:\WINDOWS\system32\svchost.exe[1496] USER32.dll!FindWindowExA 7E38214A 5 Bytes JMP 63005379 .text C:\WINDOWS\system32\svchost.exe[1496] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 63004CF1 .text C:\WINDOWS\system32\svchost.exe[1496] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 63004C59 .text C:\WINDOWS\system32\svchost.exe[1496] msvcrt.dll!__p__environ 77C0F1C5 5 Bytes JMP 63001C41 .text C:\WINDOWS\system32\svchost.exe[1496] msvcrt.dll!__p__fmode 77C0F1DB 5 Bytes JMP 63001CD9 .text C:\WINDOWS\system32\svchost.exe[1496] msvcrt.dll!__p__winver + B 77C0F2A1 5 Bytes JMP 63006121 .text C:\WINDOWS\system32\svchost.exe[1496] SHELL32.dll!StrStrW 7C9E7516 5 Bytes JMP 630061B9 .text C:\WINDOWS\system32\svchost.exe[1496] SHELL32.dll!Shell_NotifyIconW 7CA2A5DF 5 Bytes JMP 63004701 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1572] ntdll.dll!NtClose + 5 7C90CFF3 5 Bytes JMP 63005F59 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1572] ntdll.dll!NtCreateFile 7C90D0AE 10 Bytes JMP 63006971 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1572] ntdll.dll!NtCreateProcess + 5 7C90D153 5 Bytes JMP 63002C49 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1572] ntdll.dll!NtCreateProcessEx + 5 7C90D163 5 Bytes JMP 63002CE1 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1572] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 63002BB1 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1572] ntdll.dll!NtDeviceIoControlFile + 5 7C90D283 5 Bytes JMP 63006A09 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1572] ntdll.dll!NtDuplicateObject + 5 7C90D2A3 5 Bytes JMP 63003071 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1572] ntdll.dll!NtLoadDriver + 5 7C90D473 5 Bytes JMP 63005FF1 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1572] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 630016E9 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1572] ntdll.dll!NtOpenProcess + 5 7C90D603 5 Bytes JMP 63002F41 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1572] ntdll.dll!NtQueueApcThread + 5 7C90D9A3 5 Bytes JMP 63002FD9 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1572] ntdll.dll!NtRaiseHardError + 5 7C90D9C3 5 Bytes JMP 630044A1 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1572] ntdll.dll!NtSetContextThread + 5 7C90DBB3 5 Bytes JMP 63002EA9 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1572] ntdll.dll!NtSetInformationProcess + 5 7C90DCA3 5 Bytes JMP 63005A01 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1572] ntdll.dll!NtSetSystemInformation + 5 7C90DD63 5 Bytes JMP 63006089 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1572] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 63002361 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1572] ntdll.dll!NtSuspendProcess + 5 7C90DE33 5 Bytes JMP 630031A1 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1572] ntdll.dll!NtSuspendThread + 5 7C90DE43 5 Bytes JMP 63003109 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1572] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 63005969 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1572] ntdll.dll!NtUnmapViewOfSection + 5 7C90DF13 5 Bytes JMP 63001781 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1572] ntdll.dll!NtVdmControl + 5 7C90DF23 5 Bytes JMP 63006AA1 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1572] ntdll.dll!NtWriteVirtualMemory + 5 7C90DFB3 5 Bytes JMP 63002E11 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1572] ntdll.dll!RtlCreateProcessParameters 7C92188B 5 Bytes JMP 63001FD1 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1572] KERNEL32.dll!GetSystemTimeAsFileTime 7C8017E9 5 Bytes JMP 63001B11 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1572] KERNEL32.dll!CreateFileA 7C801A28 5 Bytes JMP 630026F1 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1572] KERNEL32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 63005B31 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1572] KERNEL32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 63005A99 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1572] KERNEL32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 630025C1 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1572] KERNEL32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 63001EA1 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1572] KERNEL32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 63001E09 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1572] KERNEL32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 63003369 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1572] KERNEL32.dll!CreateProcessA 7C80236B 5 Bytes JMP 63002821 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1572] KERNEL32.dll!SleepEx 7C8023A0 5 Bytes JMP 630022C9 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1572] KERNEL32.dll!Sleep 7C802446 5 Bytes JMP 63002491 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1572] KERNEL32.dll!CloseHandle 7C809BE7 5 Bytes JMP 630038C1 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1572] KERNEL32.dll!QueryPerformanceCounter 7C80A4C7 5 Bytes JMP 63001BA9 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1572] KERNEL32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 63005BC9 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1572] KERNEL32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 63002529 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1572] KERNEL32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 630019E1 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1572] KERNEL32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 63001A79 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1572] KERNEL32.dll!CreateMutexW 7C80E957 5 Bytes JMP 63003829 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1572] KERNEL32.dll!OpenMutexW 7C80EA35 5 Bytes JMP 63003791 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1572] KERNEL32.dll!CreateRemoteThread 7C8104FC 5 Bytes JMP 63002A81 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1572] KERNEL32.dll!CreateThread 7C810707 5 Bytes JMP 630032D1 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1572] KERNEL32.dll!CreateProcessInternalW 7C8185EC 5 Bytes JMP 63002D79 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1572] KERNEL32.dll!ExitProcess 7C81BFA2 5 Bytes JMP 630023F9 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1572] KERNEL32.dll!MoveFileWithProgressW 7C81E786 5 Bytes JMP 630065E1 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1572] KERNEL32.dll!DefineDosDeviceW 7C820F76 5 Bytes JMP 63006381 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1572] KERNEL32.dll!MoveFileExW 7C8356FB 5 Bytes JMP 630064B1 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1572] KERNEL32.dll!MoveFileWithProgressA 7C835F4E 5 Bytes JMP 63006549 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1572] KERNEL32.dll!MoveFileExA 7C85F033 5 Bytes JMP 63006419 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1572] KERNEL32.dll!WinExec 7C863231 5 Bytes JMP 63002789 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1572] KERNEL32.dll!Process32NextW 7C865D4F 5 Bytes JMP 63005EC1 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1572] KERNEL32.dll!CreateToolhelp32Snapshot 7C8669A7 5 Bytes JMP 63002659 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1572] KERNEL32.dll!ReadConsoleA 7C8738C5 5 Bytes JMP 63004371 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1572] KERNEL32.dll!ReadConsoleW 7C873914 5 Bytes JMP 63004409 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1572] KERNEL32.dll!ReadConsoleInputA 7C87537B 5 Bytes JMP 63004241 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1572] KERNEL32.dll!ReadConsoleInputW 7C87539E 5 Bytes JMP 630042D9 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1572] USER32.dll!PostMessageW 7E368CCB 5 Bytes JMP 63006BD1 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1572] USER32.dll!GetMessageW 7E3691C6 5 Bytes JMP 63004079 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1572] USER32.dll!PeekMessageW 7E36929B 5 Bytes JMP 630041A9 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1572] USER32.dll!UserClientDllInitialize 7E36B217 5 Bytes JMP 63006C69 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1572] USER32.dll!FindWindowExW 7E36E0E3 5 Bytes JMP 63005E29 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1572] USER32.dll!DialogBoxIndirectParamAorW 7E3749D0 5 Bytes JMP 63005541 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1572] USER32.dll!CreateDialogIndirectParamAorW 7E37680B 5 Bytes JMP 630054A9 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1572] USER32.dll!GetMessageA 7E37772B 5 Bytes JMP 63003FE1 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1572] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 630029E9 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1572] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 63005C61 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1572] USER32.dll!SetWindowTextW 7E37960E 5 Bytes JMP 630057A1 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1572] USER32.dll!PeekMessageA 7E37A340 5 Bytes JMP 63004111 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1572] USER32.dll!PostMessageA 7E37AAFD 5 Bytes JMP 63006B39 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1572] USER32.dll!ShowWindow 7E37AF56 5 Bytes JMP 63005411 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1572] USER32.dll!CallNextHookEx 7E37B3C6 5 Bytes JMP 630045D1 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1572] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 63005D91 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1572] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 630052E1 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1572] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 63004669 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1572] USER32.dll!CreateWindowExA 7E37E4A9 5 Bytes JMP 63005379 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1572] USER32.dll!SetWindowTextA 7E37F56B 5 Bytes JMP 63005709 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1572] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 63002951 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1572] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 63003239 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1572] USER32.dll!FindWindowExA 7E38214A 5 Bytes JMP 63005CF9 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1572] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 63005671 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1572] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 630055D9 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1572] ADVAPI32.dll!RegQueryValueExW + 10C 77DC710B 5 Bytes JMP 63006D01 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1572] ADVAPI32.dll!CloseServiceHandle 77DD6CE5 5 Bytes JMP 63003CE9 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1572] ADVAPI32.dll!OpenServiceW 77DD6FFD 5 Bytes JMP 630039F1 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1572] ADVAPI32.dll!ControlService 77DE4A09 5 Bytes JMP 63003A89 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1572] ADVAPI32.dll!OpenServiceA 77DE4C66 5 Bytes JMP 63003959 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1572] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 63003BB9 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1572] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 63003C51 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1572] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 63003EB1 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1572] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 63003F49 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1572] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 63003B21 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1572] SHELL32.dll!StrStrW 7C9E7516 5 Bytes JMP 63006D99 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1572] SHELL32.dll!Shell_NotifyIconW 7CA2A5DF 5 Bytes JMP 63004701 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1572] msvcrt.dll!__p__environ 77C0F1C5 5 Bytes JMP 63001C41 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1572] msvcrt.dll!__p__fmode 77C0F1DB 5 Bytes JMP 63001CD9 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1572] msvcrt.dll!