GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2011-08-03 12:58:30 Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST925041 rev.D005 Running: 2ufvx1xm.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\fwldypod.sys ---- System - GMER 1.0.15 ---- SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xB95796E6] SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xB9557F68] SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xB9558230] SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0xB957A0A0] SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0xB957A42A] SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xB9578924] SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xB957A96E] SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwSetValueKey [0xB9579AA4] SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0xB95579D8] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwEnumerateKey [0xB93D8C50] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xB93D8C3A] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwLoadKey2 [0xB93D8C66] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xB93D8CFA] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xB93D8C92] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xB93D8B04] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xB93D8B18] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwQueryKey [0xB93D8CCE] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xB93D8C24] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwQueryValueKey [0xB93D8C0E] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwReplaceKey [0xB93D8CBA] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRestoreKey [0xB93D8CA6] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetContextThread [0xB93D8B80] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xB93D8B6C] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnloadKey [0xB93D8C7C] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xB93D8D10] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0xB93D8CE4] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetInformationProcess ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwYieldExecution 80504B08 7 Bytes JMP B93D8CE8 mfehidk.sys (McAfee Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!NtMapViewOfSection 805B203A 7 Bytes JMP B93D8CFE mfehidk.sys (McAfee Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 805B2E48 5 Bytes JMP B93D8D14 mfehidk.sys (McAfee Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!NtOpenProcess 805CB440 5 Bytes JMP B93D8B08 mfehidk.sys (McAfee Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!NtOpenThread 805CB6CC 5 Bytes JMP B93D8B1C mfehidk.sys (McAfee Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!NtSetInformationProcess 805CDE8A 5 Bytes JMP B93D8B70 mfehidk.sys (McAfee Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwSetContextThread 805D173A 5 Bytes JMP B93D8B84 mfehidk.sys (McAfee Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwQueryValueKey 80622314 2 Bytes JMP B93D8C12 mfehidk.sys (McAfee Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwQueryValueKey + 3 80622317 4 Bytes [DB, 38, 90, 90] {FSTP TBYTE [EAX]; NOP ; NOP } PAGE ntkrnlpa.exe!ZwUnloadKey 8062298C 7 Bytes JMP B93D8C80 mfehidk.sys (McAfee Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwQueryMultipleValueKey 8062323E 7 Bytes JMP B93D8C28 mfehidk.sys (McAfee Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwEnumerateKey 8062493C 7 Bytes JMP B93D8C54 mfehidk.sys (McAfee Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwEnumerateValueKey 80624BA6 7 Bytes JMP B93D8C3E mfehidk.sys (McAfee Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwQueryKey 80625810 7 Bytes JMP B93D8CD2 mfehidk.sys (McAfee Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwRestoreKey 80625AD0 5 Bytes JMP B93D8CAA mfehidk.sys (McAfee Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwLoadKey2 80625F20 7 Bytes JMP B93D8C6A mfehidk.sys (McAfee Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwReplaceKey 806261C4 5 Bytes JMP B93D8CBE mfehidk.sys (McAfee Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwNotifyChangeKey 806262DE 5 Bytes JMP B93D8C96 mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[972] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 01CA0000 .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[972] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 01CA0FD4 .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[972] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 01CA0FE5 .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[972] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01C90FE5 .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[972] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01C9007A .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[972] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01C90069 .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[972] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01C90F9B .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[972] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01C90058 .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[972] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01C9002C .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[972] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 01C900C3 .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[972] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01C900A6 .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[972] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01C900E5 .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[972] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01C90F4C .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[972] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 01C90100 .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[972] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 01C90047 .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[972] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01C90FD4 .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[972] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 01C90095 .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[972] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 01C9001B .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[972] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 01C9000A .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[972] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 01C900D4 .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[972] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 01C80FCA .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[972] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 01C80062 .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[972] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 01C8001B .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[972] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 01C80000 .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[972] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 01C80051 .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[972] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 01C80FEF .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[972] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 01C80FAF .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[972] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes CALL C89FEDE6 .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[972] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 01C80036 .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[972] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 01C70FA5 .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[972] msvcrt.dll!system 77C293C7 5 Bytes JMP 01C7003A .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[972] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 01C70029 .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[972] msvcrt.dll!