__p__winver + B 77C0F2A1 5 Bytes JMP 63006E31 .text C:\WINDOWS\system32\svchost.exe[1652] ntdll.dll!NtClose + 5 7C90CFF3 5 Bytes JMP 630055D9 .text C:\WINDOWS\system32\svchost.exe[1652] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 63001F39 .text C:\WINDOWS\system32\svchost.exe[1652] ntdll.dll!NtCreateProcess + 5 7C90D153 5 Bytes JMP 63002C49 .text C:\WINDOWS\system32\svchost.exe[1652] ntdll.dll!NtCreateProcessEx + 5 7C90D163 5 Bytes JMP 63002CE1 .text C:\WINDOWS\system32\svchost.exe[1652] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 63002BB1 .text C:\WINDOWS\system32\svchost.exe[1652] ntdll.dll!NtDuplicateObject + 5 7C90D2A3 5 Bytes JMP 63003071 .text C:\WINDOWS\system32\svchost.exe[1652] ntdll.dll!NtLoadDriver + 5 7C90D473 5 Bytes JMP 63005671 .text C:\WINDOWS\system32\svchost.exe[1652] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 630016E9 .text C:\WINDOWS\system32\svchost.exe[1652] ntdll.dll!NtOpenProcess + 5 7C90D603 5 Bytes JMP 63002F41 .text C:\WINDOWS\system32\svchost.exe[1652] ntdll.dll!NtQueueApcThread + 5 7C90D9A3 5 Bytes JMP 63002FD9 .text C:\WINDOWS\system32\svchost.exe[1652] ntdll.dll!NtRaiseHardError + 5 7C90D9C3 5 Bytes JMP 630044A1 .text C:\WINDOWS\system32\svchost.exe[1652] ntdll.dll!NtSetContextThread + 5 7C90DBB3 5 Bytes JMP 63002EA9 .text C:\WINDOWS\system32\svchost.exe[1652] ntdll.dll!NtSetInformationProcess + 5 7C90DCA3 5 Bytes JMP 63005081 .text C:\WINDOWS\system32\svchost.exe[1652] ntdll.dll!NtSetSystemInformation + 5 7C90DD63 5 Bytes JMP 63005709 .text C:\WINDOWS\system32\svchost.exe[1652] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 63002361 .text C:\WINDOWS\system32\svchost.exe[1652] ntdll.dll!NtSuspendProcess + 5 7C90DE33 5 Bytes JMP 630031A1 .text C:\WINDOWS\system32\svchost.exe[1652] ntdll.dll!NtSuspendThread + 5 7C90DE43 5 Bytes JMP 63003109 .text C:\WINDOWS\system32\svchost.exe[1652] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 63004FE9 .text C:\WINDOWS\system32\svchost.exe[1652] ntdll.dll!NtUnmapViewOfSection + 5 7C90DF13 5 Bytes JMP 63001781 .text C:\WINDOWS\system32\svchost.exe[1652] ntdll.dll!NtWriteVirtualMemory + 5 7C90DFB3 5 Bytes JMP 63002E11 .text C:\WINDOWS\system32\svchost.exe[1652] ntdll.dll!RtlCreateProcessParameters 7C92188B 5 Bytes JMP 63001FD1 .text C:\WINDOWS\system32\svchost.exe[1652] KERNEL32.dll!GetSystemTimeAsFileTime 7C8017E9 5 Bytes JMP 63001B11 .text C:\WINDOWS\system32\svchost.exe[1652] KERNEL32.dll!CreateFileA 7C801A28 5 Bytes JMP 630026F1 .text C:\WINDOWS\system32\svchost.exe[1652] KERNEL32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 630051B1 .text C:\WINDOWS\system32\svchost.exe[1652] KERNEL32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 63005119 .text C:\WINDOWS\system32\svchost.exe[1652] KERNEL32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 630025C1 .text C:\WINDOWS\system32\svchost.exe[1652] KERNEL32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 63001EA1 .text C:\WINDOWS\system32\svchost.exe[1652] KERNEL32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 63001E09 .text C:\WINDOWS\system32\svchost.exe[1652] KERNEL32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 63003369 .text C:\WINDOWS\system32\svchost.exe[1652] KERNEL32.dll!CreateProcessA 7C80236B 5 Bytes JMP 63002821 .text C:\WINDOWS\system32\svchost.exe[1652] KERNEL32.dll!SleepEx 7C8023A0 5 Bytes JMP 630022C9 .text C:\WINDOWS\system32\svchost.exe[1652] KERNEL32.dll!Sleep 7C802446 5 Bytes JMP 63002491 .text C:\WINDOWS\system32\svchost.exe[1652] KERNEL32.dll!CloseHandle 7C809BE7 5 Bytes JMP 630038C1 .text C:\WINDOWS\system32\svchost.exe[1652] KERNEL32.dll!QueryPerformanceCounter 7C80A4C7 5 Bytes JMP 63001BA9 .text C:\WINDOWS\system32\svchost.exe[1652] KERNEL32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 63005249 .text C:\WINDOWS\system32\svchost.exe[1652] KERNEL32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 63002529 .text C:\WINDOWS\system32\svchost.exe[1652] KERNEL32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 630019E1 .text C:\WINDOWS\system32\svchost.exe[1652] KERNEL32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 63001A79 .text C:\WINDOWS\system32\svchost.exe[1652] KERNEL32.dll!CreateMutexW 7C80E957 5 Bytes JMP 63003829 .text C:\WINDOWS\system32\svchost.exe[1652] KERNEL32.dll!OpenMutexW 7C80EA35 5 Bytes JMP 63003791 .text C:\WINDOWS\system32\svchost.exe[1652] KERNEL32.dll!CreateRemoteThread 7C8104FC 5 Bytes JMP 63002A81 .text C:\WINDOWS\system32\svchost.exe[1652] KERNEL32.dll!CreateThread 7C810707 5 Bytes JMP 630032D1 .text C:\WINDOWS\system32\svchost.exe[1652] KERNEL32.dll!CreateProcessInternalW 7C8185EC 5 Bytes JMP 63002D79 .text C:\WINDOWS\system32\svchost.exe[1652] KERNEL32.dll!ExitProcess 7C81BFA2 5 Bytes JMP 630023F9 .text C:\WINDOWS\system32\svchost.exe[1652] KERNEL32.dll!MoveFileWithProgressW 7C81E786 5 Bytes JMP 63005C61 .text C:\WINDOWS\system32\svchost.exe[1652] KERNEL32.dll!DefineDosDeviceW 7C820F76 5 Bytes JMP 63005A01 .text C:\WINDOWS\system32\svchost.exe[1652] KERNEL32.dll!MoveFileExW 7C8356FB 5 Bytes JMP 63005B31 .text C:\WINDOWS\system32\svchost.exe[1652] KERNEL32.dll!MoveFileWithProgressA 7C835F4E 5 Bytes JMP 63005BC9 .text C:\WINDOWS\system32\svchost.exe[1652] KERNEL32.dll!MoveFileExA 7C85F033 5 Bytes JMP 63005A99 .text C:\WINDOWS\system32\svchost.exe[1652] KERNEL32.dll!WinExec 7C863231 5 Bytes JMP 63002789 .text C:\WINDOWS\system32\svchost.exe[1652] KERNEL32.dll!Process32NextW 7C865D4F 5 Bytes JMP 63005541 .text C:\WINDOWS\system32\svchost.exe[1652] KERNEL32.dll!CreateToolhelp32Snapshot 7C8669A7 5 Bytes JMP 63002659 .text C:\WINDOWS\system32\svchost.exe[1652] KERNEL32.dll!ReadConsoleA 7C8738C5 5 Bytes JMP 63004371 .text C:\WINDOWS\system32\svchost.exe[1652] KERNEL32.dll!ReadConsoleW 7C873914 5 Bytes JMP 63004409 .text C:\WINDOWS\system32\svchost.exe[1652] KERNEL32.dll!ReadConsoleInputA 7C87537B 5 Bytes JMP 63004241 .text C:\WINDOWS\system32\svchost.exe[1652] KERNEL32.dll!ReadConsoleInputW 7C87539E 5 Bytes JMP 630042D9 .text C:\WINDOWS\system32\svchost.exe[1652] ADVAPI32.dll!RegQueryValueExW + 10C 77DC710B 5 Bytes JMP 63005FF1 .text C:\WINDOWS\system32\svchost.exe[1652] ADVAPI32.dll!CloseServiceHandle 77DD6CE5 5 Bytes JMP 63003CE9 .text C:\WINDOWS\system32\svchost.exe[1652] ADVAPI32.dll!OpenServiceW 77DD6FFD 5 Bytes JMP 630039F1 .text C:\WINDOWS\system32\svchost.exe[1652] ADVAPI32.dll!ControlService 77DE4A09 5 Bytes JMP 63003A89 .text C:\WINDOWS\system32\svchost.exe[1652] ADVAPI32.dll!OpenServiceA 77DE4C66 5 Bytes JMP 63003959 .text C:\WINDOWS\system32\svchost.exe[1652] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 63003BB9 .text C:\WINDOWS\system32\svchost.exe[1652] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 63003C51 .text C:\WINDOWS\system32\svchost.exe[1652] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 63003EB1 .text C:\WINDOWS\system32\svchost.exe[1652] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 63003F49 .text C:\WINDOWS\system32\svchost.exe[1652] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 63003B21 .text C:\WINDOWS\system32\svchost.exe[1652] USER32.dll!GetMessageW 7E3691C6 5 Bytes JMP 63004079 .text C:\WINDOWS\system32\svchost.exe[1652] USER32.dll!PeekMessageW 7E36929B 5 Bytes JMP 630041A9 .text C:\WINDOWS\system32\svchost.exe[1652] USER32.dll!UserClientDllInitialize 7E36B217 5 Bytes JMP 63006089 .text C:\WINDOWS\system32\svchost.exe[1652] USER32.dll!FindWindowExW 7E36E0E3 5 Bytes JMP 630054A9 .text C:\WINDOWS\system32\svchost.exe[1652] USER32.dll!DialogBoxIndirectParamAorW 7E3749D0 5 Bytes JMP 63004BC1 .text C:\WINDOWS\system32\svchost.exe[1652] USER32.dll!CreateDialogIndirectParamAorW 7E37680B 5 Bytes JMP 63004B29 .text C:\WINDOWS\system32\svchost.exe[1652] USER32.dll!GetMessageA 7E37772B 5 Bytes JMP 63003FE1 .text C:\WINDOWS\system32\svchost.exe[1652] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 630029E9 .text C:\WINDOWS\system32\svchost.exe[1652] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 630052E1 .text C:\WINDOWS\system32\svchost.exe[1652] USER32.dll!SetWindowTextW 7E37960E 5 Bytes JMP 63004E21 .text C:\WINDOWS\system32\svchost.exe[1652] USER32.dll!PeekMessageA 7E37A340 5 Bytes JMP 63004111 .text C:\WINDOWS\system32\svchost.exe[1652] USER32.dll!ShowWindow 7E37AF56 5 Bytes JMP 63004A91 .text C:\WINDOWS\system32\svchost.exe[1652] USER32.dll!CallNextHookEx 7E37B3C6 5 Bytes JMP 630045D1 .text C:\WINDOWS\system32\svchost.exe[1652] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 63005411 .text C:\WINDOWS\system32\svchost.exe[1652] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 63004961 .text C:\WINDOWS\system32\svchost.exe[1652] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 63004669 .text C:\WINDOWS\system32\svchost.exe[1652] USER32.dll!CreateWindowExA 7E37E4A9 5 Bytes JMP 630049F9 .text C:\WINDOWS\system32\svchost.exe[1652] USER32.dll!SetWindowTextA 7E37F56B 5 Bytes JMP 63004D89 .text C:\WINDOWS\system32\svchost.exe[1652] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 63002951 .text C:\WINDOWS\system32\svchost.exe[1652] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 63003239 .text C:\WINDOWS\system32\svchost.exe[1652] USER32.dll!FindWindowExA 7E38214A 5 Bytes JMP 63005379 .text C:\WINDOWS\system32\svchost.exe[1652] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 63004CF1 .text C:\WINDOWS\system32\svchost.exe[1652] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 63004C59 .text C:\WINDOWS\system32\svchost.exe[1652] msvcrt.dll!__p__environ 77C0F1C5 5 Bytes JMP 63001C41 .text C:\WINDOWS\system32\svchost.exe[1652] msvcrt.dll!__p__fmode 77C0F1DB 5 Bytes JMP 63001CD9 .text C:\WINDOWS\system32\svchost.exe[1652] msvcrt.dll!__p__winver + B 77C0F2A1 5 Bytes JMP 63006121 .text C:\WINDOWS\system32\svchost.exe[1652] SHELL32.dll!StrStrW 7C9E7516 5 Bytes JMP 630061B9 .text C:\WINDOWS\system32\svchost.exe[1652] SHELL32.dll!Shell_NotifyIconW 7CA2A5DF 5 Bytes JMP 63004701 .text C:\Documents and Settings\b\Ustawienia lokalne\Dane aplikacji\Microsoft\BingSvc\BingSvc.exe[1668] ntdll.dll!NtClose + 5 7C90CFF3 5 Bytes JMP 63005F59 .text C:\Documents and Settings\b\Ustawienia lokalne\Dane aplikacji\Microsoft\BingSvc\BingSvc.exe[1668] ntdll.dll!NtCreateFile 7C90D0AE 10 Bytes JMP 63006A09 .text C:\Documents and Settings\b\Ustawienia lokalne\Dane aplikacji\Microsoft\BingSvc\BingSvc.exe[1668] ntdll.dll!NtCreateProcess + 5 7C90D153 5 Bytes JMP 63002C49 .text C:\Documents and Settings\b\Ustawienia lokalne\Dane aplikacji\Microsoft\BingSvc\BingSvc.exe[1668] ntdll.dll!NtCreateProcessEx + 5 7C90D163 5 Bytes JMP 63002CE1 .text C:\Documents and Settings\b\Ustawienia lokalne\Dane aplikacji\Microsoft\BingSvc\BingSvc.exe[1668] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 63002BB1 .text C:\Documents and Settings\b\Ustawienia lokalne\Dane aplikacji\Microsoft\BingSvc\BingSvc.exe[1668] ntdll.dll!NtDeviceIoControlFile + 5 7C90D283 5 Bytes JMP 63006AA1 .text C:\Documents and Settings\b\Ustawienia lokalne\Dane aplikacji\Microsoft\BingSvc\BingSvc.exe[1668] ntdll.dll!NtDuplicateObject + 5 7C90D2A3 5 Bytes JMP 63003071 .text C:\Documents and Settings\b\Ustawienia lokalne\Dane aplikacji\Microsoft\BingSvc\BingSvc.exe[1668] ntdll.dll!NtLoadDriver + 5 7C90D473 5 Bytes JMP 63005FF1 .text C:\Documents and Settings\b\Ustawienia lokalne\Dane aplikacji\Microsoft\BingSvc\BingSvc.exe[1668] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 630016E9 .text C:\Documents and Settings\b\Ustawienia lokalne\Dane aplikacji\Microsoft\BingSvc\BingSvc.exe[1668] ntdll.dll!NtOpenProcess + 5 7C90D603 5 Bytes JMP 63002F41 .text C:\Documents and Settings\b\Ustawienia lokalne\Dane aplikacji\Microsoft\BingSvc\BingSvc.exe[1668] ntdll.dll!NtQueueApcThread + 5 7C90D9A3 5 Bytes JMP 63002FD9 .text C:\Documents and Settings\b\Ustawienia lokalne\Dane aplikacji\Microsoft\BingSvc\BingSvc.exe[1668] ntdll.dll!NtRaiseHardError + 5 7C90D9C3 5 Bytes JMP 630044A1 .text C:\Documents and Settings\b\Ustawienia lokalne\Dane aplikacji\Microsoft\BingSvc\BingSvc.exe[1668] ntdll.dll!NtReadFile + 5 7C90D9D3 5 Bytes JMP 63006679 .text C:\Documents and Settings\b\Ustawienia lokalne\Dane aplikacji\Microsoft\BingSvc\BingSvc.exe[1668] ntdll.dll!NtSetContextThread + 5 7C90DBB3 5 Bytes JMP 63002EA9 .text C:\Documents and Settings\b\Ustawienia lokalne\Dane aplikacji\Microsoft\BingSvc\BingSvc.exe[1668] ntdll.dll!NtSetInformationProcess + 5 7C90DCA3 5 Bytes JMP 63005A01 .text C:\Documents and Settings\b\Ustawienia lokalne\Dane aplikacji\Microsoft\BingSvc\BingSvc.exe[1668] ntdll.dll!NtSetSystemInformation + 5 7C90DD63 5 Bytes JMP 63006089 .text C:\Documents and Settings\b\Ustawienia lokalne\Dane aplikacji\Microsoft\BingSvc\BingSvc.exe[1668] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 63002361 .text C:\Documents and Settings\b\Ustawienia lokalne\Dane aplikacji\Microsoft\BingSvc\BingSvc.exe[1668] ntdll.dll!NtSuspendProcess + 5 7C90DE33 5 Bytes JMP 630031A1 .text C:\Documents and Settings\b\Ustawienia lokalne\Dane aplikacji\Microsoft\BingSvc\BingSvc.exe[1668] ntdll.dll!NtSuspendThread + 5 7C90DE43 5 Bytes JMP 63003109 .text C:\Documents and Settings\b\Ustawienia lokalne\Dane aplikacji\Microsoft\BingSvc\BingSvc.exe[1668] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 63005969 .text C:\Documents and Settings\b\Ustawienia lokalne\Dane aplikacji\Microsoft\BingSvc\BingSvc.exe[1668] ntdll.dll!NtUnmapViewOfSection + 5 7C90DF13 5 Bytes JMP 63001781 .text C:\Documents and Settings\b\Ustawienia lokalne\Dane aplikacji\Microsoft\BingSvc\BingSvc.exe[1668] ntdll.dll!NtVdmControl + 5 7C90DF23 5 Bytes JMP 63006B39 .text C:\Documents and Settings\b\Ustawienia lokalne\Dane aplikacji\Microsoft\BingSvc\BingSvc.exe[1668] ntdll.dll!NtWriteVirtualMemory + 5 7C90DFB3 5 Bytes JMP 63002E11 .text C:\Documents and Settings\b\Ustawienia lokalne\Dane aplikacji\Microsoft\BingSvc\BingSvc.exe[1668] ntdll.dll!RtlCreateProcessParameters 7C92188B 5 Bytes JMP 63001FD1 .text C:\Documents and Settings\b\Ustawienia lokalne\Dane aplikacji\Microsoft\BingSvc\BingSvc.exe[1668] KERNEL32.dll!GetSystemTimeAsFileTime 7C8017E9 5 Bytes JMP 63001B11 .text C:\Documents and Settings\b\Ustawienia lokalne\Dane aplikacji\Microsoft\BingSvc\BingSvc.exe[1668] KERNEL32.dll!CreateFileA 7C801A28 5 Bytes JMP 630026F1 .text C:\Documents and Settings\b\Ustawienia lokalne\Dane aplikacji\Microsoft\BingSvc\BingSvc.exe[1668] KERNEL32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 63005B31 .text C:\Documents and Settings\b\Ustawienia lokalne\Dane aplikacji\Microsoft\BingSvc\BingSvc.exe[1668] KERNEL32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 63005A99 .text C:\Documents and Settings\b\Ustawienia lokalne\Dane aplikacji\Microsoft\BingSvc\BingSvc.exe[1668] KERNEL32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 630025C1 .text C:\Documents and Settings\b\Ustawienia lokalne\Dane aplikacji\Microsoft\BingSvc\BingSvc.exe[1668] KERNEL32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 63001EA1 .text C:\Documents and Settings\b\Ustawienia lokalne\Dane aplikacji\Microsoft\BingSvc\BingSvc.exe[1668] KERNEL32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 63001E09 .text C:\Documents and Settings\b\Ustawienia lokalne\Dane aplikacji\Microsoft\BingSvc\BingSvc.exe[1668] KERNEL32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 63003369 .text C:\Documents and Settings\b\Ustawienia lokalne\Dane aplikacji\Microsoft\BingSvc\BingSvc.exe[1668] KERNEL32.dll!CreateProcessA 7C80236B 5 Bytes JMP 63002821 .text C:\Documents and Settings\b\Ustawienia lokalne\Dane aplikacji\Microsoft\BingSvc\BingSvc.exe[1668] KERNEL32.dll!SleepEx 7C8023A0 5 Bytes JMP 630022C9 .text C:\Documents and Settings\b\Ustawienia lokalne\Dane aplikacji\Microsoft\BingSvc\BingSvc.exe[1668] KERNEL32.dll!Sleep 7C802446 5 Bytes JMP 63002491 .text C:\Documents and Settings\b\Ustawienia lokalne\Dane aplikacji\Microsoft\BingSvc\BingSvc.exe[1668] KERNEL32.dll!CloseHandle 7C809BE7 5 Bytes JMP 630038C1 .text C:\Documents and Settings\b\Ustawienia lokalne\Dane aplikacji\Microsoft\BingSvc\BingSvc.exe[1668] KERNEL32.dll!QueryPerformanceCounter 7C80A4C7 5 Bytes JMP 63001BA9 .text C:\Documents and Settings\b\Ustawienia lokalne\Dane aplikacji\Microsoft\BingSvc\BingSvc.exe[1668] KERNEL32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 63005BC9 .text C:\Documents and Settings\b\Ustawienia lokalne\Dane aplikacji\Microsoft\BingSvc\BingSvc.exe[1668] KERNEL32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 63002529 .text C:\Documents and Settings\b\Ustawienia lokalne\Dane aplikacji\Microsoft\BingSvc\BingSvc.exe[1668] KERNEL32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 630019E1 .text C:\Documents and Settings\b\Ustawienia lokalne\Dane aplikacji\Microsoft\BingSvc\BingSvc.exe[1668] KERNEL32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 63001A79 .text C:\Documents and Settings\b\Ustawienia lokalne\Dane aplikacji\Microsoft\BingSvc\BingSvc.exe[1668] KERNEL32.dll!CreateMutexW 7C80E957 5 Bytes JMP 63003829 .text C:\Documents and Settings\b\Ustawienia lokalne\Dane aplikacji\Microsoft\BingSvc\BingSvc.exe[1668] KERNEL32.dll!OpenMutexW 7C80EA35 5 Bytes JMP 63003791 .text C:\Documents and Settings\b\Ustawienia lokalne\Dane aplikacji\Microsoft\BingSvc\BingSvc.exe[1668] KERNEL32.dll!CreateRemoteThread 7C8104FC 5 Bytes JMP 63002A81 .text C:\Documents and Settings\b\Ustawienia lokalne\Dane aplikacji\Microsoft\BingSvc\BingSvc.exe[1668] KERNEL32.dll!CreateThread 7C810707 5 Bytes JMP 630032D1 .text C:\Documents and Settings\b\Ustawienia lokalne\Dane aplikacji\Microsoft\BingSvc\BingSvc.exe[1668] KERNEL32.dll!CreateProcessInternalW 7C8185EC 5 Bytes JMP 63002D79 .text C:\Documents and Settings\b\Ustawienia lokalne\Dane aplikacji\Microsoft\BingSvc\BingSvc.exe[1668] KERNEL32.dll!ExitProcess 7C81BFA2 5 Bytes JMP 630023F9 .text C:\Documents and Settings\b\Ustawienia lokalne\Dane aplikacji\Microsoft\BingSvc\BingSvc.exe[1668] KERNEL32.dll!MoveFileWithProgressW 7C81E786 5 Bytes JMP 630065E1 .text C:\Documents and Settings\b\Ustawienia lokalne\Dane aplikacji\Microsoft\BingSvc\BingSvc.exe[1668] KERNEL32.dll!DefineDosDeviceW 7C820F76 5 Bytes JMP 63006381 .text C:\Documents and Settings\b\Ustawienia lokalne\Dane aplikacji\Microsoft\BingSvc\BingSvc.exe[1668] KERNEL32.dll!MoveFileExW 7C8356FB 5 Bytes JMP 630064B1 .text C:\Documents and Settings\b\Ustawienia lokalne\Dane aplikacji\Microsoft\BingSvc\BingSvc.exe[1668] KERNEL32.dll!MoveFileWithProgressA 7C835F4E 5 Bytes JMP 63006549 .text C:\Documents and Settings\b\Ustawienia lokalne\Dane aplikacji\Microsoft\BingSvc\BingSvc.exe[1668] KERNEL32.dll!MoveFileExA 7C85F033 5 Bytes JMP 63006419 .text C:\Documents and Settings\b\Ustawienia lokalne\Dane aplikacji\Microsoft\BingSvc\BingSvc.exe[1668] KERNEL32.dll!WinExec 7C863231 5 Bytes JMP 63002789 .text C:\Documents and Settings\b\Ustawienia lokalne\Dane aplikacji\Microsoft\BingSvc\BingSvc.exe[1668] KERNEL32.dll!Process32NextW 7C865D4F 5 Bytes JMP 63005EC1 .text C:\Documents and Settings\b\Ustawienia lokalne\Dane aplikacji\Microsoft\BingSvc\BingSvc.exe[1668] KERNEL32.dll!CreateToolhelp32Snapshot 7C8669A7 5 Bytes JMP 63002659 .text C:\Documents and Settings\b\Ustawienia lokalne\Dane aplikacji\Microsoft\BingSvc\BingSvc.exe[1668] KERNEL32.dll!ReadConsoleA 7C8738C5 5 Bytes JMP 63004371 .text C:\Documents and Settings\b\Ustawienia lokalne\Dane aplikacji\Microsoft\BingSvc\BingSvc.exe[1668] KERNEL32.dll!ReadConsoleW 7C873914 5 Bytes JMP 63004409 .text C:\Documents and Settings\b\Ustawienia lokalne\Dane aplikacji\Microsoft\BingSvc\BingSvc.exe[1668] KERNEL32.dll!ReadConsoleInputA 7C87537B 5 Bytes JMP 63004241 .text C:\Documents and Settings\b\Ustawienia lokalne\Dane aplikacji\Microsoft\BingSvc\BingSvc.exe[1668] KERNEL32.dll!ReadConsoleInputW 7C87539E 5 Bytes JMP 630042D9 .text C:\Documents and Settings\b\Ustawienia lokalne\Dane aplikacji\Microsoft\BingSvc\BingSvc.exe[1668] ADVAPI32.dll!RegQueryValueExW + 10C 77DC710B 5 Bytes JMP 63006D01 .text C:\Documents and Settings\b\Ustawienia lokalne\Dane aplikacji\Microsoft\BingSvc\BingSvc.exe[1668] ADVAPI32.dll!CloseServiceHandle 77DD6CE5 5 Bytes JMP 63003CE9 .text C:\Documents and Settings\b\Ustawienia lokalne\Dane aplikacji\Microsoft\BingSvc\BingSvc.exe[1668] ADVAPI32.dll!OpenServiceW 77DD6FFD 5 Bytes JMP 630039F1 .text C:\Documents and Settings\b\Ustawienia lokalne\Dane aplikacji\Microsoft\BingSvc\BingSvc.exe[1668] ADVAPI32.dll!ControlService 77DE4A09 5 Bytes JMP 63003A89 .text C:\Documents and Settings\b\Ustawienia lokalne\Dane aplikacji\Microsoft\BingSvc\BingSvc.exe[1668] ADVAPI32.dll!OpenServiceA 77DE4C66 5 Bytes JMP 63003959 .text C:\Documents and Settings\b\Ustawienia lokalne\Dane aplikacji\Microsoft\BingSvc\BingSvc.exe[1668] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 63003BB9 .text C:\Documents and Settings\b\Ustawienia lokalne\Dane aplikacji\Microsoft\BingSvc\BingSvc.exe[1668] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 63003C51 .text C:\Documents and Settings\b\Ustawienia lokalne\Dane aplikacji\Microsoft\BingSvc\BingSvc.exe[1668] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 63003EB1 .text C:\Documents and Settings\b\Ustawienia lokalne\Dane aplikacji\Microsoft\BingSvc\BingSvc.exe[1668] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 63003F49 .text C:\Documents and Settings\b\Ustawienia lokalne\Dane aplikacji\Microsoft\BingSvc\BingSvc.exe[1668] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 63003B21 .text C:\Documents and Settings\b\Ustawienia lokalne\Dane aplikacji\Microsoft\BingSvc\BingSvc.exe[1668] USER32.dll!PostMessageW 7E368CCB 5 Bytes JMP 63006C69 .text C:\Documents and Settings\b\Ustawienia lokalne\Dane aplikacji\Microsoft\BingSvc\BingSvc.exe[1668] USER32.dll!GetMessageW 7E3691C6 5 Bytes JMP 63004079 .text C:\Documents and Settings\b\Ustawienia lokalne\Dane aplikacji\Microsoft\BingSvc\BingSvc.exe[1668] USER32.dll!PeekMessageW 7E36929B 5 Bytes JMP 630041A9 .text C:\Documents and Settings\b\Ustawienia lokalne\Dane aplikacji\Microsoft\BingSvc\BingSvc.exe[1668] USER32.dll!UserClientDllInitialize 7E36B217 5 Bytes JMP 63006D99 .text C:\Documents and Settings\b\Ustawienia lokalne\Dane aplikacji\Microsoft\BingSvc\BingSvc.exe[1668] USER32.dll!FindWindowExW 7E36E0E3 5 Bytes JMP 63005E29 .text C:\Documents and Settings\b\Ustawienia lokalne\Dane aplikacji\Microsoft\BingSvc\BingSvc.exe[1668] USER32.dll!DialogBoxIndirectParamAorW 7E3749D0 5 Bytes JMP 63005541 .text C:\Documents and Settings\b\Ustawienia lokalne\Dane aplikacji\Microsoft\BingSvc\BingSvc.exe[1668] USER32.dll!CreateDialogIndirectParamAorW 7E37680B 5 Bytes JMP 630054A9 .text C:\Documents and Settings\b\Ustawienia lokalne\Dane aplikacji\Microsoft\BingSvc\BingSvc.exe[1668] USER32.dll!GetMessageA 7E37772B 5 Bytes JMP 63003FE1 .text C:\Documents and Settings\b\Ustawienia lokalne\Dane aplikacji\Microsoft\BingSvc\BingSvc.exe[1668] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 630029E9 .text C:\Documents and Settings\b\Ustawienia lokalne\Dane aplikacji\Microsoft\BingSvc\BingSvc.exe[1668] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 63005C61 .text C:\Documents and Settings\b\Ustawienia lokalne\Dane aplikacji\Microsoft\BingSvc\BingSvc.exe[1668] USER32.dll!SetWindowTextW 7E37960E 5 Bytes JMP 630057A1 .text C:\Documents and Settings\b\Ustawienia lokalne\Dane aplikacji\Microsoft\BingSvc\BingSvc.exe[1668] USER32.dll!PeekMessageA 7E37A340 5 Bytes JMP 63004111 .text C:\Documents and Settings\b\Ustawienia lokalne\Dane aplikacji\Microsoft\BingSvc\BingSvc.exe[1668] USER32.dll!PostMessageA 7E37AAFD 5 Bytes JMP 63006BD1 .text C:\Documents and Settings\b\Ustawienia lokalne\Dane aplikacji\Microsoft\BingSvc\BingSvc.exe[1668] USER32.dll!ShowWindow 7E37AF56 5 Bytes JMP 63005411 .text C:\Documents and Settings\b\Ustawienia lokalne\Dane aplikacji\Microsoft\BingSvc\BingSvc.exe[1668] USER32.dll!CallNextHookEx 7E37B3C6 5 Bytes JMP 630045D1 .text C:\Documents and Settings\b\Ustawienia lokalne\Dane aplikacji\Microsoft\BingSvc\BingSvc.exe[1668] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 63005D91 .text C:\Documents and Settings\b\Ustawienia lokalne\Dane aplikacji\Microsoft\BingSvc\BingSvc.exe[1668] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 630052E1 .text C:\Documents and Settings\b\Ustawienia lokalne\Dane aplikacji\Microsoft\BingSvc\BingSvc.exe[1668] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 63004669 .text C:\Documents and Settings\b\Ustawienia lokalne\Dane aplikacji\Microsoft\BingSvc\BingSvc.exe[1668] USER32.dll!CreateWindowExA 7E37E4A9 5 Bytes JMP 63005379 .text C:\Documents and Settings\b\Ustawienia lokalne\Dane aplikacji\Microsoft\BingSvc\BingSvc.exe[1668] USER32.dll!SetWindowTextA 7E37F56B 5 Bytes JMP 63005709 .text C:\Documents and Settings\b\Ustawienia lokalne\Dane aplikacji\Microsoft\BingSvc\BingSvc.exe[1668] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 63002951 .text C:\Documents and Settings\b\Ustawienia lokalne\Dane aplikacji\Microsoft\BingSvc\BingSvc.exe[1668] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 63003239 .text C:\Documents and Settings\b\Ustawienia lokalne\Dane aplikacji\Microsoft\BingSvc\BingSvc.exe[1668] USER32.dll!FindWindowExA 7E38214A 5 Bytes JMP 63005CF9 .text C:\Documents and Settings\b\Ustawienia lokalne\Dane aplikacji\Microsoft\BingSvc\BingSvc.exe[1668] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 63005671 .text C:\Documents and Settings\b\Ustawienia lokalne\Dane aplikacji\Microsoft\BingSvc\BingSvc.exe[1668] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 630055D9 .text C:\Documents and Settings\b\Ustawienia lokalne\Dane aplikacji\Microsoft\BingSvc\BingSvc.exe[1668] msvcrt.dll!__p__environ 77C0F1C5 5 Bytes JMP 63001C41 .text C:\Documents and Settings\b\Ustawienia lokalne\Dane aplikacji\Microsoft\BingSvc\BingSvc.exe[1668] msvcrt.dll!__p__fmode 77C0F1DB 5 Bytes JMP 63001CD9 .text C:\Documents and Settings\b\Ustawienia lokalne\Dane aplikacji\Microsoft\BingSvc\BingSvc.exe[1668] msvcrt.dll!__p__winver + B 77C0F2A1 5 Bytes JMP 63006E31 .text C:\Documents and Settings\b\Ustawienia lokalne\Dane aplikacji\Microsoft\BingSvc\BingSvc.exe[1668] SHELL32.dll!StrStrW 7C9E7516 5 Bytes JMP 63006F61 .text C:\Documents and Settings\b\Ustawienia lokalne\Dane aplikacji\Microsoft\BingSvc\BingSvc.exe[1668] SHELL32.dll!Shell_NotifyIconW 7CA2A5DF 5 Bytes JMP 63004701 .text C:\WINDOWS\system32\svchost.exe[1708] ntdll.dll!NtClose + 5 7C90CFF3 5 Bytes JMP 630055D9 .text C:\WINDOWS\system32\svchost.exe[1708] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 63001F39 .text C:\WINDOWS\system32\svchost.exe[1708] ntdll.dll!NtCreateProcess + 5 7C90D153 5 Bytes JMP 63002C49 .text C:\WINDOWS\system32\svchost.exe[1708] ntdll.dll!NtCreateProcessEx + 5 7C90D163 5 Bytes JMP 63002CE1 .text C:\WINDOWS\system32\svchost.exe[1708] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 63002BB1 .text C:\WINDOWS\system32\svchost.exe[1708] ntdll.dll!NtDuplicateObject + 5 7C90D2A3 5 Bytes JMP 63003071 .text C:\WINDOWS\system32\svchost.exe[1708] ntdll.dll!NtLoadDriver + 5 7C90D473 5 Bytes JMP 63005671 .text C:\WINDOWS\system32\svchost.exe[1708] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 630016E9 .text C:\WINDOWS\system32\svchost.exe[1708] ntdll.dll!NtOpenProcess + 5 7C90D603 5 Bytes JMP 63002F41 .text C:\WINDOWS\system32\svchost.exe[1708] ntdll.dll!NtQueueApcThread + 5 7C90D9A3 5 Bytes JMP 63002FD9 .text C:\WINDOWS\system32\svchost.exe[1708] ntdll.dll!NtRaiseHardError + 5 7C90D9C3 5 Bytes JMP 630044A1 .text C:\WINDOWS\system32\svchost.exe[1708] ntdll.dll!NtSetContextThread + 5 7C90DBB3 5 Bytes JMP 63002EA9 .text C:\WINDOWS\system32\svchost.exe[1708] ntdll.dll!NtSetInformationProcess + 5 7C90DCA3 5 Bytes JMP 63005081 .text C:\WINDOWS\system32\svchost.exe[1708] ntdll.dll!NtSetSystemInformation + 5 7C90DD63 5 Bytes JMP 63005709 .text C:\WINDOWS\system32\svchost.exe[1708] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 63002361 .text C:\WINDOWS\system32\svchost.exe[1708] ntdll.dll!NtSuspendProcess + 5 7C90DE33 5 Bytes JMP 630031A1 .text C:\WINDOWS\system32\svchost.exe[1708] ntdll.dll!NtSuspendThread + 5 7C90DE43 5 Bytes JMP 63003109 .text C:\WINDOWS\system32\svchost.exe[1708] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 63004FE9 .text C:\WINDOWS\system32\svchost.exe[1708] ntdll.dll!NtUnmapViewOfSection + 5 7C90DF13 5 Bytes JMP 63001781 .text C:\WINDOWS\system32\svchost.exe[1708] ntdll.dll!NtWriteVirtualMemory + 5 7C90DFB3 5 Bytes JMP 63002E11 .text C:\WINDOWS\system32\svchost.exe[1708] ntdll.dll!RtlCreateProcessParameters 7C92188B 5 Bytes JMP 63001FD1 .text C:\WINDOWS\system32\svchost.exe[1708] KERNEL32.dll!GetSystemTimeAsFileTime 7C8017E9 5 Bytes JMP 63001B11 .text C:\WINDOWS\system32\svchost.exe[1708] KERNEL32.dll!CreateFileA 7C801A28 5 Bytes JMP 630026F1 .text C:\WINDOWS\system32\svchost.exe[1708] KERNEL32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 630051B1 .text C:\WINDOWS\system32\svchost.exe[1708] KERNEL32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 63005119 .text C:\WINDOWS\system32\svchost.exe[1708] KERNEL32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 630025C1 .text C:\WINDOWS\system32\svchost.exe[1708] KERNEL32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 63001EA1 .text C:\WINDOWS\system32\svchost.exe[1708] KERNEL32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 63001E09 .text C:\WINDOWS\system32\svchost.exe[1708] KERNEL32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 63003369 .text C:\WINDOWS\system32\svchost.exe[1708] KERNEL32.dll!CreateProcessA 7C80236B 5 Bytes JMP 63002821 .text C:\WINDOWS\system32\svchost.exe[1708] KERNEL32.dll!SleepEx 7C8023A0 5 Bytes JMP 630022C9 .text C:\WINDOWS\system32\svchost.exe[1708] KERNEL32.dll!Sleep 7C802446 5 Bytes JMP 63002491 .text C:\WINDOWS\system32\svchost.exe[1708] KERNEL32.dll!CloseHandle 7C809BE7 5 Bytes JMP 630038C1 .text C:\WINDOWS\system32\svchost.exe[1708] KERNEL32.dll!QueryPerformanceCounter 7C80A4C7 5 Bytes JMP 63001BA9 .text C:\WINDOWS\system32\svchost.exe[1708] KERNEL32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 