_open 77C2F566 5 Bytes JMP 01C70FEF .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[972] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 01C70FCA .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[972] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 01C70018 .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[972] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01C60000 .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[972] WININET.dll!InternetOpenA 3D953081 5 Bytes JMP 01C50FEF .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[972] WININET.dll!InternetOpenW 3D9536B1 5 Bytes JMP 01C50FDE .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[972] WININET.dll!InternetOpenUrlA 3D956F5A 5 Bytes JMP 01C50FCD .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[972] WININET.dll!InternetOpenUrlW 3D998471 5 Bytes JMP 01C50028 .text C:\WINDOWS\System32\svchost.exe[1124] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00710FEF .text C:\WINDOWS\System32\svchost.exe[1124] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00710FCA .text C:\WINDOWS\System32\svchost.exe[1124] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00710000 .text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00700000 .text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00700F55 .text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00700F66 .text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00700040 .text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0070002F .text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00700FA8 .text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00700F44 .text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 0070008C .text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00700F18 .text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 007000B1 .text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00700F07 .text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00700F8D .text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00700FEF .text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00700065 .text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00700FB9 .text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00700FD4 .text C:\WINDOWS\System32\svchost.exe[1124] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00700F33 .text C:\WINDOWS\System32\svchost.exe[1124] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 006F0FCA .text C:\WINDOWS\System32\svchost.exe[1124] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 006F0FA8 .text C:\WINDOWS\System32\svchost.exe[1124] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 006F001B .text C:\WINDOWS\System32\svchost.exe[1124] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 006F0FEF .text C:\WINDOWS\System32\svchost.exe[1124] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 006F005B .text C:\WINDOWS\System32\svchost.exe[1124] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 006F0000 .text C:\WINDOWS\System32\svchost.exe[1124] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 006F0FB9 .text C:\WINDOWS\System32\svchost.exe[1124] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [8F, 88] .text C:\WINDOWS\System32\svchost.exe[1124] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 006F0040 .text C:\WINDOWS\System32\svchost.exe[1124] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 006E0FBC .text C:\WINDOWS\System32\svchost.exe[1124] msvcrt.dll!system 77C293C7 5 Bytes JMP 006E0047 .text C:\WINDOWS\System32\svchost.exe[1124] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 006E0011 .text C:\WINDOWS\System32\svchost.exe[1124] msvcrt.dll!_open 77C2F566 5 Bytes JMP 006E0000 .text C:\WINDOWS\System32\svchost.exe[1124] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 006E002C .text C:\WINDOWS\System32\svchost.exe[1124] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 006E0FD7 .text C:\WINDOWS\System32\svchost.exe[1124] WS2_32.dll!socket 71AB4211 5 Bytes JMP 006D0000 .text C:\WINDOWS\system32\svchost.exe[1196] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00D30FEF .text C:\WINDOWS\system32\svchost.exe[1196] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00D30FDE .text C:\WINDOWS\system32\svchost.exe[1196] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00D3000A .text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00D20000 .text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00D20F77 .text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00D20F88 .text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00D20FA5 .text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00D20062 .text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00D20036 .text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00D200A9 .text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00D20098 .text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00D20F35 .text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00D200C4 .text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00D20F24 .text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00D20051 .text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00D20FEF .text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00D20087 .text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00D2001B .text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00D20FCA .text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00D20F46 .text C:\WINDOWS\system32\svchost.exe[1196] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00D10FC3 .text C:\WINDOWS\system32\svchost.exe[1196] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00D10F94 .text C:\WINDOWS\system32\svchost.exe[1196] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00D10FD4 .text C:\WINDOWS\system32\svchost.exe[1196] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00D10FEF .text C:\WINDOWS\system32\svchost.exe[1196] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00D1005B .text C:\WINDOWS\system32\svchost.exe[1196] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00D1000A .text C:\WINDOWS\system32\svchost.exe[1196] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00D10040 .text C:\WINDOWS\system32\svchost.exe[1196] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00D10025 .text C:\WINDOWS\system32\svchost.exe[1196] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00CB0049 .text C:\WINDOWS\system32\svchost.exe[1196] msvcrt.dll!system 77C293C7 5 Bytes JMP 00CB0FC8 .text C:\WINDOWS\system32\svchost.exe[1196] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00CB001D .text C:\WINDOWS\system32\svchost.exe[1196] msvcrt.dll!_open 77C2F566 3 Bytes JMP 00CB0FEF .text C:\WINDOWS\system32\svchost.exe[1196] msvcrt.dll!_open + 4 77C2F56A 1 Byte [89] .text C:\WINDOWS\system32\svchost.exe[1196] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00CB002E .text C:\WINDOWS\system32\svchost.exe[1196] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00CB000C .text C:\WINDOWS\system32\svchost.exe[1196] WININET.dll!InternetOpenA 3D953081 5 Bytes JMP 00C90000 .text C:\WINDOWS\system32\svchost.exe[1196] WININET.dll!InternetOpenW 3D9536B1 5 Bytes JMP 00C90FDB .text C:\WINDOWS\system32\svchost.exe[1196] WININET.dll!InternetOpenUrlA 3D956F5A 5 Bytes JMP 00C90FCA .text C:\WINDOWS\system32\svchost.exe[1196] WININET.dll!InternetOpenUrlW 3D998471 5 Bytes JMP 00C9001B .text C:\WINDOWS\system32\svchost.exe[1196] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00CA0FE5 .text C:\WINDOWS\system32\services.exe[1388] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 01310FEF .text C:\WINDOWS\system32\services.exe[1388] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 01310025 .text C:\WINDOWS\system32\services.exe[1388] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 01310014 .text C:\WINDOWS\system32\services.exe[1388] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01300FEF .text C:\WINDOWS\system32\services.exe[1388] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0130005B .text C:\WINDOWS\system32\services.exe[1388] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0130004A .text