63005249 .text C:\WINDOWS\system32\svchost.exe[1708] KERNEL32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 63002529 .text C:\WINDOWS\system32\svchost.exe[1708] KERNEL32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 630019E1 .text C:\WINDOWS\system32\svchost.exe[1708] KERNEL32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 63001A79 .text C:\WINDOWS\system32\svchost.exe[1708] KERNEL32.dll!CreateMutexW 7C80E957 5 Bytes JMP 63003829 .text C:\WINDOWS\system32\svchost.exe[1708] KERNEL32.dll!OpenMutexW 7C80EA35 5 Bytes JMP 63003791 .text C:\WINDOWS\system32\svchost.exe[1708] KERNEL32.dll!CreateRemoteThread 7C8104FC 5 Bytes JMP 63002A81 .text C:\WINDOWS\system32\svchost.exe[1708] KERNEL32.dll!CreateThread 7C810707 5 Bytes JMP 630032D1 .text C:\WINDOWS\system32\svchost.exe[1708] KERNEL32.dll!CreateProcessInternalW 7C8185EC 5 Bytes JMP 63002D79 .text C:\WINDOWS\system32\svchost.exe[1708] KERNEL32.dll!ExitProcess 7C81BFA2 5 Bytes JMP 630023F9 .text C:\WINDOWS\system32\svchost.exe[1708] KERNEL32.dll!MoveFileWithProgressW 7C81E786 5 Bytes JMP 63005C61 .text C:\WINDOWS\system32\svchost.exe[1708] KERNEL32.dll!DefineDosDeviceW 7C820F76 5 Bytes JMP 63005A01 .text C:\WINDOWS\system32\svchost.exe[1708] KERNEL32.dll!MoveFileExW 7C8356FB 5 Bytes JMP 63005B31 .text C:\WINDOWS\system32\svchost.exe[1708] KERNEL32.dll!MoveFileWithProgressA 7C835F4E 5 Bytes JMP 63005BC9 .text C:\WINDOWS\system32\svchost.exe[1708] KERNEL32.dll!MoveFileExA 7C85F033 5 Bytes JMP 63005A99 .text C:\WINDOWS\system32\svchost.exe[1708] KERNEL32.dll!WinExec 7C863231 5 Bytes JMP 63002789 .text C:\WINDOWS\system32\svchost.exe[1708] KERNEL32.dll!Process32NextW 7C865D4F 5 Bytes JMP 63005541 .text C:\WINDOWS\system32\svchost.exe[1708] KERNEL32.dll!CreateToolhelp32Snapshot 7C8669A7 5 Bytes JMP 63002659 .text C:\WINDOWS\system32\svchost.exe[1708] KERNEL32.dll!ReadConsoleA 7C8738C5 5 Bytes JMP 63004371 .text C:\WINDOWS\system32\svchost.exe[1708] KERNEL32.dll!ReadConsoleW 7C873914 5 Bytes JMP 63004409 .text C:\WINDOWS\system32\svchost.exe[1708] KERNEL32.dll!ReadConsoleInputA 7C87537B 5 Bytes JMP 63004241 .text C:\WINDOWS\system32\svchost.exe[1708] KERNEL32.dll!ReadConsoleInputW 7C87539E 5 Bytes JMP 630042D9 .text C:\WINDOWS\system32\svchost.exe[1708] ADVAPI32.dll!RegQueryValueExW + 10C 77DC710B 5 Bytes JMP 63005FF1 .text C:\WINDOWS\system32\svchost.exe[1708] ADVAPI32.dll!CloseServiceHandle 77DD6CE5 5 Bytes JMP 63003CE9 .text C:\WINDOWS\system32\svchost.exe[1708] ADVAPI32.dll!OpenServiceW 77DD6FFD 5 Bytes JMP 630039F1 .text C:\WINDOWS\system32\svchost.exe[1708] ADVAPI32.dll!ControlService 77DE4A09 5 Bytes JMP 63003A89 .text C:\WINDOWS\system32\svchost.exe[1708] ADVAPI32.dll!OpenServiceA 77DE4C66 5 Bytes JMP 63003959 .text C:\WINDOWS\system32\svchost.exe[1708] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 63003BB9 .text C:\WINDOWS\system32\svchost.exe[1708] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 63003C51 .text C:\WINDOWS\system32\svchost.exe[1708] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 63003EB1 .text C:\WINDOWS\system32\svchost.exe[1708] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 63003F49 .text C:\WINDOWS\system32\svchost.exe[1708] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 63003B21 .text C:\WINDOWS\system32\svchost.exe[1708] USER32.dll!GetMessageW 7E3691C6 5 Bytes JMP 63004079 .text C:\WINDOWS\system32\svchost.exe[1708] USER32.dll!PeekMessageW 7E36929B 5 Bytes JMP 630041A9 .text C:\WINDOWS\system32\svchost.exe[1708] USER32.dll!UserClientDllInitialize 7E36B217 5 Bytes JMP 63006089 .text C:\WINDOWS\system32\svchost.exe[1708] USER32.dll!FindWindowExW 7E36E0E3 5 Bytes JMP 630054A9 .text C:\WINDOWS\system32\svchost.exe[1708] USER32.dll!DialogBoxIndirectParamAorW 7E3749D0 5 Bytes JMP 63004BC1 .text C:\WINDOWS\system32\svchost.exe[1708] USER32.dll!CreateDialogIndirectParamAorW 7E37680B 5 Bytes JMP 63004B29 .text C:\WINDOWS\system32\svchost.exe[1708] USER32.dll!GetMessageA 7E37772B 5 Bytes JMP 63003FE1 .text C:\WINDOWS\system32\svchost.exe[1708] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 630029E9 .text C:\WINDOWS\system32\svchost.exe[1708] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 630052E1 .text C:\WINDOWS\system32\svchost.exe[1708] USER32.dll!SetWindowTextW 7E37960E 5 Bytes JMP 63004E21 .text C:\WINDOWS\system32\svchost.exe[1708] USER32.dll!PeekMessageA 7E37A340 5 Bytes JMP 63004111 .text C:\WINDOWS\system32\svchost.exe[1708] USER32.dll!ShowWindow 7E37AF56 5 Bytes JMP 63004A91 .text C:\WINDOWS\system32\svchost.exe[1708] USER32.dll!CallNextHookEx 7E37B3C6 5 Bytes JMP 630045D1 .text C:\WINDOWS\system32\svchost.exe[1708] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 63005411 .text C:\WINDOWS\system32\svchost.exe[1708] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 63004961 .text C:\WINDOWS\system32\svchost.exe[1708] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 63004669 .text C:\WINDOWS\system32\svchost.exe[1708] USER32.dll!CreateWindowExA 7E37E4A9 5 Bytes JMP 630049F9 .text C:\WINDOWS\system32\svchost.exe[1708] USER32.dll!SetWindowTextA 7E37F56B 5 Bytes JMP 63004D89 .text C:\WINDOWS\system32\svchost.exe[1708] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 63002951 .text C:\WINDOWS\system32\svchost.exe[1708] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 63003239 .text C:\WINDOWS\system32\svchost.exe[1708] USER32.dll!FindWindowExA 7E38214A 5 Bytes JMP 63005379 .text C:\WINDOWS\system32\svchost.exe[1708] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 63004CF1 .text C:\WINDOWS\system32\svchost.exe[1708] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 63004C59 .text C:\WINDOWS\system32\svchost.exe[1708] msvcrt.dll!__p__environ 77C0F1C5 5 Bytes JMP 63001C41 .text C:\WINDOWS\system32\svchost.exe[1708] msvcrt.dll!__p__fmode 77C0F1DB 5 Bytes JMP 63001CD9 .text C:\WINDOWS\system32\svchost.exe[1708] msvcrt.dll!__p__winver + B 77C0F2A1 5 Bytes JMP 63006121 .text C:\WINDOWS\system32\svchost.exe[1708] SHELL32.dll!StrStrW 7C9E7516 5 Bytes JMP 630061B9 .text C:\WINDOWS\system32\svchost.exe[1708] SHELL32.dll!Shell_NotifyIconW 7CA2A5DF 5 Bytes JMP 63004701 .text C:\WINDOWS\system32\svchost.exe[1708] WS2_32.dll!WEP 71A51273 5 Bytes JMP 630062E9 .text C:\WINDOWS\system32\svchost.exe[1708] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 63004799 .text C:\WINDOWS\system32\svchost.exe[1708] WS2_32.dll!closesocket 71A53E2B 5 Bytes JMP 63004F51 .text C:\WINDOWS\system32\svchost.exe[1708] WS2_32.dll!WSASocketW 71A5404E 5 Bytes JMP 63004EB9 .text C:\WINDOWS\system32\svchost.exe[1708] WS2_32.dll!socket 71A54211 5 Bytes JMP 63005CF9 .text C:\WINDOWS\system32\svchost.exe[1708] WS2_32.dll!connect 71A54A07 5 Bytes JMP 63003E19 .text C:\WINDOWS\system32\svchost.exe[1708] WS2_32.dll!send 71A54C27 5 Bytes JMP 63002101 .text C:\WINDOWS\system32\svchost.exe[1708] WS2_32.dll!WSARecv 71A54CB5 5 Bytes JMP 63005F59 .text C:\WINDOWS\system32\svchost.exe[1708] WS2_32.dll!gethostbyname 71A55355 5 Bytes JMP 630048C9 .text C:\WINDOWS\system32\svchost.exe[1708] WS2_32.dll!recv 71A5676F 5 Bytes JMP 63005EC1 .text C:\WINDOWS\system32\svchost.exe[1708] WS2_32.dll!WSASend 71A568FA 5 Bytes JMP 63002199 .text C:\WINDOWS\system32\svchost.exe[1708] WS2_32.dll!WSAConnect 71A60C81 5 Bytes JMP 63005E29 .text C:\WINDOWS\system32\svchost.exe[1740] ntdll.dll!NtClose + 5 7C90CFF3 5 Bytes JMP 630055D9 .text C:\WINDOWS\system32\svchost.exe[1740] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 63001F39 .text C:\WINDOWS\system32\svchost.exe[1740] ntdll.dll!NtCreateProcess + 5 7C90D153 5 Bytes JMP 63002C49 .text C:\WINDOWS\system32\svchost.exe[1740] ntdll.dll!NtCreateProcessEx + 5 7C90D163 5 Bytes JMP 63002CE1 .text C:\WINDOWS\system32\svchost.exe[1740] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 63002BB1 .text C:\WINDOWS\system32\svchost.exe[1740] ntdll.dll!NtDuplicateObject + 5 7C90D2A3 5 Bytes JMP 63003071 .text C:\WINDOWS\system32\svchost.exe[1740] ntdll.dll!NtLoadDriver + 5 7C90D473 5 Bytes JMP 63005671 .text C:\WINDOWS\system32\svchost.exe[1740] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 630016E9 .text C:\WINDOWS\system32\svchost.exe[1740] ntdll.dll!NtOpenProcess + 5 7C90D603 5 Bytes JMP 63002F41 .text C:\WINDOWS\system32\svchost.exe[1740] ntdll.dll!NtQueueApcThread + 5 7C90D9A3 5 Bytes JMP 63002FD9 .text C:\WINDOWS\system32\svchost.exe[1740] ntdll.dll!NtRaiseHardError + 5 7C90D9C3 5 Bytes JMP 630044A1 .text C:\WINDOWS\system32\svchost.exe[1740] ntdll.dll!NtSetContextThread + 5 7C90DBB3 5 Bytes JMP 63002EA9 .text C:\WINDOWS\system32\svchost.exe[1740] ntdll.dll!NtSetInformationProcess + 5 7C90DCA3 5 Bytes JMP 63005081 .text C:\WINDOWS\system32\svchost.exe[1740] ntdll.dll!NtSetSystemInformation + 5 7C90DD63 5 Bytes JMP 63005709 .text C:\WINDOWS\system32\svchost.exe[1740] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 63002361 .text C:\WINDOWS\system32\svchost.exe[1740] ntdll.dll!NtSuspendProcess + 5 7C90DE33 5 Bytes JMP 630031A1 .text C:\WINDOWS\system32\svchost.exe[1740] ntdll.dll!NtSuspendThread + 5 7C90DE43 5 Bytes JMP 63003109 .text C:\WINDOWS\system32\svchost.exe[1740] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 63004FE9 .text C:\WINDOWS\system32\svchost.exe[1740] ntdll.dll!NtUnmapViewOfSection + 5 7C90DF13 5 Bytes JMP 63001781 .text C:\WINDOWS\system32\svchost.exe[1740] ntdll.dll!NtWriteVirtualMemory + 5 7C90DFB3 5 Bytes JMP 63002E11 .text C:\WINDOWS\system32\svchost.exe[1740] ntdll.dll!RtlCreateProcessParameters 7C92188B 5 Bytes JMP 63001FD1 .text C:\WINDOWS\system32\svchost.exe[1740] KERNEL32.dll!GetSystemTimeAsFileTime 7C8017E9 5 Bytes JMP 63001B11 .text C:\WINDOWS\system32\svchost.exe[1740] KERNEL32.dll!CreateFileA 7C801A28 5 Bytes JMP 630026F1 .text C:\WINDOWS\system32\svchost.exe[1740] KERNEL32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 630051B1 .text C:\WINDOWS\system32\svchost.exe[1740] KERNEL32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 63005119 .text C:\WINDOWS\system32\svchost.exe[1740] KERNEL32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 630025C1 .text C:\WINDOWS\system32\svchost.exe[1740] KERNEL32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 63001EA1 .text C:\WINDOWS\system32\svchost.exe[1740] KERNEL32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 63001E09 .text C:\WINDOWS\system32\svchost.exe[1740] KERNEL32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 63003369 .text C:\WINDOWS\system32\svchost.exe[1740] KERNEL32.dll!CreateProcessA 7C80236B 5 Bytes JMP 63002821 .text C:\WINDOWS\system32\svchost.exe[1740] KERNEL32.dll!SleepEx 7C8023A0 5 Bytes JMP 630022C9 .text C:\WINDOWS\system32\svchost.exe[1740] KERNEL32.dll!Sleep 7C802446 5 Bytes JMP 63002491 .text C:\WINDOWS\system32\svchost.exe[1740] KERNEL32.dll!CloseHandle 7C809BE7 5 Bytes JMP 630038C1 .text C:\WINDOWS\system32\svchost.exe[1740] KERNEL32.dll!QueryPerformanceCounter 7C80A4C7 5 Bytes JMP 63001BA9 .text C:\WINDOWS\system32\svchost.exe[1740] KERNEL32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 63005249 .text C:\WINDOWS\system32\svchost.exe[1740] KERNEL32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 63002529 .text C:\WINDOWS\system32\svchost.exe[1740] KERNEL32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 630019E1 .text C:\WINDOWS\system32\svchost.exe[1740] KERNEL32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 63001A79 .text C:\WINDOWS\system32\svchost.exe[1740] KERNEL32.dll!CreateMutexW 7C80E957 5 Bytes JMP 63003829 .text C:\WINDOWS\system32\svchost.exe[1740] KERNEL32.dll!OpenMutexW 7C80EA35 5 Bytes JMP 63003791 .text C:\WINDOWS\system32\svchost.exe[1740] KERNEL32.dll!CreateRemoteThread 7C8104FC 5 Bytes JMP 63002A81 .text C:\WINDOWS\system32\svchost.exe[1740] KERNEL32.dll!CreateThread 7C810707 5 Bytes JMP 630032D1 .text C:\WINDOWS\system32\svchost.exe[1740] KERNEL32.dll!CreateProcessInternalW 7C8185EC 5 Bytes JMP 63002D79 .text C:\WINDOWS\system32\svchost.exe[1740] KERNEL32.dll!ExitProcess 7C81BFA2 5 Bytes JMP 630023F9 .text C:\WINDOWS\system32\svchost.exe[1740] KERNEL32.dll!MoveFileWithProgressW 7C81E786 5 Bytes JMP 63005C61 .text C:\WINDOWS\system32\svchost.exe[1740] KERNEL32.dll!DefineDosDeviceW 7C820F76 5 Bytes JMP 63005A01 .text C:\WINDOWS\system32\svchost.exe[1740] KERNEL32.dll!MoveFileExW 7C8356FB 5 Bytes JMP 63005B31 .text C:\WINDOWS\system32\svchost.exe[1740] KERNEL32.dll!MoveFileWithProgressA 7C835F4E 5 Bytes JMP 63005BC9 .text C:\WINDOWS\system32\svchost.exe[1740] KERNEL32.dll!MoveFileExA 7C85F033 5 Bytes JMP 63005A99 .text C:\WINDOWS\system32\svchost.exe[1740] KERNEL32.dll!WinExec 7C863231 5 Bytes JMP 63002789 .text C:\WINDOWS\system32\svchost.exe[1740] KERNEL32.dll!Process32NextW 7C865D4F 5 Bytes JMP 63005541 .text C:\WINDOWS\system32\svchost.exe[1740] KERNEL32.dll!CreateToolhelp32Snapshot 7C8669A7 5 Bytes JMP 63002659 .text C:\WINDOWS\system32\svchost.exe[1740] KERNEL32.dll!ReadConsoleA 7C8738C5 5 Bytes JMP 63004371 .text C:\WINDOWS\system32\svchost.exe[1740] KERNEL32.dll!ReadConsoleW 7C873914 5 Bytes JMP 63004409 .text C:\WINDOWS\system32\svchost.exe[1740] KERNEL32.dll!ReadConsoleInputA 7C87537B 5 Bytes JMP 63004241 .text C:\WINDOWS\system32\svchost.exe[1740] KERNEL32.dll!ReadConsoleInputW 7C87539E 5 Bytes JMP 630042D9 .text C:\WINDOWS\system32\svchost.exe[1740] ADVAPI32.dll!RegQueryValueExW + 10C 77DC710B 5 Bytes JMP 63005FF1 .text C:\WINDOWS\system32\svchost.exe[1740] ADVAPI32.dll!CloseServiceHandle 77DD6CE5 5 Bytes JMP 63003CE9 .text C:\WINDOWS\system32\svchost.exe[1740] ADVAPI32.dll!OpenServiceW 77DD6FFD 5 Bytes JMP 630039F1 .text C:\WINDOWS\system32\svchost.exe[1740] ADVAPI32.dll!ControlService 77DE4A09 5 Bytes JMP 63003A89 .text C:\WINDOWS\system32\svchost.exe[1740] ADVAPI32.dll!OpenServiceA 77DE4C66 5 Bytes JMP 63003959 .text C:\WINDOWS\system32\svchost.exe[1740] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 63003BB9 .text C:\WINDOWS\system32\svchost.exe[1740] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 63003C51 .text C:\WINDOWS\system32\svchost.exe[1740] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 63003EB1 .text C:\WINDOWS\system32\svchost.exe[1740] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 63003F49 .text C:\WINDOWS\system32\svchost.exe[1740] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 63003B21 .text C:\WINDOWS\system32\svchost.exe[1740] USER32.dll!GetMessageW 7E3691C6 5 Bytes JMP 63004079 .text C:\WINDOWS\system32\svchost.exe[1740] USER32.dll!PeekMessageW 7E36929B 5 Bytes JMP 630041A9 .text C:\WINDOWS\system32\svchost.exe[1740] USER32.dll!UserClientDllInitialize 7E36B217 5 Bytes JMP 63006089 .text C:\WINDOWS\system32\svchost.exe[1740] USER32.dll!FindWindowExW 7E36E0E3 5 Bytes JMP 630054A9 .text C:\WINDOWS\system32\svchost.exe[1740] USER32.dll!DialogBoxIndirectParamAorW 7E3749D0 5 Bytes JMP 63004BC1 .text C:\WINDOWS\system32\svchost.exe[1740] USER32.dll!CreateDialogIndirectParamAorW 7E37680B 5 Bytes JMP 63004B29 .text C:\WINDOWS\system32\svchost.exe[1740] USER32.dll!GetMessageA 7E37772B 5 Bytes JMP 63003FE1 .text C:\WINDOWS\system32\svchost.exe[1740] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 630029E9 .text C:\WINDOWS\system32\svchost.exe[1740] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 630052E1 .text C:\WINDOWS\system32\svchost.exe[1740] USER32.dll!SetWindowTextW 7E37960E 5 Bytes JMP 63004E21 .text C:\WINDOWS\system32\svchost.exe[1740] USER32.dll!PeekMessageA 7E37A340 5 Bytes JMP 63004111 .text C:\WINDOWS\system32\svchost.exe[1740] USER32.dll!ShowWindow 7E37AF56 5 Bytes JMP 63004A91 .text C:\WINDOWS\system32\svchost.exe[1740] USER32.dll!CallNextHookEx 7E37B3C6 5 Bytes JMP 630045D1 .text C:\WINDOWS\system32\svchost.exe[1740] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 63005411 .text C:\WINDOWS\system32\svchost.exe[1740] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 63004961 .text C:\WINDOWS\system32\svchost.exe[1740] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 63004669 .text C:\WINDOWS\system32\svchost.exe[1740] USER32.dll!CreateWindowExA 7E37E4A9 5 Bytes JMP 630049F9 .text C:\WINDOWS\system32\svchost.exe[1740] USER32.dll!SetWindowTextA 7E37F56B 5 Bytes JMP 63004D89 .text C:\WINDOWS\system32\svchost.exe[1740] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 63002951 .text C:\WINDOWS\system32\svchost.exe[1740] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 63003239 .text C:\WINDOWS\system32\svchost.exe[1740] USER32.dll!FindWindowExA 7E38214A 5 Bytes JMP 63005379 .text C:\WINDOWS\system32\svchost.exe[1740] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 63004CF1 .text C:\WINDOWS\system32\svchost.exe[1740] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 63004C59 .text C:\WINDOWS\system32\svchost.exe[1740] msvcrt.dll!__p__environ 77C0F1C5 5 Bytes JMP 63001C41 .text C:\WINDOWS\system32\svchost.exe[1740] msvcrt.dll!__p__fmode 77C0F1DB 5 Bytes JMP 63001CD9 .text C:\WINDOWS\system32\svchost.exe[1740] msvcrt.dll!__p__winver + B 77C0F2A1 5 Bytes JMP 63006121 .text C:\WINDOWS\system32\svchost.exe[1740] SHELL32.dll!StrStrW 7C9E7516 5 Bytes JMP 630061B9 .text C:\WINDOWS\system32\svchost.exe[1740] SHELL32.dll!Shell_NotifyIconW 7CA2A5DF 5 Bytes JMP 63004701 .text C:\WINDOWS\system32\svchost.exe[1740] WS2_32.dll!WEP 71A51273 5 Bytes JMP 63006251 .text C:\WINDOWS\system32\svchost.exe[1740] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 63004799 .text C:\WINDOWS\system32\svchost.exe[1740] WS2_32.dll!closesocket 71A53E2B 5 Bytes JMP 63004F51 .text C:\WINDOWS\system32\svchost.exe[1740] WS2_32.dll!WSASocketW 71A5404E 5 Bytes JMP 63004EB9 .text C:\WINDOWS\system32\svchost.exe[1740] WS2_32.dll!socket 71A54211 5 Bytes JMP 63005CF9 .text C:\WINDOWS\system32\svchost.exe[1740] WS2_32.dll!connect 71A54A07 5 Bytes JMP 63003E19 .text C:\WINDOWS\system32\svchost.exe[1740] WS2_32.dll!send 71A54C27 5 Bytes JMP 63002101 .text C:\WINDOWS\system32\svchost.exe[1740] WS2_32.dll!WSARecv 71A54CB5 5 Bytes JMP 63005F59 .text C:\WINDOWS\system32\svchost.exe[1740] WS2_32.dll!gethostbyname 71A55355 5 Bytes JMP 630048C9 .text C:\WINDOWS\system32\svchost.exe[1740] WS2_32.dll!recv 71A5676F 5 Bytes JMP 63005EC1 .text C:\WINDOWS\system32\svchost.exe[1740] WS2_32.dll!WSASend 71A568FA 5 Bytes JMP 63002199 .text C:\WINDOWS\system32\svchost.exe[1740] WS2_32.dll!WSAConnect 71A60C81 5 Bytes JMP 63005E29 .text C:\WINDOWS\system32\svchost.exe[1796] ntdll.dll!NtClose + 5 7C90CFF3 5 Bytes JMP 630055D9 .text C:\WINDOWS\system32\svchost.exe[1796] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 63001F39 .text C:\WINDOWS\system32\svchost.exe[1796] ntdll.dll!NtCreateProcess + 5 7C90D153 5 Bytes JMP 63002C49 .text C:\WINDOWS\system32\svchost.exe[1796] ntdll.dll!NtCreateProcessEx + 5 7C90D163 5 Bytes JMP 63002CE1 .text C:\WINDOWS\system32\svchost.exe[1796] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 63002BB1 .text C:\WINDOWS\system32\svchost.exe[1796] ntdll.dll!NtDuplicateObject + 5 7C90D2A3 5 Bytes JMP 63003071 .text C:\WINDOWS\system32\svchost.exe[1796] ntdll.dll!NtLoadDriver + 5 7C90D473 5 Bytes JMP 63005671 .text C:\WINDOWS\system32\svchost.exe[1796] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 630016E9 .text C:\WINDOWS\system32\svchost.exe[1796] ntdll.dll!NtOpenProcess + 5 7C90D603 5 Bytes JMP 63002F41 .text C:\WINDOWS\system32\svchost.exe[1796] ntdll.dll!NtQueueApcThread + 5 7C90D9A3 5 Bytes JMP 63002FD9 .text C:\WINDOWS\system32\svchost.exe[1796] ntdll.dll!NtRaiseHardError + 5 7C90D9C3 5 Bytes JMP 630044A1 .text C:\WINDOWS\system32\svchost.exe[1796] ntdll.dll!NtSetContextThread + 5 7C90DBB3 5 Bytes JMP 63002EA9 .text C:\WINDOWS\system32\svchost.exe[1796] ntdll.dll!NtSetInformationProcess + 5 7C90DCA3 5 Bytes JMP 63005081 .text C:\WINDOWS\system32\svchost.exe[1796] ntdll.dll!NtSetSystemInformation + 5 7C90DD63 5 Bytes JMP 63005709 .text C:\WINDOWS\system32\svchost.exe[1796] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 63002361 .text C:\WINDOWS\system32\svchost.exe[1796] ntdll.dll!NtSuspendProcess + 5 7C90DE33 5 Bytes JMP 630031A1 .text C:\WINDOWS\system32\svchost.exe[1796] ntdll.dll!NtSuspendThread + 5 7C90DE43 5 Bytes JMP 63003109 .text C:\WINDOWS\system32\svchost.exe[1796] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 63004FE9 .text C:\WINDOWS\system32\svchost.exe[1796] ntdll.dll!NtUnmapViewOfSection + 5 7C90DF13 5 Bytes JMP 63001781 .text C:\WINDOWS\system32\svchost.exe[1796] ntdll.dll!NtWriteVirtualMemory + 5 7C90DFB3 5 Bytes JMP 63002E11 .text C:\WINDOWS\system32\svchost.exe[1796] ntdll.dll!RtlCreateProcessParameters 7C92188B 5 Bytes JMP 63001FD1 .text C:\WINDOWS\system32\svchost.exe[1796] KERNEL32.dll!GetSystemTimeAsFileTime 7C8017E9 5 Bytes JMP 63001B11 .text C:\WINDOWS\system32\svchost.exe[1796] KERNEL32.dll!CreateFileA 7C801A28 5 Bytes JMP 630026F1 .text C:\WINDOWS\system32\svchost.exe[1796] KERNEL32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 630051B1 .text C:\WINDOWS\system32\svchost.exe[1796] KERNEL32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 63005119 .text C:\WINDOWS\system32\svchost.exe[1796] KERNEL32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 630025C1 .text C:\WINDOWS\system32\svchost.exe[1796] KERNEL32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 63001EA1 .text C:\WINDOWS\system32\svchost.exe[1796] KERNEL32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 63001E09 .text C:\WINDOWS\system32\svchost.exe[1796] KERNEL32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 63003369 .text C:\WINDOWS\system32\svchost.exe[1796] KERNEL32.dll!CreateProcessA 7C80236B 5 Bytes JMP 63002821 .text C:\WINDOWS\system32\svchost.exe[1796] KERNEL32.dll!SleepEx 7C8023A0 5 Bytes JMP 630022C9 .text C:\WINDOWS\system32\svchost.exe[1796] KERNEL32.dll!Sleep 7C802446 5 Bytes JMP 63002491 .text C:\WINDOWS\system32\svchost.exe[1796] KERNEL32.dll!CloseHandle 7C809BE7 5 Bytes JMP 630038C1 .text C:\WINDOWS\system32\svchost.exe[1796] KERNEL32.dll!QueryPerformanceCounter 7C80A4C7 5 Bytes JMP 63001BA9 .text C:\WINDOWS\system32\svchost.exe[1796] KERNEL32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 63005249 .text C:\WINDOWS\system32\svchost.exe[1796] KERNEL32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 63002529 .text C:\WINDOWS\system32\svchost.exe[1796] KERNEL32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 630019E1 .text C:\WINDOWS\system32\svchost.exe[1796] KERNEL32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 63001A79 .text C:\WINDOWS\system32\svchost.exe[1796] KERNEL32.dll!CreateMutexW 7C80E957 5 Bytes JMP 63003829 .text C:\WINDOWS\system32\svchost.exe[1796] KERNEL32.dll!OpenMutexW 7C80EA35 5 Bytes JMP 63003791 .text C:\WINDOWS\system32\svchost.exe[1796] KERNEL32.dll!CreateRemoteThread 7C8104FC 5 Bytes JMP 63002A81 .text C:\WINDOWS\system32\svchost.exe[1796] KERNEL32.dll!CreateThread 7C810707 5 Bytes JMP 630032D1 .text C:\WINDOWS\system32\svchost.exe[1796] KERNEL32.dll!CreateProcessInternalW 7C8185EC 5 Bytes JMP 63002D79 .text C:\WINDOWS\system32\svchost.exe[1796] KERNEL32.dll!ExitProcess 7C81BFA2 5 Bytes JMP 630023F9 .text C:\WINDOWS\system32\svchost.exe[1796] KERNEL32.dll!MoveFileWithProgressW 7C81E786 5 Bytes JMP 63005C61 .text C:\WINDOWS\system32\svchost.exe[1796] KERNEL32.dll!DefineDosDeviceW 7C820F76 5 Bytes JMP 63005A01 .text C:\WINDOWS\system32\svchost.exe[1796] KERNEL32.dll!MoveFileExW 7C8356FB 5 Bytes JMP 63005B31 .text C:\WINDOWS\system32\svchost.exe[1796] KERNEL32.dll!MoveFileWithProgressA 7C835F4E 5 Bytes JMP 63005BC9 .text C:\WINDOWS\system32\svchost.exe[1796] KERNEL32.dll!MoveFileExA 7C85F033 5 Bytes JMP 63005A99 .text C:\WINDOWS\system32\svchost.exe[1796] KERNEL32.dll!WinExec 7C863231 5 Bytes JMP 63002789 .text C:\WINDOWS\system32\svchost.exe[1796] KERNEL32.dll!Process32NextW 7C865D4F 5 Bytes JMP 63005541 .text C:\WINDOWS\system32\svchost.exe[1796] KERNEL32.dll!CreateToolhelp32Snapshot 7C8669A7 5 Bytes JMP 63002659 .text C:\WINDOWS\system32\svchost.exe[1796] KERNEL32.dll!ReadConsoleA 7C8738C5 5 Bytes JMP 63004371 .text C:\WINDOWS\system32\svchost.exe[1796] KERNEL32.dll!ReadConsoleW 7C873914 5 Bytes JMP 63004409 .text C:\WINDOWS\system32\svchost.exe[1796] KERNEL32.dll!ReadConsoleInputA 7C87537B 5 Bytes JMP 63004241 .text C:\WINDOWS\system32\svchost.exe[1796] KERNEL32.dll!ReadConsoleInputW 7C87539E 5 Bytes JMP 630042D9 .text C:\WINDOWS\system32\svchost.exe[1796] ADVAPI32.dll!RegQueryValueExW + 10C 77DC710B 5 Bytes JMP 63005FF1 .text C:\WINDOWS\system32\svchost.exe[1796] ADVAPI32.dll!CloseServiceHandle 77DD6CE5 5 Bytes JMP 63003CE9 .text C:\WINDOWS\system32\svchost.exe[1796] ADVAPI32.dll!OpenServiceW 77DD6FFD 5 Bytes JMP 630039F1 .text C:\WINDOWS\system32\svchost.exe[1796] ADVAPI32.dll!ControlService 77DE4A09 5 Bytes JMP 63003A89 .text C:\WINDOWS\system32\svchost.exe[1796] ADVAPI32.dll!OpenServiceA 77DE4C66 5 Bytes JMP 63003959 .text C:\WINDOWS\system32\svchost.exe[1796] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 63003BB9 .text C:\WINDOWS\system32\svchost.exe[1796] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 63003C51 .text C:\WINDOWS\system32\svchost.exe[1796] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 63003EB1 .text C:\WINDOWS\system32\svchost.exe[1796] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 63003F49 .text C:\WINDOWS\system32\svchost.exe[1796] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 63003B21 .text C:\WINDOWS\system32\svchost.exe[1796] USER32.dll!GetMessageW 7E3691C6 5 Bytes JMP 63004079 .text C:\WINDOWS\system32\svchost.exe[1796] USER32.dll!PeekMessageW 7E36929B 5 Bytes JMP 630041A9 .text C:\WINDOWS\system32\svchost.exe[1796] USER32.dll!UserClientDllInitialize 7E36B217 5 Bytes JMP 63006089 .text C:\WINDOWS\system32\svchost.exe[1796] USER32.dll!FindWindowExW 7E36E0E3 5 Bytes JMP 630054A9 .text C:\WINDOWS\system32\svchost.exe[1796] USER32.dll!DialogBoxIndirectParamAorW 7E3749D0 5 Bytes JMP 63004BC1 .text C:\WINDOWS\system32\svchost.exe[1796] USER32.dll!CreateDialogIndirectParamAorW 7E37680B 5 Bytes JMP 63004B29 .text C:\WINDOWS\system32\svchost.exe[1796] USER32.dll!GetMessageA 7E37772B 5 Bytes JMP 63003FE1 .text C:\WINDOWS\system32\svchost.exe[1796] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 630029E9 .text C:\WINDOWS\system32\svchost.exe[1796] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 630052E1 .text C:\WINDOWS\system32\svchost.exe[1796] USER32.dll!SetWindowTextW 7E37960E 5 Bytes JMP 63004E21 .text C:\WINDOWS\system32\svchost.exe[1796] USER32.dll!PeekMessageA 7E37A340 5 Bytes JMP 63004111 .text C:\WINDOWS\system32\svchost.exe[1796] USER32.dll!ShowWindow 7E37AF56 5 Bytes JMP 63004A91 .text C:\WINDOWS\system32\svchost.exe[1796] USER32.dll!CallNextHookEx 7E37B3C6 5 Bytes JMP 630045D1 .text C:\WINDOWS\system32\svchost.exe[1796] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 63005411 .text C:\WINDOWS\system32\svchost.exe[1796] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 63004961 .text C:\WINDOWS\system32\svchost.exe[1796] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 63004669 .text C:\WINDOWS\system32\svchost.exe[1796] USER32.dll!CreateWindowExA 7E37E4A9 5 Bytes JMP 630049F9 .text C:\WINDOWS\system32\svchost.exe[1796] USER32.dll!SetWindowTextA 7E37F56B 5 Bytes JMP 63004D89 .text C:\WINDOWS\system32\svchost.exe[1796] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 63002951 .text C:\WINDOWS\system32\svchost.exe[1796] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 63003239 .text C:\WINDOWS\system32\svchost.exe[1796] USER32.dll!FindWindowExA 7E38214A 5 Bytes JMP 63005379 .text C:\WINDOWS\system32\svchost.exe[1796] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 63004CF1 .text C:\WINDOWS\system32\svchost.exe[1796] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 63004C59 .text C:\WINDOWS\system32\svchost.exe[1796] msvcrt.dll!__p__environ 77C0F1C5 5 Bytes JMP 63001C41 .text C:\WINDOWS\system32\svchost.exe[1796] msvcrt.dll!__p__fmode 77C0F1DB 5 Bytes JMP 63001CD9 .text C:\WINDOWS\system32\svchost.exe[1796] msvcrt.dll!