C:\WINDOWS\system32\services.exe[1388] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01300F70 .text C:\WINDOWS\system32\services.exe[1388] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01300F8D .text C:\WINDOWS\system32\services.exe[1388] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01300FA8 .text C:\WINDOWS\system32\services.exe[1388] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 01300089 .text C:\WINDOWS\system32\services.exe[1388] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01300078 .text C:\WINDOWS\system32\services.exe[1388] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 013000A4 .text C:\WINDOWS\system32\services.exe[1388] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01300F0B .text C:\WINDOWS\system32\services.exe[1388] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 013000BF .text C:\WINDOWS\system32\services.exe[1388] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0130002F .text C:\WINDOWS\system32\services.exe[1388] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0130000A .text C:\WINDOWS\system32\services.exe[1388] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 01300F4B .text C:\WINDOWS\system32\services.exe[1388] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 01300FB9 .text C:\WINDOWS\system32\services.exe[1388] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 01300FCA .text C:\WINDOWS\system32\services.exe[1388] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 01300F26 .text C:\WINDOWS\system32\services.exe[1388] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 012F0036 .text C:\WINDOWS\system32\services.exe[1388] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 012F0F8D .text C:\WINDOWS\system32\services.exe[1388] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 012F0FE5 .text C:\WINDOWS\system32\services.exe[1388] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 012F001B .text C:\WINDOWS\system32\services.exe[1388] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 012F0F9E .text C:\WINDOWS\system32\services.exe[1388] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 012F000A .text C:\WINDOWS\system32\services.exe[1388] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 012F0FAF .text C:\WINDOWS\system32\services.exe[1388] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [4F, 89] .text C:\WINDOWS\system32\services.exe[1388] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 012F0FCA .text C:\WINDOWS\system32\services.exe[1388] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 012E005A .text C:\WINDOWS\system32\services.exe[1388] msvcrt.dll!system 77C293C7 5 Bytes JMP 012E0049 .text C:\WINDOWS\system32\services.exe[1388] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 012E001D .text C:\WINDOWS\system32\services.exe[1388] msvcrt.dll!_open 77C2F566 5 Bytes JMP 012E0FE3 .text C:\WINDOWS\system32\services.exe[1388] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 012E002E .text C:\WINDOWS\system32\services.exe[1388] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 012E0000 .text C:\WINDOWS\system32\services.exe[1388] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00FF0000 .text C:\WINDOWS\system32\lsass.exe[1400] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 01450FE5 .text C:\WINDOWS\system32\lsass.exe[1400] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0145001B .text C:\WINDOWS\system32\lsass.exe[1400] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0145000A .text C:\WINDOWS\system32\lsass.exe[1400] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01440FE5 .text C:\WINDOWS\system32\lsass.exe[1400] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01440F99 .text C:\WINDOWS\system32\lsass.exe[1400] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0144008E .text C:\WINDOWS\system32\lsass.exe[1400] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0144007D .text C:\WINDOWS\system32\lsass.exe[1400] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0144006C .text C:\WINDOWS\system32\lsass.exe[1400] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01440FCA .text C:\WINDOWS\system32\lsass.exe[1400] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 014400B3 .text C:\WINDOWS\system32\lsass.exe[1400] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01440F77 .text C:\WINDOWS\system32\lsass.exe[1400] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01440F35 .text C:\WINDOWS\system32\lsass.exe[1400] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01440F50 .text C:\WINDOWS\system32\lsass.exe[1400] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 01440F24 .text C:\WINDOWS\system32\lsass.exe[1400] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 01440047 .text C:\WINDOWS\system32\lsass.exe[1400] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01440000 .text C:\WINDOWS\system32\lsass.exe[1400] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 01440F88 .text C:\WINDOWS\system32\lsass.exe[1400] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 01440036 .text C:\WINDOWS\system32\lsass.exe[1400] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 0144001B .text C:\WINDOWS\system32\lsass.exe[1400] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 014400C4 .text C:\WINDOWS\system32\lsass.exe[1400] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 01430FDB .text C:\WINDOWS\system32\lsass.exe[1400] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 01430F94 .text C:\WINDOWS\system32\lsass.exe[1400] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0143002C .text C:\WINDOWS\system32\lsass.exe[1400] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0143001B .text C:\WINDOWS\system32\lsass.exe[1400] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 01430051 .text C:\WINDOWS\system32\lsass.exe[1400] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 01430000 .text C:\WINDOWS\system32\lsass.exe[1400] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 01430FAF .text C:\WINDOWS\system32\lsass.exe[1400] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [63, 89] .text C:\WINDOWS\system32\lsass.exe[1400] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 01430FCA .text C:\WINDOWS\system32\lsass.exe[1400] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 0142005F .text C:\WINDOWS\system32\lsass.exe[1400] msvcrt.dll!system 77C293C7 5 Bytes JMP 01420FCA .text C:\WINDOWS\system32\lsass.exe[1400] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 01420FEF .text C:\WINDOWS\system32\lsass.exe[1400] msvcrt.dll!_open 77C2F566 5 Bytes JMP 0142000C .text C:\WINDOWS\system32\lsass.exe[1400] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 01420044 .text C:\WINDOWS\system32\lsass.exe[1400] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0142001D .text C:\WINDOWS\system32\lsass.exe[1400] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01410000 .text C:\WINDOWS\system32\lsass.exe[1400] WININET.dll!InternetOpenA 3D953081 5 Bytes JMP 01400000 .text C:\WINDOWS\system32\lsass.exe[1400] WININET.dll!InternetOpenW 3D9536B1 5 Bytes JMP 01400FEF .text C:\WINDOWS\system32\lsass.exe[1400] WININET.dll!InternetOpenUrlA 3D956F5A 5 Bytes JMP 01400FD4 .text C:\WINDOWS\system32\lsass.exe[1400] WININET.dll!InternetOpenUrlW 3D998471 5 Bytes JMP 01400025 .text C:\WINDOWS\system32\svchost.exe[1596] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00BC000A .text C:\WINDOWS\system32\svchost.exe[1596] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00BC0FCA .text C:\WINDOWS\system32\svchost.exe[1596] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00BC0FE5 .text C:\WINDOWS\system32\svchost.exe[1596] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BB000A .text C:\WINDOWS\system32\svchost.exe[1596] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BB0F86 .text C:\WINDOWS\system32\svchost.exe[1596] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BB007B .text C:\WINDOWS\system32\svchost.exe[1596] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BB0054 .text C:\WINDOWS\system32\svchost.exe[1596] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BB0F97 .text C:\WINDOWS\system32\svchost.exe[1596] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BB0039 .text C:\WINDOWS\system32\svchost.exe[1596] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BB0F69 .text C:\WINDOWS\system32\svchost.exe[1596] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BB00B1 .text C:\WINDOWS\system32\svchost.exe[1596] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BB00EA .text C:\WINDOWS\system32\svchost.exe[1596] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BB0F47 .text C:\WINDOWS\system32\svchost.exe[1596] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BB0105 .text C:\WINDOWS\system32\svchost.exe[1596] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BB0FBC .text C:\WINDOWS\system32\svchost.exe[1596] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BB0FEF .text C:\WINDOWS\system32\svchost.exe[1596] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BB0096 .text C:\WINDOWS\system32\svchost.exe[1596] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BB0FCD .text C:\WINDOWS\system32\svchost.exe[1596] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BB0FDE .text C:\WINDOWS\system32\svchost.exe[1596] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BB0F58 .text C:\WINDOWS\system32\svchost.exe[1596] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00BA0FA8 .text C:\WINDOWS\system32\svchost.exe[1596] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00BA004D .text C:\WINDOWS\system32\svchost.exe[1596] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00BA0FC3 .text C:\WINDOWS\system32\svchost.exe[1596] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00BA0FDE .text C:\WINDOWS\system32\svchost.exe[1596] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00BA0032 .text C:\WINDOWS\system32\svchost.exe[1596] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00BA0FEF .text C:\WINDOWS\system32\svchost.exe[1596] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00BA0F86 .text C:\WINDOWS\system32\svchost.exe[1596] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [DA, 88] .text C:\WINDOWS\system32\svchost.exe[1596] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00BA0F97 .text C:\WINDOWS\system32\svchost.exe[1596] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00B90FB9 .text C:\WINDOWS\system32\svchost.exe[1596] msvcrt.dll!system 77C293C7 5 Bytes JMP 00B90044 .text C:\WINDOWS\system32\svchost.exe[1596] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00B90FDE .text C:\WINDOWS\system32\svchost.exe[1596] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00B90000 .text C:\WINDOWS\system32\svchost.exe[1596] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00B90033 .text C:\WINDOWS\system32\svchost.exe[1596] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00B90FEF .text C:\WINDOWS\system32\svchost.exe[1596] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00B80FEF .text C:\WINDOWS\system32\svchost.exe[1732] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 01030FEF .text C:\WINDOWS\system32\svchost.exe[1732] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 01030FC3 .text C:\WINDOWS\system32\svchost.exe[1732] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 01030FD4 .text C:\WINDOWS\system32\svchost.exe[1732] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01020FEF .text C:\WINDOWS\system32\svchost.exe[1732] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 010200AC .text C:\WINDOWS\system32\svchost.exe[1732] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01020091 .text C:\WINDOWS\system32\svchost.exe[1732] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01020080 .text C:\WINDOWS\system32\svchost.exe[1732] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0102006F .text C:\WINDOWS\system32\svchost.exe[1732] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01020054 .text C:\WINDOWS\system32\svchost.exe[1732] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 01020F75 .text C:\WINDOWS\system32\svchost.exe[1732] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01020F9C .text C:\WINDOWS\system32\svchost.exe[1732] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01020F49 .text C:\WINDOWS\system32\svchost.exe[1732] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01020F64 .text C:\WINDOWS\system32\svchost.exe[1732] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 010200FD .text C:\WINDOWS\system32\svchost.exe[1732] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 01020FC3 .text C:\WINDOWS\system32\svchost.exe[1732] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01020FDE .text C:\WINDOWS\system32\svchost.exe[1732] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 010200BD .text C:\WINDOWS\system32\svchost.exe[1732] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 01020039 .text C:\WINDOWS\system32\svchost.exe[1732] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 0102001E .text C:\WINDOWS\system32\svchost.exe[1732] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 010200E2 .text C:\WINDOWS\system32\svchost.exe[1732] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 0101002C .text C:\WINDOWS\system32\svchost.exe[1732] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 01010F8D .text C:\WINDOWS\system32\svchost.exe[1732] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 01010FDB .text C:\WINDOWS\system32\svchost.exe[1732] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0101001B .text C:\WINDOWS\system32\svchost.exe[1732] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 01010F9E .text C:\WINDOWS\system32\svchost.exe[1732] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 0101000A .text C:\WINDOWS\system32\svchost.exe[1732] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 01010FAF .text C:\WINDOWS\system32\svchost.exe[1732] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [21, 89] .text C:\WINDOWS\system32\svchost.exe[1732] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 01010FC0 .text C:\WINDOWS\system32\svchost.exe[1732] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00FF0036 .text C:\WINDOWS\system32\svchost.exe[1732] msvcrt.dll!system 77C293C7 5 Bytes JMP 00FF0FAB .text C:\WINDOWS\system32\svchost.exe[1732] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00FF0000 .text C:\WINDOWS\system32\svchost.exe[1732] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00FF0FE3 .text C:\WINDOWS\system32\svchost.exe[1732] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00FF001B .text C:\WINDOWS\system32\svchost.exe[1732] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00FF0FC6 .text C:\WINDOWS\system32\svchost.exe[1732] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00FE0FEF .text C:\WINDOWS\System32\svchost.exe[1804] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 03C50000 .text C:\WINDOWS\System32\svchost.exe[1804] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 03C50FDB .text C:\WINDOWS\System32\svchost.exe[1804] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 03C50011 .text C:\WINDOWS\System32\svchost.exe[1804] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 03C4000A .text C:\WINDOWS\System32\svchost.exe[1804] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 03C40F63 .text C:\WINDOWS\System32\svchost.exe[1804] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 03C40058 .text C:\WINDOWS\System32\svchost.exe[1804] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 03C40F8A .text C:\WINDOWS\System32\svchost.exe[1804] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 03C40F9B .text C:\WINDOWS\System32\svchost.exe[1804] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 03C40036 .text C:\WINDOWS\System32\svchost.exe[1804] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 03C40F37 .text C:\WINDOWS\System32\svchost.exe[1804] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 03C4007D .text C:\WINDOWS\System32\svchost.exe[1804] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 03C400AB .text C:\WINDOWS\System32\svchost.exe[1804] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 03C4009A .text C:\WINDOWS\System32\svchost.exe[1804] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 03C40F01 .text C:\WINDOWS\System32\svchost.exe[1804] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 03C40047 .text C:\WINDOWS\System32\svchost.exe[1804] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 03C40FEF .text C:\WINDOWS\System32\svchost.exe[1804] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 03C40F52 .text C:\WINDOWS\System32\svchost.exe[1804] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 03C40FCA .text C:\WINDOWS\System32\svchost.exe[1804] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 03C40025 .text C:\WINDOWS\System32\svchost.exe[1804] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 03C40F26 .text C:\WINDOWS\System32\svchost.exe[1804] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 03C30FC7 .text C:\WINDOWS\System32\svchost.exe[1804] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 03C30062 .text C:\WINDOWS\System32\svchost.exe[1804] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 03C30022 .text C:\WINDOWS\System32\svchost.exe[1804] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 03C30011 .text C:\WINDOWS\System32\svchost.exe[1804] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 03C30F9B .text C:\WINDOWS\System32\svchost.exe[1804] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 03C30000 .text C:\WINDOWS\System32\svchost.exe[1804] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 03C30033 .text C:\WINDOWS\System32\svchost.exe[1804] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 03C30FB6 .text C:\WINDOWS\System32\svchost.exe[1804] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 03C20FAB .text C:\WINDOWS\System32\svchost.exe[1804] msvcrt.dll!system 77C293C7 5 Bytes JMP 03C2002C .text C:\WINDOWS\System32\svchost.exe[1804] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 03C20000 .text C:\WINDOWS\System32\svchost.exe[1804] msvcrt.dll!_open 77C2F566 5 Bytes JMP 03C20FE3 .text C:\WINDOWS\System32\svchost.exe[1804] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 03C20011 .text C:\WINDOWS\System32\svchost.exe[1804] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 03C20FC6 .text C:\WINDOWS\System32\svchost.exe[1804] WS2_32.dll!socket 71AB4211 5 Bytes JMP 03C10000 .text C:\WINDOWS\System32\svchost.exe[1804] WININET.dll!InternetOpenA 3D953081 5 Bytes JMP 0398000A .text C:\WINDOWS\System32\svchost.exe[1804] WININET.dll!InternetOpenW 3D9536B1 5 Bytes JMP 03980FEF .text C:\WINDOWS\System32\svchost.exe[1804] WININET.dll!InternetOpenUrlA 3D956F5A 5 Bytes JMP 03980025 .text C:\WINDOWS\System32\svchost.exe[1804] WININET.dll!InternetOpenUrlW 3D998471 5 Bytes JMP 03980036 .text C:\WINDOWS\system32\svchost.exe[1980] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00C40000 .text C:\WINDOWS\system32\svchost.exe[1980] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00C40FDB .text C:\WINDOWS\system32\svchost.exe[1980] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00C40011 .text C:\WINDOWS\system32\svchost.exe[1980] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C30FEF .text C:\WINDOWS\system32\svchost.exe[1980] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C30095 .text C:\WINDOWS\system32\svchost.exe[1980] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C3007A .text C:\WINDOWS\system32\svchost.exe[1980] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C30FA0 .text C:\WINDOWS\system32\svchost.exe[1980] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C3005F .text C:\WINDOWS\system32\svchost.exe[1980] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C3003D .text C:\WINDOWS\system32\svchost.exe[1980] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00C30F4D .text C:\WINDOWS\system32\svchost.exe[1980] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00C30F6A .text C:\WINDOWS\system32\svchost.exe[1980] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C300DF .text C:\WINDOWS\system32\svchost.exe[1980] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C300C4 .text C:\WINDOWS\system32\svchost.exe[1980] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00C300FA .text C:\WINDOWS\system32\svchost.exe[1980] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00C3004E .text C:\WINDOWS\system32\svchost.exe[1980] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00C30000 .text C:\WINDOWS\system32\svchost.exe[1980] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00C30F7B .text C:\WINDOWS\system32\svchost.exe[1980] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00C30022 .text C:\WINDOWS\system32\svchost.exe[1980] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00C30011 .text C:\WINDOWS\system32\svchost.exe[1980] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00C30F3C .text C:\WINDOWS\system32\svchost.exe[1980] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00C2002F .text C:\WINDOWS\system32\svchost.exe[1980] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00C20F7C .text C:\WINDOWS\system32\svchost.exe[1980] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00C20FD4 .text C:\WINDOWS\system32\svchost.exe[1980] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00C20000 .text C:\WINDOWS\system32\svchost.exe[1980] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00C20F8D .text C:\WINDOWS\system32\svchost.exe[1980] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00C20FEF .text C:\WINDOWS\system32\svchost.exe[1980] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00C20FB2 .text C:\WINDOWS\system32\svchost.exe[1980] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [E2, 88] {LOOP 0xffffffffffffff8a} .text C:\WINDOWS\system32\svchost.exe[1980] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00C20FC3 .text C:\WINDOWS\system32\svchost.exe[1980] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00C10FB5 .text C:\WINDOWS\system32\svchost.exe[1980] msvcrt.dll!system 77C293C7 5 Bytes JMP 00C10FC6 .text C:\WINDOWS\system32\svchost.exe[1980] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00C10022 .text C:\WINDOWS\system32\svchost.exe[1980] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00C10000 .text C:\WINDOWS\system32\svchost.exe[1980] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00C10FD7 .text C:\WINDOWS\system32\svchost.exe[1980] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00C10011 .text C:\WINDOWS\system32\svchost.exe[1980] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00C00000 .text C:\WINDOWS\system32\svchost.exe[2024] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00A5000A .text C:\WINDOWS\system32\svchost.exe[2024] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00A50FD4 .text C:\WINDOWS\system32\svchost.exe[2024] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00A50FEF .text C:\WINDOWS\system32\svchost.exe[2024] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00A00000 .text C:\WINDOWS\system32\svchost.exe[2024] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00A0008C .text C:\WINDOWS\system32\svchost.exe[2024] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00A00F8D .text C:\WINDOWS\system32\svchost.exe[2024] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00A00067 .text C:\WINDOWS\system32\svchost.exe[2024] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00A0004A .text C:\WINDOWS\system32\svchost.exe[2024] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00A0002F .text C:\WINDOWS\system32\svchost.exe[2024] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00A00F70 .text C:\WINDOWS\system32\svchost.exe[2024] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00A000B8 .text C:\WINDOWS\system32\svchost.exe[2024] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00A000F1 .text C:\WINDOWS\system32\svchost.exe[2024] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00A00F4E .text C:\WINDOWS\system32\svchost.exe[2024] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00A00F3D .text C:\WINDOWS\system32\svchost.exe[2024] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00A00F9E .text C:\WINDOWS\system32\svchost.exe[2024] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00A00FE5 .text C:\WINDOWS\system32\svchost.exe[2024] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00A0009D .text C:\WINDOWS\system32\svchost.exe[2024] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00A00FC3 .text