__p__winver + B 77C0F2A1 5 Bytes JMP 63006121 .text C:\WINDOWS\system32\svchost.exe[1796] SHELL32.dll!StrStrW 7C9E7516 5 Bytes JMP 630061B9 .text C:\WINDOWS\system32\svchost.exe[1796] SHELL32.dll!Shell_NotifyIconW 7CA2A5DF 5 Bytes JMP 63004701 .text C:\WINDOWS\system32\svchost.exe[1796] WS2_32.dll!WEP 71A51273 5 Bytes JMP 630062E9 .text C:\WINDOWS\system32\svchost.exe[1796] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 63004799 .text C:\WINDOWS\system32\svchost.exe[1796] WS2_32.dll!closesocket 71A53E2B 5 Bytes JMP 63004F51 .text C:\WINDOWS\system32\svchost.exe[1796] WS2_32.dll!WSASocketW 71A5404E 5 Bytes JMP 63004EB9 .text C:\WINDOWS\system32\svchost.exe[1796] WS2_32.dll!socket 71A54211 5 Bytes JMP 63005CF9 .text C:\WINDOWS\system32\svchost.exe[1796] WS2_32.dll!connect 71A54A07 5 Bytes JMP 63003E19 .text C:\WINDOWS\system32\svchost.exe[1796] WS2_32.dll!send 71A54C27 5 Bytes JMP 63002101 .text C:\WINDOWS\system32\svchost.exe[1796] WS2_32.dll!WSARecv 71A54CB5 5 Bytes JMP 63005F59 .text C:\WINDOWS\system32\svchost.exe[1796] WS2_32.dll!gethostbyname 71A55355 5 Bytes JMP 630048C9 .text C:\WINDOWS\system32\svchost.exe[1796] WS2_32.dll!recv 71A5676F 5 Bytes JMP 63005EC1 .text C:\WINDOWS\system32\svchost.exe[1796] WS2_32.dll!WSASend 71A568FA 5 Bytes JMP 63002199 .text C:\WINDOWS\system32\svchost.exe[1796] WS2_32.dll!WSAConnect 71A60C81 5 Bytes JMP 63005E29 .text C:\WINDOWS\system32\locator.exe[1888] ntdll.dll!NtClose + 5 7C90CFF3 5 Bytes JMP 630055D9 .text C:\WINDOWS\system32\locator.exe[1888] ntdll.dll!NtCreateFile 7C90D0AE 10 Bytes JMP 63005FF1 .text C:\WINDOWS\system32\locator.exe[1888] ntdll.dll!NtCreateProcess + 5 7C90D153 5 Bytes JMP 63002C49 .text C:\WINDOWS\system32\locator.exe[1888] ntdll.dll!NtCreateProcessEx + 5 7C90D163 5 Bytes JMP 63002CE1 .text C:\WINDOWS\system32\locator.exe[1888] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 63002BB1 .text C:\WINDOWS\system32\locator.exe[1888] ntdll.dll!NtDeviceIoControlFile + 5 7C90D283 5 Bytes JMP 63006089 .text C:\WINDOWS\system32\locator.exe[1888] ntdll.dll!NtDuplicateObject + 5 7C90D2A3 5 Bytes JMP 63003071 .text C:\WINDOWS\system32\locator.exe[1888] ntdll.dll!NtLoadDriver + 5 7C90D473 5 Bytes JMP 63005671 .text C:\WINDOWS\system32\locator.exe[1888] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 630016E9 .text C:\WINDOWS\system32\locator.exe[1888] ntdll.dll!NtOpenProcess + 5 7C90D603 5 Bytes JMP 63002F41 .text C:\WINDOWS\system32\locator.exe[1888] ntdll.dll!NtQueueApcThread + 5 7C90D9A3 5 Bytes JMP 63002FD9 .text C:\WINDOWS\system32\locator.exe[1888] ntdll.dll!NtRaiseHardError + 5 7C90D9C3 5 Bytes JMP 630044A1 .text C:\WINDOWS\system32\locator.exe[1888] ntdll.dll!NtSetContextThread + 5 7C90DBB3 5 Bytes JMP 63002EA9 .text C:\WINDOWS\system32\locator.exe[1888] ntdll.dll!NtSetInformationProcess + 5 7C90DCA3 5 Bytes JMP 63005081 .text C:\WINDOWS\system32\locator.exe[1888] ntdll.dll!NtSetSystemInformation + 5 7C90DD63 5 Bytes JMP 63005709 .text C:\WINDOWS\system32\locator.exe[1888] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 63002361 .text C:\WINDOWS\system32\locator.exe[1888] ntdll.dll!NtSuspendProcess + 5 7C90DE33 5 Bytes JMP 630031A1 .text C:\WINDOWS\system32\locator.exe[1888] ntdll.dll!NtSuspendThread + 5 7C90DE43 5 Bytes JMP 63003109 .text C:\WINDOWS\system32\locator.exe[1888] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 63004FE9 .text C:\WINDOWS\system32\locator.exe[1888] ntdll.dll!NtUnmapViewOfSection + 5 7C90DF13 5 Bytes JMP 63001781 .text C:\WINDOWS\system32\locator.exe[1888] ntdll.dll!NtVdmControl + 5 7C90DF23 5 Bytes JMP 63006121 .text C:\WINDOWS\system32\locator.exe[1888] ntdll.dll!NtWriteVirtualMemory + 5 7C90DFB3 5 Bytes JMP 63002E11 .text C:\WINDOWS\system32\locator.exe[1888] ntdll.dll!RtlCreateProcessParameters 7C92188B 5 Bytes JMP 63001FD1 .text C:\WINDOWS\system32\locator.exe[1888] KERNEL32.dll!GetSystemTimeAsFileTime 7C8017E9 5 Bytes JMP 63001B11 .text C:\WINDOWS\system32\locator.exe[1888] KERNEL32.dll!CreateFileA 7C801A28 5 Bytes JMP 630026F1 .text C:\WINDOWS\system32\locator.exe[1888] KERNEL32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 630051B1 .text C:\WINDOWS\system32\locator.exe[1888] KERNEL32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 63005119 .text C:\WINDOWS\system32\locator.exe[1888] KERNEL32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 630025C1 .text C:\WINDOWS\system32\locator.exe[1888] KERNEL32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 63001EA1 .text C:\WINDOWS\system32\locator.exe[1888] KERNEL32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 63001E09 .text C:\WINDOWS\system32\locator.exe[1888] KERNEL32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 63003369 .text C:\WINDOWS\system32\locator.exe[1888] KERNEL32.dll!CreateProcessA 7C80236B 5 Bytes JMP 63002821 .text C:\WINDOWS\system32\locator.exe[1888] KERNEL32.dll!SleepEx 7C8023A0 5 Bytes JMP 630022C9 .text C:\WINDOWS\system32\locator.exe[1888] KERNEL32.dll!Sleep 7C802446 5 Bytes JMP 63002491 .text C:\WINDOWS\system32\locator.exe[1888] KERNEL32.dll!CloseHandle 7C809BE7 5 Bytes JMP 630038C1 .text C:\WINDOWS\system32\locator.exe[1888] KERNEL32.dll!QueryPerformanceCounter 7C80A4C7 5 Bytes JMP 63001BA9 .text C:\WINDOWS\system32\locator.exe[1888] KERNEL32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 63005249 .text C:\WINDOWS\system32\locator.exe[1888] KERNEL32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 63002529 .text C:\WINDOWS\system32\locator.exe[1888] KERNEL32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 630019E1 .text C:\WINDOWS\system32\locator.exe[1888] KERNEL32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 63001A79 .text C:\WINDOWS\system32\locator.exe[1888] KERNEL32.dll!CreateMutexW 7C80E957 5 Bytes JMP 63003829 .text C:\WINDOWS\system32\locator.exe[1888] KERNEL32.dll!OpenMutexW 7C80EA35 5 Bytes JMP 63003791 .text C:\WINDOWS\system32\locator.exe[1888] KERNEL32.dll!CreateRemoteThread 7C8104FC 5 Bytes JMP 63002A81 .text C:\WINDOWS\system32\locator.exe[1888] KERNEL32.dll!CreateThread 7C810707 5 Bytes JMP 630032D1 .text C:\WINDOWS\system32\locator.exe[1888] KERNEL32.dll!CreateProcessInternalW 7C8185EC 5 Bytes JMP 63002D79 .text C:\WINDOWS\system32\locator.exe[1888] KERNEL32.dll!ExitProcess 7C81BFA2 5 Bytes JMP 630023F9 .text C:\WINDOWS\system32\locator.exe[1888] KERNEL32.dll!MoveFileWithProgressW 7C81E786 5 Bytes JMP 63005C61 .text C:\WINDOWS\system32\locator.exe[1888] KERNEL32.dll!DefineDosDeviceW 7C820F76 5 Bytes JMP 63005A01 .text C:\WINDOWS\system32\locator.exe[1888] KERNEL32.dll!MoveFileExW 7C8356FB 5 Bytes JMP 63005B31 .text C:\WINDOWS\system32\locator.exe[1888] KERNEL32.dll!MoveFileWithProgressA 7C835F4E 5 Bytes JMP 63005BC9 .text C:\WINDOWS\system32\locator.exe[1888] KERNEL32.dll!MoveFileExA 7C85F033 5 Bytes JMP 63005A99 .text C:\WINDOWS\system32\locator.exe[1888] KERNEL32.dll!WinExec 7C863231 5 Bytes JMP 63002789 .text C:\WINDOWS\system32\locator.exe[1888] KERNEL32.dll!Process32NextW 7C865D4F 5 Bytes JMP 63005541 .text C:\WINDOWS\system32\locator.exe[1888] KERNEL32.dll!CreateToolhelp32Snapshot 7C8669A7 5 Bytes JMP 63002659 .text C:\WINDOWS\system32\locator.exe[1888] KERNEL32.dll!ReadConsoleA 7C8738C5 5 Bytes JMP 63004371 .text C:\WINDOWS\system32\locator.exe[1888] KERNEL32.dll!ReadConsoleW 7C873914 5 Bytes JMP 63004409 .text C:\WINDOWS\system32\locator.exe[1888] KERNEL32.dll!ReadConsoleInputA 7C87537B 5 Bytes JMP 63004241 .text C:\WINDOWS\system32\locator.exe[1888] KERNEL32.dll!ReadConsoleInputW 7C87539E 5 Bytes JMP 630042D9 .text C:\WINDOWS\system32\locator.exe[1888] msvcrt.dll!__p__environ 77C0F1C5 5 Bytes JMP 63001C41 .text C:\WINDOWS\system32\locator.exe[1888] msvcrt.dll!__p__fmode 77C0F1DB 5 Bytes JMP 63001CD9 .text C:\WINDOWS\system32\locator.exe[1888] msvcrt.dll!__p__winver + B 77C0F2A1 5 Bytes JMP 630062E9 .text C:\WINDOWS\system32\locator.exe[1888] ADVAPI32.dll!RegQueryValueExW + 10C 77DC710B 5 Bytes JMP 63006381 .text C:\WINDOWS\system32\locator.exe[1888] ADVAPI32.dll!CloseServiceHandle 77DD6CE5 5 Bytes JMP 63003CE9 .text C:\WINDOWS\system32\locator.exe[1888] ADVAPI32.dll!OpenServiceW 77DD6FFD 5 Bytes JMP 630039F1 .text C:\WINDOWS\system32\locator.exe[1888] ADVAPI32.dll!ControlService 77DE4A09 5 Bytes JMP 63003A89 .text C:\WINDOWS\system32\locator.exe[1888] ADVAPI32.dll!OpenServiceA 77DE4C66 5 Bytes JMP 63003959 .text C:\WINDOWS\system32\locator.exe[1888] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 63003BB9 .text C:\WINDOWS\system32\locator.exe[1888] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 63003C51 .text C:\WINDOWS\system32\locator.exe[1888] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 63003EB1 .text C:\WINDOWS\system32\locator.exe[1888] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 63003F49 .text C:\WINDOWS\system32\locator.exe[1888] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 63003B21 .text C:\WINDOWS\system32\locator.exe[1888] USER32.dll!PostMessageW 7E368CCB 5 Bytes JMP 63006251 .text C:\WINDOWS\system32\locator.exe[1888] USER32.dll!GetMessageW 7E3691C6 5 Bytes JMP 63004079 .text C:\WINDOWS\system32\locator.exe[1888] USER32.dll!PeekMessageW 7E36929B 5 Bytes JMP 630041A9 .text C:\WINDOWS\system32\locator.exe[1888] USER32.dll!UserClientDllInitialize 7E36B217 5 Bytes JMP 63006419 .text C:\WINDOWS\system32\locator.exe[1888] USER32.dll!FindWindowExW 7E36E0E3 5 Bytes JMP 630054A9 .text C:\WINDOWS\system32\locator.exe[1888] USER32.dll!DialogBoxIndirectParamAorW 7E3749D0 5 Bytes JMP 63004BC1 .text C:\WINDOWS\system32\locator.exe[1888] USER32.dll!CreateDialogIndirectParamAorW 7E37680B 5 Bytes JMP 63004B29 .text C:\WINDOWS\system32\locator.exe[1888] USER32.dll!GetMessageA 7E37772B 5 Bytes JMP 63003FE1 .text C:\WINDOWS\system32\locator.exe[1888] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 630029E9 .text C:\WINDOWS\system32\locator.exe[1888] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 630052E1 .text C:\WINDOWS\system32\locator.exe[1888] USER32.dll!SetWindowTextW 7E37960E 5 Bytes JMP 63004E21 .text C:\WINDOWS\system32\locator.exe[1888] USER32.dll!PeekMessageA 7E37A340 5 Bytes JMP 63004111 .text C:\WINDOWS\system32\locator.exe[1888] USER32.dll!PostMessageA 7E37AAFD 5 Bytes JMP 630061B9 .text C:\WINDOWS\system32\locator.exe[1888] USER32.dll!ShowWindow 7E37AF56 5 Bytes JMP 63004A91 .text C:\WINDOWS\system32\locator.exe[1888] USER32.dll!CallNextHookEx 7E37B3C6 5 Bytes JMP 630045D1 .text C:\WINDOWS\system32\locator.exe[1888] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 63005411 .text C:\WINDOWS\system32\locator.exe[1888] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 63004961 .text C:\WINDOWS\system32\locator.exe[1888] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 63004669 .text C:\WINDOWS\system32\locator.exe[1888] USER32.dll!CreateWindowExA 7E37E4A9 5 Bytes JMP 630049F9 .text C:\WINDOWS\system32\locator.exe[1888] USER32.dll!SetWindowTextA 7E37F56B 5 Bytes JMP 63004D89 .text C:\WINDOWS\system32\locator.exe[1888] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 63002951 .text C:\WINDOWS\system32\locator.exe[1888] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 63003239 .text C:\WINDOWS\system32\locator.exe[1888] USER32.dll!FindWindowExA 7E38214A 5 Bytes JMP 63005379 .text C:\WINDOWS\system32\locator.exe[1888] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 63004CF1 .text C:\WINDOWS\system32\locator.exe[1888] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 63004C59 .text C:\WINDOWS\system32\locator.exe[1888] SHELL32.dll!StrStrW 7C9E7516 5 Bytes JMP 630064B1 .text C:\WINDOWS\system32\locator.exe[1888] SHELL32.dll!Shell_NotifyIconW 7CA2A5DF 5 Bytes JMP 63004701 .text C:\WINDOWS\Explorer.EXE[1960] ntdll.dll!NtClose + 5 7C90CFF3 5 Bytes JMP 630055D9 .text C:\WINDOWS\Explorer.EXE[1960] ntdll.dll!NtCreateFile 7C90D0AE 10 Bytes JMP 63005FF1 .text C:\WINDOWS\Explorer.EXE[1960] ntdll.dll!NtCreateProcess + 5 7C90D153 5 Bytes JMP 63002C49 .text C:\WINDOWS\Explorer.EXE[1960] ntdll.dll!NtCreateProcessEx + 5 7C90D163 5 Bytes JMP 63002CE1 .text C:\WINDOWS\Explorer.EXE[1960] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 63002BB1 .text C:\WINDOWS\Explorer.EXE[1960] ntdll.dll!NtDeviceIoControlFile + 5 7C90D283 5 Bytes JMP 63006089 .text C:\WINDOWS\Explorer.EXE[1960] ntdll.dll!NtDuplicateObject + 5 7C90D2A3 5 Bytes JMP 63003071 .text C:\WINDOWS\Explorer.EXE[1960] ntdll.dll!NtLoadDriver + 5 7C90D473 5 Bytes JMP 63005671 .text C:\WINDOWS\Explorer.EXE[1960] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 630016E9 .text C:\WINDOWS\Explorer.EXE[1960] ntdll.dll!NtOpenProcess + 5 7C90D603 5 Bytes JMP 63002F41 .text C:\WINDOWS\Explorer.EXE[1960] ntdll.dll!NtQueueApcThread + 5 7C90D9A3 5 Bytes JMP 63002FD9 .text C:\WINDOWS\Explorer.EXE[1960] ntdll.dll!NtRaiseHardError + 5 7C90D9C3 5 Bytes JMP 630044A1 .text C:\WINDOWS\Explorer.EXE[1960] ntdll.dll!NtSetContextThread + 5 7C90DBB3 5 Bytes JMP 63002EA9 .text C:\WINDOWS\Explorer.EXE[1960] ntdll.dll!NtSetInformationProcess + 5 7C90DCA3 5 Bytes JMP 63005081 .text C:\WINDOWS\Explorer.EXE[1960] ntdll.dll!NtSetSystemInformation + 5 7C90DD63 5 Bytes JMP 63005709 .text C:\WINDOWS\Explorer.EXE[1960] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 63002361 .text C:\WINDOWS\Explorer.EXE[1960] ntdll.dll!NtSuspendProcess + 5 7C90DE33 5 Bytes JMP 630031A1 .text C:\WINDOWS\Explorer.EXE[1960] ntdll.dll!NtSuspendThread + 5 7C90DE43 5 Bytes JMP 63003109 .text C:\WINDOWS\Explorer.EXE[1960] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 63004FE9 .text C:\WINDOWS\Explorer.EXE[1960] ntdll.dll!NtUnmapViewOfSection + 5 7C90DF13 5 Bytes JMP 63001781 .text C:\WINDOWS\Explorer.EXE[1960] ntdll.dll!NtVdmControl + 5 7C90DF23 5 Bytes JMP 63006121 .text C:\WINDOWS\Explorer.EXE[1960] ntdll.dll!NtWriteVirtualMemory + 5 7C90DFB3 5 Bytes JMP 63002E11 .text C:\WINDOWS\Explorer.EXE[1960] ntdll.dll!RtlCreateProcessParameters 7C92188B 5 Bytes JMP 63001FD1 .text C:\WINDOWS\Explorer.EXE[1960] KERNEL32.dll!GetSystemTimeAsFileTime 7C8017E9 5 Bytes JMP 63001B11 .text C:\WINDOWS\Explorer.EXE[1960] KERNEL32.dll!CreateFileA 7C801A28 5 Bytes JMP 630026F1 .text C:\WINDOWS\Explorer.EXE[1960] KERNEL32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 630051B1 .text C:\WINDOWS\Explorer.EXE[1960] KERNEL32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 63005119 .text C:\WINDOWS\Explorer.EXE[1960] KERNEL32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 630025C1 .text C:\WINDOWS\Explorer.EXE[1960] KERNEL32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 63001EA1 .text