C:\WINDOWS\system32\svchost.exe[2024] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00A00FD4 .text C:\WINDOWS\system32\svchost.exe[2024] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00A00F5F .text C:\WINDOWS\system32\svchost.exe[2024] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 009F002F .text C:\WINDOWS\system32\svchost.exe[2024] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 009F0076 .text C:\WINDOWS\system32\svchost.exe[2024] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 009F0FD4 .text C:\WINDOWS\system32\svchost.exe[2024] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 009F0FEF .text C:\WINDOWS\system32\svchost.exe[2024] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 009F0065 .text C:\WINDOWS\system32\svchost.exe[2024] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 009F0000 .text C:\WINDOWS\system32\svchost.exe[2024] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 009F0FB9 .text C:\WINDOWS\system32\svchost.exe[2024] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [BF, 88] .text C:\WINDOWS\system32\svchost.exe[2024] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 009F0040 .text C:\WINDOWS\system32\svchost.exe[2024] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 009E0F97 .text C:\WINDOWS\system32\svchost.exe[2024] msvcrt.dll!system 77C293C7 5 Bytes JMP 009E0FB2 .text C:\WINDOWS\system32\svchost.exe[2024] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 009E0022 .text C:\WINDOWS\system32\svchost.exe[2024] msvcrt.dll!_open 77C2F566 5 Bytes JMP 009E0000 .text C:\WINDOWS\system32\svchost.exe[2024] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 009E0FCD .text C:\WINDOWS\system32\svchost.exe[2024] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 009E0011 .text C:\WINDOWS\system32\svchost.exe[2024] WS2_32.dll!socket 71AB4211 5 Bytes JMP 009D0000 .text C:\WINDOWS\System32\svchost.exe[2056] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00710000 .text C:\WINDOWS\System32\svchost.exe[2056] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00710036 .text C:\WINDOWS\System32\svchost.exe[2056] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0071001B .text C:\WINDOWS\System32\svchost.exe[2056] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00700FEF .text C:\WINDOWS\System32\svchost.exe[2056] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0070004F .text C:\WINDOWS\System32\svchost.exe[2056] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00700F64 .text C:\WINDOWS\System32\svchost.exe[2056] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00700F75 .text C:\WINDOWS\System32\svchost.exe[2056] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00700F90 .text C:\WINDOWS\System32\svchost.exe[2056] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00700FB2 .text C:\WINDOWS\System32\svchost.exe[2056] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00700096 .text C:\WINDOWS\System32\svchost.exe[2056] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 0070007B .text C:\WINDOWS\System32\svchost.exe[2056] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00700F0E .text C:\WINDOWS\System32\svchost.exe[2056] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 007000A7 .text C:\WINDOWS\System32\svchost.exe[2056] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 007000C2 .text C:\WINDOWS\System32\svchost.exe[2056] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00700FA1 .text C:\WINDOWS\System32\svchost.exe[2056] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00700014 .text C:\WINDOWS\System32\svchost.exe[2056] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00700060 .text C:\WINDOWS\System32\svchost.exe[2056] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00700FC3 .text C:\WINDOWS\System32\svchost.exe[2056] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00700FD4 .text C:\WINDOWS\System32\svchost.exe[2056] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00700F33 .text C:\WINDOWS\System32\svchost.exe[2056] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 006F0FC0 .text C:\WINDOWS\System32\svchost.exe[2056] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 006F0F9E .text C:\WINDOWS\System32\svchost.exe[2056] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 006F0011 .text C:\WINDOWS\System32\svchost.exe[2056] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 006F0FE5 .text C:\WINDOWS\System32\svchost.exe[2056] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 006F0051 .text C:\WINDOWS\System32\svchost.exe[2056] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 006F0000 .text C:\WINDOWS\System32\svchost.exe[2056] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 006F0FAF .text C:\WINDOWS\System32\svchost.exe[2056] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [8F, 88] .text C:\WINDOWS\System32\svchost.exe[2056] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 006F0036 .text C:\WINDOWS\System32\svchost.exe[2056] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 006E0081 .text C:\WINDOWS\System32\svchost.exe[2056] msvcrt.dll!system 77C293C7 5 Bytes JMP 006E0070 .text C:\WINDOWS\System32\svchost.exe[2056] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 006E003A .text C:\WINDOWS\System32\svchost.exe[2056] msvcrt.dll!_open 77C2F566 5 Bytes JMP 006E000C .text C:\WINDOWS\System32\svchost.exe[2056] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 006E004B .text C:\WINDOWS\System32\svchost.exe[2056] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 006E0029 .text C:\WINDOWS\System32\svchost.exe[2056] WS2_32.dll!socket 71AB4211 5 Bytes JMP 006D000A .text C:\WINDOWS\system32\svchost.exe[2180] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00C20000 .text C:\WINDOWS\system32\svchost.exe[2180] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00C20036 .text C:\WINDOWS\system32\svchost.exe[2180] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00C2001B .text C:\WINDOWS\system32\svchost.exe[2180] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C1000A .text C:\WINDOWS\system32\svchost.exe[2180] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C1007B .text C:\WINDOWS\system32\svchost.exe[2180] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C10F86 .text C:\WINDOWS\system32\svchost.exe[2180] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C10F97 .text C:\WINDOWS\system32\svchost.exe[2180] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C10FA8 .text C:\WINDOWS\system32\svchost.exe[2180] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C10040 .text C:\WINDOWS\system32\svchost.exe[2180] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00C100A0 .text C:\WINDOWS\system32\svchost.exe[2180] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00C10F4E .text C:\WINDOWS\system32\svchost.exe[2180] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C100DD .text C:\WINDOWS\system32\svchost.exe[2180] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C100CC .text C:\WINDOWS\system32\svchost.exe[2180] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00C100F8 .text C:\WINDOWS\system32\svchost.exe[2180] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00C10FB9 .text C:\WINDOWS\system32\svchost.exe[2180] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00C10FEF .text C:\WINDOWS\system32\svchost.exe[2180] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00C10F6B .text C:\WINDOWS\system32\svchost.exe[2180] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00C10025 .text C:\WINDOWS\system32\svchost.exe[2180] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00C10FD4 .text C:\WINDOWS\system32\svchost.exe[2180] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00C100B1 .text C:\WINDOWS\system32\svchost.exe[2180] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00C00FCD .text C:\WINDOWS\system32\svchost.exe[2180] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00C00F8D .text C:\WINDOWS\system32\svchost.exe[2180] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00C00FDE .text C:\WINDOWS\system32\svchost.exe[2180] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00C0000A .text C:\WINDOWS\system32\svchost.exe[2180] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00C00F9E .text C:\WINDOWS\system32\svchost.exe[2180] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00C00FEF .text C:\WINDOWS\system32\svchost.exe[2180] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00C0004A .text C:\WINDOWS\system32\svchost.exe[2180] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00C00039 .text C:\WINDOWS\system32\svchost.exe[2180] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00BF0FBC .text C:\WINDOWS\system32\svchost.exe[2180] msvcrt.dll!system 77C293C7 5 Bytes JMP 00BF0047 .text C:\WINDOWS\system32\svchost.exe[2180] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00BF001B .text C:\WINDOWS\system32\svchost.exe[2180] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00BF0FE3 .text C:\WINDOWS\system32\svchost.exe[2180] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00BF002C .text C:\WINDOWS\system32\svchost.exe[2180] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00BF0000 .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2556] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 011D0FEF .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2556] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 011D0FCD .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2556] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 011D0FDE .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2556] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 011C0FEF .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2556] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 011C0058 .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2556] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 011C0F6D .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2556] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 011C0047 .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2556] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 011C0F8A .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2556] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 011C0FB6 .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2556] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 011C008E .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2556] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 011C0F52 .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2556] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 011C00C1 .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2556] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 011C00B0 .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2556] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 011C0F0D .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2556] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 011C0FA5 .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2556] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 011C0000 .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2556] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 011C0073 .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2556] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 011C002C .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2556] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 011C0011 .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2556] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 011C009F .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2556] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 011B0FB9 .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2556] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 011B0F7C .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2556] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 011B0FCA .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2556] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 011B0000 .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2556] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 011B0039 .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2556] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 011B0FEF .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2556] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 011B0F97 .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2556] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [3B, 89] .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2556] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 011B0FA8 .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2556] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 011A0FB9 .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2556] msvcrt.dll!system 77C293C7 5 Bytes JMP 011A0FD4 .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2556] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 011A0FEF .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2556] msvcrt.dll!_open 77C2F566 5 Bytes JMP 011A0000 .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2556] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 011A0044 .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2556] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 011A0029 .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2556] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01190FEF .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2556] WININET.dll!InternetOpenA 3D953081 5 Bytes JMP 00E5000A .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2556] WININET.dll!InternetOpenW 3D9536B1 5 Bytes JMP 00E50FEF .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2556] WININET.dll!InternetOpenUrlA 3D956F5A 5 Bytes JMP 00E50025 .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2556] WININET.dll!InternetOpenUrlW 3D998471 5 Bytes JMP 00E50040 .text C:\WINDOWS\Explorer.EXE[3416] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 02B30000 .text C:\WINDOWS\Explorer.EXE[3416] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 02B30FE5 .text C:\WINDOWS\Explorer.EXE[3416] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 02B30011 .text C:\WINDOWS\Explorer.EXE[3416] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02A20FEF .text C:\WINDOWS\Explorer.EXE[3416] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 02A2006F .text C:\WINDOWS\Explorer.EXE[3416] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 02A2004A .text C:\WINDOWS\Explorer.EXE[3416] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02A20F7C .text C:\WINDOWS\Explorer.EXE[3416] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 02A20F8D .text C:\WINDOWS\Explorer.EXE[3416] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 02A20FB2 .text C:\WINDOWS\Explorer.EXE[3416] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 02A2008A .text C:\WINDOWS\Explorer.EXE[3416] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 02A20F4E .text C:\WINDOWS\Explorer.EXE[3416] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 02A200C7 .text C:\WINDOWS\Explorer.EXE[3416] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 02A200AC .text C:\WINDOWS\Explorer.EXE[3416] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 02A20F09 .text C:\WINDOWS\Explorer.EXE[3416] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 02A20039 .text C:\WINDOWS\Explorer.EXE[3416] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 02A20FDE .text C:\WINDOWS\Explorer.EXE[3416] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 02A20F5F .text C:\WINDOWS\Explorer.EXE[3416] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 02A2001E .text C:\WINDOWS\Explorer.EXE[3416] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 02A20FCD .text C:\WINDOWS\Explorer.EXE[3416] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 02A2009B .text C:\WINDOWS\Explorer.EXE[3416] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 02970FB9 .text C:\WINDOWS\Explorer.EXE[3416] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 02970F86 .text C:\WINDOWS\Explorer.EXE[3416] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 02970000 .text C:\WINDOWS\Explorer.EXE[3416] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 02970FCA .text C:\WINDOWS\Explorer.EXE[3416] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 02970F97 .text C:\WINDOWS\Explorer.EXE[3416] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 02970FEF .text C:\WINDOWS\Explorer.EXE[3416] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 02970FA8 .text C:\WINDOWS\Explorer.EXE[3416] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [B7, 8A] {MOV BH, 0x8a} .text C:\WINDOWS\Explorer.EXE[3416] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 02970025 .text C:\WINDOWS\Explorer.EXE[3416] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 01A80FB0 .text C:\WINDOWS\Explorer.EXE[3416] msvcrt.dll!system 77C293C7 5 Bytes JMP 01A80FC1 .text C:\WINDOWS\Explorer.EXE[3416] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 01A80FD2 .text C:\WINDOWS\Explorer.EXE[3416] msvcrt.dll!