C:\WINDOWS\Explorer.EXE[1960] KERNEL32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 63001E09 .text C:\WINDOWS\Explorer.EXE[1960] KERNEL32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 63003369 .text C:\WINDOWS\Explorer.EXE[1960] KERNEL32.dll!CreateProcessA 7C80236B 5 Bytes JMP 63002821 .text C:\WINDOWS\Explorer.EXE[1960] KERNEL32.dll!SleepEx 7C8023A0 5 Bytes JMP 630022C9 .text C:\WINDOWS\Explorer.EXE[1960] KERNEL32.dll!Sleep 7C802446 5 Bytes JMP 63002491 .text C:\WINDOWS\Explorer.EXE[1960] KERNEL32.dll!CloseHandle 7C809BE7 5 Bytes JMP 630038C1 .text C:\WINDOWS\Explorer.EXE[1960] KERNEL32.dll!QueryPerformanceCounter 7C80A4C7 5 Bytes JMP 63001BA9 .text C:\WINDOWS\Explorer.EXE[1960] KERNEL32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 63005249 .text C:\WINDOWS\Explorer.EXE[1960] KERNEL32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 63002529 .text C:\WINDOWS\Explorer.EXE[1960] KERNEL32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 630019E1 .text C:\WINDOWS\Explorer.EXE[1960] KERNEL32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 63001A79 .text C:\WINDOWS\Explorer.EXE[1960] KERNEL32.dll!CreateMutexW 7C80E957 5 Bytes JMP 63003829 .text C:\WINDOWS\Explorer.EXE[1960] KERNEL32.dll!OpenMutexW 7C80EA35 5 Bytes JMP 63003791 .text C:\WINDOWS\Explorer.EXE[1960] KERNEL32.dll!CreateRemoteThread 7C8104FC 5 Bytes JMP 63002A81 .text C:\WINDOWS\Explorer.EXE[1960] KERNEL32.dll!CreateThread 7C810707 5 Bytes JMP 630032D1 .text C:\WINDOWS\Explorer.EXE[1960] KERNEL32.dll!CreateProcessInternalW 7C8185EC 5 Bytes JMP 63002D79 .text C:\WINDOWS\Explorer.EXE[1960] KERNEL32.dll!ExitProcess 7C81BFA2 5 Bytes JMP 630023F9 .text C:\WINDOWS\Explorer.EXE[1960] KERNEL32.dll!MoveFileWithProgressW 7C81E786 5 Bytes JMP 63005C61 .text C:\WINDOWS\Explorer.EXE[1960] KERNEL32.dll!DefineDosDeviceW 7C820F76 5 Bytes JMP 63005A01 .text C:\WINDOWS\Explorer.EXE[1960] KERNEL32.dll!MoveFileExW 7C8356FB 5 Bytes JMP 63005B31 .text C:\WINDOWS\Explorer.EXE[1960] KERNEL32.dll!MoveFileWithProgressA 7C835F4E 5 Bytes JMP 63005BC9 .text C:\WINDOWS\Explorer.EXE[1960] KERNEL32.dll!MoveFileExA 7C85F033 5 Bytes JMP 63005A99 .text C:\WINDOWS\Explorer.EXE[1960] KERNEL32.dll!WinExec 7C863231 5 Bytes JMP 63002789 .text C:\WINDOWS\Explorer.EXE[1960] KERNEL32.dll!Process32NextW 7C865D4F 5 Bytes JMP 63005541 .text C:\WINDOWS\Explorer.EXE[1960] KERNEL32.dll!CreateToolhelp32Snapshot 7C8669A7 5 Bytes JMP 63002659 .text C:\WINDOWS\Explorer.EXE[1960] KERNEL32.dll!ReadConsoleA 7C8738C5 5 Bytes JMP 63004371 .text C:\WINDOWS\Explorer.EXE[1960] KERNEL32.dll!ReadConsoleW 7C873914 5 Bytes JMP 63004409 .text C:\WINDOWS\Explorer.EXE[1960] KERNEL32.dll!ReadConsoleInputA 7C87537B 5 Bytes JMP 63004241 .text C:\WINDOWS\Explorer.EXE[1960] KERNEL32.dll!ReadConsoleInputW 7C87539E 5 Bytes JMP 630042D9 .text C:\WINDOWS\Explorer.EXE[1960] ADVAPI32.dll!RegQueryValueExW + 10C 77DC710B 5 Bytes JMP 630062E9 .text C:\WINDOWS\Explorer.EXE[1960] ADVAPI32.dll!CloseServiceHandle 77DD6CE5 5 Bytes JMP 63003CE9 .text C:\WINDOWS\Explorer.EXE[1960] ADVAPI32.dll!OpenServiceW 77DD6FFD 5 Bytes JMP 630039F1 .text C:\WINDOWS\Explorer.EXE[1960] ADVAPI32.dll!ControlService 77DE4A09 5 Bytes JMP 63003A89 .text C:\WINDOWS\Explorer.EXE[1960] ADVAPI32.dll!OpenServiceA 77DE4C66 5 Bytes JMP 63003959 .text C:\WINDOWS\Explorer.EXE[1960] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 63003BB9 .text C:\WINDOWS\Explorer.EXE[1960] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 63003C51 .text C:\WINDOWS\Explorer.EXE[1960] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 63003EB1 .text C:\WINDOWS\Explorer.EXE[1960] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 63003F49 .text C:\WINDOWS\Explorer.EXE[1960] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 63003B21 .text C:\WINDOWS\Explorer.EXE[1960] USER32.dll!PostMessageW 7E368CCB 5 Bytes JMP 63006251 .text C:\WINDOWS\Explorer.EXE[1960] USER32.dll!GetMessageW 7E3691C6 5 Bytes JMP 63004079 .text C:\WINDOWS\Explorer.EXE[1960] USER32.dll!PeekMessageW 7E36929B 5 Bytes JMP 630041A9 .text C:\WINDOWS\Explorer.EXE[1960] USER32.dll!UserClientDllInitialize 7E36B217 5 Bytes JMP 63006381 .text C:\WINDOWS\Explorer.EXE[1960] USER32.dll!FindWindowExW 7E36E0E3 5 Bytes JMP 630054A9 .text C:\WINDOWS\Explorer.EXE[1960] USER32.dll!DialogBoxIndirectParamAorW 7E3749D0 5 Bytes JMP 63004BC1 .text C:\WINDOWS\Explorer.EXE[1960] USER32.dll!CreateDialogIndirectParamAorW 7E37680B 5 Bytes JMP 63004B29 .text C:\WINDOWS\Explorer.EXE[1960] USER32.dll!GetMessageA 7E37772B 5 Bytes JMP 63003FE1 .text C:\WINDOWS\Explorer.EXE[1960] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 630029E9 .text C:\WINDOWS\Explorer.EXE[1960] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 630052E1 .text C:\WINDOWS\Explorer.EXE[1960] USER32.dll!SetWindowTextW 7E37960E 5 Bytes JMP 63004E21 .text C:\WINDOWS\Explorer.EXE[1960] USER32.dll!PeekMessageA 7E37A340 5 Bytes JMP 63004111 .text C:\WINDOWS\Explorer.EXE[1960] USER32.dll!PostMessageA 7E37AAFD 5 Bytes JMP 630061B9 .text C:\WINDOWS\Explorer.EXE[1960] USER32.dll!ShowWindow 7E37AF56 5 Bytes JMP 63004A91 .text C:\WINDOWS\Explorer.EXE[1960] USER32.dll!CallNextHookEx 7E37B3C6 5 Bytes JMP 630045D1 .text C:\WINDOWS\Explorer.EXE[1960] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 63005411 .text C:\WINDOWS\Explorer.EXE[1960] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 63004961 .text C:\WINDOWS\Explorer.EXE[1960] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 63004669 .text C:\WINDOWS\Explorer.EXE[1960] USER32.dll!CreateWindowExA 7E37E4A9 5 Bytes JMP 630049F9 .text C:\WINDOWS\Explorer.EXE[1960] USER32.dll!SetWindowTextA 7E37F56B 5 Bytes JMP 63004D89 .text C:\WINDOWS\Explorer.EXE[1960] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 63002951 .text C:\WINDOWS\Explorer.EXE[1960] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 63003239 .text C:\WINDOWS\Explorer.EXE[1960] USER32.dll!FindWindowExA 7E38214A 5 Bytes JMP 63005379 .text C:\WINDOWS\Explorer.EXE[1960] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 63004CF1 .text C:\WINDOWS\Explorer.EXE[1960] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 63004C59 .text C:\WINDOWS\Explorer.EXE[1960] msvcrt.dll!__p__environ 77C0F1C5 5 Bytes JMP 63001C41 .text C:\WINDOWS\Explorer.EXE[1960] msvcrt.dll!__p__fmode 77C0F1DB 5 Bytes JMP 63001CD9 .text C:\WINDOWS\Explorer.EXE[1960] msvcrt.dll!__p__winver + B 77C0F2A1 5 Bytes JMP 63006419 .text C:\WINDOWS\Explorer.EXE[1960] SHELL32.dll!StrStrW 7C9E7516 5 Bytes JMP 63006549 .text C:\WINDOWS\Explorer.EXE[1960] SHELL32.dll!Shell_NotifyIconW 7CA2A5DF 5 Bytes JMP 63004701 .text C:\WINDOWS\Explorer.EXE[1960] WS2_32.dll!WEP 71A51273 5 Bytes JMP 63006679 .text C:\WINDOWS\Explorer.EXE[1960] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 63004799 .text C:\WINDOWS\Explorer.EXE[1960] WS2_32.dll!closesocket 71A53E2B 5 Bytes JMP 63004F51 .text C:\WINDOWS\Explorer.EXE[1960] WS2_32.dll!WSASocketW 71A5404E 5 Bytes JMP 63004EB9 .text C:\WINDOWS\Explorer.EXE[1960] WS2_32.dll!socket 71A54211 5 Bytes JMP 63005CF9 .text C:\WINDOWS\Explorer.EXE[1960] WS2_32.dll!connect 71A54A07 5 Bytes JMP 63003E19 .text C:\WINDOWS\Explorer.EXE[1960] WS2_32.dll!send 71A54C27 5 Bytes JMP 63002101 .text C:\WINDOWS\Explorer.EXE[1960] WS2_32.dll!WSARecv 71A54CB5 5 Bytes JMP 63005F59 .text C:\WINDOWS\Explorer.EXE[1960] WS2_32.dll!gethostbyname 71A55355 5 Bytes JMP 630048C9 .text C:\WINDOWS\Explorer.EXE[1960] WS2_32.dll!recv 71A5676F 5 Bytes JMP 63005EC1 .text C:\WINDOWS\Explorer.EXE[1960] WS2_32.dll!WSASend 71A568FA 5 Bytes JMP 63002199 .text C:\WINDOWS\Explorer.EXE[1960] WS2_32.dll!WSAConnect 71A60C81 5 Bytes JMP 63005E29 .text C:\WINDOWS\RTHDCPL.EXE[2036] ntdll.dll!NtClose + 5 7C90CFF3 5 Bytes JMP 63005F59 .text C:\WINDOWS\RTHDCPL.EXE[2036] ntdll.dll!NtCreateFile 7C90D0AE 10 Bytes JMP 63006971 .text C:\WINDOWS\RTHDCPL.EXE[2036] ntdll.dll!NtCreateProcess + 5 7C90D153 5 Bytes JMP 63002C49 .text C:\WINDOWS\RTHDCPL.EXE[2036] ntdll.dll!NtCreateProcessEx + 5 7C90D163 5 Bytes JMP 63002CE1 .text C:\WINDOWS\RTHDCPL.EXE[2036] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 63002BB1 .text C:\WINDOWS\RTHDCPL.EXE[2036] ntdll.dll!NtDeviceIoControlFile + 5 7C90D283 5 Bytes JMP 63006A09 .text C:\WINDOWS\RTHDCPL.EXE[2036] ntdll.dll!NtDuplicateObject + 5 7C90D2A3 5 Bytes JMP 63003071 .text C:\WINDOWS\RTHDCPL.EXE[2036] ntdll.dll!NtLoadDriver + 5 7C90D473 5 Bytes JMP 63005FF1 .text C:\WINDOWS\RTHDCPL.EXE[2036] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 630016E9 .text C:\WINDOWS\RTHDCPL.EXE[2036] ntdll.dll!NtOpenProcess + 5 7C90D603 5 Bytes JMP 63002F41 .text C:\WINDOWS\RTHDCPL.EXE[2036] ntdll.dll!NtQueueApcThread + 5 7C90D9A3 5 Bytes JMP 63002FD9 .text C:\WINDOWS\RTHDCPL.EXE[2036] ntdll.dll!NtRaiseHardError + 5 7C90D9C3 5 Bytes JMP 630044A1 .text C:\WINDOWS\RTHDCPL.EXE[2036] ntdll.dll!NtSetContextThread + 5 7C90DBB3 5 Bytes JMP 63002EA9 .text C:\WINDOWS\RTHDCPL.EXE[2036] ntdll.dll!NtSetInformationProcess + 5 7C90DCA3 5 Bytes JMP 63005A01 .text C:\WINDOWS\RTHDCPL.EXE[2036] ntdll.dll!NtSetSystemInformation + 5 7C90DD63 5 Bytes JMP 63006089 .text C:\WINDOWS\RTHDCPL.EXE[2036] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 63002361 .text C:\WINDOWS\RTHDCPL.EXE[2036] ntdll.dll!NtSuspendProcess + 5 7C90DE33 5 Bytes JMP 630031A1 .text C:\WINDOWS\RTHDCPL.EXE[2036] ntdll.dll!NtSuspendThread + 5 7C90DE43 5 Bytes JMP 63003109 .text C:\WINDOWS\RTHDCPL.EXE[2036] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 63005969 .text C:\WINDOWS\RTHDCPL.EXE[2036] ntdll.dll!NtUnmapViewOfSection + 5 7C90DF13 5 Bytes JMP 63001781 .text C:\WINDOWS\RTHDCPL.EXE[2036] ntdll.dll!NtVdmControl + 5 7C90DF23 5 Bytes JMP 63006AA1 .text C:\WINDOWS\RTHDCPL.EXE[2036] ntdll.dll!NtWriteVirtualMemory + 5 7C90DFB3 5 Bytes JMP 63002E11 .text C:\WINDOWS\RTHDCPL.EXE[2036] ntdll.dll!RtlCreateProcessParameters 7C92188B 5 Bytes JMP 63001FD1 .text C:\WINDOWS\RTHDCPL.EXE[2036] KERNEL32.dll!GetSystemTimeAsFileTime 7C8017E9 5 Bytes JMP 63001B11 .text C:\WINDOWS\RTHDCPL.EXE[2036] KERNEL32.dll!CreateFileA 7C801A28 5 Bytes JMP 630026F1 .text C:\WINDOWS\RTHDCPL.EXE[2036] KERNEL32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 63005B31 .text C:\WINDOWS\RTHDCPL.EXE[2036] KERNEL32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 63005A99 .text C:\WINDOWS\RTHDCPL.EXE[2036] KERNEL32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 630025C1 .text C:\WINDOWS\RTHDCPL.EXE[2036] KERNEL32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 63001EA1 .text C:\WINDOWS\RTHDCPL.EXE[2036] KERNEL32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 63001E09 .text C:\WINDOWS\RTHDCPL.EXE[2036] KERNEL32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 63003369 .text C:\WINDOWS\RTHDCPL.EXE[2036] KERNEL32.dll!CreateProcessA 7C80236B 5 Bytes JMP 63002821 .text C:\WINDOWS\RTHDCPL.EXE[2036] KERNEL32.dll!SleepEx 7C8023A0 5 Bytes JMP 630022C9 .text C:\WINDOWS\RTHDCPL.EXE[2036] KERNEL32.dll!Sleep 7C802446 5 Bytes JMP 63002491 .text C:\WINDOWS\RTHDCPL.EXE[2036] KERNEL32.dll!CloseHandle 7C809BE7 5 Bytes JMP 630038C1 .text C:\WINDOWS\RTHDCPL.EXE[2036] KERNEL32.dll!QueryPerformanceCounter 7C80A4C7 5 Bytes JMP 63001BA9 .text C:\WINDOWS\RTHDCPL.EXE[2036] KERNEL32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 63005BC9 .text C:\WINDOWS\RTHDCPL.EXE[2036] KERNEL32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 63002529 .text C:\WINDOWS\RTHDCPL.EXE[2036] KERNEL32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 630019E1 .text C:\WINDOWS\RTHDCPL.EXE[2036] KERNEL32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 63001A79 .text C:\WINDOWS\RTHDCPL.EXE[2036] KERNEL32.dll!CreateMutexW 7C80E957 5 Bytes JMP 63003829 .text C:\WINDOWS\RTHDCPL.EXE[2036] KERNEL32.dll!OpenMutexW 7C80EA35 5 Bytes JMP 63003791 .text C:\WINDOWS\RTHDCPL.EXE[2036] KERNEL32.dll!CreateRemoteThread 7C8104FC 5 Bytes JMP 63002A81 .text C:\WINDOWS\RTHDCPL.EXE[2036] KERNEL32.dll!CreateThread 7C810707 5 Bytes JMP 630032D1 .text C:\WINDOWS\RTHDCPL.EXE[2036] KERNEL32.dll!CreateProcessInternalW 7C8185EC 5 Bytes JMP 63002D79 .text C:\WINDOWS\RTHDCPL.EXE[2036] KERNEL32.dll!ExitProcess 7C81BFA2 5 Bytes JMP 630023F9 .text C:\WINDOWS\RTHDCPL.EXE[2036] KERNEL32.dll!MoveFileWithProgressW 7C81E786 5 Bytes JMP 630065E1 .text C:\WINDOWS\RTHDCPL.EXE[2036] KERNEL32.dll!DefineDosDeviceW 7C820F76 5 Bytes JMP 63006381 .text C:\WINDOWS\RTHDCPL.EXE[2036] KERNEL32.dll!MoveFileExW 7C8356FB 5 Bytes JMP 630064B1 .text C:\WINDOWS\RTHDCPL.EXE[2036] KERNEL32.dll!MoveFileWithProgressA 7C835F4E 5 Bytes JMP 63006549 .text C:\WINDOWS\RTHDCPL.EXE[2036] KERNEL32.dll!MoveFileExA 7C85F033 5 Bytes JMP 63006419 .text C:\WINDOWS\RTHDCPL.EXE[2036] KERNEL32.dll!WinExec 7C863231 5 Bytes JMP 63002789 .text C:\WINDOWS\RTHDCPL.EXE[2036] KERNEL32.dll!Process32NextW 7C865D4F 5 Bytes JMP 63005EC1 .text C:\WINDOWS\RTHDCPL.EXE[2036] KERNEL32.dll!CreateToolhelp32Snapshot 7C8669A7 5 Bytes JMP 63002659 .text C:\WINDOWS\RTHDCPL.EXE[2036] KERNEL32.dll!ReadConsoleA 7C8738C5 5 Bytes JMP 63004371 .text C:\WINDOWS\RTHDCPL.EXE[2036] KERNEL32.dll!ReadConsoleW 7C873914 5 Bytes JMP 63004409 .text C:\WINDOWS\RTHDCPL.EXE[2036] KERNEL32.dll!ReadConsoleInputA 7C87537B 5 Bytes JMP 63004241 .text C:\WINDOWS\RTHDCPL.EXE[2036] KERNEL32.dll!ReadConsoleInputW 7C87539E 5 Bytes JMP 630042D9 .text C:\WINDOWS\RTHDCPL.EXE[2036] ADVAPI32.dll!RegQueryValueExW + 10C 77DC710B 5 Bytes JMP 63006C69 .text C:\WINDOWS\RTHDCPL.EXE[2036] ADVAPI32.dll!CloseServiceHandle 77DD6CE5 5 Bytes JMP 63003CE9 .text C:\WINDOWS\RTHDCPL.EXE[2036] ADVAPI32.dll!OpenServiceW 77DD6FFD 5 Bytes JMP 630039F1 .text C:\WINDOWS\RTHDCPL.EXE[2036] ADVAPI32.dll!ControlService 77DE4A09 5 Bytes JMP 63003A89 .text C:\WINDOWS\RTHDCPL.EXE[2036] ADVAPI32.dll!OpenServiceA 77DE4C66 5 Bytes JMP 63003959 .text C:\WINDOWS\RTHDCPL.EXE[2036] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 63003BB9 .text C:\WINDOWS\RTHDCPL.EXE[2036] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 63003C51 .text C:\WINDOWS\RTHDCPL.EXE[2036] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 63003EB1 .text C:\WINDOWS\RTHDCPL.EXE[2036] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 63003F49 .text C:\WINDOWS\RTHDCPL.EXE[2036] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 63003B21 .text C:\WINDOWS\RTHDCPL.EXE[2036] msvcrt.dll!