_open 77C2F566 5 Bytes JMP 01A80000 .text C:\WINDOWS\Explorer.EXE[3416] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 01A80027 .text C:\WINDOWS\Explorer.EXE[3416] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 01A80FE3 .text C:\WINDOWS\Explorer.EXE[3416] WININET.dll!InternetOpenA 3D953081 5 Bytes JMP 01A60000 .text C:\WINDOWS\Explorer.EXE[3416] WININET.dll!InternetOpenW 3D9536B1 5 Bytes JMP 01A60011 .text C:\WINDOWS\Explorer.EXE[3416] WININET.dll!InternetOpenUrlA 3D956F5A 5 Bytes JMP 01A60FDB .text C:\WINDOWS\Explorer.EXE[3416] WININET.dll!InternetOpenUrlW 3D998471 5 Bytes JMP 01A60FB6 .text C:\WINDOWS\Explorer.EXE[3416] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01A70FEF .text C:\Program Files\Internet Explorer\iexplore.exe[5972] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00150000 .text C:\Program Files\Internet Explorer\iexplore.exe[5972] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0015002C .text C:\Program Files\Internet Explorer\iexplore.exe[5972] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0015001B .text C:\Program Files\Internet Explorer\iexplore.exe[5972] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00270FEF .text C:\Program Files\Internet Explorer\iexplore.exe[5972] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00270F68 .text C:\Program Files\Internet Explorer\iexplore.exe[5972] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0027005D .text C:\Program Files\Internet Explorer\iexplore.exe[5972] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00270F83 .text C:\Program Files\Internet Explorer\iexplore.exe[5972] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00270F9E .text C:\Program Files\Internet Explorer\iexplore.exe[5972] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0027002F .text C:\Program Files\Internet Explorer\iexplore.exe[5972] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00270F4D .text C:\Program Files\Internet Explorer\iexplore.exe[5972] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00270089 .text C:\Program Files\Internet Explorer\iexplore.exe[5972] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 002700C1 .text C:\Program Files\Internet Explorer\iexplore.exe[5972] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00270F28 .text C:\Program Files\Internet Explorer\iexplore.exe[5972] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 002700DC .text C:\Program Files\Internet Explorer\iexplore.exe[5972] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00270040 .text C:\Program Files\Internet Explorer\iexplore.exe[5972] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00270FDE .text C:\Program Files\Internet Explorer\iexplore.exe[5972] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00270078 .text C:\Program Files\Internet Explorer\iexplore.exe[5972] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00270014 .text C:\Program Files\Internet Explorer\iexplore.exe[5972] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00270FB9 .text C:\Program Files\Internet Explorer\iexplore.exe[5972] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 002700B0 .text C:\Program Files\Internet Explorer\iexplore.exe[5972] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00360FB9 .text C:\Program Files\Internet Explorer\iexplore.exe[5972] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00360F94 .text C:\Program Files\Internet Explorer\iexplore.exe[5972] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00360FD4 .text C:\Program Files\Internet Explorer\iexplore.exe[5972] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00360FE5 .text C:\Program Files\Internet Explorer\iexplore.exe[5972] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00360051 .text C:\Program Files\Internet Explorer\iexplore.exe[5972] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00360000 .text C:\Program Files\Internet Explorer\iexplore.exe[5972] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00360040 .text C:\Program Files\Internet Explorer\iexplore.exe[5972] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 0036002F .text C:\Program Files\Internet Explorer\iexplore.exe[5972] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E1DF4D9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5972] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3527F6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5972] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E352777 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5972] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3527BB C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5972] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E352703 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5972] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E35273D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5972] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E352831 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5972] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E20178A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5972] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00370058 .text C:\Program Files\Internet Explorer\iexplore.exe[5972] msvcrt.dll!system 77C293C7 5 Bytes JMP 00370047 .text C:\Program Files\Internet Explorer\iexplore.exe[5972] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0037001B .text C:\Program Files\Internet Explorer\iexplore.exe[5972] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00370FE3 .text C:\Program Files\Internet Explorer\iexplore.exe[5972] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00370036 .text C:\Program Files\Internet Explorer\iexplore.exe[5972] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00370000 .text C:\Program Files\Internet Explorer\iexplore.exe[5972] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3529F3 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5972] WININET.dll!InternetOpenA 3D953081 5 Bytes JMP 01870000 .text C:\Program Files\Internet Explorer\iexplore.exe[5972] WININET.dll!InternetOpenW 3D9536B1 5 Bytes JMP 01870FEF .text C:\Program Files\Internet Explorer\iexplore.exe[5972] WININET.dll!InternetOpenUrlA 3D956F5A 5 Bytes JMP 01870FDE .text C:\Program Files\Internet Explorer\iexplore.exe[5972] WININET.dll!InternetOpenUrlW 3D998471 5 Bytes JMP 01870FCD .text C:\Program Files\Internet Explorer\iexplore.exe[5972] WS2_32.dll!socket 71AB4211 5 Bytes JMP 02470FE5 ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\WINDOWS\system32\mfevtps.exe[1860] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegQueryValueExW] [0040567A] C:\WINDOWS\system32\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.) IAT C:\WINDOWS\system32\mfevtps.exe[1860] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [004056B0] C:\WINDOWS\system32\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.) ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.) AttachedDevice \Driver\Tcpip \Device\Ip mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.) AttachedDevice \Driver\Tcpip \Device\Tcp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.) AttachedDevice \Driver\Tcpip \Device\Udp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.) AttachedDevice \Driver\Tcpip \Device\RawIp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.) ---- EOF - GMER 1.0.15 ----