__p__environ 77C0F1C5 5 Bytes JMP 63001C41 .text C:\WINDOWS\RTHDCPL.EXE[2036] msvcrt.dll!__p__fmode 77C0F1DB 5 Bytes JMP 63001CD9 .text C:\WINDOWS\RTHDCPL.EXE[2036] msvcrt.dll!__p__winver + B 77C0F2A1 5 Bytes JMP 63006D01 .text C:\WINDOWS\RTHDCPL.EXE[2036] USER32.dll!PostMessageW 7E368CCB 5 Bytes JMP 63006BD1 .text C:\WINDOWS\RTHDCPL.EXE[2036] USER32.dll!GetMessageW 7E3691C6 5 Bytes JMP 63004079 .text C:\WINDOWS\RTHDCPL.EXE[2036] USER32.dll!PeekMessageW 7E36929B 5 Bytes JMP 630041A9 .text C:\WINDOWS\RTHDCPL.EXE[2036] USER32.dll!UserClientDllInitialize 7E36B217 5 Bytes JMP 63006D99 .text C:\WINDOWS\RTHDCPL.EXE[2036] USER32.dll!FindWindowExW 7E36E0E3 5 Bytes JMP 63005E29 .text C:\WINDOWS\RTHDCPL.EXE[2036] USER32.dll!DialogBoxIndirectParamAorW 7E3749D0 5 Bytes JMP 63005541 .text C:\WINDOWS\RTHDCPL.EXE[2036] USER32.dll!CreateDialogIndirectParamAorW 7E37680B 5 Bytes JMP 630054A9 .text C:\WINDOWS\RTHDCPL.EXE[2036] USER32.dll!GetMessageA 7E37772B 5 Bytes JMP 63003FE1 .text C:\WINDOWS\RTHDCPL.EXE[2036] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 630029E9 .text C:\WINDOWS\RTHDCPL.EXE[2036] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 63005C61 .text C:\WINDOWS\RTHDCPL.EXE[2036] USER32.dll!SetWindowTextW 7E37960E 5 Bytes JMP 630057A1 .text C:\WINDOWS\RTHDCPL.EXE[2036] USER32.dll!PeekMessageA 7E37A340 5 Bytes JMP 63004111 .text C:\WINDOWS\RTHDCPL.EXE[2036] USER32.dll!PostMessageA 7E37AAFD 5 Bytes JMP 63006B39 .text C:\WINDOWS\RTHDCPL.EXE[2036] USER32.dll!ShowWindow 7E37AF56 5 Bytes JMP 63005411 .text C:\WINDOWS\RTHDCPL.EXE[2036] USER32.dll!CallNextHookEx 7E37B3C6 5 Bytes JMP 630045D1 .text C:\WINDOWS\RTHDCPL.EXE[2036] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 63005D91 .text C:\WINDOWS\RTHDCPL.EXE[2036] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 630052E1 .text C:\WINDOWS\RTHDCPL.EXE[2036] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 63004669 .text C:\WINDOWS\RTHDCPL.EXE[2036] USER32.dll!CreateWindowExA 7E37E4A9 5 Bytes JMP 63005379 .text C:\WINDOWS\RTHDCPL.EXE[2036] USER32.dll!SetWindowTextA 7E37F56B 5 Bytes JMP 63005709 .text C:\WINDOWS\RTHDCPL.EXE[2036] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 63002951 .text C:\WINDOWS\RTHDCPL.EXE[2036] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 63003239 .text C:\WINDOWS\RTHDCPL.EXE[2036] USER32.dll!FindWindowExA 7E38214A 5 Bytes JMP 63005CF9 .text C:\WINDOWS\RTHDCPL.EXE[2036] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 63005671 .text C:\WINDOWS\RTHDCPL.EXE[2036] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 630055D9 .text C:\WINDOWS\RTHDCPL.EXE[2036] SHELL32.dll!StrStrW 7C9E7516 5 Bytes JMP 63006E31 .text C:\WINDOWS\RTHDCPL.EXE[2036] SHELL32.dll!Shell_NotifyIconW 7CA2A5DF 5 Bytes JMP 63004701 .text C:\WINDOWS\System32\alg.exe[3000] ntdll.dll!NtClose + 5 7C90CFF3 5 Bytes JMP 630055D9 .text C:\WINDOWS\System32\alg.exe[3000] ntdll.dll!NtCreateFile 7C90D0AE 10 Bytes JMP 63005FF1 .text C:\WINDOWS\System32\alg.exe[3000] ntdll.dll!NtCreateProcess + 5 7C90D153 5 Bytes JMP 63002C49 .text C:\WINDOWS\System32\alg.exe[3000] ntdll.dll!NtCreateProcessEx + 5 7C90D163 5 Bytes JMP 63002CE1 .text C:\WINDOWS\System32\alg.exe[3000] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 63002BB1 .text C:\WINDOWS\System32\alg.exe[3000] ntdll.dll!NtDeviceIoControlFile + 5 7C90D283 5 Bytes JMP 63006089 .text C:\WINDOWS\System32\alg.exe[3000] ntdll.dll!NtDuplicateObject + 5 7C90D2A3 5 Bytes JMP 63003071 .text C:\WINDOWS\System32\alg.exe[3000] ntdll.dll!NtLoadDriver + 5 7C90D473 5 Bytes JMP 63005671 .text C:\WINDOWS\System32\alg.exe[3000] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 630016E9 .text C:\WINDOWS\System32\alg.exe[3000] ntdll.dll!NtOpenProcess + 5 7C90D603 5 Bytes JMP 63002F41 .text C:\WINDOWS\System32\alg.exe[3000] ntdll.dll!NtQueueApcThread + 5 7C90D9A3 5 Bytes JMP 63002FD9 .text C:\WINDOWS\System32\alg.exe[3000] ntdll.dll!NtRaiseHardError + 5 7C90D9C3 5 Bytes JMP 630044A1 .text C:\WINDOWS\System32\alg.exe[3000] ntdll.dll!NtSetContextThread + 5 7C90DBB3 5 Bytes JMP 63002EA9 .text C:\WINDOWS\System32\alg.exe[3000] ntdll.dll!NtSetInformationProcess + 5 7C90DCA3 5 Bytes JMP 63005081 .text C:\WINDOWS\System32\alg.exe[3000] ntdll.dll!NtSetSystemInformation + 5 7C90DD63 5 Bytes JMP 63005709 .text C:\WINDOWS\System32\alg.exe[3000] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 63002361 .text C:\WINDOWS\System32\alg.exe[3000] ntdll.dll!NtSuspendProcess + 5 7C90DE33 5 Bytes JMP 630031A1 .text C:\WINDOWS\System32\alg.exe[3000] ntdll.dll!NtSuspendThread + 5 7C90DE43 5 Bytes JMP 63003109 .text C:\WINDOWS\System32\alg.exe[3000] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 63004FE9 .text C:\WINDOWS\System32\alg.exe[3000] ntdll.dll!NtUnmapViewOfSection + 5 7C90DF13 5 Bytes JMP 63001781 .text C:\WINDOWS\System32\alg.exe[3000] ntdll.dll!NtVdmControl + 5 7C90DF23 5 Bytes JMP 63006121 .text C:\WINDOWS\System32\alg.exe[3000] ntdll.dll!NtWriteVirtualMemory + 5 7C90DFB3 5 Bytes JMP 63002E11 .text C:\WINDOWS\System32\alg.exe[3000] ntdll.dll!RtlCreateProcessParameters 7C92188B 5 Bytes JMP 63001FD1 .text C:\WINDOWS\System32\alg.exe[3000] KERNEL32.dll!GetSystemTimeAsFileTime 7C8017E9 5 Bytes JMP 63001B11 .text C:\WINDOWS\System32\alg.exe[3000] KERNEL32.dll!CreateFileA 7C801A28 5 Bytes JMP 630026F1 .text C:\WINDOWS\System32\alg.exe[3000] KERNEL32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 630051B1 .text C:\WINDOWS\System32\alg.exe[3000] KERNEL32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 63005119 .text C:\WINDOWS\System32\alg.exe[3000] KERNEL32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 630025C1 .text C:\WINDOWS\System32\alg.exe[3000] KERNEL32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 63001EA1 .text C:\WINDOWS\System32\alg.exe[3000] KERNEL32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 63001E09 .text C:\WINDOWS\System32\alg.exe[3000] KERNEL32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 63003369 .text C:\WINDOWS\System32\alg.exe[3000] KERNEL32.dll!CreateProcessA 7C80236B 5 Bytes JMP 63002821 .text C:\WINDOWS\System32\alg.exe[3000] KERNEL32.dll!SleepEx 7C8023A0 5 Bytes JMP 630022C9 .text C:\WINDOWS\System32\alg.exe[3000] KERNEL32.dll!Sleep 7C802446 5 Bytes JMP 63002491 .text C:\WINDOWS\System32\alg.exe[3000] KERNEL32.dll!CloseHandle 7C809BE7 5 Bytes JMP 630038C1 .text C:\WINDOWS\System32\alg.exe[3000] KERNEL32.dll!QueryPerformanceCounter 7C80A4C7 5 Bytes JMP 63001BA9 .text C:\WINDOWS\System32\alg.exe[3000] KERNEL32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 63005249 .text C:\WINDOWS\System32\alg.exe[3000] KERNEL32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 63002529 .text C:\WINDOWS\System32\alg.exe[3000] KERNEL32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 630019E1 .text C:\WINDOWS\System32\alg.exe[3000] KERNEL32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 63001A79 .text C:\WINDOWS\System32\alg.exe[3000] KERNEL32.dll!CreateMutexW 7C80E957 5 Bytes JMP 63003829 .text C:\WINDOWS\System32\alg.exe[3000] KERNEL32.dll!OpenMutexW 7C80EA35 5 Bytes JMP 63003791 .text C:\WINDOWS\System32\alg.exe[3000] KERNEL32.dll!CreateRemoteThread 7C8104FC 5 Bytes JMP 63002A81 .text C:\WINDOWS\System32\alg.exe[3000] KERNEL32.dll!CreateThread 7C810707 5 Bytes JMP 630032D1 .text C:\WINDOWS\System32\alg.exe[3000] KERNEL32.dll!CreateProcessInternalW 7C8185EC 5 Bytes JMP 63002D79 .text C:\WINDOWS\System32\alg.exe[3000] KERNEL32.dll!ExitProcess 7C81BFA2 5 Bytes JMP 630023F9 .text C:\WINDOWS\System32\alg.exe[3000] KERNEL32.dll!MoveFileWithProgressW 7C81E786 5 Bytes JMP 63005C61 .text C:\WINDOWS\System32\alg.exe[3000] KERNEL32.dll!DefineDosDeviceW 7C820F76 5 Bytes JMP 63005A01 .text C:\WINDOWS\System32\alg.exe[3000] KERNEL32.dll!MoveFileExW 7C8356FB 5 Bytes JMP 63005B31 .text C:\WINDOWS\System32\alg.exe[3000] KERNEL32.dll!MoveFileWithProgressA 7C835F4E 5 Bytes JMP 63005BC9 .text C:\WINDOWS\System32\alg.exe[3000] KERNEL32.dll!MoveFileExA 7C85F033 5 Bytes JMP 63005A99 .text C:\WINDOWS\System32\alg.exe[3000] KERNEL32.dll!WinExec 7C863231 5 Bytes JMP 63002789 .text C:\WINDOWS\System32\alg.exe[3000] KERNEL32.dll!Process32NextW 7C865D4F 5 Bytes JMP 63005541 .text C:\WINDOWS\System32\alg.exe[3000] KERNEL32.dll!CreateToolhelp32Snapshot 7C8669A7 5 Bytes JMP 63002659 .text C:\WINDOWS\System32\alg.exe[3000] KERNEL32.dll!ReadConsoleA 7C8738C5 5 Bytes JMP 63004371 .text C:\WINDOWS\System32\alg.exe[3000] KERNEL32.dll!ReadConsoleW 7C873914 5 Bytes JMP 63004409 .text C:\WINDOWS\System32\alg.exe[3000] KERNEL32.dll!ReadConsoleInputA 7C87537B 5 Bytes JMP 63004241 .text C:\WINDOWS\System32\alg.exe[3000] KERNEL32.dll!ReadConsoleInputW 7C87539E 5 Bytes JMP 630042D9 .text C:\WINDOWS\System32\alg.exe[3000] msvcrt.dll!__p__environ 77C0F1C5 5 Bytes JMP 63001C41 .text C:\WINDOWS\System32\alg.exe[3000] msvcrt.dll!__p__fmode 77C0F1DB 5 Bytes JMP 63001CD9 .text C:\WINDOWS\System32\alg.exe[3000] msvcrt.dll!__p__winver + B 77C0F2A1 5 Bytes JMP 630062E9 .text C:\WINDOWS\System32\alg.exe[3000] USER32.dll!PostMessageW 7E368CCB 5 Bytes JMP 63006251 .text C:\WINDOWS\System32\alg.exe[3000] USER32.dll!GetMessageW 7E3691C6 5 Bytes JMP 63004079 .text C:\WINDOWS\System32\alg.exe[3000] USER32.dll!PeekMessageW 7E36929B 5 Bytes JMP 630041A9 .text C:\WINDOWS\System32\alg.exe[3000] USER32.dll!UserClientDllInitialize 7E36B217 5 Bytes JMP 63006381 .text C:\WINDOWS\System32\alg.exe[3000] USER32.dll!FindWindowExW 7E36E0E3 5 Bytes JMP 630054A9 .text C:\WINDOWS\System32\alg.exe[3000] USER32.dll!DialogBoxIndirectParamAorW 7E3749D0 5 Bytes JMP 63004BC1 .text C:\WINDOWS\System32\alg.exe[3000] USER32.dll!CreateDialogIndirectParamAorW 7E37680B 5 Bytes JMP 63004B29 .text C:\WINDOWS\System32\alg.exe[3000] USER32.dll!GetMessageA 7E37772B 5 Bytes JMP 63003FE1 .text C:\WINDOWS\System32\alg.exe[3000] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 630029E9 .text C:\WINDOWS\System32\alg.exe[3000] USER32.dll!FindWindowA 7E3782E1 5 Bytes JMP 630052E1 .text C:\WINDOWS\System32\alg.exe[3000] USER32.dll!SetWindowTextW 7E37960E 5 Bytes JMP 63004E21 .text C:\WINDOWS\System32\alg.exe[3000] USER32.dll!PeekMessageA 7E37A340 5 Bytes JMP 63004111 .text C:\WINDOWS\System32\alg.exe[3000] USER32.dll!PostMessageA 7E37AAFD 5 Bytes JMP 630061B9 .text C:\WINDOWS\System32\alg.exe[3000] USER32.dll!ShowWindow 7E37AF56 5 Bytes JMP 63004A91 .text C:\WINDOWS\System32\alg.exe[3000] USER32.dll!CallNextHookEx 7E37B3C6 5 Bytes JMP 630045D1 .text C:\WINDOWS\System32\alg.exe[3000] USER32.dll!FindWindowW 7E37C9C3 5 Bytes JMP 63005411 .text C:\WINDOWS\System32\alg.exe[3000] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 63004961 .text C:\WINDOWS\System32\alg.exe[3000] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 63004669 .text C:\WINDOWS\System32\alg.exe[3000] USER32.dll!CreateWindowExA 7E37E4A9 5 Bytes JMP 630049F9 .text C:\WINDOWS\System32\alg.exe[3000] USER32.dll!SetWindowTextA 7E37F56B 5 Bytes JMP 63004D89 .text C:\WINDOWS\System32\alg.exe[3000] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 63002951 .text C:\WINDOWS\System32\alg.exe[3000] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 63003239 .text C:\WINDOWS\System32\alg.exe[3000] USER32.dll!FindWindowExA 7E38214A 5 Bytes JMP 63005379 .text C:\WINDOWS\System32\alg.exe[3000] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 63004CF1 .text C:\WINDOWS\System32\alg.exe[3000] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 63004C59 .text C:\WINDOWS\System32\alg.exe[3000] ADVAPI32.dll!RegQueryValueExW + 10C 77DC710B 5 Bytes JMP 63006419 .text C:\WINDOWS\System32\alg.exe[3000] ADVAPI32.dll!CloseServiceHandle 77DD6CE5 5 Bytes JMP 63003CE9 .text C:\WINDOWS\System32\alg.exe[3000] ADVAPI32.dll!OpenServiceW 77DD6FFD 5 Bytes JMP 630039F1 .text C:\WINDOWS\System32\alg.exe[3000] ADVAPI32.dll!ControlService 77DE4A09 5 Bytes JMP 63003A89 .text C:\WINDOWS\System32\alg.exe[3000] ADVAPI32.dll!OpenServiceA 77DE4C66 5 Bytes JMP 63003959 .text C:\WINDOWS\System32\alg.exe[3000] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 63003BB9 .text C:\WINDOWS\System32\alg.exe[3000] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 63003C51 .text C:\WINDOWS\System32\alg.exe[3000] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 63003EB1 .text C:\WINDOWS\System32\alg.exe[3000] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 63003F49 .text C:\WINDOWS\System32\alg.exe[3000] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 63003B21 .text C:\WINDOWS\System32\alg.exe[3000] WS2_32.dll!WEP 71A51273 5 Bytes JMP 630064B1 .text C:\WINDOWS\System32\alg.exe[3000] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 63004799 .text C:\WINDOWS\System32\alg.exe[3000] WS2_32.dll!closesocket 71A53E2B 5 Bytes JMP 63004F51 .text C:\WINDOWS\System32\alg.exe[3000] WS2_32.dll!WSASocketW 71A5404E 5 Bytes JMP 63004EB9 .text C:\WINDOWS\System32\alg.exe[3000] WS2_32.dll!socket 71A54211 5 Bytes JMP 63005CF9 .text C:\WINDOWS\System32\alg.exe[3000] WS2_32.dll!connect 71A54A07 5 Bytes JMP 63003E19 .text C:\WINDOWS\System32\alg.exe[3000] WS2_32.dll!send 71A54C27 5 Bytes JMP 63002101 .text C:\WINDOWS\System32\alg.exe[3000] WS2_32.dll!WSARecv 71A54CB5 5 Bytes JMP 63005F59 .text C:\WINDOWS\System32\alg.exe[3000] WS2_32.dll!gethostbyname 71A55355 5 Bytes JMP 630048C9 .text C:\WINDOWS\System32\alg.exe[3000] WS2_32.dll!recv 71A5676F 5 Bytes JMP 63005EC1 .text C:\WINDOWS\System32\alg.exe[3000] WS2_32.dll!WSASend 71A568FA 5 Bytes JMP 63002199 .text C:\WINDOWS\System32\alg.exe[3000] WS2_32.dll!WSAConnect 71A60C81 5 Bytes JMP 63005E29 .text C:\WINDOWS\System32\alg.exe[3000] SHELL32.dll!StrStrW 7C9E7516 5 Bytes JMP 63006549 .text C:\WINDOWS\System32\alg.exe[3000] SHELL32.dll!Shell_NotifyIconW 7CA2A5DF 5 Bytes JMP 63004701 ---- Devices - GMER 2.1 ---- AttachedDevice \Driver\Tcpip \Device\Ip bdftdif.sys AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys AttachedDevice \Driver\Tcpip \Device\Tcp bdftdif.sys AttachedDevice \Driver\Tcpip \Device\Udp bdftdif.sys AttachedDevice \Driver\Tcpip \Device\RawIp bdftdif.sys AttachedDevice \FileSystem\Fastfat \Fat FLTMGR.SYS ---- EOF - GMER 2.1 ----